Pulling the plug is not the answer

Earlier this week Eircom announced that it has started “the phased disconnection of file-sharers” on its network – colloquially known as a “three strikes” policy.

The key players in this procedure are Eircom, the Irish Recorded Music Association (IRMA) and technology firm Dtecnet. Under the procedure IRMA will provide Eircom with the IP addresses of machines that Dtecnet claims to have found to be infringing the copyright of its members. This will then trigger a disconnection procedure by Eircom starting with a letter, moving on to temporary suspension of an account, and ending with the disconnection of the account for up to a year.

In Ireland, one must generally have engaged in some form of wrongdoing in order to be punished. It is clear that the disconnection of one’s internet access is quite a severe punishment in today’s digital society.

But one problem with the approach adopted by Eircom is that the wrongdoer and the person who is disconnected may not be the same person.

The evidence used to identify alleged filesharers is unreliable.

Recent studies in the US have shown that copyright holders often act on flimsy evidence – in one case, accusing three laser printers of illegal filesharing. Similarly there is substantial evidence of UK users being wrongfully targeted. This may in part be due to deliberate tactics to sow confusion.

For example, the operators of filesharing site ThePirateBay have confirmed that they insert random IP addresses into the information they provide as to who is sharing what file.

But whatever the reason it is likely that innocent Irish users will face wrongful accusations.

In addition, in the era of wireless technology it is very common for an internet connection to be shared by many members of a household. In fact, Eircom offers wireless routers as part of its broadband bundles. This means that cutting off internet access based on the actions of one user will have a detrimental effect on all the others using the same connection for education, entertainment or business purposes.

If a husband is accused of filesharing, should this have the effect of preventing his children from doing their homework, or his wife from working at home?

It is clear that in the household context, the alleged wrongdoer and the individuals punished are not the same and the impact can be wholly disproportionate.

There’s also a risk that users may be accused based on somebody else piggybacking on their wireless connection. In November 2009 it was revealed that Eircom had negligently supplied insecure wireless modems, affecting up to 250,000 users.

Consequently anyone within the signal range of these users can illegally share files without the account holder’s knowledge – and there is even an app for the iPhone to make this process easier.

Eircom state on their website that they will not disconnect business customers but the effects of these measures on a small business could be catastrophic where they have an ordinary household account (as many do).

Through no fault of their own, a small business might find their internet connectivity withdrawn because of the actions of another family member, a malicious neighbour or even because they happen to be unlucky enough to be assigned the same IP address as one ThePirateBay has randomly inserted into files sharing the latest U2 album. This is worrying in a situation where a person’s livelihood is at stake.

One criticism of the current approach is that it shifts the burden of preventing illegal file sharing onto the ISPs, driving up the cost of broadband for private users and businesses. While this is true, it in fact goes much further than that. This logic of this deal – particularly if it is extended to other ISPs – potentially places a burden onto small businesses such as hotels and coffee shops to police their users’ activity. This will come at a significant cost to these businesses who have limited resources in these hard times.

Quite apart from these criticisms, there are also significant problems of principle. Internet access is today a fundamental right and a necessity – especially as the government moves more public services online – but this system threatens to take away that right based on nothing more than a private agreement between IRMA and Eircom.

In other European countries proposals for similar laws have been the subject of public consultation and debated by national parliaments. Here, however, there has been no legislation and no Government or Oireachtas input of any sort. Indeed the full details of the deal between Eircom and IRMA have never been published. A recently passed European law requires that disconnection of internet users should be subject to “adequate procedural safeguards” and “effective judicial review” – this deal, however, doesn’t appear to provide for either.

Instead, it allows users to be disconnected with no right of appeal to any independent body.

In summary, the Eircom / IRMA deal and the “graduated response” procedure is a worrying development for Irish internet users – one which has been undemocratic in its adoption and is likely to be unreliable in its application.

