Category: Digital Law

Posted on

When is a Remix no longer a Remix?

As many of you may know, I’m a big supporter of Creative Commons and the ideals of open sharing. I publish most of my stuff under a CC licence, usually BY-SA, because I think sharing is important and I believe that the world is a better place if we allow others to build on what we do (in the same way that I often build on the influences of others).

So, a while back I published a couple of things to the OER Commons; a site where teachers can upload and freely share their educational resources with others. The general idea is that if you publish to OER Commons, anyone can take your work and remix it and build upon it to create a version for their own individualised use. For busy teachers who all too often find themselves “reinventing the wheel” in the creation of their own teaching resources, it’s a brilliant concept. You can also attach metadata to the resources you share to make them more searchable, and even map them to the US Common Core standards if you wish. If someone finds your work useful, but wants to make slight changes, the site provides the option to remix the work, connecting the new work with the old work via metadata. Like I said, it’s a brilliant concept.

One of the resources I published to the OER Commons was a worksheet called “What Rights, where?” which aims to be a guide on how to select the appropriate Creative Commons license for a piece of creative work. It links to a Google Doc which suggests a range of scenarios and asks the user to think about which of the CC attributes might be most appropriate for the circumstances.

I got an email the other day informing me that another OER Commons user, Binod Deka, had made a remix of my What Rights, where? worksheet. I was pleased to think that someone liked it and might have found it useful enough to remix it for their own needs. After all, that’s the whole point of OER Commons.

Of course, I was also curious as to what changes he might have made to it, so I took a look at his version to see what was different. You can see his version here. The weird thing is that, from what I can see, it bears absolutely no resemblance to my original. His seems to have just removed 100% of the content that I provided, and he has replaced it with a plagiarised cut and paste of information from the Wikipedia definition of what Rights are. It’s a related idea I suppose, but completely disconnected from my original work.

I suppose it’s one of the risks you take when you share openly, that you have to trust that people building upon your work won’t destroy more than they create. While I’m glad to see my work getting used, I’m not too thrilled about the idea that his work of plagiarism from Wikipedia purports to be a remix of something of mine. I don’t think it was done with malice or any ill-intent, but it’s a bit annoying. It’s also a bit ironic that the work that gets credited as the source (mine) gets cited with a remix link, and the work that is actually used in the remix (from Wikipedia) is not cited at all.

I like the term “remix” because it implicitly suggests that the original work should still be somewhat evident in the new work. A remix is not designed to completely mask the original work in the same way that students are taught to hide their original sources lest they risk an accusation of plagiarism. I have no issue with someone remixing my work, but I’m perplexed by the idea of my work not being even remotely evident in the remix.

All of this got me thinking… At what point is a remix no longer a remix? For that matter, when does plagiarism cease to be plagiarism? And how much originality needs to added to an idea of influence before you can legitimately consider it to be a new work?

As always, your thoughts are valued in the comments…

Featured Image: Acrylic Paint from Wikipedia

Posted on

Should I Trust The Cloud?

https://www.flickr.com/photos/dherholz/450303689/

I received an email recently from a colleague asking about data sovereignty, and in particular asking about how schools deal with the  need to store all personal data on Australian servers to be compliant with the law. This was my reply…

When deciding whether to do a thing – any thing – you need to assess the relative risk. There is NOTHING that can have it’s risk mitigated to zero. So while we can have debates about the security of the cloud, the fact is that ANY service is generally only as safe as the password that protects it. It’s far simpler to socially engineer your way into a system than to hack it, and it’s easier to follow someone through an open doorway before the door shuts than to crack the lock. There are security risks involved with every system.

What makes you think that data saved on a server that happens to be geographically located on Australian soil is any safer than data on a server located on the other side of some imaginary geographical dividing line? What policies make Australian servers impervious to security issues?  What is it about Australian passwords that are safer than non-Australian passwords?

