Law and Information

The forth case study in our interop series looks into Electronic Data Interchange interoperability.  The case was researched with the help of our wonderful Berkman student fellow Matthew B. Becker.  He submitted the following blog post as an introduction to the case:

Electronic data interchange (EDI) provides an excellent context for examining how interoperability at the technological and data level can also produce profound effects at a higher, institutional level.  Originally conceived as a means for speeding up the delivery of invoices and purchase orders by sending them electronically, EDI resulted in significant shifts with regard to retailer-supplier relations that went far beyond transaction efficiency.

In tandem with the introduction of bar codes (the subject of another case study in our Interop series), which provided greater insight into sales trends, the use of EDI allowed retailers to automate their purchase orders, increasing inventory replenishment speed and redefining supply chain management; i.e., allowing the merging of Internet technology with JIT (just-in-time), a Japanese manufacturing management method that was developed in the 1970s.  Retailers and suppliers who had previously guarded their sales and inventory information and made deals at arms-length, found that they had much to gain by radically integrating their operations and using EDI to share their inventory data immediately and automatically.  One of the first and largest adopters of the merged EDI-JIT system were the three major U.S. automakers (GM, Ford, and Chrysler), in which they used electronic “mailboxes” to acquire information on production and non-production parts as well as to manage their order and requests electronically.  Retailers such as Wal-Mart and Sears quickly followed suit, in which whenever a sale was made, that information was immediately transferred electronically so that the data could be used to update inventory, calculate sales and create other statistical reports.

With the merger of EDI and JIT, purchase decisions were shifted to the suppliers themselves, who examined sales trends to provide retailers with the products they would need as soon as required, and not before.  Not only was this approach more responsive to customer demand, it also reduced expensive inventory back stock and remaindering costs.  Through a similar integration with shippers, warehousing costs were slashed as products were shipped directly from suppliers to retailers, without need for expensive storage.

Over the past decade, EDI has been undergoing a significant shift, as some businesses and organizations (e.g. Lufhansa AirPlus) have started employing XML-based EDI (XML/EDI), with the promise of even greater flexibility and interoperability.  However, adoption has been limited, and many of those who are using XML/EDI have implemented it in a less-than-fully interoperable manner.  Additionally, support from major software companies, which appeared strong around the turn of the 21^st century, has largely dissipated.  As such, although the implementation of traditional EDI provides a good example of how private actors and third-party organizations can establish viable interoperable technology, the stalling of XML/EDI demonstrates that this approach is not always successful.

Because the route to an established interoperable standard involves many nuances and complexities, one might argue that there may be a role for government when private actors appear unable to succeed on their own.  However, this study, authored by Matthew Becker, concludes by noting that if this is indeed the case, the best approach may actually be a very light one, in which government involvement is limited to setting a general objective and a timeline, leaving the innovation and implementation to the private sector.

In recent years, the growth of cloud computing has enabled users to utilize storage or processing power from geographically distant locations over the Internet. Cloud technologies have been lauded as a means for enhancing productivity, efficiency, and innovation by allowing on-demand network access to a shared pool of configurable networks, servers, applications, and services. According to a recent IBM study, the number of businesses adopting cloud computing to revamp existing business models will more than double by 2015, as business leaders are starting to view the cloud not just as a way to cut costs but also as a means for fundamental business innovation.

Due to the growing ubiquity of cloud computing in the digital world, examining issues of cloud interoperability offers profound insights about the legal, public policy, and technological challenges faced by businesses and other institutions engaged in this field. Berkman student fellow Matthew Becker’s recent case study on the topic, developed as part of our ongoing series on interoperability, suggests that greater scientific and technological reform, balanced with salient consideration of legal and social factors (such as user behavior and expectations), is required for successful interoperability in cloud computing.

Financial considerations can often drive small businesses “to the cloud.” Specifically, many businesses with underutilized IT departments have found cloud computing to be highly cost-effective. Simultaneously, on the end-user side, consumers have benefited from and enjoyed free or low-cost software from the cloud, which is becoming available on an increasing number of portable devices.

As explored in the case study and our book Interop, there are two integral dimensions to cloud computing interoperability: the vertical dimension and the horizontal dimension.

