Open Rights Group

Home Research Response to the Consultation on Cost Sharing

25 May, 2010 Florian Leppla

Response to the Consultation on Cost Sharing

Online Infringement of Copyright (Initial Obligations) Cost Sharing
Consultation Document

Response of the Open Rights Group

The Open Rights Group (ORG) has been a consistent respondent to the Government’s consultations on the issues of copyright and welcomes the opportunity to respond to the BIS cost consultation.

Summary

This is the first consultation on the new copyright enforcement regime created by the Digital Economy Act. It is therefore the first test of the Government’s intentions and will show whether the interest of the public and those wrongly accused are paramount or whether convenience and rights holder interest are still dominating the public policy process.

It is not in the public interest to pass the cost of copyright enforcement on to Internet users, the vast majority of which are law abiding. Yet the proposed cost splitting between rights holders and ISPs will do exactly this.

It is not in the public interest to create barriers to stop people from contesting incorrect copyright infringement accusations, yet this seems to be precisely the intention of the proposal to charge for accessing the “appeals process”.  

It is also paramount to understand the volume of potential copyright infringement accusations that are likely to be generated. The Government must also consider the standard of evidence of these accusations which may be lacking. Putting together high volumes and significant inaccuracies may generate large numbers of completely legitimate complaints. It is imperative that those wrongly accused are able to clear their name. The cost regime must hold this objective highest in order to protect the public interest.

There are three main areas of concern.

Firstly, splitting costs between right holders and ISPs would mean that innocent broadband customers would have to pay for the process as ISPs will pass costs on to them. Rights holders who have pushed for enforcement measures in the Act and are solely beneficiaries of the them should therefore bear the full costs.

Secondly, costs should not be imposed on customers as they may cause a barrier to accessing an appeal. Any customer with a case that meets any of the predefined grounds of appeal should be able to appeal a notification without bearing any costs.

Thirdly, there are a number of technical problems in issuing and processing correct CIRs. Likely errors could originate from the monitoring system and at the ISPs. ORG strongly recommends to set up clear penalties in order to avoid unsynchronised clocks and incomplete records.

5 Costs
5i Eligible costs

It is not clear from the consultation document who will bear the costs with regard to charges brought as a result of false claims (e.g. defamation). Will ISPs be indemnified if this situation occurs?

5ii Cost sharing

5.13  Nevertheless this is a critical point. ISPs will need to put systems in place in order to discharge their obligations. All parties want the ISPs to put in place systems that are as efficient and economic as possible. Processing high volumes of notifications efficiently will require automation and significant capex but no ISP will be prepared to commit to high capex unless they have a very good idea of the expected volumes of notifications.

ORG sees a problem in ISPs setting up and operating this system. It seems that their incentive is to run the system cost effectively so there is clearly the danger of not investing enough money and ending up with inadequate systems. This would have unintended and bad consequences for customers. The minimum requirements for a system should therefore be penalties for ISPs that fail to reach a certain accuracy in notifications, e.g. 1 in 10,000 notifications. The penalty needs to be substantial, for instance an ISP might lose the right to claim any eligible costs for the period affected.

Question 2
Do you think this is the right approach to the sharing of notification costs? If not, what should it be? Please give reasons and any supporting evidence.

We do not think this is a fair or workable approach. It will result in costs being passed to innocent Internet users. This is not reasonable, especially given the high costs of enforcement and the exaggerated claims of losses by rights holders.
ORG believes that the issuing of CIRs and the subsequent letters sent to subscribers will have a complicated and unpredictable set of effects. They may reduce copyright infringement, but will make no difference to the legal market. On their own they may even depress online revenues. They may create significant public concern over their online privacy and they may have a negative impact on the reputations of rights holders, particularly if new legal services are not widely promoted through large scale advertising campaigns.

Copyright enforcement will never have a direct relationship with the profitability of industries. Copyright infringement is likely to be encouraged by the industry’s success as more products distributed provides more opportunities to infringe. Add to this the exponential growth in data storage and data distribution and it becomes clear that growing legal revenues is the goal rather than reducing the incidents of infringements as such.

ORG does not accept the industry’s claim that it has lost £200m in sales in 20091 because of alleged copyright infringement. The idea that it would increase revenues by any significant amount due to a reduction in copyright infringement is incomprehensible. Current figures show that DVD sales and rentals were worth more than £2.5bn in 2008, an increase of almost 100 percent compared to 19992.

We agree with the assumption that the notification needs to be efficient and that rights holders have to give an estimate for the expected volume of CIRs.

Question 3
Do you think the 75:25 ratio is the correct one? If not, what should it be? Please give reasons and any supporting evidence.

