[Editors Note: CDT Policy Director Jim Dempsey is in Athens this week, participating in the first global Internet Governance Forum (IGF). He'll be blogging about the experience throughout his stay. Check back regularly for updates.]

The Internet Governance Forum opened today in the rainy seaside Athenian suburb of Vouliagmeni. “Internet governance” has always been a subjective term, and it’s pretty clear from the opening remarks that much of the discussion here will be driven by how various stakeholders define it. There have been enough divergent comments thus far (often coming from the same speaker) to both appease and rile advocates on all sides of the debate.

So far, there has been broad agreement that the Internet is essentially a good thing, or has had essentially good effects, but comments about applying technology cautiously and adopting the “correct” legal and policy framework are subject to multiple interpretations.

Key themes so far include dialogue, multi-stakeholder, the Internet as a global resource, diversity, the needs of users, security, stability, protecting children, multilingualism, free flow of information, diversity, and development.

Vint Cerf, Internet pioneer and chairman of the board of the Internet Corporation for Assigned Names and Numbers (ICANN) had a thoughtful comment today in response to calls for more global Internet governance. As he explained, there is already a lot of governance in the system, and, suggested that we should ask which parties need to be governed and for what purpose. To this, I would add, since governance need not always mean governments, what is the best kind of institution for implementing that governance? For service providers, the question may be is there enough competition. If not, we may want to regulate it. Higher up, there are different players, different interests, and different institutions may be appropriate.

There seems to be an assumption that the IGF is here to stay as an institution. The sites of the next three events have already been selected:

Brazil 2007
India 2008
Egypt 2009

The transcript of the morning is now available. Vint Cerf’s morning remarks (second to last) are worth reading in their entirety.

More to come…

The Federal Trade Commission (FTC) today debuted a new feature on its excellent Onguard Online site advising investors how to protect their personal data and avoid common Internet scams.

For obvious reasons, investors are prime targets for Internet scammers. Although the FTC and consumer advocacy groups rightly advise all Internet users to exercise caution in their online activities, that advise goes double for people making financial transactions or managing their accounts. This is not to say that people shouldn’t bank online. As the new Onguard Online page acknowledges, the Internet is a powerful tool for investing, but investors must understand that they are always potential targets.

Before engaging in financial transactions from their home computers, investors should make sure that their anti-virus, anti-spyware and firewall tools are current and in good working order. From CDT’s standpoint, investors should simply avoid banking from public computers.

Some of the information on the new FTC page may seem like common sense, but it serves as a good reminder for those who take advantage of the Internet’s enormous convenience as an investment tool.

Digital technologies are transforming the way people use copyrighted content and democratizing the the process of content creation. Copyright laws and policies should reflect and encourage these trends, but are struggling to keep up. Today the Consumer Electronics Association, with several public interest group partners, is launching a new “Digital Freedom” website and education campaign aimed at articulating and publicizing the interests of technology users and innovators in the digital copyright debate.

This effort can make a valuable contribution to the debate. Too often, discussions about adapting copyright to the digital world have tended to put all the focus on the question of piracy. While piracy is a serious issue, it’s really only part of the equation. To fulfill its mission of promoting creativity, copyright needs to strike a careful balance. And to get the balance right, it is essential that the voices of consumers, innovators, small and independent content creators — all the users and makers of digital technologies — are fully expressed and heard. This new campaign takes some welcome initiative to help make sure that happens.

For now at least, it looks like the legal dispute between Illinois-based e-mail marketer 360 Insight LLC and London-based anti-spam group Spamhaus won’t set a dangerous precedent for the Internet Corporation for Assigned Names and Numbers (ICANN).

As we reported in this space last week, e360 won a default judgment in a civil case it filed against Spamhaus and had asked a federal judge to demand that ICANN strip Spamhaus of its Web address, spamhaus.org. Although we take no position on the substance of e360’s complaint against Spamhaus, we vehemently objected to the company’s attempt to involve ICANN in the process.

As we said in our official statement, ICANN has neither the legal authority nor the practical ability to suspend Spamhaus.org. It is e360’s responsibility to ask a court that has jurisdiction over Spamhaus to enforce the U.S. Court’s judgment. Under no circumstances should ICANN be required to be involved. ICANN has a vital responsibility to oversee and preserve the stability and security of the global Domain Name System (DNS). It would set an unfortunate precedent to involve it in a case like this.

