Making Web 2.0 Safe for the Enterprise: TOS à la PBWiki

Making Web 2.0 Safe for the Enterprise: TOS à la PBWiki

Summary: Just in case you might be tempted to excuse Google for what some commentators just consider sloppy language (or over-reaching on my part) in its terms of service for its on-line apps, here's an example of how to do right by accepted corporate standards for security and privacy: the terms of service for PB Wiki, an on-line wiki provider that apparently takes seriously what Google and its lawyers (or whoever wrote those sloppy, loophole-full TOS) seems to not give a hoot about.

SHARE:
3

Just in case you might be tempted to excuse Google for what some commentators just consider sloppy language (or over-reaching on my part) in its terms of service for its on-line apps, here's an example of how to do right by accepted corporate standards for security and privacy: the terms of service for PB Wiki, an on-line wiki provider that apparently takes seriously what Google and its lawyers (or whoever wrote those sloppy, loophole-full TOS) seems to not give a hoot about.

What PBWiki does is very carefully define what happens to data that a company puts into a private wiki running on PBWiki, and the terms of service are rather unequivocal in that regard:

Company agrees that it will use Confidential Information solely for the purpose of providing the pbwiki Service with respect to the private wiki to which such Confidential Information relates. In addition, Company agrees that it will disclose Confidential Information only to (a) Company's employees and contractors who have a need to know such Confidential Information for purposes of providing the pbwiki Service, (b) individuals who have the appropriate password for the relevant private wiki and (c) individuals to whom the Wiki Owner has authorized or directed Company to disclose Confidential Information.

Or, as PBWiki CEO David Weekly told me: "Your content is yours, we are not going to mess with it. We take confidentiality very seriously."

Now, if you read the full TOS, the company does two things that at the outset may look like PBWiki is hedging on Weekly's direct statement. The first is that the TOS starts first by defining what privacy and security guarantees are for a public wiki, which Weekly says really isn't the main focus of the company anyway. In the User Submissions section, you'll find the following language:

However, to enable Company to provide the pbwiki Service, you grant Company a worldwide and fully sub-licensable license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform, and publicly display your User Submissions (in whole or in part) in any format or medium now known or later developed.

Sounds like a wide open loophole, no? Well, yes and no, really. Yes insofar as if you're using a public PBWiki service, the company can do anything it wants with your content. I really have no beef with that issue, it's a free service and is not intended for enterprise use in any way.

But it's really not a loophole that lets PBWiki pull a fast one on a user. Weekly explained that there's another important reason why that loophole is there: to protect PBWiki from being sued for the secondary use of content that was posted on a free PBWiki service. If I take some content that someone else published on PBWiki and published it on my own, this clause effectively prevents the original content owner from suing PBWiki for copyright violation, as it is implied in the TOS that PBWiki can do anything it wants with the content, and therefore is not liable for uses that the original owner may not like. Fair enough.

The terms of service for private wikis also has some funny, lawyerly language, which goes like this:

In no event will the following information be considered Confidential Information under this Section 3: (a) any information that was publicly known prior to the time of disclosure to Company; (b) any information that becomes publicly known after disclosure to Company other than as a result of a breach of this Section 3 by Company; (c) any information that is already in the possession of Company at the time of disclosure to Company; or (d) any information that is independently developed by Company.

But this too has a reasonable explanation from Weekly. PBWiki wants to make sure that it doesn't get sued for IP theft from a private wiki owner who thinks that something PBWiki is developing or selling violates the private owner's IP rights. So Weekly's lawyers put this clause in to make it clear that PBWiki is released from protecting the confidentiality of information it doesn't consider confidential.

All in all, it's a pretty decent TOS, and one that seems to serve the needs of enterprise users and PBWiki well. And, as Weekly puts it, it wasn't that hard to do, once the decision had been made to actively protect enterprise wiki data. PBWiki wants to make money selling a superior wiki to companies like the Financial Times, Citi, AT&T and others, not sell advertising or services based on its customers' content. "We don’t make money mining our users data," Weekly points out.

Google, are you listening?

Topics: Browser, Collaboration

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Counterpoint

    Joshua,

    I’ll have to differ with you on this. The key point is the second one you make. PBWiki says that when content is posted on the site, the user grants PBWiki “a worldwide and fully sub-licensable license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform, and publicly display your User Submissions (in whole or in part) in any format or medium now known or later developed.”

    You say that you have “no beef with that issue, it’s a free service and is not intended for enterprise use in any way.” Maybe I missed something. PBWiki is a paid service, and PBWiki boasts that “over 25,000 businesses” use PBWiki, including Cisco and AT&T.

    What does this mean in practical terms? If you are a good photographer and create a PBWiki site showing your pictures of your last vacation, PBWiki could use one of your pictures on its website, or in its advertising, or could sell a license to use the picture to others, including stock photography companies such as Corbis. Similarly, if you wrote an excellent funny story about your experiences on the trip, PBWiki could give or sell a license to that story to Conde Nast Traveler.

