dooced, canadian style

Posted on by No Comments ↓

A good article in The Lawyer’s Weekly about someone getting dooced in Alberta. The short version: Woman blogs anonymously about her supervisors and co-workers, but in a way that makes all of them easily recognizable to anyone in her work place. Oh, and things she says aren’t exactly nice. Her employer fires her as a result. Goes to arbitration and the termination is upheld. Perhaps not all that suprising. Anyway, some thoughts and tips from the article:

Although the dismissal was upheld in Alberta Union, not all Web 2.0 posts that an employer finds distasteful will provide grounds for discipline or termination. Blogging or Facebooking at work is one thing, but the general rule regarding discipline for off-duty conduct is that an employer is not the custodian of their employees’ private lives. Exceptions are made when, as it was found in Alberta Union, the posts irreparably harm the employment relationship. This can include conduct that:

• prevents employees from performing their duties satisfactorily;

• interferes with employees’ ability to work effectively with fellow co-workers;

• breaks confidentiality policies or employees’ duty of fidelity to the employer;

• harasses or defames management or fellow employees;

• deliberately attempts to undermine management’s ability to direct its workforce;

• harms the company’s reputation (however, rank and file employees may be held to a lower standard than those employees who hold higher positions of trust or responsibility).

Counsel should encourage employers to take measures to prevent the sort of conduct that attracts discipline in the first place. Having a discussion with employees is a good start. The general tenor of blogs and social networking sites is akin to casual conversation, and, naturally, many people will talk about work.

Unfortunately, as Alberta Union illustrates, many employees are unaware Web 2.0 conduct can affect their careers and attract legitimate sanction. Pointing this out to employees can save both the employer and the employee a lot of grief.

Alberta v. Alberta Union of Provincial Employees (R. Grievance), [2008] A.G.A.A. No. 20

chrome a windows killer? i doubt it

Posted on by No Comments ↓

Read an article in eWeek that left me scratching my head a bit. The nub below:

Google may be treading lightly with Chrome now, but the browser, combined with Google’s search and Apps, could end up being a big threat to Microsoft Windows’ market share.

Then later:

When Google accidentally leaked its Chrome comic book Sept. 1, reporters and analysts, including yours truly and my colleague Joe Wilcox, argued that Google could make Chrome the premier Web operating system by combining it with its market-leading search engine and increasingly popular SAAS (software as a service) applications. This would eventually constitute a threat to Windows.

And that would spell doom for Microsoft. It’s one thing to squeeze Microsoft out of the Internet game by dominating search and Web services. It’s another entirely to come after the software giant’s core operating system business, wielding the Web as your platform.

Must admit I have a lot of trouble seeing that, as I would have thought in order to supplant Windows, it would need to be gone, and to go from a browser that sits on an o/s to replacing the o/s seems to be a rather large leap. A huge leap, actually.

What they’re suggesting might happen is already a possibility today. There is definitely something that can supplant Windows altogether, and provide access to all the web-oriented apps, etc. that Google offers. Its cheap (sometimes free), stable and has pretty good UIs – in fact, a selection of UIs and different flavours. Its called Linux. However, for a variety reasons, it hasn’t kicked Microsoft’s ass yet (at least on the desktop – there are a few areas where it definitely does, such as web and other server functions).

To suggest, then, that, because Google has come out with a browser, that that will lead to the supplanting of Windows seems, IMHO, to be a bit far-fetched. I’m not suggesting that Google wouldn’t have the wherewithal to try to go after the desktop. They may do so. Though I’m not sure if they’d want to – they have a pretty good business model already…

Anyway, if and when they do something like that it will be so much larger an undertaking than Chrome that the links between that and Chrome would be tenuous at best, other than possibly bundling Chrome within whatever o/s they create.

Even possibly on the application front, I can see Google putting some pressure on MS, and how this might tie with Chrome. But not the o/s on which the whole thing runs.