Thankfully though, it appears such a precedent won’t be set. Late last week, Judge Charles Kocoras issued this order denying e360’s request that the court force ICANN to suspend spamhaus.org. You can read ICANN’s explanation of the decision here.

Creative, a manufacturer of digital entertainment products, recently released firmware upgrades for two of its MP3 players that disable the players’ FM radio recording capability. This type of “upgrade” (some users might dispute the term) illustrates the importance of clearly disclosing the impact of DRM both at the time of purchase and at other key points subsequent to purchase. Transparency/disclosure was one of the core areas CDT discussed in its recent paper outlining consumer metrics for DRM.

Clearly, a consumer considering buying a device should be notified before purchase if there is a possibility that some of the device’s capabilities could be revoked after purchase. And that seems like too significant a consideration to bury in fine print. Similarly, prominent notice seems warranted at the time of the upgrade, with enough information to enable the user to make an informed choice about whether to accept the upgrade.

We’re not really in a position to evaluate the quality of Creative’s disclosures. Creative’s website features a prominent notice about the disabling of FM recording — but since we don’t own one of the players, we don’t know what was disclosed at purchase and when or how the website disclosure was pushed out to device users. We’ve also seen reports that users who choose to upgrade can later reverse that choice, thus regaining the ability to record FM (but losing benefits of the upgraded firmware, apparently including the ability to support more DRM platforms). Giving users an ongoing choice would certainly be better than locking them in to the new firmware with its significant tradeoffs, assuming that retaining the old firmware is a viable option, and that the tradeoffs are explained.

We can’t be sure what motivated Creative in this instance, though the music industry’s efforts to combat what it views as excessive copying capability in the satellite and digital radio contexts suggest a likely source of pressure. In any event, the big-picture lesson here is that DRM — and associated updates — can have a significant, and perhaps surprising impact on users, making transparency essential.

YouTube has been all over the news lately, owing to its $1.6 billion acquisition by Google. Many of the articles have observed that the video sharing website faces a thicket of copyright issues, because users frequently post both copyrighted videos and homemade videos containing some copyrighted content (e.g., commercial songs as background music). A Universal Music executive was widely quoted recently as saying that YouTube and MySpace are large-scale copyright infringers.

YouTube hasn’t yet been targeted by a major lawsuit. Indeed, it has cut deals with a number of media companies, including Universal Music. But earlier this week, Universal filed lawsuits against two smaller video sharing websites, Bolt.com and Grouper.

We haven’t seen the legal papers yet, so we don’t know all the details about what actions Bolt.com and Grouper may or may not have taken to foster infringement. But these cases have the potential to set important precedents. It’s a safe bet that Bolt.com and Grouper will argue that they take down copyrighted content when notified by content owners, as required under the Digital Millennium Copyright Act’s “notice and takedown” safe harbor provisions. Universal will argue that the activities of Bolt.com and Grouper go beyond what is protected under the safe harbor.

The question of when hosting and disseminating content supplied by users can lead to liability is a crucial one. The popularity of user-generated content, and sites for sharing such content, is exploding. This doesn’t appear to be momentary fad — it’s directly related to the empowering nature of the Internet and digital technologies.

Of course, litigation in this area may be partly aimed at providing leverage for negotiating deals. Established media companies have shown interest in harnessing the power and popularity of video sites and viral distribution. YouTube’s deals reportedly involve developing a mechanism for content companies to receive a share of the ad revenue associated with viewing their content. News Corp. recently acquired MySpace. And in an interesting twist, Grouper — one of the sites being sued — was purchased in August by Sony Pictures. So some major content companies could find themselves on both sides of this new set of copyright disputes.

UPDATE — We have put together an overview of legal developments since the Supreme Court’s Grokster decision that includes the cases against Grouper and Bolt.

Like many in the high-tech community, we’ve recently been tracking a lawsuit filed by an Illinois-based e-mail marketing company — e360 Insight LLC — against London-based anti-spam group Spamhaus.