It’s interesting that whenever I hear the security argument from someone, I ask them whether they use 2-factor authentication on their online accounts. The answer is almost invariably never. I find it hard to take someone seriously when they bleat about security and yet do nothing to secure their own stuff using the safest and simplest technology we have available; 2 factor authentication.

I also find it amusing that these same people who bang on about not trusting the cloud, also almost always have a bank account. When I ask them where their money is stored, they say “in the bank”. When I ask where is it actually stored, they have no idea. They don’t know where their money – or the digital records that define the concept of money – is actually stored. They never stop to consider than when they go to an ATM and withdraw $50, it’s not the same $50 note that they actually put into the bank. There is no magical shoebox under the bank’s bed that stores their actual money… it’s all just computer records, kept on a server, somewhere, and I guarantee that they have no idea where that somewhere is.

That’s why the debate about whether we should be allowing our data to be stored offshore is such a laughable concept. It shows a real lack of understanding about the way the Internet actually works.

The truth is, it doesn’t matter WHERE your data is stored. What matters is WHO is storing it, and whether you trust them with it. I’d rather trust my data to major cloud provider offshore who offer privacy policies that I trust, along with strongly encrypted and sharded data storage techniques, virtual and physical security over their datacentres, and a proven track record of doing the cloud right, than to some minor player in the cloud storage space just because they happen to have servers in Australia.

I’m also not a lawyer.  However, I’ve done enough research into the Australian data sovereignty laws to feel satisfied that I’m interpreting them the right way. And contrary to all the Fear, Uncertainty and Doubt being spread around regarding these laws, they do NOT say that cloud services cannot be used unless the servers are in Australia. What they say is that the cloud service USER – that’s you – needs to feel satisfied that the cloud service PROVIDER is offering a service that meets your expectations of safety, security, privacy and redundancy.  If you do your due diligence, and come to the conclusion that you’re satisfied with your cloud service provider is giving you a level of service you can trust, then you are free to use it and in turn offer it to your users. If you don’t believe they are offering this level of service, then don’t use them. It’s as simple as that.

Your choice will never be able to come with a 100% guarantee. Nothing does. But if you do your research carefully and make your choices well, the chances are as good as they will ever be that you have made the right decision. The cloud offers amazing possibilities, and I’m completely convinced it IS the future of computing. I’m all in on the cloud as the platform.

To me, there is really only one obvious choice in picking a cloud provider. You want someone whose entire infrastructure is built for the cloud, whose entire business model is built on doing it right, managing data with security and integrity and maintaining the trust of their users. I’m not mentioning names because I’m sure you can make your own decisions about who you trust and how well they do this cloud thing.

What I don’t want to do is to place my data with a cloud provider who is still playing catchup, whose cloud infrastructure run on legacy platforms that were never built for the cloud, and whose business practices in slagging their competition I find completely distasteful.

I don’t care where their servers are located.

Header image by Dave Herholz – CC BY-SA

Posted on

Lessons in Creative Commons, Part 2

Here’s the follow-up from my last post about the copyright claim that YouTube made on a video I made using a Creative Commons soundtrack. You can read the previous post for the start of the story if you’re interested.

Since then, I’ve had conversations with several people about the issue. One was Jeff Price, the CEO of Audiam. Audiam was listed by YouTube as the entity responsible for policing the claim. Audiam is a service that musicians can use to track the use of their music in YouTube, although I think they also monitor Spotify and a few other streaming services as well. Basically, when a musician signs up to use Audiam’s services they upload a sample of their music which gets passed on to YouTube and fingerprinted. Fingerprinting is a process whereby the track can be compared against existing tracks to see if it matches, thereby identifying the copyright status of the music. If a match is made, YouTube flags it as a copyright violation and that was the problem I was having. It’s all done algorithmically of course, there are no actual people involved in the process, and in principle it’s a great idea.

My contention was that the track in question was a Creative Commons licensed track and therefore had been incorrectly identified by the system, so I appealed the infringement claim by YouTube/Audiam.

