IMG_4615-Edit

The photo, the net and the law

IMG_4615-EditDigital technology and the net are reforming so many things, among them photography. Do you remember when we used to develop films with 2 or 3 summer holidays on the same roll, and then bury the prints deep in the family album? Now we can snap hundreds of shots a day and share them on the net in real-time. If you are lucky your shared shot or video can get more viewers than a small newspaper has readers. The newspaper is made by professionals who know the ethical and legal aspects of publishing. But do you know? How do you decide if it is OK to publish a shot or not? Or to take the photo in the first place? With common sense? That’s OK, it’s a good start. But I suggest that you get familiar with some of the basic legal aspects too.

You know how it is to ask a lawyer if something is legal or not. It’s impossible to get a straight answer. I start to understand why when digging into this problem. There are really so many aspects that matter and many things that aren’t black and white (no pun intended). And on top of that, the international aspect. Laws are different in every country. I have been looking a long time for a good and comprehensive guide that covers photo law in different countries. In vain so far.

That’s an indication about how big and complex the issue is. But I’m going to give it a try anyway. I have tried to list the basic principles in a very compact form. This list can’t be very precise as it isn’t country specific. So be aware that the law in a specific country can differ from what’s stated below. But the risk that your camera puts you in trouble should be significantly lower if you know at least these principles.

To take a photo

  • It is generally OK to take photos in public places, but some limitations may apply.
    • Taking photos that present a person in a defamatory way may be banned.
    • Taking photos of police officers may be banned.
    • Taking photos of military installations and critical infrastructure may be banned.
    • Taking photos of monumental buildings may be restricted or banned.
  • It is generally OK to take photos of other persons without permission in public places, but some may have a personal problem with that. It’s polite to comply and cease shooting if someone complains, but these persons do typically not have any legal right to prevent others from photographing them. Unless the shooting can be seen as harassment. Also keep in mind that there may be cultural restrictions. It’s for example considered bad habit to photograph priests, monks and nuns in some countries.
  • What’s a public place has typically nothing to do with ownership. It’s a place that the public has free access to, even if it isn’t owned by a public institution. Events and transportation that the public can buy tickets to freely do typically also qualify as public places.
  • Some public places, like shopping centers or shops, try to limit or ban photography. Those rules may or may not be legally binding, depending on local legislation. Many shop owners seem to know as little as their customers about the laws regulating photo.
  • Photography is typically not allowed without permission in private places and events for invited guests. You should always ask for permission before taking a shot in someone else’s home. Regardless what your local law says, that’s common sense IMO.
  • Vehicles where you can stay overnight may be considered private places just like homes. Ordinary cars do not belong to this category.
  • Taking photos of kids is typically no different from other kinds of photography from legal point of view. Many parents have however became wary about having pictures of their kids online because of increasing media coverage about pedophilia. So it’s best to be careful when shooting others’ children. Talk to the parents first, if possible.
  • Remember that knowing the law and your rights to photograph is important, but so is common sense. If you face a photography ban that is in violation of your legal rights, it’s up to you if you want to challenge the ban or save both parties some trouble. Is it worth it?

Copyright and licenses

  • The creator of a creative work, like a photo or a video, has automatically the right to decide about how the work can be used, and to be compensated if the work creates profit. It’s a bit like ownership and it is called copyright.
  • Copyright exists automatically. You do not have to apply for it, register the work somewhere or even put a copyright statements in the corner of your photo.
  • The copyright holder is the person who has done the creative work, i.e. came up with the idea for the photo. It doesn’t matter who pressed the shutter button or who owns the camera.
  • Copyright can be transferred to someone else, which is like giving away the ownership. The copyright holder can also grant licenses to use the work. It is very important to understand the difference between these two.
  • There are no usage rights by default. It means that you basically can’t do anything with a photo taken by someone else without permission from the copyright holder. And vice versa for others using your shots. There are however exceptions to this. The fair use concept in US is one example. It states that minor insignificant use is OK without permission, like use for private or some educational purposes.
  • If you own the copyright, you have free hands to grant, or refuse to grant, others the right to use your photo. Such rights are called a license. A license can be any kind of free form statement that:
    • Specify what work it affects.
    • Specify who it grants rights to, or grant rights to anyone who want to use the work.
    • Can specify how the copyright holder shall be compensated.
    • Can demand that the copyright holder shall be attributed.
    • Can limit the rights to a defined period of time.
    • Can limit the rights to a specific kind of use.
    • Can limit the rights geographically.
    • Can be exclusive, meaning that the copyright holder agrees to not grant any conflicting licenses to others.
  • Creative Commons (CC) is a widely used ready-made system for granting generic licenses to use your photos. This is a nice way to share shots if you don’t mind others using them for free. There are several kinds of CC-licenses, for example licenses that exclude commercial use.

