James Boyle is the William Neal Reynolds Professor of Law at Duke University, North Carolina. His talk on ‘The Incredible Shrinking Public Domain’ was a keynote event at this year’s ORGCon, and his book ‘The Public Domain, Enclosing the Commons of the Mind’ is required reading for anybody interested in copyright law.
In this video James speaks to Open Rights Group volunteer Nitya Rajan about the importance of the public domain, and why it should be treated with care and respect.
Yesterday, Florian and I met with BIS officials to discuss Ofcom’s draft ‘Initial Obligations Code’. As you’ll remember, we had a number of serious concerns about Ofcom’s code, including:
ORG agreed to send BIS a short note outlining our top level concerns. Our overall view – and that of Consumer Focus – was that consulting on a substantially damaged code doesn’t really amount to proper consultation. We’re simply acting as proof-readers for Ofcom’s lawyers.
We discussed evidential methods in some detail. Our concerns are that the methods and standards of evidence are not defined in the Code, but Ofcom will argue to BIS that their Quality Assurance scheme does enough.
Ofcom’s current approach leaves some glaring questions: not least whether the methods and standards are set out publicly, or if rights holders would claim “commercial confidentiality”. We will come back to these questions on this blog at a later date.
BIS were able to give us some information about likely dates. Everything is falling behind schedule. The cost consultation will result in a ‘Statutory Instrument’ which will decide what portion of the scheme is paid by ISPs (ie, ends up on consumers’ bills) and whether Appellants will have to pay. We should have a public response by the end of this month. We won’t. This is holding Ofcom’s work in turn.
Additionally, the fact that TalkTalk and BT remain angry and opposed to the Bill’s implementation, and are contesting it via Judicial Review in the High Court, means that Ofcom cannot properly proceed with their work to get the Code implemented.
Government timetables are never quite as easy as they might seem, but these very tight deadlines, mandated by an Act that did not get proper scrutiny, are continuing to cause error and uncertainty, and failing to give proper reassurance about the effect on our fundamental rights.
In the words of the Prime Minister David Cameron, “getting online can help people save money, find a job, access services in a way that works for them, and make connections with each other and with their community.”1 As we have seen, the Digital Economy Act threatens these activities, possibly disconnecting families. On a global level, governments have been working on a major new agreement (ACTA) to regulate "counterfeit goods", such as fake handbags and drugs or commercial-scale illegally copied DVDs, which has been extended to cover the Internet and much else.
What is ACTA?
ACTA is the Anti-Counterfeiting Trade Agreement, which is currently being negotiated, largely in secret, between the United States, the EU and 9 other countries.2 This draft agreement seeks to regulate a wide range of copyright, patents and trademark issues, including, most controversially, providing for additional regulation of the Internet. There have been a number of leaks (here, here, here and here) and the European Commission published an official draft text on 22 April.
ACTA is a covert attempt, at the global level, to further reduce the public interest element in copyright, patents and trademarks, in the balance between the rights of creators, users, and the public at large, without proper debate and scrutiny in each nation state. The current form of ACTA is a threat to future innovation and freedom of citizens. ACTA is primarily driven by the US and the EU. Developing countries such as India and Brazil have been shut out of the process from the start.
This agreement has been developed primarily by the EU and USA and has little substantive democratic oversight. The supporters of ACTA are the governments of key developed countries and bodies such as the RIAA (Recording Industry Association of America). It is further outrageous that ACTA is not being negotiated as part of the WIPO or the WTO, where similar treaties were negotiated. One or two developing nations close to US trade policy, such as Mexico and Saudi Arabia, are also part of the negotiations.
How does ACTA fit in with international trade?
ACTA seeks to create an agreement between nations with a strong interest in high protection for intellectual property. They will then seek new partners to agree to these strong protections, who will be unable to influence the Treaty. The USA in particular has had a strategy of creating very strong protection for its goods through 'bilateral agreements' whereby they open up their lucrative markets to developing nations, in return for signing specific agreements. These tactics are likely to be used to 'encourage' developing nations to sign up to ACTA.
This is why the lack of involvement from a wide range of nations is so concerning. From the outside, it seems like a deliberate attempt to create a strong enforcement regime that is ill-suited to developing nations, largely in order to export the model through future trade negotiations.
International agreements on Intellectual Property have been increasingly made through the United Nations, and WIPO (Word Intellectual Property Office), resulting in treaties such as TRIPs, which have sought to balance rights of users as well as owners. These treaties often also recognise that strong IP protections are not always appropriate for small nations, whose law enforcement priorities may be, for instance, in tackling corruption or trade in drugs or armaments, rather than strictly enforcing the trade in jeans and hand bags.
ACTA is an audacious attempt at globalising some of the worst elements of the (UK) Digital Economy Act 2010 with additional bells on. Such has been the secrecy and unnecessary nature of ACTA that all EU citizens have been short changed both on their right to access relevant ACTA documents, but also the right to good administration.
What is wrong with ACTA?
(i) New enforcement duties and costs to ISPs and their customers
There are many problems with ACTA. In the context of the Internet, under Section 4 of the draft text ISPs may be forced to remove material, which they believe (rightly or wrongly) makes use of protected material, regardless of whether any actual infringement is occurring. In order to protect themselves from liability, ISPs may have to resort to technical measures such as bandwidth throttling, data monitoring and indeed “3-strikes”. The fact that those measures are not explicitly referred to in the ACTA text is irrelevant as ISPs may feel that they are the only tools they have to ensure compliance with the law. Thus, our freedom of expression and possibly our privacy in the online environment would be considerably curtailed.