• The vertical dimension involves interoperability of software, applications, and data within a single cloud. In other words, from the consumer’s perspective, does the cloud-based software work or can the cloud-based data be accessed on most Internet-enabled devices? Can this software or data integrate other applications or additional data that the user’s devices can access?
• The horizontal dimension of cloud computing interoperability involves the concept of interoperability between clouds. In other words, how easily can a business that has cloud-hosted software or data transfer to an alternative cloud provider? Among other considerations, consistencies in cloud computing contracts, security features, privacy shields, authentication management, are vital when discussing this horizontal dimension of cloud computing interoperability. One of the primary foreseeable difficulties with cloud computing in the modern era is the possibility of a firm or individual becoming “locked-in” to the use of the cloud provider or platform with which they started.

Cloud computing interoperability promises many important societal benefits; better interoperability could facilitate much more efficient allocation of scarce computing resources, encourage greater device portability, allow increased access to computational power for small firms and developing countries, and decrease capital expenditures for such firms and nations. One such example is ULAP (University Learning Acceleration Platform), a cloud-computing infrastructure in the Philippines that is designed to help advance technological advancement in a developing country’s university program by taking advantage of open source virtualization technologies and cloud management platforms. Yet another successful example is Netflix, in which it owes its success to cloud computing by introducing on-demand streaming service based on cloud-based infrastructure. However, we must also be aware of the security, privacy, and international legal risks inherent in agreements to store data with and become reliant upon certain cloud providers.

Because cloud computing is an increasingly important part of our digital existence, the potential implications of cloud computing interoperability are profound. Household Internet names such as Amazon, Facebook, Google, Microsoft, Oracle—to name a few—are all affected daily by changes in cloud computing, which in turn affect database technologies, social networking, virtualization, public policy responses, and more. Thus, cloud computing interoperability both plays a role in influential business decisions at the microeconomic level and at the level of government policies that build the foundation on which macroeconomic forces act. Our study concludes by reaffirming this idea as well as by contending that the future direction of cloud computing interoperability will profoundly affect technological innovation in ways that shape our society and our world.

I just got back from a conference on “Legal Institutions and Entrepreneurship” at Stanford, organized by the Gruter Institute for Law and Behavioral Science and the Kauffman Foundation. Experts from various disciplines, including biology, neuro-economics, zoology, and business studies, among others, discussed the question how innovative entrepreneurship (in the Schumpeterian sense) can be facilitated by legal institutions and alternative institutional arrangements like, for instance, reputation systems.

In my contribution, I presented the idea of a “legal lab” analogous, for instance, to the MIT’s media lab, which would be devoted to the study of innovations within the legal/regulatory system itself and would experiment with innovative institutional regimes (e.g. using virtual worlds such as Second Life as rich social environments). Together with my St. Gallen collaborators Herbert Burkert and Patrick Gruendler as well as with my colleagues and friends at the Berkman Center, John Palfrey and Colin Maclay, I’ve been working on this idea for some months, and I’m thrilled that several conference participants – including Judith Donath and Oliver Goodenough – will help us to work towards a project proposal in the weeks to come.

In my formal presentation, I attempted to frame the main research topics at the heart of the law & entrepreneurship debate by offering an initial mental map, consisting of three related, but analytically distinct clusters of research.

1. The first cluster deals with a set of rather fundamental questions concerning the basic relationship between the legal system and entrepreneurship.

Traditionally – and in the US in particular – law has been perceived as a constraint on behavior. Entrepreneurs, in contrast, are in the rule-breaking business. Entrepreneurship is very much about creative anarchy, as Deborah Spar eloquently described it, and from this angle law is usually perceived as an obstacle to innovation and entrepreneurship. However, a number of scholars – most prominently Viktor Mayer-Schoenberger in a recent paper – have demonstrated that the relation and interaction between the legal system and entrepreneurship is more complex.

In my view, the relation is at least three-dimensional: (a) law can foster entrepreneurship innovation (e.g. by providing incentives for creativity = IPR), (b) it can be in a neutral relationship, or (c) may indeed hinder innovation (e.g. overly protective labor laws). Where law has a positive impact, it does so, as Mayer-Schoenberger argues, in its potential function as a leveler (e.g. lowering market entry barriers), protector (e.g. property rights, limitation of liability), or enforcer (esp. in case of contractual arrangements).

