Monday, November 23, 2009

Mandy and Me: some thoughts on the Digital Economy Bill

So, once more unto the breach, dear friends, once more, where the breach is of copyright of course. First a brief summary of the terrain.

Clauses 4-17 of the Digital Economy Bill introduce an “initial obligations” regime for ISPs, whereby subscribers accused of filesharing by rightsholders will be sent warnings of alleged copyright infringements, or “strikes”, by their ISPs; and a “technical measures” phase, to be green-lit only after evidence has been amassed that warnings do not work (but see below), which will allow sufficiently warned offenders who still seem not to have seen the error of their ways to be disconnected from the Internet. Traffic slowing and banning of access to certain sites eg the Pirate Bay, may also become available measures.

The Bill also, almost as an after thought, adds a “Henry VIII” clause, which allows the relevant Secretary of State (currently Lord Mandelson of Mordor sorry BIS) to make new copyright law in any area of Parts 1 and 7 of the Copyright, Design and Patents Act 1988 (CDPA), by statutory instrument (SI) not primary legislation, if justified by speed of technological developments (even ones that haven’t happened yet – see proposed new s 302A of the CDPA.) So essentially, new and important copyright laws (not exclusively to do with filesharing – DRM, fair dealing and user rights might all be affected) are to be made under the public radar, and without proper Parliamentary scrutiny. anytime, anywhere (hereafter, the “Martini clause”).

There has been a great deal of coverage of these matters – see eg here and here – so I will only point out a few matters of detail which have struck me as particularly worrying, on top of my, er, well-ventilated previous concerns about the principle of a regime of “three strikes” at all. Most of the press attention has focused on the posited disconnection regime, since of course the sanction is so far reaching. But the warnings regime, which if the Bill passes is likely to be of more immediate concern, is also staggeringly poorly drafted, and this is where my focus will lie.

Accusations and evidence

In the outline scheme we have, warnings are to be sent to subscribers solely on the say so of rightsholders. All a rightsholder need do, as presently laid out, is provide an IP address and time stamp of an alleged infringer to an ISP, and say that “ it appears to [them that ] a subscriber .. has infringed the owner’s copyright”. There is no requirement this belief be objectively reasonable. Nor is there any apparent sanction for malicious, or even simply careless or reckless allegations. Recent experience with the RIAA and BPI has shown that allegations made after IP address tracking at P2P sites often turn out to be wrong and that collecting IP addresses from P2P honeypots is a non-trivial exercise ; so the issue of liability for erroneous accusations is an important one. Libel, malicious falsehood and data protection laws may offer remedies for the falsely accused; but there is no mention of such in the Bill itself (so far), nor of any reasonable duty of care. In other words, all the power is given to rightsholders, and none of the responsibility.

“Allowing infringement”

The Bill also makes it clear that an infringement may be notified by a rightsholder if the subscriber “allowed another person to use the service and that other person has infringed”. What does “allowed” mean here? It seems clear it is intended to cover the case where an Internet service is used to download by any member of the household other than the subscriber eg by partners, children, flatmates and lodgers – but what of casual visitors, friends of children? Should such persons be routinely policed by the subscriber fearful of liability, their rooms and computers searched, guests interrogated about their laptops and smartphones? What of Art 8 ECHR guarantees of privacy (which, let us remember, apply to children as well as adults, especially in their own bedrooms)? This is however only the start. What of the school or university or business which gives access to the Internet to hundreds or thousands of people? These warnings will come to roost at their doors, or rather their IP addresses. Will we then see IBM, Oxford University and Standard Life (just say) subsequently banned from the Internet? Is it really feasible to expect such organisations to stamp out downloading among all their employees or attendees (especially given most already do their best to try) or to spend the resources on internally trying to attribute the warnings to individual employees etc?

The end of unsecured wi fi?

A connected issue Pangloss has raised before relates to wi fi. At present it is a subscriber’s choice whether to secure their wireless network or not. Despite the public panic about paedophile use etc, many still think leaving wi fi unsecured is a public service (see on this Daithi McSithigh’s excellent piece). Yet one can easily see that leaving a network unsecured will count as “allowing” another’s infringement (and note the mandatory requirement to notify alleged infringers about how to protect their wi fi in proposed new s 124(5)(f)). What we see therefore is constructive prohibition of unsecured wi fi by the back door, for both consumers, corporations and the public sector (think of the impact on digital inclusion?); a decision of huge significance, which itself deserves a major public debate.

