Mashups - Legal Issues Legal Issues In Web Mashup Development By James Murithi Fall 2007 Contents 1. Introduction 2. APIs 3. Facebook API 4. Web feeds 5. Laws related to Mashups 6. Deep and inline linking 7. Other things to consider 8. Conclusion 9. Legal suite 10. Conclusion INTRODUCTION - Mashups A Mashup is the result of an Internet application that blends or mashes together two or more sources of content or data (often called Web services) available on the Internet. Ref[3] Mashups vary in content from a user developed Mashup that search ebay for the best notebook computer deals to powerful applications that combine several databases with maping applications like google or yahoo maps to show you real time parking availability in for example downtown Chicago. Web feeds and API's...oh my! An API is an application programming interface. Just like any application programming interface in computer science a website API provides a programmer with an interface to send requests for predefined services. Its an abstraction layer that saves us a great deal of programming. To write a Mashup a developer may have to access a websites API. There are two types of APIs out there. Some are free for all (FFA) others are proprietary APIs. Free APIs do not require any payment, all you need to do is follow the terms of use. Examples of sites that provide free APIs include yahoo, google, amazon and indeed.com on the other hand to use a proprietary web API however you need to pay some amount and sign also sign a license agreement. Continued: Do not be fooled by the term free API they come with terms and conditions that you are required to follow, some of of which could be harder to fulfil than you thought they would (example shown below). These terms cover issues like acceptable use, restriction on number of results you can get, advertising, credit among other issues. Yahoo! offers an API which they call Yahoo web services. It is free to use for non commercial use. But as a part of the terms of use for their maps service you must display your advertisements on the same page you display the yahoo map you mashed up. Ref[4] A developer must therefore pay attention and make sure they read all the terms before using an API. FaceBook API FaceBook is a fast growing social network which seems to be very promising as a base for targeted advertising. FaceBooks API is free (but use is limited by the terms as usual), using the API you can develop applications that run on FaceBook. Maybe become famous? Just to illustrate how APIs work one of the basic things you would want your application to do is findout if two people are FaceBook friends friends.areFriends is a call that returns whether or not a pair of users are facebook friends. There are tens of functions in the API that will allow you to make an app and these are very well documented. The future is bright for the creative Web feed Wikipedia defines a web feed as a data format used for providing users with frequently updated content. Website administrators use feeds to publish news articles, advertisements, and generally content that is changing frequently By subscribing to a web feed using any application that can fetch a feed a user would be saved the trouble of having to log in to a site each time they desire to see the new content on the site. For example I can configure my mail client (thunder bird) to fetch an rss feed from slickdeals.net, this way I get the latest updates sent to my in box in a format that looks exactly like email. Continued: It gets better! You can develop a Mashup by simply linking different web feeds to a single page using an application like yahoo pipes. Pipes will fetch feeds and display their contents on a webpage without you having to write any code of your own. By tweaking a simple pipe you can make an acceptable Mashup. Real Simple Syndication (RSS) is the most common web feed currently on the web. You can recognize a site that offers the RSS service if you see the rss symbol, by clicking the symbol on your browser you will be subscribed to the feed, a rolling que with the latest items at the front. API terms and conditions These are sort of rules laid down by the API provider for the use of their service, mash up creators are required to read these and comply. Usually most terms and conditions allow you to use their API for non commercial use. Others require that you advertise the company. For example the yahoo maps API requires that you include advertisements on the same page you use the yahoo maps. Are terms and conditions binding? The web is world wide, this could possibly lead to legal issues. Different states and countries have different contract laws and agreement laws. A Mashup user has to be aware of the law that the terms was made under just to be safe on their side. Trademark laws A trademark or trade mark[1] is a distinctive sign or indicator of some kind which is used by an individual, business organization or other legal entity to uniquely identify the source of its products and/or services to consumers, and to distinguish its products or services from those of other entities. Ref[3] A Mashup developer can violate a web service provider's trademark or service mark by misleadingly associating the Mashup with the web service provider, causing confusion as to the source of the Mashup. Ref[1] Generally a Mashup developer should be careful when giving credit to their source. You may use someone else's trademark with good intentions and end up violating trademark laws. Obscenity laws All states have laws governing the distribution of obscene materials. Generally, these statutes prohibit the sale, lending, renting, giving, publication, exhibition or other dissemination of materials, with general knowledge of their obscene character and content. Drafted before an electronic age, many states define “materials” as covering any writing, written matter, picture, pictorial representation, film or motion picture, or sound recording. Ref[2] Continued: Web service users post obscene material to providers all the time. Apparently cunning users even have ways to trick search engines to return obscene results for seemingly innocent queries. Ref[1] Obscenity laws may be used against a Mashup developer if a minor [anybody under the age of 18] gains access to obscene material through their Mashup. Most states enforce obescenity laws particulary for minors, the law does not cover adults. Since a Mashup highly depends on a webservice that the developer has no control of they should be very careful about what they choose to feed into their Mashup especially when it comes to images. You are more likely to get nude pictures from service providers more than you are likely to get innappropriate text. Contract laws A contract is an agreement betweem two parties. Further the parties to a contract must have mutual understanding of what the contract covers. Ref[5] This is where it gets tricky for Mashup developers. Since there is rarely a physical meeting between parties in this case Mashup developers may be tempted to tick the check box and get something going as soon as possible. I would advice against this. It is your responsibility to read and understand everything in the contract. Read even the eight point print. A Mashup developer can break contract laws by not following all or some of the terms of service that a web service provider demands. A simple example would be not displaying your advertisements on