Pirate Party UK

Digital Economy Act/Ofcom response

From Pirate Party UK Wiki

Jump to: navigation, search
This page is for the Pirate Party's official response to Ofcom's consultation on Online Infringement of Copyright and the Digital Economy Act 2010. More details can be found here. The submitted response can be found here.

Please make any corrections or additions in italics. Any comments and discussions should be limited to the talk page. Stuff not in italics should be considered part of the final text unless corrected/altered. If you know of any evidence to support any of the claims made by us, please add them (articles, papers, studies) - we need lots of evidence to be taken seriously.

Contents


Points outside the Code: One of the most worrying aspects of the Code stems from a simple question; what is the purpose of this Code? Under Section 124D(6) of the Communications Act 2003, Ofcom cannot make a Code under this Act "unless they are satisfied that it meets the criteria set out in Section 124E" and one of those criteria - Section 124E(1)(k) - states that the provisions must be "proportionate to what they are intended to achieve". Ofcom has indicated to the Party that it is not aware of what the Code is intended to achieve but while such intention is a policy matter and so for the government to decide, it is clear that a Code cannot be approved or submitted by Ofcom without its purpose being known and considered. Furthermore, it is worrying that this Code is being developed and potentially will be put in place with no criteria for success or failure. Without such criteria it will likely be difficult for Ofcom (or anyone) to gauge the success of the Code when considering making changes to it or implementing a Technical Measures Code under Section 124I of the Act. It is vital that the purpose of this legislation and criteria for success and failure are published before any Code is approved, or Ofcom cannot have satisfied its obligation under 124E(1)(k). Additionally, if this information is not available the Code will likely fail to be transparent as required by 124E(1)(l). Possible purposes could be to reduce the online copyright infringement of material covered by the Qualifying Copyright Owners, reduce all online copyright infringement, increase revenue to Qualifying Copyright Owners or all Copyright Owners, or increase creative output. These are by no means similar and while the Code may affect one of these aspects in a positive manner, it could have negative effects on the others. Ofcom (whether with government input or not) should make it very clear which of these goals (or any other) they are seeking.


Executive Summary

Introduction

Application of the Code

Question 3.1 (page 10) Do you agree that Copyright Owners should only be able to take advantage of the online copyright infringement procedures set out in the DEA and the Code where they have met their obligations under the Secretary of State’s Order under section 124 of the 2003 Act? Please provide supporting arguments.

While we agree with this in principle, it would seem to that a pre-notification system requiring estimates of future levels of infringement could be problematic for smaller Copyright Owners. This could create a two tier system where only large organisations with ownership of many copyrights would have access to the system of measures. A possible solution would be to require an estimate for the number of CIRs going to be issued if above a certain amount. For smaller volumes the copyright owner should just be required to register their intention to use the process but would not be allowed to submit more than the minimum number of CIRs that require an estimate to be given.

Other than that, it seems sensible and fair that Copyright Owners be required to comply fully with the Code to use it. The entire system put in place by the Initial Obligations Code is primarily for their benefit and they have complete control over how much the system gets used.

Finally, it would be sensible if a list of Qualifying Copyright Owners for each notification period be published by Ofcom. Ofcom has indicated that they consider the duty of reporting to Government on the levels of infringement etc. more important than the work on the Initial Obligations Code. By publishing a list of which Copyright Owners are using the measures, it should be easier to gauge the effects of the Code by providing a control group of copyright owners that the general public know are not using the Code (and so do not need to fear the consequences of infringing their copyright as much). Furthermore, whatever effects the Code have, it would seem unfair that Copyright Owners not signed up to the Code (and so not contributing to the costs) benefit from any positive effects to the measures or suffer any negative effects. Any complaints by Qualifying Copyright Owners that this lack of anonymity could be harmful to them (in terms of a negative consumer reaction) is countered by pointing out that they would be using these measures on a purely voluntary basis due to feeling that they will be of net benefit to their business. On a final note, as the identity of the Copyright Owner must be included in any notification sent to subscribers, it is likely that if no official list is published, unofficial lists will appear shortly after the first notifications are sent so any anonymity in Copyright Owners signed up would not last.


