hamburg – Techdirt (original) (raw)

from the one-good-ruling dept

The copyright world is currently trying to assert its control over the new world of generative AI through a number of lawsuits, several of which have been discussed previously on Walled Culture. We now have our first decision in this area, from the regional court in Hamburg. Andres Guadamuz has provided an excellent detailed analysis of a ruling that is important for the German judges’ discussion of how EU copyright law applies to various aspects of generative AI. The case concerns the freely-available dataset from LAION (Large-scale Artificial Intelligence Open Network), a German non-profit. As the LAION FAQ says: “LAION datasets are simply indexes to the internet, i.e. lists of URLs to the original images together with the ALT texts found linked to those images.” Guadamuz explains:

The case was brought by German photographer Robert Kneschke, who found that some of his photographs had been included in the LAION dataset. He requested the images to be removed, but LAION argued that they had no images, only links to where the images could be found online. Kneschke argued that the process of collecting the dataset had included making copies of the images to extract information, and that this amounted to copyright infringement.

LAION admitted making copies, but said that it was in compliance with the exception for text and data mining (TDM) present in German law, which is a transposition of Article 3 of the 2019 EU Copyright Directive. The German judges agreed:

The court argued that while LAION had been used by commercial organisations, the dataset itself had been released to the public free of charge, and no evidence was presented that any commercial body had control over its operations. Therefore, the dataset is non-commercial and for scientific research. So LAION’s actions are covered by section 60d of the German Copyright Act

That’s good news for LAION and its dataset, but perhaps more interesting for the general field of generative AI is the court’s discussion of how the EU Copyright Directive and its exceptions apply to AI training. It’s a key question because copyright companies claim that they don’t, and that when such training involves copyright material, permission is needed to use it. Guadamuz summarizes that point of view as follows:

the argument is that the legislators didn’t intend to cover generative AI when they passed the [EU Copyright Directive], so text and data mining does not cover the training of a model, just the making of a copy to extract information from it. The argument is that making a copy to extract information to create a dataset is fine, as the court agreed here, but the making of a copy in order to extract information to make a model is not. I somehow think that this completely misses the way in which a model is trained; a dataset can have copies of a work, or in the case of LAION, links to the copies of the work. A trained model doesn’t contain copies of the works with which it was trained, and regurgitation of works in the training data in an output is another legal issue entirely.

The judgment from the Hamburg court says that while legislators may not have been aware of generative AI model training in 2019, when they drew up the EU Copyright Directive, they certainly are now. The judges use the EU’s 2024 AI Act as evidence of this, citing a paragraph that makes explicit reference to AI models complying with the text and data mining regulation in the earlier Copyright Directive.

As Guadamuz writes in his post, this is an important point, but the legal impact may be limited. The judgment is only the view of a local German court, so other jurisdictions may produce different results. Moreover, the original plaintiff Robert Kneschke may appeal and overturn the decision. Furthermore, the ruling only concerns the use of text and data mining to create a training dataset, not the actual training itself, although the judges’ thoughts on the latter indicate that it would be legal too. In other words, this local outbreak of good sense in Germany is welcome, but we are still a long way from complete legal clarity on the training of generative AI systems on copyright material.

Follow me @glynmoody on Mastodon and on Bluesky. Originally posted to Walled Culture.

Filed Under: ai, copyright, copyright directive, germany, hamburg, laion, reading, robert kneschke, tdm, text and data mining, training
Companies: laion

from the cluelessness-über-alles dept

Back in September 2021 Techdirt covered an outrageous legal attack by Sony Music on Quad9, a free, recursive, anycast DNS platform. Quad9 is part of the Internet’s plumbing: it converts domain names to numerical IP addresses. It is operated by the Quad9 Foundation, a Swiss public-benefit, not-for-profit organization. Sony Music says that Quad9 is implicated in alleged copyright infringement on the sites it resolves. That’s clearly ridiculous, but unfortunately the Regional Court of Hamburg agreed with Sony Music’s argument, and issued an interim injunction against Quad9. The German Society for Civil Rights (Gesellschaft für Freiheitsrechte e.V. or “GFF”) summarizes the court’s thinking:

In its interim injunction the Regional Court of Hamburg asserts a claim against Quad9 based on the principles of the German legal concept of “Stoererhaftung” (interferer liability), on the grounds that Quad9 makes a contribution to a copyright infringement that gives rise to liability, in that Quad9 resolves the domain name of website A into the associated IP address. The German interferer liability has been criticized for years because of its excessive application to Internet cases. German lawmakers explicitly abolished interferer liability for access providers with the 2017 amendment to the German Telemedia Act (TMG), primarily to protect WIFI operators from being held liable for costs as interferers.