2. A second area of research seeks to gain a deeper, much more granular understanding of the interactions among the legal system, innovation, and entrepreneurship.

Within this cluster, one might roughly distinguish between two research initiatives: First, there are attempts aimed at exploring the various elements of the legal ecosystem and its impact on entrepreneurship. Such attempts need to be sensitive to varying contexts, sectors, and cultures (e.g. interplay among the elements is different in ICT market vs. biotech sector; or picture may look very different when it comes to low-income vs. high-income countries).

One example in this category is an earlier Berkman project on digital entrepreneurship that focused on low-income countries. Based on case studies of national innovation policies and successful entrepreneurial projects, we identified the relevant elements and aspects of the legal ecosystem and evaluate their influence on entrepreneurship. We clustered the elements in two basic categories: substantive areas of law and legal process issues. Our big-picture take-away: When it comes to the impact of law on entrepreneurship, much depends on the specific economic, societal, and cultural circumstances.

The second debate with this research cluster relates to the different approaches and regulatory techniques that can be used by law – and their promises and limits when it comes to entrepreneurship. This includes research on different types and forms of regulation, such as direct vs. indirect regulation (e.g. regulation of capital markets); framework regulation, self-regulation, incentive-based regulation, command-and-control, etc. Cross-sectional challenges that occur when law seeks to regulate innovation and entrepreneurial activities, too, fall into this category, including questions such as justification of legal intervention (e.g. fostering economic growth, encouraging spillover effects), prioritization (good legislation as a scarce resource!), timing, trade-offs (e.g. between innovation and risk prevention), how to ensure that the legal system can learn, etc.

3. The third cluster is less analytical and more design-oriented. Again, one can differentiate between two perspectives: One the one hand, how to optimize existing legal institutions to foster entrepreneurship. On the other hand, what are more radical innovations within the legal system itself aimed at facilitating innovative entrepreneurship?

As far as the first aspect – optimization or improvements – is concerned, a number of law reform projects on both sides of the Atlantic are illustrative, all of which claim to facilitate entrepreneurship. Currently, the probably hottest topic is the reform of the patent system in the U.S. Several tax reform projects in Europe are also linked to entrepreneurship. In corporate law, the creation of exemptions for smaller companies – aimed at reducing the regulatory burden, esp. in areas such as accounting and reporting obligations – are further examples.

But there’s a more fundamental design question lurking in the background: Are we working with the right assumptions when creating legal rules aimed at fostering entrepreneurship? Essentially, there are two black boxes when it comes to innovation and entrepreneurship:

(1) Regulators often have an over-simplified understanding of the creative processes that lead to innovation. The case in point is certainly the digitally networked economy, with the prominent phenomenon of collaborative creativity and the innovative potential of networks. Behavioral law & economics is in this context particularly important when we seek to understand the underlying mechanisms, and the findings have relevance for instance in the area of IPR systems (with its traditional single inventor/author paradigm, linear innovation as archetype), but also for corporate law (e.g. providing fora for new, highly dynamic, network-based forms of collaboration.)

(2) We don’t understand the entrepreneur’s calculus very well. Mayer-Schoenberger in the paper mentioned above has made this point: How important is predictability and legal certainty? How does risk evaluation really work in the case of innovative entreprneurs? How can law shape these processes? This research cluster is less about substantive areas of law rather than about key variables, such as “incentives”, “risks” and “flexibility”, which may be shaped by using different legal tools (ranging from safe harbor provisions to innovative licensing schemes).

4. Looking forward and in conclusion, I propose the building of an international network of researchers who work on the three clusters mentioned above. In a first step, it would be important to take stock and share existing findings based on which a shared research agenda can be developed.

From a legal/regulatory perspective, a research agenda could focus on three tasks and topics, respectively:

• First, drafting a number of case studies based on which the interactions between legal institutions and entrepreneurship can be studied in greater detail, across different setting and cultures. Macro-level case studies on national legislative programs and policies (e.g. Singapore, Hong Kong) would be supplemented by micro-level case studies about successful entrepreneurs and their projects/firms/etc.

• Based on this research, the research network could second work towards a theory of law, innovation, and entrepreneurship, which would include both normative and analytical/methodological components.