TJ McIntyre is a Lecturer in the School of Law, UCD and chairman of Digital Rights Ireland

Dr. Richard Tynan is a Postdoctoral Research Fellow in the School of Computer Science and Informatics, UCD

Leave aside for a moment the nonsense of sending this letter to a business – Blacknight - which doesn’t in fact provide internet access. The key words are these:

Eircom has agreed that it will not oppose any application our client may make seeking the blocking of access from their network to the Pirate Bay or similar websites …

Please confirm that Blacknight will also work with the record industry to end the abuse of the internet by peer to peer infringers … in the event of a positive response to this letter it is proposed to make practical arrangements with Blacknight of a like nature to those made with eircom.

In short, as Adrian Weckler puts it:

Irma is drawing up a list of websites it doesn’t like and Eircom will block them to all of its customers. And Irma is demanding that other ISPs do likewise, on pain of being sued.

Eircom says that it will only block a website if a court order requests it to. But it has undertaken not to oppose any application to a court… Our judicial system is an adversarial one: it depends on someone opposing the action for a judge to come to a conclusion. If the opposing party enters no opposition, a basic standard of proof will be enough to satisfy the court.

The net effect of this scheme, if it is allowed to go into effect, will be to impose an internet death penalty on two groups. On users, who will be cut off on the allegation of a private body, with no court involvement, and on websites, which could be blocked to Irish users based on a court hearing where only one side is heard. Damien Mulley makes the point well as usual:

So first they’ll start with the Pirate Bay. Then comes Mininova, IsoHunt, then comes YouTube (they have dodgy stuff, right?), how long before we have Boards.ie because someone quoted a newspaper article or a section of a book? And don’t think they’ll stop there too, any site that links to The Pirate Bay and the others on the hate list will probably be added to the list too…

I’m sure the business case for eircom was they didn’t want any more costly High Court actions with McDowell biting at their legs on the command of the music industry but this is going to open up a can of worms with IRMA demanding more and more attacks on how people surf the net, this is what it is in my view an attack on our freedom to read, our freedom to write, our freedom to move around the web. All so a very rich but rapidly becoming poor group of luddites can feel better for seeing the future and trying to fight it.

And of course the costs of communications with IRMA and of the filtering is going to be passed on to the consumer. The cost of blocking a single site will be almost nothing I suppose but as more sites get added and as the arms race between the pirates and the ISPs escalates, then it’ll become complicated and complicated costs more. So again the majority get to pay…

So what can you do about this? The first step is the most urgent. The other ISPs are at this very moment considering what steps to take. Although some (such as Bitbuzz) have been vocal in their opposition, caving in is the path of least resistance unless you show that this is an issue which matters to you and which determines where you’ll take your business. Contact your ISP – mark your email for the attention of their regulatory department – and let them know what you think. Contact emails for most ISPs are on the ISPAI website. Do it now – the decision on what to do will be made soon.

The next thing to do is to get involved with a group which will fight this. We’re currently working on a few ideas and will let you know soon. But in the meantime you should go to Blackout Ireland who have been quick off the mark with a plan to black out the Irish internet for a week from March 5th. The Digital Rights forum on Boards.ie has also been abuzz with this issue, as has this thread on their Broadband forum.

Having done that, let the Minister for Communications – Eamon Ryan – know the damage that this is likely to cause. Don’t just rely on the civil rights arguments – business impact is more likely to get attention. Point out that if ISPs are forced to become the (unpaid!) copyright cops of the music industry, it will drive up their costs and set a dangerous precedent for other Irish internet businesses. Would you choose to establish an internet start up in Ireland if you thought you’d be made responsible for policing what your users do? Ask him to intervene to prevent irreparable damage to the Irish internet. Eamon Ryan’s email addresses are eamon.ryan@oireachtas.ie and minister@dcenr.gov.ie but a paper letter (Department of Communications, Energy and Natural Resources, 29-31 Adelaide Road, Dublin 2) or fax ((01) 678 2029 or 2039) are more likely to get attention. You can also ring the Minister’s office on (01) 678 9807 – if you do, be polite and succinct. If you’re a constituent of his (in Dublin South) be sure to mention that fact and that this issue will influence how you vote in the next election.