(ii) Internationalising legal protections for DRM
ACTA also contains provisions on “anti-circumvention” of digital locks (DRM and 'technical protection mechanisms'). These are notorious for preventing users from exercising basic rights, such as making back up copies, format shifting for private use, and quotation for criticism and review. These provisions could globalise the worst aspects of EU and US law, without the appropriate balancing provisions in favour of users and the public interest at large.
(iii) Punitive procedures: guilty until proven otherwise?
There is also an attempt to replace judicial procedures with “administrative” procedures for the determination of, for example copyright infringement. This would avoid the scrutiny and requirements of appropriate evidence and proper contestation. European citizens deserve the right to be heard in court if they are accused of infringement. Fair due process must be guaranteed.
It is entirely inappropriate that the draft ACTA text criminalises infringement (ACTA Section 3). IP rights are typically regarded as a matter of civil law. Moreover, we find the sections on preventing “imminent infringement” to be unacceptable. Whether infringement has taken place is often a finely balanced consideration; there are also the many defences and exceptions to infringement and public interest issues to be considered. These ACTA provisions are oppressive and contrary to freedom of expression and contrary to the public good.
In addition we are concerned that provisions on damages that can be awarded if infringement is proven are also entirely disproportionate and not based on actual damage done to the rights holder.
(iv) Access to medicines and GMOs
Another issue of significant concern has been the threat to legitimate generic medicines. As patents are national, goods under patent in the country of manufacture and the destination country may be illicit in one or more country they pass through. ACTA could force those countries to seize these medicines in transit. Currently, it seems that patents have been dropped from the “Border Measures” chapter (Section 2 in the ACTA draft), however trademarks are still included and the EU has stopped some medicines under this provision.
The impact on GM seeds and goods covered by patents has also not been fully examined, but could be concerning.
Can we read the ACTA agreement?
The current draft of the treaty was not published officially, but was leaked in July. The EU Parliament forced the negotiators to open the treaty, but after this last round in Lucerne in June, MEPs were only allowed to view the text if they agreed not to share the contents with the citizens they represent. This led to Pirate MEP Christian Engström to refuse to examine the text.
What happens next?
The intention appears to be to complete the Treaty as quickly as possible, no doubt because opposition is mounting. Rounds of negotiations were taking place every 6 months, but two new rounds are scheduled, in Washington DC and Japan. The UK's official position seems to be that any final treaty will not create new changes to UK law - but academics disagree. Meanwhile, the EU Parliament seems likely to signal their opposition again, as they are a handful of signatures short of passing a Written Declaration (W12/2010).
What can I do?
Write to your MEP and ask them to sign Written Declaration 12/2010.
Join the ACTA Facebook group.
Blog about it, and spread the word.
The Advisory Council is a group of experts that help form our policy and direct our campaigning work. By offering support on technical and political developments, they help our staff and volunteers navigate the difficult questions of law and tactics that we face every day.
We refresh the council once a year via an open recruitment process, as part of which we ask our supporters to suggest who should help us form policy. This year in particular we want to strengthen this core network by adding the following skills and expertise:
On the 24th of July I was lucky enough to host a workshop event at ORGCon on the question of medical privacy. Of all the data that is held about us our medical record has the potential to be the most sensitive. Yet recent news stories have shown that levels of security in the Summary Care Record, to take one example, are not anywhere close to acceptable.
In my day job I'm a scientist and an academic. I like to run experiments - it's my MO for understanding the world. When ORG offered me the chance to run this workshop, my first though was to run a little (speculative and poorly controlled) social experiment. Could I split the room into groups and have each group draw up a list of principles for medical record privacy? And if I did, would there be a set of principles that were proposed several groups independently of one another? I had been worried that the topic of medical privacy wouldn't capture many people's imaginations or interest, that we wouldn't have enough people to make one group let alone several, but I was gratifyingly wrong. Our room was full of enthusiastic and intelligent people, several of whom had experience of the issue either as patient advocates or health care professionals.
We were very well supported by the volunteer facilitators, who I would like to express my sincere gratitude to: Helen Wilkinson-Makey at The Big Opt Out Campaign, Chrysanthi Papoutsi of the Oxford Internet Institute, Ross Anderson of the University of Cambridge Computer Laboratory, and Phil Booth of No2ID.
Quite a lot of common ground emerged from the discussions. Almost all the groups (5 out of 6) volunteered a statement along the lines of œpatients should have the right to see who was accessing their record. Two groups mentioned that such audit trail data might also be sensitive and would also need to be appropriately safeguarded.
Four groups mentioned their concerns about research uses. Principles suggested included that there should be a right for patients to opt-out of (or to explicitly consent to) secondary uses of their data. All four groups stressed the importance of data being properly anonymised.
Three groups mentioned the need for effective sanctions when medical records are found to have been misused.
Two groups mentioned the need to not transfer data to countries with weaker data protection regimes.
Two groups mentioned the importance of being allowed to opt out of an electronic medical record scheme at any time and to ask that information already collected is no longer shared.
Two groups mentioned that patients should have the right to see their medical record (this is already possible, to some extent, by using Healthspace.)
Two groups mentioned that users should have absolute control over who sees their record and should consent to each use.
In the short time we had it was apparent we could have started to argue out a set of principles between us. Some of the principles suggested may be more contentious or more difficult to put in place than others but I think that they are all deserving of consideration. As well as arguing against specific systems, piecemeal, it strikes me that our case will be more easily made if we have a set of privacy principles - a sort of statement of digital rights for medical privacy - that we expect those who hold our medical records to adhere to.