• Third, the research network could establish a “legal lab” that deals with innovation within the legal system itself (see above). Virtual worlds like SL could be used for experiments with alternative institutional designs and to measure their impact on innovation in complex environments.

Over the past two days, I had the pleasure to co-moderate with my colleagues and friends Prof. John Palfrey and Colin Maclay the second Berkman/St. Gallen Workshop on ICT Interoperability and eInnovation. While we received wonderful initial inputs at the first workshop in January that took place in Weissbad, Switzerland, we had this time the opportunity to present our draft case studies and preliminary findings here in Cambridge. The invited group of 20 experts from various disciplines and industries have provided detailed feedback on our drafts, covering important methodological questions as well as substantive issues in areas such as DRM interoperability, digital ID, and web service/mash ups.

Like at the January workshop, the discussion got heated while exploring the possible roles of governments regarding ICT interoperability. Government involvement may take many forms and can be roughly grouped into two categories: ex ante and ex post approaches. Ex post approaches would include, for example, interventions based on general competition law (e.g. in cases of refusal to license a core technology by a dominant market player) or an adjustment of the IP regime (e.g. broadening existing reverse-engineering provisions). Ex ante strategies also include a broad range of possible interventions, among them mandating standards (to start with the most intrusive), requiring the disclosure of interoperability information, labeling/transparency requirements, using public procurement power, but also fostering frameworks for cooperation between private actors, etc.

There was broad consensus in the room that governmental interventions, especially in form of intrusive ex ante interventions, should be a means of last resort. However, it was disputed how the relevant scenarios (market failures) might look like where governmental interventions are justified. A complicating factor in the context of the analysis is the rapidly changing technological environment that makes it hard to predict whether the market forces just need more time to address a particular interoperability problem, or whether the market failed in doing so.

In the last session of the workshop, we discussed a chart we drafted that suggests steps and issues that governments would have to take into consideration when making policy choices about ICT interoperability (according to our understanding of public policy, the government could also reach the conclusion that it doesn’t intervene and let the self-regulatory forces of the market taking care of a particular issue). While details remain to be discussed, the majority of the participants seemed to agree that the following elements should be part of the chart:

1. precise description of perceived interoperability problem (as specific as possible);
2. clarifying government’s responsibility regarding the perceived problem;
3. in-depth analysis of the problem (based on empirical data where available);
4. assessing the need for intervention vis-à-vis dynamic market forces (incl. “timing” issue);
5. exploring the full range of approaches available as portrayed, for example, in our case studies and reports (both self-regulatory and regulation-based approaches, including discussion of drawbacks/costs);
6. definition of the policy goal that shall be achieved (also for benchmarking purposes), e.g. increasing competition, fostering innovation, ensuring security, etc.

Discussion (and research!) to be continued over the weeks and months to come.

Over the past few weeks, our graduate students at the Univ. of St. Gallen have done quite some heavy lifting in the three courses that I described here. In my own course on law and economics of intellectual property rights in the digital age, we’ve completed the second part of the course, which consisted of three modules dealing with digital copyright, software and biz methods patents, and trademarks/domain name disputes. We were very fortunate to have the support of three wonderful guest lecturers. Professor John Palfrey taught a terrific class on digital media law and policy (find here his debriefing and putting-into-context). Klaus Schubert, partner with WilmerHale, provided an excellent overview of the current state of software patenting in and across the EU, in the U.S., and Japan and made us think about the hard policy questions up for discussion. Last week, Professor Philippe Gillieron from the Univ. of Lausanne discussed with us the legal and economic aspects of domain name disputes and ways to solve them (the focus was on UDRP – in my view a particularly interesting topic when analyzed through the lens of new institutional economics theory, see also here for variations on this theme.)