Question 3.2 (page 11) Is two months an appropriate lead time for the purposes of planning ISP and Copyright Owner activity in a given notification period? If a notification period is significantly more or less than a year, how should the lead time be varied? Please provide supporting evidence of the benefits of an alternative lead time.

This would seem to be an appropriate time and would also give enough time for Ofcom to publish a list of the Copyright Owners who are planning to use the Code during that period (as discussed under question 3.1). This time would remain sensible if the notification period was extended or shortened, although it would be logical to ensure that the lead time was no longer than the notification period.


Question 3.3 (page 14) Do you agree with Ofcom’s approach to the application of the Code to ISPs? If not, what alternative approach would you propose? Can you provide evidence in support of any alternative you propose?

Various comments on the approach to the application of the Code to ISPs are included in the responses to the following three questions. There are no issues with the overall approach, merely the details.


Question 3.4 (page 14) Do you agree with the proposed qualification criteria for the first notification period under the Code, and the consequences for coverage of the ISP market, appropriate? If not, what alternative approaches would you propose? Can you provide evidence in support of any alternative you propose?

This would seem a logical approach to make, possible issues with defining where the line is drawn between ISPs. For example, would an ISP with over 400,000 subscribers be able to split off some subscribers into a "child ISP" and then no longer qualify? Secondly, while it would seem clear which ISPs would be covered by the criteria included, the current code would seem unclear as to how, or when, the number of subscribers would be counted. An organisation could have more than 400,000 subscribers during the entire notification period but fewer than that many at any one time. While this is unlikely to cause a problem initially, it would seem sensible to provide a slightly clearer definition. Clarity could be gained by amending the draft code, adding to the end of 2.4.2 either "in total, over the course of the notification period." or "at any given time during the notification period."


Question 3.5 (page 16) Do you agree with Ofcom’s approach to the application of the 2003 Act to ISPs outside the initial definition of Qualifying ISP? If you favour an alternative approach, can you provide detail and supporting evidence for that approach?

Similar concerns could be raised here as under Question 3.4 regarding how the number of subscribers would be counted. This would be particularly important when dealing with organisations who provide an "open wireless" network and count as an ISP for the purpose of the Code. An organisation offering a wireless service along with another service (as described in 3.23) could have over a certain number of subscribers in the course of a notification period (for example, if the organisation ran a chain of restaurants each offering an Internet service), but may have significantly fewer subscribers at any one time. Further, if the service was provided through an "oral or implicit" agreement (as described in 3.22) it may be hard to generate accurate numbers of subscribers or to obtain suitable details that the service provider would require to comply with the Code. The only solutions would seem to be to exempt all wireless ISPs from the code (which would be a significant loop-hole) or to abolish "open wireless" networks. The latter would have a significant impact on any attempt to create large-scale, free and open Internet access. As such the best option would be to exclude wireless ISPs in a similar manner to mobile ISPs. If this is not done, it could be argued that the measures in the Code would be discriminatory against wireless ISPs by placing a disproportionate burden on them, potentially contradicting Sections 124E (1)(j) and (k) of the Act.

It would likely be helpful (although it need not be included in the Code itself) if reasonable warning be given to ISPs that would qualify following a change in the criteria to give them the opportunity to prepare for and, if they feel the need to, contest the change. This would be particularly important for mobile or wireless ISPs who may need to significantly alter the way their system works in order to comply with the Code if they were to be included at a later date.


Question 3.6 (page 16) Do you agree with Ofcom’s approach to the application of the Act to subscribers and communications providers? If you favour alternative approaches, can you provide detail and supporting evidence for those approaches?

Paragraph 3.30 would seem to lack clarity in defining whether or not someone who both offers a service and uses it themselves is an ISP or a subscriber. As many businesses or organisations that offer an Internet service (as defined in 3.22, 3.23 or elsewhere) is likely to want to use it for themselves as well, this could create confusion. A possible solution would be to define them as an ISP (in that they offer a service) and separately as a subscriber to their own service. If they then fell under the requirements of the Code (due to the criteria being expanded), they would then need to collect the appropriate details on their own use of their service as well as any third party's use.

