Icloud hacks; time to make search engines and social media companies liable  for publishing illegal content online

Over recent months yet more women from the UK (actresses, tv personalities, models and sportswomen) have had their icloud accounts hacked. Self-taken, intimate photographs, most of which had been sent only to partners and some not sent to anyone at all, have been stolen and published on multiple pornographic websites to the world at large. This has been hugely distressing for those involved – they have had to endure intense embarrassment as private photographs spread like wildfire across the internet. The tech giants are not responsible for these hacks or for the initial publications (albeit Apple may soon be facing negligence and data protection claims about its apparent inability to protect its customers’ data), however, these companies have much to answer for. They provide the platform for their users to easily access the unlawful material and their efforts to deal with the issue have been lamentable. The delayed response or inaction of these companies in response to reports to them about this illegal activity has been a source of immense frustration for those affected. It is now over 3 years since the hacks of Jennifer Lawrence and others back in 2014 – yet the latest round of hacks demonstrates that the systems these companies have in place for dealing with such issues are still not fit for purpose.

The case for online platforms to answer

These photographs have been stolen – they are unlawful. They are invariably of a sexual nature and are invariably published without the woman’s consent (the photographs are almost exclusively of women). Their publication constitutes a breach of the woman’s privacy rights and a breach of her rights under European data protection law. Given that the photographs are self-taken, unauthorised publication also represents infringement of the woman’s copyright.

Copyright complaints are usually seen as the best method of securing swift removal of material from the web – at least from companies based in the U.S. This is because if those companies wish to avail of the safe harbour provisions contained in the Digital Millennium Copyright Act they must act expeditiously to remove the infringing material once being placed on notice of it. If they fail to do so, they are exposed to a liability of up to $150,000 for each instance of infringement (i.e. for publication of each photograph).

There has been much legal debate about what being placed on notice means (of the issue as a whole or of each specific instance) and what expeditiously means (i.e. what is a reasonable length of time to remove/block the material.) The online platforms require specific notification of each infringing URL before they will take action (Google makes complainants use its hopelessly inadequate “removals tools”). This usually forces the victim of the illegal activity to incur the cost of hiring professionals to police the internet and make individual complaints. The problem with this is not just one of inconvenience and cost, it is that modern technology makes a mockery of such action. The sites publishing the illegal material use software to auto-generate content, each with slight variations in the URL, so that as soon as one page is removed or blocked, another from the same site with a tiny variation in the URL takes its place in the search results or image results. A woman who has become a victim of one of these hacks is highly unlikely to be able to secure complete removal of the photographs from the web (given their digital nature and the speed with which they can be disseminated and downloaded and later uploaded somewhere else). The best she can hope to do at present is to significantly reduce circulation by limiting access to them. However, in order to do this, she will need much greater assistance from the online platforms than that which they are currently providing.

The sites/blogs publishing the photographs are often repeat, indeed prolific, offenders. They do not seek to hide the fact they are publishing hacked (i.e. stolen) photographs – indeed most of them proudly exclaim this fact in their titles and on their home pages. These sites are known to the search engines (because they have received thousands of complaints in relation to them) yet they continue to provide them with the life-blood the sites need to survive. By continuing to include them in their indexes they drive traffic to the sites and likely profit from advertising revenue generated by them.

Pressure for legislative reform

In the run up to the 2017 general election, many politicians were subjected to vicious online abuse and harassment. This led to a cross party committee recommending that the ‘Government should bring forward legislation to shift the liability of illegal content online towards social media companies’. The committee suggested that this be done upon the UK exiting the EU in March 2019.

Currently, social media companies do not have liability for the content on their sites, even where that content is illegal. The relevant legislation in the UK is the EU’s E-Commerce Directive (introduced 18 years ago i.e. before the main social media companies were even formed). The directive allows internet service providers and social media companies, to be exempt from criminal or civil liability when their services are used to commit an offence – for example, publishing or transmitting illegal content. This is because they are able to avail of the ‘hosting’ exemption, where the provider’s relationship to that content as a host is considered merely ‘technical, automatic or passive’. The hosting exemption requires that the company does not have knowledge of the illegal activity or information, and removes or disables access to it ‘expeditiously’ if it becomes aware of it. This has formed the basis for what is called the ‘notice and takedown’ model.

