'No cutting off people's internet based on secret evidence'

Consumer group calls for MPAA to publish its methods

High performance access to file storage

Ofcom should force rights-holders into publishing most of the details about how their systems for identifying cases of online copyright infringement work, a consumer watchdog has said.

In a letter (6-page/1.71MB PDF) to the Motion Picture Association of America (MPAA), Consumer Focus said that it would seek "full transparency in relation to how evidence is gathered" so that internet subscribers would be able to challenge allegations that they have infringed rights-holders' copyrights under planned new anti-piracy procedures being developed by Ofcom.

The MPAA represents the six major film studios: Walt Disney, Paramount, Sony, Twentieth Century Fox, Universal and Warner Bros.

Consumer Focus acknowledged that while a "handful of details" such as the IP address of the monitoring systems rights-holders use to identify infringers should "remain confidential", it said it would not be justified for rights-holders not to publish the remaining details about its evidence gathering processes.

"We received legal advice that it would be contrary to principles of natural justice if internet subscribers would have to second guess the evidence on the basis of which they are accused of copyright infringement," Consumer Focus chief executive Mike O'Connor CBE said in a letter to the MPAA.

O'Connor added that those accused of infringement should have "access to the same evidence" copyright holders have used to determine cases against them and that this information should include "the evidence gathering process used".

"As a matter of principle Consumer Focus cannot accept that UK consumers should be accused of copyright infringement on the basis of secret evidence, or that consumers should be subject to enforcement actions, such as the disconnection of internet access, on the basis of secret evidence."

Under the UK's Digital Economy Act, Ofcom is obliged to draw up an anti-piracy code setting out how internet service providers (ISPs) should assist rights-holders in tackling alleged illegal filesharers. Ofcom published its latest proposed code in June.

Under the revised proposals ISPs would issue "standard form" notifications to customers on the basis of evidence of alleged online copyright infringement gathered by rights-holder groups and compiled in a 'copyright infringement report' (CIR). The evidence gathering procedures must be approved by Ofcom.

ISPs that issue subscribers with three letters within the space of a year would add the anonymous details of those customers to a 'copyright infringement list'. Rights-holders would be able to request access to the list each month and could seek a court order obliging the ISPs to disclose the identity of the suspected infringers so that they can take legal action against them under the Copyright, Designs and Patents Act.

Under Ofcom's plans suspected infringers would generally have 20 working days to challenge warning letters from the moment they receive them. An "independent appeals body" will be appointed by the regulator to deal with the cases, although the suspected infringers would have to pay a refundable £20 fee to have their appeals heard.

One of the grounds of appeal is that "the copyright infringement report did not relate to the subscriber’s IP address at the time of the apparent infringement."

Consumer Focus said that the "dynamic allocation of IP addresses by ISPs" means that rights-holders must ensure that they accurately record the time of an alleged infringement. If the time is not recorded correctly, internet subscribers may be wrongly accused of infringing copyright because ISPs would match IP addresses reported to it to the wrong people, it said.

In 2008 the top six UK ISPs were issued with 13,711 'copyright infringement reports' from the MPAA and BPI, a UK music industry representative body, under the terms of an agreement that saw the ISPs voluntarily issue subscribers with notifications detailing their alleged infringements. However, O'Connor said that 16% of the reports ISPs received were not based on "valid" IP addresses and said the error rate should have "triggered an investigation into the cause of this error".

"There may be a systemic error, and in such a case all other IP addresses harvested in the same batch should be considered unreliable as well." O'Connor said.

"It is anticipated that under the Digital Economy Act 2010 up to 2 million 'copyright infringement reports' may be submitted by the MPAA and BPI ... every year," he added. "Even a small margin of error would be significant, and tens of thousands of internet subscribers could be wrongly identified by ISPs on the basis of your evidence and accused of copyright infringement."

Consumer Focus's letter relied heavily on the views submitted to it by academic and security expert Dr Richard Clayton of Cambridge University. Both the watchdog and Dr Clayton had met with the MPAA which made a presentation outlining the "automated monitoring system" it relies upon to identify cases of online piracy.

In a letter (4-page/26KB PDF) to Consumer Focus, Dr Clayton outlined his concerns with a monitoring system based purely on automatic processes.

"Although we were told that identification of copyright material owned by MPAA members (eg, films) involved a manual process, Mr Kiaron Whitehead, General Counsel of the British Recorded Music Industry (BPI), who also attended the meeting told us that for music it was common to use automated identification systems – doubtless based on the type of signal processing technology that is used in products such as those marketed by Audible Magic," Dr Clayton said in his letter. "Unfortunately, recent events have shown that fully automated systems can make patently incorrect decisions... Therefore, I would be concerned to learn that automated systems were not supplemented by manual checks."

Dr Clayton said that he had not seen "any real details" of how the MPAA ensure that "timestamps" were "accurate" and "whether there were regular checks on automated parts of the system to ensure that they were still functioning correctly". He said it was "essential" that the monitoring system designs are "independently reviewed" and that the public be given a chance to understand "how they work".

Peter Bradwell of digital rights campaigners the Open Rights Group (ORG) said: "Getting the evidence gathering process right is important to make sure that subscribers are not wrongly sent letters, and then forced to pay £20 to prove their innocence."

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Nokia offers 'voluntary retirement' to 6,000+ Indian employees
India's 'predictability and stability' cited as mobe-maker's tax payment deadline nears
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Adrian Mole author Sue Townsend dies at 68
RIP Blighty's best-selling author of the 1980s
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Analysts: Bright future for smartphones, tablets, wearables
There's plenty of good money to be made if you stay out of the PC market
prev story


Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.