We have highlighted the problems with the Ofcom filesharing code, most importantly that the code does not comply with the Digital Economy Act.
Ofcom have not assured us that our concerns will be met, apart from WiFi where they admit they got the messaging wrong.
We have now written to them and specifically asked what they will do about it. Here are the questions we put to them.
1. Will you guarantee full transparency of the standards of evidence for rights-holders?
2. Will you guarantee full transparency of the methods for the identification of subscribers for ISPs?
3. The Act requires the following is part of the notification letter.
* “information about copyright and its purpose
* “advice, or information enabling the Subscriber to obtain advice, about how to obtain lawful access to copyright works
* “advice, or information enabling the subscriber to obtain advice, about steps that a subscriber can take to protect an internet access service from unauthorised use”.
Will this information be required in the letters?
4. The Appeals process incorrectly interprets the DEA provision that an Appeal must succeed if the information about the infringement is incorrect. Instead, it states that an Appeal can only be rejected if the evidence is correct. This removes the automatic right in the DEA for an Apellant to have a successful outcome if the evidence is in any way incorrect.
Will this be corrected?
5. Do you recognise that securing a wireless network is not required by the Act?
Do you recognise that it will not be difficult to circumvent any protection of the network and that cafe owners will be wrongly accused of filesharing if people use their access through those means?
Do you recognise that this deincentivises businesses setting up or running a WiFi network?
6. There are serious concerns with regard to the legitimacy of private surveillance that the code requires. This has been raised by Peter Hustinx, the European Data Protection Supervisor, with regard to ACTA. Do you recognise these problems?
Is the ICO involved at every stage of setting up the data collection process?
7. We also believe that the definition of copyright owner in the code is incorrect and could lead to incorrect advice, privacy abuse and unfair release of personal data.
The code and the Act state that a “Copyright Owner” means “(a) a copyright owner within the meaning of Part 1 of the Copyright, Designs and Patents Act 1988 (see section 173 of that Act); or (b) someone authorised by that person to act on the person’s behalf ”.
It is likely that agencies such as Logistep will be hired to act as agents under definition under b) since they have the necessary technology for tracking file sharing. Additionally the BPI and Motion Picture Association of America (MPAA) are likely to act on behalf of major copyright owners.
It seems quite possible that all of these different types of organisation will be issuing CIRs, and indeed might even all detect the same activity at the same time. We do not believe that Ofcom have properly considered the ramifications of this.
Problems are likely to arise when ISP put together CIRs from the same copyright owner. It's unlikely that ISP databases can cope with dealing with multiple reports for the same event.
There is a solution to this problem. We note that s124B(1)(b) permits Ofcom to use the Code to limit access to copyright infringement lists. We strongly recommend that the Code should require that only an actual copyright owner (ie: the CDPA 1988 definition) may request the copyright infringement list, and the database issues should be addressed by making it explicit in the Code that the provider (the ISP) will need to match the actual owners name and address (ie the data supplied in #3.3(b) not in #3.3(a)) when it creates such a list.
Do you recognise the problems outlined above and, if so, will Ofcom require that only the actual copyright owner may request the infringement list?