Friday, October 23, 2009

French Constitutional Council accepts 3 strikes

From the NYT:
"France thrust itself into the vanguard of the global battle against digital piracy on Thursday, approving a plan to deny Internet access to people who illegally copy music and movies.
The country’s highest constitutional court approved a so-called three-strikes law after rejecting the key portions of an earlier version last spring. Supporters say they hope that France, by imposing the toughest measures yet in the battle against copyright theft, will set a precedent for other countries to follow."
The NYT link may expire shortly but the news is reported in a variety of outlets.

Wednesday, October 21, 2009

EU Parliament give up on Amendment 138

La Quadrature du Net are unhappy with the revised version of amendment 138 to the telecoms package agreed by the Council and representatives of the EU parliament.
"Yesterday, representatives of the European Parliament, an institution that ordinarily prides itself for protecting human rights at home and abroad, decided to surrender to the pressure exerted by Member States. The Parliament gave up on amendment 138, a provision adopted on two occasions by an 88% majority of the plenary assembly, and which aims at protecting citizens' freedom in the online world. Instead of ensuring that no restriction to Internet access would be imposed without the prior ruling of a judge, amendment 138 will instead be replaced by a weak provision1, that does not carry any new important safeguard for citizen's freedoms.
European Parliament, who regularly boasts itself about its credentials in the field of human rights, has endorsed the false idea that it had no power in protecting their constituents' rights under current rules. This decision was taken consciously by rapporteur Catherine Trautmann, in order not to risk a confrontation with the Council of EU and to quickly finish with the Telecoms Package. She, along with the rest of the Parliament delegation deliberately ignored existing texts and case law pointing to the fact that it had the competence to adopt the core principles of amendment 1382. They didn't even try to reword the original amendment in order to preserve its initial objective."
The revised wording arguably facilitates the implementation of 3 strikes regimes in member states. Ultimately, however, as Lilian Edwards has argued so eloquently in the past, the 3 strikes approach is incompatible with a range of international human rights instruments. Also, in the end, the public just won't wear it if significant numbers of people start getting their internet access routinely cut off for suspected copyright infringement.

UK government retreat on DNA retention

The Guardian reported on Monday that UK government "announced it is dropping current proposals to retain the DNA profiles of innocent people on the national database", despite a successful appeal by the police against an information tribunal ruling that data on old, minor convictions must be deleted from police computers.

Apparently retention proposals have been removed from the policing and crime bill currently making its way through parliament.  Given the twists and turns on this since The ECJ condemned the UK's fingerprint and DNA data retention policy in the S. and Marper v UK case last year, I doubt this announcement is likely to indicate a clear intention to comply with the ruling.  Indeed the Home Office announcement included a declaration of intent to include DNA retention proposals in the next policing and crime bill.  The dumping of the current proposals is likely to be more related to criticism from the Jill Dando Institute for Crime Science, which claimed the government was using its unfinished research inappropriately to justify 6 and 12 year retention, than any intent to fully implement the principles of the S. and Marper decision.

Monday, October 19, 2009

Fishenden: Utopian or dystopian UK

Jerry Fishenden has been wondering about whether we're creating a utopian or dystopian society in the UK.
"I'm not convinced how pervasive the understanding of these changes has become at the senior levels of policymaking. To understand the reality of what any political party will deliver once it is in power, we should look as much at what they say about the role of technology as we do their more overtly expressed political ambitions. Technology is no longer just an operational or administrative tool. It has become a lever of policymaking itself -- for good, or ill.
If we are to make an informed decision at the next election about the sort of future UK that we want to see develop, we need to learn how to decipher and interpret the various parties' technology policies. They can reveal as much about their underlying authoritarian or liberal philosophies as anything claimed in their more general manifesto pledges.
We will only fully understand the implications of their upcoming manifestoes -- and whether they will ultimately strengthen, or undermine, our liberal democracy -- when we also understand whether they plan to use technology to strengthen the role of the citizen or the state.
And whether they plan to place us all inside the panopticon, or to use technology to protect and strengthen our collective, democratic, common law values."