In the last session before “flyout” week, Silke Ernst and I had a first cut at a synthesis aimed at tying together several of the core themes we’ve been discussing so far. At the core of the session was the question as to what extent the law & economics approach can help us to deal with the complex IPR-questions that are triggered while transitioning from an analog/offline to a digital/online information environment. The students contributed to the session by presenting their views on the promises of and limits on a law & economics approach to IPR in the digital age. Using the time while traveling from Oxford back to Zurich, my recollection of the in-class discussion looks as follows (alternative interpretations, of course, encouraged and welcome) – starting with the argument that the law & economics approach to IPR serves at least two functions:

• On the one hand, it provides a toolset that helps us to frame, analyze, and evaluate some of the complex phenomena we observe in cyberspace (such as, for instance, large-scale file-sharing over P2P networks or the user-created content), and enables us to gain a better understanding of the interaction among existing rules and norms and these phenomena. We might want to call it the “analytical function” of law & economics (this aspect gets close to – but is in my view not exactly identical with – what has traditionally been described as the “positive” strand of discussion in law & economics.)

• On the other hand, law & economics may guide us at the design level (again, this gets close to what has been termed “normative” law & economics. For reasons I don’t want to discuss here, I don’t want to work with this distinction in the present context.). First, it can help us to identify the need for law reform by showing that the existing rules have a negative impact on social welfare. Here, the design function intersects with the previously mentioned analytical function. Second, law & economics provides a consistent framework to evaluate the impact of alternative means of regulation on the (economic) behavior of individuals and compare costs and benefits of different approaches aimed at solving a particular problem.

At a more granular level, we might identify the following promises and limitations of a law & economics approach with regard to the respective functionality:
Analytical function

• Promises: coherent framework, consistent and shared set of criteria, rational and quasi-objective analysis, …
• Limitations: Bounded rationality/areas of non-rationale behavior, lack of transparency regarding underlying causalities, limited possibilities to quantify phenomena, lack of empirical data, …

Design function:

• Promises: Cost-benefits analysis of alternative policy choices, taking into account perspectives of different actors in an ecosystem, at least ideal-type predictions based on models, …
• Limitations: Complexity of real-life situations, non-economic perspectives, motives, and effects, non-economic values, …

We reached some sort of consensus that the law & economics approach indeed provides a great toolset to analyze at least some of the trickiest IPR-related policy questions in cyberspace. However, the large majority seemed also to agree that some of the limitations of such an analysis become particularly visible in the digitally networked environment with phenomena such as commons-based peer production of content based on intrinsic motivations. Most of us also agreed that it would be dangerous to attempt to answer the IPR policy questions only against the backdrop of law & economics theory. Indeed, many of the decisions to be made in this space ultimately include choices about core values of our society that do not easily translate into the frameworks of law & economics, like for example informational justice, equal access, participatory culture, or semiotic democracy.

I’m very much looking forward to continuing the discussion about the role of law and economics in the digital age with my colleagues, the teaching team, and – most importantly – with the wonderful group of students enrolled in this seminar.

My colleague Daniel Haeusermann and I just released a new paper entitled “E-Compliance: Towards a Roadmap for Effective Risk Management.” In the article, which is largely based on consulting work we’ve been doing, we argue that the widespread use of digital communication technology on the part of business organizations leads to new types of challenges when it comes to the management of risks at the intersection of law, technology, and the marketplace. In order to effectively manage these challenges and associated risks in diverse areas such as security, privacy, consumer protection, IP, and content governance, we call for an integrated and comprehensive compliance concept in response to the structural and substantive peculiarities of the digital environment in which corporations – both in and outside the dot-com industry – operate today. See also this post. The conclusion section of the paper reads as follows:

Through significant efforts, the legal system has adjusted to the changes in the information and communications technology of daily corporate life—changes at the intersection of the market, technology, and law. Organizations must make adjustments on their part as well in order to deal with the consequences resulting from these changes in the legal system. The observation that led to this essay was that these adjustments represent a greater challenge than the already decreasing entropy surrounding concepts such as “e-commerce law” or “cyberlaw” would suggest. Our initial foray into the concept, characteristics, responsibilities and organizational guiding principles of e-Compliance confirms this observation.

E-Compliance, as discussed in this article, is confronted with the phenomenon of a close interconnection between law and technology, a prominent dynamization of the law, massive internationalization of issues and legal problems, as well as a strong increase in the significance of soft law. These characteristics, which in part may also apply to traditional areas of compliance such as financial market regulation, call in their interplay for the further development of compliance concepts as well as adaptation of the affected aspects of corporate organization. Due to the increasing amalgamation of corporate organizational nexus and ICT, the symbiotic relations between traditional compliance and e-Compliance will be increasingly amplified. The view that e-Compliance represents merely a single risk area among the many of compliance is therefore outdated in our opinion. E-Compliance is actually a multidimensional and multidisciplinary task, although there are certainly areas of law that are particularly affected by digitization (or also which particularly impact digitization) and therefore are of particular importance for the field of e-Compliance.

