I think it's important to separate several different aspects of protecting and incentivizing artists somewhere around this point in the debate. My personal view is that copyright is best used as a purely economic tool, to provide economic incentives. You can certainly argue for other protections on ethical grounds, perhaps most obviously the right of an artist to be given credit for their work or not to be associated involuntarily with any related work they weren't involved with. Reasonable people could disagree on the point you made as well, where derivatives works that aren't to the artist's taste are created; should the artist retain eternal control of their own ideas, or should freedom of expression and the creativity of others take precedence? But I don't think these latter ideas really belong in the realm of copyright. It's not the right tool for the job, and I don't think it serves multiple masters well.
But this whole idea you keep coming back to about somehow taking someone else's work and actually using copyright against them isn't actually supported by copyright law anywhere I know. It's certainly not part of the principle of copyright law as originally conceived or as defended to some extent by people like me today.
Really, what you're talking about is just some bullies abusing the (almost invariably US) legal system because they have a big war chest. In that kind of legal system, they could just as easily do that to you because they decided you were breathing their air, and you'd still lose. But you'd lose because you lacked the resources to fight them effectively, not because the law was actually on their side in any way.
Pay what you want is the model of the freemium games. You can play them and unlock most (or all) content without paying. But some people choose to pay.
But a lot of freemium games aren't really playable without paying, and calling them free is little more than (misleading) marketing. See the recent Dungeon Keeper fiasco for a particularly heinous example.
Sorry, I don't think I'm following your logic here. In a system without copyright (or any replacement we haven't mentioned) anyone would be free to take the creation of anyone else and make a profit from it if they could find a way to do so. I don't see how this is any different to the situation today, except that with copyright someone who wants to give their work away freely-with-restrictions (GPL etc.) can do so and their wishes are legally enforceable for as long as the copyright lasts.
I think the point here is that if you want to adopt a more community-driven scheme, for example, then copyright doesn't stop you. We have successful models for this such as the GPL, BSD/MIT-style licences, and Creative Commons. While these are basically legal tricks to get the desired result in a world that has copyright, I think it's fair to say they've been quite successful legal tricks and they're reasonable well and widely understood among their respective target audiences.
I don't mind an extension beyond the end of the artist's life either, as if they die suddenly then I don't think it's unreasonable for their immediate estate to enjoy the benefits of their work just like everyone else, but with a copyright model any such benefits are built up over time and not available up-front.
For that reason, I'd be more in favour of something very simple like N years as a flat limit for works, no matter who holds the copyright, and where N is chosen to allow reasonable returns for different kinds of works without locking them up for longer than necessary to provide a decent incentive to create and share them in the first place.
(Actually, I tend to favour making all long-term copyright non-transferrable and moving to some sort of exclusive distribution or marketing rights than last no more than a year or two and may then be renewed or not by the artist as they wish, to protect against freeloading middleman organisations who exploit the artist by buying up very long-term rights to their work for a pittance and then exploit the public by locking up the work for all that time. But that's another topic for another day.)
I wouldn't object to trying your version on ethical grounds, but as a practical matter, wouldn't it be even harder to administer? Who gets to decide how to share the revenues from different works among the various contributors? For that matter, how do you even specify and report revenues "made off" creative works? For all its sins, at least copyright is relatively clear in what is and isn't covered, and the most disagreement you're likely to get between the lawyers or accountants is a debate about whether a particular situation constitutes fair use or the equivalent.
There have been a few moderately successful pay-what-you-want offerings, though it's worth looking at how many of those were from artists who (a) had already made their name the other way, and (b) didn't actually need any more money so had relatively little to lose by risking it.
I'm not sure we really have enough data yet to draw robust conclusions, but it does seem clear already that pay-what-you-want isn't going to be some sort of spectacularly successful, obviously better model for increasing economic incentives to create and share works.
So for a project that isn't exactly typical in this space (it's very high profile, has an element of charitable donation linked to it, etc.) the current situation is that you get 9 games for an average of $3.84, presumably less a few cents in processing fees and the like for the sale mechanics, so each game is netting maybe $0.40 per sale, less than the cost of a candy bar. I wouldn't say that's exactly compelling evidence of how much customers value all the work that went into making those games!
Also, unless I've misunderstood the model here, the Humble Bundles are DRM-free but still subject to copyright, and moreover they're only available on this deal for a limited time and then get withdrawn so you can't buy them any more, removing those works from the market. Again, not only relying on copyright but actively restricting availability of the works as part of the promotional model doesn't seem to be a strong argument in your favour here.
That's all very noble and intellectual, but the simple fact is that in the real world, we all value different things to different extents. Money is the concrete, quantified representation of that value that we as a society have chosen to standardise.
You say that we don't want to be raising our children on stories full of sex and violence, and yet as you say yourself, sex and violence sell, so evidently lots of people do value those stories even if you don't or they're not valued as children's entertainment. In any case, I doubt most parents I know are planning to keep their kids safe from the evil that is Harry Potter as they grow up, and there's plenty of violence in those books.
I'm afraid you are imagining an idealised, deeply cultural world that doesn't exist even though you'd like it to, and then you are assigning the blame for its non-existence to the presence of mere economic niceties rather than the more fundamental cause, which is that the human condition just isn't as nice as you'd like it to be.
I couldn't agree more. This is the thing that always winds me up about people who suggest that there is no evidence that copyright is working and the only way we can possibly tell if we'd do better without it is to completely scrap it and see what happens. If there are all these viable alternative models that are so much more promising as incentives to create and share new work, why aren't people already using them?
Your argument all sounds perfectly reasonable until you consider that people have tried choose-your-own-price experiments before, and it turns out that almost no-one pays anything. People have given their stuff away for free and perfectly legally from the original source, and some people still pirate it from elsewhere!
So while I'm not for a moment defending today's absurd extremes of copyright, the one thing the copyright model has in general that your alternative proposal doesn't is that it actually works, which is slightly important.
I'm firmly in the "reform copyright" camp. That is, I think copyright is a useful economic tool for promoting creation and distribution of new work, but the current implementation of copyright law is deeply flawed and no longer fit for purpose in most of the western world.
That said, I want to challenge this statement you made, because I think it's too strong:
However, no matter how optimistic you are, what becomes clear is that if copyright dies in a practical sense, you cannot make a living as an artist.
I don't think this is a black/white question, but rather a matter of probability, scale, and variety of options. Many people do make a living in creative industries without really relying on copyright all that much.
For example, most of the work I do is subject to copyright protection, and in some of my roles I would normally transfer the copyright to clients/customers at the end of a job. However, often neither I nor my customers much care about that, because if we're talking about software that is running on their web server or embedded in their device, it has much more practical protection against someone ripping it than copyright affords, and in any case the software would have limited value in isolation so there's not much incentive for others to copy it.
Not everyone in software works on projects where that would be the case, so for others copyright offers a better incentive. But in those cases, other models might also work. I have some hope for the crowd-sourcing idea, as the likes of Kickstarter have already shown that even quite substantial projects staffed by solid industry veterans can pull in a decent amount of funding to match. Potentially there's a lot of middleman removal as a pleasant side effect, all the while still allowing the overall cost of developing a moderately large project to be amortised over many customers (and unlike typical copyright-and-sale business models, potentially allowing different customers to contribute more or less according to their means, so perhaps better satisfying your "democratic model" criteria). I think we need a few more of the bigger projects to actually deliver before drawing too many conclusions here, and of course even the biggest are still orders of magnitude smaller than what copyright-backed industry has achieved, but the early signs look positive from here.
So while I'd agree that the scales proven so far and the odds of success are not as good without copyright as with it, at least for those kinds of creative work where copyright is fundamental to the existing business model anyway, I think it's too strong to say that you can't make a living as an artist without it. What we should be concentrating on is whether more people wind up making more and better work that is ultimately enjoyed by more people with different variations of copyright or other IP frameworks. The idea is to maximise creativity and productivity for the benefit of society as a whole, IMHO.
