Saturday, November 28, 2009

ZDNet, Wi Fi and the Digital Economy Bill

ZDNet is reporting , rather relevantly to Current Times, that a pub owner running an open wi fi hotspot has been "fined £8,000" for infringing downloads by its customers. The information was provided by the Cloud, who provided the hot spot capability (and who also, incidentally, do the same for McDonalds, my example for wi fi liability of a few days back on this blog.)

"Graham Cove told ZDNet UK on Friday he believes the case to be the first of its kind in the UK. However, he would not identify the pub concerned, because its owner — a pubco that is a client of The Cloud's — had not yet given their permission for the case to be publicised."

ZDNet asked me to comment on the story which I was happy to do, but unfortunately one major error has crept through the phone call process. EDIT - corrected! Thank you! Story also now specifies it was a civil case.

So what about the pub story? It sounds very odd. Basically, we need more details here. First it doesn't sound on first glance like a case where criminal copyright would be applicable. So that probably isn't a "fine", but damages . Even more likely is that the case settled rather than going to final judgment (in which case, wouldn't it be a novel enough decision to have an opinion, and be up on BAILII? I can't see it there). In that case the £8000 is just an estimate of damages both parties were willing to settle for, and, it should be stressed, not a legal precedent.

As for the crucial responsibility angle, one wonders if the issue was mainly one of proof. After all, if a publican was alleged to be regularly downloading without permission, and the defense was that wi fi users were using his IP address ("it wasnae me" as we say in Glasgow), and the wi fi was open, then there was no attributed log of downloads, and thus no proof of this beyond that mere assertion. In strict law, even in a civil case where the standard of proof was the balance of probabilities, the onus of proof should be on the plaintiffs ie the rightsholders. But in a settlement situation, I can conceivably see that the publican might decide to give up and settle without hard proof to back up his case, and cut his losses and the chance of losing the case and paying both side's costs.

The important point is if that if this is a settlement, that doesn't at alll translate into a theory of secondary liability for downloaders suing your open network, still less a legal precedent. If anyone has further details, I'd love to hear them.

I may as well now go on and quote the rest of myself :) (a bit odd I know)

"However, she said the measures that would be brought in under the Digital Economy Bill — measures that could include disconnection of the account holder — would not apply because the business could be classified as a public communications service provider, which would make it exempt. According to the terms of the bill, only "subscribers" can be targeted with sanctions**.

[** note for legally minded Pangloss readers: this is because the DigiEc Bill cl 16defines "subscribers" as excluding "communications providers", which can be traced back via the Communications Act 2003 to include providers of electronic communications services or networks. The pub hotspot would fall into that class, probably :-) ]

According to legal advice sent to The Cloud by the law firm Faegre & Benson on 17 August, "Wi-Fi hotspots in public and enterprise environments providing access to the internet to members of the public, free or paid, are public communications services".

A public communications service provider must, under the terms of the Data Retention Regulations that came into force in the UK in April of this year, retain records for 12 months on communications that have taken place over their network. This data includes user IDs, the times and dates of access, and the online destinations that were being accessed. The content of the communications cannot be retained without the user's permission, due to data-protection laws.

However, there is a get-out clause in the Data Retention Regulations, in that no public communications service provider has to keep such records unless they are notified by the government that they are required to do so.

According to Edwards, this is because "only the big six ISPs have the facilities to comply, and because the government agreed [in its legislation] to repay some of the costs [of retaining [[and accessing - Pangloss adds]] such records]". She noted that this clause might itself be non-compliant with the EU data-retention laws that were transposed into UK law in April.

Edwards pointed out that, even if the sanctions proposed in the Digital Economy Bill come into force, "no-one will know who [the downloader] was, because the IP address that will show up [upon investigation] will be of the hotspot". She added that the rights holder seeking infringers of their copyright would probably not know that the IP address in question was not that of a subscriber.

It would then be up to the hotspot operator to point out that they were not the end user downloading copyrighted material. "But when would they get to say that? Maybe straightaway, maybe not until after disconnection — it's not currently clear," Edwards said."

1 comment:

Ken Brown said...

"According to legal advice sent to The Cloud by the law firm Faegre & Benson on 17 August, 'Wi-Fi hotspots in public and enterprise environments providing access to the internet to members of the public, free or paid, are public communications services'."

Maybe they would also say the same applies to what we do providing comms and mail to our students and staff. Its not all automatic depending on jobs or courses - there are some students who can choose to pay extra to get more access. That is probably the case for lots of UK universities.

I'm also worried about malicious claims to copyright being used to harass legitimate users or owners. There are some nasty, clever, people out there. There are - believe it or not Lord Mandelson - nasty clever people who do nasty clever things with computers or networks purely to upset other people and cause trouble.

The kind of people who send us endless torrents of phishing spam (or who leave the software that sends it running on bots long after they have forgotten about it and moved on to the next scam) can and probably will find some way to make mischief, or profit, by sending well-faked complaints.

The complaints we see at the moment (probably more than one a week) almost always originate from software. They are sent to us automatically. No real human lawyer types them in and decides to send them to us - some computer program notices that an old Chuck Norris film seems to be available from such-and-such and address and zaps off a nastygram to the registered owners of the domain, and their ISPs. Those channels can be exploited by the bad guys.