Friday, November 09, 2012

Apple's telling off by UK Court of Appeal

The Rt Hon. Professor Sir (formally Lord Justice) Robin Jacob's polite lambasting of Apple last week is now available in full at Bailli, Neutral Citation Number: [2012] EWCA Civ 1430; Case No: A3/2012/1845. It's a fun read, particularly paragraphs 18 to 32 which I hope the Rt Hon judge won't mind me reproducing here in their entirety.
"         My conclusions as regards the Contested Notice
  1. Mr Michael Beloff QC for Apple submitted that Apple could not be held responsible for inaccurate reporting by journalists. But it can, if it contributed to that inaccuracy by inaccurate statements and false innuendo in the Contested Notice as I consider it did.

  2. For I accept all of Samsung's contentions. Firstly I do not consider it was open to Apple to add matter in the middle of the notice we ordered to be published. A notice with such matter is simply not the notice ordered.
  3. Even if that were not so, it cannot be legitimate to break up the ordered notice with false material. And the matter added was indeed false. Before introducing the quotes from HHJ Birss it begins:
  4. In the ruling, the judge made several important points comparing the designs of the Apple and Samsung products.
    But the Judge was not comparing "the Apple and Samsung products." There is not and has never been any Apple product in accordance with the registered design. Apple's statement would clearly be taken by ordinary readers and journalists to be a reference to a real Apple product, the iPad. By this statement Apple was fostering the false notion that the case was about the iPad. And that the Samsung product was "not as cool" as the iPad.

  5. I turn to the last paragraph. I do not think the order as made precluded any addition to the required notice if that addition had been true and did not undermine the effect of the required notice. But I do consider that adding false and misleading material was illegitimate. For by adding such material the context of the required notice is altered so that it will be understood differently.

  6. Here what Apple added was false and misleading. I turn to analyse it. The first sentence reads:
  7. However, in a case tried in Germany regarding the same patent, the court found that Samsung engaged in unfair competition by copying the iPad design.
    That is false in the following ways:
    (a) "Regarding the same patent." No patent of any kind has been involved in Germany or here, still less "the same patent."
    (b) As regards the Community Registered Design, the German Courts held that neither the Galaxy 10.1 nor the 8.9 infringed it. As to the 7.7 there was for a short while a German provisional order holding that it infringed. Whether there was a jurisdiction to make that order is very doubtful for the reasons given in my earlier judgment but in any event the order had been (or should have been) discharged by the time the Contested Notice was published.
    (c) There is a finding and injunction, limited to Germany alone, that the 10.1 and 8.9 infringe German unfair competition law. But the statement is likely to be read as of more general application.

  8. The second sentence reads:
  9. A U.S. jury also found Samsung guilty of infringing on Apple's design and utility patents, awarding over one billion U.S. dollars in damages to Apple Inc.
    That is misleading by omission. For the US jury specifically rejected Apple's claim that the US design patent corresponding to the Community Design in issue here was infringed. The average reader would think that the UK decision was at odds with that in the US. Far from that being so, it was in accordance with it.

  10. The third sentence reads:
  11. So while the U.K. court did not find Samsung guilty of infringement, other courts have recognized that in the course of creating its Galaxy tablet, Samsung wilfully copied Apple's far more popular iPad.
    This is calculated to produce huge confusion. The false innuendo is that the UK court came to a different conclusion about copying, which is not true for the UK court did not form any view about copying. There is a further false innuendo that the UK court's decision is at odds with decisions in other countries whereas that is simply not true.

  12. The reality is that wherever Apple has sued on this registered design or its counterpart, it has ultimately failed. It may or may not have other intellectual property rights which are infringed. Indeed the same may be true the other way round for in some countries Samsung are suing Apple. But none of that has got anything to do with the registered design asserted by Apple in Europe. Apple's additions to the ordered notice clearly muddied the water and the message obviously intended to be conveyed by it.

  13. Jurisdiction to make a Further Order

  14. Mr Beloff suggested that we had no jurisdiction to make a further order. But he accepted that the court has power to vary its orders to make their meaning and intention clear. The meaning and intention of the first order was plain: to require Apple to publicise properly that there was no infringement of the registered design. The proposed order now sought does no more than that.

  15. So it is unnecessary to explore further the power of the court to grant an injunction where an earlier court order has been breached or disobeyed. One would expect such a power to exist irrespective of formal proceedings for contempt. As my late father observed:
  16. Under its inherent jurisdiction, the court has undoubted power to compel observance of its process and obedience of and compliance with its orders. These powers are inherent in the sense that they are necessary attributes to render the judicial function effective in the administration of justice, The Inherent Jurisdiction Current Legal Problems, 1970 p.44
    The Form of the Further Order

  17. The form of this was settled at the hearing. So I need do no more than explain the reasons for the matters over which there was some dispute.