An improvement for transparency? It would be, if Justice lived up to their past promises to hold an open consultation process. But they haven’t. Their website still claims that the Directive will be transposed via a statutory instrument – notwithstanding the fact that they have prepared a draft Bill which they have been circulating to industry groups. Nor are they willing to show the draft Bill to the public – consultation for Justice appears to mean a secret process controlled by them and excluding citizens.

We’ve contacted Justice for their comments. In the meantime, we think that the public should have the same right to see the draft Bill as industry insiders, so here’s a copy of what we understand is the latest draft:
COMMUNICATIONS (RETENTION OF DATA) BILL 2009

As usual, we can’t condone illegal filesharing (though we should point out that this is just one of many uses of the technology). But there are still unresolved issues about this litigation.

We’ve already pointed out that the procedure used to obtain user identities is unfair and the tactics which have been used by the record industry have been found to be illegal in other jurisdictions. Also, the approach taken by the music industry raises concerns about the proportionality of the damages they seek and the reliability of their evidence:

* Most home networks are wireless these days, and most of those are unsecured. How can they tie the IP addresses they receive with any particular person?
* Claims for lost income must be based on specific evidence of loss. Why have they never released their basis for calculating the claimed damages?

IRMA may also have undermined their action by saying that “many young people were involved in file sharing probably unbeknownst to their parents“. As Philip Nolan has pointed out in the Irish Times a parent is not automatically liable for the wrongdoing of their children:

Under Irish law, copyright is infringed where a person commits certain acts, or authorizes another to do so, without the permission of the copyright owner.
Therefore, the owner of a computer which was used to download illegal songs but who was totally unaware of this, and who did not authorize it, might not be liable for copyright infringement.
This may not be a problem where the relationship between the owner and infringer is one of employer and employee, for example, as liability can generally be attributed to the employer.Where the relationship is that of parent and child, however, novel issues of parental responsibility could arise.

As before DRI support copyright holders’ efforts to protect and assert their rights. However the way in which IRMA has done so still leaves a number of questions unanswered.

If you are contacted by IRMA, we would be happy to talk to you. Contact us through any of these channels.

Whether it’s listening to music on iPods, talking on our mobile phones or surfing the web, most of us have embraced the digital lifestyle. Technology, however, is changing faster than the legislation covering our use of it. So while new technology promises a revolution in the way we consume and interact with different media, it is also giving content providers new ways of controlling our use of the music, movies and information we purchase.
…

MUSIC The iPod has revolutionised the way we listen to music, but it has also opened a legal minefield. “As it stands in Irish law, it seems to be illegal for you to make a private copy of a CD that you’ve bought, so it’s illegal to copy a CD on to your iPod,” says TJ McIntyre of Digital Rights Ireland. “Needless to say, the music industry would like to be in a position where they sold you the music once on vinyl, once on cassette, once on CD and they’d now like to make you pay for the privilege of listening to it on your iPod.”

In May, the British Phonographic Institute (BPI) recommended that the law be changed to reflect a new reality in which people routinely convert their purchased CDs into MP3s. However, Sean Murtagh of Irma, the Irish equivalent of the BPI, says it has no plans to make a similar recommendation here. …

MOVIES With the advent of video iPods and Sony’s Playstation Portable (PSP) it seems that our DVD collections will eventually join our CD collections in our pockets. However, unlike CDs, DVDs are encrypted to protect the film studios’ copyrights. That is a matter of debate among certain copyright activists – if our CDs are unencrypted, why are our DVDs encrypted? Furthermore, it is illegal to create technology that circumvents copyright-protecting technology. So while copying CDs and putting them on portable players is legal in many countries – though not here – it is impossible to do the same with DVDs.