As that indicates, this is a case of a law that is a poor fit for modern technology. Just as the liability no longer applies to WIFI operators, who are simply providing Internet access, so the German law should also not catch DNS resolvers like Quad9. The GFF post notes that Quad9 has appealed to the Hamburg Higher Regional Court against the lower court’s decision. Unfortunately, another regional court has just handed down a similar ruling against the company, reported here by Heise Online (translation by DeepL):

the Leipzig Regional Court has sentenced the Zurich-based DNS service Quad9. On pain of an administrative fine of up to 250,000 euros or up to 2 years’ imprisonment, the small resolver operator was prohibited from translating two related domains into the corresponding IP addresses. Via these domains, users can find the tracks of a Sony music album offered via Shareplace.org.

The GFF has already announced that it will be appealing along with Quad9 to the Dresden Higher Regional Court against this new ruling. It says that the Leipzig Regional Court has made “a glaring error of judgment”, and explains:

If one follows this reasoning, the copyright liability of completely neutral infrastructure services like Quad9 would be even stricter than that of social networks, which fall under the infamous Article 17 of the EU Copyright Directive,” criticizes Felix Reda, head of the Control © project of the Society for Civil Rights. “The [EU] Digital Services Act makes it unequivocally clear that the liability rules for Internet access providers apply to DNS services. We are confident that this misinterpretation of European and German legal principles will be overturned by the Court of Appeals.”

Let’s hope so. If it isn’t, we can expect companies providing the Internet’s basic infrastructure in the EU to be bombarded with demands from the copyright industry and others for domains to be excluded from DNS resolution. The likely result is that perfectly legal sites and their holdings will be ghosted by DNS companies, which will prefer to err on the side of caution rather than risk becoming the next Quad9.

Follow me @glynmoody on Mastodon or Twitter.

Filed Under: article 17, copyright, digital services act, dns, eu copyright directive, felix reda, germany, hamburg, leipzig, liability, quad9, sony music, switzerland, wifi
Companies: quad9, sony music

German Court Places Limits On Mass Surveillance Enabled By Peter Thiel’s Palantir Software

from the mass-harvesting-still-problematic dept

Big data has always been big business but, in recent years, it’s also become big government business. The stuff advertisers like is also stuff the government likes. Millions of tax dollars have been fed to private companies offering government agencies a wealth of information they’ve never had access to before. Everyone carries a computer in their pockets these days, and the always-on nature of the internet creates a wealth of data that can be obtained, stored, and analyzed for less than pennies on the byte.

Peter Thiel’s Palantir rides the forefront of the government access wave. The CIA-backed data analytics company provides its services to a number of US agencies, including the rightfully reviled ICE (Immigration and Customs Enforcement). Palantir scrapes up everything that isn’t nailed down and serves it up to people with the power to stop, arrest, or kill persons of interest generated by proprietary algorithms criminal defendants are often denied access to.

If there’s a downside, it’s very limited. Private contractors are rarely sued for their contributions to mass surveillance. The directly responsible party is the government agency and a host of immunity options await those sued by those indiscriminately targeted by “collect it all” software.

That’s the way it works in the United States. In Europe, it’s a (slightly) different story. While courts may often defer to the national security concerns of acronymed agencies, they aren’t nearly as willing to allow private companies — even if employed by government agencies — to exercise the same amount of subjective discretion.

As Morgan Beaker reports for Ars Technica, a recent German court decision has placed limits on what government agencies can do with their Palantir-enabled surveillance. Handling a lawsuit filed in response to a law passed in Hamburg that granted the government permission to use Palantir’s powerful surveillance software, the court arrived at this conclusion:

A top German court ruled the Hamburg law unconstitutional and issued strict guidelines for the first time about how automatic data analysis tools like Palantir’s can be used by police, and it warned against the inclusion of data belonging to bystanders, such as witnesses or lawyers like (German attorney Britta) Eder. The ruling said that the Hamburg law, and a similar law in Hesse, “allow police, with just one click, to create comprehensive profiles of persons, groups, and circles,” without differentiating between suspected criminals and people who are connected to them.