Member states are prohibited from imposing a general monitoring duty on service providers (Article 15 of the directive). The result is that the platforms take a passive, rather than proactive, in relation to identifying and removing illegal content.

In recent years, member states have diverged significantly in their legislative treatment of online platforms – last year Germany became the first EU member state to pass legislation creating time-specific takedown provisions for platforms (24 hours of being notified by a user) and introduced significant sanctions (up to €50m) for contravention.

While such reform would be an improvement on the status quo, it does not go far enough. Significant legislative change is needed. The online platforms must take more responsibility for the content listed, posted and shared on them. After all, it is they who profit from that content.

The time has come for legislators to realise that the platforms are not merely hosts - they use complex algorithms to analyse and select content on a range of factors. These companies are not lacking in resources – they have the technology (machine learning / automation techniques) and the ability to change their algorithms to stop such sites appearing in their search results or on their platforms.

Revising the legal framework will incentivise the prompt, automated identification of illegal content. It will also remove the current perverse incentives for online platforms to avoid any form of active moderation.

While they would not wish it to be known, these platforms are likely benefiting financially from the victimisation and harassment of women. They could easily introduce measures to immediately remove access to such illegal material and prevent it reappearing on their platforms. They have failed to do so because it does not suit their self-interest and because the current legal framework discourages them from taking such action. The law is out of date. It must be changed.

Onside Law advises the ECB on its new title sponsorship deal with Vitality

Onside Law is pleased to have advised long-standing client, the ECB, on its exciting new title sponsorship deal with Vitality in respect of T20 Blast, International T20 and recreational T20 cricket, supporting the game for men and women.  The new deal will cover the Vitality Blast for the next four years, as well as England men’s and women’s home IT20 series for two years.

ECB commercial director, Rob Calder, said: “We’re excited to be working with a partner who shares our enthusiasm and passion for T20 cricket. It’s the fastest growing format of the game, an integral part of ECB’s long-term strategy and has a critical role to play in bringing new people to the sport.

Vitality is an established brand in the sports marketplace with a proven track record of using sponsorship successfully to grow fan-bases and improve participation levels. They’re a natural fit for a partnership to drive interest and engagement in all our different T20 competitions at every level.”

Neville Koopowitz, CEO of Vitality, added: “We’re delighted to be partnering with the ECB for T20 cricket. T20 is a brilliant innovation that’s revolutionising the sport around the world.  This new sponsorship aligns with our own vibrant brand and fits with our desire to increase awareness and engagement among families and across all levels of the game while at the same time telling more people about Vitality.”

Onside Law’s Joe Tompkins and Jamie Singer advised the ECB on this deal.

Onside Law expands squad as former RFU CEO Ian Ritchie joins the team

We are pleased to announce that Ian Ritchie has joined as a consultant to the firm. Ian has had an extraordinary career with an outstanding mix of experience across business, media and sporting fields, after originally training as a barrister. His new role at Onside sees him doing a full circle back into the legal profession.

Jamie Singer, founding partner of Onside Law, said “We are delighted to welcome Ian to Onside Law, with his wide ranging CEO experience, including most recently at Wimbledon (the AELTC) and the RFU. We are very much looking forward to working with one of the most respected leaders in the sports industry.”

Ian Ritchie said, “Having worked with the team at Onside Law I know they differentiate themselves through their genuine ‘in house’ sector experience and first-class City law firm backgrounds. I am excited to take on this new role and use my knowledge and insight to assist the outstanding portfolio of clients at Onside”.

Ian will be working alongside our six partners to lend his specialist understanding of the sporting and media world for the benefit of the firm and its clients.

GDPR FAQ

As you may know, the General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and organisations will need to be compliant by that date. The GDPR has wide-ranging implications for businesses, and Adam Leadercramer and Sophie Wilkinson have produced a note which answers some of the FAQs we have received on the new law. Click the link below to read the note in full:

Onside Law – GDPR FAQ

Is it time to rethink our mistrust of common ownership of sports clubs?

Governing bodies of team sports take a very dim view of one owner taking significant stakes in two teams that compete (or even may compete) with each other.

