In June 2012 Ofcom published its revised Initial Obligations Code. The Code is supposed to set out how the Digital Economy Act will work in practice, by specifying who will receive copyright infringement notices and which ISPs will have to process them. This is the second version of the Code, after an initial consultation in 2010. At that time, ORG and many others highlighted a number of issues including the position of those provising public wifi access and the standards of evidence required to establish an infringement of copyright may have taken place.
In this submission to the latest consultation we note in particular the remaining problem for wifi providers who have no certainty about their position, and recommend that Ofcom produce a further version of the Code that properly addresses such issues.
The submission is available as a pdf and was submitted to Ofcom on 26th July 2012.
Initial Obligations Code consultation. Open Rights Group response. 26th July 2012.
We welcome the opportunity to respond to the consultation on the revised Initial Obligations Code.
It is clear that work has been done to try to address concerns raised through the original consultation, for example regarding standards of evidence and processes for identification of subscribers.
However, we still believe significant problems remain. Ofcom has not done enough to address the problem of wifi providers, leaving libraries, cafes and other wifi providers in an uncertain position as the Code comes into force.
Furthermore, we note that the consultation period is unusually short, and that the document suggests submissions relating to 'drafting' issues rather than substantive points. It is not clear why this is the case, especially given the consultation on the Sharing of Costs Order (which admittedly involves some complex issues but has also been consulted on before) is running until 18th September. To be consistent at least with the spirit of Section 403 of the Communications Act, and given the significance of the proposed measures for those affected, it would be more appropriate to be running a proper consultation.
We recommend that Ofcom produce a further revised Code that properly addresses the substantive issues identified in this consultation, most seriously the position of many wifi providers.
1. Continued uncertainty for wifi providers
The definitions of ISP, subscriber and communications provider leave a number of bodies and organisations in an uncertain position.
In the consultation document, it is argued that cafes, bars, hotels and similar establishments, which are not currently excluded from the Code (henceforth referred to as 'wifi providers') have 'clarity as to whether or not the Code applies to them or will be applied to them in the immediate future.' (paragraph A5.41)
According to the consultation document, they will be considered an ISP if they have an implied, oral or other agreement with a subscriber. And they will usually be a 'non-qualifying ISP', as they are likely to have fewer than 400,000 'subscribers'. They will therefore not be subject to obligations, should they successfully communicate to their upstream ISP that they are a non-qualifying ISP.
However, the position is still not clear or certain. The confusion can be summed up by comparing paragraphs A5.40 and A5.53 of the consultation document. Paragraph A5.40 suggests that 'a very broad range of providers are ISPs for the purposes of implementing the DEA provisions (though they may not be qualifying ISPs)'. Paragraph A5.53 then states Ofcom consider a person or an undertaking 'receiving an internet access service for its own use is a subscriber...even if they make access available to third parties and, in that regard, constitute communications providers'.
Should the guidance given at A5.53 prove to be an accurate reflection of how the Code will operate in practice, small providers such as cafes will be required to operate two segregated internet subscriptions to avoid liability.
Further, this effectively gives no clarity to those wifi providers, resting as it does on ISPs, wifi providers, copyright owners and the appeals body recognising, agreeing and noting the distinction and for which providers it is appropriate in which circumstances.
This is guidance, or more specifically Ofcom's 'understanding of how the DEA provisions may apply to them'. In addition to the lack of clarity in these explanatory notes, there is no certainty that this is how the Code will be interpreted in practice. Will ISPs be bound by this interpretation? Could a copyright owner demand that notices be sent, and will they be able to challenge decisions made by ISPs? It is also entirely possible that an appeals body will draw different conclusions to those Ofcom sets out in the consultation document. Ofcom are leaving providers waiting on the interpretation of the tribunal, thus denying them any legal certainty.
The result of this situation is that wifi providers of all varieties may end up being considered subscribers, thus becoming the subject of Copyright Infringement Reports.
Why this matters
Our concern is that this problem will see cafes, hotels and other businesses faced with disproportionate costs. As a result they may be disincentivised from providing internet access. Libraries are in the same situation, as either subscribers or (likely non-qualifying) ISPs, without the certainty of knowing their position. Indeed, libraries have repeatedly asked for greater clarity, most recently calling for an exemption with universities and other research institutions.