Yeah, but Disney don't really need to pay their artists. There are loads of people in the world who draw and animate just for fun anyway, so it's not like using professionals is adding any real value.
Besides, just being associated with Disney will look great on their resumes when they apply for their next non-paying jobs, and while they're still at Disney they can even use the free PR to promote their live performances and make plenty to live on that way.
It sounds like the hack was only possible because personal data that should never have been anywhere near a public website wasn't properly controlled, so I don't have much sympathy for them on that score.
As far as being hacked compared to continued careless releases, the latter seems to deserve a harsher penalty, and the fines here do seem to reflect that. Isn't this what we want to happen?
It's worth noting that the fine for the charity here relates to disclosing personal data about nearly 10,000 individuals, so it worked out around £20 per victim, even though the nature of the breach is obviously quite serious.
In contrast, the bank released a lot of personal data but only about a much smaller number of individuals (it seems to be only in low double figures looking through the ICO's information more deeply, via a series of careless errors rather than one mass leak) so the fine per individual victim appears to have been much greater here, probably working out to £1,000s per victim.
I don't think those are the places distributing their own root CA certificate to corporate desktops so they can inspect SSL traffic at the firewall.
Sure they are, at least some of them. As I said, there is a whole industry building up around supporting this specific use case, balancing the degree of access required with the inevitable security implications. There is a whole range of options between having no special access/no control of the device and having the same access you'd have from your company PC that is centrally administered by your IT team.
My company just flat out says if you bring your own device and want to use it on the corporate network, you need to install remote management software that pushes security updates and such and gives them complete access to the device.
That's fine, as long as they also provide dedicated, company-owned and -controlled equipment for all company work. A lot of places don't want to pay that expense and encourage employees to use their own devices, at which point the rules aren't so black and white.
In the real world, BYOD isn't always that simple. The moment an employer encourages their employee to do something on their own device rather than provide dedicated company equipment, there are issues of who has what access, who is responsible for what, etc. There are entire businesses making tools and consulting in this field right now, because that is how big a minefield it is becoming.
Also, it's worth noting that the kinds of devices that do this are often used for compliance with rules like HIPAA or PCI DSS. You can't demonstrate that you aren't allowing sensitive data out of a supposedly secured part of your network if you can't actually see what you're allowing out of it...
With modern smartphones and cellular enabled tablets, there's no reason to do your personal browsing on your employer's network. If you don't want your employer to see it, don't do it on their equipment/network.
True up to a point, but the moment anyone mentions the phrase "bring your own device" and anyone from your company touches your employee's private property, a whole bunch of similar issues are going to come up.
It's true that his sort of system needs to be set up carefully, and probably with the aid of both technical and legal advice if the administrator isn't an expert in this area.
Saying that, with a properly configured set of devices, it is possible to pass encrypted traffic through a security device that temporarily decrypts the data to scan it but never logs or discloses the full data set itself, so nothing sensitive is ever recorded or put in front of human eyes. There is also technology available that will cut payloads off packets or mask them out so logging tools only see the packet headers, and this kind of technology is often used for compliance with HIPAA, PCI DSS, and similar sensitive areas.
Of course, if the administrator didn't choose to use those facilities, or if they set them up incorrectly, their systems could be doing all sorts of things that potentially violate various data protection laws depending on jurisdiction.
It's perfectly legitimate practice on a company network to intercept encrypted traffic. Security devices used for things like intrusion protection and data leakage prevention can't work properly if all you need to circumvent them is an encrypted connection, and you really want that kind of security these days if you're using a large company network, whether you're the company management, the company employees, or the company's customers/clients.
Doing it without making anyone using the network fully aware of the possibility, however, is quite a different matter, unless employees clearly aren't allowed to use company systems for personal use at all. If you've been told occasional personal use is OK and they're covertly MITMing your online banking session on your lunch break or similar, that is highly inappropriate.
