Dr. Richard Tynan and I have a piece in Saturday’s Irish Examiner discussing the implications of Eircom’s “phased disconnection” scheme. Unfortunately it doesn’t seem to be on their website, so here’s the full text:
Pulling the plug is not the answer
Earlier this week Eircom announced that it has started “the phased disconnection of file-sharers” on its network – colloquially known as a “three strikes” policy.
The key players in this procedure are Eircom, the Irish Recorded Music Association (IRMA) and technology firm Dtecnet. Under the procedure IRMA will provide Eircom with the IP addresses of machines that Dtecnet claims to have found to be infringing the copyright of its members. This will then trigger a disconnection procedure by Eircom starting with a letter, moving on to temporary suspension of an account, and ending with the disconnection of the account for up to a year.
In Ireland, one must generally have engaged in some form of wrongdoing in order to be punished. It is clear that the disconnection of one’s internet access is quite a severe punishment in today’s digital society.
But one problem with the approach adopted by Eircom is that the wrongdoer and the person who is disconnected may not be the same person.
The evidence used to identify alleged filesharers is unreliable.
But whatever the reason it is likely that innocent Irish users will face wrongful accusations.
In addition, in the era of wireless technology it is very common for an internet connection to be shared by many members of a household. In fact, Eircom offers wireless routers as part of its broadband bundles. This means that cutting off internet access based on the actions of one user will have a detrimental effect on all the others using the same connection for education, entertainment or business purposes.
If a husband is accused of filesharing, should this have the effect of preventing his children from doing their homework, or his wife from working at home?
It is clear that in the household context, the alleged wrongdoer and the individuals punished are not the same and the impact can be wholly disproportionate.
Eircom state on their website that they will not disconnect business customers but the effects of these measures on a small business could be catastrophic where they have an ordinary household account (as many do).
Through no fault of their own, a small business might find their internet connectivity withdrawn because of the actions of another family member, a malicious neighbour or even because they happen to be unlucky enough to be assigned the same IP address as one ThePirateBay has randomly inserted into files sharing the latest U2 album. This is worrying in a situation where a person’s livelihood is at stake.
One criticism of the current approach is that it shifts the burden of preventing illegal file sharing onto the ISPs, driving up the cost of broadband for private users and businesses. While this is true, it in fact goes much further than that. This logic of this deal – particularly if it is extended to other ISPs – potentially places a burden onto small businesses such as hotels and coffee shops to police their users’ activity. This will come at a significant cost to these businesses who have limited resources in these hard times.
Quite apart from these criticisms, there are also significant problems of principle. Internet access is today a fundamental right and a necessity – especially as the government moves more public services online – but this system threatens to take away that right based on nothing more than a private agreement between IRMA and Eircom.
In other European countries proposals for similar laws have been the subject of public consultation and debated by national parliaments. Here, however, there has been no legislation and no Government or Oireachtas input of any sort. Indeed the full details of the deal between Eircom and IRMA have never been published. A recently passed European law requires that disconnection of internet users should be subject to “adequate procedural safeguards” and “effective judicial review” – this deal, however, doesn’t appear to provide for either.
Instead, it allows users to be disconnected with no right of appeal to any independent body.
In summary, the Eircom / IRMA deal and the “graduated response” procedure is a worrying development for Irish internet users – one which has been undemocratic in its adoption and is likely to be unreliable in its application.
TJ McIntyre is a Lecturer in the School of Law, UCD and chairman of Digital Rights Ireland
Dr. Richard Tynan is a Postdoctoral Research Fellow in the School of Computer Science and Informatics, UCD
Looks like we got it wrong. When we wrote about the deal between Eircom and the music industry we believed (as the early reports seemed to say) that it only involved a “three strikes” system and that the daft notion of internet filtering was off the table. But the nastygrams sent to the other ISPs have now been leaked (thanks Michele) so that we can now see just what was agreed with Eircom and what the music industry is demanding that other ISPs do – and filtering is still on the table:
Leave aside for a moment the nonsense of sending this letter to a business – Blacknight - which doesn’t in fact provide internet access. The key words are these:
Eircom has agreed that it will not oppose any application our client may make seeking the blocking of access from their network to the Pirate Bay or similar websites …
Please confirm that Blacknight will also work with the record industry to end the abuse of the internet by peer to peer infringers … in the event of a positive response to this letter it is proposed to make practical arrangements with Blacknight of a like nature to those made with eircom.