Paragraph 3.31 suggests that those who enable access to their service (one assumes without acting as an ISP as defined previously) may wish to "take steps to protect their networks". However, it notes that Ofcom hopes the advice on how to do so will be "provided by stakeholders". This is of some concern as the stakeholders may have other interests in this matter (for example, an ISP recommending an "upgrade" to its service or its own commercial software, or a copyright owner recommending "monitoring software" that may perform invasive functions as well). As such, the safest and most sensible option would seem to be for Ofcom to produce guidelines as to what measures could be taken and (possibly in conjunction with legal experts) what steps would be a defence in Court. This could be done in consultation with stakeholders and would not need to be included in the Code itself (removing the main time constraints). If a single, comprehensive set of guidelines for how to secure networks could be produced and published this would lessen confusion among consumers and reduce the chances of them being exploited by third parties (either stakeholders or otherwise) seeking to gain advantage from offering their own advice.

Finally, it should be noted that the Party has been advised by computer security professionals that it is beyond the reasonable capability of the average consumer or business to secure their network against use for copyright infringement (for example, both of the main methods for securing wireless networks, WEP and WPA2, have been found to have serious flaws), and so any advice given may merely provide the illusion of security - something that could have significant consequences at a later stage in these measures to tackle online copyright infringement. The experts consulted by the party also highlighted the difference between unauthorised access to a network and unauthorised use of a network, and observed that these issues appear to have been incorrectly conflated by Paragraph 3.31.

Copyright Infringement Reports

Question 4.1 (page 18) Do you agree with the proposed content of CIRs? If not, what do you think should be included or excluded, providing supporting evidence in each case?

While the list included under 3.3 of the draft code seems to be a reasonable it should be noted that only 3.3(d) would seem to be "evidence" in this list that the alleged infringement has occurred. The information in 3.3(e) would not be necessary or sufficient to show that the IP address was actually used for copyright infringement nor is an IP address alone - 3.3(h) - enough to show that the subscriber to whom it had been assigned committed the act. In fact, one Computer Science professor commented that an "IP number on a packet has only suggestive value and is not reliable evidence at all" (http://www.zeropaid.com/news/8909/u_of_chicago_professor_questions_riaas_use_of_ip_addresses_in_lawsuits/) when they were being used for a similar purpose in the United States of America. Items 3.3(i) and 3.3(j) may help in obtaining evidence of an infringement (such as logs from either the subscriber, ISP or a third party) but are merely general information. Furthermore it IP spoofing (where a fake IP address is used) is already being used by criminals (http://www.symantec.com/connect/articles/ip-spoofing-introduction, http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-4/104_ip-spoofing.html) and there is no shortage of cases where an IP address has been used to implicate an innocent person (http://arstechnica.com/old/content/2005/02/4587.ars). As the only evidence for the infringement is the copyright owner's word - 3.3(d) - it should be required in the form of a sworn statement, with the understanding that there would be serious consequences if the copyright owner is unable, at a later date, to prove the infringement occurred.

Other than that, the only suggestion for what to add to the list of information included would be an approximation of the value of the material (i.e. current mode or lowest selling price) which would be helpful to have on record if a value-based threshold system were to be used for the notifications or in the event of a trial, to aid in estimating the damages caused by the alleged infringement. It should be fairly straightforward for the Copyright Owner to obtain this figure and for the ISP or a third party to confirm it if they wished to.

Finally, despite widely consulting, the Party has been unable to find any case law from a UK court to suggest that this alone would be sufficient evidence. It is also surprising to see that the information that led to Ofcom considering this sufficient evidence was provided by or on behalf of Copyright Owners in whose interest it would be that the standards of evidence (and thus the afford and expense they must incur) be as low as possible. The Party would therefore recommend that Ofcom further consult with legal experts and with technical experts not affiliated with Copyright Owners or their agents to come up with a more rigorous standard of evidence (the Party would be happy to help and participate in such a consultation), as well as publishing the information received that led to this position being taken.


Question 4.2 (page 19) Do you agree with our proposal to use a quality assurance approach to address the accuracy and robustness of evidence gathering? If you believe that an alternative approach would be more appropriate please explain, providing supporting evidence.

