Chapter 3: User-Generated Content Alternate Title: ALA Office for Intellectual Freedom et al. | |
Eli Neiburger | |
|
|
Abstract |
The emergence of Web 2.0, with its emphasis on user-generated content, has tremendous potential for library marketing, services, and community building. However, the open nature of these communications and the ambiguous nature of authorship creates major privacy and security challenges. This chapter of Privacy and Freedom of Information in 21st-Century Libraries examines those issues in depth, and provides best practices for addressing some uncertainties. |
So, here we are in the twenty-first century! Isn't it great? We've got picturephones in our pockets, dancing bipedal robots, high-definition digital television, international space stations, large hadron colliders, and even an electric car or two. No jetpacks yet, but I hear they're coming. And we've got this thing called Web 2.0, which supposedly unites all human knowledge and creativity into one vast hyperlinked knowledge space or something, right? I read about it on Wikipedia when I was looking for details about Yoda's mom.
Web 2.0 is the buzzword to rule them all. It's such a powerful idea that it quickly infected nearby institutions, giving us Business 2.0, Health 2.0, Government 2.0, and yes, Library 2.0. While each of these permutations is generally used to support whatever argument the user wanted to make in the first place, there was a significant change that came with the Web 2.0 upgrade, one that is deeply disruptive to libraries. While Web 1.0 was all about broadcast and publishing, replacing brochures, phone books, catalogs, and travel agents, Web 2.0 turned the channel upside down with the realization that content flowing up from the users is just as (if not more) valuable than the content flowing outward from the content producers.
This is a pretty big shakeup for institutions that built their value proposition on some sort of unimpeachable, impartial notion of content authority, and it can be a bitter pill to swallow for management cultures that still aren't certain if this whole Internet thing is really worth it. When you add to this well-ensconced reluctance a hearty dollop of legal murkiness and a pinch of terrifying worst-case scenarios, and stir with distant or disinterested campus or municipal legal counsel, that's a recipe for a steaming hot bowl of “We'll just stay here in the twentieth century where things make SENSE” stew. Just like Grandma used to make.
The major challenge for libraries and library staff that want to ride the Web 2.0 wave and start benefiting from user-generated content is that there is a heap of very good and very unanswered questions swirling around the edges of privacy and freedom of information on library Web presences when you let the patrons in on the act. If a patron contributes a review of a book to your site, who owns it? Who owns it if it's an awesome review you might want to use in a print ad? Who owns it if it's horrible and racist and you've got to do something about it? Who owns it if the FBI would like to know more about who posted it? Who owns it if it was actually originally written by some big shot with a small army of besuited lawyers and they want you to take it down? Who owns it if the poster has gotten death threats about what she wrote in her review and she wants you to take it down?
Most importantly, just how freaked out should libraries really be about this issue? And, if they want to answer some of these questions, where on earth do they start? While fully acknowledging that I am not remotely an attorney, I'm certainly not your attorney, and in no way is any of the following to be construed as legal advice, and that these words bear no warranties, either expressed or implied, I'd like to offer up some best- and worst-case scenarios surrounding user-generated content and twenty-first-century libraries from the perspective of a library administrator who deals with this stuff every day and hopefully give you some tools with which to soothe the flustered and encourage the timid.
Considering that most of the Copyright Act would expressly forbid many of the things that happen in libraries every day if it weren't for our old friends first sale and fair use, library staff sure do worry a lot about protecting the rights of the copyright holder at the expense of the patron. This mindset makes sense defensively for the organization's interests, but the tendency is often to err on the side of caution, which can turn library staff into overzealous copyright enforcers a little too much like the police who try to stop tourists from photographing public art because they might violate the artists’ copyright.
The question of ownership is actually relatively straightforward. According to the Copyright Act of 1978, as soon as a creator commits a creation to some tangible medium, he automatically and instantly holds the copyright for that content. While there's certainly some gray area, posting something to a website involves some actual flipping of microscopic bits of metal from pointing one way to pointing another way on some hard disk somewhere, so in practice, as soon as someone posts something to your site, he owns it. Now, there are ways for this to not be so, such as setting up terms of use or some other agreement that the user does not read but agrees to anyway that says that the library holds the copyright on anything contributed to the site, but in general, it's not a good idea to claim copyright on the contributions of your users for several reasons.
First, as we're about to explore, the worst-case scenarios here definitely play out better if the library does not hold the copyright and is not directly responsible for the contributions of the users. Most of the nightmares work out better this way. There is also a simple legal mechanism that allows the library to ensure that it is not responsible for some of the contributions of users (registering as a service provider) that we'll get to later, but the bigger issue is that libraries, as fundamental and beloved underminers of copyright through our positively socialist circulating collections, should be working to encourage and spread free and fair use, not investing in tools, techniques, and billable hours that aim to restrict the use of their Web content.
Like most of the difficult questions facing libraries in this century, it comes down to a question about the value proposition that libraries offer to their users and what models of content distribution we wish to adopt. News organizations and other periodical publishers hold tight to their copyright and need to police the use of their material to ensure that nobody's getting a free ride. This clearly is not a model that libraries should emulate: first, as you may have noticed, those industries are not transitioning to the twenty-first century all that well; and second, the value of libraries to their user communities is in access to information, not in their ability to derive income from copyrights they may hold.
