The photo, the net and the law

IMG_4615-EditDigital technology and the net are reforming so many things, among them photography. Do you remember when we used to develop films with 2 or 3 summer holidays on the same roll, and then bury the prints deep in the family album? Now we can snap hundreds of shots a day and share them on the net in real-time. If you are lucky your shared shot or video can get more viewers than a small newspaper has readers. The newspaper is made by professionals who know the ethical and legal aspects of publishing. But do you know? How do you decide if it is OK to publish a shot or not? Or to take the photo in the first place? With common sense? That’s OK, it’s a good start. But I suggest that you get familiar with some of the basic legal aspects too.

You know how it is to ask a lawyer if something is legal or not. It’s impossible to get a straight answer. I start to understand why when digging into this problem. There are really so many aspects that matter and many things that aren’t black and white (no pun intended). And on top of that, the international aspect. Laws are different in every country. I have been looking a long time for a good and comprehensive guide that covers photo law in different countries. In vain so far.

That’s an indication about how big and complex the issue is. But I’m going to give it a try anyway. I have tried to list the basic principles in a very compact form. This list can’t be very precise as it isn’t country specific. So be aware that the law in a specific country can differ from what’s stated below. But the risk that your camera puts you in trouble should be significantly lower if you know at least these principles.

To take a photo

  • It is generally OK to take photos in public places, but some limitations may apply.
    • Taking photos that present a person in a defamatory way may be banned.
    • Taking photos of police officers may be banned.
    • Taking photos of military installations and critical infrastructure may be banned.
    • Taking photos of monumental buildings may be restricted or banned.
  • It is generally OK to take photos of other persons without permission in public places, but some may have a personal problem with that. It’s polite to comply and cease shooting if someone complains, but these persons do typically not have any legal right to prevent others from photographing them. Unless the shooting can be seen as harassment. Also keep in mind that there may be cultural restrictions. It’s for example considered bad habit to photograph priests, monks and nuns in some countries.
  • What’s a public place has typically nothing to do with ownership. It’s a place that the public has free access to, even if it isn’t owned by a public institution. Events and transportation that the public can buy tickets to freely do typically also qualify as public places.
  • Some public places, like shopping centers or shops, try to limit or ban photography. Those rules may or may not be legally binding, depending on local legislation. Many shop owners seem to know as little as their customers about the laws regulating photo.
  • Photography is typically not allowed without permission in private places and events for invited guests. You should always ask for permission before taking a shot in someone else’s home. Regardless what your local law says, that’s common sense IMO.
  • Vehicles where you can stay overnight may be considered private places just like homes. Ordinary cars do not belong to this category.
  • Taking photos of kids is typically no different from other kinds of photography from legal point of view. Many parents have however became wary about having pictures of their kids online because of increasing media coverage about pedophilia. So it’s best to be careful when shooting others’ children. Talk to the parents first, if possible.
  • Remember that knowing the law and your rights to photograph is important, but so is common sense. If you face a photography ban that is in violation of your legal rights, it’s up to you if you want to challenge the ban or save both parties some trouble. Is it worth it?

Copyright and licenses

  • The creator of a creative work, like a photo or a video, has automatically the right to decide about how the work can be used, and to be compensated if the work creates profit. It’s a bit like ownership and it is called copyright.
  • Copyright exists automatically. You do not have to apply for it, register the work somewhere or even put a copyright statements in the corner of your photo.
  • The copyright holder is the person who has done the creative work, i.e. came up with the idea for the photo. It doesn’t matter who pressed the shutter button or who owns the camera.
  • Copyright can be transferred to someone else, which is like giving away the ownership. The copyright holder can also grant licenses to use the work. It is very important to understand the difference between these two.
  • There are no usage rights by default. It means that you basically can’t do anything with a photo taken by someone else without permission from the copyright holder. And vice versa for others using your shots. There are however exceptions to this. The fair use concept in US is one example. It states that minor insignificant use is OK without permission, like use for private or some educational purposes.
  • If you own the copyright, you have free hands to grant, or refuse to grant, others the right to use your photo. Such rights are called a license. A license can be any kind of free form statement that:
    • Specify what work it affects.
    • Specify who it grants rights to, or grant rights to anyone who want to use the work.
    • Can specify how the copyright holder shall be compensated.
    • Can demand that the copyright holder shall be attributed.
    • Can limit the rights to a defined period of time.
    • Can limit the rights to a specific kind of use.
    • Can limit the rights geographically.
    • Can be exclusive, meaning that the copyright holder agrees to not grant any conflicting licenses to others.
  • Creative Commons (CC) is a widely used ready-made system for granting generic licenses to use your photos. This is a nice way to share shots if you don’t mind others using them for free. There are several kinds of CC-licenses, for example licenses that exclude commercial use.