The quality assurance approach suggested in the draft code would seem not to satisfy the requirements of the Act, in particular, under Section 124E(2) that the Code must include "requirements as to the means of obtaining evidence of infringement of copyright" and "the standard of evidence". By leaving this for the Copyright Owners to decide rather than Ofcom, these obligations do not seem to have been met. As mentioned in the response to question 4.1, there are many issues with the levels of evidence required and if Ofcom were to explicitly state certain minimum levels, or appropriate methods, this would help reduce the risks of Copyright Owners cutting corners and possibly violating local laws in their evidence gathering, as has occurred elsewhere (http://techdirt.com/articles/20080129/021823106.shtml). Concerns could also be raised that such an approach would violate the transparency required by Section 124E(1)(l) if the quality assurance reports are not published.

Another failure of the proposed system is that the evidence-gathering methods used by Copyright Owners could only be examined by Ofcom or ISPs after the evidence has been gathered and accusations made based on it. It would not be possible to correct any failings in the standards of evidence or prevent methods that might breach the privacy of consumers from being used. This approach seems to sacrifice consumer protection, engagement and transparency for little or no gain. At the very least, the quality assurance reports or a summary of them should be published as soon as possible by Ofcom. Publishing clearer guidelines for evidence gathering could also help consumer groups advise subscribers on what evidence they might want to collect themselves for use in their defence if wrongly accused.

In summary, a much more sensible approach to addressing accuracy and robustness would be for Ofcom to publish strong guidelines for minimum levels of evidence and for appropriate (and inappropriate) methods of gathering data, ideally in consultation with Copyright Owners, technical and legal experts independent from them, and privacy groups and organisations.


Question 4.3 (page 19) Do you agree that it is appropriate for Copyright Owners to be required to send CIRs within 10 working days of evidence being gathered? If not, what time period do you believe to be appropriate and why?

Due to the low (or non-existent) standards of evidence required by the draft code and the nature of the technology involved, there are serious concerns over the difficulty in defending against allegations of copyright infringement. As the level of evidence suggested is insufficient it is likely that a significant number of false allegations will be made and there is little evidence that could be provided by a subscriber to prove their innocence (as it would seem to be required that they do so). Therefore, it would be essential to minimise the time between the evidence being gathered and the subscriber being notified of the accusation to help ensure that as much evidence for their defence can be gathered as possible (such as browser histories, logs of any third parties who may have used the service, logs of what the subscriber was doing). The process of gathering evidence and submitting a CIR should be relatively straightforward and there is little reason why it could not be done within a couple of days. The Party therefore recommends decreasing the time period to 5 working days - this should not negatively affect the Copyright Owners (other than encouraging efficiency) and should help subscribers defend themselves against false accusations.

Identifying subscribers and making notifications

Question 5.1 (page 21) Do you agree with our proposals for the treatment of invalid CIRs? If you favour an alternative approach, please provide supporting arguments.

The treatment seems sensible although could be improved by including negative effects on Copyright Owners for invalid CIRs. This would be particularly important in cases where the CIR was rejected due to the IP address being unallocated. In such a case it would be clear that the Copyright Owner's evidence-gathering system was not suitably robust. This would call into question any other CIRs produced by the same evidence-gathering system and so all previous and future CIRs issued by that Copyright Owner, using that system, should also be rejected. Furthermore, any action taken by Ofcom should not limit the accused's ability to take legal action against the Copyright Owner for the wrongful allegation.


Question 5.2 (page 22) Do you agree with our proposal to use a quality assurance approach to address the accuracy and robustness of subscriber identification? If not, please give reasons. If you believe that an alternative approach would be more appropriate please explain, providing supporting evidence.

Similar issues are raised here to those in 4.2. In particular, to ensure the transparency required by the Act, either the quality assurance reports or a summary of them should be published by Ofcom as soon as practicable.


Question 5.3 (page 23) Do you agree with our proposals for the notification process? If not, please give reasons. If you favour an alternative approach, please provide supporting arguments.