A better model for libraries that want to welcome the contributions of their users is something that many libraries already have: an open bulletin board where users can post what they like and the library will tend to it as appropriate. Taking that service online doesn't really change much, but the fact that it's open to the world can make the time-honored seem foreboding and threatening.
So what's the worst that could happen, and how might a library respond if it does happen? It's worth mentioning that each of these are quite edgy edge cases, and while they certainly don't represent the realities of day-to-day management of user-contributed content, these are the types of questions that typically get fretted about when a library is considering opening its site to user contribution, and having answers to these questions up front can save many hours of meetings and probably even avoid the formations of otherwise unnecessary committees.
Let's give this complainer the benefit of the doubt and assume that this is demonstrably true. The content that a user submitted to your site appeared earlier elsewhere attributed to someone else, and someone claiming to be this someone else found the content on your site and wants you to take it down. She may be wealthy and well-armed with attorneys on retainer, or she may be just another one of those patrons who says this kind of thing every chance they get.
In this situation, the safe course of action is simply to take down the offending content. Whoever posted it apparently didn't hold the copyright to that content, and if the publishing on your site is not permitted by the copyright holder, it's infringing. While there are certainly defenses that could allow you to keep the content up, such as fair use or focusing on the fact that the contributions belong to the contributors and Ms. Stole-My-Review should take it up with them, unless the contributed content is of extremely high value or the claim of infringement is highly dubious, just taking it down is the simple solution to this scenario.
Note that if you registered as a service provider as described below, it's unlikely that you would be liable for any damages as a result of your infringement, but that, as always, doesn't mean that Ms. Stole-My-Review can't sue you for damages, which can be just as expensive. See the section Exposure and Risk below.
While it may seem that this is a no-brainer, there can be a lot more uncertainty surrounding the claim itself in this circumstance. For example, if a user tagged all of a particular author's books as “Written by a racist [expletive],” that can be relatively cut-and-dried. But if someone writes in a review that “All this guy's books STINK,” is that defamation? And what if all those books really do stink? Does that matter?
Published defamation, or libel, is serious business, but it is also a favorite battle cry of the disturbed or deluded. Avoiding liability for torts such as libel is another good reason to make it clear that the comments are the opinions of the poster, not the institution, but in many circumstances it's again wise to make some kind of response to claims like this as a show of good faith, which is important if Mr. My-Books-Do-Not-All-Stink drags you to court.
Sometimes it may be enough for the library to exercise a little editorial control when these issues come up, as it may be a particular word that's getting the complainant so fired up. Maybe he doesn't mind being called a racist, it's the expletive that bothers him. Or you could change the review to “All this guy's books [are not good in my opinion].” However, if the complainant is mad enough, this won't likely help. One thing to note whenever the library exercises editorial control is that it's important to always do so transparently to retain the trust of your users. This means make it clear that the content has been edited and why, such as appending “[edited for publication]” to the end of the review or otherwise calling out the edits. And really, is that “racist [expletive]” tag really adding any value anyway? It's certainly a reasonable response to just delete the content at issue.
However, depending on how strongly you feel about the content that's being complained about, and whether you've registered as a service provider, and how much risk your organization is willing to bear to defend the statement that all the guy's books really do stink, you can certainly just say, “Your books do stink, and we're not taking it down. Go away.” But if it ever gets to trial, you can safely assume that the judge, or the jury, wouldn't consider that a show of good faith.
What about when the users are contributing horrible, villainous, defamatory statements about the library, its staff, or its leaders? You'd better believe this one is no edge case; it happens all the time. So how is this different from libel about authors or other posters? Legally, it's not very different, but how you handle it will be far more visible to your patrons than pulling a rude tag from an inferior item would be.
It's worth considering how poorly many organizations, especially municipal bodies, typically handle public criticism online, so this is a big opportunity to differentiate the library by handling foaming vitriol with grace and aplomb. If you err on the side of letting as many comments stand as possible, editing out only the words that are really over the line with asterisks or a well-placed [ahem], always making note that the content has been edited, the library can really only gain by demonstrating its commitment to free speech and tolerance of criticism. You might even win back the black hearts of the foul-mouthed patrons who want the card catalog back or make similarly unreasonable requests.
One other aspect to consider here when trapped in a thought experiment on this issue is that often, you can count on other users of the site to rebuke the vitriol or at least disagree with it. Honest, unprovoked disagreement and defense of the library from other patrons is priceless and will turn more minds in a positive direction than could ever be negatively influenced by a diatribe.
Finally, as they always do, the critics claiming that you're violating the First Amendment if you so much as touch their filth-ridden masterpiece have a bit of a point. The library is supposed to be a haven for First Amendment expression, and it would be an attractive, high-profile case for free speech advocates if the library is caught censoring its own criticism. There's no upside to suppressing library criticism, and it is indeed on shaky political ground. Whatever PR hit the missive might initially bring can be readily canceled and even inverted by calm, cool, permissive moderation of the thread and response to the concerns, no matter how malicious, cruel, or plainly insane they might be.
