The Supreme Court case which didn't break the internet

Do you "copy" a website just by reading it? No, thankfully.

The Supreme Court has ruled on NLA v PRCA, the case which could break, or save, the internet.

Some background: the Newspaper Licensing Agency took Meltwater, a media monitoring firm to court over whether or not it had to pay licence fees for sending links to its customers. Traditionally, monitoring firms had to pay the licensing agency for the right to distribute clippings of newspapers, because photocopying a newspaper is clearly an act of copying that requires a license. But as everything moved online, that clarity became blurred; and hence, a court case was brought.

We first reported on the case after it made it to the High Court in August, when an astonishingly bad precedent was set. It was ruled that viewing a website on a computer was an act of copying which required a license, just as if you had photocopied a newspaper. Although the ruling was made with regards to a specific scenario, it was general enough to apply to general use of the internet. Clicking on a link, even one which lead to entirely legal content, would, under that ruling, constitute copyright infringement. At the time, I said it "[put] at risk the basic skeleton of the internet."

Thankfully, the case was appealed to the Supreme Court (by the PRCA, a trade body of which Meltwater is a member), where it was ruled today that temporary copies made solely for the purpose of viewing copyrighted material are not infringing. The decision extends copyright exemption to "temporary copies made for the purpose of browsing by an unlicensed end-user", according to the judgement. It is based on European law which "identified very clearly the problem which has arisen" in this case, but which didn't quite specify that this particular method of viewing was covered. Once it is accepted that that law does cover the temporary copies made in this case, "much of the argument which the courts below accepted unravels."

Writing for the majority, Lord Sumption also accepted that the previous ruling would have had wide-ranging effects:

The issue has reached this court because it affects the operation of a service which is being made available on a commercial basis. But the same question potentially affects millions of non-commercial users of the internet who may, no doubt unwittingly, be incurring civil liability by viewing copyright material on the internet without the authority of the rights owner, for example because it has been unlawfully uploaded by a third party. Similar issues arise when viewers watch a broadcast on a digital television or a subscription television programme via a set-top box.

Since the ruling has implications for European law, it has been referred to the European Courts of Justice, which will now consider the question before any final ruling is issued by the Supreme Court.

Until then, and hopefully after, you can continue to use your computers as you were. Carry on.

Photograph: Getty Images

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Getty
Show Hide image

Marcus Hutchins: What we know so far about the arrest of the hero hacker

The 23-year old who stopped the WannaCry malware which attacked the NHS has been arrested in the US. 

In May, Marcus Hutchins - who goes by the online name Malware Tech - became a national hero after "accidentally" discovering a way to stop the WannaCry virus that had paralysed parts of the NHS.

Now, the 23-year-old darling of cyber security is facing charges of cyber crime following a bizarre turn of events that have left many baffled. So what do we know about his indictment?

Arrest

Hutchins, from Ilfracombe in Devon, was reportedly arrested by the FBI in Las Vegas on Wednesday before travelling back from cyber security conferences Black Hat and Def Con.

He is now due to appear in court in Las Vegas later today after being accused of involvement with a piece of malware used to access people's bank accounts.

"Marcus Hutchins... a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan," said the US Department of Justice.

"The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015."

His court appearance comes after he was arraigned in Las Vegas yesterday. He made no statement beyond a series of one-word answers to basic questions from the judge, the Guardian reports. A public defender said Hutchins had no criminal history and had previously cooperated with federal authorities. 

The malware

Kronos, a so-called Trojan, is a kind of malware that disguises itself as legitimate software while harvesting unsuspecting victims' online banking login details and other financial data.

It emerged in July 2014 on a Russian underground forum, where it was advertised for $7,000 (£5,330), a relatively high figure at the time, according to the BBC.

Shortly after it made the news, a video demonstrating the malware was posted to YouTube allegedly by Hutchins' co-defendant, who has not been named. Hutchins later tweeted: "Anyone got a kronos sample."

His mum, Janet Hutchins, told the Press Association it is "hugely unlikely" he was involved because he spent "enormous amounts of time" fighting attacks.

Research?

Meanwhile Ryan Kalember, a security researcher from Proofpoint, told the Guardian that the actions of researchers investigating malware may sometimes look criminal.

“This could very easily be the FBI mistaking legitimate research activity with being in control of Kronos infrastructure," said Kalember. "Lots of researchers like to log in to crimeware tools and interfaces and play around.”

The indictment alleges that Hutchins created and sold Kronos on internet forums including the AlphaBay dark web market, which was shut down last month.

"Sometimes you have to at least pretend to be selling something interesting to get people to trust you,” added Kalember. “It’s not an uncommon thing for researchers to do and I don’t know if the FBI could tell the difference.”

It's a sentiment echoed by US cyber-attorney Tor Ekeland, who told Radio 4's Today Programme: "I can think of a number of examples of legitimate software that would potentially be a felony under this theory of prosecution."

Hutchins could face 40 years in jail if found guilty, Ekelend said, but he added that no victims had been named.

This article also appears on NS Tech, a new division of the New Statesman focusing on the intersection of technology and politics.

Oscar Williams is editor of the NewStatesman's sister site NSTech.