The time-based system for issuing notifications would seem to be straightforward to implement, but would be unbalanced, disproportionate to and unpredictable for the subscriber. In particular, it would treat a subscriber accused of infringing the copyright of three short music files over the space of three months more harshly than a subscriber accused of infringing the copyright of (potentially) thousands of pounds of software over a short period of time. Similarly, once a subscriber has received a notification they would then know that they have a certain time period (a month minus the 10 or so working days) in which no alleged infringements could count towards a further notification nor would they have any effect on the process (although they could count if the Copyright Owner decided to take legal action).

A more logical system would be one based on the value of the material infringed. This would not seem to be as hard to implement as has been suggested. In the response to question 4.1 a method whereby the CIR could include an estimate of the value of the material was detailed. This would require the Copyright Owner to estimate the value (based on average or minimum retail price or, in the case of work not available for purchase, the retail price of similar material) and the ISP to include one extra piece of data in their CIL (i.e. the total value of all CIR's received for a particular subscriber). Not only would this be more proportionate in terms of the infringement committed, it would also help Copyright Owners target those subscribers who have copied not only large quantities of material but large values of such. A possible system would be to issue the first notification after the first CIR received, then choose a value and have the second notification sent after that value had been surpassed. Then the third notification could be sent after that value had been reached again (resetting the count after the second notification). While this would still leave some "free-hit" infringements, unlike in the "time-based" system these alleged infringements would still count towards the next notification and unlike the "number of CIRs" system, would treat differently those allegedly infringing high-value material (such as expensive software) to those allegedly infringing large numbers of inexpensive material.

Finally, it is worth noting that copyright law in the United Kingdom is (and has always been) based on a system of "damages" (under Section 96(2) of the Copyright, Designs and Patents Act 1988), i.e. the value of the infringement is taken into account. It would seem to set a potentially-dangerous precedent to break with this, even for something as low-impact as a notification system.


Question 5.4 (page 25) Do you believe we should add any additional requirements into the draft code for the content of the notifications? If so, can you provide evidence as to the benefits of adding those proposed additional requirements? Do you have any comments on the draft illustrative notification (cover letters and information sheet) in Annex 6?

While the law governing this entire process is the Communications Act 2003, it is worth noting that providing this information may not be particularly helpful to the average subscriber. In particular, a search (using a popular Internet search engine) for "Communications Act 2003" provides links to various pages discussing the Act (and foreign Acts of the same name) and to the full text of the Act (via the Office of Public Sector Information). However, none of the top sites contains a reference to the measures to tackle online infringement of copyright and the relevant sections added (124A-124N) are not, as of writing, included on the OPSI website. A subscriber looking for further information may find it difficult to find it if this is all the information given. The notification should at least state that it has been sent under the relevant section of the Communications Act 2003 "as amended by [the relevant section of] the Digital Economy Act 2010". This should enable consumers to find a wealth of information on the Code and related matters.

The current draft Code (and the Act itself) requires that various sets of information are included in the notification. There are some concerns as to who will be responsible for writing this information. As discussed under question 3.6, the various stakeholders may have ulterior motives in adding additional information here and the notifications may contain information that is contentious or factually inaccurate, whether intentionally or not. For example, the template provided in Annex 6 suggests, in section 4 of the "information sheet on online copyright infringement and notifications" that an IP address is "a unique identifying number given to each device connecting to the Internet" which would seem to contradict paragraph 3.12 of the consultation document that notes that a single IP address "may be in use by multiple individual subscribers". Further, in the case of information provided under section 124A(6)(g) of the Act ("advice about how to obtain lawful access to copyright works") it may be in an ISPs interest to include information about their own services (or those offered by partners) and not about rival services including material released under an open licence such as a Creative Commons licence. A similar concern could be raised by the information required under section 124A(6)(h) as an ISP (or similar organisation) could suggest their own service or system. It would be sensible, therefore, for all this information to be published by Ofcom before the first notifications are sent. This could be done in consultation with the various stakeholders (including, for the purposes of 124A(6)(h), legal experts to work out what reasonable steps could be taken that would be a defence in Court) and would ensure that the information provided to consumers is fair, balanced and accurate. There is no shortage of misinformation in popular media and in the mind of the public about copyright and related concepts and it is vital that this is not added to.