Report of an Inquiry by the All Party Parliamentary Communications Group

Report of an Inquiry by the All Party Parliamentary Communications Group, Can We Keep Our Hands of the Net is now available and gives lots of food for thought.  They come out categorically against a 3 strikes regime in paragraph 59 on page 12, for example.
"Question 1: “Bad Traffic”
12. The first of our questions was:
Can we distinguish circumstances when ISPs should be forced to act to deal
with some type of bad traffic? When should we insist that ISPs should not be
forced into dealing with a problem, and that the solution must be found
Botnets, spam and denial of service
13. When we formulated this question, we had in mind the type of issue that the Foundation
for Information Policy Research (FIPR) was concerned about. They argued that:
In the case of bad incoming traffic, such as spam, the markets have shown that they
can cope; most ISPs now offer spam filtering. The interesting market failure occurs
with bad outgoing traffic. For example, when end-user PCs are compromised and
used to send spam or distribute malware, medium-sized ISPs often take the trouble to
identify them and clean them up, as an ISP that emits a lot of spam can find its
peering relationships at risk. But large ISPs are under no such pressure, and thus
ignore infected machines; dealing with customers costs money. This failure will not
be fixed by technology, and will require regulatory action.
14. FIPR suggested that there should be either a regime of statutory fines, or a privateaction
alternative in the form of a statutory scale of damages – similar to the scheme
introduced by the EU to enable passengers whose flights are cancelled or overbooked to
get compensation. FIPR drew our attention to “Security Economics and European
Policy” a report they had written for the European Network and Information Security
Agency (ENISA) which set out this approach at greater length...
Mere Conduit
22. Andrew Cormack also drew attention to another type of disincentive for ISPs to
examine traffic:
It has been suggested that a hosting provider that attempts to detect infringing
material of any kind immediately acquires liability for all infringing material that
may be on their service, on the grounds that they have demonstrated some intent and
ability to edit and select content and are therefore no longer merely a hosting
provider but an editor. For providers that wish to remove inappropriate material
from their own services, but are aware that checking can never guarantee to detect
all problems, this potential liability can be a significant deterrent. We therefore
consider that the law needs to be clarified to ensure that a hosting service that detects
problems on its own service is in the same position as (or at least no worse than) a
service that waits to receive notice of the problems from others. Such a change would
encourage quicker removal of some types of inappropriate content
27. But to return to the general point that Andrew Cormack was making. The way in which
the “mere conduit” immunity is phrased, is that it is lost if the ISP “selects” or
“modifies” the information within a transmission. This was clearly intended to
distinguish between an organisation who generated traffic (who would not be immune
from action over what they generated), and those who just supplied the communication
pipes to carry the traffic (who would not be liable for carrying material they knew
nothing about).
28. However, this phrasing means that communication pipe suppliers who are attempting to
clean up traffic will lose their “mere conduit” immunity. Of course, this may not
immediately open up an ISP to legal action, since they may have other immunities they
can rely upon – but in such circumstances, the eCommerce Directive will not be of
assistance to them...
Illegal sharing of copyrighted material
30. Other “rightsholders”, the bodies representing the publishing, music and film industries,
had a rather different view of the extent to which “mere conduit” conferred immunity.
The Alliance Against IP Theft said:
The Committee, in its introduction to the inquiry, has suggested that ISPs have
“almost no legal liability for the traffic that passes across their networks”. We do
not believe that is strictly true with regards to copyright infringement. While ISPs
may point to the E-Commerce Directive, stating they are a “mere conduit”, rights
holders do not believe this defence is absolute. In addition, the Copyright Directive
allows copyright owners to seek injunctions, requiring ISPs to stop illegal activity on
their networks.