Movies will have to be purchased in a new format for portable players, even though the technology exists for them to be copied as CDs are. “The beauty of it is that [ the film studios] don’t have to persuade the market,” says McIntyre. “If they can come up with the technology and legislation that prevent fair use, they can ignore the wishes of the consumer.”

TELEVISION In the good old days, you watched something on channel A, you recorded whatever it was you wanted to watch on channel B, and then watched the tape. What’s more, you were legally entitled to do so. But that legal entitlement to fair use is under threat. As the technology moves beyond the VCR to “timeshifting” personal video recorders (PVRs) such as Tivo or Sky+, we should be able to digitally record programmes to a hard drive, skip the ads and move those programmes on to our iPods or PSPs.

However, a “broadcast flag” is being introduced by US networks. Certain programmes would be digitally flagged as, for instance, unrecordable, or watchable only once, or not entitled to be moved to a portable player. “Broadcasters would like to stop via technology what they couldn’t stop by legislation,” says McIntyre. “First they create the technology that stops people doing something [ the broadcast flag], and then they make it illegal for them to circumvent .”

What can we do about these issues? The Consumers’ Group BEUC is running a campaign at a European level, where you can sign a petition to urge MEPs to protect consumers’ rights. We’ll soon be launching an Irish campaign on these issues – watch this space for more.

A particular problem is that the decision was made without the users being notified of the action or given a chance to make submissions to the court, despite an English authority recommending that this should be done, and contrary to the practice in the US where this must be done before the user is identified.

This sets a worrying precedent. There are many reasons why a person may wish to remain anonymous online – for example, a whistleblower who seeks to expose corruption or safety issues may be intimidated by fear of retaliation. As a US court recently said:

“setting the standard too low will chill potential posters from exercising their First Amendment right to speak anonymously. The possibility of losing anonymity in a future lawsuit could intimidate anonymous posters into self-censoring their comments or simply not commenting at all. A defamation plaintiff, particularly a public figure, obtains a very important form of relief by unmasking the identity of his anonymous critics … After obtaining the identity of an anonymous critic through the compulsory discovery process, a defamation plaintiff who either loses on the merits or fails to pursue a lawsuit is still free to engage in extra-judicial self-help remedies; more bluntly, the plaintiff can simply seek revenge or retribution … Indeed, there is reason to believe that many defamation plaintiffs bring suit merely to unmask the identities of anonymous critics.”

If the user is not given an opportunity to challenge an application to reveal their identity, there is a real risk that such applications might be abused by plaintiffs in future.

A full account of the hearing follows:

Justice Kelly was delivering his judgement in a motion by EMI Records (Ireland) Limited, Sony BMG Music Entertainment (IRL) Ltd, Universal Music Ireland Limited, and Warner Music Ireland Limited to compel Eircom Limited, BT Communications Ireland Limited and Irish Broadband Internet Services Limited to divulge the identity of 49 of their subscribers whose IP addresses had been recorded at particular times and dates.

Counsel for the Plaintiff, Johnathan Newman BL outlined the case for granting the court order. He took the court through the thread of the detective work completed on behalf of the record companies, describing how IP numbers can be traced back to particular ISPs, how such numbers can be obtained in relation to people using peer to peer services who are making files on a shared folder available to others. They estimated that there were 6 million users at any time on the networks being dealt with in court which were the Fasttrack and Gnuttela networks.

Counsel said that a company, MediaSentry Inc were engaged to investigate these matters on behalf of the copyright holders of audio files. They identified recordings, to which their clients believed they held the copyright. MediaSentry then downloaded sample tracks from users over the peer to peer network. By watching the transmission of data packets they identified which user’s IP numbers were originating in Ireland. Where they did so originate, a snapshot of the full contents of the shared folders were recorded. Of the persons whose details were being sought in court, the least number of copyright infringing files made available was 501. The greatest number was approximately 5000. The Judge noted that one address appeared so often it was “almost an industry”.

