Tag: telecommunications

Graduated response now de facto law in Ireland

[Updates at end] The Irish record industry, like its international siblings, has given up pursuing individuals in its war on filesharing and is focusing instead on the use of “three strikes” disconnection, sometimes referred to as graduated response. This involves a rightsholder, usually a record label or movie studio, notifying an ISP that it believes a particular IP address has been used for unlawful downloading of copyright material. On the third complaint, the ISP disconnects the user of that IP address.

The Irish industry took a test case against the biggest Irish ISP (EMI & ors v. eircom) for allowing its network to be used for unlawful downloading and the proceedings resulted in a settlement whereby eircom agreed to introduce a graduated response system.

The graduated response is to be introduced into UK law as part of the recently passed Digital Economy Act 2010. In that jurisdiction, it was subject to scrutiny, debate and critique by academics and commentators, which might not constitute scrutiny at all given that it sailed through Parliament. In Ireland, it is creeping in by private agreement between the main players (a development which is not unusual in Ireland).

The settlement between the industry and eircom had to be revisited in the High Court to determine its compatibility with the Data Protection Acts 1988 and 2003 and Mr. Justice Charleton delivered his judgment last week, concluding that the system can lawfully be implemented.

Professor Lillian Edwards said the following of the proposed UK system:

All a rightsholder need do, as presently laid out, is provide an IP address and time stamp of an alleged infringer to an ISP, and say that “ it appears to [them that ] a subscriber .. has infringed the owner’s copyright”. There is no requirement this belief be objectively reasonable. Nor is there any apparent sanction for malicious, or even simply careless or reckless allegations. Recent experience with the RIAA and BPI has shown that allegations made after IP address tracking at P2P sites often turn out to be wrong and that collecting IP addresses from P2P honeypots is a non-trivial exercise ; so the issue of liability for erroneous accusations is an important one. Libel, malicious falsehood and data protection laws may offer remedies for the falsely accused; but there is no mention of such in the Bill itself (so far), nor of any reasonable duty of care. In other words, all the power is given to rightsholders, and none of the responsibility. (My emphasis)

In his judgment, Charleton J. explains the eircom system as follows and Professor Edward’s comments would appear equally applicable:

Under the terms of the settlement, these companies tell the plaintiffs that a particular computer has been involved in illegal file sharing of its copyright material. This information is passed by one of the plaintiffs to the defendant Eircom, as the internet service provider. It then informs its subscribers that they have been detected infringing copyright. If there is a second occasion of illegal downloading, Eircom is obliged, when so informed, under the settlement to write to the subscriber warning them that unless that sort of infringement ceases, they will be disconnected from general internet service. This disconnection does not apply to any telephone or television service that a subscriber gets over their internet facility. On a third infringement, that discontinuance is implemented by Eircom: the subscriber is taken off service except for phone or television internet access.

Charleton J. acknowledges that disconnection is a “serious sanction” and that some would argue it is an “imposition on human freedom”. He quite rightly points out that “[t]here is no freedom, however, to break the law.” However, disconnection could affect an entire household, for example, and it is difficult to accept the justification offered that internet cafés are available to the disaffected and disconnected.

[W]hile it is convenient to have internet access at home, most people in Ireland have only to walk down to their local town centre to gain access for around €1.50 an hour.

Rightsholders are entitled to protect their rights, but should they be entitled to have a utility disconnected on the basis of their unscrutinised claim that the utility has been used to infringe their rights? As one wry tweeter put it:

Charl[e]ton J’s decision in eircom is as if NTR allowed to ban u from driving b/cos Quinn Direct said u crashed into 3 of its policy holders.

Part of the eircom settlement reportedly required the industry to pursue eircom’s competitors and seek implementation of the same system: rather weak letters before action were duly sent to all other Irish ISPs (including those who do not provide internet access to end users) and proceedings were instituted, due before the Commercial Court this summer. It had been anticipated that the other ISPs might defend the proceedings strenuously, though one wonders if Charleton J’s judgment might have any influence.

The most remarkable thing about the judgment is the fact that the Data Protection Commissioner, whose questions to the High Court formed the basis for the judgment, did not appear at the hearing because of  cost concerns.

One wonders what the purpose of the Commissioner’s is if not to appear in such a case. After all, his office appointed a panel of four commercial law firms to advise on the full range of powers and obligations under the Acts only a few months ago. His participation might not have changed the outcome, but as Ireland’s data protection regulator and representative member of the Article 29 Working Party (which has examined the nature of IP addresses under data protection legislation) his office’s participation should be automatic.