I had a few back and forth exchanges with Jeff Price about the problem. While we probably didn’t quite see eye to eye on everything, overall I thought it was a productive conversation. I was impressed and thankful that Jeff took the time to engage in the debate with me, although in the end, I didn’t feel that anything was really resolved. Basically, Jeff insisted that if I wanted to track to be released from the copyright claim I had to contact the musician and get them to ask Audiam to exempt my use of it. My argument was that a Creative Commons license was designed to avoid the need to do this and that it already grants that permission in advance. Jeff didn’t contradict me on this point, he just insisted that I either buy a license or get an exemption.

The most informative exchange I had was with the actual musician who created the piece, a guy called Enrique Molano. It took a bit of online detective work to find out who was responsible for the track but I eventually connected with Enrique through LinkedIn, where I discussed the issue with him. And that’s where it got interesting…

So here’s the lesson part of the story.

Enrique replied, very nicely, with a link to a support thread from Jamendo that contained the following information…

(No Derivatives is) the most misunderstood paragraph of the CC license. People think that as long as they don’t cut or trim the music, they can use it for their videos, but this is not true. Music with ND attribute is for listening only. You can make unlimited copies of it on various mediums, include it in playlists and compilations, embed it on websites, use it as music on hold or business background music, but you can’t use it as soundtrack for videos, games, audiobooks, presentations, etc. As the legal code says:

“(you can) make such modifications as are technically necessary
to exercise the rights in other media and formats, but otherwise
you have no rights to make Adaptations.”

People often argue that using an unaltered song as a soundtrack to a video does not make the video a derivative work, because the song itself is not recast or transformed in any way. That’s where “Don’t build upon this work” takes place. Coupling the music with additional content such as images, audio, or motion picture, is considered “building upon”. The legal code is very explicit about it:

“For the avoidance of doubt, where the Work is a musical work,
performance or phonogram, the synchronization of the Work in
timed-relation with a moving image (“synching”) will be considered
an Adaptation for the purpose of this License.”

Thus, as far as No Derivatives licenses are concerned, videos that use an ND-licensed song violate the terms of the license.

Say what?! I use Creative Commons a lot, and this is certainly not what I’ve been led to believe. I’m guessing that many of you may have also been under the same misconception. I’ve always understood that the No Derivs component of a Creative Commons license means that you can’t remix, change or edit the music, but I never realised that limitation extended to using the track, unchanged, as a soundtrack. But apparently this IS the case. Using a CC license with an ND property means you are NOT allowed to build upon the work, including using it as a soundtrack to a video.

The fact is, putting a CC BY-ND-NC license on a piece of work is just about as restrictive as leaving a full Copyright license on it. You still can’t really use it for anything without permission or paying.

While I feel a bit foolish not knowing about this detail of the ND license, I’m apparently not the only one. In his email to me, Enrique said “Sorry about the inconvenience. We’ve got about 200 claims from Audiam, apparently all of them under the same confusion.”  I don’t like being wrong but I am glad that this little journey taught me some things that I didn’t know. Engaging in the conversation with Jeff Price was interesting and useful (although we could have avoided a lot of our back and forth had he simply pointed out that an ND track can’t be used as a soundtrack under the terms of the CC license). I’m thankful that Enrique eventually pointed it out, and that caused me to delve into a whole lot more background reading about Creative Commons, including re-reading the actual legal code in these licenses. I also learned there are significant wording changes between CC v3.0 and CC v4.0.

But at the end of it all, I learned the bottom line. If you want to use Creative Commons music with an intention of including it in a video, even if you don’t modify or remix the actual music track itself, DON’T use a license that includes the ND property.

If you produce content and your intention is to share it, and if you want to provide others with the necessary permissions to build upon your work, stick to one of the “Culturally Free” licenses, either CC BY, or CC BY-SA.  Even a well intentioned use of No Derivs (or even Non Commercial) just causes a whole lot of headaches for those who want to legitimately build upon your work.

Featured image “I love to share” from  Creative Commons HQ on Flickr