That’s always been the problem with bulk collections and the software that enables these collections. Private companies are unwilling (or unable) to place limits on government (mis)use of their software. Private contractors aren’t necessarily supposed to understand the laws governing collections and government agencies are often given even more leeway to get things wrong. This results in over-collection which, when combined with an often minimal level of oversight, quickly turns into privacy violations never imagined by lawmakers dozens or hundreds of years earlier. That’s where the courts need to step in. And that has happened here.

But this decision doesn’t actually prevent German government agencies from utilizing powerful third-party surveillance tools. It simply adds guardrails for use of the data collected by Palantir and its competitors. And it only affects the single German state overseen by this court.

The court decision in Germany affects Hamburg, which was about to start using Palantir and now cannot use the company’s software until it rewrites its rules governing the way police analyze big data. Hesse, which has been using Palantir software since 2017, can keep using the platform under strict conditions but must rewrite its local legislation by September.

It’s not like it’s a loss, though. The decision can be cited elsewhere in Germany in other cases challenging Palantir-enabled data dragnets. And, while the decision did not directly target Palantir, the limitations it imposes means Palantir’s offerings can’t be used by Hamburg law enforcement until changes are made. In response, the company’s reps have offered up a grinning-through-gritted-teeth statement:

“We welcome the German Federal Constitutional Court’s efforts to provide clarity on the circumstances and ways in which police authorities can process their lawfully collected data to help keep people safe,” says Paula Cipierre, head of privacy and public policy in Palantir’s Berlin office.

This forced cheeriness is not represented in Palantir’s statements to its shareholders. As Meaker reports, its letter to shareholders last November openly complained about the European market and its supposed inability to engage in the sort of regulatory “flexibility” that allows Palantir to sell to multiple US agencies without having to fear being sued under local or federal privacy laws.

Grapes it is, then. Some sour. Some incredibly sweet and permissive. Palantir will remain successful, even if it has to stunt its products’ effectiveness to comply with local laws. Governments will never stop wanting access to data, especially when utilizing third parties gives them plausible constitutional deniability. Palantir will remain fully operational and profitable. This decision doesn’t directly affect it or its competitors. It only affects their customers. Maybe that will be enough to instigate a larger pushback against third-party-enabled surveillance in Germany, if not the rest of European Union. But even if it doesn’t, Hamburg residents are now slightly more insulated from government overreach.

Filed Under: germany, hamburg, law enforcement, privacy, surveillance
Companies: palantir

German Court Says CEO Of Open Source Company Liable For 'Illegal' Functions Submitted By Community

from the unclear-on-the-concept dept

We just had an article mentioning that Germany has a ridiculous (and dangerously anti-innovation) view towards secondary liability, in which the country’s courts often default to making third parties liable for actions they did not do. We noted that a court in Stuttgart had decided that the Wikimedia Foundation could be held liable for content submitted by a community member on the site, though only after the organization was alerted to the content (which still has significant problems for what are hopefully obvious reasons).

And now it appears that a court in Hamburg has gone even further, saying that the CEO of Appwork, a company that offers the open source JDownloader software can be held personally liable for “illegal” code that was submitted by an anonymous programmer, and which automatically showed up in the nightly build of the JDownloader 2 beta (not the officially released product). The code in question allowed JDownloader to record certain copy-protect streams, violating an anti-circumvention law. Appwork made it clear that it had no idea the functionality had been added, that anyone can contribute to the source and that it goes out automatically in the nightly build of the beta. Furthermore, the company carefully reviews the code and features of any official releases, and would have blocked such functionality from appearing in that code. All of this would lead most people to realize that it’s crazy to blame Appwork (and even crazier to blame the CEO).

But not the court, apparently. The court relied on the bizarre argument that since Appwork offers the product commercially, that makes it automatically liable for anything that appears in the open source beta. Basically, such a ruling will make it exceptionally difficult to have a commercial open source product in Germany, since you could face liability if someone contributes code that somehow is considered illegal. If these kinds of secondary liability rulings keep cropping up in Germany, the hot startup scene in Berlin may realize that the country’s outdated laws make it quite difficult to do anything all that innovative, especially if it involves any contributions from outside the company. Given how important community contributions are these days, that cuts off a huge amount of internet innovation from the German market.

Filed Under: germany, hamburg, jdownloader, jdownloader2, open source software, secondary liability
Companies: appwork