 To publish a photo

  • Remember that taking a photo and publishing it is two different things. You do not necessary have the right to publish even if it’s OK to take the photo.
  • You can generally publish your own shots freely as long as it is done as a private person on a hobby basis. Like sharing on Facebook or Flickr.
  • Publishing a shot that presents a recognizable person in a defamatory situation, state or context is most likely illegal.
  • Be careful when publishing pictures of others’ children. It’s typically legal, but the parents may have issues with it.
  • People usually can’t prevent others from photographing them in public places, but they have the right to decide if shots of them can be used commercially. An approval of this kind is called a model release. It is a document where a person who is recognizable in the picture grants rights to use the image. A similar property release may sometimes be needed for shots showing buildings etc.
  • Some companies are guarding their brands rigorously. They may have a problem if they see their brand exposed in a published photo in a way they don’t like. You may get a letter that threat you with legal actions unless you remove the photo. There’s typically little or no legal substance behind these threats, as companies and brands typically aren’t protected against libel etc. in the same way as individuals. You may comply, ignore them or ask for more details about what paragraphs they refer to and under what jurisdiction. That may make them go away.
  • You do by default not have any rights to publish others’ photos (exceptions exist, see for example fair use in US). Many photographers are however adopting a liberal attitude against sharing and publish their work under a CC-license, or similar. If you need to illustrate something, you can search the net for CC-images for example on Flickr. This is how I get most of the pictures I use in these blog posts. Remember to credit the photographer! That’s a small token of appreciation compared to the value you get.
  • But what about sharing in social media, Facebook for example? If you take a picture file and upload it so that it is visible to anyone, then it is definitively publishing. But sharing a photo that someone else has uploaded to Facebook is totally different. What you do is really to tell others that the picture exist and where they can find it. You just share a pointer to it, not the image itself. That is of course always OK and only limited by the privacy settings of the photo.

As said. This summary is an attempt to list some generic fundamentals that should be valid pretty much everywhere. That’s a good start, but if you are a serious photographer you should educate yourself with more accurate info for your own country. Also, what’s said about photos also applies to video.

Do you know of a good source that covers international photo law? Or a good guide for your own country? Then post a link as a comment to this article. Maybe there isn’t a comprehensive international guide, but a collection of links to guides for different countries is almost as good.

And finally. Quoting an excellent tweet from @Mikko. “Remember that legal advice you find on the net is worth every penny you paid for it.” Nice disclaimer, isn’t it. :)

More posts from this topic

Lee Rigby

Whose job is it to catch terrorists, MI5’s or Facebook’s?