Irma is drawing up a list of websites it doesn’t like and Eircom will block them to all of its customers. And Irma is demanding that other ISPs do likewise, on pain of being sued.
Eircom says that it will only block a website if a court order requests it to. But it has undertaken not to oppose any application to a court… Our judicial system is an adversarial one: it depends on someone opposing the action for a judge to come to a conclusion. If the opposing party enters no opposition, a basic standard of proof will be enough to satisfy the court.
The net effect of this scheme, if it is allowed to go into effect, will be to impose an internet death penalty on two groups. On users, who will be cut off on the allegation of a private body, with no court involvement, and on websites, which could be blocked to Irish users based on a court hearing where only one side is heard. Damien Mulley makes the point well as usual:
So first they’ll start with the Pirate Bay. Then comes Mininova, IsoHunt, then comes YouTube (they have dodgy stuff, right?), how long before we have Boards.ie because someone quoted a newspaper article or a section of a book? And don’t think they’ll stop there too, any site that links to The Pirate Bay and the others on the hate list will probably be added to the list too…
I’m sure the business case for eircom was they didn’t want any more costly High Court actions with McDowell biting at their legs on the command of the music industry but this is going to open up a can of worms with IRMA demanding more and more attacks on how people surf the net, this is what it is in my view an attack on our freedom to read, our freedom to write, our freedom to move around the web. All so a very rich but rapidly becoming poor group of luddites can feel better for seeing the future and trying to fight it.
And of course the costs of communications with IRMA and of the filtering is going to be passed on to the consumer. The cost of blocking a single site will be almost nothing I suppose but as more sites get added and as the arms race between the pirates and the ISPs escalates, then it’ll become complicated and complicated costs more. So again the majority get to pay…
So what can you do about this? The first step is the most urgent. The other ISPs are at this very moment considering what steps to take. Although some (such as Bitbuzz) have been vocal in their opposition, caving in is the path of least resistance unless you show that this is an issue which matters to you and which determines where you’ll take your business. Contact your ISP – mark your email for the attention of their regulatory department – and let them know what you think. Contact emails for most ISPs are on the ISPAI website. Do it now – the decision on what to do will be made soon.
The next thing to do is to get involved with a group which will fight this. We’re currently working on a few ideas and will let you know soon. But in the meantime you should go to Blackout Ireland who have been quick off the mark with a plan to black out the Irish internet for a week from March 5th. The Digital Rights forum on Boards.ie has also been abuzz with this issue, as has this thread on their Broadband forum.
Having done that, let the Minister for Communications – Eamon Ryan – know the damage that this is likely to cause. Don’t just rely on the civil rights arguments – business impact is more likely to get attention. Point out that if ISPs are forced to become the (unpaid!) copyright cops of the music industry, it will drive up their costs and set a dangerous precedent for other Irish internet businesses. Would you choose to establish an internet start up in Ireland if you thought you’d be made responsible for policing what your users do? Ask him to intervene to prevent irreparable damage to the Irish internet. Eamon Ryan’s email addresses are firstname.lastname@example.org and email@example.com but a paper letter (Department of Communications, Energy and Natural Resources, 29-31 Adelaide Road, Dublin 2) or fax ((01) 678 2029 or 2039) are more likely to get attention. You can also ring the Minister’s office on (01) 678 9807 – if you do, be polite and succinct. If you’re a constituent of his (in Dublin South) be sure to mention that fact and that this issue will influence how you vote in the next election.
You might have noticed Karlin Lillington’s story in the Irish Times today about the Department of Justice’s new proposals on data retention. To make a long story short, it turns out that the Attorney General was not impressed with its remarkable plans to change the law to extend surveillance on every citizen in Ireland via a ministerial order – sidestepping the need for the Oireachtas to review these changes. Having been rebuffed on this issue, the Department of Justice has now decided to proceed (as it should have done to begin with) via primary legislation.
