'No cutting off people's internet based on secret evidence'

Consumer group calls for MPAA to publish its methods

Top three mobile application threats

Ofcom should force rights-holders into publishing most of the details about how their systems for identifying cases of online copyright infringement work, a consumer watchdog has said.

In a letter (6-page/1.71MB PDF) to the Motion Picture Association of America (MPAA), Consumer Focus said that it would seek "full transparency in relation to how evidence is gathered" so that internet subscribers would be able to challenge allegations that they have infringed rights-holders' copyrights under planned new anti-piracy procedures being developed by Ofcom.

The MPAA represents the six major film studios: Walt Disney, Paramount, Sony, Twentieth Century Fox, Universal and Warner Bros.

Consumer Focus acknowledged that while a "handful of details" such as the IP address of the monitoring systems rights-holders use to identify infringers should "remain confidential", it said it would not be justified for rights-holders not to publish the remaining details about its evidence gathering processes.

"We received legal advice that it would be contrary to principles of natural justice if internet subscribers would have to second guess the evidence on the basis of which they are accused of copyright infringement," Consumer Focus chief executive Mike O'Connor CBE said in a letter to the MPAA.

O'Connor added that those accused of infringement should have "access to the same evidence" copyright holders have used to determine cases against them and that this information should include "the evidence gathering process used".

"As a matter of principle Consumer Focus cannot accept that UK consumers should be accused of copyright infringement on the basis of secret evidence, or that consumers should be subject to enforcement actions, such as the disconnection of internet access, on the basis of secret evidence."

Under the UK's Digital Economy Act, Ofcom is obliged to draw up an anti-piracy code setting out how internet service providers (ISPs) should assist rights-holders in tackling alleged illegal filesharers. Ofcom published its latest proposed code in June.

Under the revised proposals ISPs would issue "standard form" notifications to customers on the basis of evidence of alleged online copyright infringement gathered by rights-holder groups and compiled in a 'copyright infringement report' (CIR). The evidence gathering procedures must be approved by Ofcom.

ISPs that issue subscribers with three letters within the space of a year would add the anonymous details of those customers to a 'copyright infringement list'. Rights-holders would be able to request access to the list each month and could seek a court order obliging the ISPs to disclose the identity of the suspected infringers so that they can take legal action against them under the Copyright, Designs and Patents Act.

Under Ofcom's plans suspected infringers would generally have 20 working days to challenge warning letters from the moment they receive them. An "independent appeals body" will be appointed by the regulator to deal with the cases, although the suspected infringers would have to pay a refundable £20 fee to have their appeals heard.

One of the grounds of appeal is that "the copyright infringement report did not relate to the subscriber’s IP address at the time of the apparent infringement."

Consumer Focus said that the "dynamic allocation of IP addresses by ISPs" means that rights-holders must ensure that they accurately record the time of an alleged infringement. If the time is not recorded correctly, internet subscribers may be wrongly accused of infringing copyright because ISPs would match IP addresses reported to it to the wrong people, it said.

In 2008 the top six UK ISPs were issued with 13,711 'copyright infringement reports' from the MPAA and BPI, a UK music industry representative body, under the terms of an agreement that saw the ISPs voluntarily issue subscribers with notifications detailing their alleged infringements. However, O'Connor said that 16% of the reports ISPs received were not based on "valid" IP addresses and said the error rate should have "triggered an investigation into the cause of this error".

"There may be a systemic error, and in such a case all other IP addresses harvested in the same batch should be considered unreliable as well." O'Connor said.

"It is anticipated that under the Digital Economy Act 2010 up to 2 million 'copyright infringement reports' may be submitted by the MPAA and BPI ... every year," he added. "Even a small margin of error would be significant, and tens of thousands of internet subscribers could be wrongly identified by ISPs on the basis of your evidence and accused of copyright infringement."

Consumer Focus's letter relied heavily on the views submitted to it by academic and security expert Dr Richard Clayton of Cambridge University. Both the watchdog and Dr Clayton had met with the MPAA which made a presentation outlining the "automated monitoring system" it relies upon to identify cases of online piracy.

In a letter (4-page/26KB PDF) to Consumer Focus, Dr Clayton outlined his concerns with a monitoring system based purely on automatic processes.

"Although we were told that identification of copyright material owned by MPAA members (eg, films) involved a manual process, Mr Kiaron Whitehead, General Counsel of the British Recorded Music Industry (BPI), who also attended the meeting told us that for music it was common to use automated identification systems – doubtless based on the type of signal processing technology that is used in products such as those marketed by Audible Magic," Dr Clayton said in his letter. "Unfortunately, recent events have shown that fully automated systems can make patently incorrect decisions... Therefore, I would be concerned to learn that automated systems were not supplemented by manual checks."

Dr Clayton said that he had not seen "any real details" of how the MPAA ensure that "timestamps" were "accurate" and "whether there were regular checks on automated parts of the system to ensure that they were still functioning correctly". He said it was "essential" that the monitoring system designs are "independently reviewed" and that the public be given a chance to understand "how they work".

Peter Bradwell of digital rights campaigners the Open Rights Group (ORG) said: "Getting the evidence gathering process right is important to make sure that subscribers are not wrongly sent letters, and then forced to pay £20 to prove their innocence."

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

The Essential Guide to IT Transformation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
Phone egg, meet desktop chicken - your mother
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story


Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.