the same page you have a yahoo map. This is a term required by yahoo for their service but its so easy to forget. Warranty laws So you want to be certain that your Mashup sources will be realiable and available? The truth is most service providers clearly disclaim warranty for the availability, reliability and comprehensiveness of their service. These include google and Flickr You may want to consider this if you know your Mashup will be used by many. As a Mashup developer you should also disclaim warranties to protect yourself. It would actually be a good idea to disclaim warranties for the accuracy of the content because there is no way you can personally guarantee this. Patent laws A patent is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for a disclosure of an invention. Ref[1] Processes can be patented and some web services have processes that are patented. These can be infringed upon by a Mashup developer by accessing data, manipulating it or combining it with other data. Before using a web service it is impotant to find out what patents exist in a web service. Copyright laws Copyright laws do not protect raw data but it protects compilations of the data if as a whole the compilation contains at least a minimal amount of creativity such that it constitutes and original work of authorship (such as in selection, coordination and/or arrangement of the data). Ref[1] Special attention has to be take to make sure that you do not use an entire database belonging to someone else in your Mashup. Robert S. Gerber also says that combining an entire database with other data into a new form would be a violation of copyright. Ref[1] Generally a Mashup developer wants to be sure what they are using as a source does not constitute a complete work of authorship belonging to someone else. Deep linking Most websites especially those rich in information may have several layers that form a sort of hierarchy that looks like a tree. The lower levels are deeper in the hierarchy and are several clicks away. Normally everybody will see the higher level and many may never get lower down the hierarchy which makes the higher levels suitable for advertising. A good example is a website splash page or home page. When you create a Mashup you have the power to directly access information that's deep down in the hierarchy thus bypass a websites splashpage for example or even worse their advertisements page (this is deep information several layers down the hierarchy) Continued: Currently the legality of deep linking has not been resolved so If you are a Mashup developer you have to be careful about the websites terms or somehow agree with them so that if you Mashup ends up getting a lot of hits you don't get sued for bypassing their advertisements etc If you are a website developer you want to make sure you stop people from accessing deep content directly or explicitly state the terms In-line linking Also known as hot linking, leeching, piggy-backing, direct linking, off site image grabs and bandwidth theft When you use an object linked from another site in your page you are deep linking in other words the image you are using is not stored on your servers but someone else's server. This is often but not always an image. Hot linking is more likely to be used in an unacceptable way than deep linking is because hot linking involves combining someone else's work with your own content while in line linking does not constitute a change in context in the same way. Continued: To illustrate how hot linking can be unacceptable think of a Mashup that uses images from other sites. Chances are your Mashup users will never know where the image is located yet for each user that is connected to your Mashup the browser has to download a picture from another location. Ultimately you are using that other sites bandwidth. Hot linking can also be abused by displaying a picture in a context that its original owner may never approve of. For example you can link cartoons from a newspaper to a different story. True story – legal suite In 2003 ticketmaster filed a suite against tickets.com to prevent them from directly linking to concert listings within ticketmasters website. Tickets.com bypassed ticktmasters homepage, where there are advertisements One of their arguments was that deep linking is a violation of copyright and/or trademark rights, because it allows a website to use someone else’s informational pages for its own benefit. The other argument was that deep linking is a form of trespass, since it consists of going into someone’s property – a website – without entering in the fashion prescribed by the owner. Ticketmaster lost the suite. Deep linking is not considered copyright violation since no copying is done, however someone may still make the same kind of argument ticketmaster did. Continued: The previous scenario demonstrates that how hard it is to control anything that is available on the web. Terms and conditions can be violated without penalty. Since we cannot enforce compliance to terms of use universally a lot of it boils down to an individuals principles and morality. ethics or more specifically computer ethics or human issues in computing. Another scenario: you use a feed out of some website which itself was not the source of the information. Do you both get sued if terms are violated? Other things to consider The internet cuts across boundaries, jurisdictions, states, nations, continents. This causes a problem when it comes to applying the laws we have discussed in previous slides. There is no standard law that everyone in the world is required to obey or maybe there is but its just so hard to enforce because of the anonymity the web gives for one and also because its just hard to hunt down someone in a foreign nation and force them to comply with the terms. A Mashup developer therefore needs to think about their users location, relevant laws and such issues. You need to choose a jurisdiction within which your Mashup will lie. Like your Mashup will be backed up by the legal system within the jurisdiction you choose. It would be silly to use French laws if most of your clients will be located in North America. There is definitely a need to consider applicable information laws in other countries if you think it may give people legal ground to 'touch' you. Conclusion Mashup developers need to read, understand and abide to API terms of use Mashup developers should consider ways of protecting their work. Especially it is wise to know laws related to published work and how they vary according to jurisdiction. Its a good idea to disclaim warranties or guarantees of any kind. Mashup developers are bound by copyright, patent and other laws that relate to published work and have to be careful not to infringe on the website service providers rights. Mashup developers also need think about ways they can protect their creation or processes embedded in their original work. References 1. Intellectual property and technology law journal, August 2006: Legal issues arising from internet Mashups 2. http://www.lorenavedon.com/laws.htm 3. wikipedia.com 4. developer.yahoo.com 5. http://www.expertlaw.com/library/business/contract_law.html 6. developers.facebook.com 7. wiki.Mashupcamp.com 8. pascal.vanhecke.info DISCLAIMER: The information in these slides is provided without warranties of any kind, the views presented here are those of the author and not necessarily those of the BGSU® CS department .