Counsel continued, drawing the courts attention to the need to balance Data Protection Acts’ rights to privacy with the rights of property owners. He outlined that Mr. Kavanagh, Managing Director of EMI Records (Ireland) Limited on Affidavit swore that he felt that publicity measures by ISPs regarding the illegality of filesharing were not likely to succeed.

Following the judgement granted in July 2005, there was a significant drop around that time of use of peer to peer services. However use had now risen again. The Plaintiffs acknowledged that the Defendants in this case, the ISPs, had been “innocently embroiled” in the matter.

Counsel continued that this copyright infringement was contrary to S140 of the Copyright and Related Rights Act 2000. Mr Justice Kelly asked if this was also a criminal offence. Plaintiff Counsel responded that “off the top of my head, yes”.

Counsel went on to outline the evidence gathered by MediaSentry- 29 of the 49 users had files whose copyright was owned by Warner Music downloaded by Media Sentry. All of those being sought had files listed in their shared drives from Warner Music. 15 people had files whose copyright was owned by Universal music downloaded. All 49 had files listed in their shared drives from Universal music. 29 of the 49 users had files downloaded whose copyright was owned by Sony Music and all of them had files listed in their shared folder from Sony Music.

Counsel for the Plaintiff continued saying that there had been no subsequent Irish decision in this area since the Court had made its ruling in July 2005. The Court asked if there were any other “Common Law authorities”. Plaintiff Counsel said that there were none.

Plaintiff Counsel then summed up the legal position for the court:

The jurisdiction of the Court was to be exercised sparingly in this area. That the Common Law case law indicated that the Plaintiff should have established the wrong, prima facia, but can’t institute proceedings as they can’t identify the wrongdoers. The court must be satisfied on the evidence provided. The court was directed on the last occation to the Data Protection Acts- there was a need for a balance between property and privacy rights and counsel said, the level of infringement here sets property rights at nought.

Counsel said that while it was not certain that the holder of the IP address computer was the wrongdoer, the Plaintiffs should be given the opportunity to challenge the person and decide whether proceedings are permitted against them.

Plaintiff Counsel then ended their submissions.

Counsel for Eircom Limited pointed out that 42 of the 49 persons whose identities was sought were with Eircom Limited. They were neither consenting nor objecting to the application.
Eircom Counsel submitted that that the court ought to have consideration of the amount of music being downloaded and the timeframe within which it takes place ie whether it was serial rather than occational. In addition, Counsel pointed out that the copyright infringer is the owner of the IP address.

Counsel for BT Communications Ireland Limited and Irish Broadband Internet Services Limited, Cian Ferriter BL, outlined his latter client’s position, as they had not been named in the earlier, July, court case. They did not condone unlawful use of their services. Clause 18 of their Terms and Conditions of Use forbid unlawful use of this kind.

Irish Broadband couldn’t monitor usage. They had been caught up innocently in the matter. His clients did not want a perception that they had lost a court case to be given out if the court ordered that they should hand over their subscribers details. He stated that they were precluded from handing this information voluntarily as, per previous judgements, they have duty under Data Protection legislation to their subscribers.

Counsel then informed the court that solicitor for his clients had received a letter from solicitors for Digital Rights Ireland Limited, a public interest group. This letter made reference to a Dutch authority in a similar case where the motion sought by the copyright holders had been declined. Counsel said he merely flagged this case for the Court, as he said that he was not making the arguments used in that case. However, it was a live issue across Europe.

Counsel for the Plaintiffs responded that his clients had also received a letter from Digital Rights Ireland Limited’s solicitors. He stated that given the scale of the issue, litigation was being conducted in many countries and the courts there were applying the Data Protection legislation as they find it.

