Feeds

'No cutting off people's internet based on secret evidence'

Consumer group calls for MPAA to publish its methods

Security for virtualized datacentres

Ofcom should force rights-holders into publishing most of the details about how their systems for identifying cases of online copyright infringement work, a consumer watchdog has said.

In a letter (6-page/1.71MB PDF) to the Motion Picture Association of America (MPAA), Consumer Focus said that it would seek "full transparency in relation to how evidence is gathered" so that internet subscribers would be able to challenge allegations that they have infringed rights-holders' copyrights under planned new anti-piracy procedures being developed by Ofcom.

The MPAA represents the six major film studios: Walt Disney, Paramount, Sony, Twentieth Century Fox, Universal and Warner Bros.

Consumer Focus acknowledged that while a "handful of details" such as the IP address of the monitoring systems rights-holders use to identify infringers should "remain confidential", it said it would not be justified for rights-holders not to publish the remaining details about its evidence gathering processes.

"We received legal advice that it would be contrary to principles of natural justice if internet subscribers would have to second guess the evidence on the basis of which they are accused of copyright infringement," Consumer Focus chief executive Mike O'Connor CBE said in a letter to the MPAA.

O'Connor added that those accused of infringement should have "access to the same evidence" copyright holders have used to determine cases against them and that this information should include "the evidence gathering process used".

"As a matter of principle Consumer Focus cannot accept that UK consumers should be accused of copyright infringement on the basis of secret evidence, or that consumers should be subject to enforcement actions, such as the disconnection of internet access, on the basis of secret evidence."

Under the UK's Digital Economy Act, Ofcom is obliged to draw up an anti-piracy code setting out how internet service providers (ISPs) should assist rights-holders in tackling alleged illegal filesharers. Ofcom published its latest proposed code in June.

Under the revised proposals ISPs would issue "standard form" notifications to customers on the basis of evidence of alleged online copyright infringement gathered by rights-holder groups and compiled in a 'copyright infringement report' (CIR). The evidence gathering procedures must be approved by Ofcom.

ISPs that issue subscribers with three letters within the space of a year would add the anonymous details of those customers to a 'copyright infringement list'. Rights-holders would be able to request access to the list each month and could seek a court order obliging the ISPs to disclose the identity of the suspected infringers so that they can take legal action against them under the Copyright, Designs and Patents Act.

Under Ofcom's plans suspected infringers would generally have 20 working days to challenge warning letters from the moment they receive them. An "independent appeals body" will be appointed by the regulator to deal with the cases, although the suspected infringers would have to pay a refundable £20 fee to have their appeals heard.

One of the grounds of appeal is that "the copyright infringement report did not relate to the subscriber’s IP address at the time of the apparent infringement."

Consumer Focus said that the "dynamic allocation of IP addresses by ISPs" means that rights-holders must ensure that they accurately record the time of an alleged infringement. If the time is not recorded correctly, internet subscribers may be wrongly accused of infringing copyright because ISPs would match IP addresses reported to it to the wrong people, it said.

In 2008 the top six UK ISPs were issued with 13,711 'copyright infringement reports' from the MPAA and BPI, a UK music industry representative body, under the terms of an agreement that saw the ISPs voluntarily issue subscribers with notifications detailing their alleged infringements. However, O'Connor said that 16% of the reports ISPs received were not based on "valid" IP addresses and said the error rate should have "triggered an investigation into the cause of this error".

"There may be a systemic error, and in such a case all other IP addresses harvested in the same batch should be considered unreliable as well." O'Connor said.

"It is anticipated that under the Digital Economy Act 2010 up to 2 million 'copyright infringement reports' may be submitted by the MPAA and BPI ... every year," he added. "Even a small margin of error would be significant, and tens of thousands of internet subscribers could be wrongly identified by ISPs on the basis of your evidence and accused of copyright infringement."

Consumer Focus's letter relied heavily on the views submitted to it by academic and security expert Dr Richard Clayton of Cambridge University. Both the watchdog and Dr Clayton had met with the MPAA which made a presentation outlining the "automated monitoring system" it relies upon to identify cases of online piracy.

In a letter (4-page/26KB PDF) to Consumer Focus, Dr Clayton outlined his concerns with a monitoring system based purely on automatic processes.

"Although we were told that identification of copyright material owned by MPAA members (eg, films) involved a manual process, Mr Kiaron Whitehead, General Counsel of the British Recorded Music Industry (BPI), who also attended the meeting told us that for music it was common to use automated identification systems – doubtless based on the type of signal processing technology that is used in products such as those marketed by Audible Magic," Dr Clayton said in his letter. "Unfortunately, recent events have shown that fully automated systems can make patently incorrect decisions... Therefore, I would be concerned to learn that automated systems were not supplemented by manual checks."

Dr Clayton said that he had not seen "any real details" of how the MPAA ensure that "timestamps" were "accurate" and "whether there were regular checks on automated parts of the system to ensure that they were still functioning correctly". He said it was "essential" that the monitoring system designs are "independently reviewed" and that the public be given a chance to understand "how they work".

Peter Bradwell of digital rights campaigners the Open Rights Group (ORG) said: "Getting the evidence gathering process right is important to make sure that subscribers are not wrongly sent letters, and then forced to pay £20 to prove their innocence."

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

New hybrid storage solutions

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.