So, what many suspected has come to pass, our deepest fears confirmed and one of the worst possible texts adopted. The Digital Economy Bill has gone through the wash-up process in the very last day of this Parliament. I am expecting others to go into the detail of [...]]]>

The Dark Lord of the Sith never rests

So, what many suspected has come to pass, our deepest fears confirmed and one of the worst possible texts adopted. The Digital Economy Bill has gone through the wash-up process in the very last day of this Parliament. I am expecting others to go into the detail of what is actually in the Bill soon enough, this morning I feel neither the inclination nor the will to go through the document. However, just browsing through the online version of the Bill, it seems like the final text is not up yet, as it still contains clause 43 on orphan works, which I believe was dropped last night.

What I want to comment on is something deeper, and perhaps more important in the long run than that arising from the letter of the law.  The UK Parliament has been suffering since the expenses scandal broke last year. Public perception of politicians is at the lowest point in this country, just at the same time as they call a general election. So what do they do to regain the trust of the people? Pass a controversial piece of legislation with the most undemocratic process possible, with minimal discussion, while being witnessed by thousands of constituents who have no other recourse than being thoroughly disgusted and disillusioned by the entire process.

One of the things that has struck me the most about the debate is the amount of public sentiment that it has generated. It has been discussed in Radio 4′s Now Show (relevant clip here), it has been the subject of a Panorama investigation, and a very critical clip from the Culture Show. A call to tell MPs to give the Bill proper oversight prompted a staggering letter-writing campaign of 20,000 people. During the debates, thousands tuned in to the BBC’s website to watch the proceedings live, and the Twitter stream #debill describing the third debate accumulated thousands of tweets, and became the second trending topic worldwide, as people in other countries became interested as well and retweeted what was happening in the UK. My own tweets about the Digital Economy Bill got retweeted from people in Colombia, India, Australia, Mexico and the United States, just to name a few. The public outcry on Twitter was such that the #debill hashtag beat Manchester United and Justin Bieber as trending topics.

Something important and wonderful was happening online. This is the type of democratic engagement that politicians supposedly dream of. They want our votes, they want us to care, they want us to be involved. Unless it is about something that has already been decided and negotiated by the powers-that-be, in that case we just become a nuisance, part of an annoying self-referential minority that can be easily ignored. It’s back to business as usual. It is precisely this disconnect between genuine public interest and the vested interest of powerful lobbyists what is destroying democracy. When people tuned in to watch the debate online, they could witness with their own eyes just how undemocratic the entire system is. Letters do not matter, what matters is the sickening toadying MP making reference to Feargal Sharkey’s Undertones, while sycophantily winking at him in the stands.

However, politicians anger geeks at their own peril. We are packing code, and we ain’t afraid to use it. Already there has been a beautiful mash-up (or whash-up, geddit?) singing that Creativity is the Enemy. Thousands of Twitter users have signed up to oppose the Bill. There is already a list of who voted No, and a staggering website with an indication of who was present during the second reading of the Bill. I do not expect the geeks to take this one lying down.

If you follow technology news services and blogs that are vaguely interested in digital rights issues, you must already have heard about ACTA, the Anti-Counterfeiting Trade Agreement. This is a multilateral trade agreement between the EU, the US, Mexico, Canada, Australia, South Korea, New Zealand and a few [...]]]>

"I find your lack of copyright enforcement disturbing"

If you follow technology news services and blogs that are vaguely interested in digital rights issues, you must already have heard about ACTA, the Anti-Counterfeiting Trade Agreement. This is a multilateral trade agreement between the EU, the US, Mexico, Canada, Australia, South Korea, New Zealand and a few others, currently negotiated in secret that is set to tackle copyright infringement issues. As the name indicates, the aim of the agreement is to tackle counterfeiting. However, the most controversial aspect is that various sources have disclosed that the agreement is set to export some of the worst maximalist legislation out there, particularly in an attempt to curb illegal file-sharing. For the most detailed in-depth analysis of what has been happening so far, Michael Geist’s blog is the place to be. Nonetheless, I have been meaning to take stock and write a synopsis of what has happened so far for my own benefit. If you are confused about the various claims and counter-claims, I hope you find this useful.