Slashdot Mirror
I think it's important to separate several different aspects of protecting and incentivizing artists somewhere around this point in the debate. My personal view is that copyright is best used as a purely economic tool, to provide economic incentives. You can certainly argue for other protections on ethical grounds, perhaps most obviously the right of an artist to be given credit for their work or not to be associated involuntarily with any related work they weren't involved with. Reasonable people could disagree on the point you made as well, where derivatives works that aren't to the artist's taste are created; should the artist retain eternal control of their own ideas, or should freedom of expression and the creativity of others take precedence? But I don't think these latter ideas really belong in the realm of copyright. It's not the right tool for the job, and I don't think it serves multiple masters well.
But this whole idea you keep coming back to about somehow taking someone else's work and actually using copyright against them isn't actually supported by copyright law anywhere I know. It's certainly not part of the principle of copyright law as originally conceived or as defended to some extent by people like me today.
Really, what you're talking about is just some bullies abusing the (almost invariably US) legal system because they have a big war chest. In that kind of legal system, they could just as easily do that to you because they decided you were breathing their air, and you'd still lose. But you'd lose because you lacked the resources to fight them effectively, not because the law was actually on their side in any way.
I think you're aiming at the wrong target here.
Pay what you want is the model of the freemium games. You can play them and unlock most (or all) content without paying. But some people choose to pay.
But a lot of freemium games aren't really playable without paying, and calling them free is little more than (misleading) marketing. See the recent Dungeon Keeper fiasco for a particularly heinous example.
Sorry, I don't think I'm following your logic here. In a system without copyright (or any replacement we haven't mentioned) anyone would be free to take the creation of anyone else and make a profit from it if they could find a way to do so. I don't see how this is any different to the situation today, except that with copyright someone who wants to give their work away freely-with-restrictions (GPL etc.) can do so and their wishes are legally enforceable for as long as the copyright lasts.
I think the point here is that if you want to adopt a more community-driven scheme, for example, then copyright doesn't stop you. We have successful models for this such as the GPL, BSD/MIT-style licences, and Creative Commons. While these are basically legal tricks to get the desired result in a world that has copyright, I think it's fair to say they've been quite successful legal tricks and they're reasonable well and widely understood among their respective target audiences.
You too, I guess.
I don't mind an extension beyond the end of the artist's life either, as if they die suddenly then I don't think it's unreasonable for their immediate estate to enjoy the benefits of their work just like everyone else, but with a copyright model any such benefits are built up over time and not available up-front.
For that reason, I'd be more in favour of something very simple like N years as a flat limit for works, no matter who holds the copyright, and where N is chosen to allow reasonable returns for different kinds of works without locking them up for longer than necessary to provide a decent incentive to create and share them in the first place.
(Actually, I tend to favour making all long-term copyright non-transferrable and moving to some sort of exclusive distribution or marketing rights than last no more than a year or two and may then be renewed or not by the artist as they wish, to protect against freeloading middleman organisations who exploit the artist by buying up very long-term rights to their work for a pittance and then exploit the public by locking up the work for all that time. But that's another topic for another day.)
I wouldn't object to trying your version on ethical grounds, but as a practical matter, wouldn't it be even harder to administer? Who gets to decide how to share the revenues from different works among the various contributors? For that matter, how do you even specify and report revenues "made off" creative works? For all its sins, at least copyright is relatively clear in what is and isn't covered, and the most disagreement you're likely to get between the lawyers or accountants is a debate about whether a particular situation constitutes fair use or the equivalent.
There have been a few moderately successful pay-what-you-want offerings, though it's worth looking at how many of those were from artists who (a) had already made their name the other way, and (b) didn't actually need any more money so had relatively little to lose by risking it.
But even for established artists, things don't always work out as they hoped with these experiments.
I'm not sure we really have enough data yet to draw robust conclusions, but it does seem clear already that pay-what-you-want isn't going to be some sort of spectacularly successful, obviously better model for increasing economic incentives to create and share works.
