One suggestion -- you say that BB links to other sites with different privacy practices, but BB also embeds video sometimes (and I guess could inline external images or other objects). Might be worth mentioning that those other sites could be using data from those embedded videos too -- and they would get that data even if you didn't click on the link or play the video.

We hit this problem with using embedded video on the EFF, so wrote some code that alleviates the issue a little by only loading up the video object after the user has clicked on the video -- see http://www.eff.org/deeplinks/2008/02/embedded-video-and-your-privacy .

It's a Drupal module so it wouldn't suit BB, but the idea is pretty straightforward. Perhaps the lazyweb could help here and implement something more general?

I said *Cough* Lazyweb *Cough*...

IANAL, but I don't think this one will wash in court:

"And we shall not be liable to any reader or anyone else for any inaccuracy, error or omission, regardless of cause, in the Websites’ information or for any damages resulting therefrom."

I think if you transmit information which later turns out to be false, said information purporting to derive from an authorative or otherwise reliable source, and somebody acts upon this in good faith, OR you publish a story which contains inaccuracies which may harm some people or businesses, then you might be held legally responsible regardless of this notice - exactly the same way people may sue traditional newspapers for slander, misrepresentation etc.

So I don't think it is legally possible to limit your liability by a policy notice - just as draconian copyright notices cannot be imposed by EULA. You might consider editing this paragraph to reflect the actual legal situation. (Anyway: I hope these statements will never be put to the test, of course).

Hehe,

I love that the only address for DMCA takedown notices is a snail mail one.

I'm suprised you didn't say "Please send by telegraph, pnumatic tube, or smoke signals to..."

#3: IANAL, but - my take on that:

Post is a well-established method for delivering legal notices. If there is ever a question, the fact that the DMCA notices went through the post makes their send-off and delivery matters of fact, not questions of interpretation of a myriad of laws.

@ #3
um, maybe the text has been edited since you posted, but David's email address is listed in unobfuscated, spambot readable text in the DMCA section of the policies in the line following the address.

Overall, nothing egregious in here for the user. I agree w/ #2 that your disclaimer of liability for inaccuracy likely will not protect you in courts. If a court views a post on BB, by BB employees, as libel and/or slander, this disclaimer is worth no more than the electrons it's written on. But that's a problem for BB and its lawyers, not its users.

When we wrote DMCA language into our terms of service we added a sentence stating that we would post DMCA takedown notices to chillingeffects.org. Hopefully that will weed out some of the garbage, especially from large companies who might not want any of their over the top legal actions to become known by their users. For you guys I'd write in that you may post their DMCA notification (with personally idetifiable information redacted) on boingboing. That threat in itself will be enough to filter almost all illegitimate claims.

There is an interesting thing about DMCA takedown notifications. While they include a description of the copyrighted work, and a URL where it is located at, it never identifies the actual content in question.

So if you've got a large technical article about _X COMPANY_ and with lots of comments, and you get a notification from _X COMPANY_ about their copyrighted work, you have no idea what exactly is the trigger.

The result is, instead of removing the section that is in question, you have to remove all content at the whole URL. Which is great from the petitioner's perspective, if this was a negative article about _X Company_.

Perhaps sites that honor the DMCA (or through a tweak in the legislation) should require, specifically, the item(s) in question to be listed, so they can be excised without harming legitimate content.

This also has the side effect of making _Company X_ make a specific claim (which could be evaluated), rather than flagging a whole URL as infringing (which is almost never is).

s/Internet browser/web browser/

IANAL ETC ETC but looks good to me.

In addition to non-obsfucated email, some spurious characters are appearing in that section (both FF and IE)

"Accounts are perpetual"

This is completely unacceptable. I want my account removed immediately. You make no provision for changing account names either. This is also unacceptable.

Please change these policies immediately.

lawyers.. always ruining all the fun.. at least i don't have to wear a helmet while reading BB.. do i?

James Ashenhurst, calm down. Working out a way to change account names is already on our to-do list.