While Charleton J’s judgment ostensibly deals with data protection concerns, it makes his views on the wider issue of unlawful downloading clear. David Brophy points out that, not only was the Commissioner not represented at the hearing, nor was any consumer or digital rights advocacy group. He also notes the tenor of the judgment which, although ostensibly concerned with a set of data protection questions, is loaded with pro-indsutry language.

The judgment is particularly striking for the language used to describe the act of copyright infringement (“theft”, “stealing”, “filching”), and the data subjects, whose interests the case is of course addressing, become “copyright thieves” when their IP addresses have been identified as having been involved in file-sharing.

In fact, Charleton J. appears to take the plaintiffs’ assertions at face value and states that “the entire purpose of this litigation is to uphold the law.” He refers to “data protection entitlement” in the same paragraph as a “fundamental right to copyright”.

This appears to suggest that one’s data protection rights are a form of State-granted beneficence, to be measured against the human right of copyright. It should be remembered that, in this scenario, the data subject is an individual internet user; the copyright owner is a multinational corporation.

Updates

  • The International Federation of the Phonographic Industry welcomed the decision in Ireland, saying that it “sends a strong message to governments that are now considering how to help their creative industries address the threat of mass online piracy”. The IFPI says that the judgment confirmed the legality of a graduated response system, which is not quite accurate: the High Court decided that the settlement agreed between the parties was not incompatible with the Data Protection Acts.
  • UPC Ireland, owner of ChorusNTL, said that it will continue to vigorously defend proceedings brought against it by EMI & ors seeking the introduction of the same graduated response system. UPC rightly points out the point made above (that the decision merely decides on compatibility with the Data Protection Acts) and says “there is no basis under Irish or European law requiring an ISP to monitor or block subscriber traffic on its network.”
  • Cory Doctorow said that the judgment means that “Ireland has now joined the exclusive club of nations that treat the Internet as a trivial system for pirating movies, worthy of no special consideration. They’ve joined the club of nations that are willing to collectively deprive innocents of access to a single wire that delivers freedom of speech, press and assembly in order to put a few more Euros into the pockets of some of the largest corporations in the world.”
  • Ars Technica said “The issue isn’t about “freedom to break the law,” but about proportionality. Does the punishment fit the crime (which is not, in this case, even a “crime” but a civil matter)?”
  • p2pNet said “Whenever the IFPI … or any of Vivendi Universal, EMI, Warner Music and Sony Music’s other ‘trade’ outfits applauds a court ruling, you know it can’t be good for anyone except the Big 4. And when U2’s other big mouth, manager Paul McGuinness, chips in, it’s confirmed.”
  • Not an update as such, but Digital Rights Ireland published a post last year on why the graduated response agreement is bad for internet users. It still applies, post-Chartleton J’s judgment.

Telecoms industry surprisingly defensive on data retention

Karlin Lillington had an excellent piece in the Times on 25 September reporting on a private/confidential/secret (the correct adjective appears to be open to debate) deal between the State and the telecommunications industry in Ireland to supplement the law and proposed laws on data retention.

My contribution on the issue was published in the letters page on Friday (2 October), along with that of the industry. Karlin has a response on her blog:

“The fact is that no one I can find across the spectrum of those concerned about data retention — which include politicians, leading business figures, lawyers, and privacy advocates — knew they were off privately drawing up a memorandum figuring out how they would interpret a law and agreeing various provisions with the very people who can come demand our data from the operators. This job of interpretation, as I argued in my column, is normally the task of the legislature and the courts in democracies, and one might think on such a critical issue, should involve privacy advocates and some public input, something the telecoms industry has regularly called for when it has benefited them to do so (as some of the names on their letter know full well), but seemingly not at this critical juncture. I can only conclude that they only want ‘open’ discussion when they feel their input has been excluded, but that they don’t really want customers and businesses to know that they are now amongst the consultative closed circle.”

Her post includes some good onward links on the issue that are worth checking out. It’s also worth checking out Digital Rights Ireland’s posts.

What surprises me is the defensiveness of the industry. Originally, the industry was not receptive to the idea of data retention at all, as it saddles them with an extra financial and regulatory burden. Now, it would seem, they are cheerleaders for the Irish data retention regime and are first out of the blocks to defend it from criticism.