Question 4
Do you think this is reasonable? Do you have an alternative formulation that addresses the issue in a more effective way? Please give reasons.

ORG cannot see a valid argument for ISPs to pay any costs at all. It is inevitable that ISPs will pass on these costs on to their customers, the vast majority of whom will never be accused of infringing copyright.

This would be grossly unfair and cannot be in the interest of consumer protection or indeed the Government’s desire for vastly increased access to the Internet.

Rights holders are the only beneficiaries if the measures are enforced. They need to be forced to judge whether these measures are really benefiting their businesses. They should therefore bear the full costs.

5iv Appeals

ORG strongly objects to the introduction of a fee for people who wish to appeal against a false accusation. We see several problems with this approach and question the Government’s justification for introducing a fee.

The key point that the Government should be considering now is to make this process as fair and legitimate as possible, especially given the controversy surrounding the Digital Economy Act’s rushed and last minute passage through Parliament. Imposing fees to access justice would be further evidence that the process is not designed to be fair or reasonable.

ORG would like to point out that the term “appeal” is misleading as the appeal is actually the first time the subscriber gets to state their case and thus the process should be considered not as an appeal but as an initial finding of fact.

The Government is worried about a ‘denial of service attack’. ORG thinks that is unlikely as it would only work if the rights holder issued a very high number of CIRs and ISPs then send a similar number of notifications. Appeals would be triggered by notification letters so the number of opportunities for appeals will be much smaller than the number of CIRs issued.

We must also note that if the data is incorrect there are serious data protection issues. A fee process might cause those receiving incorrect notifications to request their incorrect personal data is changed through a data protection complaint. This would be much harder to process and create a real ‘denial of service attack’ problem given the Information Commissioner’s Office (ICO) will be in no way set up for such a volume of complaints requiring specialist technical expertise.

Instead of the ‘no fee for subscriber’ and ‘modest fee’ proposals we would like to suggest another route.

Alternative option: No fee is charged but the independent body may choose to award costs against the appellant if they decide it was frivolous, or completely unjustified.

Under this option, only the cases that abuse the system would need to be considered. The same process should work in both directions with the tribunal able to award the ISP and appellants costs against the rights holder when the rights holder fails to provide proper evidence. There may even be a case (in both directions) for punitive fees to be levied where for example an rights holder makes a complaint but then fails to produce proper evidence or attend; and also against an ISP when a mistake is made – this would balance the ‘race to the bottom’ problem of the costing proposal.

Costs awarded against customers would still need to relate to the ability to pay.

We believe this option would be far fairer because it does not punish those less technically aware citizens who appeal and genuinely do not understand the technical implications. In these circumstances it may turn out that a relative or visitor infringed copyright. The option does deter and punish attempts to abuse the system, for instance if people offer no evidence, but this would reduce discrimination against groups such as the elderly.

Question 5
Do you think the broad 75:25 cost split should be used to apportion the cost of the regulator functions and appeals? If not, why not and how should they be funded?

Imposing costs on ISPs again will inevitably mean innocent customers paying for this process. Costs should be full borne by rights holders.

Question 6
Should subscribers have to pay a fee to access the appeals system? If so, at what level, and how should economically vulnerable people be protected? Please give reasons and any supporting evidence.

ORG recommends that any tribunal process is free for customers to access in order to ensure that
barriers are not created. As we have discussed frivolous appeals can be dealt with through awarding costs against them.

Access to the appeals process is fundamental to the scheme’s legitimacy. The scheme already suffers from the perception that legislation was rushed and is flawed and threatens fundamental rights. Attempts to restrict access to justice will exacerbate these perceptions and potentially undermine its acceptance.

The appeals process will also potentially be under strain as a result of the accuracy and volumes of CIRs. This will need to be handled carefully and with respect to customers if it is not to create a severe backlash.

Contrary to the Government’s assumption ORG believes that rights holders will make frivolous accusations of subscribers allegedly downloading files illegally. More fundamentally, we believe that the Government underestimates the volume of CIRs and subsequent notifications.

This situation could be addressed if rights holders had to agree a yearly volume and bear all costs of CIRs above that volume regardless. That would materially improve planning and roll out of the body by giving forward vision into the resource requirements.

Failure to provide a fair, accurate and controlled system will inevitably result in a backlash against both the rights holders and government which will do more harm than good to the creative industries. It will take only a single badly behaved rights holder to cause such a backlash so the process must be seen to be beyond reproach. ORG does not believe that a system that is seen to be fair can be achieved if a fee is automatically payable to appeal.

There also seems to be no serious penalty on a copyright owner for filing an incorrect CIR so little incentive not to simply generate them in large numbers.