 To publish a photo

  • Remember that taking a photo and publishing it is two different things. You do not necessary have the right to publish even if it’s OK to take the photo.
  • You can generally publish your own shots freely as long as it is done as a private person on a hobby basis. Like sharing on Facebook or Flickr.
  • Publishing a shot that presents a recognizable person in a defamatory situation, state or context is most likely illegal.
  • Be careful when publishing pictures of others’ children. It’s typically legal, but the parents may have issues with it.
  • People usually can’t prevent others from photographing them in public places, but they have the right to decide if shots of them can be used commercially. An approval of this kind is called a model release. It is a document where a person who is recognizable in the picture grants rights to use the image. A similar property release may sometimes be needed for shots showing buildings etc.
  • Some companies are guarding their brands rigorously. They may have a problem if they see their brand exposed in a published photo in a way they don’t like. You may get a letter that threat you with legal actions unless you remove the photo. There’s typically little or no legal substance behind these threats, as companies and brands typically aren’t protected against libel etc. in the same way as individuals. You may comply, ignore them or ask for more details about what paragraphs they refer to and under what jurisdiction. That may make them go away.
  • You do by default not have any rights to publish others’ photos (exceptions exist, see for example fair use in US). Many photographers are however adopting a liberal attitude against sharing and publish their work under a CC-license, or similar. If you need to illustrate something, you can search the net for CC-images for example on Flickr. This is how I get most of the pictures I use in these blog posts. Remember to credit the photographer! That’s a small token of appreciation compared to the value you get.
  • But what about sharing in social media, Facebook for example? If you take a picture file and upload it so that it is visible to anyone, then it is definitively publishing. But sharing a photo that someone else has uploaded to Facebook is totally different. What you do is really to tell others that the picture exist and where they can find it. You just share a pointer to it, not the image itself. That is of course always OK and only limited by the privacy settings of the photo.

As said. This summary is an attempt to list some generic fundamentals that should be valid pretty much everywhere. That’s a good start, but if you are a serious photographer you should educate yourself with more accurate info for your own country. Also, what’s said about photos also applies to video.

Do you know of a good source that covers international photo law? Or a good guide for your own country? Then post a link as a comment to this article. Maybe there isn’t a comprehensive international guide, but a collection of links to guides for different countries is almost as good.

And finally. Quoting an excellent tweet from @Mikko. “Remember that legal advice you find on the net is worth every penny you paid for it.” Nice disclaimer, isn’t it. :)

More posts from this topic


A temporary profile picture but permanent app permissions

We are all sad about what’s happened in Paris last Friday. It’s said that the terrorist attacks have changed the world. That is no doubt true, and one aspect of that is how social media becomes more important in situations like this. Facebook has deployed two functions that help people deal with this kind of crisis. The Safety Check feature collects info about people in the area of a disaster, and if they are safe or not. This feature was initially created for natural disasters. Facebook received criticism for using it in Paris but not for the Beirut bombings a day earlier. It turned out that their explanation is quite good. Beirut made them think if the feature should be used for terror attacks as well, and they were ready to change the policy when Paris happened. The other feature lets you use a temporary profile picture with some appropriate overlay, the tricolor in this case. This is a nice and easy way to show sympathy. And it became popular very quickly, at least among my friends. The downside is however that it seemed so popular that those without a tricolor were sticking out. Some people started asking them why they aren’t supporting the victims in Paris? The whole thing has lost part of its meaning when it goes that far. We can’t know anymore who genuinely supports France and who changed the picture because of the social pressure. I changed my picture too. And it was interesting to see how the feature was implemented. The Facebook app for iOS 9 launched a wizard that let me make a picture with the tricolor overlay. Either by snapping a new selfie or using one of my previous profile pictures. I guess the latter is what most people want to do. But Facebook’s wizard requires permissions to use the camera and refuses to start until the user has given that permission. Even if you just want to modify an existing picture. Even more spooky. The wizard also asked for permission to use the microphone when I first run it. That is, needless to say, totally unnecessary when creating a profile picture. And Facebook has been accused of misusing audio data. It’s doubtful if they really do, but the only sure thing is that they don’t if you deny Facebook microphone access. But that was probably a temporary glitch, I was not able to reproduce the mic request when resetting everything and running the wizard again. Your new profile picture may be temporary, but any rights you grant the Facebook app are permanent. I’m not saying that this is a sinister plot to get more data about you, it may be just sloppy programming. But it is anyway an excellent reminder about how important the app permissions are. We should learn to become more critical when granting, or denying, rights like this. This is the case for any app, but especially Facebook as its whole business model is based on scooping up data about us users. Time for an app permission check. On your iOS device, go to Settings and Privacy. Here you can see the categories of info that an app can request. Go through them and think critically about if a certain app really needs its permissions to provide value to you. Check Facebook's camera and microphone permissions if you have used the temporary profile picture feature. And one last thing. Make it a habit to check the privacy settings now and then.   [caption id="attachment_8637" align="aligncenter" width="169"] This is how far you get unless you agree to grant Facebook camera access.[/caption]   [caption id="attachment_8638" align="aligncenter" width="169"] The Settings, Privacy page. Under each category you find the apps that have requested access, and can select if the request is granted or denied.[/caption]     Safe surfing, Micke   PS. The temporary profile picture function is BTW simpler in Facebook's web interface. You just see your current profile picture with the overlay. You can pan and zoom before saving. I like that approach much more.   Photo by Markus Nikander and iPhone screen captures    

November 16, 2015
facebook login

Using Facebook to log in – safe or not?

