Thursday, July 24, 2008

3 Strikes and You're Um Crawling to a Halt??

Pangloss hates to seem so one track minded on this, but well, things just keep happening. In this case, potentially pretty bad things.

After months of rumours, behind the scene talks, stealth tactics at the European Parliament (maybe), and denials that the UK and indeed, Carphone Warehouse would ever ever have anything to do with nasty French stuff like 3 strikes and you're out, today we have two somewhat interesting developments: a voluntary, and so far, rather worryingly vague, Memorandum of Understanding between the music industry, BERR and the 6 leading UK ISPs which between them account for 90% of UK traffic : BT, Tiscali, Virgin ("absolutely no possibility of disconnection"), Orange, BSkyB and oh suprise, Carphone Warehouse :)

Plus a consultation on what primary legislation should be brought in by BERR as a "backstop": the idea being presumably that if the other 10% of ISPs don't fall into line with the MoU - or if some of the above 6 pull out depending on how bad the PR fall out is and what the MoU actually compells them to do - they can then all be compelled still to "do something" about file sharing.

So what does the MoU say? Well basically for 3 months, the industry aided by the 6 ISPs involved are going to send out letters to suspected filesharers. Lots and lots of letters. 80,000 or so over 12 weeks. But hang on. If 67% of the UK have admitted to filesharing - even only once - that's 35 million letters that need sending out. Quite a bit of scaling up there to be done after the pilot. Eco-wise let's hope they're all emails:)

But letters is only stage 1 (after all the BPI could have sent them themselves, tho this way they do aparently get ISPs to pay for half of them.) Stage 2 is what do you do next, when presumably they compare them all on a big spreadsheet, and find that eg Mr A of Aberystwyth got 220 letters from 5 ISPs? What gets done to persuade Mr A to abandon his bad ways if the shock of 220 letters isn't enough?

Here the MoU gets vaguer. There will be discussion of "technical measures", for "repeat" or "the worst" offenders. This seems to involves three possible sanctions:
  • traffic management (slowing the offender's email til it's too slow to downlaod an MP3);
  • filtering out tagged-as-copyright traffic to that offender's IP address;
  • and possibly, maybe, not quite stated-as-such, disconnection??

Pangloss doesn't want to restate the (very tired and flat) wheel but this raises all the same problems I've gone though before plus more.

What will happen if the repeat offender is a child and the whole household loses access or has it slowed to unacceptable levels? "Traffic slowing" to an accountholder sounds better than disconnection, but I cannot see, having asked some tech experts, how it is substantially less damaging.

This is about music remember, not, so far, films. Supposed Little Johnny downloads several hundred tracks, and as a result the account to their home is restricted to a crawl. (It's likely to happen automatically after the account's bandwidth limit is reached.) If you can't manage to get a fast enough connection to download an MP3, or even 12 constituting an album, can Johnny still manage to download his course reading materials from the uni or school website?? can Mum run her small business? can Dad tele commute? can Sis run her small business on eBay? can ma and pa even manage to download programmes from iViewer, their legal right as a BBC license payer! It seems unlikely.

What if the infringer is really someone using your wi fi , or visiting your house, or a crook who's zombified your machine unbeknownst to you?

What if the music people have just got the IP address or look up to real life ID wrong? (well we should at least get to see the correct target hit rate - or the failure`rate - over the next three months.

What if you're making fair use of coyright materials eg review, journalism, education?

All these crucial points of evidence and standard of proof and exceptions remain right now (a) vague and (b) aparently to be determined and adjudicated by industry and ISPs - not courts, judges or even policemen.

The good news here is that the regulator Ofcom is to be involved in drafting codes with industry relating to "evidence .. repeat offenders..incorrect allegations... routes of appeal" (p 48).

Good. Very good even. But it will still be the music industry as prosecutor and judge and the ISP as cop and enforcer, with the onus on the consumer to challenge after the sanction has already been ordered: Pangloss still feels deeply unhappy about all this.

There is a better alternative though, and it's option A3 in the BERR consulation. (p 35).

