Urgent - Ofcom consultation on the DEA - deadline 30/7

[Duke]

If you haven't already seen it, please do have a look at this thread, it is getting kind of urgent and we would like as much input as possible on this:

viewtopic.php?f=7&t=2396

Feel free to post there, here or on the Wiki discussion page.

[clunkclick]

As time is running out. These folks have reveiwed the ofcom consultation and provided a response, which is coherent and specific. Apologies if this is in the wrong form...

'Ofcom's code to target alleged filesharers is missing vital standards of evidence and limits your right to appeal. Let them know what you think about this.
We know this can lead to the wrong people going to court and facing fines. Only a week ago ACS Law caused a storm of complaints as they wrongfully accused people of downloading songs by the Ministry of Sound.

We have two days to reply to Ofcom's “Draft Code” and tell them that it
• fails to set standards of evidence, instead leaving it up to copyright owners to decide what counts,
• fails to set standards for internet service providers, creating greater chances for error,
• threatens the existence of WiFi networks by forcing them to either be an ISP or a subscriber
• fails to set criteria for storing and collecting personal data, leaving it open to misuse.
What can you do about it?

We have two days to reply, so send your consultation response now. It will only take two minutes.'
http://action.openrightsgroup.org/ea-ca ... ampaign.do

[clunkclick]

Send this statement from openrightsgroup.org via email to Campbell Cowie at ofcom http://stakeholders.ofcom.org.uk/consul ... ringement/
enclose coversheet with your email - http://stakeholders.ofcom.org.uk/consul ... oversheet/


Dear Mr Cowie,

Please find below my answers to the questions set out in the consultation Online Infringement of Copyright and the Digital Economy Act 2010.

I believe that the code does not comply with the Digital Economy Act and I therefore ask Ofcom to set up a new consultation round. The areas I am particularly concerned about include the gathering of evidence, the identification of customers, data retention by ISPs, the threshold for notifications sent to the subscriber and appeals.

No definition of the process by which evidence is collected
Section 7/124E(2) of the DEA requires that the initial obligations code makes the required provision about CIRs by specifying “requirements as to the means of obtaining evidence of infringement of copyright for inclusion in a report”, and “the standard of evidence that must be included”. The draft initial obligations code makes no provisions specifying the means of obtaining evidence of infringement of copyright for inclusion, and neither does it make provisions specifying the standard of evidence that must be included.

Section 3.5 to 3.7 of the draft initial obligations code outlines, in relation to evidence gathering process what it calls a “quality assurance process” but this process does not specify the means of obtaining evidence or the standard of evidence included, only that the copyright owner will have to follow the process outline in their quality assurance report which is to be submitted to Ofcom. The DEA does not require such a quality assurance system.

The code does not currently require evidence to be robust
Ofcom appear to want evidence gathering systems and processes to produce robust and accurate results, but provides no explicit statement in the Draft Code that those processes are required to be "robust and accurate".

No definition of the process by which customers are identified
The DEA also requires that Ofcom's Initial Obligations Code specify the means by which subscribers are identified by ISPs. In order to ensure that citizen's interests are protected properly we should be given the full detail required by the Act – otherwise we are not able to comment on whether safeguards are in place or not.

Section 7/124E(3) of the DEA requires that the initial obligations code create provisions covering the notification of subscribers for whom the internet service provider receives one or more CIRs. These provisions include “requirements as to the means by which the internet service provider identifies the subscriber”.

In contrast, the quality assurance process outlined in Section 4 of the draft code does not make “requirements as to the means by which the internet service provider identifies the subscriber”, but instead only requires that the qualifying ISP complies with the process outlined in their own quality assurance report.

No provisions explaining how ISPs keep information about subscribers
The DEA requires that Ofcom's code makes provisions about how ISPs keep information about subscribers. This information is important in order that the public are able to assess the privacy risks inherent in the storage of this data, including whether the information stored will be secure from tampering and misuse. I believe it is a serious problem not to be able to comment on this key element of the Initial Obligations Code.