31. A typical view was that expressed by the British Recorded Music Industry (BPI):
Bad traffic” could arguably be used to describe the ubiquitous daily online
copyright infringement committed by peer to peer users, for two reasons.
First, it is a straightforward breach of the law for a person to upload (i.e. make
available) copyright material without the authorisation of the rightsholders.
Committing a strict liability offence in this way should not simply be ignored. […]
Secondly, the economic impact of this form of “bad traffic” on the creative sector is
highly damaging. Copyright infringement online leads directly to a loss of revenue to
the rightsholders, seriously threatening their viability as businesses, and impacting
on employment in the sector.

32. The rightsholders had a number of explanations as to why the ISPs were not prepared to
deal with what they saw as bad traffic. The Motion Picture Association told us:
One explanation for the current unwillingness of ISPs to cooperate could be a fear of
a competitive disadvantage flowing from actions to discourage “bad traffic”. This
argues for some degree of government intervention to ensure a level playing field,
perhaps in the form of a government-sanctioned enforceable Code of Practice
establishing a minimum standard of responsible behaviour.

33. The ISPs generally felt that asking them to act as a proxy for the rightsholders was
inappropriate. For example, T-Mobile told us:
It is unclear why T-Mobile should be expected or forced to bear the costs of
protecting a third-party’s rights.

34. TalkTalk drew our attention to other difficulties which occurred when ISPs got involved
in trying to prevent unlawful file sharing:
For instance, the current approach to identifying illegal filesharers is unreliable in
correctly identifying the perpetrator with the consequence that innocent parties are
sometimes identified. It is also easy for individuals illegally filesharing to avoid
detection by encrypting their traffic or hijacking someone else’s IP address or using
their wi-fi network. Similarly, site blocking is relatively simple to get around.

35. There were also concerns expressed about whether identifying people who accessed the
Internet via the mobile telephone networks would be possible at all. T-Mobile explained
that the way in which the mobile industry allocated IP addresses to customers caused
particular problems:
Whilst technical options are often viewed as a panacea the Group should be aware
that there are serious practical reasons why the measures proposed in the Digital
Britain interim report that work for fixed ISPs will not readily apply in a mobile
environment. In particular mobile operators cannot identify individual rights
infringers from public IP addresses alone with sufficient degree of confidence to
support taking action against customers.

36. TalkTalk went on to ask (and a great many other respondents made similar points about
new business models) if there were better policy options:
In many cases there will be other possible approaches to addressing the problem.
For instance, in the case of illegal filesharing, education, alternative business models
and limited court action make go a long way to addressing the issue. Any
consideration of whether an ISP should act must also consider what alternatives exist
and whether these would be more appropriate.

In principle, we see that there may be circumstances where it is appropriate for ISPs
to act [...] However, given the potential issues with other approaches, it is critical to
scrutinise and assess any potential initiative against these criteria.

37. Some people suggested that one way to approach file sharing was to ensure that people
paid appropriately for network usage, or – as the rightsholders have proposed – have
their traffic artificially slowed down if they use the Internet too “much”. As a policy
option, this will of course be more attractive to the film industry (where file sizes are
very large) rather than publishing, or the music industry, where files are relatively tiny...
Conclusions regarding Question 1
53. We agree with the view that was put to us that the current legal protections relating to
“hosting” and “mere conduit” are capable of having a counterproductive effect, in that
they may discourage some proactive approaches by ISPs.
54. We recognise that tidying up this area risks overlaying significant complexity over some
very simple principles. Nevertheless, we recommend that the Government revise the
law to enable ISPs to take proactive steps to detect and remove inappropriate
content from their services, without completely losing important legal immunities
which fit with their third party role in hosting and distributing content.
58. We conclude that much of the problem with illegal sharing of copyrighted material
has been caused by the rightsholders, and the music industry in particular, being
far too slow in getting their act together and making popular legal alternatives

59. We do not believe that disconnecting end users is in the slightest bit consistent with
policies that attempt to promote eGovernment, and we recommend that this
approach to dealing with illegal file-sharing should not be further considered.