The sad killing of British soldier Lee Rigby has been in the headlines lately after release of a report about how authorities handled the case. Publicity was boosted because the committee thinks Facebook is responsible for the killing. They think the social media giant has a clear obligation to identify and report people who plan attacks like this. Just like the fact that phone companies report everybody who are talking about terrorism and the postal service sends a copy of all fishy letters to the Scotland Yard. I’m sure you get the sarcasm. What happened is that British agencies, MI5, MI6 and GCHQ, had identified the killers, Michael Adebolajo and Michael Adebowale, as interesting persons before the attack. They did however fail to investigate properly and apparently made no attempts to get the suspects’ communications from Facebook. There would have been several ways for them to do that, by a direct request from the police to Facebook or by the secret intelligence connections between GCHQ and NSA. Meanwhile Facebook's internal controls had flagged the killers’ communications and automatically closed their accounts. Facebook did however never report this to the British agencies. Which gave the Brits a convenient scapegoat to focus on instead of the fact that they never asked for that data. Ok, so the Brits blame Facebook. Let’s take a closer look at some numbers and what they really are demanding. There’s about 1,6 billion users total on Facebook. 1,3 billion monthly active and about 860 million daily active users. These users share around 5 billion items and send over 10 billion messages every day. This creates a total stream of around 10 million items per hour and 173 000 per second. Quite a haystack to look for terrorists in! Facebook has some 8 300 employees. If every single one of them, Mark Zuckerberg included, would spend their full working day monitoring messages and shared items, they would have to do over 60 items per second to keep up. Needless to say, any kind of monitoring must be automated for volumes like this. Facebook is monitoring its content automatically. Some keywords and phrases trigger actions, which can lead to closure of accounts. This is understandable as no company want to be a safe haven for criminals and many kinds of harmful activities are prohibited in the user agreement. But Facebook is walking a thin line here. Their primary task is not to be a law enforcement agency but to provide a social media service. They must also be well aware of the fact that reporting innocent people to the authorities is highly irresponsible. Commonly accepted practices of justice are not obeyed anymore when dealing with potential security threats and there is no transparency. There are numerous cases where western authorities have detained and even tortured innocent persons, apparently based on some very vague indications. Maher Arar’s case is a well-known example. So the bar for reporting someone must be high. It is easy for an Internet service to throw out a suspected user. They are after all not paying anything and Facebook have no obligation to let them be users. This ensures compliance with the user terms, no criminal activities allowed. But the threshold to report someone is naturally a lot higher. Especially when the volume forces Facebook to make automated decisions. This is not a sign of carelessness from Facebook’s side, it’s because people by default are entitled to communication privacy. It is also a direct consequence of the fact that terrorism suspicions are handled outside the normal justice system in many western countries. You carry a heavy responsibility if you feed innocent peoples’ data into a system like that. Let’s face it. There’s a large number of criminal conversations going on right now both on Facebook and other social services. Many terrorists are also on the phone right now and some are picking up deliveries with items related to planned attacks. Nobody is expecting the phone company to routinely listen in to identify potential terrorists and nobody is expecting the post to check parcels randomly. Facebook may not report every flagged conversation, but they are at least doing something to not be a safe haven for terrorists. Still they are the only of these services that the Brits call a safe haven. Not very logical. The simple reason for this apparent inconsistency is naturally the need for a scapegoat. The British agencies failed to investigate so they need someone else to blame. But there is a more dangerous aspect hidden here as well. Snowden made us aware of the privacy threats on Internet. The wide-spread mass surveillance has so far to a large extent been secret and even illegal. Pandora’s Box is open now and authorities all over the world are racing to get legal rights to mass surveillance, before the large masses understand what it really would mean. Putting pressure on Facebook fits that agenda perfectly. To be fair, one can naturally also ask if Facebook could have done more. A calm and balanced debate about that is welcome and beneficial. The flagged messages is probably quite a haystack too. To what extent is Facebook reviewing those messages manually, and could this process be improved to catch more potential killers? And at the same time avoid reporting any innocent users. To illustrate that this isn’t as simple as many think. People are asking why Facebook didn’t react on stuff containing the phrase “let’s kill a soldier”. Well, this blog post contains it too. Am I a killer because of that? Should this post be flagged and given to MI5?   Safe surfing, Micke    

Nov 28, 2014
BY 
network

What is a supercookie and why is it more important than you think?