So I think for the time being, Bill and Steve probably don’t have much to worry about with Chrome’s introduction, at least when it comes to the o/s business (IE on the other hand, is another matter altogether…).

google announces new browser

Posted on by No Comments ↓

Most of you probably already have heard that Google has officially announced its new browser, Chrome, which will be released to the public (in beta form) later today. It is an open source project that has a very, very interesting set of features that enhance security, privacy, speed and stability, including  multiprocessing architecture.

You can read more about the features in the comic that Google has published to walk you through it. What a great approach. Wikipedia also has a bit of a compressed summary of the new features as well, which is a bit quicker to get through than the comic.

Will be very interesting to see how this browser does. I imagine it likely will be quite good, given most of the stuff that Google has offered. That being said, I was a bit concerned as to what this meant for Mozilla, whose existence (or at least revenue) I understand depends significantly on its relationship with Google, which is now, effectively, a competitor of sorts. Mozilla’s CEO has already posted his reactions to Chrome. Whether or not it turns out to be a good thing or bad thing remains to be seen – there are already a few folks who have alluded to the possibility of a Google “monopoly” and/or anti-competitive behaviour through Chrome. IMHO I think that’s rather unlikely.

At the end of the day, though, I think this will only serve to enhance the choices people have, browser wise, and improve things all around. Though I’m hoping it will not lead to the demise of Mozilla. I like Mozilla. And of course Firefox.

Update: Alas several hours later no Chrome love for yours truly. If you haven’t given it a shot by all means do so and let me know if you get through. I imagine that’s what happen when a billion or so people try to download the same thing, notwithstanding Google’s massive pipes and data centres. (see below) Also, saw a great story in The Register, that poked a bit of fun at Google. A little sample that, coincidentally, fits right in with the law-related theme of this blog:

Further update: Seems I had a bad link. Tried again (googled) and was able to download from a different URL. Very easily, actually. But, alas, apparently need to close the browser I’m using to install…

Further further update: Installed and running. So far, so good. Rather bare bones but impressive memory footprint, and very snappy, both on launch and, well, pretty well everything else. A very simple and straightforward approach that doesn’t have a million options, choices and tweaks, or nifty integrations (a la Flock). Miss my plugins though. And not surprising there don’t appear to be any for Chrome right now, at least AFAIK.

Another update: Works well but does not play well with Facebook – some links/features just don’t work.

arbitrary electronic search & seizure + canadian border = ok

Posted on by No Comments ↓

Following the judgement and policy confirming that US customs can conduct searches without suspicion, some of my colleagues in the trade group at McCarthy have published an e-Alert that describes Canadian authorities’ approach to searches of electronic devices at the Canadian border:

CBSA has yet to publish a report detailing its policy on border searches of electronic devices. That said, the CBSA has stated that its examination authority under the Customs Act extends to electronic storage devices. Other sources of information also suggest that they, like their American counterparts, do not accord electronic devices special status at the border. For example, the Canadian Customs Act broadly defines “goods” to include “any document in any form”, suggesting no special treatment for electronic documents. Canadian case law also supports this interpretation. In a 2008 Ontario Court of Justice decision, the Court stated that it saw no intrinsic difference between a computer search and a detailed examination of the contents of one’s suitcase.

2. Searches Without Suspicion

Given their characterization as ordinary goods, it follows that a border official can search travelers’ electronic goods even in the absence of suspicion regarding the traveler or the electronic device.

The article also provides some background on the situation with the US, confidentiality regarding information obtained from such searches, ability to detain electronic devices for further inspections, privileged information, and some thoughts on how to protect your information.

If you cross the border frequently with sensitive business information, it is well worth a read, as is my previous post on the US policy.

wired survey on iphone 3g speeds worldwide (including canada)

Posted on by No Comments ↓

As the title suggests, Wired has published an article on iPhone 3G speeds worldwide. Us Canucks seemed to have fared relatively well:

# Canadian carriers Rogers and Fido tied for second fastest with an average download speed of about 1,330 Kbps on average.

That’s second worldwide by carrier. T-Mobile in Europe won the prize with average speed of 1,822 Kbps while AT&T in the US averaged a somewhat sad 990.

That being said, even the slow, slow bandwidth in ths US is a wee bit faster than the turtle-like (comparatively speaking) max 120 Kbps that Rogers’ EDGE provides.

Time to go get an iphone. Or maybe a Bold.

gpl compliance guide released

Posted on by No Comments ↓

The Software Freedom Law Center has just released “A Practical Guide to GPL Compliance“. For those not familiar with the SFLC, it is a group that helps to protect free and open source software (or “FOSS”), including advancement of claims against those who infringe open source licenses such as the GPL.

The guide is helpful in navigating through some of the more technical issues regarding GPL compliance, and in addition does offer some advice on best practices generally regarding software development to avoid problems later on. For example, the following is good advice generally on implementing development controls to avoid possible infringement issues:

The companies we contact about GPL violations often respond with: “We didn’t know there was GPL’d stuff in there”. This answer indicates a failure in the software acquisition and procurement process. Integration of third-party proprietary software typically requires a formal arrangement and management/legal oversight before the developers incorporate the software. By contrast, your developers often obtain and integrate FOSS without intervention. The ease of acquisition, however, does not mean the oversight is any less necessary. Just as your legal and/or management team negotiates terms for inclusion of any proprietary software, they should be involved in all decisions to bring FOSS into your product.

Simple, engineering-oriented rules help provide a stable foundation for FOSS integration. Ask your software developers to send an email to a standard place describing each new FOSS component they add to the system, and have them include a brief description of how they will incorporate it into the product. Make sure they use a revision control system, and have store the upstream versions of all software in a “vendor branch” or similar mechanism, whereby they can easily track and find the main version of the software and local changes made.

Such procedures are best instituted at your project’s launch. Once a chaotic and poorly-sourced development process has begun, the challenges of determining and cataloging the presence of GPL’d components is difficult. If you are in that situation, we recommend the Fossology system, which analyzes a source-code base and produces a list of FOSS licenses that may apply to the code. Fossology can help you build a catalog of the sources you have already used to build your product. You can then expand that into a more structured inventory and process.

Similarly, some helpful advice on dealing with other inbound vendors whose work you will be incorporating:

With ever-increasing frequency, software development (particularly for embedded devices) is outsourced to third parties. If you rely on an upstream provider for your software, note that you cannot ignore your GPL compliance requirements simply because someone else packaged the software that you distribute. If you redistribute GPL’d software (which you do, whenever you ship a device with your upstream’s software in it), you are bound by the terms of the GPL. No distribution (including redistribution) is permissible absent adherence to the license terms.

Therefore, you should introduce a due diligence process into your software acquisition plans. This is much like the software-oriented recommendations we make in § 3. Implementing practices to ensure that you are aware of what software is in your devices can only improve your general business processes. You should ask a clear list of questions of all your upstream providers and make sure the answers are complete and accurate. The following are examples of questions you should ask:

  • What are all the licenses that cover the software in this device?
  • From which upstream vendors, be they companies or individuals, did you receive your software from before distributing it to us?
  • What are your GPL compliance procedures?
  • If there is GPL’d software in your distribution, we will be redistributors of this GPL’d software. What mechanisms do you have in place to aid us with compliance?
  • If we follow your recommended compliance procedures, will you formally indemnify us in case we are nonetheless found to be in violation of the GPL?

This last point is particularly important. Many GPL enforcements are escalated because of petty finger-pointing between the distributor and its upstream. In our experience, agreements regarding GPL compliance issues and procedures are rarely negotiated up front. However, when they are, violations are resolved much more smoothly (at least from the point of view of the redistributor).

Consider the cost of potential violations in your acquisition process. Using FOSS allows software vendors to reduce costs significantly, but be wary of vendors who have done so without regard for the licenses. If your vendor’s costs seem “too good to be true,” you may ultimately bear the burden of the vendor’s inattention to GPL compliance. Ask the right questions, demand an account of your vendors’ compliance procedures, and seek indemnity from them.

Lastly, the guide helps to identify the “costs” of GPL software – there may not necessarily be a license fee, but there will be time and effort involved in complying with terms, as well as risks associated with such compliance, such as cohesion (or lack thereof) with your overall business strategy. For developers, becoming familiar with compliance requirements will allow for better decisions to be made, including more accurate comparative assessments of the overall costs associated with GPL relative to, say, proprietary alternatives. And it is definitely better to figure these sorts of things out sooner in the process, rather than learning about them say, when someone is doing a due diligence review of your organization.

net neutrality – fcc order against comcast released

Posted on by No Comments ↓

As most of you probably know, the US FCC and its members released a series of press releases at the beginning of August announcing its order against Comcast in respect of its “network management” activities in relation to P2P networks, but not releasing the order.

Well, apparently the order (PDF) has now been released. Haven’t had a chance to read it yet. Should be interesting, particularly given the same or similar developments with Bell and Rogers up here in Canada.

Noticed first on Lessig’s blog and of course in the time I’ve written a tiny little entry he has already churned out a five page letter thanking the FCC

I have a number of half finished posts on the question of net neutrality that haven’t been made public – mostly because they get unbearably long but still don’t do the topic justice. There are other reasons as well but perhaps I will get into it more if and when I decide to finally post something. Suffice it to say that I honestly don’t think the issue is black and white (and hopefully will not be caught in the “if you’re not for us, you’re against us” mentality).

open source and copyright

Posted on by No Comments ↓

I was intrigued by the title of this artlce in Wired News (which was by way of AP): “Court says copyrights apply even for free software”

Sounded intriguing. Particularly the intro, where it stated that “[i]n a crucial win for the free software movement, a federal appeals court has ruled that even software developers who give away the programming code for their works can sue for copyright infringement if someone misappropriates that material. Interesting, though surprising, since I was of the understanding that it was long settled that software, whether open source or otherwise, was subject to copyright.

I then started reading the article’s analysis of the decision:

Because the code was given away for free, thorny questions emerge when a violation has been discovered and someone is found to have shoved the code into their own for-profit products without giving anything back, in the form of attribution and disclosure of the alterations they made.

Hmmm. That doesn’t sound quite right, as that implies that the fact that there wasn’t a price for the code (or rather the right to use the code) is what gave rise to dispute. In other words, it suggests that because you haven’t paid, the obligation to attribute and disclose alterations may not necessarily be enforceable.

So I decided to take a quick peek at the case. Not quite right. The developer, in this case, was trying to get an injunction (a court order that forces the other party to stop doing something, failing which they get thrown in jail). In order to get an injunction, the person seeking it must show that if the court doesn’t grant it, they will suffer “irreparable harm”. Usually, the burden will be on the person seeking it to demonstrate. However, there is US case law that basically says that in the case of copyright claims, irreparable harm is presumed (subject to certain conditions). In other words, it makes it quite a bit easier to get an injunction.

So, the applicability of copyright in this case was of primary importance as it would determine whether or not the developer would be able to get an injunction, not “because it’s easier to recover monetary damages in a copyright-infringement case” as the article states.

Anyway, it turns out what was at issue in the case really had nothing to do with whether or not the software was open source, or whether or not there was a price associated with it. Instead, it was focused on the very fine (as in detailed-oriented rather than nice) distinction between a condition in a contract and a covenant.

The way a license works is that it grants to the user, through a contract, certain rights to use, copy, etc. the software, but only those rights. So, if you don’t have a contract and use or the software, then you don’t have any rights to do so. That would be a violation of copyright law. Similarly, if you exceed the rights granted to you, that would also be a copyright infringement.

Finally, we come to conditions. Another word that is often used to describe these are provisos. These are things in a license that are tied to the grant of rights – in other words, if you don’t do them, then you don’t have the rights. Its like the “if… then” structure in programming. If you do A, B and C, then you can use the software. And of course, if you don’t, you can’t. Sometimes also worded like this: “You can use the software, provided you do A, B and C”. The effect then, is that if you don’t do A, B and C, then you don’t have a right to use the software. And if you don’t have the right and you use it anyway, then once again you will be infringing copyright.

The “heart” of the case, as the court described it, wasn’t whether or not the software license was paid for or not, but rather whether or not certain obligations to attribute the software to the developer and provide modifications were conditions or rather merely covenants. The distinction is important because a covenant is an obligation that is not tied to the license grant. In other words, if you don’t perform a covenant, you don’t lose your rights to use the software. Sure, you are in breach of the software license, and can be sued for damages, but the key difference is that you are not infringing copyright, since it is not tied to the grant of rights to use the software.

In this case, the defendant was saying that the obligations they breached were only covenants. Therefore, no copyright violation. Therefore, no presumed irreparable harm. Therefore, no injunction. The district court agreed with this.

However, the court of appeal corrected this. Perhaps not surprising, given that the license in question had language such as

The intent of this document is to state the conditions under which a Package may be copied.

The court of appeal further remarked that

The Artistic License also uses the traditional language of conditions by noting that the rights to copy, modify, and distribute are granted “provided that” the conditions are met.

In short, the decision has less to do with open source and more to do with contractual interpretation – in this case, the distinctions between conditions and covenants. The same dispute could have just as well arisen for typical commercial software.

So is this a “crucial win” for the open source community? No, probably not. However, it does serve to illustrate the importance of clear and well-drafted licenses. If you are a developer and want to make sure your software cannot used without the licensee doing certain things, your license must clearly identify those things as conditions.

Almost forgot – for those so inclined, a link to the case (PDF).

Update: I was surprised to see that Lawrence Lessig commented on this same case as being “huge and important news”. Which to me is somewhat surprising, given my comments above. In brief, he noted:

In non-technical terms, the Court has held that free licenses such as the CC licenses set conditions (rather than covenants) on the use of copyrighted work. When you violate the condition, the license disappears, meaning you’re simply a copyright infringer. This is the theory of the GPL and all CC licenses. Put precisely, whether or not they are also contracts, they are copyright licenses which expire if you fail to abide by the terms of the license.

However, the issue – at least the one that seemed to be argued on appeal – was not whether or not free or open software licenses per se could attract copyright violation if they were not adhered to, but rather the more pedestrian question of whether the obligations in the license in question actually constituted conditions as opposed to covenants. Hmmm.

Further update: I had pulled this post for a while because time and time again I kept reading how this was a big win for open source and was rethinking the above. While I certainly think the appeal decision was the right one, I don’t think this should be thought of as a big win for open source, since the findings would seem to apply to any license – i.e. its somewhat like celebrating a victory for bicycle riders because a judge has found that all wheeled vehicles are legal in a case that happens to be about a bicycle being illegal. Anyway, I do plan another post on this one, but more on the reactions and analyses that I’ve been reading rather than the decision itself.

premature cuil punditing

Posted on by 4 Comments ↓

I was a bit surprised to read all the hype (or anti-hype, if there is such a thing) on cuil – the new search engine that debuted just a few days ago. I read an article in the paper this morning on it, pronouncing it to be failure. Then this in Time, also declaring it not to live up to Google:

“Anybody who thought [Cuil] was this Google killer can really see now that no, that’s not going to happen today — and the likelihood is that’s not going to happen a year from now,” says Danny Sullivan, internet search guru and editor-in-chief of SearchEngineLand.

Yes, I do understand that things happen faster on all things internet, but c’mon, pronouncing them DOA in less than a week after their launch? Seriously?

Let’s do a bit of a reality check. Sure, the folks behind cuil have some great credentials – previously engineers at Google, developers of AltaVista, etc. etc. But you’re comparing a startup with a few million in VC money with the 800 lb gorilla of the internet. An 800 lb gorilla that has been around for many, many years. And which has been able to grow its revenue into the billions. And which has been able to invest huge chunks of that revenue into its technology and infrastructure.

So when people say cuil, less than a week out of the gate is no Google killer, it seems to be that the appropriate response is “Duh. Of course not.” Where was Google a week after it launched?

Anyway, perhaps it’s more of a knee-jerk reaction to what people have described as the “hype” surrounding the startup – that commentators want to be seen as not buying into it. But making such broad pronouncements so early? A little premature if you ask me.

asp issues

Posted on by 1 Comment ↓

Will keep this short – I was reading an article (whose authors will go unnamed) describing some recent trends in software licensing and issues arising from those trends. One trend that was highlighted was the change from licensing of software to be installed and operated by a licensee (with maintenance and support from the licensor) to a vendor-hosted model (or “application service provider” or “ASP” for short), where the vendor instead sets up the software on its own machine and the vendor’s customers then make use of the software remotely – often through a browser, but sometimes through other “thin” clients.

What was the primary issue they identified? To make sure you get acceptance testing. Hmmm. Well, hate to disagree but I would think there might be a few others that might be at least (if not more) important. So, without further ado, some thoughts on what to keep an eye out for if you are thinking of signing up to an ASP service, in no particular order:

Your Data – Will your ASP be storing your data? Will it be your primary repository of your data? Is your data important? Does your data contain sensitive, confidential or personal information? If so, then you should make sure that your ASP is handling your data appropriately, including giving adequate assurances that it is only used for providing the service (and not anything else) and that appropriate security measures are taken to protect it, such as encrypted communications when sending/receiving as well as encrypted storage. We’ve all read the recent horror stories about certain large corporations who have misplaced, lost, or inadvertently disclosed sensitive data, such as credit card numbers. Make sure it isn’t your company making the headlines.

Service Levels and/or Easy Outs – Addresses the same issue as acceptance testing but in a different way. Typically one big advantage of ASPs is that there is no big upfront licensing fee and therefore no big upfront capital to invest, or risk regarding that capital investment in the event the software doesn’t do what it was expected to do. Thus, the concept of acceptance testing was invented to address this big upfront risk, with the thinking that you get to kick the tires extensively before you hand over the the truckload of cash. And if the testing doesn’t pan out, you don’t pay. OTOH, ASPs usually involve a periodic (typically monthly) payment which is much smaller. In effect, the monthly service fee can be thought of as a replacement for: (1) the amortized cost of the initial license fee; (2) maintenance and support; (3) investment in hardware and infrastructure; and (4) additional people costs on the vendor side, to keep (3) up and running. Very often this is a win-win situation, since vendors can often achieve economies of scale by running a large number of instances centrally at one dedicated data centre (and ironically to some extent harkening back to the days of mainframes + terminals – but I digress) and offer very attactive savings over what it would otherwise cost a customer to maintain the application in-house.

Anyway, the point being that there is less upfront risk with an ASP solution, provided of course, you’re: (a) not locked in to a 50 year contract; or (b) you have really good assurances that the software will be up and running as needed when you need it. Its good to have both, but at the same time it can also be thought of, to some extent, as an either-or proposition – if you can arrange for a month to month contract, then if the ASP stinks, just terminate and go elsewhere. Alternatively, if you get ironclad service levels (including significant credits and termination rights) then you might be willing to commit longer. Of course, you’ll also need to ensure that you have the ability, in the case of a month to month agreement or termination rights, to move to another service easily, and to get your data back, etc. But I’ll leave that for another time.

Anyway, not necessarily saying that acceptance testing isn’t important (and in fact if you need to spend a ton of money to have the vendor customize a solution for you it may still be very important) but just a couple of other issues to keep in mind.