Giving his judgement in favour of the Plaintiffs’ application, Mr. Justice Peter Kelly stated that the kind of actions at issue in this case were “A modern form of thieving.” He also clarified that the undertakings by the Plaintiffs to ensure that the information gleaned from the order is only to be used for the purposes it is given for specifically left it open to the Plaintiffs to allow the information to be passed on to the criminal prosecution authorities, and that “perhaps you ought”.

Eircom Limited were given 3 weeks to produce the user names and addresses, while the 2nd and 3rd named defendants were given 7 days. The Plaintiffs accepted they should pay the reasonable costs of the defendants, who were innocent parties in the matter, including the reasonable costs of the extraction of the required information.

Digital Rights Ireland is chaired by UCD Law Lecturer TJ McIntyre and is comprised of academics, journalists and technologists. DRI believes that citizens’ digital rights are being eroded – the rights we expect in the real world are being stripped from us in the online world. Mr. McIntyre said that DRI intends to “inform the public about their digital rights, to educate policy makers on the importance to a knowledge economy of strong protections for those rights and to lobby for law reform in those areas where change is needed.” Aishling Reddy, Director of the Irish Council for Civil Liberties welcomed the new group; “The ICCL has long recognised the need for advocacy of human rights as they pertain in the computer sphere. We are glad that a specialised group, focused on the specific issues which arise in relation to digital technology, has formed to take on this work. We congratulate them on their launch and look forward to working in co-operation with them in the future.”

With members in a range of specialised legal and technical areas, Digital Rights Ireland will act as a focal point for policy makers who wish to gauge the impact of their regulation in this complicated, and sometimes esoteric, area. In addition, the group aims to provide an informed position on issues in the digital rights field, free from any commercial or political bias. Current areas of concern include data retention, rights to privacy/data protection, helping people to fight spam, and intellectual property issues. Commenting on the launch, respected academic Dr. Gus Hosein (Visiting Fellow in Information Systems at the London School of Economics, Senior Fellow of Privacy International) said “Now is more important than ever for non-governmental organisations to offer expertise in these important areas. In countries where such organisations exist the laws that are passed are always less invasive, draconian and burdensome. Ireland needs this organisation now more than ever.”

Digital Rights Ireland also aims to inform Irish citizens of their rights, and how to exercise them. To that end, pamphlets and research material on areas such as SMS spam and the Data Protection & Freedom of Information Acts have been produced. Pamphlets on othjer matters such as libel liability from online speech will follow. All are freely available for download on www.digitalrights.ie.

At the launch, Mr. McIntyre described DRI’s concerns regarding the government’s data retention laws. Under current Irish law, citizens’ electronic communications data must be retained for 3 years. This includes the physical location of every mobile phone in the country, and the numbers dialled from every mobile and land line. It may be accessed, without a court order or specific ministerial order, by the Gardai. This access need not be in response to any crime. If the Gardai are satisfied that it might be useful in the prevention of a crime (not limited to serious crime), it is permissible.

The Irish Government was one of four countries seeking to have this requirement extended across the EU, and broadened to include online activities. This would require Internet Services Providers to log every email sent and every web page visited. This was agreed at a meeting of EU Justice Ministers last week – although Minister McDowell has since threatened to sue the EU if the plan to have the position endorsed by the European Parliament goes ahead.

Digital Rights Ireland aims to keep Irish people informed about these issues, to defend their right to privacy from unwarranted infringement and to ensure that all legislation proposed and passed is in line with European and Irish Human Rights Law. To this end, DRI has already highlighted a gap in Irish protection for communications privacy. Twenty years after the Kennedy v AG case, where the then Minister for Justice, Sean Doherty was forced to resign after it emerged that he had tapped journalists’ phones, there is still no law to prevent the State, and the Gardai, from reading the contents of personal emails. Popular services, such as Hotmail and Gmail lie in a legal limbo – something Digital Rights Ireland has suggested ought to be addressed.