Although the preceding worst cases can be pretty scary, especially when budgets are tight and legal defense funds are scarce, it's always important to have some best-case scenarios in mind to help staff and management understand the possibilities and potential of user-contributed content and what they might miss out on if they're unwilling the bear the rather remote risk of a worst case. “Because it's cool and Amazon is doing it” is not a solid foundation for a library service; here are some scenarios around ownership and copyright that show the positives of user-contributed content.
While we always worry that we'll hear “Hey! That's my grandpa! TAKE IT DOWN!” it's much more likely that allowing user-generated content will lead to more contributions, more engaged users, and better information for the library to share, especially if you're not encumbering any donated content or information with onerous license agreements or regressive copyright stances. When the Brooklyn Museum started posting its photos of the Columbian Exposition on Flickr, it quickly discovered a commenter in Seattle who was making detailed, carefully researched notes on the images and adding value to the collection far beyond the efforts of staff or local volunteers (www.flickr.com/photos/brooklyn_museum/2784217831/; see comments and tags by Rob Ketcherside).
Allowing users to post and still own their images, reviews, comments, or other content positions the library right where it's always been—as the place where a community stores its critical information. It's of high value to the community to have a trusted, permanent place to put this stuff, and while it seems right now as though commercial Web services such as Flickr are the solution to this problem, once Yahoo inevitably gives Flickr the Geocities treatment (shutting it down unceremoniously and rebuffing all attempts to preserve its content), people won't feel the same way about freely giving their precious content to corporations. Libraries are well-positioned to develop services that compete with these commercial services, provided that we outperform them on use rights, organization, and local focus. If you paint the user's rights into a corner with overly restrictive or regressive terms of use or license agreements, the library won't seem as useful in comparison to our online archival rivals.
If our most passionate users feel that the library is a safe, fair place to contribute their opinions, ratings, and reviews, a place that doesn't assert the same ownership of their speech that Amazon or Facebook does, their obsessions can lead them to provide value to the library that the library would never otherwise obtain. Allowing patrons to feel good about contributing content to the library without feeling like they're getting fleeced and resold behind the scenes can develop the library as the prime receptacle of their critical output. Completism is also a powerful force and one that libraries can harness over time by allowing the contributors to see the fruits of their labor; by telling them what percentage of a collection they've reviewed or how many patrons have requested an item after reading their review. Reviews are everywhere, but when a library collects reviews from its own community of users, many users will prize those opinions beyond anything from Kirkus or PW. Develop contributor-friendly, human-readable use policies, and your friendly neighborhood contributors will feel good about contributing.
Tagging isn't really the ownership or copyright hotbed that reviews or contributed photos might be, but it's still worth remembering how much value your patrons can add to your discovery tools if you'd just let them. And trust them. While few patrons worry about who owns their tags, if they don't show up immediately because they need to go through some approval queue, the patrons get the message immediately: you don't trust them. While we certainly know that we have some good reasons not to trust them, the reality is that the risk of really dangerous tags appearing is very low, tags are easy to clean up, and the negative impression given by a tag-approval queue is much greater than someone actually seeing an objectionable tag applied insouciantly. As you're considering the legal issues associated with user-contributed content, remember that an approval queue cannot protect you completely from a lawsuit, but it can ensure that your tagging project fails by constantly reminding your best contributors how little you trust them. Trust them and harness the power of their obsessions!
It can be depressing how lackadaisical these whippersnappers are about their privacy. We're trying to protect their right to read freely, and there they go blabbing to all of Facebook that they just checked out Living with Bursitis. It's tempting to view our position as old school and pointless, but this pendulum is likely to swing back in the 10s, and one of the biggest advantages we have as libraries is that we still care fiercely about privacy and that our users widely feel that their personal data is safe at the library.
This gets a little more complex when the users start contributing intentionally public information to the library's Web presence. Are we compromising a user's checkout history by allowing anyone on the Web to see what items that person has reviewed? Are users fully aware of how the data that the library has about them is connected and available? We don't want patrons’ library experiences to remind them of Facebook, where you know that you're exposed but not sure where or how to address it. Also, when accepting public contributions from a user, what information should and could the library store about the contributor, and what do we have to tell to who if they come asking?
Library data has certainly been a political football in this century, and it's likely that there's a turnover somewhere in the future. But, as Spiderman is always sort of saying, with great power comes great responsibility, and with sloppy grandstanding legislation comes opportunity. In all the PATRIOT Act hubbub, there was little attention paid to the fact that there were no requirements for what data libraries kept or how long they kept it . When you're talking about checkouts, there's certain data that we've always needed to keep to ensure that we could either get our stuff back or at least unleash the collection agencies, but with Web contributions, you don't generally need that stuff. This means that you don't need to require a library card number, name, or address before someone can contribute comments, tags, reviews, or photos to the library's website; what you collect is up to you. Although most patrons will choose to just use the account that's already connected to their library card number, you can bet that the cagey or paranoid ones will figure out that they can have two accounts, one to track their card use and another for contributing. It doesn't make sense to require this of patrons, but having it as an option is an excellent, straightforward way for contributors to remain private.