There is also no certainty that libraries and other institutions will be able to avoid receiving copyright infringement reports, facing the appeals process (and ￡20 appeals fee), for example. We do not believe it is proportionate to impose the costs of managing the Code's provisions, especially at a time of severe resource constraints for education institutions.
This issue would also affect shared households, where the account resides with one occupant who has an agreement with others to share the costs of provision.
These are not new issues. Such concerns have been repeatedly set out by libraries, schools, and hospitality organisations in their statements about the Digital Economy Act and subsequent iterations of the Code, and it is worth revisiting their concerns to demonstrate the long standing nature of this problem. (See for example the response of the Museums, Libraries and Archives to Ofcom's Draft Initial Obligations Code consultation.)
All are concerned about their status whether as either ISPs, or as subscribers, and the liability they will incur whichever category they may fall into. For example, JD Wetherspoon offer 767 free Wi-Fi hotspots around the country. They have said that 'it would be impossible to police what people are searching on their computer. We don’t have the manpower, nor would we want to go up to someone’s computer and peek over it.'
Similarly, a joint submission from the British Hospitality Association, British Beer and Pub Association, and British Holiday and Home Parks Association outlined their serious concerns about their members being defined either as subscribers, or communications providers, concluding that:
“If the Act is eventually implemented in full, many of our members are likely to withdraw internet/wi-fi facilities, a retrograde step given the technological age in which we live, work and socialise.”
Further, MPs at the time of the Act's passing repeatedly stressed that the position of public wifi providers must be addressed. On 6th April 2010, Rt Hon Don Foster MP argued that organisations such as hotels and cafes will be “very vulnerable to the legislation”. John Whittingdale MP said that “Nobody has yet explained to me how we will deal with university halls of residence...Nobody has explained how we are to deal with internet cafés and wi-fi zones, all of which are proliferating.” Peter Luff MP said: “It is no exaggeration to say that, unless those concerns about illegal file sharing in public places are properly addressed, this could be the end of public wi-fi, which would be very serious indeed.”
Wifi as a key part of the digital economy
Internet use outside the home has become an important piece of the supporting infrastructure of the networked world.
Looking back to Ofcom's Communications Market Report 2010, the year the Act was passed, 72% of respondents said they accessed the Internet at home. However, a range of other often public places are used for accessing the Internet by significant numbers of people. 'Work' was mentioned by 25% of respondents, 10% mention somebody else's house, 11% at a library or educational institution, and 2% at a cafe, shop or kiosk.
6% of people in the UK said they 'only ever access the Internet outside of the home'. In addition, over a third of all mobile Internet access is 'on the go'. The figures are not broken down in the 2010 report. However, given many smartphones now offer wifi connectivity, it is likely that some of this occured at wifi hotspots in cafes and other public places.
The most recent Ofcom market report suggests that 81% of smartphone data traffic was carried over wifi in January 2012. Wifi was found to an important means for smartphone users to maintain Internet access when faced with mobile data limits. And smartphone users were found to regularly use wifi outside of the home – in public places (67%), ‘out and about’ (63%), or at work (43%), for example. The report says that “this could include wifi in friends’ houses or in coffee shops, shopping centres or on public transport....Many public locations now offer wifi access to members of the public, though only some of them offer access free of charge.”
The Oxford Internet Institute's Internet Survey 2011 defines the 'next generation' Internet user as being 'someone who accesses the Internet from multiple locations and devices.' They find that 'whome access remains the primary way to access the Internet, other places such as schools, libraries and Internet cafés also remain important. With the exception of work access, all locations of use have remained stable or increased slightly compared to 2009'. The report goes on to note that 'most notable is the dramatic increase in the use of the Internet on the move, rising from 20% in 2009 to 40% in 2011.' (Page 10)
It is clear that Internet access increasingly happens in a variety of places, over a variety of connections.
The Act and Code effectively kills off open publicly available wifi and places disincentives to the continued proliferation of wifi spots in the UK.
Both Ofcom and the government have failed to provide those who offer the infrastructure that enables this the requisite legal clarity. It is especially strange given that Ofcom have exempted large public wifi providers, and those who will be affected have repeatedly asked for clarity and assistance.
Scope for an exemption
Ofcom may feel unable to further clarify the definitions of subscriber, ISP and communications provider. However, we maintain that they should be able to exempt certain types of organisation or services from the obligations and powers set out in the Code.