The main problem with ACTA is that the negotiations have been closed. Secrecy leads to fear, fear leads to hate, hate leads to anger, anger leads to the Dark Side. One problem that I have noticed, and which has already been picked up by some defenders of the agreement, is that some of the language attacking ACTA seems to be rather overboard. This is an agreement that will end Web 2.0 services, it will eradicate the Internet as we know it and replace it with an alien reptilian replicant. So I have decided to go through what we know about the agreement so far. It must be pointed out that this is the perfect time to take stock, the next round of negotiations is coming up in April, so if there is something to be worried about, we should make a fuss right now.

So what do we really know about the agreement? Relatively little. Because of the secret negotiations, we only have had some leaks here and there. I will not recount the history of the talks (for that, again, I refer you to Michael Geist), but I will only mention that the agreement has been in negotiation since 2008, and that, as mentioned, the process has been shrouded in secrecy. Had it not been for some whistleblowers like Geist, ACTA would now be in an almost final stage with little or no public oversight whatsoever. Whatever one may think about some of the more colourful and fanciful speculation out there, the spotlight cannot hurt, ad we will not be taken by surprise.

So, what does the text say? The most important leak so far came in mid-February, and it was precisely what we were hoping to see, namely Article 2.17: Enforcement procedures in the digital environment (pdf here). The text starts out in a seemingly innocuous manner:

“Each Party shall ensure that enforcement procedures, to the extent set forth in the civil and criminal enforcement sections of this Agreement, are available under its law so as to permit effective action against an act of, trademark, copyright or related rights infringement which takes place by means of the Internet, including expeditious remedies to prevent infringement and remedies which constitute a deterrent to further infringement.”

This is frustrating, as we do not have the current civil and criminal enforcement sections. There are some earlier proposals out there (here and here), and a European leak with country positions  regarding civil enforcement here, but we do not have a clear idea of what the final text will look like. Two things are worrying however. As EU representatives have mentioned, current European copyright obligations do not mention specifically criminal and civil liabilities, but “adequate legal protection…” Another worrying aspect from the existing civil liability section is that ACTA exports the DMCA’s infamous statutory damage provisions, as it asks other countries to calculate damages in the following manner:

“[I]n determining the amount of damages for infringement of intellectual property rights, its judicial authorities shall consider, inter alia, the value of the infringed good or service, measured by the market price, the suggested retail price, or other legitimate measure of value submitted by the right holder.”

This means that we might see some of the most outrageous American copyright enforcement damages, such as the Jammie Thomas-Rasset and Joel Tenenbaum cases, exported to jurisdictions where damages are nowhere near what is proposed. The other concern is that the civil enforcement section could contain a three-strikes clause. We just do not know yet.

Paragraph 2 is a bit odd. It requires the enactment of third party liability, but this is surely already part of most agreements, so why include it here? My guess is that this is setting up the stage for continuing the war against intermediaries that is being waged at the moment. The language is broad enough as to include almost anything.

Paragraph 3 creates rules that will allow service providers, intermediaries and third parties to operate despite what has been mentioned in paragraph 2. In other words, Paragraph 3 will export American safe harbours and notice and take-down regimes. What bothers me is that Paragraphs 2 and 3 create a noxious environment in which third party liability is the rule, not the exception. Intermediaries will be liable with two exceptions. The first one reads:

“[Each party shall] (a) provide limitations on the scope of civil remedies available against an online service provider for infringing activities that occur by:
(I) automatic technical processes and
(II) the actions of the provider’s users that are not directed or initiated by that provider when the provider does not select the material, and
(III) the provider referring or linking users to an online location when, in cases of subparagraphs (II) and (III), the provider does not have actual knowledge of the infringement and is not aware of the facts or circumstances from which infringing activity is apparent [...]“

So, if you are an intermediary, you have to make sure that all of your processes are automated, that you do not exercise any editorial and selection process whatsoever, and you make your best effort not to know anything that happens with your providers. Otherwise you might be liable. The second exception is:

“(b) condition the applicantion of the provisions of subparagraph (a) on meeting the following requirements:
(I) an online service provider adopting and reasonably implementing a policy to address the unauthorized storage or transmission of materials protected by copyright or related rights except that no Party may condition the limitations in subparagraph (a) on the online service provider’s monitoring its services or affirmatively seeking facts indicating that infringing activity is occurring; and
(II) an online service provider expeditiously removing or disabling access to material or activity, upon receipt of legally sufficient notice of alleged infringement, and in the absence of a legally sufficient response from the relevant subscriber of the online service provider indicating that the notice was the result of a mistake or misidentification. Except that the provisions of (II) shall not be applied to the extent that the online service provider is acting solely as a conduit for transmissions through its system or network.”

As stated, this pretty much exports DMCA notice-and take down. You must have a policy to take down content as soon as you’re told, and must make sure to take down the content ASAP.

Paragraphs 4-6 are also DMCA export provisions, as they make it an obligation to export the DMCA’s anti-circumvention provisions, particularly criminal liability for breaking DRMs. Paragraph 6 specifically talks about rights management information (mostly metadata integrity).

So, what’s the verdict? It’s too early to tell. I will reserve full comment until I get to see a reliable draft of the civil and criminal enforcement sections. So far, I do not particularly like what I have seen. I agree with people like Ben Sheffner and Nate Anderson who comment that what we have seen of ACTA does not affect the United States that much, they already have the mother of all maximalist copyright protection. However, their comments seem rather short-sighted, and tend to forget that there are lots of other countries who will sign the agreement. The provisions are already in US law, so don’t worry, they would come to you anyway in some shape or another.

The problem that I have with exporting DMCA-level of protection is that Americans have a huge counterbalance to those provisions in the shape of Fair Use dcotrine. We do not. We have fair dealing, an exhaustive list of exceptions and defences. We get the DMCA, but without any balance. Why is it that the American copyright system seems keen to export maximalism, but not fair use?

Hopefully, there seems to be some opposition building up this side of the Atlantic. Stay tuned.

Update: The European Parliament has voted in favour of opening up the ACTA negotiation 633-13. Things are getting interesting.

As was mentioned last week, we have been expecting an important ruling with regards to internet service provider (ISP) liability from Australia.  Behold Roadshow Films Pty Ltd v iiNet Limited [2010] FCA 24.  This is a case of tremendous importance [...]]]>

What did you say Skippy? ISPs are not liable for the infringement committed by their customers?

As was mentioned last week, we have been expecting an important ruling with regards to internet service provider (ISP) liability from Australia.  Behold Roadshow Films Pty Ltd v iiNet Limited [2010] FCA 24.  This is a case of tremendous importance because it is one of the first skirmishes in the brewing struggle between content owners and intermediaries (I use the term intermediaries on purpose, as the wider dispute encompasses companies such as Google).

iiNet is an Australian internet provider, which was sued by Australian film producer Roadshow Films, part of the Village Roadshow conglomerate.  However, the real power behind the suit was the weight provided by several Hollywood studios, including Warner, Columbia, 20th Century, and Sony Pictures.  The question at the heart of the proceedings was whether an ISP is to be held liable for the copyright infringement committed by its customers.  Call me cynical, but it seems like the film studios chose Australia as the first place to test this theory because Australian copyright law holds secondary infringement as direct infringement.  In other words, anyone making available copyright works will be held similarly liable, whether they do so directly or indirectly.

This is a lengthy and complex ruling, but it is remarkable that it has fallen upon a judge that seems to get the importance of the ruling in the wider context, and also who got the technical complexities involved.  Cowdroy J has managed to wade through the technical issues with exceptional clarity, and has produced a ruling that should become an instant classic.  The judge accurately identifies that the case hinges on two simple questions.  Have the iiNet customers infringed copyright directly?  The answer is yes.  Has iiNet authorised the copyright infringement of its users by failing to take steps to stop it from happening? Here the answer is no. The reasoning behind the negative answer is set out clearly:

“12. Firstly, in the law of authorisation, there is a distinction to be drawn between the provision of the ‘means’ of infringement compared to the provision of a precondition to infringement occurring. The decisions in Moorhouse, Jain, Metro, Cooper and Kazaa are each examples of cases in which the authorisers provided the ‘means’ of infringement. But, unlike those decisions, I find that the mere provision of access to the internet is not the ‘means’ of infringement. There does not appear to be any way to infringe the applicants’ copyright from the mere use of the internet. Rather, the ‘means’ by which the applicants’ copyright is infringed is an iiNet user’s use of the constituent parts of the BitTorrent system. iiNet has no control over the BitTorrent system and is not responsible for the operation of the BitTorrent system.
13. Secondly, I find that a scheme for notification, suspension and termination of customer accounts is not, in this instance, a relevant power to prevent copyright infringement pursuant to s 101(1A) [...]
14. Thirdly, I find that iiNet simply cannot be seen as sanctioning, approving or countenancing copyright infringement. The requisite element of favouring infringement on the evidence simply does not exist. The evidence establishes that iiNet has done no more than to provide an internet service to its users. This can be clearly contrasted with the respondents in the Cooper and Kazaa proceedings, in which the respondents intended copyright infringements to occur, and in circumstances where the website and software respectively were deliberately structured to achieve this result.
15. Consequently, I find that the applicants’ Amended Application before me must fail.”

This conclusion is both astute and well informed, as it takes into account the very clear distinction between an internet service provider, and the producer of software designed specifically to authorise copyright infringement, such as Kazaa.  Cowdroy J goes in detail through some of the most relevant aspects of the technology, namely the intricacies of Bittorrent transactions, and also whether the identification of customers is reliable.  To me one of the most important parts of the ruling is that we get a very clear legal explanation of the Bittorrent protocol:

“70. To use the rather colourful imagery that internet piracy conjures up in a highly imperfect analogy, the file being shared in the swarm is the treasure, the BitTorrent client is the ship, the .torrent file is the treasure map, The Pirate Bay provides treasure maps free of charge and the tracker is the wise old man that needs to be consulted to understand the treasure map.
71. Whilst such an analogy grossly oversimplifies the situation it will suffice for present purposes. It demonstrates that all of the constituent parts of the BitTorrent protocol must work together before a person can access the file sought. In this judgment the Court will refer to all the constituent parts together as the ‘BitTorrent system’.
72. Such analogy also demonstrates that a number of deliberate steps are required to be taken by a person to bring about the means to infringe the applicants’ copyright. The person must download a BitTorrent client like Vuze, seek out .torrent files related to copyright material from websites, and download those .torrent files and open them in their BitTorrent client. Thereafter, the person must maintain connection to the internet for as long as is necessary to download all the pieces. The length of this downloading process will depend on the size of the file, the number of peers in the swarm and the speed of those peers’ internet connections.”

The other remarkable part of the ruling is that we get a very detailed insight into the technology involved in the detection of repeat infringers.  The applicants use a Bittorrent client called DtecNet, which singles out infringing torrents identified by the content owners, and starts downloading from the participant sharers in the swarm.  The agent downloads a full copy of the file to establish that this is indeed an infringing copy, and then identifies IP addresses in the iiNet network.  The agent would then download one piece of the full file from a specific IP address, and would continue to download a piece every 24 hours from the same address.  This technical operation was able to establish that there were indeed iiNet customers sharing infringing files repeatedly, but here is where one of the most interesting findings takes place.  Cowdroy J accurately points out that the infringement is much less widespread than previously beieved, and particularly, seemed to express doubt as to the efficiency of matching IP addresses with specific customers.  Another interesting technical issue that came to bear on the liability issue was the fact that the applicants were trying to paint a picture that a large portion of an infringer’s broadband use would be dedicated to illegal filesharing, while the evidence was to the contrary.

Turning to the legal aspects, one of the most important questions in the ruling is whether each time a user connects to the internet it should be considered as a fresh count of making the work available to the public, or whether the first action, namely downloading the .torrent file and seeding it, would be one single count.  Cowdroy J opines:

“310. [..] The Court finds that it is the wrong approach to focus on each individual piece of the file transmitted within the swarm as an individual example of an ‘electronic transmission’. The BitTorrent system does not exist outside of the aggregate effect of those transmissions, since a person seeks the whole of the file, not a piece of it. In short, BitTorrent is not the individual transmissions, it is the swarm. It is absurd to suggest that since the applicants’ evidence only demonstrates that one piece of a file has been downloaded by the DtecNet Agent from each iiNet user (in some cases more than one, but not many more), the applicants cannot prove that there have been ‘electronic transmissions’ by iiNet users of the applicants’ films. But it is equally absurd to suggest that each and every piece taken by the DtecNet Agent from an iiNet user constitutes an individual ‘electronic transmission’ infringement.
311. The correct approach is to view the swarm as an entity in itself. The ‘electronic transmission’ act occurs between the iiNet user/peer and the swarm, not between each individual peer. One-on-one communications between peers is the technical process by which the data is transferred, but that does not mean that such level of detail is necessarily what the communication right in s 86(c) focuses upon. While the DtecNet evidence cannot prove directly that an iiNet user has ‘electronically transmitted’ a film to the swarm (it can only show that the data has been ‘electronically transmitted’ to the DtecNet Agent acting as a peer in the swarm) the evidence is sufficient to draw an inference that in most cases iiNet users have done so. “

There are many other legal aspect treated, most of them are specific to Australian copyright law.  The most relevant from an international perspective, and one that has been highlighted elsewhere, is that the ruling seems to seriously attack the viability of three-strikes approaches to copyright infringement.  Firstly, there is a lengthy discussion about the legal reliability of evidence obtained by agents acting on behalf of the copyright owners, when by definition those agents are licensed by the owner to undertake actions that would otherwise be infringing, namely, collect copies from the internet.  Secondly, there is the troublesome issue of how such evidence should be suspect in the first place.   Cowdroy J says:

“631. [...] the Court finds that it would not be appropriate to construe the safe harbour provisions such that there is an expectation on the [ISP] to terminate its subscribers at the request of a person who does not swear to the truth of his statement, and is an employee of an organisation whose precise legal status vis-à-vis the relevant copyright owners and exclusive licensees is not at all clear. Allegations of copyright infringement are serious charges which are potentially defamatory. Further, AFACT (the Australian copyright enforcement agency) enjoys no status as an authority invested with power to issue legally enforceable directions.”

This paragraph should be printed out and handed out to the Lords currently discussing the Digital Economy Bill (wink, wink, ORG).  We cannot possibly build a system of punishment that relies entirely on suspect accusations without any legal recourse.  The very principles of fairness and due process of law are at stake here.

What a refreshing ruling from Down Under.  Unfortunately, another copyright case from the land where women glow and men plunder has overshadow this more important development.

I just smiled and gave me a vegamite sandwich.

Anyone who has been paying attention to the War on Piracy will have noticed that the emphasis has shifted from the user to the internet service provider.  As content owners discovered that attempts to enforce their rights against users backfired and/or had no noticeable effect, [...]]]>

"They are getting closer, I can hear their lawsuits at night"

Anyone who has been paying attention to the War on Piracy will have noticed that the emphasis has shifted from the user to the internet service provider.  As content owners discovered that attempts to enforce their rights against users backfired and/or had no noticeable effect, they began returning to the strategy of trying to make the service providers liable for the infringement committed by their customers.

The first barrage in the war took place when content owners managed to get Irish ISP Eircom to promise that it would disconnect repeat offenders.  Then an Australian copyright conglomerate (representing several U.S. content giants) sued iiNet for copyright infringement incurred by its customers, and we should get a ruling next week.

These lawsuits however are only a small part of the global strategy.  As it has been repeatedly posted here and elsewhere, the end-game for the content providers is of course to make ISPs liable through the inclusion of three-strikes clauses into copyright law.  New Zealand and France have attempted to do just that with mixed results, and in the UK we are currently experiencing a similar threat through the Digital Economy Bill.  But it is in ACTA where the final battle will take place.  The inclusion of three-strikes provisions in a wide-ranging bilateral agreement between some of the most developed countries in the world will almost undoubtedly spell the end of intermediary indemnity, and more importantly, it might well spell the end of ISPs as we know them.