Threshold for determining a 'relevant subscriber' is not set
The DEA requires that Ofcom's code sets a threshold of notifications made to a subscriber in relation to a copyright owner (Section 7/124E(1)(c)), in order that they are a 'relevant' subscriber whose details may be offered after a court order to the copyright owner. The code instead offers a scheme by which, after three notifications from the ISP, they are placed on a list (of “repeated infringers”). So the code sets a threshold for determining “relevant subscribers” in relation to notifications sent by ISPs and not CIRs received by ISPs. This does not comply with the DEA.

That Parliament expected thresholds to be set by the code was recognised in the debates:

"We absolutely accept that the concept of a threshold is important, and the Bill allows for it. Our approach to the threshold is that it should be for the code, but I recognise that this is not a sufficient answer. Let me say that we would expect the threshold to be based on the number of CIRs received over a period of time. The details should be left to the code. I accept that we must develop the concept of a threshold. We make allowances for it in the Bill and we will put flesh on to the bones in the code."
Lord Young, 12 January 2010 http://www.publications.parliament.uk/p ... 2-0011.htm

The very notion of a 'threshold' distinguishes it from the process of sending three notifications.

Instead of the approach mandates by the DEA and advocated by the government front bench, Ofcom have conflated CIRs and notifications sent to subscribers. The public need to see the details of a fully functioning, compliant scheme in order to assess its fairness and efficacy by offering this non-compliant alternative, it is denied that opportunity.

Data protection
The entire process of collection and storing of data in this area is fraught. Personal copyright infringement is, ultimately, a matter between private parties and not something endangering state security or being a matter of serious crime: the type of infringement targeted not a crime, but a tort. Each copyright infringement notice may relate to a music file with a retail value as low as 35p, but is almost always a matter of small sums of money, not state or public security.

The case for collecting and storing information about private individuals on the internet by private parties needs to be set out. The reasons why personal data may be processed are called “conditions for processing” under the Data Protection Act. The Code should set out what the justifications are.
[ Ref. http://www.ico.gov.uk/for_organisations ... ssing.aspx ]

These conditions need to be set out for both the private parties and the ISPs databases of infringement allegations.

The code fails to explicitly state whether the subscriber's data and IP address are sensitive personal data under the Data Protection Act 1998. IP addresses and other personal data relating to the subscriber consist of information as to: “any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.” This is extremely important, as this affords greater standards of protection and access.

In particular, I urge Ofcom to assess whether the draft initial obligations code, which is to become secondary legislation, complies with the relevant EU data protection and data retention directives. Unfortunately the UK government has failed to properly implement EU data protection and retention standards into UK law, therefore I ask Ofcom to assess compliance with EU standards, not just UK law on the matter. In particular I am concerned that the code places a duty on internet service providers to retain IP logs for the purpose of matching CIRs to subscriber details for 10 days, and Ofcom needs to ensure that this complies with relevant EU data retention standards.

I am also concerned that the draft initial obligations code does not make the deletion of CIRs by the ISP an absolute requirement, instead Section 5,.2 of the draft initial obligations code states that: “As far as is reasonably practicable, the Qualifying ISP must retain this information for no longer than 12 months after receipt of the CIR in question.” Ofcom should clearly state that the CIRs need to be deleted after 12 months, failure to do so would then be a non compliance with the initial obligations code.

I also ask Ofcom to clarify how anonymity of notified subscribers will be ensured at all stages of the process.

Content of notifications
The code does not set out a requirement for any standardised content although this was clearly intended by Parliament in order to ensure that the most important content is included in the notification letters. The DEA requires the following information “about subscriber appeals and the grounds on which they may be made” to be standardised:

“information about copyright and its purpose”
“advice, or information enabling the Subscriber to obtain advice, about how to obtain lawful access to copyright works”
“advice, or information enabling the subscriber to obtain advice, about steps that a subscriber can take to protect an internet access service from unauthorised use“.

The code also requires all notifications to include information about: “the ability of a Qualifying Copyright Owner to bring a legal action for damages in relation to an infringement”. This is, however, not required by the Act.