60. We think that it is inappropriate to make policy choices in the UK when policy
options are still to be agreed by the EU Commission and EU Parliament in their
negotiations over the “Telecoms Package”. We recommend that the Government
terminate their current policy-making process, and restart it with a new
consultation once the EU has made its decisions.
 Apologies for the formatting but the original's worth a browse.

iTunes irritations

An iPod-loving but non-techie old friend is going on a long plane journey this week and decided to buy some audio books at iTunes to ease the boredom of the flight. Ok so she connects to iTunes buys the books and disconnects from the store.

Next she tries to transfer the books to her beloved iPod only to be faced with an error message saying her computer is "not authorized" to use the books, followed by a series of instructions on what she could do to "authorize" the computer.  Bear in mind that this is a computer she has for some time been regularly connecting to iTunes.

Faced with the terror of breaking her iPod and losing her content including her newly purchased audiobooks, she asks me to talk her through the authorisation process.  We click through the various steps and get the machine authorized again and get the whole process rounded off with a message saying this is the second of her quota of five computers to use on iTunes.  It reads like a '2 down, only 3 to go' warning... the clock is ticking on that collection of music, games, books, podcasts etc. and the great remote iTunes monster in the internet ether will determine how long more you are worthy of retaining access to that lovingly compiled (and somewhat expensive) collection you have assembled over the working life of your iconic personal media player.

How has the primary commercial outlet for digital content become so dysfunctional?  A commercial outlet controlled by a tech company which essentially had no connection with the music industry 10 years ago, for example.  Can you imagine in the 1970s buying an LP, bringing it home, sticking it on a record player only to be faced with a message saying that record player is "not authorised"? Then being instructed to ask the permission of the store you bought the record at to play it on your own machine?  And finally being told by the store clerk, having  graciously granted said permission, if you have jumped through the required hoops to their satisfaction, that you've had two written warnings about the equipment you use in the comfort of your own home and you better watch it because you only get three more chances before you're not allowed to play your records any more.  Likewise with audiobooks on cassette or CDs in the 1980s or 1990s?

The online music industry is potentially enormous but the current obsession with micro control of access and use and monetizing everything on a 'per click' basis is killing it; (there was another report last week of a 15% drop in CD sales).  The music industry is terrific at finding popular talent and selling it to the masses.  It is also terrific at drawing attention to the talent it has to sell. As Tim O'Reilly says, on the internet the problem is not piracy, it's grabbing attention for long enough and getting noticed. The music industry hasn't yet managed to transfer their core competences into the Internet age, partly because one of its prior key competitive edges - control of the distribution chain - has gone and they are still mourning that loss, and partly because they are so heavily focussed on controlling the new reality with stronger laws and what some critics call 'broken technology' or built-in technological measures like drm. Apple is the main current commercial outlet for its music because Apple was the tech company with the iPod that the music industry turned to in its hour of need.

No one has 'cracked' the blue chip business model for online content yet but it will have to include:
  • reasonable pricing
  • ease of use
  • convenience
  • guaranteed quality (including security, lack of malware etc.)
  • consumer ownership and control
  • jettisoning of drm and the 'monetizing every click' mindset
But the business model will get sorted out, competition will ensue and the online content business may well be bigger than it's pre-internet cousins.  Existing content owners do have a big part to play in that new landscape as do the current and future innovators like Apple.  But can we get there sooner rather than later please?  Much though I enjoy unexpected calls from old friends, I'd rather the incentive for the call was not because that friend, who had actively sought out and paid for legitimate content, was concerned they were about to break their computer/iPod or their future incarnations with precisely that legitimate content.  I know all the concerns about 'how are we supposed to compete with free' and the complex nature of the IP landscape still undergoing an upheaval of earthquake proportions etc. but remember convenience, quality and reasonable prices beat free every time. So:

Convenience + quality + reasonable price + consumer control = the killer business model