Thus, in conclusion, the authors do not posit a special “e-Sphere” within or without existing compliance departments. Rather, we argue for an integrated and comprehensive compliance concept that appropriately makes allowance for the structural and substantive peculiarities of e-Compliance as outlined in this essay and stays abreast with the pace of digitization.

Please contact Daniel or me if you have comments.

The EU commission recently released an impressive 280+ pp. study on the economic impact of open source software on innovation and the competitiveness of the ICT sector in the EU. The report analyzes, among other things, FLOSS’ market share, and its direct and indirect economic impacts on innovation and growth. It also discusses trends and scenarios and formulates policy recommendations. Some of the findings that I find particularly interesting:

• Almost two-thirds of FLOSS is written by individuals, while firms contribute about 15% and other institutions 20%. The existing base of FLOSS software represents about 131.000 real person-years of effort.
• Europe is the leading region as far as the number of globally collaborating FLOSS developers and global project leaders are concerned. Weighted by average income, India is the leading provider of FLOSS developers, followed by China.
• The existing base of quality FLOSS applications would cost firms almost 12 billion Euros to reproduce internally. The code base has been doubling every 12-24 month. FLOSS potentially saves the industry over 36% in software R&D investment.
• FLOSS is an important growth factor for the European economy. It encourages the creation of SMEs and jobs and is unlikely to cannibalize proprietary software jobs. The FLOSS-related share of the economic could reach 4% of the European GDP by 2010.
• Europe’s strength regarding FLOSS are its strong community of active developers, small firms, and secondary software industry. In contrast, a generally low level of ICT investment and a relatively low rate of FLOSS adaptation by large industry (if compared to U.S.) are among its weaknesses.

As to policy recommendations, the report suggests a focus on the correction of existing policies and practices that currently favor proprietary software. Among the recommendations: support FLOSS in pre-competitive research and standardization; encourage partnerships among large firms, SMEs and FLOSS communities; provide equitable tax treatment for FLOSS creators.

The Rueschlikon Conference on Information Policy, chaired by Professor Viktor Mayer-Schoenberger, just released its latest conference report on Innovative Entrepreneurship and Public Policy. The report, authored by Kenneth Cukier, includes recommendations for what public policy can do to encourage innovation and entrepreneurship. The executive summary suggests five recommendations.

• Entrepreneur: The Individual – Innovation starts with a “random walk” in “design space,” where ideas can be incubated and challenged. Investing in education is crucial, as is softening the consequences of failure.

• Social Networks: The Group – The relationships among people, firms and nations help determine the degree of diversity they are exposed to, which influences inventiveness. Supporting the interactions across groups is essential.

• Organizing R&D: Universities and Firms – A networked-model based on connections, collaboration, flat hierarchies, modularity and constant “re-writing” is required. This enables groups to respond successfully to discontinuities.

• Creating Clusters: Geographic Areas – Places where finance, technical talent, legal, accounting and marketing support intermingle aids the innovation process. Yet it should ideally be technology-neutral, and not reliant on one technical domain.

• Public Policy: The Role of Government (Municipal, Regional, National) – Reengineering society for a networked economy requires resources, patience and ceding control International cooperation with new stakeholders is imperative.

The full report with the title Hero with a Thousand Faces is available online.

This morning, I had the pleasure and honour to speak – “as the European voice” – at the FTC hearing on “Protecting Consumers in the Next Tech-ade” (check out the official weblog for more information and summaries of the discussion.) I was asked to report about the legal and regulatory discussions on DRM in Europe and to focus on DRM interoperability in particular. The latter question is also part of an ongoing research collaboration between the Berkman Center at Harvard Law School and our St. Gallen Research Center for Information Law. The research project is aimed at exploring the interaction between interoperability and e-innovation, an important aspect that was only briefly mentioned at today’s hearing.
Here is the longer and slightly modified (links added) written version of my statement. For a more detailed discussion, check out the excellent paper “DRM Interoperability and Intellectual Property Policy in Europe” by Mikko Valimaki and Ville Oksanen.