So for a project that isn't exactly typical in this space (it's very high profile, has an element of charitable donation linked to it, etc.) the current situation is that you get 9 games for an average of $3.84, presumably less a few cents in processing fees and the like for the sale mechanics, so each game is netting maybe $0.40 per sale, less than the cost of a candy bar. I wouldn't say that's exactly compelling evidence of how much customers value all the work that went into making those games!
Also, unless I've misunderstood the model here, the Humble Bundles are DRM-free but still subject to copyright, and moreover they're only available on this deal for a limited time and then get withdrawn so you can't buy them any more, removing those works from the market. Again, not only relying on copyright but actively restricting availability of the works as part of the promotional model doesn't seem to be a strong argument in your favour here.
That's all very noble and intellectual, but the simple fact is that in the real world, we all value different things to different extents. Money is the concrete, quantified representation of that value that we as a society have chosen to standardise.
You say that we don't want to be raising our children on stories full of sex and violence, and yet as you say yourself, sex and violence sell, so evidently lots of people do value those stories even if you don't or they're not valued as children's entertainment. In any case, I doubt most parents I know are planning to keep their kids safe from the evil that is Harry Potter as they grow up, and there's plenty of violence in those books.
I'm afraid you are imagining an idealised, deeply cultural world that doesn't exist even though you'd like it to, and then you are assigning the blame for its non-existence to the presence of mere economic niceties rather than the more fundamental cause, which is that the human condition just isn't as nice as you'd like it to be.
I couldn't agree more. This is the thing that always winds me up about people who suggest that there is no evidence that copyright is working and the only way we can possibly tell if we'd do better without it is to completely scrap it and see what happens. If there are all these viable alternative models that are so much more promising as incentives to create and share new work, why aren't people already using them?
Your argument all sounds perfectly reasonable until you consider that people have tried choose-your-own-price experiments before, and it turns out that almost no-one pays anything. People have given their stuff away for free and perfectly legally from the original source, and some people still pirate it from elsewhere!
So while I'm not for a moment defending today's absurd extremes of copyright, the one thing the copyright model has in general that your alternative proposal doesn't is that it actually works, which is slightly important.
I'm firmly in the "reform copyright" camp. That is, I think copyright is a useful economic tool for promoting creation and distribution of new work, but the current implementation of copyright law is deeply flawed and no longer fit for purpose in most of the western world.
That said, I want to challenge this statement you made, because I think it's too strong:
However, no matter how optimistic you are, what becomes clear is that if copyright dies in a practical sense, you cannot make a living as an artist.
I don't think this is a black/white question, but rather a matter of probability, scale, and variety of options. Many people do make a living in creative industries without really relying on copyright all that much.
For example, most of the work I do is subject to copyright protection, and in some of my roles I would normally transfer the copyright to clients/customers at the end of a job. However, often neither I nor my customers much care about that, because if we're talking about software that is running on their web server or embedded in their device, it has much more practical protection against someone ripping it than copyright affords, and in any case the software would have limited value in isolation so there's not much incentive for others to copy it.
Not everyone in software works on projects where that would be the case, so for others copyright offers a better incentive. But in those cases, other models might also work. I have some hope for the crowd-sourcing idea, as the likes of Kickstarter have already shown that even quite substantial projects staffed by solid industry veterans can pull in a decent amount of funding to match. Potentially there's a lot of middleman removal as a pleasant side effect, all the while still allowing the overall cost of developing a moderately large project to be amortised over many customers (and unlike typical copyright-and-sale business models, potentially allowing different customers to contribute more or less according to their means, so perhaps better satisfying your "democratic model" criteria). I think we need a few more of the bigger projects to actually deliver before drawing too many conclusions here, and of course even the biggest are still orders of magnitude smaller than what copyright-backed industry has achieved, but the early signs look positive from here.
So while I'd agree that the scales proven so far and the odds of success are not as good without copyright as with it, at least for those kinds of creative work where copyright is fundamental to the existing business model anyway, I think it's too strong to say that you can't make a living as an artist without it. What we should be concentrating on is whether more people wind up making more and better work that is ultimately enjoyed by more people with different variations of copyright or other IP frameworks. The idea is to maximise creativity and productivity for the benefit of society as a whole, IMHO.