Many techie terms in the headlines lately. Supercookies, supertrackers, HTTP headers and X-UIDH. If you just skim the news you will learn that this is some kind of new threat against our privacy. But what is it really? Let’s dig a bit deeper. We will discover that this is an issue of surprisingly big importance. Cookies are already familiar to most of us. These are small pieces of information that a web server can ask our browser to store. They are very useful for identifying users and managing sessions. They are designed with security and privacy in mind, and users can control how these cookies are used. In short, they are essential, they can be a privacy problem but we have tools to manage that threat. What’s said above is good for us ordinary folks, but not so good for advertisers. Users get more and more privacy-aware and execute their ability to opt out from too excessive tracking. The mobile device revolution has also changed the game. More and more of our Internet access is done through apps instead of the browser. This is like using a separate “browser” for all the services we use, and this makes it a lot harder to get an overall picture of our surfing habits. And that’s exactly what advertisers want, advertising is like a lottery with bad odds unless they know who’s watching the ad. A new generation of supercookies (* were developed to fight this trend. It is a piece of information that is inserted in your web traffic by your broadband provider. Its purpose is to identify the user from whom the traffic comes. And to generate revenue for the broadband provider by selling information about who you really are to the advertisers. These supercookies are typically used on mobile broadband connections where the subscription is personal, meaning that all traffic on it comes from a single person. So why are supercookies bad? They are inserted in the traffic without your consent and you have no way to opt out. They are not visible at all on your device so there is no way to control them by using browser settings or special tools. They are designed to support advertisers and generate revenue for the mobile broadband provider. Your need for privacy has not been a design goal. They are not domain-specific like ordinary cookies. They are broadcasted to any site you communicate with. They were designed to remain secret. They are hidden in an obscure part of the header information that very few web administrators need to touch. There are two ways to pay for Internet services, with money or by letting someone profile you for marketing purposes. This system combines both. You are utilized for marketing profit by someone you pay money to. But what can and should I do as an ordinary user? Despite the name, this kind of supercookies are technically totally different from ordinary cookies. The privacy challenges related with ordinary cookies are still there and need to be managed. Supercookies have not replaced them. Whatever you do to manage ordinary cookies, keep doing it. Supercookies are only used by some mobile broadband providers. Verizon and AT&T have been most in the headlines, but at least AT&T seems to be ramping down as a result of the bad press. Some other operators are affected as well. If you use a device with a mobile broadband connection, you can test if your provider inserts them. Go to this page while connected over the device’s own data connection, not WiFi. Check what comes after “Broadcast UID:”. This field should be empty. If not, then your broadband provider uses supercookies. Changing provider is one way to get rid of them. Another way is to use a VPN-service. This will encapsulate all your traffic in an encrypted connection, which is impossible to tamper with. We happen to have a great offering for you, F-secure Freedome. Needless to say, using Freedome on your mobile device is a good idea even if you are not affected by these supercookies. Check the site for more details. Last but not least. Even if you’re unaffected, as most of you probably are, this is a great reminder of how important net neutrality is. It means that any carrier that deliver your network traffic should do that only, and not manipulate it for their own profit. This kind of tampering is one evil trick, throttling to extort money from other businesses is another. We take neutrality and equal handling for granted on many other common resources in our society. The road network, the postal service, delivery of electricity, etc. Internet is already a backbone in society and will grow even more important in the future. Maintaining neutrality and fair rules in this network is of paramount importance for our future society.   Safe surfing, Micke   PS. The bad press has already made AT&T drop the supercookies, which is great. All others involved mobile broadband providers may have done the same by the time you are reading this. But this is still an excellent example of why net neutrality is important and need to be guaranteed by legislation.     (* This article uses the simplified term supercookie for the X-UIDH -based tracker values used by Verizon, AT&T and others in November 2014. Supercookie may in other contexts refer to other types of cookie-like objects. The common factor is that a supercookie is more persistent and harder to get rid of than an ordinary cookie.   Image by Jer Thorp  

Nov 18, 2014
BY 
Facebook_Headquarters_Entrance_Sign_Menlo_Park

Poll: What does clicking Like really mean to you?

Social media is here to stay and it definitively changes our way to communicate. One new trend is the ability to communicate instantly without writing or saying anything. Good examples are Facebook’s Like-button and the indicators for what you are doing or feeling. Facebook’s Like-button is no doubt the most popular and important feature in this category. You really can’t be a Facebook user without getting in touch with it. But the big question is what you really mean by clicking Like? It sounds simple, but may be more complex than you think. You do not only express support for the post you like, it is also a social gesture towards the poster. You show that you have read the post and want to stay in touch. Another interesting question is how to deal with good posts about bad things. We see them almost daily. Someone is writing an excellent post about something that is very wrong. You really dislike the topic of the post even if you think it’s good that someone brings it up. You agree about something you dislike. Should you click Like? Does a like target the post or the topic of a post? There’s no generic rule for this and we all act differently. More activity, likes and comments, boost a post and makes it more visible. So it would make sense to like the post as we want to spread awareness about the problem. But it still feels wrong to like something that makes you feel sick. So that’s the poll question for today. How do you act when you see a good post about something bad? Do you click Like? [polldaddy poll=8445608]   Safe surfing, Micke  

Nov 13, 2014
BY