Appeals

Appeals against allegations untested in court and based on evidence solely of one interested party, are vital. At the warnings stage, a single appeal is to be allowed, it seems, not to a full tribunal but merely to a “named person” who will be an arbiter of some type, independent of ISPs and rights holders, though not of OFCOM. Such an appeal is also vital to ensuring that this process meets the requirement of a “fair and impartial” hearing, under what was Amendment 138 to the now finalised Telecoms Package. But no grounds are named in the Bill for an appeal against an erroneous warning to be allowed (there are some in relation to the better drafted and seperate appeal against disconnection) , nor is it stated what disposal the “person” could make if an error was found to have been made. Strangely, there is not even any requirement for alleged infringers to be told of this right of appeal, even though they are required to be given an enormous number of other pieces of educational “information”. This is wholly unsatisfactory, especially in relation to Amendment 138.

Notification of warning

Finally on this part, note (see proposed s 124A (7)) that warnings are to be deemed “notified” if sent to “the electronic or postal address” held by the ISP. As someone who never uses or checks their nominal ISP-provided email address (mailto:something@virgin.net I guess) , I would strongly suggest this be altered to “and” rather than “or”. Of course this would cost substantially more to the rightsholders and ISPs, so possibly some midway solution should be found where an ISP is required to obtain a current used email address from its subscribers.

ISP liability?

ISPs hold an unfortunate piggy-in-the-middle position in all this, forced by the threat of a fine of up to £250,000 to co-operate with rightsholders, even though they gain nothing from the process but overheads and customer ill-will. I have said elsewhere that I do not think it is just or sensible to enrol ISPs as “copyright cops”, but if they are to be, they need strong protection from liability, ideally in the form of an indemnity from the rightsholders who actually plan to benefit from this whole stramash. ISPs face potential liability for sending out libellous allegations to subscribers, and again for disconnecting the wrong person on erroneous evidence, and in breach of contract, However currently all ISPs get by way of protection is the feather-light provision that an indemnity may – not must – be provided by the Code to be drafted (again, no further details now– see new s 124J(4)(b). If I were an ISP, I’d be going out now to price a shedload of legal liability insurance J - or to check out moving offshore.

The disconnection regime

Finally (gentle reader wipes brow), the present government has made a great deal of the assertion that the “disconnection” stage is a “nuclear deterrent” option – only to be implemented if all else has failed. One wonders why, three months before an election the current incumbents are likely to lose, it was not then simply left to the discretion of the next government whether to bring forward legislation, once the evidence was in. As it stands, the “disconnection” regime is supposed to be brought in, it has been widely reported, if a review by OFCOM shows (to some very vague timetable) that the “warnings and passing of ID details” approach is not working. However if you go and look, what s 124H(1)(b) actually says is that the Secretary of State may order that the “technical measures” stage may go ahead as appropriate in view of such a report OR “any other consideration”. In other words, you can forget evidence based policy making if times are tough, and donations from rightsholders are needed? Again Pangloss’s suggestion would be for that last sub-clause to go.

I could go on – for most of a PhD length thesis I suspect – but enough is enough. This legislation bears every hallmark of having been drafted in haste on the back of an envelope on a wet Tuesday. It’s so like The Thick Of It. Only without the jokes .

Ps if you are unhappy with any of the above, can I politely direct you towards http://petitions.number10.gov.uk/dontdisconnectus/ ?

2 comments:

Andrew said...

I'm not sure the "internet police" metaphor is right. Police gather evidence and (sometimes) apply discretion to decide whether a caution or prosecution is in the public interest. The Bill bars ISPs from both of those roles, leaving them to just impose the sentence decided by others. Gaoler or executioner is closer, I think :-(

Matthew said...

As far as I know, the whole idea of this is to stop people downloading illegally and encourage them to use legal services (Napster, iTunes, BBC iPlayer, 4oD etc).

It seems that if the government impose technical measures on someone, it will be for ALL their web activity. This includes legal services.

Slowing down/disabling peoples access to legal services does not sound to me like encouragement.

If they do impose technical measures on someone, it should only be in effect for illegal activity. If that user then goes to iTunes or BBC iPlayer for example, they should receive their full speed while these are being used.

This rewards for using legal services making it more appealing to someone who until that point has refused to change. If they use a legal service, they get fast speeds. Use the illegal ones again, downloads are slow, encouraging them to move back to the legal options for full speed.

As this is about illegal downloading, I don't think any legal services should ever be affected.

Also what about people who rely on the internet to earn a living? What the government seems to be saying at the moment is that if an internet connection is allegedly used to infringe copyright in some way, then anyone who relies on that connection for work, no longer has the right to earn a living online.

And people with disabilities who rely on their internet connection to communicate with the outside world and to have some independence. Are these people going to be isolated, have their independence taken away and be left to suffer because someone allegedly infringed copyright using their connection?

Will exceptional cases where imposing technical measures or disconnection would have serious impact on someone's health and wellbeing be considered individually to find non-damaging ways of changing these people's copyright behaviour?