Account-Suspension Trigger Murky in New Copyright Alert System

The entertainment industry joined with ISPs under a new organization, the Center for Copyright Information, to implement the Copyright Alert System and educate consumers about copyright and its economic impact. Participants include the MPAA and RIAA and their members, Independent Film and Television Alliance, American Association of Independent Music, AT&T, Cablevision, Comcast, Time Warner Cable and Verizon. They will get “guidance by consumer advocates and technical experts” on an advisory committee or through “other expert services,” the groups said.

Participants emphasized in a series of documents released Thursday that the effort would focus on consumers’ “right to know” when their accounts have been linked to infringement, not necessarily committed by the account holder. They compared it to the credit-card fraud alert system. “Data suggests” most subscribers “quickly take steps” to stop alleged infringement once notified by their ISPs, the groups said.

The Copyright Alert System provides for up to six alerts with accompanying “mitigation measures” that ISPs could deploy at their discretion against subscribers who don’t respond to alerts or change their behavior. The first alert, sent in response to a notice from a copyright owner, would notify subscribers of the alleged infringement, warn them that “consequences could result” from such behavior, and help them secure their network and find legal content. The second alert would emphasize the first’s educational message. The third would contain a “conspicuous mechanism,” such as a clickthrough, pop-up notice or landing page, asking the subscriber to “acknowledge receipt” of the alert. The fourth would ask for acknowledgment of receipt. Each alert is to follow continued alleged infringement.

Starting at the fifth alert, the system gets murky and gives ISPs more discretion. It lets them take steps, laid out in their published policies, that are “reasonably calculated to stop future content theft.” The memorandum of understanding lays out specific mitigation measures for ISPs. They include: (1) Temporary reduction in uploading and downloading speeds. (2) Temporary “step-down” in the subscriber’s service tier to either the lowest speed the ISP makes available “above dial-up” or a bandwidth rate that would “significantly impact” the subscriber’s service, such as 256 kbps to 640 kbps. (3) Temporary “redirection” to a landing page until the subscriber contacts the ISP or completes a “meaningful educational instruction on copyright.” (4) Temporary “restriction” of service for a “reasonable period of time” as determined by the ISP. (5) Other “comparable” temporary measures. Mitigation measures are “waivable” by ISPs at the fifth alert, but ISPs must implement one of them at the sixth alert. The MOU is at http://xrl.us/bkzdap.

The framework emphasizes mitigation won’t “knowingly” harm IP voice service, email, security services, multichannel video programming distribution or health services such as medical monitoring. It also specifies that the targeted infringement is via peer-to-peer sharing, not the illicit streaming that’s the target of a Senate bill.

Referring to ISP obligations under the Digital Millennium Copyright Act, the groups said in public materials that ISPs could cut off service to repeat alleged infringers who ignore alerts. “This alert system does not, in any circumstance, require” account termination, but Section 512 of the DMCA requires ISPs to have a termination policy in place to get safe-harbor treatment.

In a novel provision, accused subscribers can seek “independent review” of an ISP’s finding of infringement. They would pay a $35 filing fee under the framework, which is waivable by the independent reviewer, who will have “access to expert advice on copyright law.” The framework emphasizes accused subscribers can still challenge any ISP finding in court.

ISPs downplayed the possibility they would actually suspend accounts. “No termination of service whatsoever,” a Verizon spokesman told us: Verizon’s existing notification system for infringement “works for the vast majority of cases and we never get to the mitigation level."

Where’s the Judge?

Digital rights groups said they were cautiously optimistic about the new alert system. It has the “potential to be an important educational vehicle” for reducing infringement, said a joint statement by the Center for Democracy & Technology (CDT) and Public Knowledge. “A voluntary, notification-centric approach can sidestep many of the serious concerns that would be raised” by government mandates, filtering or a “three-strikes” approach like used in France.

But the framework could go astray in its implementation, those groups said. The agreement’s account-suspension option is disappointing: “We believe it would be wrong for any ISP to cut off subscribers, even temporarily, based on allegations that have not been tested in court.” The agreement needs “close ongoing scrutiny,” they said.

"There’s nothing really new” in the agreement’s reference to ISPs’ termination policies, CDT lawyer David Sohn told us: ISPs have to “wave that threat” in front of subscribers for safe-harbor protection. But the MOU’s vague reference to service “restriction” worries CDT, he said. “Given how much people rely on the Internet these days, it’s a significant concern” that such an interruption could occur based on a private party’s complaint. Sohn said he was optimistic ISPs wouldn’t use their full range of mitigation measures: “Cutting off your subscribers is something you can’t be thrilled about doing.” In a blog post, Sohn laid out concerns about how account holders would know their ISP is trying to reach them -- such as if a teenage file-sharer ignored the direct-to-computer alerts.

Though ISPs have managed their own mitigation measures for years, “there has never been this kind of approach before” among ISPs and content providers, an RIAA spokeswoman told us: The agreement will help “convert casual infringers to legitimate music consumers.” The creation of the Center for Copyright Information is a “big factor” that will help content providers figure out which ISP approach is most effective to deter infringement and find improvements, she said. While content providers have pointed to the role of then-New York Attorney General Andrew Cuomo in getting ISPs to negotiate, the spokeswoman denied that White House “political pressure” drove this particular agreement, as has been reported. But she noted the White House has long supported “voluntary initiatives” to reduce infringement.

Framework participants lauded the effort, with ISPs in particular emphasizing its privacy-friendliness. “We are confident that ... the great majority of broadband subscribers will take steps to stop” infringement on their accounts once notified, said NCTA Executive Vice President James Assey. Randal Milch, Verizon general counsel, said the agreement “builds on existing agreements with several copyright owners” to forward infringement notices. Its intent is to “notify and educate customers, not to penalize them.” Casey Rae-Hunter, deputy director of the Future of Music Coalition, said the framework “does seem to strike the appropriate balance” between artist and consumer rights. The Information Technology and Innovation Foundation, Arts + Labs and International Federation of the Phonographic Industry also released supportive statements.

Some of the notification mechanisms in the agreement could be faked by hackers or phishers, security consultant Dan Kaminsky, who discovered DNS “cache poisoning,” told us. “Forging email alerts is relatively easy,” though fake pop-ups are “pretty disruptive things to add to a network, even legitimately, so they're harder,” he said: “I think we might see phishing attempts demanding payment for pirated content.” In general the practice of “baiting” worries Kaminsky, he said, because “browsers are quite flexible and it’s completely possible for websites -- invisibly, in the background -- to force arbitrary downloads of anything.”