Yeah, but Disney don't really need to pay their artists. There are loads of people in the world who draw and animate just for fun anyway, so it's not like using professionals is adding any real value.
Besides, just being associated with Disney will look great on their resumes when they apply for their next non-paying jobs, and while they're still at Disney they can even use the free PR to promote their live performances and make plenty to live on that way.
It sounds like the hack was only possible because personal data that should never have been anywhere near a public website wasn't properly controlled, so I don't have much sympathy for them on that score.
As far as being hacked compared to continued careless releases, the latter seems to deserve a harsher penalty, and the fines here do seem to reflect that. Isn't this what we want to happen?
It's worth noting that the fine for the charity here relates to disclosing personal data about nearly 10,000 individuals, so it worked out around £20 per victim, even though the nature of the breach is obviously quite serious.
In contrast, the bank released a lot of personal data but only about a much smaller number of individuals (it seems to be only in low double figures looking through the ICO's information more deeply, via a series of careless errors rather than one mass leak) so the fine per individual victim appears to have been much greater here, probably working out to £1,000s per victim.
Why?
I don't think those are the places distributing their own root CA certificate to corporate desktops so they can inspect SSL traffic at the firewall.
Sure they are, at least some of them. As I said, there is a whole industry building up around supporting this specific use case, balancing the degree of access required with the inevitable security implications. There is a whole range of options between having no special access/no control of the device and having the same access you'd have from your company PC that is centrally administered by your IT team.
My company just flat out says if you bring your own device and want to use it on the corporate network, you need to install remote management software that pushes security updates and such and gives them complete access to the device.
That's fine, as long as they also provide dedicated, company-owned and -controlled equipment for all company work. A lot of places don't want to pay that expense and encourage employees to use their own devices, at which point the rules aren't so black and white.
In the real world, BYOD isn't always that simple. The moment an employer encourages their employee to do something on their own device rather than provide dedicated company equipment, there are issues of who has what access, who is responsible for what, etc. There are entire businesses making tools and consulting in this field right now, because that is how big a minefield it is becoming.
Also, it's worth noting that the kinds of devices that do this are often used for compliance with rules like HIPAA or PCI DSS. You can't demonstrate that you aren't allowing sensitive data out of a supposedly secured part of your network if you can't actually see what you're allowing out of it...
With modern smartphones and cellular enabled tablets, there's no reason to do your personal browsing on your employer's network. If you don't want your employer to see it, don't do it on their equipment/network.
True up to a point, but the moment anyone mentions the phrase "bring your own device" and anyone from your company touches your employee's private property, a whole bunch of similar issues are going to come up.
It's true that his sort of system needs to be set up carefully, and probably with the aid of both technical and legal advice if the administrator isn't an expert in this area.
Saying that, with a properly configured set of devices, it is possible to pass encrypted traffic through a security device that temporarily decrypts the data to scan it but never logs or discloses the full data set itself, so nothing sensitive is ever recorded or put in front of human eyes. There is also technology available that will cut payloads off packets or mask them out so logging tools only see the packet headers, and this kind of technology is often used for compliance with HIPAA, PCI DSS, and similar sensitive areas.
Of course, if the administrator didn't choose to use those facilities, or if they set them up incorrectly, their systems could be doing all sorts of things that potentially violate various data protection laws depending on jurisdiction.
It's perfectly legitimate practice on a company network to intercept encrypted traffic. Security devices used for things like intrusion protection and data leakage prevention can't work properly if all you need to circumvent them is an encrypted connection, and you really want that kind of security these days if you're using a large company network, whether you're the company management, the company employees, or the company's customers/clients.
Doing it without making anyone using the network fully aware of the possibility, however, is quite a different matter, unless employees clearly aren't allowed to use company systems for personal use at all. If you've been told occasional personal use is OK and they're covertly MITMing your online banking session on your lunch break or similar, that is highly inappropriate.