You can now watch the videos from all of the ORGCon keynotes and most of the ORGCon panel discussions. Enjoy! Thanks to Rich and everyone else who helped out to produce these.
[ORGCon] James Boyle: The Incredible Shrinking Public Domain from Open Rights Group on Vimeo.
[ORGCon] Thriving in the real digital economy from Open Rights Group on Vimeo.
[ORGCon] Digital Economy Act: what's next? from Open Rights Group on Vimeo.
[ORGCON] ACTA: a shady business from Open Rights Group on Vimeo.
[ORGCON] Reforming Privacy Laws from Open Rights Group on Vimeo.
[ORGcon] Theft! A History of Music from Open Rights Group on Vimeo.
The Open Rights Group campaigns when digital technology’s power to transform society - to bring greater democracy, transparency and new creative possibilities - comes under attack. Our issues and work are becoming more relevant to more people as technology becomes central to their lives. To reach out to as wide an audience as possible and build networks between all those interested in similar issues, no matter what part of the world they are based in, we're lauching a new project.
To meet this need, the Open Rights Group is launching a new project: through the publication of high-quality, journalistic content, we hope to provide a place where all interested parties can come to learn about the current, global state of affairs, follow their development, and begin to understand how they were arrived at. We also hope that this project might provide a place where the disparate but related activist groups from throughout the world can discuss trends and events, as well as promote involvement in each other’s campaigns, helping to develop a greater sense of community. (This document defines in more detail what we hopeORGZine will become).
If this sounds like something you would like to get involved with, sign up to our mailing list and say hi - there is plenty of work to be done, so expect to be pointed in the direction of some work straight away!
Last week we asked activists to tell Ofcom that the their draft code is missing vital standards of evidence and limits our right to appeal. The message was clear: the consultation is broken and Ofcom needs to start over.
By the deadline, five o'clock last Friday, Ofcom received 1,464 responses to the consultation on the filesharing code setting out the letter writing process for alleged copyright infringers. A big thank you to everyone who took action.
In addition, activists sent more than 1,100 emails to MPs voicing concerns about the non-compliance with the Act and asking them to raise the issues with the Minister responsible. That is important because MPs need to be confident that the code complies with the Act when they debate it again in Parliament later this year.
Ofcom's “initial obligations code” threatens civil liberties because it can put innocent people and their families in danger of being wrongly accused of illegal filesharing. Only a week ago London based law firm Gallant Macmillan caused a storm of complaints as they wrongfully accused people of downloading songs by the Ministry of Sound.
There are severe problems which we highlighted in our response.
For example, the Act requires Ofcom to set standards of evidence in Section 7/124E(2), but Ofcom instead leaves it to the copyright owners to set up a “Quality Assurance” scheme. This process does not specify the means of obtaining the evidence or the standard of evidence.
Ofcom is also obliged to set criteria for the identification of subscribers (Section 7/124E(3) of the Act). Again, they put the ISPs in charge which increases the chances of error.
The contents of the notification letter itself is another area of concern. Subscriber should receive standardised information so that they get the correct information and are clear about their rights to appeal. Ofcom, however, fails to demand this standardisation from ISPs.
Last but not least the appeals process is badly damaged and restrictive.
What can you do now?
Ofcom is due to publish a statement on the code some time in September. We are also waiting for a court date for the judicial review BT and Talk Talk have launched.
In the meantime, sign our petition against disconnection and web blocking.
Ask your MP to push for repeal of Sections 11-18 of the DEA.
Who are we?
ORG-students was set up in the melting pot of tech activism that was ORGcon 2010. A group of university students from all across the UK were present, and decided to start an offshoot of Open Rights Group. Our aims are campaigning for students' digital rights - both in support of ORG's wider work and in our right, with a particular focus on issues affecting students and education - as well as spreading the word to students about their digital rights.
What are we doing?
We are still much in our infancy, but growing up fast. Our target is to have a campaign ready to roll for late September to early October, to run during Freshers. This aims to inform people about the work of the ORG, and drum up more support and members to take our future campaigns further, whilst educating students old and new about the basics of digital rights.
How can I help?
We desperately need more people to help! We hold regular IRC meetings, and have our own channel, #ORG-students, on irc.freenode.net. We have a mailing list, too (Turn on JavaScript!). If you’re a student, an academic, or have an interest in helping out, please come and talk to us. We are particularly interested in ideas for future campaigns.
Our next IRC meeting is on Tuesday 3rd of August, at 2000BST on #ORG-students, irc.freenode.net.
See you there!
On Tuesday, I spoke on behalf of ORG at an event organized by Eric Joyce and Julian Huppert on behalf of the All Party Parliamentary group discussing the Digital Economy Act.
Walking into the room, it felt rather like a replay of the debates we had prior to the Act. Many of the same faces were there, including the ever-present Richard Mollett, speaking on behalf of the BPI, and others including the Federation Against Software Theft and other rights holders. Richard welcomed Org in his customary way, we sat down on oppsite sides of the room, and shortly afterwards the meeting began.
But it didn’t turn out to be a re-run of the same old points. What we heard was a growing range of voices against the Act. This wasn’t just ORG and Consumer Focus making our complaints about people’s rights, data protection, the bodged draft code and the clear breach of human rights that interference with communications presents. This debate included Coadec and Steve Lawson making some impassioned pleas on behalf of digital innovators and independent artists. And to follow them came a large number of citizens who had come to the meeting of their own accord.
You don’t usually get people speaking on their own behalf at these debates, and still less do you get artists. Steve’s points were especially well-made: he outlined how it is now possible for an artists to make an income by keeping their copyright and selling music directly to fans, while also building reputation. He pointed out how badly the old intermediaries have served many artists, and how for him, the new model was much more hopeful and sustainable.
Similarly, Coadec’s Jeff Lynn, representing digital businesses, was able to articulate the problems many of their members suffered by restrictive licensing by the traditional copyright industries. This is a point often raised by ORG, but needs to be echoed by groups like Coadec.
Encouragingly, there were some new faces among the MPs, attending. Kerry McCArthy has blogged about the meeting here.
We also heard libraries state the difficulties of the model the Act has imposed, alongside people working for digital inclusion, pointing out how much of a nonsense it is to push inclusion alongside potential disconnection measures.
More worryingly, there is an assumption among some that we will move to these punishments. We do not assume that, but it’s up to us all to make sure it doesn’t.
So, let’s welcome the appearance of artists and digital businesses at the centre of this debate. Let’s hope their voices are increasingly listened to, alongside citizen groups like ourselves, Liberty and Consumer Focus.
If you have been following ORG's comments in recent weeks you will be aware of the serious problems with Ofcom's initial obligations code. As it stands now innocent people and their families are in danger of being wrongly accused of illegal filesharing.
That's because the code fails to set out standards of evidence, and standards for the data held on customers of ISPs, and has set out a very limited appeals mechanism.
You have until Friday afternoon to respond to Ofcom's consultation on the draft code. We've made it very easy to tell them what's wrong with it. Make sure your voice is heard and submit your response now.
Firstly, the Act requires Ofcom to set the standards of evidence (Section 7/124E(2)), but instead they left that to the copyright owners in a “Quality Assurance” system.
Secondly, Ofcom is obliged to set criteria for the identification of subscribers under Section 7/124E(3), but again fails to do so leaving this task to the ISPs.
Thirdly, the Act demands that the notifications sent to subscribers contain standardised information, but the draft code does not require that from ISPs.
These are only three examples of Ofcom's failures. Help us to highlight them by sending your own quick response to the consultation [link]. Take action now, we only have two days to reply.
ORG will submit its response tomorrow highlighting the many ways the code does not comply with the DEA.
Judging by the kind comments on twitter and many conversations with people on the day, ORGCon - our first digital rights conference - was a great success. We had about 400 guests including influential MPs and activists from across Europe.
Around 400 people, including influential MPs and activists from across Europe, came together on Saturday to discuss and take action for their rights online.
Judging by conversations on the day and all the kind comments on twitter, ORGCon - our first digital rights conference - was a great success.
Thanks to everyone who came along, particularly the speakers and volunteers who gave their expertise and energy. Special thanks to James Boyle, whose inspirational talk will have drawn many more to get more involved with the movement for copyright reform.
Videos of the presentations will go online this week and will be posted to this blog. We are working to get it all up as soon as possible.
Please do give us your feedback via the comments or Turn on JavaScript! so that next year's ORGCon will be even bigger and better. In particular, what talks / sessions should we have included? And which cities outside of London could support their own digital rights conference?
The Open Rights Group will be asking Ofcom to start again as their Draft Code misses vital requirements to outline the standards of evidence. By omitting this information, Ofcom's code fails to comply with the Digital Economy Act. Ofcom's consultation closes on Friday 30 July.
The Draft "Initial Obligations Code" governs the way that copyright owners send accusations of copyright infringement to Internet users under the Digital Economy Act. In some cases, this will lead to individuals being taken to court.
Ofcom's proposal denies us the ability to check whether the methods of collecting of the evidence are trustworthy. Instead, copyright holders and Internet Service Providers will just self-certify that everything's ok. If they get it wrong, there's no penalty.
The Act requires the evidential standards to be defined - but Ofcom are leaving this up the rights holders and ISPs to decide in the future. We ask, how is anyone meant to trust this code if we can't see how the evidence is gathered or checked?
After all, only last week, we heard about people have been apparently wrongly sent accusations of downloading tracks by the Ministry of Sound. We know things go wrong, and that's why the Act requires the evidential standards to be set out. What we need now is a new consultation on a new code, that is compliant with the Act.
ORG would like to acknowledge Consumer Focus' help in detailing the areas of non-compliance with the Act.
Detail on non-compliance
Copyright owners evidence Section 7/124E(2) of the DEA requires that the initial obligations code makes the required provision about CIRs by specifying “requirements as to the means of obtaining evidence of infringement of copyright for inclusion in a report”, and “the standard of evidence that must be included”. The draft initial obligations code makes no provisions specifying the means of obtaining evidence of infringement of copyright for inclusion, and neither does it make provisions specifying the standard of evidence that must be included.
Section 3.5 to 3.7 of the draft initial obligations code outlines, in relation to evidence gathering process what it calls a “quality assurance process” but this process does not specify the means of obtaining evidence or the standard of evidence included, only that the copyright owner will have to follow the process outline in their quality assurance report which is to be submitted to Ofcom. The DEA does not require such a quality assurance system.
ISP evidence: Section 7/124E(3) of the DEA requires that the initial obligations code create provisions covering the notification of subscribers for whom the internet service provider receives one or more CIRs. These provisions include “requirements as to the means by which the internet service provider identifies the subscriber”.
In contrast, the quality assurance process outlined in Section 4 of the draft code does not make “requirements as to the means by which the internet service provider identifies the subscriber”, but instead only requires that the qualifying ISP complies with the process outlined in their own quality assurance report.
The DEA requires that Ofcom's code sets a threshold of notifications made to a subscriber in relation to a copyright owner (Section 7/124E(1)(c), in order that they are a 'relevant' subscriber whose details may be offered after a court order to the copyright owner. The code instead offers a scheme by which, after three notifications from the ISP, they are placed on a list (of “repeated infringers”). So the code sets a threshold for determining “relevant subscribers” in relation to notifications sent by ISPs and not CIRs received by ISPs. This does not comply with the DEA.
The draft initial obligations code fails to standardise information to be given to subscribers. The DEA requires the following information “about subscriber appeals and the grounds on which they may be made” to be standardised:
“information about copyright and its purpose”
“advice, or information enabling the Subscriber to obtain advice, about how to obtain lawful access to copyright works”
“advice, or information enabling the subscriber to obtain advice, about steps that a subscriber can take to protect an internet access service from unauthorised use“.
The draft initial obligations code also incorrectly requires all notifications to include information about:
“the ability of a Qualifying Copyright Owner to bring a legal action for damages in relation to an infringement”.
This is not a requirement of the DEA. It is also factually incorrect. A copyrights owner can bring an action against a subscriber for infringement, and in some circumstances, if found guilty, the court may award damages. Unlike the DEA provisions, an infringement action would be required to link the infringement to the subscriber.
In a similar vein, the draft code requires that “advice, or information enabling the Subscriber to obtain advice, about reasonable steps that the Subscriber can take to protect an internet access service from unauthorised use” be given, in line with the DEA, but goes on to require information be given as to how to:
“prevent online copyright infringement in the future”
– an impossible task. The DEA more realistically requires “advice on securing internet access services against unauthorised use”.
We would like these elements to be properly corrected so that we can consider the content of notifications properly.
The Appeals process also contravenes the process set out the DEA.
Section 13/124K(3) and (6) of the DEA provides that the initial obligations code must provide that if a subscriber appeals on the grounds that “the apparent infringement to which the report relates was not an infringement of copyright” or “that the report does not relate to the subscriber’s IP address at the time of the apparent infringement”, the appeal must be determined in favour of the subscriber if the subscriber shows that “the act constituting the apparent infringement to which the report relates was not done by the subscriber” and “the subscriber took reasonable steps to prevent other persons infringing copyright by means of the internet access service”.
The two relevant ground for appeals mentioned in the DEA are specified in Section 7.12.1 and 7.12.2. Overall the draft initial obligations code provides for five grounds of appeal in sections 7.12.1 to 7.12.5. In section 7.24 the draft initial obligations code then provides that “where a Subscriber Appeal contains a ground set out in paragraph 7.12.1, 7.12.2, 7.12.3, 7.12.4 or 7.12.5 a Subscriber Appeal must be determined in accordance with 7.22.1 if the Appeals Body is satisfied that the Subscriber has shown that, in relation to a relevant CIR: 7.24.1 the act constituting the apparent infringement to which the CIR relates was not done by the Subscriber, and 7.24.2 the Subscriber took reasonable steps to prevent other persons infringing copyright by means of the internet access service.”
It appears from the draft initial obligations code that an appeal on any grounds can only be upheld if the subscriber proves that “the act constituting the apparent infringement to which the report relates was not done by the subscriber” and “the subscriber took reasonable steps to prevent other persons infringing copyright by means of the internet access service”. The DEA only requires that the subscribers proves the above two cases where the appeal is in relation to either “the apparent infringement to which the report relates was not an infringement of copyright” or “that the report does not relate to the subscriber’s IP address at the time of the apparent infringement”. Hence the draft initial obligations code places a considerable burden of proof on the subscriber which is not required by the DEA.
Section 13/124K(5) of the DEA also requires that the initial obligations code “must provide that an appeal on any grounds must be determined in favour of the subscribers unless the copyright owner or internet service provider shows that...” “the apparent infringement was an infringement of copyright” and “the report relating to the subscriber’s IP address at the time of the infringement”. However the draft initial obligations code does not fully implement these DEA requirements. Section 7.23 of the draft initial obligations code states that “a Subscriber Appeal on any grounds may only be determined in accordance with paragraph 7.22.2 (must be rejected) if the Appeals Body is satisfied that there is sufficient evidence to show that, as respects any CIR to which the Subscriber Appeal relates or by reference to which anything to which the Subscriber Appeal relates was done (or, if there is more than one such CIR, as respects each of them): 7.23.1 the apparent infringement was an infringement of copyright, and 7.23.2 the CIR relates to the Subscriber’s IP address at the time of that infringement. “ In doing so the draft initial obligations fails to implement the clear requirement for an appeal on any ground to be determine din favour of the subscriber (that is upheld) unless the copyright owner or the internet service provider can prove that “the apparent infringement was an infringement of copyright” and “the report relating to the subscriber’s IP address at the time of the infringement”.
Section 13/124K(7) of the DEA also requires that “where the appeal is determined in favour of the subscriber, to direct the copyright owner or internet service provider to reimburse the reasonable costs of the subscriber”. In section 7.28 the draft initial obligations code states that the appeals body may only award such costs “unless it is satisfied that it would be unjust to give such direction having regard to all the circumstances including the conduct of the parties before and during the proceedings.” This is not required by the DEA and it is unclear why the right of the subscribers to have reasonable cost reimbursed is limited in this way. It is also not clear what Ofcom has in mind in relation to the reimbursement being “unjust” a term that is not defined in law or the consultation document.
There's a week and a half until Ofcom's draft code finishes its consultation on the letter writing part of the Digital Economy Act. ORG is currently preparing a detailed response, and will also be helping you to send in your views.
One of the big issues we are looking at is data protection and retention. The scheme legitimises the collection of data without consent by agencies working for copyright holders – a kind of private surveillance. The European Data Protection Supervisor (EDPS) recently went into some detail analysing what this means for privacy, in relation to ACTA, which attempts to encourage 'three strikes' regimes - and came to some very strong conclusions.
Firstly, the EDPS is clear that IP addresses are 'personal data' when collected to identify people for copyright infringement. He extends that this may be 'sensitive personal data' if criminal proceedings might result. In the UK, if copyright infringement can be criminal if "Offering for sale or hire, publicly displaying or otherwise distributing infringing copies in the course of a business" or "Distributing a large enough number of copies to have a noticeable effect on the business of the copyright owner". Both of these possibilities seem to be open under the Digital Economy Act, so some unknown portion of the data collected may be 'sensitive personal data'.
Secondly, the EDPS is highly critical of wide-scale private monitoring. This aspect has not been priorly examined by either the ICO, government or Ofcom, in the case of the DEA. No privacy impact assessment was made when drafting this legislation.
Take a read of his views below:
In a nutshell, under three strikes Internet disconnection policies copyright holders using automated technical means, possibly provided by third parties, would identify alleged copyright infringement by engaging in monitoring of Internet users’ activities, for example, via the surveillance of forums, blogs or by posing as file sharers in peer-to-peer networks to identify file sharers who allegedly exchange copyright material.
After identifying Internet users alleged to be engaged in copyright violation by collecting their Internet Protocol addresses (IP addresses), copyright holders would send the IP addresses of those users to the relevant Internet service provider(s) who would warn the subscriber to whom the IP address belongs about his potential engagement in copyright infringement....
Three strikes Internet disconnection policies have to comply with the requirements stemming from the right to privacy, as laid down in Article 8 ECHR and Article 7 of the Charter of fundamental rights, and stemming from the right to data protection as laid down in Article 8 of the Charter of fundamental rights and Article 16 TFEU, and as elaborated in Directive 95/46/EC and Directive 2002/58/EC.
In the EDPS view, the monitoring of Internet user's behaviour and further collection of their IP addresses amounts to an interference with their rights to respect for their private life and their correspondence; in other words, there is an interference with their right to private life. This view is in line with the case law of the European Court of Human Rights.
Directive 95/46/EC is applicable since the three strikes Internet disconnection policies involve the processing of IP addresses which — in any case under the relevant circumstances — should be considered as personal data. IP addresses are identifiers which look like a string of numbers separated by dots, such as 122.41.123.45. A subscription to an Internet access provider will give the subscriber access to the Internet. Every time the subscriber wishes to go onto the Internet, he will be attributed an IP address through the device he is using to access the Internet (a computer, for example).
If a user engages in a given activity, for example, uploads material onto the Internet, the user may be identified by third parties through the IP address he/she used. For example, the user holding IP address 122.41.123.45 uploaded allegedly copyright infringing material onto a P2P service at 3 p.m. on 1 January 2010. The ISP will then be able to connect such IP address to the name of the subscriber to whom it assigned this address and thus ascertain his/her identity.
If one considers the definition of personal data provided in Article 2 of Directive 95/46/EC, ‘any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number’, it is only possible to conclude that IP addresses and the information about the activities linked to such addresses constitutes personal data in all cases relevant here. Indeed, an IP address serves as an identification number which allows finding out the name of the subscriber to whom such IP address has been assigned. Furthermore, the information collected about the subscriber who holds such IP address (‘he/she uploaded certain material onto the Web site ZS at 3 p.m. on 1 January 2010’) relates to, i.e. is clearly about the activities of an identifiable individual (the holder of the IP address), and thus must also be considered personal data.
These views are fully shared by the Article 29 Working Party which, in a document on data protection issues related to intellectual property rights stated that IP addresses collected to enforce intellectual property rights, i.e. to identify Internet users who are alleged to have infringed intellectual property rights, are personal data insofar as they are used for the enforcement of such rights against a given individual.
Directive 2002/58/EC is applicable as well, as three strikes Internet disconnection policies entail the collection of traffic and communication data. Directive 2002/58/EC regulates the use of such data and provides for the principle of confidentiality of communications made over public communications networks and of the data inherent in those communications.
Article 8 ECHR sets forth the principle of necessity pursuant to which any measure that infringes the right to privacy of individuals is only allowed if it constitutes a necessary measure within a democratic society to the legitimate aim it pursues. The principle of necessity can also be found in Articles 7 and 13 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.
The principle requires an analysis of the proportionality of the measure, which must be assessed on the basis of a balance of the interests involved, which is placed in the context of the democratic society as a whole. It furthermore implies an assessment as to whether alternative measures exist which are less intrusive.
Although the EDPS acknowledges the importance of enforcing intellectual property rights, he takes the view that a three strikes Internet disconnection policy as currently known — involving certain elements of general application — constitutes a disproportionate measure and can therefore not be considered as a necessary measure. The EDPS is furthermore convinced that alternative, less intrusive solutions exist or that the envisaged policies can be performed in a less intrusive manner or with a more limited scope. Also on a more detailed legal level the three strikes approach poses problems. These conclusions will be explained below.
The EDPS wishes to emphasise the far-reaching nature of the imposed measures. The following elements must be mentioned in this regard:
(i) the fact that the (unnoticed) monitoring would affect millions of individuals and all users, irrespective of whether they are under suspicion;
(ii) the monitoring would entail the systematic recording of data, some of which may cause people to be brought to civil or even criminal courts; furthermore, some of the information collected would therefore qualify as sensitive data under Article 8 of Directive 95/46/EC which requires stronger safeguards;
(iii) the monitoring is likely to trigger many cases of false positives. Copyright infringement is not a straight ‘yes’ or ‘no’ question. Often Courts have to examine a very significant quantity of technical and legal detail over dozens of pages in order to determine whether there is an infringement;
(iv) the potential effects of the monitoring, which could result in disconnection of Internet access. This would interfere with individuals’ right to freedom of expression, freedom of information and access to culture, e-Government applications, marketplaces, e- mail, and, in some cases, with work-related activities. In this context it is particularly important to realise that the effects will be felt not only on the alleged infringer, but all the family relatives that use the same Internet connection, including school children who use the Internet for their school activities;
(v) the fact that the entity making the assessment and taking the decision will typically be a private entity (i.e. the copyright holders or the ISP). The EDPS already stated in a previous opinion his concerns regarding the monitoring of individuals by the private sector (e.g. ISPs or copyright holders), in areas that are in principle under the competence of law enforcement authorities.
The EDPS is not convinced that the benefits of the measures outweigh the impact on the fundamental rights of individuals. The protection of copyright is an interest of right holders and of society. However, the limitations on the fundamental rights do not seem justified, if one balances the gravity of the interference, i.e. the scale of the privacy intrusion as highlighted by the above elements, with the expected benefits, deterring the infringement of intellectual property rights involving — for a great part — small-scale intellectual property infringements. As indicated by the Opinion of Advocate General Kokott in Promusicae: ‘It is … not certain that private file sharing, in particular when it takes place without any intention to make a profit, threatens the protection of copyright sufficiently seriously to justify recourse to this exception. To what extent private file sharing causes genuine damage is in fact disputed’.
In this context, it is also worth recalling the European Parliament’s reaction to ‘three strikes schemes’ in the context of the review of the telecoms package, particularly Amendment 138 to the Framework Directive. In this amendment it was laid down that any restriction to fundamental rights or freedoms may only be imposed if they are appropriate, proportionate and necessary within a democratic society, and their implementation shall be subject to adequate procedural safeguards in conformity with the ECHR and with general principles of Community law, including effective judicial protection and due process.
In this view, the EDPS further underlines that any limitation to fundamental rights will be subject to careful scrutiny both at EU and national level. In this context, a parallel can be drawn with the Data Retention Directive 2006/24/EC, which derogates from the general data protection principle of deletion of data when they are no longer necessary for the purpose for which they were collected. This directive requires that traffic data are retained for the purpose of combating serious crime. It has to be noted that retention is only allowed for ‘serious crime’, that the retention is limited to ‘traffic data’ which in principle excludes information about the content of communications, and that stringent guarantees are adduced. Nevertheless, doubts have been raised on its compatibility with fundamental rights standards; the Romanian Constitutional Court decided that blanket retention is incompatible with fundamental rights, and there is currently a case pending before the German Constitutional Court.
The coalition government's pledge to roll back the database state will be debated by a panel of the most vigorous privacy crusaders at a conference for digital rights in London on Saturday 24 July.
The new government has pledged to reign in the worst excesses of the database state, including ID cards and Contact Point. But privacy advocates warn such promises will not be fulfilled without more hard campaigning work. And there are more battles ahead to embed meangingful protections in law, in institutions and technology, and achieve real control over our personal data.
Phil Booth, who has headed up NO2ID's fight against the database state since 2004, said:
"In past weeks we've had to fight harder than ever for freedoms and privacy. Despite some great headlines, the Coalition has fallen short in the execution - which is the only thing that counts. Keeping the pressure up is vital. Stopping the database state was never going to be easy, and it's certainly not something we can leave up to politicians alone."
Phil will be joined on the panel by Ross Anderson (Foundation for Information Policy Research), Terri Dowty (Action on Rights for Children) and Alex Deane (Big Brother Watch)
ORGCon is a low-cost conference where campaigners can find out about and take action in support of their digital rights. Other speakers confirmed for the conference James Boyle, Tom Watson MP and Cory Doctorow. ORGCon takes place in London on 24 July. There are still a few tickets left.
ACTA, the international trade agreement causing divisions between the EU and developing nations, will face intense criticism from Jérémie Zimmermann at Britain's first ever digital rights conference.
Activists are particularly incensed at the inclusion of the repressive copyright regulation that caused a virtual revolt during the passing of HADOPI laws in France and the Digital Economy Act in the UK. Jérémie led the fight against HADOPI in France.
Jérémie Zimmermann, the scourge of ACTA and spokesperson for citizen advocacy group La Quadrature du Net, said:
"ACTA will hinder global development by exporting the worst anti-competitive and dangerous enforcement system of copyright, patents and trademarks.
"The ACTA agreement will also stifle online freedom of speech and privacy as it is aimed at circumventing democractic process, in total opacity, and with no oversight from the citizens."
Jérémie's latest success is in persuading many MEPs to sign a "Written Declaration" condemning the revelations of potential erosions of human rights. The declaration is currently around 30 signatures short of gaining a majority, and being adopted by the Parliament.
Also joining him on the panel will be Becky Hogge, former Executive Director of the Open rights Group, and Michelle Childs, from Medecin sans Frontiers.
ORGCon is a low-cost conference where campaigners can find out about and take action in support of their digital rights. Other speakers confirmed for the conference include Tom Watson MP, another vociferous critic of ACTA, Cory Doctorow, activist and author. ORGCon takes place in London on 24 July.
