Law in the Internet Society

View   r3  >  r2  ...
AndrewHarmeyerFirstPaper 3 - 19 Dec 2012 - Main.AndrewHarmeyer
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"

Behind Closed Doors: ISPs Set to Implement Six-Strikes Policy

Changed:
<
<
-- By AndrewHarmeyer - 16 Oct 2012
>
>
-- By AndrewHarmeyer - 19 Dec 2012
 
Changed:
<
<

Background

>
>

Introduction

 
Changed:
<
<
Last year several major U.S. Internet Service Providers (“ISPs”) joined with the major Hollywood studios and record companies to create the Center for Copyright Information (“CCI”), whose purpose it is to implement a system to “warn” Internet users when they are infringing copyrighted works. That system is now known as “six-strikes” and will be implemented as early as November 28th of this year (so far it looks like AT&T will be the first ISP to implement six-strikes, according to leaked documents from the company). According to the CCI the goal is to provide education instead of just simply punishment. However, the program’s “mitigation measures” are entirely punitive in nature.
>
>
The “six strikes” system proposes to reduce copyright infringement by everyday Internet users through a combination of “educational” and mitigation measures, ranging from pop-up notifications to a throttled connection or even a temporary service disconnection. The first draft of my paper focused on my concerns over the lack of transparency and unfairness in six strikes, which is a joint effort between ISPs and major content owners, and was created with no input from the public. As pointed out in Professor Moglen’s first round of comments, sophisticated technology users will likely be unaffected by six strikes. For “Joe Consumer,” however, six strikes underscores the need for easy to implement free software, such as the FreedomBox, for privacy protection that does not intimidate unsophisticated users.
 
Changed:
<
<

How It Works

>
>

Getting Around Six Strikes

 
Changed:
<
<
Content owners will forward the IP addresses of suspected infringers to the respective ISPs. The ISPs will not share the users identity or address without a court order (although leaked AT&T implementation documents suggest this may happen around the fifth warning). In the first and second instance of suspected infringement, the user will receive an alert that their account “appears to have been used for online content theft.” The third and forth times create pop-up notifications requiring the Internet user to click a box acknowledging he or she has read the warning (if prosecution results, could this be used as evidence of willful infringement?). The fifth and sixth instance is really where the “mitigation measures” lose their “educational” character and become what you or I would call a punishment, a stick but not a carrot, or quite possibly an un-just dessert. The user may be subjected to reductions in bandwidth or Internet speeds, blocking of certain websites until the user takes an online anti-piracy course, or blocking of access entirely until the user actually contacts their ISP (and if speaking to an actual person at your cable or internet company is like my experience with Time Warner, this can take upwards of an hour waiting on the phone).
>
>
Sophisticated web users who are already concerned with Internet privacy should be unaffected by six strikes, as there are several ways to circumvent that system. Six strikes uses a third party, MarkMonitor, to track the downloading of copyrighted files to an otherwise unsuspecting user’s IP address. The solution is relatively straightforward – if the IP address that MarkMonitor? matches to an allegedly improper download does not match the user’s own IP address, then there is a dead end and the user retains his or her privacy on the Internet.
 
Changed:
<
<
But you haven't explained what technical nonsense this all is. It assumes that the user is an individual running brain-dead client software on a consumer device where "the Internet" is a synonym for "a browser," which can display silly things like "pop-ups" or "notifications." It assumes that the ISP-serviced endpoint is not proxying through a midpoint that the ISP does not service, and to which content-thug referrals will be accordingly misdirected. And, most importantly, it assumes that the client is receiving unencrypted materials. Relax even one of those constraints, and the system fails to work as you describe, or fails to work at all.
>
>
One way to achieve this is a proxy. A proxy is an intermediate computer that communicates on behalf of your computer. MarkMonitor? would track your proxy’s IP address instead of your own. If your connection to the proxy is encrypted, then your ISP cannot tell what you are downloading; it only knows that you are connected to a proxy. Another option is a Virtual Private Network (VPN), which mimics a private local network using a public network such as the Internet. The communications over the VPN are encrypted; similar to using a proxy, MarkMonitor? cannot associate your downloading activity with your own IP address. It should be noted, however, that the VPN provider is still able to see your activity, so it is important to find one you trust. If the provider keeps a log of its users’ activities and is subject to subpoena, then do not assume your activities are fully anonymous.
 
Changed:
<
<
No technically-sophisticated reader overlooks these points, so by the time you have finished this summary, you have lost her: she knows you have nothing to offer but tangential analysis of propaganda. Moreover, neither the ISPs nor the content industry thugs are ignorant either. The ISPs are arranging to reduce the amount of pressure they receive from the content thugs by helping them to catch a few stupid people engaged in unimportant sharing. The content thugs, who know the game is over unless the Net can be re-engineered to defeat its central purpose, want to be able to declare victory, shift the cost of looking like winners to someone else, and get out of the game. By taking this rubbish seriously, and deploring it instead of describing why it is rubbish, you're buying into the game.
>
>

But What About “Joe Consumer?”

 
Changed:
<
<
>
>
For the technologically unsophisticated user, six strikes is a different story. Before taking this course and writing this paper, I had no idea what a VPN or a proxy is, as used in a technology setting. It appears the average ISP subscriber that does not take measures to protect its privacy, or does not even know these measures exist, is subject to prying by six strikes through MarkMonitor? . The head of six-strikes, Jill Lesser, acknowledges that users with technical know-how will be able to skirt the system. But according to Lesser, the purpose of six strikes is not to dissuade what she calls “sophisticated pirates;” instead, the aim of the system is to “go[] after Joe Consumer.”
 
Changed:
<
<

So What's the Big Deal?