As far as what you should collect, it's always a good idea to collect the IP address from which a contribution came, as it can help the library to diagnose problems or track down abuse, but that isn't necessarily personally identifying information (in fact, it rarely is these days), and if you want to err on the side of maximum privacy, you could remove the IP addresses after some period of time has elapsed, say twenty-four hours or a week or a month. Other than IP address and e-mail, what more do you need to allow someone to contribute to your website? Generally, you ought to know if contributors are human or not to keep out spam, but who knows? Maybe a future law will make this kind of discrimination against digital citizens illegal.
In any case, if someone contributes something threatening, scary, or ominous to your website, and law enforcement—local, state, or federal—comes asking about it, what do you do? This is actually no scarier or newer than the situation that every library is already in, if you consider that a patron contributes checkout data to the library when they check something out. Every library should know what it plans to do when law enforcement asks for data that it holds (Call the director!), and it's no different whether they're asking about checkout history or details of a questionable post on the website. At least, it shouldn't be any different. Patron data is patron data, and information about user contributions is no more and no less important and private than checkout history.
It's easy to think that a G-man asking about posting history, or even seizing your servers because he doesn't like your answer, is a worst-case scenario. And it's pretty horrifying. But it's not as bad as keeping too much data, having lax security, and having all your patron data silently lifted from your server without anyone knowing until patrons’ credit reports start going sour … but that's more of an IT issue than a policy issue. Let's stick with the policy issues for now:
As I said above, a solid response to this is “Let me get you in touch with the director.” But the situation you want to avoid from a policy perspective is “We know, but we're not going to tell you.” That can lead to a court order to seize your servers instead of a court order for you to release the data. Your library should have a policy, procedure, or understanding about what to do when law enforcement shows up with questions, and the source of the data shouldn't matter. If people worry that allowing user-contributed content would increase the likelihood of this scenario, well, so does running a library. The only way to avoid this risk is to close up!
The real front on privacy at the library is the data that we don't control, and many systems that facilitate user-contributed content keep the data on company servers far outside your library's sphere of policy influence. Agent Smith doesn't even need to harangue the folks at the circ desk if he can just go right to Google or your vendor or some other party that doesn't have a library's commitment to privacy but has the information he needs. If you host your library blog on Blogspot or WordPress.org or TypePad or anywhere other than your own servers, the fact is that you're not in control of access to that data, no matter what the vendor says. And remember that any page you add Google Analytics code to will have the details of every subsequent access stored on a server somewhere under Google's control. Although there may not have been problems yet, that's generally because the boundaries haven't yet been pushed. There are lots of good reasons to keep Web services in house, but control over privacy and access is by far the best reason to keep this data close.
It's always a challenge to handle paranoid delusional patrons. It's even harder when they know a bit about what they're talking about and you can't really reassure them that their personal data is safe. Having a board-approved privacy policy that covers what is kept and under what circumstances it can be divulged is a good idea, although it can arouse more suspicion than it dispels if it's too specific about circumstances of release. Maintaining the trust of the community is critical for twenty-first-century libraries, and that starts with transparent and sustainable privacy policies.
Done carefully and thoughtfully, a library's position on the privacy of its patrons can set a community standard for how such things should be handled, and the privacy of their interactions with the library can be an important part of the library's value proposition.
Although few patrons yet look at things so defensively, libraries again have an opportunity to differentiate themselves from other community organizations by being upfront, straightforward, and progressive about the privacy of its patrons, as we've always been. As users begin to contribute publicly to the library, ensure that they are in control of what is exposed and what is protected, and always make new services opt-in. One of the challenges of the library is that for every patron who desperately wants to keep data secret, there's another patron who would very much like to share that data with friends or the world. Don't pull a Facebook; make the privacy controls and policies simple and err on the side of privacy, and the public will trust that their contributions to the library are in good hands.
The flip side of allowing people to opt in to use the services they want and expose the data they want to expose is that when you make it clear what opting in means, the more paranoid patrons can just not opt in or use those services and keep their account as private as possible. This seems straightforward, but getting it right can be tricky when you're making design decisions from a position of fully understanding all the library's services and options. It's a good idea to make it as clear as possible; for example, putting “Turning this on will expose your username and any reviews you submit to the Web. You can always turn it off later from this page” right under the button to opt in is a good idea. On the gripping hand, you don't want to be one of those libraries that have contradictory, overly wordy signage everywhere, even on their website, and you want to make sure that the user experience of your website doesn't become a barrage of warnings. Like anything else at a library, it's about finding a balance between the right amount of information for the casual user and for the concerned user.
When you've earned the trust of your users, you can roll out new features that anonymously leverage the data you've collected to provide high-value new services without your users immediately assuming you're up to no good. For example, it's possible, without compromising the privacy of the involved users, to compare the checkout histories of multiple users to show users that other people who checked out an item also checked out another item. If users always opt in for services more on the edge of privacy issues, and if you make it clear what they're signing up for, there are opportunities to get some really great data and develop helpful services without the patrons feeling like they're being used. Again, this depends on a policy framework that includes a privacy policy, opt-in procedures, and terms of use that are readable and accessible to users; no easy task!
