Wednesday, July 26, 2006

DMCA and Copyright affects Design Decisions

I've just been asked for a design recommendation. The problem: with an education/repository product a user can link to an external image. If the site is a secure site, and the image comes from a normal unsecured site, then IE will present a message warning that secured and unsecured items are mixed. Users can select this message so that it doesn't repeat. So far, one would think there is no problem - all the software (even IE) works as designed.

However, the client feels that this is not user friendly and wants to ensure that the message does not appear. While I am sympathetic, complaining about the way IE works is a little like complaining about the weather - we may be sympathetic, but doing anything about it involves building expensive structures.

One option considered, and quickly dismissed, was to hobble the editor so that images from non-secure sites could not be displayed. This is not acceptable for an educational community where resources may be found anywhere.

The major alternative was to set the editor up to copy the image automatically from the originating site onto the educational site so it is published from a secure server. I didn't like this option either, but the clarity of definition only fell into place when I watched Episode 17 of cranky geeks. Professor Larry Lessig, Stanford Law School, discussed the legality of external links to images versus taking a copy of the image.

The summary is that, (in the absence of explicit permission) while the law may be murky about the legality of linking to an image on another site even with attribution, taking a copy and putting it on your own site without permission is clearly on the wrong side of the law. Therefore, setting up an editor to automatically copy an image from any target site (therefore bypassing checks for permission) will create sites that will almost certainly infringe the rights of others. The user of such a system, and possibly the developers, will have difficulty framing a defence.

The unconsidered option is education. If users must belong to a secure server, they need to understand the reasons, and the likely occurences. The oldest rule of software design is to use software as it is designed, and not to artificially constrain it, when a litte user education may be a lot less complex.

No comments: