On February 28th here in balmy NZ the amendments to section 92 of the Copyright act will come into effect.
This has some interesting implications, but the general gist of it is this: ISPs are now required to deal with people who infringe copyright, with multiple infringements resulting in that users account being terminated.
That sentence is of course rather vague (summarising has that effect). What isn’t talked about is:
- What’s an ISP?
- How does one ‘deal’ with these people?
- What is copyright infringement, who says it is?
- Multiple infringements?, how many, what if they are disputed?
Some of this is covered in the amendment, some of it is covered elsewhere and some of it is left up to the discretion of the ISPs.
This vagary has raised the concern of many, as they worry that ISPs will– inundated with copyright violation claims– do the simplest thing possible. Assume guilt and cancel accounts.
Some choicer quotes from the previous link:
It is easier for ISPs, Internet Service Providers, to cut off anyone who might be breaking the law
Already, TelstraClear’s head of corporate services, Matthew Bolland, has stated that from 1 November 2008, TelstraClear are taking down websites upon a single accusation of copyright breach: “We don’t check or verify,” he says “We take it down.” ISPs like TelstraClear do not and cannot identify copyright infringement which is why this law forces them to take actions such as these.
So, like, fuck. That sucks dude.
But, all is not completely lost. There is a code of conduct(externally hosted link) that has been put forward by the TCF and sanctioned by Orcon which lays out some ground rules that ISPs can follow.
This is an invaluable resource, both because it allows ISPs to have similar policies surrounding the changes and because it allows consumers to know where we stand.
It’s also a fucking pain to read, because it’s that wonderful legal-speak which is nearly impossible to comprehend, especially late at night in a humid room after a day of battling IE issues.
Some interesting facts:
- Notices sent to users are called ‘Education Notices’.
- If you dispute any of these edu-notes they become ‘Disputed Education Notices’.
- At the end of each month users who have one or more edu-notes get sent a letter outlining their situation.
- These edu-notes last for 18 months before being discarded.
- Copyright holders must get these out no later than one month after the alleged transgression.
- Users can decide to dispute these for 3 months after they have been declared.
- Once you have three edu-notes in three different months you get a Final Warning, and any more violations will have your account terminated within 48 hrs of the violation.
This is interesting for a couple of reasons:
- They need to be in three separate months, which means you can’t get swamped at the very start and have no time to react.
- There needs to be three edu-notes, not disputed ones. Which means if you dispute any of your notes they become invalid in the context of termination.
The definition of ISP is also an intereting one. An ‘ISP’ is not necessarily the likes of Slingshot or Orcon. Legally, an ISP is an entity that provides the inter-tubes to other people. Your workplace is an ISP, as are schools, libraries and Internet cafes.
These are called ‘downstream ISPs’ and it’s a useful distinction to have from users. While repeat-infringing users have their accounts terminated, downstream ISPs do not:
Downstream ISPs should not have their Internet Accounts terminated, since by doing so, a Party will inevitably terminate the Internet Accounts of Users who are not involved whatsoever in the Infringement, which would be inappropriate and unacceptable.
However:
Where a Party is unsure whether the person that is the subject of a Copyright Holder Notice is a User or a Downstream ISP, it shall treat them as a User.
There are also a few hoops for copyright holders to jump through before they make their claim. They have to provide information as to:
- Method used for detection of alleged Infringement i.e. software used
- Full details of how the evidence was collected.
- Individual responsible for detection and their contact details.
As well as:
- Type of infringed copyright work(s) e.g. sound recording, software
- Title of copyright work(s) e.g. name / artist / version
- File Name of infringed copyright work(s)
… and so on.
Presumably at this stage the ISP can then take that information and confirm whether this actually took place. This is the tricky bit, since ISPs don’t generally keep the best logs (too much data) and, as Telstra said above, it’s easier to just assume it’s true.
I say presumably because it’s not that clear. The guidelines do say:
Users are to be considered innocent until an ISP has reason to believe, based on evidence that would be acceptable to a Court, that a User is a Repeat Infringer. To avoid doubt, the fact that a User is considered to be a Repeat Infringer under this Code and is subject to any consequent sanction does not prevent that User applying to a Court for an order otherwise and the Party in question agrees that it will abide by any order of a Court in those circumstances.
So what does all this mean? It still looks like a bit of cluster-fuck, but at the very least you can’t get gangbanged (what is up with me in this paragraph?) in the first month and lose the tubes completely, but the whole thing still worries me.
There appears to be no indication of what happens after your account gets terminated for example. Can you create a new account? Are you forever banned from that ISP? Are you forever banned from every ISP? The prospect of that last one is enough to worry the crap out of me.
While there is the option of taking a more proactive approach I’m doubtful it will help. The bill has gone through and comes into effect in a few short weeks.