Appeals
The Appeals process also contravenes the process set out the DEA.
It appears from the draft initial obligations code that an appeal on any grounds can only be upheld if the subscriber proves that “the act constituting the apparent infringement to which the report relates was not done by the subscriber” and “the subscriber took reasonable steps to prevent other persons infringing copyright by means of the internet access service”. The DEA only requires that the subscribers proves the above two cases where the appeal is in relation to either “the apparent infringement to which the report relates was not an infringement of copyright” or “that the report does not relate to the subscriber’s IP address at the time of the apparent infringement”. Hence the draft initial obligations code places a considerable burden of proof on the subscriber which is not required by the DEA.

Section 13/124K(5) of the DEA also requires that the initial obligations code “must provide that an appeal on any grounds must be determined in favour of the subscribers unless the copyright owner or internet service provider shows that [...]” “the apparent infringement was an infringement of copyright” and “the report relating to the subscriber’s IP address at the time of the infringement”. However the draft initial obligations code does not fully implement these DEA requirements. Section 7.23 of the draft initial obligations code states that “a Subscriber Appeal on any grounds may only be determined in accordance with paragraph 7.22.2 (must be rejected) if the Appeals Body is satisfied that there is sufficient evidence to show that, as respects any CIR to which the Subscriber Appeal relates or by reference to which anything to which the Subscriber Appeal relates was done (or, if there is more than one such CIR, as respects each of them): 7.23.1 the apparent infringement was an infringement of copyright, and 7.23.2 the CIR relates to the Subscriber’s IP address at the time of that infringement.” In doing so the draft initial obligations fails to implement the clear requirement for an appeal on any ground to be determined in favour of the subscriber (that is upheld) unless the copyright owner or the internet service provider can prove that “the apparent infringement was an infringement of copyright” and “the report relating to the subscriber’s IP address at the time of the infringement”. The Section 13/124K(5) requirement is of upmost importance because it means that an invalid CIR or failure by the internet service provider to accurately match the IP address would automatically mean that the subscriber appeal is upheld in favour of the subscriber.

“Definition of “copyright owner”
The draft initial obligations code states that a ““Copyright owner” means (a) a copyright owner within the meaning of Part 1 of the Copyright, Designs and Patents Act 1988 (see section 173 of that Act); or (b) someone authorised by that person to act on the person’s behalf.” Hence the Digital Economy Act allows the actual copyright owner and its agent, to make copyright infringement reports against subscribers. It is likely that agencies such as the British Phonographic Industry (BPI) and the Motion Picture Association of America (MPAA) which will be acting on behalf numerous mayor copyright owners, may also issue CIRs to internet service providers independently. This is significant in so far as the Digital Economy Act provides that “the copyright owner may require the provider to disclose which copyright infringement reports made by the owner to the provider relate to the subscriber”. The question is whether an actual copyright owner who has sent CIRs through an agent, or several agents, can ask the internet service provider to disclose the copyright infringement list in relation to the CIRs relating to copyright owned by them.

Importantly the definition of “copyright owner” for the purpose of the copyright infringement provisions only apply to these provisions. For example, the initial obligations code follows the Digital Economy Act in stating that following disclosure of the anonymised copyright infringement list, “the copyright owner may apply to a court to learn the subscriber’s identity and may bring proceedings against the subscriber for copyright.” Under UK law only the actual copyright owner as defined in the Copyright Designs and Patent Act 1988 can apply for such a court order, not the agent, who for the purpose of the copyright infringement provisions is included in the definition of “copyright owner”. Similarly it would only be possible for the copyright owner as defined in the Copyright, Designs and Patents Act 1988 to take a subscriber to court for copyright infringement, not the agent of the copyright owner as defined in the Digital Economy Act for the purpose of the online copyright infringement provisions. However, the current draft initial obligations code does not clearly distinguish between the actions that can be taken by the “copyright owner” as defined by the initial obligations code, and the “copyright owner” as defined in the Copyright, Designs and Patents Act 1988.

