RapidShare publica un "manifiesto antipiratería" para cyberlockers
Motivado por el caso Megaupload, el servicio con asiento en Suiza lanzó este manifiesto a modo de guía para cyberlockers y sitios de cloud-hosting
Megaupload sigue trayendo consecuencias para servicios análogos a los que prestaba la empresa de Kim DotCom, tanto es así que RapidShare lanzó un manifiesto con algunos items, en los cuales hace ver su fuerte deseo de colaborar en la batalla contra la piratería, así como su esperanza de no correr la misma suerte que otros cyberlockers, incluso si debe renunciar a algunas cuestiones de privacidad.
El decálogo, un documento de 4 páginas llamado por la compañía “Prácticas responsables para servicios de almacenamiento en la nube“, parte de una suerte de visión global de la compañía: RapidShare se ve a si misma como un servicio de cloud-hosting, semejante a DropBox, y como el almacenamiento en la nube es una tendencia que va en alza, es perfectamente probable que el servicio suizo tenga en sus servidores material con copyright. En este sentido y de un tiempo a esta parte, RapidShare se ha caracterizado por un enorme compromiso por limitar las violaciones a los derechos de autor.
Daniel Raimer, ejecutivo de la compañía, manifestó que “RapidShare siempre ha sostenido su obligación de proteger la propiedad intelectual y los derechos de autor de los creadores. El anuncio de hoy lleva esa obligación a un nuevo nivel“.
Esta lista que regla el “deber ser del buen cyberlocker” tiene numerosos puntos en común con la legislación DMCA estadounidense, aunque en otros puntos RapidShare redobla la apuesta y repercute en la privacidad de sus usuarios. Algunas recomendaciones implican, por ejemplo, setear los archivos como privados a fin de no poder compartirlos, pero otras le dan suficiente poder a un autor como para dar de baja alguna cuenta que esté sospechada de alguna infracción. Aquí extractos de algunos párrafos y, abajo, el documento completo:
“Los servicios deberían dar de baja las cuentas de usuario (…) cuando suficientes autores hayan cuestionado la conducta de los poseedores de estas cuentas”.
“Los servicios deberían pedir cuentas de correo válidas (…) Ante la eventualidad de que los autores información sobre las cuentas de usuario por procedimientos legales”.
“Lo servicios no deberían premiar a sus usuarios de acuerdo al volumen de descargas, a menos que los servicios crean en buena fe que esos usuarios utilizan el almacenamiento apropiadamente…”
“Las políticas de privacidad deberían permitir a los proveedores de servicios el derecho a inspeccionar los archivos de los infractores o aquellos acusados de cometerlas”.
Responsible Practices for Cloud Storage Services
Introduction
Cloud storage services have become an important feature of modern computingplatforms, with increasing worldwide reliance upon mobile devices and location-independent enterprise computing. Cloud-based storage is becoming a necessarycomponent of any mobile business or lifestyle. For example, there are significantsecurity risks associated with local storage on computers, devices, or storage mediathat can be lost or stolen: a laptop or thumb drive left behind on a plane can expose itsowner both to loss of all data or to persistent, undetectable attacks on the security of thedata.Workers who travel often prefer to rely on computers and devices available locally attheir destinations without carrying their equipment and data with them. Employers maymake select documents available to their employees via third-party services so that, insensitive locations, the employees need not expose their network traffic to others.Publishers may to make their works widely available using cloud-based storage as anefficient and cost-effective alternative to direct hosting. Collaborators may shareprojects and large files with each other in a location where no single person controls theplatform. There are countless other existing uses for cloud-based storage, and newuses are constantly evolving.While cloud storage has been available for years, with a variety of well established andnewer companies providing it, certain high-profile cases have put cloud storage in aspotlight. Some accuse customers of cloud storage services of misusing those servicesto carry out copyright infringing activities. Some cloud storage providers also standaccused of encouraging and exploiting those customers
’ abuses.
RapidShare has faced its own controversies, but for years now it has been workingdiligently on multiple fronts to distinguish itself as an important and responsiblecompany in this growing industry.Because any customer can misuse these services to engage in wrongful conduct,including copyright infringement, RapidShare, like other operators of such services, hasa strong reputational interest in actively promoting legitimate uses, and discouragingillegitimate uses, balancing the needs for safe, reliable, and private storage and
communications with respect for intellectual property and the public interest inreasonable enforcement. For that purpose, RapidShare publishes this first industrymanifesto of Responsible Practices for Cloud Storage Providers. It welcomes debateand further discussion that balances the legitimate expectations of all stakeholders,including copyright holders, service providers, customers, and the public.
1. It goes without saying that cloud storage services should take all stepsnecessary to qualify for the safe harbor for hosting services under the U.S. DigitalMillennium Copyright Act.
That safe harbor under American law sets standards forany company around the globe that wishes to access the American marketplace andprovides protection for any such company against monetary awards and broadinjunctions. Among those standards are:a. Expeditious removal or disabling of access to allegedly infringing materialor activity
upon a properly formed notice.b. Designation of an agent to receive notifications of claimed infringement,with an appropriate filing in the U.S. Copyright Office and notice clearly available on theservice itself.c. Publication and implementation of a policy calling for termination, inappropriate circumstances, of account holders or subscribers who are repeat infringers.d. Expeditious removal or disabling of access to infringing material or activitywhen the provider gains knowledge of an infringement or facts or circumstances makethe infringement apparent.e. Accommodation of, and non-interference with, any industry-standardcontent protection technologies.f. The strict avoidance of any direct financial benefit from infringing activityor infringing material.g. The exercise of any right and ability to control infringement by users tobring about the cessation of such infringement.
2. Responsible cloud storage service providers will take a number of steps togo above and beyond safe harbor practices for the protection of copyrightholders. They include:a. No second-guessing or evaluating of claims made in properly formedtakedown notices.
The DMCA safe harbor allows the users themselves to defend theirown conduct; the cloud storage service provider need not take on itself a role of judge.The service provider must step out of any dispute between a copyright claimant and anaccused user, without taking
anyone’s side.
b. Protection against restoration of suppressed materials.
Cloudstorage service providers should make efforts to detect repeated efforts by users tostore materials that the service provider previously deleted or disabled based ontakedown notices, unless the users provided properly formed counter-notifications.
Thismeans that service providers must determine, to the extent technically feasible, uniquesignatures of disabled files and scan new files for identical signatures.
c. Attention to compromised or improperly disseminated usercredentials.
Cloud storage service providers should actively review major public
providers of access credentials of encrypted files and disable file access to those fileswhere it appears that those credentials might be compromised or improperly published.
d. Rare compensation to customers based on download volume.
Services should not provide compensation to users based on download volume unlessthe services have a good-faith belief that those users are properly using the storageplatform to monetize dissemination of their own, or authorized, material.
For example,some recording artists have adopted cloud storage services as a vehicle for monetizingtheir own works. This type of new business model deserves support while it does not justify giving malefactors a reward for their misbehavior. These monetizationrelationships should be custom designed and there should be individualized oversight ofthe enrollment process.
e. Termination upon substantial body of accusations without proof ofinfringement.
Services should terminate account holders or subscribers not merelyupon proof that they are infringers but when sufficient copyright holders have calledtheir conduct into question. In such cases, services deserve an explanation from theusers as to why the suspicions are unfounded.
f. Valid, current e-mail addresses of subscribers and account holders.
Services should require valid e-mail addresses of subscribers and account holders inorder for them to register new accounts. In the event a copyright holder seeks accountholder information through valid legal procedures, the service should have access tovalid e-mail address information to furnish in response, which may facilitate an inquiry tothe e-mail service provider. The service should periodically test the validity ofsubscriber e-mail addresses and require updating of obsolete email addresses in itssystem.
g. Trained customer service personnel
. Services should train theircustomer service personnel to avoid interactions with customers that appear to pertainto copyrighted material of others.
h. Default settings for stored files: only for private access of thecustomer.
To the extent customers seek to expose files to others or to the public, theyshould have to override the default setting or provide access credentials to a trustedcolleague.
i. Deletion.
Customers should have the ability to delete their own files andaccess to their own files for their protection and for the avoidance of sharing.
3. Responsible cloud storage service providers should be readilyaccessible and complainant-friendly for both notifications and legal process.This includes the following:a.
Robust staffing of a well trained anti-abuse team to respond tonotifications of claimed infringement.
Service providers must deploy personnelsufficient to handle the volume of notifications that arrive, without persistent backlogs.Spikes in volume of notifications must lead to additional emergency staffing andovertime, subject only to employment law limitations on hours and working conditions.
b. Services should be amenability to service of process.
Serviceproviders should either reside in a country that belongs to the Hague Convention for theService of Process Abroad or should voluntarily comply with requests to waive service
of process with respect to subpoenas for user information. They should also reside in a jurisdiction that shows respect for copyright law.
c. Collaboration to facilitate notification process.
Where a copyrightholder has developed a history of frequent or large-scale notices, the service providershould offer it an opportunity to collaborate with the service provider to build anotification tool to automate creation of DMCA-conforming notifications of claimedinfringement in a way that will ease burdens on copyright holders and facilitate speedierhandling of those notifications by the service provider.
d. Visible management.
Service providers should make public the identitiesof the persons in its top executive ranks. Knowledgeable representatives of thecompany should be available for press, customer service, and sales inquiries.
e. Visible policies.
Service providers should make clear their privacypolicies and details about information that is available to them about their accountholders or subscribers and other users.
f. Inspection as last resort.
While cloud storage service customersnormally have a right to expect privacy of their stored materials that they have notshared publicly, privacy policies should establish that service providers retain the rightto inspect files of repeat accused infringers or ac
cused violators of the service’s terms of
service who, after reasonable notice to them by the service provider, have made nogood-faith counter notifications or efforts to justify their conduct as non-infringing or as
not violating the service provider’s te
rms of service. A service provider shall serve
notice on the customer two weeks before any such inspection, at that customer’s last
known e-mail address, giving the customer sufficient time to oppose inspection orvoluntarily to remove its materials from the service.