The FA, UEFA, EPL, World Rugby, Premiership Rugby and EPCR all agree that the “potential” for collusion or foul play necessitates a ban on common ownership. When ENIC, an English investment vehicle for sports and media businesses, challenged UEFA’s rules on this issue, after it took stakes in AEK Athens FC and Slavia Prague, CAS confirmed that such restrictions, although blunt and restrictive, were “necessary and proportionate” to protect against any perception of collusion or conflicts of interest in football.

On the face of it, this all sounds perfectly reasonable. Who wouldn’t want to do everything possible to prevent unfair collusion between teams competing against each other? The thing is that all of these governing bodies already have detailed rules prohibiting such collusion. The Common Ownership prohibitions go one step further, to prevent investors already in the sport from a further investment on the basis that this makes it “more likely” rules will be broken.

This is quite a difficult philosophical position to justify. To what extent can, and should, society prohibit things that “might” make a rule more likely to be broken? Where do you draw the line? Should alcohol be banned from all sports stadia as various offences might be more likely to take place if it is available?

If we compare the position in other industries, we find that common ownership of competitors is, in fact, common. Competing brands are regularly under the same ownership, whether the household brands of Unilever and Proctor and Gamble, the domination of beer brands by InBev or Volkswagen’s ownership of Audi, Porsche, SEAT, Skoda and VW. Even highly regulated industries such as pharmaceuticals allow companies to own multiple competing brands. GSK owns four different pain relieving brands, all of which compete. Clearly breaches of competition law, distortion of free markets and collusion are more likely where competing brands are commonly owned. However, significant “potential risks” are tolerated before thresholds are reached where competition authorities take action to block mergers or acquisitions in a sector.

Returning to sport, many governing bodies “copper bottom” their common ownership protections by automatically determining an owner as failing their “fit and proper person test” simply because they have a significant stake in another club. Given the quality of some of those that have passed this test, is it equitable to fail someone simply because they have the passion, interest and financial resources to invest in more than one sports team? Could we take a more reasoned and forensic approach to whether an individual is fit and proper to influence a sports club?

Earlier this year we worked with Mohed Altrad, owner of French rugby club Montpellier Hérault Rugby, to see if protections could be put in place to allow him to take a significant stake in Gloucester Rugby Club.

Consent from various rugby authorities was needed as Montpellier and Gloucester could have qualified to play each other in either the European Rugby Champions Cup or European Rugby Challenge Cup. Our aim was to mitigate the greater potential for collusion by enhancing transparency, governance and integrity protections. Gloucester and Montpellier committed to put in place codes of conduct and ethics as well as new governance models to a standard far higher than the rules required. In addition,  commitments on transparency and independent audits, again far in excess of those required by existing rules, would allow the authorities much greater scope to police and enforce the rules against collusion that were already in place.

In Montpellier, Mohed Altrad’s investment had led to new training facilities, used by both the club and the local community, a refurbished stadium and a match squad now sitting second in the Top 14. Gloucester have been looking for additional investment ever since Martin St Quinton bought out Ryan Walkinshaw. The funds would have led to improvements in the stadium and pitch, as with Montpellier, to the benefit of the city and community, as well as investment in the playing squad. In return Altrad would use the investment and sponsorship to develop their UK business from a hub in the City of Gloucester.

Despite the potential benefits of the investment for Gloucester, its community and English rugby and all of the commitments re integrity and transparency, the potential risk of collusion was the justification for some members of Premiership Rugby to veto the investment.  As a consequence the deal fell away.

According to the Times only one of the 12 Aviva Premiership rugby clubs mustered a profit last year and a third of them are currently for sale or looking for substantial investment. With such a dearth of willing investors in the sport shouldn’t we do everything we can to facilitate investment when offered from legitimate sources?

If robust and realistic checks and balances can be put in place to protect against collusion and conflicts of interest, surely the question should be “how can we permit the deal”? Not “why should we”?

Sporting clubs are under greater scrutiny than ever before in the social media age and audits and data management are becoming more and more sophisticated. Governing bodies could, perhaps, have faith in the rules they so carefully craft and invest in the policing and enforcing of those rules….rather than excluding much needed investment over what “might” happen.

 Jamie Singer
Partner, Onside Law