'Happy Mutants makes... .
'Happy Mutants respects... .
'Happy Mutants is committed... .'

that's make, respect, and are committed, shurely.

Cory,
I don't suppose you'd be willing to CC-by the whole set of policies would you? I'd love to freely make use of bits and pieces of all of them, but the "noncommercial" part might be a problem, since I hope to apply them to a for-profit site.

Alternatively, could you CC-by parts of the policies?

(Obviously, I don't intend to resell the policies...)

The sentence "When readers contribute content to our sites, you retain ownership of the copyright, and you also grant permission to us to display and distribute it" doesn't make me want to wash my eyes out with acid per se, but the violent jump from third to second person does make me squint a lot. Perhaps the beginning could be changed to "When you, a reader, ..."?

Whatever. You guys are leading the way. I'm proud to be a mutant. (Wait, I said that in the 80's. But then it was DE_VOlution.)

#12: Happy Mutants is the name of the incorporated company, so treating it as a singular is correct.

I second what Jonrock said - the way the second paragraph is phrased, it makes it sound like when any reader anywhere submits something, I have rights to it. I am a lawyer, but this is really a grammar question: don't switch from third person to second person in midstream (so to speak). For maximum legally goodness, I would phrase it as follows:

When a reader contributes content to our sites, that reader retains ownership of the copyright, and that reader grants permission to us to display and distribute it. [And so on.]

Ben,

One link is sufficient.

Why does the site need a DMCA takedown notice policy at all? As I understand it, boingboing.net is hosted in Canada. And even if this horrible Bill C-61 passes, it only includes a notice-and-notice system rather than a notice-and-takedown (about the only reasonable thing about the bill). Is it because 3 of the authors live in the US?

Hey Cory, that's the sexiest TnC I've seen in a long time!

@dondelny: the whole site is CC-ed, says so in the policies. So that applies to the policies.

But - maybe add an exception and allow commercial use and modification of the policies? (with attribution & sharealike, of course) I'd love to steal your policies, but I don't want to be violating them just because I have adsense on my blog (not that I do).

It would be also useful if you provided more information about what follows after a DMCA takedown notice is provided. By law, you have to take it down and notify the purported offender in writing, but it would be nice to provide (1) what the mode of taking down means (is the article removed entirely? redacted? left with placeholders where the IP-at-issue is?), (2) an easy way of providing counter-notice, perhaps even an online form (that could then be printed and sent to comply with the "written notice" part of the statues).

Though I suppose you don't get many of these, it would be excellent to serve as an example of how to do this (as) right (as possible), including having a page listing DMCA takedown actions, their statuses and resolutions for transparency's sake.

It would be helpful to clarify what exactly you consider personally identifying information. Some major companies, for example, have claimed that IP addresses aren't personally identifying, which is in my opinion a load of hooey. If you're using somebody else's standard definition, you might want to link to it.

"Aggregate information" is similarly vague, for similar reasons.

Now, digressing: Actually, it's quite hard to pin these concepts down with much precision. In privacy research, particularly as related to health care, the concept of k-anonymity is often invoked: A disclosure system gives you k-anonymity if for every person whose info is aggregated in the release, there are at least k data points that the person could be. Unfortunately, no formal procedure to guarantee k-anonymity holds up in real-world circumstances (i.e., where external databases exist).

I doubt that Boingboing is sharing so much aggregate data as to endanger its users. But by describing its 'data aggregation' procedures in more detail, Boingboing would serve as an example to other sites.

bland, unexciting policy.

Why can't we have secret handshakes, blood oaths, tattoos, bizarre sexual rituals and brandings?

All legalese reads the same, sorry. Someone want to re-mix it into Happy-Fun-Ball faux-legalese?

"We reserve the right to unpublish or refuse to unpublish anything for any or no reason."

Right after this was posted, I actually read through the whole policy. I didn't even notice the stand alone sentence/paragraph above. I guess it must have seemed completely innocuous.