An improvement for transparency? It would be, if Justice lived up to their past promises to hold an open consultation process. But they haven’t. Their website still claims that the Directive will be transposed via a statutory instrument – notwithstanding the fact that they have prepared a draft Bill which they have been circulating to industry groups. Nor are they willing to show the draft Bill to the public – consultation for Justice appears to mean a secret process controlled by them and excluding citizens.
We’ve contacted Justice for their comments. In the meantime, we think that the public should have the same right to see the draft Bill as industry insiders, so here’s a copy of what we understand is the latest draft: COMMUNICATIONS (RETENTION OF DATA) BILL 2009
* Most home networks are wireless these days, and most of those are unsecured. How can they tie the IP addresses they receive with any particular person?
* Claims for lost income must be based on specific evidence of loss. Why have they never released their basis for calculating the claimed damages?
Under Irish law, copyright is infringed where a person commits certain acts, or authorizes another to do so, without the permission of the copyright owner.
Therefore, the owner of a computer which was used to download illegal songs but who was totally unaware of this, and who did not authorize it, might not be liable for copyright infringement.
This may not be a problem where the relationship between the owner and infringer is one of employer and employee, for example, as liability can generally be attributed to the employer.Where the relationship is that of parent and child, however, novel issues of parental responsibility could arise.
Many thanks to Davin O’Dwyer who has an article in today’s Irish Times setting out our concerns about issues such as fair use, private copying rights, and more:
Whether it’s listening to music on iPods, talking on our mobile phones or surfing the web, most of us have embraced the digital lifestyle. Technology, however, is changing faster than the legislation covering our use of it. So while new technology promises a revolution in the way we consume and interact with different media, it is also giving content providers new ways of controlling our use of the music, movies and information we purchase.
MUSIC The iPod has revolutionised the way we listen to music, but it has also opened a legal minefield. “As it stands in Irish law, it seems to be illegal for you to make a private copy of a CD that you’ve bought, so it’s illegal to copy a CD on to your iPod,” says TJ McIntyre of Digital Rights Ireland. “Needless to say, the music industry would like to be in a position where they sold you the music once on vinyl, once on cassette, once on CD and they’d now like to make you pay for the privilege of listening to it on your iPod.”
In May, the British Phonographic Institute (BPI) recommended that the law be changed to reflect a new reality in which people routinely convert their purchased CDs into MP3s. However, Sean Murtagh of Irma, the Irish equivalent of the BPI, says it has no plans to make a similar recommendation here. …
MOVIES With the advent of video iPods and Sony’s Playstation Portable (PSP) it seems that our DVD collections will eventually join our CD collections in our pockets. However, unlike CDs, DVDs are encrypted to protect the film studios’ copyrights. That is a matter of debate among certain copyright activists – if our CDs are unencrypted, why are our DVDs encrypted? Furthermore, it is illegal to create technology that circumvents copyright-protecting technology. So while copying CDs and putting them on portable players is legal in many countries – though not here – it is impossible to do the same with DVDs.
Movies will have to be purchased in a new format for portable players, even though the technology exists for them to be copied as CDs are. “The beauty of it is that [ the film studios] don’t have to persuade the market,” says McIntyre. “If they can come up with the technology and legislation that prevent fair use, they can ignore the wishes of the consumer.”
TELEVISION In the good old days, you watched something on channel A, you recorded whatever it was you wanted to watch on channel B, and then watched the tape. What’s more, you were legally entitled to do so. But that legal entitlement to fair use is under threat. As the technology moves beyond the VCR to “timeshifting” personal video recorders (PVRs) such as Tivo or Sky+, we should be able to digitally record programmes to a hard drive, skip the ads and move those programmes on to our iPods or PSPs.
However, a “broadcast flag” is being introduced by US networks. Certain programmes would be digitally flagged as, for instance, unrecordable, or watchable only once, or not entitled to be moved to a portable player. “Broadcasters would like to stop via technology what they couldn’t stop by legislation,” says McIntyre. “First they create the technology that stops people doing something [ the broadcast flag], and then they make it illegal for them to circumvent .”
