Re: Debian infrastructure in the EU / copyright challenges

[Florian Weimer]

* gregor herrmann:

> Question 2: What about the "uploads by their users"? Since Debian
> doesn't allow random people to upload random stuff to its servers
> which Debian then promotes, I think this also doesn't apply.

Correct, and Debian provides training to DDs to recognize potential
copyright infringement, and new packages also need to pass a separate
review step.

That leaves mailing lists and the wiki.  I don't see how
copyright-infringing content wouldn't be low-quality content as well,
so if that happens to a significant degree, we'd have to filter it
anyway to keep those resources useful.

Fwd: [Until 21 August] Your comment about legislative changes for code sharing platforms

[Daniel Pocock]

I wasn't sure if this was to be forwarded but now I have clarification,
here it is.  It is related to the thread "Debian infrastructure in the
EU / copyright challenges"


 Forwarded Message 
Subject: [Until 21 August] Your comment about legislative changes for
code sharing platforms
Date: Wed, 16 Aug 2017 06:53:03 +
From: Matthias Kirschner 
To: associa...@lists.fsfe.org

Dear associates,

We are contacting you because the EU is currently updating its copyright
law and the proposed changes can have strong negative implications for
collaborative software development. As you might be affected from those
changes, we would highly appreciate your comments, which might be
helpful for the research paper we are currently working on.

# What is this about?

The European Union works on regulation which will be very hard for
online code sharing platforms to comply with, and will increase the risk
for users to loose their code hosted on those platforms. The proposed
Article 13 of the Copyright Directive and its recital 38 are directly
relevant for the software development platforms. Several committees of
the European Parliament have already proposed amendments, and some of
them go even further than the Proposal of the Commission.

These legislative proposals can extensively hinder collaborative
software development, and especially Free and Open Source Software. New
rules proposed by the EU will create legal uncertainty for developers
using online tools when contributing to the Free and Open Source
projects through online code sharing platforms. The newly proposed
obligations on code sharing platforms will threaten their existence, and
effective online co-development by:

* Imposing on code sharing platforms the use of costly filtering
  technologies to prevent any possible copyright infringement;

* Imposing illegal monitoring obligation to track their every user.

As a result, every user, of a code sharing platform: an individual,
company, or a public body is treated as a potential copyright infringer
whose content, including the whole code repositories, can be taken down
and disabled at any time.

The vote in the parliamentary lead committee is scheduled for October.
More details on the proposed changes of the EU law are to be found at
the end of this e-mail.

# What OFE and the FSFE are doing

We are drafting a research paper, accompanied by an online engagement
tool to be launched in early September, to inform policy-makers of the
dangerous consequences of the proposed EU copyright rules for
collaborative software development.
For that we are gathering figures and comments about FOSS development
and how collaborative software development platforms are used (i.e.
GitLab, GitHub, GNU Savannah, etc., or even self run services with a
large user base). That is where you come in.

# How you can help

We hope you can give us your input on the importance of code sharing
platforms, deriving from your experience with them. Your feedback is
extremely important, in order to bring your voices to the policy makers
and highlight the barriers they might impose on Free Software
development.

For your comment the following questions might help you:
* Were you aware of the proposed changes of the Copyright Directive
  (Article 13 and its related recital 38)?
* Which web-based version control repositories, either provided by a
  third party or hosted by yourself, do you use?
* For which kind of activities do you use any of the web-based version
  control repositories?
* To what extent do you use any of the web-based version control
  repositories for your own code and software project management?
* do you have any other feedback/comments on the directive?

# Contact Details
Please give send your feedback before **21 August** to Polina Malaja
 and Matthias Kirschner  so that your
input is included in the research paper.
Looking forward to hearing from you.

Thank you in advance.

Best Regards,
Matthias

# Reference with detailed background information

* Commission's proposal

* IMCO Opinion

* ITRE Opinion (amendments 25, 49 and 52)

* JURI draft Opinion   *
,
  *
,
  *
,
  *
,
  *

Re: Debian infrastructure in the EU / copyright challenges

[gregor herrmann]

On Wed, 23 Aug 2017 11:02:51 +0200, Adam Borowski wrote:

> Not found nor apparently even linked anywhere on the EFF site, they seem to
> refer to http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=17200

Thanks for digging up this document.
 
> # Article 13
> #
> # Use of protected content by information society service providers storing
> # and giving access to large amounts of works and other subject matter
> # uploaded by their users

Question 1: What are "information society service providers"? This is
not defined in this document, but it refers (on page 20) to
"Directive 2000/31/EC" [0] which is about e-commerce and says (on
page 3):

  The definition of information society services already exists in
  Community law in Directive 98/34/EC of the European Parliament and
  of the Council of 22 June 1998 laying down a procedure for the
  provision of information in the field of technical standards and
  regulations and of rules on information society services (4) and in
  Directive 98/84/EC of the European Parliament and of the Council of
  20 November 1998 on the legal protection of services based on, or
  consisting of, conditional access (5); this definition covers any
  service normally provided for remuneration, at a distance, by means
  of electronic equipment …

I don't think that Debian falls under this regime (we don't do
e-commerce for remuneration).