Over the past few years, much of the legal/regulatory debate in Europe about DRM has focused on the legal protection of technological protection measures and its ramifications for the digital ecosystem, because EU member states have faced the challenge to transpose the rather vague EU Copyright Directive into their national laws and comply with the relevant anti-circumvention provisions of the WIPO Internet Treaties.

Introducing and harmonizing anti-circumvention laws across Europe has been a long and an enormously controversial process. As far as DRM is concerned, three topics in particular have caused heated controversies:

• DRM and its legal protection vis-à-vis traditional limitations on copyright such as the “right” (or privilege) to make copies for private purpose;
• DRM and “fair compensation”;
• DRM and interoperability.

Given our panel’s topic, please let me address the interoperability issue in some greater detail – a topic that has gained much attention in the context of iTunes’ penetration of the European market, esp. in France.

At the European level, though, no coherent DRM interoperability framework exists, although DRM interoperability has been identified as an emerging issue by the European Commission, which has established – among other things – a multi-stakeholder High Level Group on DRM that has also addressed DRM interoperability issues.

The lack of specific and EU-wide DRM interoperability provisions leaves us with three areas of law that address this issue more generally, both at the EU level as well as the level of EU member states. The areas are: copyright law, competition law, and consumer protection law.

Copyright Law

The EU Copyright Directive, mandating the legal protection of DRM systems, does not set forth rules on DRM interoperability. Recital 54 only mentions that DRM interoperability is something member states should encourage, but does not provide further guidance and seems to trust in the market forces. However, one might argue that the anti-circumvention framework itself allows the design of interoperable systems – e.g. a music player able to play songs encoded in different DRM standards – by outlawing only trafficking in such circumvention devices that are (inter alia) primarily designed and marketed for circumvention of effective TPM. Along these lines, at least one Italian Court has ruled – in one of the Bolzano rulings – that the use of modified chips aimed at restoring the full functionality of a Sony PlayStation (incl. its ability to read all discs from all markets despite region coding) is not illegal under the EUCD’s anti-circumvention provisions.

At the EU member state level, France has taken a much more proactive approach to DRM interoperability. A draft of the revised copyright law (implementing the EUCD) introduced an obligation of DRM providers to disclose interoperability information upon requests without being compensated. This “lex iTunes” has triggered strong reactions by the entertainment industry, and the final version of the law softened up the original proposal. Current French law states that a regulatory authority mediates interoperability requests on a case-by-case basis. Under this regime, too, DRM providers can be forced (under certain conditions) to disclose interoperability information on non-discriminatory terms, but they now have the right to reasonable compensation in return.

Competition Law

The baseline is: Competition law in Europe may become relevant in cases where a company with a dominant market position refuses to license its DRM standard to its competitors. However, to date, there exists no case law at the EU level where competition law has been applied to the DRM interoperability problem. But there are important cases (IMS Health and Magill, but also the anti-trust actions against Microsoft) illustrating how competition law — at least in exceptional circumstances — can give the need for interoperability more weight than the IP claims by dominant players. In France, Virgin Media tried to use competition law as an instrument to enforce access to iTunes FairPlay system. The French competition authority, however, has ruled in favour of iTunes, partly because it considered the market for probable music players to be sufficiently competitive (click here for more details).

Consumer Protection

From a consumer protection law perspective, three issues seem particularly noteworthy. First, the Norwegian Consumer Ombudsman has been very critical about Apple’s iTMS interoperability policy in response to a complaint by the consumer council. The Ombudsman argues that iTMS is using DRM and corresponding terms of services to lock its consumers into Apple’s proprietary systems.

Second, a French court fined EMI Music France for selling CDs with DRM protection schemes that would not play on car radios and computers (check here and here). EMI violated consumer protection law because it did not appropriately inform consumers about these restrictions. The court obliged EMI to label its CDs with the text: “Attention – cannot be listened on all players or car radios”.

Third, a recent proposal by the European Consumers’ Organisation proposes to include DRM in the unfair contract directive. The idea behind it is that consumer protection authorities should also be able to intervene against unfair consumer contract terms if the terms are “code-” rather than “law-based”.