Over 300 people are booked to attend ORGCon and tickets are running out fast so get yours now!
ORGCon is your crash course in digital rights. This one-day conference will deliver everything you need to get campaigning on issues like the Digital Economy Act and the Database State.
As well as stellar speakers James Boyle, Cory Doctorow and Tom Watson, there'll be contributions from Liberty, NO2ID and Big Brother Watch.
See the full programme here.
When? Saturday 24 July, 1030 - 1830
Where? City University, City University London, St John St, EC1 4 London
News that TalkTalk and BT are challenging the Digital Economy Act in court is extremely welcome. It is a vindication of our view that the legislation should not have been rammed through parliament in the dying days of the last government.
The government at the time ignored the fact that EU legislation requires that the Commission be given three months to ensure that ‘technical’ legislation complies with relevant EU laws. This includes data protection, privacy and ecommerce legislation. It will be very interesting to see the details of their case.
In the meantime, Ofcom’s informal discussions are finding the omissions inherent in the Digital Economy Act difficult to deal with. No privacy impact assessment was undertaken when the bill was rushed through parliament and we hear that the Information Commissioner is defining IP addresses as being personal data in the context of the notification process established by the Digital Economy Act.
Since they are being used to identify subscribers, and accuse them, this seems only right. This means that rights of access to that information apply, we believe, including from the third party agencies who will collect the IP addresses on behalf of rights holders.
Ofcom have also been keen to avoid questions about the real effect of receiving notification, which are technical measures.
Other provisions of the Digital Economy Act also cause considerable headache as the difficult questions in relation to public intermediaries and open wifi have been avoided by the consultations, ministers, the Digital Economy Act and now Ofcom. The Act requires “subscribers” to take ‘reasonable steps’ to close their network from abuse, and Ofcom does not wish to discourage open wifi networks, they say.
But if you run an open access network, without requiring users to register, what reasonable steps could you take? Port blocking and firewalls are ultimately pretty useless. Much Bit torrent traffic is also entirely legitimate. Many users on many networks may wish to use this traffic, so taking ‘reasonable steps’ to stop the use of bit torrent to infringe copyright without stopping legitimate uses is very difficult, if not impossible.
This puts universities, libraries and open source businesses in an impossible position, and we hear that companies are already advising people to close down wifi networks, to avoid legal risks. Ofcom is now passing the “reasonable steps” bug to the Appeals Body.
Today, ACTA negotiations begin in Luzern. Despite mounting opposition from developing countries like India, China and Brazil, the EU is apparently rushing to get the Treaty agreed.
From La Quadrature du Net:
Luzern, 28th June, 2010 A new round of negotiations of the anti-counterfeiting trade agreement (ACTA) is beginning today between 11 negotiating parties -including the EU- in Luzern, Switzerland. All around the world, organizations of concerned citizens, people living with HIV, and academics urge governments to renounce to this illegitimate agreement.
According to the civil servants representing France and EU, negotiations of the ACTA are rushing to reach a final agreement. Tonight, representatives of Act Up-Paris and La Quadrature du Net will be part of a delegation meeting with negotiators. They will let them know once again why ACTA must be stopped.
- ACTA will restrict online freedom of speech and privacy. By increasing legal liability of Internet actors (service and access providers), they will be turned into private copyright police, and will have to restrict access, filter the Net or arbitrarily remove online content.
- ACTA will be a barrier for access to medicine. By preventing the production and the exportation of generic molecules, it will block millions of sick people from access to life-saving drugs, only to preserve the profits of big pharmaceutical labs.
The ACTA agreement is becoming a cocktail of the most repressive European and US legislations about copyright and patents. If finalized, these laws will be frozen and become virtually impossible to change. They will then be exported to the rest of the world through bilateral agreements.
"ACTA would affect the access to treatments worldwide, because it will hinder the access to cheap generic drugs. Without generic drugs, it would have never been possible for 4 millions people to have access to antiretroviral drugs. If concluded, ACTA would be a terrible stepback for millions of people living with HIV worldwide." declares Pauline Londeix, spokesperson for Act Up-Paris.
"ACTA is like a poker game in which our fundamental freedoms would be the chips. The negotiators have no legitimacy to bet away citizen rights and Internet innovation to a few industries. The ACTA casino must be closed." concludes Jérémie Zimmermann, spokesperson for citizen advocacy group La Quadrature du Net.
Journalism, the NUJ's in-house magazine, is reporting that the NUJ is calling for repeal or further amendment to the Digital Economy Act. Their resolution deals with internet cut-offs as well as web blocking.
The NUJ joins Liberty and Consumer Focus as well as ORG in drawing attention to the continuing human rights and censorship concerns. Their resolution, passed in May, reads:
1. Any measures to allow the blocking of websites must be implemented in such a way that fully protects the freedom of information and expression. Sites that link incidentally to illegally-distributed material, such as search engines, or that inadvertently distribute material illegally, such as sites based on user-generated content or free wifi providers, should be exempted from the provisions. The possibility of a public interest defence should be made explicit in the implementation of the Act's provisions.
2. The NUJ should work with colleagues in the FEU [Federation of Entertainment Unions] to support new ways to make entertainment pay as an alternative to the counter-productive repressive measures in the Digital Economy Act. Many of these will include online systems where there are NUJ members or potential members.
3. The union should support, in principle, efforts to challenge the Act in the courts to ensure that any measures that are implemented are fair and consistent with international law.