Navigating the twenty-first century is no easy task for libraries. It's difficult to know what to do next, what's most important, where the risk to the organization is acceptable, and where it's unacceptable. Part of assessing the risk of a new idea is assessing the legal exposure that is related to the idea, but too often, the line between exposure and risk is blurred to the point where any exposure is considered risk. It's true that exposure can be risky, but simply put, not all legal exposure is risk, and when the place of libraries in our society is as tenuous as it is at this moment, it's critical to understand the difference between exposure and risk when determining what to do next. A big part of the responsibility for making this distinction is borne by your legal counsel. A good attorney will be able to tell you with a reasonable degree of certainty where the legal exposure is for your organization as you consider services that include user-contributed content. A great attorney will also give you an opinion on what degree of risk is associated with that exposure. While we don't all get to choose our counsel, especially on campuses or as a part of a county or other parent entity, sometimes just asking separately about the exposure and the risk associated with a new idea can help illuminate the way forward.
For example, consider the earlier scenario of the plagiarized review. If you distributed an infringing review via your website, even for a minute, and even if you took it down, there can technically be exposure and potential for a damage award. However, there is very little risk of an actual suit, because even if the complainant is fully lawyered up, the lawyers will likely start with a cease-and-desist letter, and if you honor it, the matter is likely closed. So when you allow users to post reviews, there is conceivably some exposure if a user posts infringing content. But there may be very little risk of a suit, a trial, and an award if you are responsive to complaints.
The flip side of this is that the lawyers may not send a cease-and-desist letter; they may just sue. However, anybody can sue your library over anything for any reason. It's not hard. This turns around the risk calculus when you consider that quite simply, there is not a single solitary thing that a library can do for which it is safe from litigation. Because litigation is expensive on any scale, through this lens there is risk everywhere, in every single action.
The other complicating factor is that many of the issues surrounding user-contributed content haven't had their landmark cases yet. They haven't been tried, so no one really knows with complete certainty where the exposure is and where it isn't. There are some hot spots, sure, but only twentieth-century libraries can avoid these issues completely. And even they can get sued, whenever, for anything!
So when developing new services, or when you're just trying to get your library to do what many other libraries are already doing, it's important to assess both the exposure of the new service and the risk of the new service to be sure that the two aren't being conflated into one big fat NO. In addition, it's worth remembering that there are ways to limit the library's exposure, such as the service provider registration or terms of use that require the contributor to indemnify the library against litigation and damages. Those methods can shield the library's assets from predatory litigation and decrease the financial exposure, but the risk of facing a suit isn't really any different, and the PR cost of a suit that breaks the wrong way, even if it's not costing the library money, can be huge.
So, while remembering my disclaimers about my nonattorneyness and this not being legal advice, when you're working to build consensus around a new service that is perceived as legally risky, try separating the exposure and then planning responses to potential complaints that would mitigate the risk of damages or a case going to trial. Think, “If we get a C&D, we'll just take it down,” or “We'll make a good faith effort to determine the ownership of the image if it is in question,” as such approaches can make a big difference if things ever get ugly.
Also, don't forget, the chance of things ever getting ugly like this is really pretty low in the first place. Libraries aren't often perceived as having deep pockets, and fair use casts a wide net of protection over a library's use of copyrighted material that makes pursuing infringement by a library a pretty long shot with a fairly poisonous PR landscape; suing a library is fortunately still not a very popular thing to do.
Let's hope you never have to face these, but the reality is that the risk of litigation is simply part of doing business as a library, and a lawsuit, even one that goes to trial, is not the end of the world, although you'll probably wish it were.
Nasty things will eventually get said in any online forum. How you handle this situation will impact both the exposure and the risk of accepting user-contributed content; something as simple as a Report This Post button can make it clear to users, attorneys, and judges that there is a mechanism for dealing with content that is undesirable. It's also standard for complaints to begin with an actual complaint or cease-and-desist letter; that will give you a chance to respond to the complaint by taking down or editing the post before a suit is filed. Complainants who don't first give you a chance to resolve the issue before filing suit aren't acting in very good faith, but that doesn't mean they can't file a suit. But the judge probably won't like it too much.
The other way to handle this risk is to monitor or moderate contributions more proactively, but considering the low level of risk associated with someone talking trash on the library's website, it's unlikely that heavy monitoring would be worth the hassle, expense, or distrustful message that it sends to users. The bottom line is that this can happen, but it's unlikely, and if it does, you'll probably get a chance to fix it before things get out of hand. That should be a reasonable risk considering the potential value that your users can contribute to the site.
Again, this one is fairly unlikely (What kind of a loser goes around stealing Kirkus reviews and passing them off as her own on library websites?) and is likely subject to all the same opportunities to resolve as the above, with one additional bonus: fair use. Fair use is not protection against a claim of infringement against a library, but it is very effective protection against a judgment of infringement by a library, and therefore a powerful deterrent against suing a library for copyright infringement. But again, we don't want to do this on purpose, so if it comes to your attention, plan to resolve it and move on. If it's so rewarding to post on your website that users are actually plagiarizing to get content worthy to post, then you are doing great!