Incorrect CIRs
We see two likely sources of error for CIRs.

Monitoring system
The monitoring system could incorrectly identify material. In principle this should not happen if best practice is followed and samples of the shared material are fetched. For example confusion should not arise between the clash of titles between “Hamlet” (the 1996 feature film), and “Hamlet”, a short film about the inhabitants of a small Norfolk village. When the latter one becomes a YouTube sensation, and it and further mashups of it appear on BitTorrent then large numbers of people could be incorrectly accused.

Although this may seem unlikely to occur, human error may cause it to. This is likely to generate a large number of complaints to random people, and repeated complaints to a few. If the people viewing the legally shared material are also sharing illegal material, it take some time until the error comes to light, except if the report says “You downloaded Hamlet, Director: Kenneth Branagh”.

The other type of error that the monitoring system could have is a timestamp error. The operator might set the system clock to 3/2/2011 rather than 2/3/2011 and generate date stamps a month out – or just send out CIRs which do not make the distinction apparent. Similar errors can occur with timezones. It is important to know if the time is UK time or European time and also whether daylight saving has or has not been applied. There is considerable scope for messing up daylight saving because US systems will change on different dates than UK ones.

Getting times an hour out is a pernicious error because most reports will be correct, as people do not change IP address regularly, but a handful will be incorrect and quite random innocent people will be accused.

ISP
The second source of error will be at the ISP. Timestamp errors can occur here, for exactly the same reasons to do with date formats and timezones. The other source of time error will be clock synchronisation. The monitoring systems are highly motivated to ensure that their reports have fraction-of-a-second accuracy, because their reputation and future business will depend on getting this right. The ISP has no particular need for accurate timestamps, since the data is only used, at present, for tracking down abuse (botnets, spam senders etc) and it is usually fairly obvious and feedback is rapid if a misidentification is made.

The other source of error is incomplete records. Logging systems may just break, but random data loss is also an issue. ISPs typically record the start and stop of online sessions using a system called RADIUS which generates UDP logging packets that are recorded in a database. Since UDP is used, packets can be lost and will not be retransmitted, making sessions appear longer than they should. In principle this should not matter if the system deduces the lack of a packet by the inconsistent appearance of a start/stop record from another customer. Experience suggests, however, that this is not always done. Best practice would be to require the stop and start packets to both be present, and to deem the session unidentifiable if either was missing. It is doubtful that this is widely implemented at present since the ISP, for their purposes, would be more interested in having a probable identification rather than no identification at all.

Overall, ORG believe that errors at the ISP are rather more likely. Automated systems, rather than the manual ones often used to deal with law enforcement enquiries, mean that the timestamp interpretation issues ought to be rarer.

But the basic question is what incentive there is on the ISP at the moment to have accurate logs, and the answer comes down to pride in their systems rather than any economic motive. Unless there are clear penalties, we can expect to see unsynchronised clocks and incomplete records – just as occurs from time to time today.

Legal Aid
If, however, the Government decides to introduce a fee for subscribers wishing to appeal against notifications, against ORG’s recommendations, legal aid must be made available to them.

6 General

Question 10
Does this process ensure that small copyright owners are able to access the system? If not, what alternative provisions could be made?

The process is useful in such cases because a small rights holder making a complaint against a large infringer (e.g. a large newspaper) will see the large infringer dispute the ownership and licensing, thus dragging every case into a full court. This can potentially happen in other cases as well.

About the Open Rights Group
The digital age is transforming society: bringing us greater democracy, transparency and new creative possibilities. When these freedoms are under attack, the Open Rights Group is there to defend them. Founded in 2005 by 1,000 digital activists, ORG has become the UK’s leading voice defending freedom of expression, privacy, innovation, consumer rights and creativity on the net.
Getting into the political trenches in the UK and EU, we mobilise our supporters to stop bad laws. Working closely with other campaign groups, we lobby government and talk to the media whenever our rights are threatened.

ORG is a non-profit company funded by donors.

We have a core staff backed by an Advisory Council and Board of Directors, stocked with technology experts and campaigners, as well as a wider network of campaigning volunteers.

—-

1 See BPI website http://www.bpi.co.uk/category/digital-music.aspx (as of 25 May 2010).

2 See guardian online: “Are downloads really killing the music industry? Or is it something else?”, 9 June 2009, http://www.guardian.co.uk/news/datablog/2009/jun/09/games-dvd-music-downloads-piracy and “Illegal downloads and dodgy figures”, 5 June 2009, http://www.guardian.co.uk/commentisfree/2009/jun/05/ben-goldacre-bad-science-music-downloads (both as of 21 May 2010).