[OSM-legal-talk] Privacy and Terms

Francis Davey fjmd1a at gmail.com
Fri Jul 3 10:39:50 BST 2009 

2009/7/3 Frederik Ramm <frederik at remote.org>:
>
> As Francis Davey just said, there may be a choice. *Especially* if you
> are not based in a litigation crazy country like the US.
>

Its also a question of making sure you know how to work with your
lawyers (who of course ought to be good ones). If you don't know what
you want, a lawyer can't make it happen for you. Its also important to
make sure you are talking directly to those who are expert in the
field, rather than through a filter. One often hears that people
cannot do something "for legal reasons" when in fact their
conversation with their lawyers has said something quite different.

This may seem trivial, but exactly the same thing happens in computer
science, as this anecdote illustrates: head of history at my secondary
school was a keen amateur programmer (in the 70's/early 80's this was
more unusual than it is now) and also chair of an organisation called
the Schools Council which produced a history O-level. It was marked by
numerous different examiners (it consisted of lots of papers,
coursework and so on), all the marks were added up to give a mark out
of 200, this was then converted to a percentage (something that was
needed amongst other things for moderation with other boards).

A new computer system was introduced to manage the board's marking.
Head of history is told that they must stop marking out of 200 and
mark everything out of 100 because (I really kid you not) the
conversion to percentages would otherwise be beyond the computer
system's capability. Now my teacher and friend knew that dividing by
two is actually quite easy for most computers, in many respects its
easier than dividing by 10 but he was unable to convince the company's
representatives that this was so.

Result: everyone marks using half-size marking scales. Lots of history
examiners (being weak humans) find marking with half marks (as they
end up having to do) psychologically difficult.

Moral: not that you must keep your programmers on a leash but that you
need to have effective communication between users and technicians.
Just as true in the legal case.

I can't really say much constructively about the terms of use without
understanding what their goal is and what tolerance of risk the thing
is being engineered to. For example, OSM data is going to be imperfect
in places (that's right isn't it?) so there will be situations where
using it might (because of its inaccuracy) cause loss or damage. There
is therefore a risk of being sued.

Note: the risk is really of getting the threat and all points after.
Some of my clients deal with regular legal threats because of the way
their websites work. That creates a load on their time which they can
ill afford. So the risk starts there. The end of the line of risk is
having to pay damages to someone.

Even if a risk is minuscule, you can almost certainly add a little
more to a contract to reduce the risk still further; to spell out
things more precisely and to make it ever clearer to a reader how
unlikely they are to win any case they try to bring.

But its all about tolerance. You don't engineer things to perfection,
nor do you draft contracts in the same way. It is possible (I've done
it) to formally prove that programs meet specifications and (if you
are properly paranoid) that the object code and underlying machine do
too. When I worked as a computer scientist I did a research project
looking at that. But for OSM that would be overkill (we were more
worried about things like Ariane V blowing up), just as a gold-plated
covers-all-things terms of use would be.

I'd also remark that (as I understand it) the proposed terms of use is
a copy from elsewhere. Its obviously not right and no-one thinks it
is, but its useful to work out what you want in it and what you want
it to do. Eg, do we really need to spell out all the DMCA repeat
offender/take down stuff? I don't do US law (I'm an English lawyer)
but my reading of the US case law is that you do need a policy (as a
gateway to the "safe harbors") and you do need to supply certain
information to make that effective otherwise you lose the protection,
but you don't need to recite nearly as much of S.512 as the draft
does.

Sorry for the long post - I'm trying to avoid meddling with that which
I do not understand.

-- 
Francis Davey

More information about the legal-talk mailing list