Ofcom argue that they are unable to exempt certain types of wifi providers because this was not the Government's intention at the time of passing the Act. This position is set out in paragraph A5.48 of the consultation document. That refers, via a footnote, to the document 'Online infringement of copyright: libraries, universities and Wi-Fi providers', which Ofcom argue states that the government's intention was not to create an exemption.
Whilst the document states it was not the intention of the government to exempt libraries, it goes on to state that 'there is scope for the Code to reflect the position of libraries, universities and wifi providers'. This is not something the Code has adequately addressed.
We remain unconvinced that the indications set out in this aforementioned BIS document should entirely determine Ofcom's drafting of the Code following the passing of the Act. For one thing, by relying on previous government guidance, Ofcom have avoided providing their own explanation for why further exemptions are not desirable, based on a sober analysis of the effect of the provisions.
They do not seem to have given the issue sufficient consideration of their own, or at least have failed to publicly do so. As such, we believe there is an argument to be made that in constraining itself by the position of the 2010 BIS document, Ofcom could be fettering their discretion.
The Secretary of State must approve the Code. However, it is not clear that the current Secretary of State would object to the exemption of certain classes of organisation, in particular libraries and universities. It is certainly not clear why they may object. Indeed in a letter to the Strategic Content Alliance in January 2011, DCMS Minister Ed Vaizey stated that 'libraries and universities will not be within scope of the obligations'.
We cannot understand how it has been beyond Ofcom and DCMS combined to properly address the issue of publicly available wifi.
We recommend that Ofcom create an exemption for libraries, universities and educational establishments, and for businesses providing wifi to customers. They could do so with the powers under section 124(A), to regulate who may receive CIRs. If they feel unable to do so, DCMS should instruct them to create such exemptions.
Issues with paragraph 3
Paragraph 3 of the Code sets out the relationship between wholesale and retail ISPs:
“Where a qualifying ISP contracts with another person for the provision of fixed internet access services to that qualifying ISP's fixed subscribers, the qualifying ISP must process any copyright infringement reports received by that person or ensure that any such reports are processed on its behalf in accordance with this Code” [emphasis added]
There are two issues to note with this paragraph.
First, we suggest the use of the word 'that' is somewhat unclear. It should be clarified to ensure that it is clear to which entity 'that' refers – the 'qualifying ISP' or 'another person'. Transparency and clarity for all those affected by the provisions of the Code is important, particular considering that contravention of the Code is a grounds for appeal.
Second, we are concerned that paragraph 3 may lead to a number of practical problems. In this paragraph there is 'a qualifying ISP' ('A') and 'another person' ('B'). The CIR is 'A''s CIR, coming out of a quota allocated to the copyright owner for that ISP and not for 'B'. We are concerned that without further elaboration, there will be estimate and cost issues. For example, estimates for the numbers of CIRs to be sent to B will not be clear, and 'B' may not be notified by the copyright owner and given the relevant advance payment.
2. Effectiveness and proportionality
The Digital Economy Act states that the provisions in the Code be “proportionate to what they are intended to achieve” (124E(1)(k)) and “that the provisions of the Code are objectively justifiable in relation to the matters to which it relates” (124E(1)(i)).
We note the lack of a full assessment of the likely levels of infringement on publicly available wifi, and the argument that due to low levels of infringement and the costs of being subject to the Code, public wifi providers should be exempt.
Ofcom felt able to make assumptions about the cost of obligations and the levels of infringement on certain public wifi services, but not on the broader set of wifi providers. No similar analysis is apparent for other classes of internet access providers. We believe levels of infringement would be similarly low, and that such services are a significant part of wifi infrastructure. For example, Ofcom could look to the aforementioned Market Reports on the proliferation of wifi and the continued importance of widely available wifi across locations.
We believe that Ofcom should commit to undertaking such a review, which should include an examination of the likely effects on provision and levels of use, ahead of finalising this Code. Without it, it is hard to see how the Code can be considered to be consistent with section 124E of the Digital Economy Act.
In the week of the consultation deadline, Open Rights Group asked people to send their stories of providing wifi access points, and to express their concerns about the Code and how it may affect them. Appendix A includes quotes from these case studies.
Further, to understand whether the Code is proportionate and objectively justifiable it will be critical to establish robust measures of the effectiveness of the implementation of the Code. The Act is aimed at the somewhat arbitrary target of a 75% reduction in file-sharing, set with reference to very little independent evidence.