(18) mentions all kinds of non-remunerated activities but it still
talks about "a wide range of economic activities which take place
on-line".
(19) again talks about "pursuit of an economic activity … place of
establishment of a company".

And Art.2 "Definitions" (c) finally reads:

  ‘established service provider’: a service provider who effectively
  pursues an economic activity using a fixed establishment for an
  indefinite period. The presence and use of the technical means and
  technologies required to provide the service do not, in themselves,
  constitute an establishment of the provider;


Question 2: What about the "uploads by their users"? Since Debian
doesn't allow random people to upload random stuff to its servers
which Debian then promotes, I think this also doesn't apply.


Cheers,
gregor


[0] 
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32000L0031&from=EN

-- 
 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   BOFH excuse #119:  evil hackers from Serbia. 

Re: Debian infrastructure in the EU / copyright challenges

[Adam Borowski]

On Wed, Aug 23, 2017 at 09:36:08AM +0200, Florian Weimer wrote:
> * Daniel Pocock:
> 
> > There has been some discussion about the potential impact of the latest
> > copyright legislation[1] on sites/services that share source code or
> > facilitate collaborative development services.
> 
> Do you have a link to the text of the proposal?

Not found nor apparently even linked anywhere on the EFF site, they seem to
refer to http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=17200

> The EFF probably misrepresents its contents.  It seems unlikely that a
> specific approach to copyright review will be mandated.
> 
> I think we are already removing “meme”-type content from packages for
> copyright reasons, so it is unclear to what extent Debian would be
> affected.

The EFF's campaign sounds alarmist, but this doesn't imply it's untrue.
Here's an analogy:
"By keeping a coal plant for just two days, you're a murderer!"
Which, on the face value is wrong:
* murder requires intent towards a specific person, so here it's
  manslaughter
* no jurisdiction currently makes such a long causal chain criminal
Also, what constitutes a "coal plant" is unclear as you can have a coal
generator in your cellar; this particular sound bite matches the count
of plants >=30MW.
Yet in this analogy the sound bite actually grossly _underestimates_
the problem: it takes only short-term airborne pollution in mind, so fails
to account for much more dangerous global warming, etc.
But just think if you used this sound bite -- most people would call you
an alarmist kook, right?


So with this in mind, let's see the wording of the proposal:

# Article 13
#
# Use of protected content by information society service providers storing
# and giving access to large amounts of works and other subject matter
# uploaded by their users
#
# 1. Information society service providers that store and provide to the
# public access to large amounts of works or other subject matter uploaded
# by their users shall, in cooperation with rightholders, take measures to
# ensure the functioning of agreements concluded with rightholders for the
# use of their works or other subject matter or to prevent the availability
# on their services of works or other subject matter identified by
# rightholders through the cooperation with the service providers.  Those
# measures, such as the use of effective content recognition technologies,
# shall be appropriate and proportionate.  The service providers shall
# provide rightholders with adequate information on the functioning and the
# deployment of the measures, as well as, when relevant, adequate reporting
# on the recognition and use of the works and other subject matter.
# 
# 2. Member States shall ensure that the service providers referred to in
# paragraph 1 put in place complaints and redress mechanisms that are
# available to users in case of disputes over the application of the
# measures referred to in paragraph 1.
# 
# 3. Member States shall facilitate, where appropriate, the cooperation
# between the information society service providers and rightholders through
# stakeholder dialogues to define best practices, such as appropriate and
# proportionate content recognition technologies, taking into account, among
# others, the nature of the services, the availability of the technologies
# and their effectiveness in light of technological developments.

Debian _does_ "store and provide to the public" (with an extensive network
of mirrors, even) "large amount of works" (which, unlike previous such
proposals, are not in any way limited to just music and videos -- software
packages are also copyrighted works.  Packages also often include images,
sometimes music (games) and rarely videos.) "uploaded by users" (DDs are
not employees, and we do take a large amount of sponsored uploads from
contributors with no formal relation at all).

The main archive probably is less in a danger, those provided by Alioth
seem more problematic.  The former would be the target of SCO-likes who are
few, the latter would fall to far more likely campaigns against GitHub and
such.

-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Vat kind uf sufficiently advanced technology iz dis!?
⢿⡄⠘⠷⠚⠋⠀-- Genghis Ht'rok'din
⠈⠳⣄ 

Re: Debian infrastructure in the EU / copyright challenges

[Florian Weimer]

* Daniel Pocock:

> There has been some discussion about the potential impact of the latest
> copyright legislation[1] on sites/services that share source code or
> facilitate collaborative development services.

Do you have a link to the text of the proposal?  The EFF probably
misrepresents its contents.  It seems unlikely that a specific
approach to copyright review will be mandated.

I think we are already removing “meme”-type content from packages for
copyright reasons, so it is unclear to what extent Debian would be
affected.