Criteria for approval
Section 7/124E(1) of the DEA establishes a set of criteria and Ofcom must not approve the initial obligations code unless it is satisfied that it meets the criteria set out in this section. The criteria for approval of the initial obligations code are:

‘the provisions of the code are objectively justifiable in relation to the matters to which it relates’
‘that those provisions are not such as to discriminate unduly against particular persons or against a particular description of persons’
‘that those provisions are proportionate to what they are intended to achieve’
'that, in relation to what those provisions are intended to achieve, they are transparent’

While the consultation document references these criteria in relation to its decision to not implement some of the DEA requirements, particularly in relation to not complying with Section 5/124C(5) requirement for the Code to set a threshold for qualifying ISPs based on the number of CIRs received, Ofcom has provided no overall analysis on whether the draft initial obligations code meets the criteria set out above.

Threats to WiFi
I am greatly concerned that the proposals made in the consultation document would not allow Wifi to continue to be offered as normal, be it password protected or open.

The definition of “subscriber” and “internet service provider” provided in the draft initial obligations code creates a number of problems, particularly in relation to other definitions provided in the consultation document itself. For example, in relation to the definition of subscriber, the draft initial obligations code states that the internet access service must be provided under agreement. But the consultation document states that a user of a WiFi network would only be a subscriber if the internet access service is provided under explicit or implicit agreement and in return for payment.

But this definition is not contained in the draft initial obligations code. If the definition in the code was applied to users of WiFi, all users of WiFi, including open Wifi, would be subscribers as they all receive it under an explicit or implicit agreement. In turn, because the draft initial obligations code defines “Fixed ISP” as any ISP who “provides a fixed internet access service”, all providers of WiFi would be Fixed ISPs. But the consultation document states that Wi-Fi operators may only be classified as ISP if there is payment, if there is no payment the operator of the WiFi network is a subscriber.[Draft initial obligations code, Section 1] This definition is not in the draft initial obligations code and it is not clear what Ofcom is actually consulting on.

In any case, the definition outlined in the consultation document creates significant problems for operators of wifi networks. The consultation document states that wifi operators providing internet access service on agreement, explicit or implicit, and against payment, are to be “internet service providers” and wifi operators who provide internet access service without any payment are to be classified “subscribers”, meaning that any open or free wifi will be classified as subscriber for the purpose of the act. This means that especially public intermediaries such as libraries and councils, who frequently provide open and free WiFi access to users, would be classified as subscribers, and therefore copyright owners may make copyright infringements reports against them. As these operators are put on copyright infringement lists, they would be subject to court action by copyright owners and to technical measures if those are introduced at a later date. Open WiFi provided by not for profit organisations and public intermediaries plays a key role in providing internet access to all users. For example Islington council provides a free WiFi hotsport, called StreetNet, on Upper Street and Holloway Road near Angel tube station, which provides registered users with free one-hour session (i.e. no payment is required).

Classifying wifi operators who provide the service against payment as “internet service providers” does not necessarily make them immune from the provisions of the act either. That is because the draft initial obligations code provides that any “internet service provider” with more than 400,000 subscribers will be a qualifying ISPs. Ofcom fails to consider that some paid for wifi operators may well provide access to more than 400,000 users. For example, The Cloud, which provides WiFi against payment in the City Of London reportedly allows “more than 350,000 people who work in and visit the area access to wireless broadband.” The Mayor of London now plans to role out a similar service across London, stating that “London is the home of technological innovation. We in City Hall are doing our best to keep up, and one of our most important projects is called wi-fi London”.[http://news.bbc.co.uk/local/london/low/people_and_places/newsid_8691000/8691879.stm] It is not clear whether Ofcom considers service such as The Cloud as qualifying ISP, especially if such services were roles out London wide, potentially providing access to millions of people.

Therefore Ofcom has failed to clarify the position of wifi operators and its suggested approach is likely to cause great uncertainty for wifi operators, which may be consumers, businesses or public intermediaries.

