… I don’t care if you want to attempt to stop people from copying your work over the internet, or if you plan on building a business around this idea. I mean, it sounds daft to me, but I’ve been surprised before.
But here’s what I do care about. I care if your plan involves using “digital rights management” technologies that prohibit people from opening up and improving their own property; if your plan requires that online services censor their user submissions; if your plan involves disconnecting whole families from the internet because they are accused of infringement; if your plan involves bulk surveillance of the internet to catch infringers, if your plan requires extraordinarily complex legislation to be shoved through parliament without democratic debate; if your plan prohibits me from keeping online videos of my personal life private because you won’t be able to catch infringers if you can’t spy on every video.
Adrian Weckler has published a copy of the intended notification to be issued by eircom to its customers when accused of unlawful filesharing by the Irish recording industry (represented by IRMA). It is, as warning letters go, extremely polite.
I mentioned last month that this “three strikes” system agreed between IRMA and eircom was approved by the High Court (for data protection purposes) on the basis that IRMA would not know “that the infringer is a particular person living in a particular place in Ireland”. In fact, Charleton J. said that all IRMA will “know is that a particular IP address has been involved in the downloading.” However, it appears that DtecNet, who will collect IP addresses for IRMA, has the capability to collect more information than just IP addresses. Whether such capabilites are to be used as part of the IRMA/eircom system is not known.
My suspicions were raised by eircom’s statement on their website that IRMA will send notifications to eircom “containing among other things the IP addresses of individuals”. Such suspicions could be unfounded; for example, IRMA might be sending eircom a list of shared files along with the IP addresses and that information might not be personal data.
However, the template letter reproduced by Adrian says:
Some of the details of the notification supplied by IRMA are set out below …
Is it not strange that eircom repeatedly notes that IRMA will be supplying them with more details than are apparently necessary for the purposes of the three strikes system.
The graduated response system to tackle unlawful filesharing online, agreed as part of an out-of-court settlement between the Irish recording industry and eircom, was approved by the Irish High Court last month. Mr. Justice Charleton’s judgment concluded that the “parties can … lawfully proceed to implement the settlement”, though his judgment relates only to the specific question of compatibility with the Data Protection Acts 1988 and 2003.
eircom has now implemented the graduated response system on a pilot basis and details are available on its website. The FAQs say that IRMA will supply eircom with IP addresses which eircom will match to its customers, who will then receive warnings about alleged unlawful downloading. If warnings are ignored, service may be suspended for 7 days and the customer will not be charged for those 7 days of lost service. On a subsequent alleged infringement, service will be withdrawn for 12 months. If a customer disputes an allegation that their service has been used for unlawful downloading, they can appeal to the eircom, who “will consider all customer appeals on a case by case basis.”
The concerns about graduated response primarily arise out of disconnection on the basis of complaint, rather than court order, and that the sanction affects an entire household, rather than the individual alleged infringer. The latter point has gathered steam as the internet has taken on utility status. IRMA’s attitude to this is clear:
The European Parliament has been talking about internet access as a basic human right. It absolutely is not.
Dick Doyle, IRMA Director General
eircom emphasises that customer data will not be shared by eircom with any other party.
Under no circumstances will eircom be handing over customer details to any third party.
It is also stated that eircom won’t monitor network usage and that “[t]here are strict privacy laws that prohibit eircom from monitoring the online activities of individual customers.” Monitoring will be done by DtecNet on behalf of IRMA.
IRMA will send eircom notifications containing among other things the IP addresses of individuals they have detected as engaging in illegal file sharing in breach of copyright.
One wonders what those “other things” might be. Charleton J. said:
Neither DtecNet, or any similar service of detection, nor any of the plaintiffs whose copyright material is being infringed would ever know through this process that the infringer is a particular person living in a particular place in Ireland. What they do know is that a particular IP address has been involved in the downloading.
DtecNet’s solutions will automatically secure evidence against the infringer(s) and generate Cease & Desist letters that can be sent to the infringer(s) asking for immediate removal of the content.
This is a capability of their systems, not a detail of the IRMA/eircom agreement. But nevertheless, it appears that IRMA may be capable of gathering more than just IP addresses of alleged infringers. eircom might not share customer data with any other party, but it is not clear what data will be shared with it.