Figures surrounding levels of infringement are likely to be controversial. It is imperative therefore that the metrics Ofcom uses are robust and inspire confidence in stakeholders monitoring the working of the Code. This process should involve an open consultation process.
We would helpfully point at the recent figures quoted from New Zealand, that state a reduction in piracy of 50% following the introduction of their comparable law. (See http://www.bbc.co.uk/news/technology-18953353 and http://tvnz.co.nz/national-news/four-in-10-kiwis-still-flout-piracy-laws-4979767 ) The most significant issue here is that the numbers quoted come from industry representative bodies and are cited in submissions requesting alterations to the fee structure for notifications. This helps to demonstrate that robust and 'independent' bench marks are required, developed by Ofcom, against which the efficacy of the Code should be judged. The figures about impact need to inspire confidence across stakeholders.
3. Evidence standards and identifying users
It is critical that evidence standards are high and respected. We appreciate the work Ofcom have done to move to address concerns on this area since the previous iteration of the Code. We do believe that room for improvement remains.
The development of the proposed standards, which Ofcom are sponsoring, should be completed well ahead of the commencement of the evidence gathering, to ensure that Ofcom has a robust standard against which to assess the evidence gathering processes.
The development of the standard should be open to public scrutiny. In particular, we recommend that the contributions of experts in the field of detection online are incorporated. For example, we commend the report from Dr Richard Clayton, 'Online traceability', to Ofcom, which clearly sets out the key issues that need addressing for an evidence gathering process to be considered robust.
We suggest that any such process should involve requiring a full download of the relevant file. Actually downloading a file shows it really is the file expected and it really was available from that IP address at that time.
Furthermore, in the explanatory notes, at 4.49, Ofcom state that 'our expectation is that a copyright owner will be well placed to secure approval from Ofcom if it adopts evidence-gathering procedures that comply with the standard that is developed'. We suggest it would be more appropriate for Ofcom to state that approval will only be given if the process they propose complies with the standard that is developed.
We are further concerned that ISPs are only required to notify Ofcom of the process used to match IP to subscriber, not get them pre-approved. There is a real possibility of mistakes in their processes and we believe ISP processes should require approval from Ofcom.
In paragraph 4(4), Ofcom states that copyright owners need to hold evidence that gives them 'reasonable grounds to believe' that an infringement has taken place. Similarly, in paragraph 6(5) Ofcom state that 'Ofcom must consider whether evidence gathered under the procedures and systems described will give reasonable grounds to believe that...' a subscriber has infringed copyright.
We do not believe this is a strong enough standard. In civil cases, copyright owners need to prove that on the balance of probability an infringement has taken place. We suggest the aforementioned paragraphs are amended so that the evidence standard is 'on the balance of probabilities', rather than 'reasonable grounds'. Further, paragraph 6(5) should also be amended to remove 'consider', and ensure that Ofcom will only approve an evidence gathering if it demonstrates that on the balance of probabilities an infringement has taken place. This should save time and expense where cases reach court, where higher standards will be required.
A. Requirement for disclosure of means of obtaining evidence
We recommend that Ofcom amends paragraph 5(1)(e) to ensure that the subscriber receives all the necessary information about the means used to obtain evidence, rather than simply 'information which would enable the subscriber to identify the means used'. This would enable the requisite clarity and transparency for the subscriber.
Open Rights Group has already documented a case of a scam, resting on misrepresentations of the Digital Economy Act. Such schemes rely on people being unable to easily establish the veracity of letters they get sent. Full transparency regarding which copyright owners obtain evidence and how, through full publication of the reports provided to Ofcom could work as a reference for the individuals affected and help combat these scams.
B. Oversight of information provided to subscribers
We agree with Richard Clayton's analysis in his expert technical report of information that should be presented to subscribers. Dr Clayton distinguishes between three types of information:
“88. Therefore, monitoring systems should be designed in such a way as to clearly distinguish between:
information that needs to be kept entirely secret – such as the IP addresses from which the monitoring is done, which if ever disclosed would render the monitoring ineffective;
information that is merely proprietary – such as the system source code, whose disclosure could assist unscrupulous competitors, but that court appointed experts might reasonably be permitted to inspect;
and, information which provides part of the trail of evidence thatdemonstrates that monitoring has been correctly performed. There should be no objection to providing this information to subscribers who are notified that their Internet connection is believed to have been used for copyright infringement through peer-to-peer file sharing.”