For those not familiar with Spamhaus, it maintains one of the most widely used spam “block lists” of Internet domains associated with suspected spammers. From the court documents, it appears e360 Insight sued Spamhaus to remove its domains from the Spamhaus block list. A federal court in Illinois issued a default judgment against Spamhaus after Spamhaus failed to participate in the proceedings. Attorneys for e360 Insight asked the court to issue an order requiring the Internet Corporation for Assigned Names and Numbers (ICANN) to suspend Spamhaus’s domain name, Spamhaus.org.

This is where we come in. We don’t take a position on the merits of e360’s case against Spamhaus, but we are deeply troubled at the attempt to bring ICANN into this dispute. ICANN is a technical body that has nothing to do with the administration of individual domain names. As we say in our official statement, ICANN has neither the legal authority nor the practical ability to suspend Spamhaus.org. It is e360’s responsibility to ask a court that has jurisdiction over Spamhaus to enforce the U.S. Court’s judgment. Under no circumstances should ICANN be required to be involved.

ICANN has issued its own statement on the case, and we’re optimistic that this will be resolved in a way that does not involve ICANN. We’ll be keeping a close eye on upcoming developments.

On September 27, the U.S. District Court hearing the remand of the Grokster case issued an opinion holding StreamCast (the sole remaining defendant in the case) liable for secondary copyright infringement under the “inducement” theory articulated in Grokster.

The outcome is really not a surprise. The Supreme Court had signaled pretty clearly that the combination of facts of the case appeared to provide ample basis for liability.

The new lower court decision, however, contains some passages that could be misused if cited out of context in future cases interpreting Grokster. Our quick take on the new decision is here. We continue to believe that a careful reading of Grokster implies a number of significant limits on the scope of secondary liability for copyright infringement, as set forth in our article in the Stanford Technology Law Review. Whether courts articulate and observe those limits in future cases will help determine whether the Grokster framework achieves its intended balance between punishing culpable behavior and protecting innovators from the chilling effect of excessive litigation risk.

UPDATE — We have put together an overview of post-Grokster legal developments.

It has been widely reported that HP used an email tracking service as part of its now-infamous leak investigation. The service, offered by a company called ReadNotify, inserts a tiny bit of HTML code into an email message that reports back to the sender when the message is opened. HP investigators used the software — commonly known as a “web bug” — to trace emails sent to CNET reporter Dawn Kawamoto.

Web bugs have long been employed by email marketers and spammers to determine if a particular email address is active and whether a particular message has been opened by its recipient. ReadNotify simply takes this technology one step further and allows any sender to imbed a bug in any message to track the results. Under the Anti-Spyware Coalition’s definitions, web bugs qualify as a Passive Tracking Technology that can be used for good or bad, depending on the level of notice, consent, and control provided to the user.

The legality of HP’s use of the ReadNotify service is unclear. Several laws may govern the use of web bugs, including the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, and state wiretapping laws. Hopefully some of the legal questions surrounding this issue will be resolved as investigations into the HP scandal progress. In the meantime, consumers should take a look at their email software’s documentation to learn about how to avoid bugged emails. Many popular email clients in use today provide ways to block messages from loading HTML automatically, allowing users to read messages in plain text, minus the bugs.

Good news out of Geneva earlier this week: instead of rushing forward with a Diplomatic Conference to finalize the controversial proposed broadcast treaty, as recommended by the chairman of the relevant WIPO committee, WIPO’s General Assembly opted to hit the brakes. WIPO certainly didn’t bring the process to a full stop. But it slowed things down in a way that could permit a much-needed change of direction.

Yes, WIPO still approved the convening of a Diplomatic Conference near the end of 2007. But first, there will be two meetings aimed at achieving consensus on the treaty’s approach and scope. WIPO’s decision indicates that if no consensus is reached, the Diplomatic Conference may not happen.

Moreover, the decision calls for discussions to focus on a “signal-based approach.” CDT and a variety of industry and public interest groups have argued that a treaty narrowly focused on protecting against signal theft could be unobjectionable. But the current draft takes an entirely different approach, creating a complex set of new intellectual-property-like rights for broadcasters and cablecasters. For a discussion of the problems raised by such a rights-based approach, see our policy post. Any move to a signal-theft approach would be a very welcome development.

Thus, a lot will depend on the WIPO committee meetings now slated for January and June 2007. It remains to be seen what kind of revised treaty proposal, if any, will emerge. But for the moment, it appears that the critics of current draft treaty have considerable momentum.