Care should also be taken to ensure that the notification is clear that the infringement is alleged, not proved. It is vital that the presumption of innocence be maintained. On a similar note, the notification should also include a legal disclaimer making it clear to the subscriber that no action (or lack of action) taken by the subscriber in response to the notification could be taken as an admission of liability or guilt. This should help comfort subscribers, limit any feeling of being threatened and reduce the need to seek professional (and potentially expensive) legal advice. These notifications are primarily designed to be educational, not threatening and including such a statement would help confirm this. This would also help ensure that a failure, unwillingness or inability to contest an allegation would not be taken into account by a court were the copyright owner to pursue legal action.

Copyright infringement lists

Question 6.1 (page 26) Do you agree with the threshold we are proposing? Do you agree with the frequency with which Copyright Owners may make requests? If not, please provide reasons. If you favour an alternative approach, please provide supporting evidence for that approach.

Due to the difficult nature of defending against wrongful allegations of online copyright infringement, it is vital that the length of time between the alleged infringement and any legal proceedings be minimised. As such, it is recommended that paragraphs 6.2 and 6.3 of the draft code be amended by replacing "12 months" with "7 months". This would help minimise the time taken for legal proceedings to occur but would be long enough for the period to cover two applications for access to the CIL by the Copyright Owner (with some leeway). Any further steps that could encourage Copyright Owners to take further legal action as promptly as possible should also be taken.

Subscriber appeals

Question 7.1 (page 30) Do you agree with Ofcom’s approach to subscriber appeals in the Code? If not, please provide reasons. If you would like to propose an alternative approach, please provide supporting evidence on the benefits of that approach.

The main concern is that the appeals process be as open, simple and accessible as possible to the subscriber (particularly given that the low standards of evidence required so far could result in large numbers of false accusations). It should also be as easy to defend as possible. To help this, as much detail on the evidence and evidence-gathering process as possible should be supplied to them. Similarly, there will be a significant imbalances between the subscriber and copyright owner/ISP in terms of available funds, legal and technical expertise. Every effort should be made to balance this out - in particular, provision could be made to enable a subscriber to appeal (either at the first point or after an initial appeal) to a Court with the full protections and balances the system offers.

Another concern with the Code as it stands is that a key defence for the subscriber is that they took "reasonable steps" to prevent others infringing and yet these steps are not defined. Due to the very limited case law on the subject it is hard to know what a Court would rule such steps would consist of and this uncertainty could be used (as mentioned in the answers to questions 5.4 and 3.6) to exploit consumers. As such it would be helpful if an attempt could be made by an organisation independent from the Copyright Owners and ISPs (such as Ofcom) to explore what "reasonable steps" could be.

Finally, there is no provision in the draft Code to appeal only on the grounds that the infringement was not done by the subscriber. As it is up to the Copyright Owner to prove that the subscriber infringed their copyright (not the reverse) this should be grounds to appeal with the burden of proof remaining on the Copyright Owner. This could be added by splitting up the current 7.12.3 into two sections, the first reading "that the act constituting the apparent infringement to which a CIR relates was not done by the Subscriber" and the second "that the Subscriber took reasonable steps to prevent persons infringing copyright by means of his/her internet access service". This would cover both the current 7.12.3 (by removing the "other" from the final part) and add a new grounds of appeal that the infringement was not done by the Subscriber.

Administration, enforcement, disputes and information gathering

Question 8.1 (page 31) Do you agree with Ofcom’s approach to administration, enforcement, dispute resolution and information gathering in the Code? If not, please provide reasons. If you favour an alternative approach, please provide supporting evidence on the benefits of that approach.

The only issue with this would be that the time limits of 5 or 10 working days given in paragraphs 9.7 and 9.9 of the Draft Code for dealing with Notice of Enforcements could be prejudicial to small or individual copyright owners. Perhaps these issues could be delt with by adding the option of a delay in dealing with them if there were extenuating circumstances.

Retrieved from "http://www.pirateparty.org.uk/wiki/Digital_Economy_Act/Ofcom_response"