[Duke]

*sigh*

When will ORG realise that sending 500 identical emails to someone is a lot less effective than sending 10 different ones? I know it is hard to get people to read large documents and write something of their own, but this is just pointless. I would not recommend that people use this form, instead, I suggest you read through it, then read through the questions (possibly alongside the answers drafted by PPUK) and see if you can answer a couple of the questions in your own words.

Also, having read that I feel a lot happier about the response we've done...

[epriezka]

*sigh*

When will ORG realise that sending 500 identical emails to someone is a lot less effective than sending 10 different ones? I know it is hard to get people to read large documents and write something of their own, but this is just pointless. I would not recommend that people use this form, instead, I suggest you read through it, then read through the questions (possibly alongside the answers drafted by PPUK) and see if you can answer a couple of the questions in your own words.

Also, having read that I feel a lot happier about the response we've done...

ORG normally strike me as quite professional in how they approach their work. After all, they actually employ people instead of relying on volunteers to do everything. But this is disappointing.

People in Ofcom are professionals and they have work to do too. Consultation responses aren't like votes for X-Factor: they don't care about numbers, they only care about the quality of the arguments and who is making them. If they see repeat responses, they won't read them. So, for instance, if 10 telcos completely agreed on a certain response to an Ofcom consultation they wouldn't send in 10 identical letters - they'd send in one letter which they had all signed. Unless people prominently and obviously change the content, then there is really not much point to them responding to a consultation. After all, Ofcom knows very well that the seriousness of an issue isn't well correlated to how many contact them. For example, a relatively large number of people complained about Jerry Springer: The Opera being on the BBC, but that doesn't mean Ofcom should give undue weight to the religious sensitivities of a minority of people.

I assume ORG's goal in this is to generate a cheap headline of the type: 'Thousands complain to Ofcom about DEA'.

[Duke]

Interestingly someone pointed out to me on Twitter that we shouldn't be bothering with consultations and stuff as we, the Party, should be getting support from the people while groups like ORG should be lobbying the government to get them to change stuff. I wonder if both us and them would be better off if we stuck to that - ORG seems to have members only to get the money to lobby, whereas we actually need votes.

Not that I have any idea how any of this would work, but it was an interesting thought.

[samgower]

Until the Party is elected, replying to consultations on behalf of those who voted for us is one of the few ways we can make an impact. Besides, in this case it seems the Party's response is rather more coherent and helpful than ORG's.

[epriezka]

Interestingly someone pointed out to me on Twitter that we shouldn't be bothering with consultations and stuff as we, the Party, should be getting support from the people while groups like ORG should be lobbying the government to get them to change stuff. I wonder if both us and them would be better off if we stuck to that - ORG seems to have members only to get the money to lobby, whereas we actually need votes.

Not that I have any idea how any of this would work, but it was an interesting thought.

Well, I've not been my usual sourpuss on this, as I didn't want to put people off, and you've been doing a great job but... I have to agree with the person who communicated with you via Twitter. From my experience of these things, it's darned peculiar that a political party has written in to an Ofcom consultation - I've never heard of it happening before. Indeed, I have the feeling that normally it would be very undesirable for politicians to lobby via public consultations. Politicians get elected and that's how they influence the debate. I mean, it would be pretty odd if an MP stood up in Parliament, had his say about what should be in the DEA, and then went to his party colleagues, asking them to write a joint lobbying letter about how Ofcom implements the DEA. Politicians are there to be generalist lawmakers, regulatory bodies like Ofcom are specialists in certain domains, and one of the main reasons they hold public consultations is that they need even more specialized specialists in the industry or that represent consumer interests to offer advice on how to do stuff. So I can see some dangers of confusion if we place ourselves at both ends of the scale - lawmakers concerned for the good of all and niche specialists commenting on how to implement the fine points of law. I mean, are we saying we're technical specialists, or that we represent consumers? You don't need to form a political party in order to perform either role.