Update: And to complicate things even more, Virgin Media says that it will use deep-packet inspection software to monitor potential infringing material.

How to talk to your MP and get them to change the Digital Economy Bill (Edinburgh) Sunday, January 24, 2010 from 2:00 PM – 5:00 PM (GMT)

Gain the confidence to talk and write to your MP

It was supposed to be the British equivalent of high-profile cases such as PirateBay and the Jamie Thomas trial.  It was supposed to act as a clear deterrent to a new generation of file-sharers against widespread copyright infringement.  Instead, Alan Ellis, the founder of torrent tracking site OiNK [...]]]>

"I'm not criminally liable for secondary infringement, officer!"

It was supposed to be the British equivalent of high-profile cases such as PirateBay and the Jamie Thomas trial.  It was supposed to act as a clear deterrent to a new generation of file-sharers against widespread copyright infringement.  Instead, Alan Ellis, the founder of torrent tracking site OiNK has been acquitted of the charges of conspiracy to defraud.  How did this case turn from sure thing to nightmare for the music industry?

OiNK was not your typical torrent tracker site. Websites such as PirateBay, Isohunt, and TorrentReactor are free to use and available to the wider public.  OiNK was a free-of-charge closed service, available only by invitation from an existing member, which could be obtained by paying $5 USD.  The site also operated through donations, which amounted to a staggering $300,000 USD.  OiNK’s statistics are impressive, it boasted 200,000 registered users, and it facilitated the exchange of 21 million files. I am going to go out on a limb here and claim that most of those files were infringing copies.

So, it is clear that OiNK was in the wrong, and the fate of Mr Alan Ellis was sealed, right? Not really.  The problem seems to have been that prosecutors chose to charge Mr Ellis with conspiracy to defraud, instead of anything related to copyright infringement.  This meant that they had to prove Mr Ellis was trying to defraud his customers, when it was clear that he was offering a service, and his clientèle knew fully well what they were getting into.  No fraud then.

Why didn’t the prosecution try for copyright infringement offences?  For example, s107 CDPA establishes criminal offences for various copyright infringement acts made “in the course of business”.  As Mr Ellis was clearly profiting handsomely from his services, it could be argued strongly that he was infringing copyright for commercial gain.  Or can it?  The main problem with torrent sites is precisely that no infringing copies are kept on the servers, and that the trackers act simply as facilitators.  Using a real-world analogy, torrent sites are more akin to bar lounges where illicit goods change hands.  Nonetheless, s107 also covers secondary infringement offences, such as communicating infringing copies to the public, which one might think is precisely what a torrent site does.  However, the wording of UK copyright law is problematic in this respect, as it seems entirely drafted with physical copyright infringement in mind.  For example, s108 CDPA says:

“108.-(1) The court before which proceedings are brought against a person for an offence section 107 may, if satisfied that at the time of his arrest or charge-
(a) he had in his possession, custody or control in the course of a business an infringing copy of a copyright work, or
(b) he had in his possession, custody or control an article specifically designed or adapted for making copies of a particular copyright work, knowing or having reason to believe that it had been or was to be used to make infringing copies,
order that the infringing copy or article be delivered up to the copyright owner or to such other person as the court may direct.”

This clearly assumes that criminal commercial infringement will take place through some physical medium, and seems to preclude facilitating online acts.  It seems then that prosecutors were not sure to obtain a conviction through copyright infringement.  OUT-Law makes a good point that the best way to proceed was to pursue OiNK for authorising copyright infringement, which is a civil offence for secondary infringement (see s24(2) CDPA).

Good news for OiNK may be bad news for the rest of us, as I am afraid that the music industry may use this verdict to push for stronger copyright protection in the upcoming Digital Economy Bill.  It is clear that some torrent sites operate at the very fringes of acceptable behaviour.  As some independent musicians have pointed out in an interesting Guardian blog article, torrent sites may be guilty of not doing enough to curb infringement.  If legislators are presented with an idea of a virtual Wild West where everything goes, we may be in for a rough awakening when the Bill eventually gets through Parliament.