The Irish Recorded Music Association (IRMA) is currently seeking to sue individuals they say they have identified as having uploaded music onto file-sharing networks. DRI are in favour of civil, legal and human rights being protected in a digital world and that this protection must extend to the legal rights of copyright holders, as much as individuals. However, protection of copyright cannot come at the expense of the civil right to privacy. The speakers outlined their legal concerns about IRMA’s case and the scale of the settlements they are reported to have received to date.

IRMA has also publicly stated that it believes that it is illegal to transfer lawfully acquired music from a (legally bought) CD to a (legally bought) iPod or MP3 player. DRI believes that the law in this area needs to be clarified – and if such activities are illegal, that the law needs to be changed.

Grassroots digital rights groups in other countries have warmly welcomed the launch of Digital Rights Ireland, reflecting both Ireland’s important position in the hi-tech industries and our long history of promoting human rights. “The launch of Digital Rights Ireland couldn’t come at a better time. All Europeans’ online civil liberties are coming under pressure from both commercial interests and heavy-handed government interference, and it is essential that we speak out against the poor legislation and abuses of power that are becoming all too commonplace. I have no doubt that DRI will make great allies, and I look forward to working with them in the fight to protect digital rights.” said Suw Charman, Executive Director of UK’s Open Rights Group.

Shari Steele, Executive Director and President of the US Electronic Frontier Foundation (EFF) has also said that “Ireland has a fine tradition of standing up for freedom as well as adopting and developing the latest technology. We’re delighted that such a key global player now has its own voice for liberty in a digital world. We look forward to working with DRI on mutual issues that will concern us all.”

END

About:

Digital Rights Ireland is committed to protecting Civil, Legal and Human Rights in a Digital Age. It is chaired by UCD Law Lecturer TJ McIntyre and its members include academics, journalists and technologists. DRI is a contact point for policy makers who wish to gauge the impact of their regulation in this complicated, and sometimes technical, area. In addition, it provides an informed position on issues in the digital rights field, free from any commercial or political bias.

Contact details:
Email: contact@digitalrights.ie
Web: www.digitalrights.ie

We don’t yet know the full details of this, but there are a few issues still outstanding from the last set of such letters, issued by IRMA last April.

A representative of DRI appeared on the Last Word on Today FM, to raise some issues not usually addressed by IRMA. Time was short, so we thought we’d expand a bit on our concerns, for the interested reader.

No Safe Harbour
Firstly, there is the manner in which the individuals’ shared folders on their hard drives were entered and scanned. This was done on IRMA’s behalf by a company called MediaSentry. MediaSentry is a US based company, which does not operate within the ‘safe-harbour’ scheme for Data Protection. This means it has not agreed to handle EU citizens’ data in accordance with the European Data Protection regulations.

Two European countries have now come out against this kind of search of users’ property.

In the Netherlands, in the case of FOR THE PROTECTION OF RIGHTS OF THE ENTERTAINMENT INDUSTRY IN THE NETHERLANDS (BREIN) et al v UPC NEDERLAND B.V., and ors the court found that the use of MediaSentry to scan users’ shared folders and process the results was not in accordance with the provisions of European Data Protection Acts. MediaSentry does not confine its scanning to copyrighted music files, but also scans personal files of the computer owner. They therefore found that the application to the court to force ISPs to identify their users could not be granted, as BREIN and the record labels it represents could not rely on evidence gathered unlawfully.

In France, the Commission Nationale de I’Informatique et Libertes (CNIL) spent October 24th announcing that it would not permit the automated monitoring of users of P2P file sharing systems.
The CNIL concluded such monitoring could lead to

“a massive collection of personal data” and allow “exhaustive and continuous surveillance” of P2P sites “beyond that which was necessary for the fight against piracy”

cf Steptoe & Johnson’s E-Commerce Law Week.

IRMA may have a stateable case to answer, therefore, that the way in which they obtained the identities of the individuals to whom they have written could preclude them from relying on that information in court.