We are concerned in this respect about paragraph 6(4). It could be used to withhold information from subscribers that informs them fully of the means of gathering evidence relating to the allegation of infringement. We recommend that this paragraph is amended, to ensure that information can only be withheld with the approval of Ofcom, who should ensure that this does not undermine the need for transparency in the face of allegations of infringement.
The consultation document sets out that “the standard should also allow independent parties to audit and certify copyright owner evidence-gathering processes, thus creating systems which will establish stakeholder confidence.” (Page 20) We believe that Ofcom should take responsibility for auditing. This would provide for a more robust auditing process, in particular helping to avoid favourable auditing, thus fostering the requisite confidence.
We are disappointed that further grounds for appeal have been withdrawn on the instruction of government. Ofcom are, we accept, constrained by such instructions given the Secretary of State must approve the Code. However, we suggest that Ofcom should have set out the reasons why the Government instructed them to remove 'any other grounds'. And we suggest this may discount legitimate appeals. There are likely to be situations that do not fit the grounds now specified.
For example, Ofcom and the government appear to suggest that wifi providers will be able to establish their status as ISPs via an appeal following the receipt of a CIR. In the explanatory memorandum that accompanies the revised Sharing of Costs Order, for example, DCMS state that:
"Of course libraries will still be subject to receiving notifications should they be detected by copyright owners infringing their copyright – but so far as that infringement is done by one of their customers using their services they can appeal on the basis that they were operating in that instance as an ISP" [emphasis added] (See http://www.legislation.gov.uk/ukdsi/2012/9780111525838/pdfs/ukdsiem_9780111525838_en.pdf page 4, paragraph 10.4)
However, no grounds for appeal (under paragraph 25 of the Code) exists for them to do so on this basis. It is therefore not clear how DCMS can expect wifi providers to bring such a claim to an appeal, following their instruction to Ofcom to remove further grounds from the Code.
We suggest a further full analysis of possible scenarios for appeal, alongside an analysis of what may be considered 'vexatious', to establish the appropriate grounds that should be included within the Code. We are concerned that currently such an analysis has not taken place.
We are also concerned about the time to appeal, which Ofcom set at 20 days. Responses to notifications may require legal or technical advice, which could easily take the subscriber beyond the 20 day limit.
5 case studies of wifi providers.
These are quotes taken from testimonials submitted to ORG following a request for stories about how providers or users of wifi felt they may be affected by the Code. They are intended to reflect the concerns felt by smaller wifi providers and the possible impact upon their provision of wifi access.
1. Christine Conder
“We (a community charity) run a free wifi network in a village. We are part of a European Living Lab, helping researchers at Lancaster University discover the impact of the internet on a rural community.
The Digital Economy Act, if implemented, will really spoil our project, as it will take so many more man hours to regulate. We already comply with the demands made by any copyright owner if content is downloaded from our connections and don't see why further legislation is necessary.”
2. Nathan Jeffrey
“I provide an open access point as a service to the disadvantaged members of the local community, who may be able to use it. These sorts of reforms will seriously damage the ability of people like myself to do something positive for the local community.”
3. Robert Harrison
“I provide wifi to customers and my staff at my business and at my home. I worry that I may be held responsible for what travels over my networks if the Digital Economy Act is not amended or preferably stopped entirely. If it goes through I will have to stop providing this service and maybe even cease trading. I do not think the appeal process allows enough time. I run a business and do not have time to deal with such things.”
4. Esther Payne
“We provide encrypted wifi to our staff and guests who we give the code to. We are a mobile workforce who uses public wifi whenever possible.
Although we make a large effort to secure our network, as we grow as a business we have no right to check any visiting clients' data or visitors' data for that matter.”
5. Mark McBride
“Barnstondale is a very small charity that is focused on providing residential stays to disabled and disadvantaged children. To meet demand we have made free wifi available to all our visitors.
I believe we have acted with the highest responsibility in making the free wifi available subject to terms and conditions which state that the individual is responsible for what they download and that the connection is not to be used for any illegal activity. And yet despite our efforts and despite providing a free service at our own cost the DE Act would seek to criminalise us. Were the Obligations Code to hold us responsible for all our visitors usage we would be forced to disable the free wifi.”