Across the globe a debate is raging that could shape the way the Internet works. This debate is pushed forwarded by governments in adherence of commercial interests of content owners. We are normally sceptics when policy makers drive policy change to suit the needs of specific commercial entities, especially when at the long term expense of citizens. Firstly, policy makers often struggle to understand technology, its implications and how technology markets actually work. Secondly, shaping policies based on the needs from commercial entities can have many unintended side effects. Thirdly, policy makers need to question whether their policy work is in the long term interests of their citizens. Governments and policy makers have their mandate from citizens not commercial entities.
There are two main events that we are concerned about. On one hand there is the somewhat clandestine ACTA (Anti-Counterfeiting Trade Agreement) talks led by the US where governments from around the world discuss how global trade agreements can reduce counterfeit trade, particularly as more and more content and services are delivered over broadband pipelines. On the other hand national policy makers in certain countries are designing new regulatory frameworks that require network operators to filter, monitor, and report illegal activities and copyright infringements.
Let's first discuss about ACTA. This has been viewed as a global implementation of the US-based DMCA (Digital Millennium Copyright Act) which amongst other limits what a user can lawfully do with a piece of digital content. DMCA prohibits a user to circumvent any digital restriction technologies (DRM). The European Union has also raised concerns whether ACTA will limit device and service interoperability. The principles of ACTA is a 'three strikes' trade agreement that requires participating countries a 'graduated response' scheme for those that distribute content as an unlicensed entity. Those suspected three times of infringement are cut off from the Internet. There are plenty of issues associated with such policies. Let's start with the fact that it is a trade agreement and not a legal process. By pushing this through as a trade agreement ratification is done by the executive power (government), and not by the legislator (parliament). Given the far reaching impacts on industry and citizens pushing this through as a trade agreement is an interesting choice.
Furthermore what constitutes copyright infringement? To the extreme, will any entity that does not properly reference third party copyrights be liable for the three strikes? In the extreme, we might see a spike in enforcement of "Registered trademark". Now, this is a practical issue that needs to be addressed. There are more fundamental issues at stake here. What type of entity will monitor and evaluate what is copyright infringement? This is a task that is likely to fall on the shoulders of network operators. This would mean that operators will have to invest significant resources DPI (deep packet inspection) technologies in order to evaluate the traffic that runs on their networks. It will be impossible to manually (human based) monitor due to the massive amount of data that traverse the Internet. Operators will therefore need automated tools that track and monitor usage. The tools will also need to lock down those that infringe on copyrights. Now, equipment vendors most likely have very sophisticated tools that can help operators perform these tasks. However, how many false positives will this system create? Given the enormous amount of data flowing over data networks, the lack off standardized DRM (digital restriction technology) and the blurry lines between fair use and unlicensed use, it is difficult to see how this type of system will not produce false positives. To what extent will false positives be able to hold the operator or even the legislator accountable for any false positives. This may be further complicated where users send licensed content across devices, across physical networks and across operators. For example, a user that is licensed to transfer content from one machine to another (such as PC to mobile phone) should be able to do so regardless of location. We question whether this will increase the number of false positives for users that initiate transfers from their home in one country to their mobile phones in another country. This would carry the licensed content across networks and across multiple network operators. Additionally, this forces forth a debate of the legality of place-shifting of content, meaning accessing content that you are entitled to or allowed to in one geographical area to an area where you currently are located.
Also, governments pursuing ACTA need to evaluate the cost of complying with ACTA for the telecoms industry. Shall these costs be incurred by the a) operators, b) customers, or c) the government/tax payers? Lastly, to what extent can operators use the information they gather by performing real time communications monitoring on their networks? DPI technologies could have significant impacts on privacy which runs contrary to privacy laws in many countries, such as in the EU. This may help explain why ACTA is received with skepticism in the EU. Hence, the European Commission has expressed privacy concerns over British Virgin Media's DPI plans to identify copyright infringements. The Commission is also concerned about agreements that will limit service and device interoperability (with regards to DRM), which ACTA may do. European ISPs, 1,700 represented via EuroISPA, have voiced their concern about the whole ACTA process, and to warned against any trade deal that threatens the openness of the Internet. The EuroISPA has a valid point, as a closed Internet would in effect turn ISPs, or network operators, into police officers of the Internet. If the music and video industry manages to push through ACTA it will place a great burden on ISPs, not just in terms of costs, but also on how to deal with all this data. If ISPs need to filter and monitor network traffic on behalf of commercial entities, does this also mean that other commercial entities can make similar requests for other non-criminal cases? For example can employers request ISPs to hand over DPI data on employees using home broadband services if the employer is concerned that the employee may be in breach of contractual obligations?
In parallel with ACTA governments are also pushing forth similar regulatory schemes. In the UK the Digital Britain report outlines a much harsher regime for copyright infringement and stronger monitoring of networks. In Italy, the Berlusconi-led government wants to hold ISPs liable for the traffic running on their networks. Prime Minister Berlusconi controls media powerhouse Mediaset. These two examples have same flaws as ACTA, and show how politicians even with the best intentions should avoid mixing policy making and technology on the pretense of preserving commercial interests. Because these schemes are fragile and will be full of loopholes.
A glaring topic we would like to see policy makers and ACTA drafters firmly define is how an alleged subscriber can defend him/herself. What is the process for doing so? Is the alleged user guilty until proven otherwise? Now here is the problem. Assuming that the ISP's DPI can avoid being lured by spoofed IP addresses and actually trace the traffic back to a specific subscriber, the infringement case should be straight forward; well not at all. Many subscriber use Wi-Fi services at home. Even if Wi-Fi networks are encrypted it does not mean they are secure. WEP networks can be cracked in minutes. Will the subscriber be responsible to ensure that his/her Wi-Fi network is not compromised? This would be going back to the stone ages given that most users would have no clue on how to monitor Wi-Fi network integrity. If they are not liable for Wi-Fi integrity then using a USB-based Wi-Fi card (which will have a different MAC address than the built-in card) for copyright infringement. To be even more secure the all infringement activities could be done in a virtual machine (i.e. run an operating system within another operating system). From here the user could make the whole session appear to be a completely different machine. By storing all copyright infringements on a removable storage device any examination of the PC would not reveal any evidence of infringement. The user could claim that the Wi-Fi network has been compromised and that the infringement was done by a third party. Average users may not be this sophisticated, however, the more serious distributors of unlicensed content will know the legal loopholes and how technically to avoid accountability. They will have firm legal evidence of their innocence. Whom will cover these costs? State, ISP, or the content industry? Also whilst in dispute, is the accused user entitled to be connected to the Internet? Also, in a multi-person household, who is the user?
At Premonvision we find it alarming that policy makers set out to regulate markets on behalf of commercial entities, especially in areas where technology is involved such as the Internet. We question whether decision makers in governments and in parliaments fully understand the markets they are attempting to regulate, and whether they are aware of the consequences of their policies.
We suspect they are not.