When questioned about this yesterday by Matt Cooper on the Last Word, Dick Doyle of IRMA relied on the fact that they had persuaded a High Court judge to grant them an order, as proof of the legitimacy of their plans.

However, it is possible that this fact is not the strength it may seem. If IRMA were aware of these arguments (through their contacts with other record label representative groups or otherwise), and did not inform the court of them, they may have, in legal terminology, not come to the court with ‘clean hands’.

In particular, as the individuals were not represented in court (being unaware of the matter until they received their letters from IRMA) this privacy issue was not addressed before the court, by any legal argument from the parties. In such cases, there is a particularly heavy onus on the plaintiffs to give full and frank disclosure to the court of all the facts at their disposal.

Proportionality of Damages
The other issue not put to IRMA during their whirlwind tour of the media, was the question of the proportionality of the damages claimed to their losses. They have quoted an average settlement figure of €2,500 from their April wave of demanding letters.

In the courts in Ireland, you can only get compensation for losses you can prove you have sustained. To succeed in the court, IRMA would have to prove that their members – the record labels in Ireland – had lost, from the specific individual before the court, a specific sum. We’ll take the €2,500 figure as an example.

As it is only the record labels who are suing their clients here, we can’t simply take the retail price and divide it in, to find the number of claimed lost CD sales that this represents. They can’t claim for the portion of the money that goes to retailers. Or to the distributors, or manufacturers. They can only claim for the profit on each CD that they can prove was not sold as a direct result of a specific individual making files available for sharing.

To date all IRMA have produced by way of justification for their claims of losses, has been to claim a causal link between the rise in file sharing and the fall in profits. However the record industry is a complicated beast – CDs are now available online from abroad more cheaply than those in the shops. CDWOW, only one such retailer, now has 120,000 registered Irish users and is describing its sales as thriving. The record labels’ international representative body, IFPI, said in July that Top 10 album sales were up 14% last year, after a difficult five-year slump. This in the face of what the industry has admitted to be a continuing rise in file sharing. In addition, there are studies that suggest that the people who download the most music from P2P networks are the most likely to spend a higher proportion of their money buying music.

This is not to say that downloading in breach of copyright is legitimate behaviour. But it does call into question whether IRMA’s claimed losses can be laid at the door of file sharing. And therefore, whether they could legitimately attempt to recoup those losses by way of damages from the individuals they sue. The law is not intended to be used to make up for the failures of a business model in a changing environment.

Have IRMA or the record companies they represent actuarial assessments of loss – something which would be required by a conscientious court, before damages at a certain amount could be awarded? If they have, will they publish those tables so that the criteria they use to assess their losses are made public? This is a public campaign of information and education, as they describe it, after all.

Arbitrary Action
Protection of legal rights should not be done in a capricious manner. And yet IRMA, as they admitted on the Last Word, do not believe that it is lawful for the owner of an iPod or other MP3 player to copy music from their own CDs, bought and paid for, onto their own music machine, bought and paid for.

They say that this is a breach of copyright, and therefore – by their emotive language, used in campaigns this year and for many years before – theft.

However they also say they don’t intend to do anything to enforce their rights to prevent this just now. Why should action against uploaders be a vital priority – no matter who they are – when the larger threat, from their point of view, must be the fact that every MP3 player and iPod is an occasion for wholesale theft of IRMA’s claimed property? Or, conversely, why should owners of MP3 players have the threat of potential legal action hanging over them if they haven’t done anything wrong?

We didn’t get an answer to that one on air.

DRI are in favour of civil, legal and human rights being protected in a digital world. That must extend to the legal rights of copyright holders, as much as individuals. However, perceived breach of a legal right would not excuse responding breaches of the civil right to privacy.

Further, if IRMA’s belief that it is illegal to move your legitimately purchased CDs to your own music player is correct, we believe that the law must be changed