"Rights holders would identify infringing IP addresses and pass evidence and
details to a 3rd party body, which would take responsibility for assessing the evidence that file-sharing of copyright material had taken place. If the evidence was judged sufficiently robust, the body would then direct the ISP to take appropriate action or do so itself. Such a body would also be able to hear appeals and complaints from
consumers and may also be responsible for developing and administering or overseeing
any required code of practice for ISPs and rights holders."

This is a win win solution. It could meet ECHR and UK standards of fairness, due process and transparency, while still cutting down on actual piracy (as is right and proper, we should not forget this).

It might also be seen as slow and expensive and the industry will not like it. But it doesn't have to be.

We already have a model , in the IP world, of a speedy cheap and effective, yet legally rigorous tribunal for on line wrong doing. It's the ICANN UDR dispute resolution procedure for dealing with cybersquatters - people who register domain names in apparent disregard of the rights of trademark holders. It works, it's seen 1000s of cases over a number of years and broadly industry - and the IP industry - has found it effective and satisfactory. In previous work for the EU, myself and my colleague Caroline Wilson held up the UDRP as a possible model for resolution of online consumer-related disputes. It can involve lawyers or technologists or even musicians so long as they are trained as arbiters who actually understand the relevant law, technology and business. It need not have the kind of time and cost constraints of the courts. Cases could mainly be conducted online, with electronic written pleadings, again already a tried and tested standard approach in the UDRP.

It could make the UK look like a world leader in dealing with the consumer piracy problem, as opposed to the freakshow of Europe.

What other alternatives does BERR suggest?
A1 suggests that ISPs be required to automatically reveal the personal identity of an alleged filesharer identified by IP address to music industry, on demand, with no need to go to court.

Currently ISPs refuse to do this because it would be breach of data protection law and also a breach of confidentiality to custoner without court order. It would, one imagines, be disastrous for ISP customer relations, but as US already has it in DMCA, it is likely to appeal to BERR as already working.

The problem is really how far this can be used to invade personal provacy and make groundless threats (as in so-called cyber-slapp libel litigation.) People are however extremely touchy about personal data revelation without consent right now, post HMRC. so Panlgoss suspects this one is likely to go down like a lead balloon.

A4, finally, (no there is no A2 - well not really) suggests that if we are all very very bad boys indeed, then ISps will be asked _ sorry ordered - to install filtering. THis would probably mean that the rightsholder would say "here is the list of tracks we hold cooyright in" and if Mr A in Aberystwth was detected downloading or uploading one of them, it would be filtered out (and he would no doubt get a letter too).

Secueity and technical experts say this is so unlikely to work correctly across all traffic, all users and all ISps, that it's like believing in fairies. How do you tell a Lily Allen track that's been illegally copied from a P2P site from one that's been legally downloaded as part of a BBC TV show from iViewer or one that's freely available on MySpaced as apromo? It's the same track.

It is also a blank ticket for unrestricted censorship with no public accountability or transparency. It's the kind of tactic which has been declared an unconstututional interference with the free expression rights of adults repeatedly in the US courts. Filtering might - just - be aceptable to stamp out child porn downloading - but not in the context of music where many people have quite legitimate rights to listen to much oif the material.

This is more than a hammer to crack a nut - it's an imaginary hammer cracking all the fruit in the world as well as the nut. (Yeh maybe the metaphors are getting out of hand.)

Think about it. If you like A3, do write to BERR (or do anyway) - the consultation closes on October 30.

Write to Michael Klym / Adrian Brazier
Communications & Content Industries
Department for Business, Enterprise & Regulatory Reform
UG28-30
1 Victoria Street
London SW1H 0ET
Tel: 020 7215 4165 / 1295 Fax: 020 7215 5442
Email: mike.klym@berr.gsi.gov.uk / adrian.brazier@berr.gsi.gov.uk

1 comment:

Anonymous said...

Hello Pangloss. What do you think of having an A3-type authority to authorise the imposition of technical measures, but not involving it when all you want to do is send letters? If the report's presumption is right that technical measures will only be required in a very small proportion of cases then the scale of the authority could be much smaller and it would have time to give proper scrutiny to the evidence provided in those cases. If the presumption is wrong then it seems to me that there are serious digital exclusion issues coming along...