>
>
So how does six strikes change the status quo for “Joe Consumer?” Content owners already can track downloading and can serve subpoenas on ISPs, seeking the IP addresses of users so they can file John Doe lawsuits. Now, users will instead receive measures that ratchet up in their level of severity, from “educational warnings” to full-blown mitigation measures, but the possibility of lawsuits is left open, and a user’s acknowledgment of the aforementioned warnings serves as pretty good evidence of willfulness in an infringement suit.
 
Changed:
<
<

Lack of Transparency, Exclusion of the Public, and Fairness Concerns

>
>
My biggest problem with six strikes continues to be the lack of transparency and fairness in its appeals process. As discussed in my first paper, the normal presumption of innocence inherent in our legal system is turned upside down because evidence of infringement, which is collected by the content owners themselves, is accepted as true, and the burden is imposed on the user to pay $35 to obtain review by an arbitrator. Six strikes provides a one-time freebie for users with an open WIFI that claim someone else must have downloaded copyrighted works through their connection. As Professor Moglen points out, this is a non-issue if the WIFI owner had a FreedomBox because each user accessing the open WIFI connection will retain its privacy. But six strikes is probably counting on some users securing their WIFI instead of being berated with warnings because they prefer not to deal with the hassle.
 
Changed:
<
<
First, there is a total lack of transparency. Details of the program, for example the process by which content owners determine an IP address is infringing in the first place, are largely unknown by the public. This is due to the entirely closed door bargaining process that left the public in the dark while the content owners and the ISPs reached an agreement. This is despite that while the agreement is a private contract it affects the public at large and raises serious fairness concerns. For example, the normal presumption of innocence inherent in our legal system is completely turned on its head: evidence of infringement, which is collected by the content owners themselves, is accepted as true and the burden is then on the innocently accused user to pay $35 to receive independent review by an arbitrator (or ignore the warnings and face punishment). Due to the lack of transparency about six-strikes’ details, it is unclear what discovery, if any, is available or whether defenses such as fair use can be used. Further, there is always the possibility that the arbitrators may be biased (the backers behind CCI are repeat players in the arbitration process and the $35 filing fee is likely a drop in the bucket towards financing the total cost of the arbitration / appeal process).
>
>

Conclusion

 
Changed:
<
<

Can I Still Leave My Wi-Fi Unrestricted (If I Ever Did)?

>
>
I think most “Joe Consumers” care about their privacy, but some may just accept six strikes and some privacy loss in general as a cost of using the Internet. Some are probably unaware of the tools they can use to protect their privacy. To my classmates reading this paper, I suggest researching the use of proxies, VPNs, and other privacy protecting free software such as Tor. But still – there may be other “Joe Consumers” who have heard of these tools but are intimidated by technology or view the technology as difficult to implement. The FreedomBox, which is a personal plug server that runs free software and can be used to protect personal privacy, is a solution for this group of “Joe Consumers.” But first, the Freedom Box must be widely available and, probably more importantly, it must be available at a reasonable cost.
 
Changed:
<
<
The program provides for a one-time-only “freebie” if a user claims someone else is using his or her Wi-Fi to infringe copyrighted works. After that, I suppose it is the users responsibility to password protect his or her Wi-Fi, or eventually suffer reduced Internet speeds if the 3rd party infringement continues (an alternative may be to pay the $35 fee and seek independent review but it seems unlikely having an open WiFi? signal is a defense under that process). Thus, while it may be difficult as a legal matter to prove you are in fact the alleged infringer on an open network, as a practical matter there may be repercussions in the form of reduced Internet capabilities (although not as severe as legal liability) after the program takes effect.
>
>

 
Deleted:
<
<
The ISPs you are talking about, including AT&T, already contractually prohibit you from sharing the bandwidth you buy from them. If you cared about the legal restrictions on sharing, you wouldn't be doing business with them in the first place, would you? Moreover, because the router I am opening is my own, it is trivial (if the router uses free software) to afford anyone sharing the connection with me the same privacy and impunity against the sort of misbehavior by the ISP that I have myself. Perhaps we would call such a router a FreedomBox? Once again, you are not actually analyzing the technical situation, just uncritically helping the people you claim to oppose to publicize their charade, making objections they know they can ignore, instead of providing the public the reality they would consider dangerous to their Potemkin Village development. If you are actually interested in people's having freedom, why don't you help them learn how to get it, instead of making the nonsensical supposed barriers in the way of their freedom look higher than they really are?
 
Deleted:
<
<

The Cost of the Six-Strikes

And then there is the cost . . . again, the $35 filing fee will be merely a drop in the bucket towards financing an “independent” arbitrator. How will the costs of six-strikes be allocated (i.e. between content producers and ISPs)? Again, due to the lack of transparency and lack of public involvement with six-strikes, we do not know. In either case, the costs will be shifted to consumers in one form or another. Either content will become more expensive or the cost of Internet service will increase.

In the end I wonder if the CCI and its backers have any clue what six-strikes will cost, or if they really care. Between the cost of arbitrators and search costs for alleged infringers – six-strikes will not be cheap. Notably, Hadopi – a publicly administered and more draconian three-strikes policy implemented by the French agency – has come under fire for its excessive costs and is being re-examined by the French government (for now, the French Minister of Culture has significantly reduced its budget for the rest of the year).

For the content thugs, the cost doesn't matter because it's fully shifted. For AT&T and other now-primarily mobile carriers, the cost of this absurdity is smaller than the cost of subpoena-processing and the associated litigation. For the Verizon/Google duopoly, this is mud other peoples' feet are stuck in. Or do you have a different analysis, and on what facts (none of which are present so far in the essay) are you predicating your conclusion?

 
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.

Revision 3r3 - 19 Dec 2012 - 18:30:54 - AndrewHarmeyer
Revision 2r2 - 29 Oct 2012 - 13:00:46 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM