EFF Law Guide for Blogs and Bloggers

The EFF (Electronic Frontier Foundation) has a useful online

Legal Guide for Bloggers

which contains extensive FAQs (frequently asked questions [and answers]) covering blog and blogger liability and the legal rights and obligations of bloggers relating to:

IP (Copyrights, DMCA [Digital Millennium Copyright Act], Trademarks)
Right of Publicity
[and Libel]
Section 230 [see below]
Reporter’s Privilege
Election Law
Labor Law
Adult Materials

With respect to the above, Section 230 of the Communications Decency Act of 1996 (CDA), [which is part of the Telecommunications Act of 1996, see p. 78 in that linked pdf, Title 47 of the United States Code (47 USC § 230)], contains a very important provision. We cite the EFF comment thereto:

Section 230 says that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” This federal law preempts any state laws to the contrary: “[n]o cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section.” The courts have repeatedly rejected attempts to limit the reach of Section 230 to “traditional” Internet service providers, instead treating many diverse entities as “interactive computer service providers.”

As the EFF writes further:

“Bloggers can be both a provider and a user of interactive computer services. Bloggers are users when they create and edit blogs through a service provider, and they are providers to the extent that they allow third parties to add comments or other material to their blogs. “

“Your readers’ comments, entries written by guest bloggers, tips sent by email, and information provided to you through an RSS feed would all likely be considered information provided by another content provider. This would mean that you would not be held liable for defamatory statements contained in it. However, if you selected the third-party information yourself, no court has ruled whether this information would be considered “provided” to you. One court has limited Section 230 immunity to situations in which the originator “furnished it to the provider or user under circumstances in which a reasonable person…would conclude that the information was provided for publication on the Internet….”

[See the Wikipedia for a good short discussion of the CDA as well as Section 230, and note that some but not all of the CDA has been found to be unconstitutional. Some online sources give a false impression in this regard. For CDA cases involving libel and defamation see Internet Law.]

Keep in mind that the EFF expressly states that these FAQs apply only to bloggers in the USA:

I’m not in the United States – do these FAQs apply to me?
No. This legal guide is based on the laws in the United States, where there is a strong constitutional protection for speech. Many other countries do not have strong protections, making it easier to sue for speech. (See, for example, the BBC’s guide,
How to Avoid Libel and Defamation.) However, US courts are reluctant to enforce foreign judgments that would restrict your freedom of speech. So if you are sued in the United Kingdom for defamation, you might lose your UK case, but the winner would have a hard time collecting in the United States. If you know of a similar guide for your own jurisdiction or feel inspired to research and write one, please let us know. We can link to it here. We don’t have the expertise or resources to speak to other countries’ legal traditions, but we’d like to work with those who do. “

Technorati Tags:

, , , , , , , , , , , , , , , , , , , , , , , , , , .

Biometric Electronic Passports – USA European Union EU

Biometric Passports in the EU

As reported at the EU Observer, Germany has become the first of the EU Member States to comply with US requirements which mandate biometric passports (or plans for such) from visa waiver program (VWP) countries as of the end of October, 2005. The rules are:

“According to recent U.S. Department of Homeland Security press briefings and documents, the requirements for travelers wanting to enter the United States without a visa under the VWP are as follows:

June 26 [2005]: Travelers from VWP countries must present passports that are machine-readable for visa-free entry into the United States.
October 26 [2005]: Travelers from VWP countries with passports issued on or after this date must present passports with a digital photograph; VWP countries are required to produce passports with digital photographs and present an “acceptable plan” to issue passports with integrated circuit chips, or e-passports within one year.
October 26, 2006: Travelers from VWP countries with a passport issued on or after this date must present a passport with an integrated circuit chip, also known as e-passport, capable of storing biographic information from the passport’s data page, a digitized photograph and other biometric information.

The three requirements stem from legislation passed in 2002 by the U.S. Congress. The Enhanced Border Security and Visa Entry Reform Act of 2002 (a U.S. law also known as the Border Security Act) originally required that the government of each VWP country certify it had a program to produce tamper-resistant, machine-readable passports that incorporate a biometric identifier that complies with International Civil Aviation Organization standards by October 26, 2004. In mid-2004, Congress extended the deadline one year. The U.S. Department of Homeland Security, in recent months, has clarified requirements for continued participation in the VWP. ”

Citizens of countries which do not implement the new biometric passports by October 26, 2006 will lose their visa waiver privileges and have to apply for a visa.

See the German Federal Ministry of the Interior (Bundesministerium des Innern, BMI) for information in German about the new German electronic biometric passport, the ePass.

The German ePass [electronic Passport] is being issued pursuant to the European Union (EU)
COUNCIL REGULATION (EC) No 2252/2004 of 13 December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States

(and see also here) .

Netzpolitik.org refers to a German government hotline for citizens with questions about the new ePass. The information is also found at the BMI:

“Im Oktober werden die Passbehörden mit Plakaten und Flyern zur Information der Bürgerinnen und Bürger ausgestattet. Das BSI bietet bereits seit dem 1. Juni 2005 einen Bürger-Service zu technischen Fragen zum ePass an über die E-Mail-Adresse ePass@bsi.bund.de sowie eine ePass-Hotline. Die Hotline ist von 8 bis 17 Uhr unter der Nummer 01805-274 300 erreichbar (12 ct/min).”

As reported by EU Observer:

“The updated German passport comes with a concealed radio frequency identification (RFID) chip that stores personal information such as name and date of birth, as well as a digital facial image of the holder.”

As shown by this biometric passport, modern Germany has many faults and problems, but this land of engineers and scientists is still ahead of most countries in the Western world when it comes to putting certain aspects of modern technology and science into action.

U.S. Electronic Passports

The February 18, 2005 US proposed rule for its own electronic passports had already been issued as a final rule in part, excepting the electronic passport sections, which were just now finalized in the final rule issued by the US State Department on October 25, 2005. See Tech Law Prof Blog and also The U.S. Electronic Passport.

The Final Rule provides:

“The Department intends to begin the electronic passport program in December 2005. The first stage will be a pilot program in which the electronic passports will be issued to U.S. Government employees who use Official or Diplomatic passports for government travel. This pilot program will permit a limited number of passports to be issued and field tested prior to the first issuance to the American traveling public, slated for early 2006. By October 2006, all U.S. passports, with the exception of a small number of emergency passports issued by U.S. embassies or consulates, will be electronic passports.”

The RFID chip to be used for passports should not be confused by privacy advocates with RFID chips used to mark products for inventory or sale:

“The ICAO specification for use of contactless chip technology requires a minimum capacity of 32 kilobytes (KB). The U.S. has decided to use a 64KB chip to permit adequate storage room in case additional data, or biometric indicators such as fingerprints or iris scans, are included in the future. Before modifying the definition of “electronic passport” to add a new or additional biometric identifier other than a digitized photograph, we will seek public comment through a new rule making process.

The contactless smart chip that is being used in the electronic passport is a “passive chip” that derives its power from the reader that communicates with it. It cannot broadcast personal information because it does not have its own source of power. Readers that are on the open market, designed to read Type A or Type B contactless chips complying with International Standards Organization (ISO) 14443 and ISO 7816 specifications, will be able to communicate with the chip. This is necessary to permit nations to procure readers from a variety of vendors, facilitate global interoperability and ensure that the electronic passports are readable at all ports of entry.

The proximity chip technology utilized in the electronic passport is designed to be read with chip readers at ports of entry only when the document is placed within inches of such readers. It uses RFID technology. The ISO 14443 RFID specification permits chips to be read when the electronic passport is placed within approximately ten centimeters of the reader. The reader provides the power to the chip and then an electronic communication between the chip and reader occurs via a transmission of radio waves. The technology is not the same as the vicinity chip RFID technology used for inventory tracking of items from distances at retail stores and warehouses. It will not permit “tracking” of individuals. It will only permit governmental authorities to know that an individual has arrived at a port of entry–which governmental authorities already know from presentation of non-electronic passports–with greater assurance that the person who presents the passport is the legitimate holder of the passport.

The personal information that will be contained in the chip is the information on the data page of the passport–the name, nationality, sex, date of birth, place of birth, and digitized photograph of the passport holder. The chip will also contain information about the passport itself–the passport number, issue date, expiration date, and type of passport. Finally, the chip will contain coding to prevent any digital data from being altered or removed as well as the chip’s unique ID number. This coding will be in the form of a high strength digital signature. The contents of the data page of the traditional passport have been established by international usage and by ICAO. The chip will not contain home addresses, social security numbers, or other information that might facilitate identity theft.”

For blog postings on this and related topics see:

Tech Law Prof Blog on the US Final Rule on Electronic Passports
Freedom to Tinker on RFID
neuer-reisepass.de on the new ePass (in German)
PrawfsBlawg on RFID Tags
eLegal Canton on “Bring on the Biometrics”
Surpriv on RFID
NearWalden on RFID Privacy Cases with a link to the EFF
Bruce Schneier on Security with an article that appeared on the IHT
Ryan Singel at Wired News and “American Passports to Get Chipped” suggesting that privacy concerns are overblown.

Crossposted to EUPundit.

Technorati Tags:

, , , , , , , , , , , , , , , , , , , , , , , , .