We can only hope it’s such a fuck-up that it will be repealed.
Somehow though, that doesn’t seem likely. It has been pushed through with the might of the entertainment industry behind it and tremendious support from the left and the right of Parliament. Everyone seems to be for it.
Except you know, any real person you talk to. Or any ISP. Or any downstream ISP.
But those people don’t make the rules, now do they 
8 Comments
Obvious solutions: a) Copyright Is Damage; Route Around It – with more countries moving to this style of ‘graduated response’ enforcement, the pressure on networks to evolve will increase. Distributed reputation tracking and traitor-tracing schemes have been talked about in the literature for awhile now; we might see some of them in the wild. Excite! Anyway; in the limit, math wins; strong encryption >> you all[1]. b) Everyone’s A Downstream ISP – this loophole looks about big enough to sail an open urban WiFi mesh network through. c) Social Response – if a critical mass of pissed-off users form, we might see some kind of *CLU-inspired litigation. I don’t really care about this though; it’s outside my purview[2].
[1] Until the State starts with the rubber-hose cryptanalysis! [2] “Code is the law, and the whole of the law.”
It is up to the discretion of the actual ISP whether you are or aren’t– the guide says when in doubt you’re a user, but it’s a guide after all.
I do remember reading about someone who managed to get one of his ’strikes’ (presumably his only one) revoked by claiming that he ran an insecure wireless network and it could have been anyone.
While it’s a nice fantasy (it wasn’t me judge, all wireless is insecure! they must have spoofed an approved MAC address!) It could potentially be about as convincing as proving that you lost your keys and someone broke into your home and used your computer.
In a court of law, you would have the privilege of teaching the jury and the judge (who are always, *always* old luddites) about this technology so they can understand why it wasn’t you as well as find a lawyer (also generally old) who understands it, with enough knowledge to actually argue the point.
Of course, you’re not in a court of law and so even that privilege is not yours. You’re at the mercy of ISPs who are probably overworked (imo they lose money every time this happens; the ‘processing fee’ won’t cover their cost, esp since people may generally buy less bandwidth) and while you can raise it to that level, you’ve already spent more money than you would care to anyway.
Uh, given the stated terms, it’s not up to the ISP. If you’re an exit node for a WiFi mesh network, you’re providing internet access to others. If you provide internet access to others, you are by definition a Downstream ISP. And if you’re a Downstream ISP, you are in the clear (C.4.9)…
The “at the mercy of the ISP” bit is G.32, where they reserve the right to fuck your day for any or no reason – ha ha, “reasonably considers”. The Court is only relevant to my option c, as this Code of Practice is not legally binding.
Ooh, speaking of legislation: You know those “thou shalt not reverse-engineer nor modify this software on pain of death” EULA clauses? Explicitly annulled and voided.
Well, those stated terms you are quoting are afaik guidelines, but more importantly– congratulations, you’re a downstream ISP. Which means you now have to implement those stated terms. This means you have to put a system in place whereby you log user traffic and can respond correctly (as defined by section 92) to copyright infringement notices.
The only advantage of the downstream ISP concept is not that people with wifi attached to their Internet connection can claim that someone else did the whatever, it’s that actual Internet providers (schools, workplaces, libraries etc) don’t get their account banned (thus removing Internet access for the majority of users who didn’t break the law) after 3 random users out of potentially thousands download an episode of House.
Interesting. The condition being:
As in, interop?
Which must be implemented on pain of censure (section K).
No. Signing on to the Code is purely voluntary on your part, as a downstream ISP.
This. You’d probably have to 92A-protect yourself, perhaps via some kind of encrypted forwarding a la TOR. Adding overhead to obviate legal interference? Get these politards off my internet.
Personally what worries me more is 92C – anyone can get anything they dislike removed from New Zealand hosts by asserting spurious claims of copyright; there’s no counter-notice provision in the Act (even the DMCA had this, iirc).
Operating systems are programs amirite?
No, that’s (section K, 51-56) if you ignore copyright infringment notices, not if you follow this guide. WRT following the guide (emphasis mine):
So no, this guide is totally optional.
Of course it’s optional – but I expect the big providers to sign on, given they were involved in its drafting.
Section K deals with any complaints of breaches of the Code of Practice – not just ignoring infringement notices; it’d include things like ignoring counter-notices, treating Downstream ISPs as Users when there’s no ambiguity, et cetera.
TL;DR – your upstream is probably going to follow this; as a downstream, you may not (but you may well have issues with Section 92A and/or ISP ‘discretion’).
A wireless mesh network with onion routing at the link layer would probably be the best workaround (especially if most nodes in the network were potential gateways). This is an interesting example of such a scheme; note that it would require extension to deal with multiple exit nodes, as the gateway also serves as a trusted CA.