I’m currently in Berlin, attending Wizards-of-OS 4.0, a terrific conference organized by Volker Grassmuck and this team. Earlier the week, Lawrence Lessig, Yochai Benkler, and Hal Varian – to name just a few – had been presenting. Yesterday, I had the pleasure to chair a panel on the EU Copyright Directive. In essence, the session sought to analyze and evaluate the current EU copyright landscape as shaped in important ways by the EUCD (among other directives). On the panel were Bernt Hugenholtz, Director of the Institute for Information Law at the Univ. of Amsterdam; Tilman Lueder, Head of Unit “Copyright and knowledge-based economy”, DG Internal Markets, European Commission; Cornelia Kutterer, Senior Legal Advisor BEUC; and Maja Bogataj, Director of the Intellectual Property Institute, Slovenia.

The four presentations, each rich in substance, touched upon a broad variety of important issues and it is almost impossible to summarize the panel. However, I think there were at least three recurring themes where some sort of consensus among the panelists emerged.

Harmonization of copyright law comes at significant cost and leads to a race to the top as far as the protection of copyright holders’ interests are concerned.

Bernt Hugenholtz explained in quite some detail, based on a recent (still confidential) report he wrote for the European Commission, why we should be very skeptical about copyright harmonization. He argued, in essence, that the EU step-by-step-harmonization efforts have imposed a huge burden on both the EU legislative machinery as well as on national lawmakers who, in the past 15 years or so, have had continuously to transpose EU copyright directives into their national laws. More fundamentally, he raised the question whether harmonization, at all, can be the right tool – vis-à-vis enormously time-consuming legislative processes (the work on the EUCD goes back to 1996) – in a quicksilver technological environment. The strongest argument against harmonization, though, is the observation that harmonization has created significant asymmetries and imbalances: It significantly distorted the traditional balance between the interests of copyright holders on the one and the interests of users and the public at large on the other hand in favor of copyright holders. Bernt also argued that harmonization (vis-à-vis the principle of territoriality of copyright law) has produced negative effects on the Internal Market. In the recommendation-part of his speech, he proposed to restrain from future harmonization in this area. Rather, he suggested the use of soft law and, in the long run, of the creation of a unified, truly European Copyright Law.

The EUCD has created significant asymmetries and imbalances that need to be fixed.

It doesn’t come as a surprise that Cornelia Kutterer in particular has made it very clear in what ways and areas the EUCD has favored copyright holder’s interest over user’s interest. Much of the discussion focused on Art. 5 EUCD, which sets forth (largely voluntary) exceptions and limitations, and on the legal protection of technological protection measures. In the latter context, Cornelia addressed issues such as interoperability and (lack of) transparency. From a very different perspective, Tilman Lueder was questioning whether the EUCD has struck the right balance between exclusive rights and fair compensation, and whether compensation models will prevail in the age of digital distribution (vis-à-vis DRM.)

The solution to some of the flaws of the EUCD might be found in other areas of law such as competition law or consumer protection law.

With regard to potential answers to the problems created, in part, by the EUCD, Cornelia Kutterer – as well as previously Tilman Lueder to some extent – proposed to consider the use of consumer protection laws and competition law to rebalance interests. She suggested, for instance, to conceptualize DRM as “technical terms” in analogy to contractual terms, and to extend the scope of the Unfair Contract Terms Directive in a way that it includes such technical terms (“code”) too. Another issue to be dealt with in the consumer protection acquis is EU-wide labeling requirements for DRM.

Later this morning, we will ask how accession and candidate countries can learn from these (largely: bad) experiences surrounding the EUCD in particular and EU copyright harmonization in general. At a workshop sponsored by the Soros Foundation, we will talk in greater detail about the pitfalls of EUCD implementation (what Maja Bogataj yesterday has described as “cut-translate-paste”-legislation). In this context, we will also explore as to what extent best practices of implementation can be identified that might be helpful to future EU member states (and, probably, in the context of law reform projects.) We had a first cut at what shall become a EUCD best practice guide, check it out here. It’s an initial and uncompleted draft and very much research in progress, so feedback and contributions are most welcome and much appreciated.