    The license clause appears to be limited by the confidentiality clause. However, if the photographer in my example sends a link to ten friends, then unless he has each of those friends sign a confidentiality agreement, then legally the materials are no longer confidential. The unrestricted license then kicks in, and the creator of the content has effectively lost any commercial value in it.

    The same rules would apply to business materials. You create a private wiki inside your company, then PBWiki has an obligation of confidentiality. Your company posts a white paper on server storage technology and sends the link to potential customers, then PBWiki gets to do whatever it wants with the white paper including editing it and putting PBWiki’s name on it.

    I assume that PBWiki doesn’t intend to do any of those things. But that is like saying “give me your bank account number, signature authority, and agree that I can have the money” and then hope that I won’t do what you have agreed I can do.

    PBWiki’s explanation for this, that it prevents them from getting sued for secondary copyright violation, is disingenuous. I’ve been a lawyer for 20 years, and the explanation is legally incorrect. A user who posts content on PBWiki agrees to allow PBWiki to publish it on the web. Part of that agreement should be that PBWiki is not liable if some unrelated third party wrongfully publishes that content elsewhere. It is a simple limitation of liability that a TOS should have. There are 100 wiki companies according to WikiMatrix, and others don’t seem to have the same open-ended unrestricted license that PBWiki demands.
    marcpantani1@...
    • Counterpuntally back

      Marc,

      I guess I didn't make the distinction clear between the how PBWiki distinguishes between public and private wikis. A public wiki does have a relatively loose TOS, and I believe that if you're posting anything on a public wiki (up to and including wikipedia) you should let go of any delusion that your content is anything but pure public domain, which means that anyone, including PBWiki, is free to try to make a dime on it.

      But PBWiki carefully distinguishes between public and private, and the private side is pretty well locked-up. I'm not a lawyer, so I can't comment with authority on what would be a better way to deal with copyright and other issues, but my lay read of the restrictions on private wiki use is that the TOS are safe for enterprise-level use.

      Josh
      josh@...
      • Using PBWiki is highly risky for any business

        Joshua, I was going to let this thread go and not respond to your post, but now I see that PBWiki has used your article to support the proposition that PBWiki?s Terms of Service is fair to the user. http://blog.pbwiki.com/2008/03/05/terms-of-service-we-got-your-back. Users need to understand the legal ramifications.

        I fully agree with your distinction between public and private wikis. If a person or business creates a wiki on the PBWiki service and restricts access to the pages to only the registered users then the PBWiki company does not have rights to the content.

        However, if any wiki pages are made available to the public, then PBWiki has ?a worldwide and fully sub-licensable license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform, and publicly display your User Submissions (in whole or in part) in any format or medium now known or later developed.?

        Let?s look at an example. Hundreds of businesses make content available to the public on their websites. Price lists, customer support information, articles, white papers, blogs, whatever; the uses are endless and ubiquitous. Every smart company does it. Most have used traditional websites but we all know that the reason wikis are popular is that they are cheaper to set up and maintain that traditional coded websites.

        So if a business puts a white paper on the wiki, and checks the box that makes it available to the public, then the PBWiki company has full legal license to edit it, publish it under its name, or allow anyone to do those things. This is fair?

        Using your columns as an example, if you created a personal website on PBWiki and wrote your thoughts (how many blogs are there in the world?), then PBWiki could give me the right to plagiarize your column as my own. And this would be perfectly legal. No compensation or attribution to you. How would you feel?

        This type of provision is a disaster for any business that uses a wiki and plans to make content available to the public. PBWiki boasts that over 25,000 businesses use the service.

        Now, we can hope that PBWiki does not intend to let others use our content. Why would they? On the other hand, if PBWiki has no intent of using the posted content, then why the very odd Terms of Service agreement? Why would a business want to take that chance by using PBWiki? There are plenty of other wikis out there.

        There is one more extremely important aspect of this for businesses. A business will put its logo on its wiki pages. It could be claimed that if a company puts its logo on a PBWiki page under that TOS, and makes that page accessible by the public, then under PBWiki?s Terms of Service the company loses all rights to that trademark.

        This sounds incredible, but that is what the law says. It?s a legal concept called a naked license. You can search on that phrase and get further information. Federal law says that if a company grants a license to another to use a trademark without any restrictions (this is key), then the trademark ceases to be associated with a particular product and that trademark becomes invalid. Congress reasoned that if you don?t care enough about your trademark to control its use, then that is the same as abandoning the trademark. So if you give anyone the unrestricted right to use your trademark for everything from soft drinks to computers to diapers, and give them the right to allow others to do it too, then you?ve just lost your trademark rights. Re-read the PBWiki TOS clause above and think about what a good lawyer could do with it.

        I haven?t seen this argument made in court. However, I can?t think of a time or place in legal history where a service provider has said ?if you use our service you give us unrestricted rights to your content and trademark.? Why would a company want to risk being a test case?

        The PBWiki Terms of Service (and the one for Google Sites too) are simply a deal-breaker for any company. There are dozens of great wikis out there. Why give away your content under any circumstances? PBWiki and Google need to change their TOS agreements and show they support their users.
        marcpantani1@...