Okay, this is a scary one. Don't do it! There's a much stronger argument here that the damage is done once it's done and that no cease-and-desist response can remediate it, and this is a very gray area, so it's hard to know what will happen. Fortunately, the types who are throwing up unlikely risky scenarios in an attempt to make your project go away probably won't think of this one. However, it's another good reason to have a solid privacy policy, your data under your control, and strong security to make sure this doesn't happen. On the flip side, in most cases it will be difficult to establish damages, which again won't protect you from a suit being filed, but will probably limit the risk of what is already a very unlikely occurrence.
If you're already involved in litigation, it may seem like there is no best-case scenario as the billable hours mount up. But if you had your ducks in a row in the first place, responded to early complaints, and have a policy backing up your actions, the risk of a big loss can be pretty low. Another way of looking at these situations is that your case might wind up establishing a precedent that makes further pursuit of similar claims much less likely. So get out there and take one for the team!
There are a lot of reasons for a case not to reach trial. If you've registered as a service provider, your liability for copyright infringement claims is limited, and that can be enough. If you acted in good faith or the plaintiff failed to act in good faith, that can be enough. But if it gets this far, you want to have had the policy established in advance, have acted in good faith, and have the attorneys with the knowledge and skills to make it go away as soon as possible.
If someone really wants to sue your library over some user-contributed content, he's going to. But if he is going to get a skilled attorney to help him, he'll probably need either a case or some money. Because the likelihood of bad things happening on your library website is relatively low, and you've got the policy and the good faith (right?), someone who is just angry may have a hard time finding someone who thinks he has a case. Of course, if he has deep pockets, or even just pockets, it may not matter if he has a case or not; he can get his fancy attorney uncle to file papers for him, and the law allows anyone to sue anyone for anything!
Of course it happens, but nobody likes to see libraries get beat up! Random angry and offensive Internet posters might not care about this, but if you're worried about unintentionally crossing some Gigantic Megacorp Inc. and having its expensively suited in-house counsel serve papers on you without so much as a letter telling you what the problem is first, well, the risk of that happening is very low. Libraries are less threatening to corporations than ever, and even if the legal department says they have a case, the PR department will likely say, “Are you insane?”
As the twenty-first century continues to unfold, libraries are thinking a lot about copyright and fair use and first sale and all that stuff, but the real action, and the real threats to the status quo, lie in binding language that is not contained in the copyright code at all: the license agreements that are attached to e-books or software and the terms of use that are ignored by website users of all levels of paranoia. For example, there are libraries that are circulating Kindles loaded with books. It's pretty clear that the Kindle terms of use don't allow that sort of thing, but that makes it actionable, not illegal. So will Amazon pursue this? Most likely not while only a handful of libraries are doing it, but if the practice spreads, who knows? The courts have found that “clickwrap” licenses, like the ones everybody clicks right past several times a day on the Web, are binding and enforceable, and do you know how many of those your library has agreed to, or that your patrons are agreeing to, right this very moment? Me neither, but I bet if you tried to make a conservative estimate of the potential legal liability being taken on each day at a busy library, you would run screaming to yank the Internet plug right out of the wall.
So, there are two ways of looking at this complexity and risk that our organizations tolerate each day. One is to set all the risk of doing new things as the cost of doing business, dwarfed by the complexity of still-cooking Web law, and that if you're going to not do things because there is some risk and uncertainty involved, well, you won't be doing anything anytime ever. The other approach is to use these dark instruments to become part of the legal background radiation of twenty-first-century life and have some more substantial legal infrastructure behind the library's exposures to help everybody involved be a little more comfortable with scary things like blog comments and online photos. The one caution here, as before, is to be aware that special place that libraries hold in many patrons’ hearts and to step outside that place only with very solid reason; many people see clickthrough End User License Agreements (EULAs) as just another way that the corporations will getcha and one that we are all powerless to resist or change, but that doesn't mean that they'll tolerate their library behaving that way.
While the legal powers of the twenty-first century can appear to be forming up on the other side of the battle lines from a library's perspective, every once in a while we can find ourselves on the side of some major players, and their ability to get what they want out of government can rub off on us a bit. An excellent example of this is the provision in the 1998 Digital Millennium Copyright Act (DMCA) that limits an online service provider's liability for copyright infringement by its users if it has designated an agent to handle any claims that might arise. While the law predates YouTube, YouTube is the best example of why this mechanism was put in place; if YouTube was on the hook for infringing content that people uploaded to YouTube, well, there would be no YouTube.
Because an online service provider is defined as a provider of online services (tautology much?) and libraries provide online services, this means that a library can fill out the shockingly straightforward Interim Designation of Agent to Receive Notification of Claimed Infringement form, pay $105, and designate itself as its own agent to handle copyright claims arising from content posted by users to the websites it operates. In return, the registered online service provider's liability for copyright infringement by its users is significantly limited. Not eliminated, but it's a safe bet that it's more than $105 worth of liability that will be limited.
U.S. Copyright Office Online Service Provider Registration
Note that this does not shield the library from other damages that could be pursued as a result of user contributions; you're still on the hook for libel or other torts, but when you consider that copyright infringement is a big piece of the liability out there on the Web, this simple action can put a lot of comfort and surety behind a new initiative.