And now for an aside- that problem of relying on specialists to work out how to execute the general principles that have already been put into law contributes to one of the major weaknesses in the draft code: Ofcom not stating what evidence of infringement is needed. Ofcom didn't state it because they don't have a clue. That's not criticism, just an observation. They're human and imperfect like the rest of us. Idiot politicians always outline principles for what they want and then rely on some other poor sod to work out how to make them a reality - if they can. It's just tough luck if nobody can actually work out how to do it. So the politicians say there should be evidence, and delegate to Ofcom to decide what this means. The poor people in Ofcom sigh and have a public meeting or two, hoping somebody else (ISP, media company, whoever) will come up with the answer. Nobody does, so they issue a code for consultation that essentially says the people gathering the evidence can make it up as they go along. What Ofcom will then do is have a look (a.k.a. they will glance over the self-appraisal quality report) and see if it seems reasonable. Then they can compare the worst reports with the best reports and at least have some moderating influence by making "tut, tut, must try harder" noises at the companies that issued the worst reports. It's not a very satisfactory state of affairs, but from a human level it's perfectly understandable why things end up being done like this. In the end, if Ofcom legally has to do something, but doesn't know how to do that something, and nobody's giving them any help to do it (perhaps because the task itself is literally impossible) then this is the kind of 'solution' they will always come up with...

So in short, this is the mess you inevitably get when complex legislation is rushed through Parliament and the House of Lords once again fails to perform its supposed role of involving people who know more than the average MP.

[samgower]

Yes, it's very unusual for a political party to do this sort of thing. For the time being, I think that's a good thing. It shows we're not afraid to get stuck in, despite having "under-performed" at the election, according to our friends in various media outlets (personally I think we did quite well, all things considered). Also shows we're not just going to pop up every now and again at an election, but rather we're looking to become something of a political force, albeit in a rather unique manner.

It's also worth considering that in our electoral system, people can vote for us and not be represented in the slightest. We don't want them to feel like their vote was wasted. By engaging in the consultation process we're doing the best we can to give them a voice in all this. We just happen to have a few experts in our ranks with a keen eye on civil rights, too.

[Duke]

The other advantage to doing it is that we can release a Press Statement and hopefully get some coverage showing that we are doing things, we are serious and we sort of know what we are talking about.

Of course, we need to get the statement written... I'd better get back to that.

Edit: 1,400 emails apparently... I feel sorry for Campell come Monday morning - and it isn't great for us, given that our response (and all the other real ones) will be lost in that mess. Of course the professional lobbyists will have got theirs in weeks ago, probably on paper as well.

The sensible thing for them to have done would be to send one response with 1,400 signatures, but no... that's not the ORG way.

[epriezka]

Edit: 1,400 emails apparently... I feel sorry for Campell come Monday morning

Feel sorry for his PA.

The sensible thing for them to have done would be to send one response with 1,400 signatures, but no... that's not the ORG way.

It's a way to generate publicity and make people feel like they can do something. But it's not an effective way to lobby Ofcom. Expect lots of mock outrage when Ofcom "doesn't listen"...

[M2Ys4U]

The thought about whether we should be responding to consultations crossed my mind as well - however I believe that we're not doing anything improper as we aren't represented in the legislature or executive of any public body. Our constitution, which we had to send to the EC IIRC, also states that we will 'do all such other lawful things as are necessary for the attainment of the Party’s aims'. Lobbying Ofcom seems to be to satisfy that, even if it is unusual for a party.

On the subject of ORG... perhaps we should offer them some constrictive criticism? We're hardly an authoritative source of advice on these things but we share a lot of common interest.

[scuzzmonkey]

tbh, everything we do is unusual for a party - so why should adding one more thing to the list make a blind bit of difference?

as others have said - this proves we aren't just talk.

[ktetch]

yeah, at the same time it's showing we can put our thoughts down clearly, and officially, rather than via some nebulous speech that no-one can really follow and often won't actually answer the questions in the topic.

[epriezka]

To play devil's advocate: giving an official party opinion on how to implement the DEA is somewhat at odds with a party manifesto that states we would repeal it. Imagine a Tory policy that stated: "we don't believe in PR, but if we did, STV is the best system..."