  18. Given our finding that the Contested Notice did not comply with our order and did not achieve what was intended there was no dispute but that we should order it be removed. There was dispute as to what should go up in its place. Apple contended that no more was needed on its home page. We thought otherwise. The Contested Notice had had over a million hits. It was necessary that the fact it was misleading be brought home. Only a notice on Apple's homepage could be sure to do that. We were of course conscious that a notice on the homepage was highly undesirable from Apple's point of view, but its own actions had made it necessary. We also thought that a rather longer period was needed than the one month period of the original order. We ordered that the notice and link should stay up until 15th December. The notice on the homepage had to make it clear that the Contested Notice was inaccurate and did not comply with the first order.

  19. We also thought it appropriate that the correct statement – the notice required by the original notice – should appear without modification or addition. Apple's previous modifications and additions made it clear that it should not be allowed to do the same or something similar again. Of course that did not preclude it from making statements elsewhere – even untrue ones which might amount to a libel or malicious falsehood. That would amount to a prior restraint which would obviously be inappropriate. All we required is that the notice we ordered should appear unvarnished or unembellished in any way.

  20. As to the costs (lawyers' fees) to be awarded against Apple, we concluded that they should be on an indemnity basis. Such a basis (which is higher than the normal, "standard" basis) can be awarded as a mark of the court's disapproval of a party's conduct, particularly in relation to its respect for an order of the court. Apple's conduct warranted such an order.

  21. Finally I should mention the time for compliance. Mr Beloff, on instructions (presumably given with the authority of Apple) told us that "for technical reasons" Apple needed fourteen days to comply. I found that very disturbing: that it was beyond the technical abilities of Apple to make the minor changes required to own website in less time beggared belief. In end we gave it 48 hours which in itself I consider generous. We said the time could be extended by an application supported by an affidavit from a senior executive explaining the reasons why more was needed. In the event no such application was made. I hope that the lack of integrity involved in this incident is entirely atypical of Apple."
I admire his inherent optimism, in spite of the evidence in this particular case, in his concluding hope that  "the lack of integrity involved in this incident is entirely atypical of Apple."

Apple have now put a link to the ordered notice on their website.  You do have to scroll down to the bottom of the http://www.apple.com/uk/ homepage to find it:
"On 25 October 2012, Apple Inc. published a statement on its UK website in relation to Samsung's Galaxy tablet computers. That statement was inaccurate and did not comply with the order of the Court of Appeal of England and Wales. The correct statement is at Samsung/Apple UK judgement."
 The notice itself now reads:
"Samsung / Apple UK judgment
On 9 July 2012 the High Court of Justice of England and Wales ruled that Samsung Electronic (UK) Limited’s Galaxy Tablet Computers, namely the Galaxy Tab 10.1, Tab 8.9 and Tab 7.7 do not infringe Apple’s Community registered design No. 0000181607-0001. A copy of the full judgment of the High Court is available from www.bailii.org/ew/cases/EWHC/Patents/2012/1882.html.
That Judgment has effect throughout the European Union and was upheld by the Court of Appeal of England and Wales on 18 October 2012. A copy of the Court of Appeal’s judgment is available from www.bailii.org/ew/cases/EWCA/Civ/2012/1339.html. There is no injunction in respect of the Community registered design in force anywhere in Europe."
It's supposed to remain there until 15 December. Pity they didn't stretch it through the Christmas period!

Monday, November 05, 2012

Mr Gove touting access to National Pupil Database

The Department for Education is holding a "Consultation on proposed amendments to individual pupil information prescribed persons regulations" a title, should it come to any notables' attention, likely to provoke a collective yawn.

Reading on down the consultation page, though, it is explained that this is
"A consultation on proposals to amend regulations to enable the Department for Education to share extracts of data held in the National Pupil Database for a wider range of purposes than currently possible.
The aim is to maximise the value of this rich dataset."
Seriously?

The current government really want to provide corporate and wider access to intimate details of school children's files? The NPD holds up to 400 variables on over half a million children including names, addresses, 'looked after status', 'in need status', birth dates, gender, ethnicity, first language, eligibility for free school meals, information about special educational needs (SEN), exam results, attendance, reasons for absence and exclusions. 