In addition to the service provider's protection from copyright infringement claims, your library's Web products can have binding terms of use posted at the bottom of every page, where users can safely ignore them, or on the user registration form, where users can obliviously click past them, or on the Content Submit page, where users will check whatever checkboxes you tell them to. These terms of use can be used essentially to get the user to agree to whatever you want or need for people involved to feel that the risk has been mitigated. For example, your terms of use could specify that by contributing content to this website, the user agrees to defend and indemnify the library against any and all claims arising from the content they post, including payment of any attorneys’ fees that may be required. Who would agree to that, right? Bought anything from iTunes lately?
Or, your terms of use could specify that anything a user contributes to the site permanently becomes the sole property of the library, its heirs and assigns, and so on. Who would agree to that? It's crazy! Posted anything to Facebook or Twitter lately?
Or your terms of use could specify that anything a user contributes to the site will be released to the Web under a Creative Commons Noncommercial Attribution license, meaning that anyone anywhere will be able to reuse that content, with attribution, for any noncommercial purpose, without specific permission. Sounds great, right? Except that noncommercial doesn't necessarily mean nice, respectful, or positive. Downloading a photo of Grandpa and adding a Hitler mustache and reuploading it is completely noncommercial and is easily attributed, and now you can't even use a trumped-up copyright infringement claim to take it down.
Again, with great power comes great responsibility. Terms of use are a tried-and-true way of binding the actions of your users to certain conditions. You just need to decide what those conditions are. You could claim ownership of everything they post to make sure that your investment in obtaining it cannot be easily eroded. You could make sure that the library is not on the financial hook in most legal situations (but don't forget that anyone can be sued by anyone for anything), or you could strike another of those tricky balances between protecting the interests of the library and helping patrons to see a model of progressive, patron-oriented use rights that have a reason for existence beyond protecting the library.
It used to be that unless you were a professional content creator, you had relatively little day-to-day interaction with copyright in any form. But here in the twenty-first century, everybody brushes up against copyright law and practice multiple times per day with unpredictable consequences. In addition, now that anyone can be a professional content creator (no sniggering please), you've got people who believe that they should be paid anytime someone looks at something they wrote, but who are also completely comfortable helping themselves to professionally produced movies or music for free. It's a recipe for some angry library patrons, such as the following situations:
Just because people click through countless EULAs every day doesn't mean they like it when their library hits them with one. We all know libraries are often held to a different standard, for good or ill, and it's much more likely that patrons would throw up their hands when confronted with an unreadable EULA when trying to register or contribute at the library, especially because few libraries would be likely to play the usability tricks with EULAs that corporate websites do all the time, like a login button labeled “I agree to these terms” or other perfectly legal but not very user-oriented obfuscations.
It's an unfortunate fact that patrons often expect a certain amount of rigmarole from the library in order to gain access. It's the Ghost of Librarianship Past, and unfortunately Present and even Future, and it's got decades of life left in it. That's why you should carefully consider how, when, and where your terms of use are presented to the user to make sure that you strike a balance between informed consent and the Web user's tendency to find the minimum allowable number of clicks to get what they want.
In this age of transition, there are a lot of conflicting ideas out there about how content should behave on the Web. One generation is big into information that wants to be free, while their parents and grandparents would still prefer that nobody steals from them, especially information. This makes for a unique tension between the desire to share and the desire to control. You may have patrons who are happy to share their video if you can promise them than nobody will ever do anything inappropriate with it. That's not a promise you can realistically make with content on the open Web, even if you wanted to, and you don't want to. Sometimes just the act of reading through comprehensive terms of use can put highly unlikely nightmare scenarios into heads that never would have thought of those things otherwise, leading to anxiety and a fight-or-flight response, and really, you don't want your patrons having to decide whether they should fight your terms of use or run from them. If you hit them with the legalese at the wrong time, in the wrong way, like every time they go to upload something, you increase the risk of their souring on the whole endeavor or drive them to harangue your staff or board in pursuit of impossible promises (like nothing bad will ever happen) before they'll give you content that you'd really like to have!
The last thing you want to do is prompt scrutiny of your terms of use in a way that leads your patrons to finally realize the kinds of crazy things they've been agreeing to when they agree to those things. Boilerplate can be ominously unintelligible at best and horrifically out-to-get-you at worst. It's likely that many of your patrons would be shocked by some of the things your attorney expects them to agree to if the things were clearly explained. With overly broad or overly unreadable terms of use, you run the risk of someone trying to puzzle them out to disastrous effect. Again, a balance between ironclad contract language and something more like an executive summary of what the contributor is agreeing to is needed to prevent your project from missing out on some great contributions just because the contributor has access to questionable free legal advice.
So given all those ways your implementation of terms of use can go wrong, and combined with the ever-present fact that bears repeating that anybody can sue anybody for anything, what's the case for solid terms of use? What's there for the library to gain if anybody actually agrees to them? Of course they're going to agree to them; it's just another legally binding checkbox, right?
With the best of intentions, libraries have managed to reinforce the rights of the copyright holders over and over and over again at the expense of the user's rights under fair use or otherwise; this has helped to create a expectation that something on the Web, even on the website of a public library, is ferociously defended and if you plan to use it in any way, you'd better have express written permission. If you put your terms of use together right, you can reset both the contributor's expectations and the consumer's use rights to the mutual benefit of all involved. This means that you could put on your image gallery webpages, instead of a list of prohibited uses, a list of allowed uses that includes most of the things people usually want to do with things they get at the library. For example, there are many reasons that kids doing a report can legitimately use an image from the Web, and yet all kinds of otherwise respectable grownups tell the kids they'd better get an answer from someone at the Smithsonian before they impact the commercial potential of that photo of a old bicycle by using it in their eighth grade term paper. The library's approach to use rights can be a key differentiator between the library's Web presence and commercial alternatives; don't miss the opportunity to make this clear with uniform, permissive noncommercial use rights for content your users contribute, backed up by your terms of use!
The strongest reason to do this and do it right is because it can really save you if the library does find itself heading to court over a user contribution. If it says in your terms of use that by using your site, the user agrees that all content contributed by users of the site is the property and opinion of the contributor and in no way represents the views of your organization, its staff, board, regents, mascots, heirs and assigns, and so on, the guy who wants to sue the library because the library said in a patron review that his book stinks has much less of a case. Again, that doesn't mean he can't sue you. It just makes it less likely that he'll win, which means it's less likely to happen.
Similarly, if someone decides to sue the library because something she uploaded to the library was later misused by someone else, your terms of use could make it clear that the library is not responsible for that or even require that the submitter waive the right to sue over something like that. Again, that does not mean that she can't sue you for it. It just means it won't get very far if you can produce evidence that she agreed to a covenant not to sue you over it.
The reality (call it fortunate or unfortunate, depending on your perspective on such things) is that our twenty-first-century audiences are getting a lot more sophisticated about this kind of stuff. While this may mean that they have some unrealistic ideas here and there, it also means that the notion of the public domain or other bodies of content that are free and easy to use is a popular idea that's growing by leaps and bounds. This is a clear opportunity for the library to position itself in opposition to the draconian use rights of most commercial content and be a part of the Open Web.
Creative Commons is a big, great idea that's been wholeheartedly embraced by the growing, influential Creative Class, and as more teachers, librarians, and creators are becoming comfortable with it and all the things you don't have to worry about when you use Creative Commons licenses, it's growing into a body of content that is as free and easy to use as we wished everything was. What better value proposition for a library to offer to its twenty-first-century users than a bunch of stuff, by and about their own community, that is free for them to use in most ways? It's really what we've been doing for decades, taking things and making them easier to access. In creating your terms of use, you have a chance to position the library as leading the way towards a future of flexible, usable, no-hassle information, and that's a critical value to establish to users who have other options.
Here's the healthiest way to look at this big pile of complexity and its attendant worry: A public website is like a public bathroom, and sooner or later, somebody's going to make a mess on the floor. Another patron might see it and be horrified. A prominent politician might see it and be noisily scandalized. Someone might even claim to have been injured by it. But the reality is that there is no 100 percent effective way to ensure that nobody every makes a mess on the floor, or that nobody ever sees it, or is scandalized by it, or steps in it. It's going to happen someday as a part of being public.
And when it does, any time spent on mess-proofing, mess-detection squads, the mess avoidance committee, or the mess remediation policy won't have helped you. It happened; clean it up and move on. Policies can't keep things from happening, and not even bathroom terms of use, under which, by entering the stall, the user agrees to place any deposits solely in the provided receptacle, will keep that mess off the floor.
Viewed through this lens, your policies and procedures are not about prevention, but about recovery; detailing not what should and should not happen, but how the organization will react not if, but when it does happen. Most policy is anxiety avoidance; good policy plots a course out of anxiety.
Remember, anyone can make a mess on anything for any reason. But having some reasonable expectations in advance about where the mess normally gets made and what might happen can help your organization—not to prevent the mess from coming, but from being paralyzed by the worry that a mess might be made. We also need to remember that people have been messing up libraries for as long as there have been libraries, and this isn't some brave new unprecedented world of things where a mess can be made; it's just the next frontier for the same old mess.
Libraries can no longer trade on their authority. Whether we know more than our patrons or not, that is no longer something most people hope to find at the library. It's critical for twenty-first-century libraries to embrace the opportunities that user-contributed content offers, for they can give us more than we could ever create ourselves, and while much of it may be rough, there are diamonds in that rough that we would never find even if we went looking in the closets and attics of our communities.
The catch, as ever, is to strike a balance between meeting the expectations of the modern Web user, assuring the administration that the library is carefully exercising stewardship of its resources, and assuaging the fears of counsel and other risk managers by illustrating how much of this risk the library has been bearing for decades without incident. It's not easy, but it can be done, and hopefully the above has illustrated a route to reach compromise.
The world is changing. Jetpacks are just around the corner, I'm sure of it. Opportunity is everywhere, and while it's not without exposure, not all exposure is additional risk, especially when anyone can sue anyone for anything. As content, media, and copyright continue to be transformed by the information revolution, libraries are hanging on a precipice; this is no time to get hung up on the edge cases.
Article Categories:
|
Refbacks
- There are currently no refbacks.
Published by ALA TechSource, an imprint of the American Library Association.
Copyright Statement | ALA Privacy Policy