What can we do about these issues? The Consumers’ Group BEUC is running a campaign at a European level, where you can sign a petition to urge MEPs to protect consumers’ rights. We’ll soon be launching an Irish campaign on these issues – watch this space for more.
The High Court yesterday made an order requiring ISPs to hand over details of 49 alleged filesharers to the music industry. After the first such order, in July 2005, we expressed concern about the procedure which had been adopted. When we learnt about this second application, we wrote to the parties asking them to bring these concerns to the attention of the court. Unfortunately, not all of these points were put before the court and the judgment of Mr. Justice Kelly doesn’t address these issues.
A particular problem is that the decision was made without the users being notified of the action or given a chance to make submissions to the court, despite an English authority recommending that this should be done, and contrary to the practice in the US where this must be done before the user is identified.
This sets a worrying precedent. There are many reasons why a person may wish to remain anonymous online – for example, a whistleblower who seeks to expose corruption or safety issues may be intimidated by fear of retaliation. As a US court recently said:
“setting the standard too low will chill potential posters from exercising their First Amendment right to speak anonymously. The possibility of losing anonymity in a future lawsuit could intimidate anonymous posters into self-censoring their comments or simply not commenting at all. A defamation plaintiff, particularly a public figure, obtains a very important form of relief by unmasking the identity of his anonymous critics … After obtaining the identity of an anonymous critic through the compulsory discovery process, a defamation plaintiff who either loses on the merits or fails to pursue a lawsuit is still free to engage in extra-judicial self-help remedies; more bluntly, the plaintiff can simply seek revenge or retribution … Indeed, there is reason to believe that many defamation plaintiffs bring suit merely to unmask the identities of anonymous critics.”
If the user is not given an opportunity to challenge an application to reveal their identity, there is a real risk that such applications might be abused by plaintiffs in future.
Digital Rights Ireland (DRI), a new group aiming to “Protect Civil, Legal and Human Rights in a Digital Age”, was launched on Tuesday 6th December 2005 in Pearse Street Library, Dublin.
Digital Rights Ireland is chaired by UCD Law Lecturer TJ McIntyre and is comprised of academics, journalists and technologists. DRI believes that citizens’ digital rights are being eroded – the rights we expect in the real world are being stripped from us in the online world. Mr. McIntyre said that DRI intends to “inform the public about their digital rights, to educate policy makers on the importance to a knowledge economy of strong protections for those rights and to lobby for law reform in those areas where change is needed.”
IRMA announced, with a media blitz on 15th November, that they intend to send letters to 50 new individuals and companies demanding damages for losses they claim have been caused by these people making files available for download.
We don’t yet know the full details of this, but there are a few issues still outstanding from the last set of such letters, issued by IRMA last April.
A representative of DRI appeared on the Last Word on Today FM, to raise some issues not usually addressed by IRMA. Time was short, so we thought we’d expand a bit on our concerns, for the interested reader.
No Safe Harbour
Firstly, there is the manner in which the individuals’ shared folders on their hard drives were entered and scanned. This was done on IRMA’s behalf by a company called MediaSentry. MediaSentry is a US based company, which does not operate within the ‘safe-harbour’ scheme for Data Protection. This means it has not agreed to handle EU citizens’ data in accordance with the European Data Protection regulations.
Two European countries have now come out against this kind of search of users’ property.
In the Netherlands, in the case of FOR THE PROTECTION OF RIGHTS OF THE ENTERTAINMENT INDUSTRY IN THE NETHERLANDS (BREIN) et al v UPC NEDERLAND B.V., and ors the court found that the use of MediaSentry to scan users’ shared folders and process the results was not in accordance with the provisions of European Data Protection Acts. MediaSentry does not confine its scanning to copyrighted music files, but also scans personal files of the computer owner. They therefore found that the application to the court to force ISPs to identify their users could not be granted, as BREIN and the record labels it represents could not rely on evidence gathered unlawfully.
In France, the Commission Nationale de I’Informatique et Libertes (CNIL) spent October 24th announcing that it would not permit the automated monitoring of users of P2P file sharing systems.
The CNIL concluded such monitoring could lead to
“a massive collection of personal data” and allow “exhaustive and continuous surveillance” of P2P sites “beyond that which was necessary for the fight against piracy”
cf Steptoe & Johnson’s E-Commerce Law Week.
IRMA may have a stateable case to answer, therefore, that the way in which they obtained the identities of the individuals to whom they have written could preclude them from relying on that information in court.
When questioned about this yesterday by Matt Cooper on the Last Word, Dick Doyle of IRMA relied on the fact that they had persuaded a High Court judge to grant them an order, as proof of the legitimacy of their plans.
However, it is possible that this fact is not the strength it may seem. If IRMA were aware of these arguments (through their contacts with other record label representative groups or otherwise), and did not inform the court of them, they may have, in legal terminology, not come to the court with ‘clean hands’.
In particular, as the individuals were not represented in court (being unaware of the matter until they received their letters from IRMA) this privacy issue was not addressed before the court, by any legal argument from the parties. In such cases, there is a particularly heavy onus on the plaintiffs to give full and frank disclosure to the court of all the facts at their disposal.
Proportionality of Damages
The other issue not put to IRMA during their whirlwind tour of the media, was the question of the proportionality of the damages claimed to their losses. They have quoted an average settlement figure of €2,500 from their April wave of demanding letters.
In the courts in Ireland, you can only get compensation for losses you can prove you have sustained. To succeed in the court, IRMA would have to prove that their members – the record labels in Ireland – had lost, from the specific individual before the court, a specific sum. We’ll take the €2,500 figure as an example.
As it is only the record labels who are suing their clients here, we can’t simply take the retail price and divide it in, to find the number of claimed lost CD sales that this represents. They can’t claim for the portion of the money that goes to retailers. Or to the distributors, or manufacturers. They can only claim for the profit on each CD that they can prove was not sold as a direct result of a specific individual making files available for sharing.
To date all IRMA have produced by way of justification for their claims of losses, has been to claim a causal link between the rise in file sharing and the fall in profits. However the record industry is a complicated beast – CDs are now available online from abroad more cheaply than those in the shops. CDWOW, only one such retailer, now has 120,000 registered Irish users and is describing its sales as thriving. The record labels’ international representative body, IFPI, said in July that Top 10 album sales were up 14% last year, after a difficult five-year slump. This in the face of what the industry has admitted to be a continuing rise in file sharing. In addition, there are studies that suggest that the people who download the most music from P2P networks are the most likely to spend a higher proportion of their money buying music.
This is not to say that downloading in breach of copyright is legitimate behaviour. But it does call into question whether IRMA’s claimed losses can be laid at the door of file sharing. And therefore, whether they could legitimately attempt to recoup those losses by way of damages from the individuals they sue. The law is not intended to be used to make up for the failures of a business model in a changing environment.
Have IRMA or the record companies they represent actuarial assessments of loss – something which would be required by a conscientious court, before damages at a certain amount could be awarded? If they have, will they publish those tables so that the criteria they use to assess their losses are made public? This is a public campaign of information and education, as they describe it, after all.
Protection of legal rights should not be done in a capricious manner. And yet IRMA, as they admitted on the Last Word, do not believe that it is lawful for the owner of an iPod or other MP3 player to copy music from their own CDs, bought and paid for, onto their own music machine, bought and paid for.
They say that this is a breach of copyright, and therefore – by their emotive language, used in campaigns this year and for many years before – theft.
However they also say they don’t intend to do anything to enforce their rights to prevent this just now. Why should action against uploaders be a vital priority – no matter who they are – when the larger threat, from their point of view, must be the fact that every MP3 player and iPod is an occasion for wholesale theft of IRMA’s claimed property? Or, conversely, why should owners of MP3 players have the threat of potential legal action hanging over them if they haven’t done anything wrong?
We didn’t get an answer to that one on air.
DRI are in favour of civil, legal and human rights being protected in a digital world. That must extend to the legal rights of copyright holders, as much as individuals. However, perceived breach of a legal right would not excuse responding breaches of the civil right to privacy.
Further, if IRMA’s belief that it is illegal to move your legitimately purchased CDs to your own music player is correct, we believe that the law must be changed