Open up your favorite web site and you can see what this is about right away. There are in many cases two options, an ordinary log-in and “Log in with Facebook”. Have you been using the Facebook option? It is quite convenient, isn’t it? I was talking to a journalist about privacy a while ago. One of the hints that ended up in the final story was that it isn’t necessary a good idea to link your other accounts to Facebook. And that raised questions. Some people have wondered why it is so, and pointed out that we at F-Secure also provide that option in our portal for F-Secure SAFE, MY SAFE. So let’s take a closer look. Is it good, bad or ugly? Here’s the important points: Facebook acts like an authentication service in this scenario. One single password opens the door to many services. This is indeed convenient and reduces the need to remember a lot of different passwords. But you should use different passwords on every service to reduce the damage if a password is leaked. That could happen for example in a phishing scam. Using Facebook’s log-in everywhere is putting all your eggs in the same basket. The worst thing you can do is to use the same user ID and password on all your sites, but *not* the Facebook function. A leak in any of them could give the attackers access to all your systems. Using the Facebook login instead is in this case a way to *improve* security. Facebook's servers are well secured, a leak from them is highly unlikely. It may reveal private info from Facebook to the other service unnecessarily. Most of us just click OK when Facebook asks for permission to give data to the other service, without thinking about what we really approve. Facebook will get yet another sensor to profile you. They will know that you use a certain service, when and how often you use it, and on what kind of device and where in the world you are when using it. Most people are on Facebook under their real name, but you may want to use other services more anonymously. If you don’t want it to be publicly known that you use a particular service, then you shouldn’t use your real-name Facebook account to log in. Remember that privacy on-line is not just about how much private data you reveal. It’s also very much about whom you reveal it to and how fragmented your digital footprint is. Preventing different services from consolidating your data improves your privacy. So should I use this feature at all? Maybe, it depends. There are some downsides, but it's a convenient way to log in, that can’t be denied. But first, the security-savvy approach is to instead use separate strong passwords on every site and a password manager. It’s a little bit of work when you set it up, but it is really the most secure approach. Don't use Facebook log-in for critical services. Those are sites containing sensitive information or where you make payments. They always deserve a strong unique password. But there's also a large number of sites that aren't that critical. Your on-line newspaper for example. If crooks get your Facebook password then your compromised newspaper account will be the smallest of your problems. Go ahead and use Facebook log-in for those if you find it convenient, but keep in mind the privacy concerns listed above. It's all about how picky you are about privacy. And don’t forget to review the permissions you have givens to apps and sites in Facebook. Go to Settings / Apps and you see the list of approved apps. Remove anything that sounds fishy, that you can’t remember approving or that you aren’t using frequently. Don’t be afraid to remove too much. The worst thing that can happen is that an app or site stops working and asks you to give it Facebook permissions again. Open all remaining apps and review what permissions they have. Think about what they do for you and if they really need all their permissions. Fix the permissions if needed. To wrap up. The Facebook log-in feature is not a security problem. Facebook's security system is solid and your security is not in jeopardy if you use it. But I still recommend separate passwords for the critical sites. The question marks are on the privacy front instead. Linking sites together contributes to forming a more comprehensive digital footprint. It's up to you to decide how worried you are about it. With this info you should be able to make an educated decision about where Facebook log-in can and can't be used.   [caption id="attachment_8629" align="aligncenter" width="266"] Jamendo's permissions in Facebook. This is the basic permissions most well-behaving apps/sites ask for. If the site asks for more, consider carefully if it really is needed.[/caption]   Safe surfing, Micke     Images by C_osett and Facebook screen capture

November 12, 2015

Are you using Facebook at work? (Poll)

I’m sure you have run into it if you work at a company with an organized IT function. They provide you with a computer, but they control it and set restrictions on what you can do with it. This is justified. Keeping the systems patched and updated is necessary to maintain security. Not to talk about maintenance of the anti-malware. But security is not the only driver for controlling the computers. Productivity is another. The web is usually wide open and employees can surf wherever they like. Entertainment, social media, news, hobbies, work-related issues, they are all there in the same web. Trying to limit web access to just work-related content is a really hard task. Practically impossible in most cases. And on top of that, you can always pull out your smartphone, if the mean IT-folks have created nasty restrictions on the employer-owned device. Employers’ worries about security and productivity are demonstrated in a Bloomberg article. It’s a bit dated already, but probably still quite accurate. The list of banned apps can be divided in three groups. Cloud services makes it easy to share company secrets. Entertainment is time-consuming and addictive. And finally Facebook representing social media. Banning Facebook is interesting. Social media has quickly grown to be one of our most commonly used communication platforms. Is it really fair to shut this off for the whole workday? But Facebook can on the other hand be very addictive. I’m sure there are employees who spend far too much time there. But the question is if an effective ban of Facebook really would improve productivity? No-one can work 8h flat out without any breaks. Personally I feel that micro-breaks, like checking Facebook, helps me stay focused and get the work done. So let’s see what you think. What’s your relation to Facebook at work time?   [polldaddy poll=9172266]   Safe surfing, Micke   Photo by momo  

November 10, 2015