Here in full is what the Secretary of State for Education, Michael Gove told MPs this week:
"I am today launching a public consultation on proposals to amend the Education (Individual Pupil Information) (Prescribed Persons) (England) Regulations 2009 to enable the Department for Education to share extracts of data held in the National Pupil Database for a wider range of purposes than currently possible in order to maximise the value of this rich dataset.
The National Pupil Database holds one of the richest educational datasets in the world and forms a significant part of the education evidence base. It is a longitudinal database which holds information on children in schools in England. This includes pupil level data relating to school attended, teacher assessments, test and exam results by subject, prior attainment, progression and pupil characteristics.
We have already significantly expanded the content of school performance tables for primary and secondary schools and were commended in the National Audit Office report “Implementing Transparency” (April 2012) for opening up access to our data. Recently, we have also improved the application arrangements for requesting access to data from the National Pupil Database under our existing regulations for those who need pupil level data for research purposes.
However, we are aware that the existing Prescribed Persons Regulations may prevent some potentially beneficial uses of the data by third-party organisations, as use is currently restricted to “research into educational achievement”. For example, we have had to reject requests to use the data for analysis on sexual exploitation, the impact on the environment of school transport, and demographic modelling, all of which seem to be legitimate and fruitful areas for further research.
We want to give organisations greater freedom to use extracts of the data for wider purposes, while still ensuring its confidentiality and security. Existing arrangements for access to the data would apply to all future requests: all requests to access extracts of data would go through a robust approval process and successful organisations would be subject to strict terms and conditions covering their handling and use of the data, including having appropriate security arrangements in place. Organisations granted access would need to comply with the Data Protection Act, and any reports, statistical tables, or other products published or released, would need to fully protect the identity of individuals.
Amending these regulations should encourage more organisations to use the data for wider research, such as socio-economic analysis, or research into equality issues, including disability, gender or race. It could also help stimulate the market for innovative tools and services which present anonymised versions of the data.
If, having listened to the views expressed in the public consultation and subject to the will of the House, I decide to proceed with the proposed amendments, I expect the revised regulations to come into force in spring 2013.
The public consultation on this proposal will commence today and run for six weeks. A consultation document containing full details of this proposal and how interested parties can respond to the consultation will be published on the Department for Education website. Copies of that document will also be placed in the House Libraries."
Let's just pick out a couple of points from this.

Mr Gove wants "to give organisations greater freedom to use extracts of the data for wider purposes, while still ensuring its confidentiality and security." That will be a neat trick. I wonder if the Secretary of State has ever heard of diametrically opposed, mutually exclusive goals? Well whether he has or not he's found some here and he shouldn't need a Ross Anderson or a Bruce Schneier to explain why.

Next he says "Organisations granted access would need to comply with the Data Protection Act, and any reports, statistical tables, or other products published or released, would need to fully protect the identity of individuals... It could also help stimulate the market for innovative tools and services which present anonymised versions of the data."

Note that not even minimal effort is to be made by government to anonymise the data (imperfect though those methods undoubtedly are - anonymisation is really difficult) in advance of release. It is the organisations given access to the data who will have to pay lip service to "fully protecting [sic] the identity of individuals". And the private sector can beta test "tools and services which present anonymised versions of the data" on real live kids' personal details.

Just for starters, the whole thing breaches Kim Cameron's first three laws of identity.
1. User control and consent - technical identity systems must only reveal information identifying a user with the user's consent.
2. Minimum disclosure for constrained use - the solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.
3. Justifiable parties - the information will be in control of or at least accessible by parties who have no right to it.
But then current government practice on facilitating access to this database already does that. The difference with this new proposal is one of scale and that's almost impossible to explain to a politician. If anyone has any bright ideas on breaking through this cognitive fog in a way that the average government minister would understand, answers on a postcard please or preferably in the comments below...

When Privacy International warned in the summer that the Department for Education sponsored an "appathon", allowing attendees access to the National Pupil Database I wasn't really too concerned despite their reasonable questions at the time:
"1) What data access arrangements will attendees be provided with?
2) What legal commitments will attendees be required to make?
3) What data protection/management guidance will be given to attendees?
3b) Given the use of an API, will synthetic data be provided for testing/debugging/public exhibition?
4) Who gave permission in the first instance and can we see the letter of agreement?"
Computer scientists have been warning, for decades, of the practical problems of securing valuable databases.  European and (to a lesser degree) the US courts have shown an inclination to step in to correct calculated or negligent mismanagement of or unauthorised access to such systems. The degree of such intervention by the courts would suggest they would look unkindly on untrammelled access to the NPD of the kind that Mr Gove appears to favour. But by the time that happens the damage would already be done.

Look, the enthusiasm for opening up government datasets is encouraging, when that doesn't compromise personal privacy. But transparency is not automatically always the right thing in all circumstances.

The problem of striking a balance between protecting privacy and facilitating empirical research/use of valuable datasets, like medical records or the NPD, in the public interest, is potentially one of the defining political issues of the 21st century. The technical and legal problems are also almost impossibly challenging, as FIPR, Paul Ohm and others have illustrated.

The NPD, however, is not the sandpit to be experimenting with all this.