I was passed a letter from Allens Arthur Robinson, who, apparently, act on behalf of Music Industry Piracy Investigations Pty Ltd, which, is explained, represents the 'record companies' (doesn't say which ones, so all of them I guess) through their association with ARIA.
It is a followup to a letter sent last March (don't recall seeing that one), requesting cooperation for support for a 'notice and disconnection' procedure. Well, it is sort of a request, along with what I read to be some implied threat, saying that they believe Exetel has a clear responsibility under the Copyright Act to take steps to address illegal file shares on its (our) network. But that we have not yet indicated our agreement to implement the 'notice and disconnection' policy.
Haven't we? How remiss that we have not complied with this legislated requirement. Well, we would be remiss, if in fact it were a legislated requirement. Reading the letter, one might be lead to believe there was some onus to do that, but in fact there is none. Rather, it is a request from one company to another to do something that may very well not be legal.
It seems to me if we have a contract to supply to a customer, someone else saying they think that customer has done something wrong does not provide us with a legal reason to terminate supply to that customer. I don't know, I am no lawyer. Them saying that 'we have evidence that shows that your customer has done something wrong' doesn't really help us either. Exetel being neither a law enforcement agency nor a court of law has very little (legal) ability to interpret 'evidence' (in fact none at all) or make some arbitrary judgment on it.
The proposed policy is 'three strikes and you're out'. MIPI included drafts of two warning notices, followed by a third disconnection notice to be sent by the ISP. The letter goes on to explain that ARIA and MIPI have been trying for some years to agree a code of practice with the IIA, but that those negotiations ended prior to a code being agreed upon. Not surprising really. Without a trial case to set the precedent, I struggle to see how any code could be adopted where the legal ramifications are unclear.
The way I see it is this:
1. ARIA or MIPI gain evidence that shows that a private citizen may be breaching copyright
2. The tell the appropriate law enforcement agency, who investigate
3. The ISP receives a subpoena or other legal request to identify the citizen
4. If there is sufficient evidence, the law enforcement agency brings the case to trial
The way MIPI want to do it is this:
1. ARIA or MIPI gain evidence that shows that a private citizen may be breaching copyright
2. They send the information to the ISP, who then send the first warning notice to the registered user of that IP address
3. ARIA or MIPI gain evidence that shows the same citizen (or the same IP address) may have breached copyright again
4. The information is sent to the ISP, who sends the second warning notice
5. ARIA or MIPI gain evidence that shows the same citizen (or the same IP address) may have breached copyright a third time
6. The information is sent to the ISP, who issues a disconnection notice and terminates the customers service
Think of it like this; someone uses a bus to get to a shopping centre each day, steals some CD's from a record store, then gets on the bus and goes home. The record store sends a letter to the bus company saying that a person is using the bus to get to and from their store to steal CD's. They ask the bus company to caution the person, and if that person keeps doing it, refuse to take them on the bus any more. Hmmm, don't you think the record store owner should just call the police?
Can the bus company refuse service to a paying customer on the say so of a third party? Can and ISP terminate the service of a paying customer on the say so of a private third party? The questions I can think of that would need to be answered are:
1. If the customer is still in contract, can the ISP legally break the contract on the say so of MIPI alone?
2. The ISP has a back-to-back contract with the Carrier. Will the carrier excuse the remainder of the contract and does ending the contract between the ISP and the customer also end the contract with the carrier?
3. Is the customer responsible to pay the early termination of contract fee? Does the ISP still have to pay that to the carrier?
4. If the customer takes action for breach of contract by the ISP, is MIPI liable? Will they pay any damages and costs?
Shaky ground if you ask me. I can't see any proposed code gaining wide support without the legal position of all parties being much more clear than it is.
That in a nutshell is what I understand the proposed code of practice to mean. I don't see how and ISP could agree to support it in practice, not without some very good, expensive, lawyers, and some weight of legal opinion to back it up.
Of course, as far as copyright theft goes, Exetel has taken the hardest stance of any ISP that I know of, and we have done that since we began over four years ago. Not because of any implied threat or stretched interpretation of the Copyright Act. And certainly not because of any direct financial benefit (quite the opposite, from the 'outraged' emails sent from soon to be ex customers). Rather because, actually, it is the right thing to do. We have always made it very clear that thieves are not welcome.
After some trial and error to find the best system, we developed the following process which has worked very well for the last two years:
1. We receive a notice of copyright infringement from a recognised industry source, or their legal representatives
2. We forward the notice to the account holder of the IP addresses identified
3. At the same time, we change the end users public WAN IP address to a private IP address. Any web page they try and browse is redirected to a captive portal that explains why their service has been blocked. In the mean time, and importantly, they are still able to send and receive email, should they wish to use that medium to resolve their issue.
4. The captive portal instructs the end user to resolve the issue with the issuer of the notice
5. Via the captive portal, the end user can select a number of options to resolve the issue, including; terminating their service; doing nothing (in which case the block stays in place); telling us they have resolved the problem with the notice issuer (in which case the block is removed).
I ran this system manually for about eight months before I handed it over to our sysadmins to be fully automated. Over that time it was hard to say just how effective it was, but I did notice the trend that a) repeat IP addresses decreased each month and b) the ratio of new accounts to existing account that notices were sent to increased. So it does seem to have a positive effect.
Also, the information is all logged, so should a law enforcement agency investigate, the history of what the end user has told us is there.
The advantages of this system over the MIPI proposal is:
1. It can be fully automated, relatively easily (in fairness, I don't know if the MIPI proposed code can or not, but I know ours can)
2. The end user is directed to resolve the issue with the issuer of the notice
3. The ISP does not breach the contract. It is an option for the end user to terminate the contract if they wish.
4. There is no 'I didn't get the email/notice' or 'I didn't know about it'. If the end user uses the Internet, they will be 100% aware of the issue, guaranteed.
In the event that the MIPI proposed code is adopted by the industry, it should be easy enough to implement. But I do think we are already well ahead of that curve in that respect.
Calendar
|
May '13 |
|
||||
|---|---|---|---|---|---|---|
| Mo | Tu | We | Th | Fr | Sa | Su |
| Thursday, May 23. 2013 | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | ||
They can't reach, say gmail or yahoo webmail, but they can unblock themselves and then sort it out.
The function is designed to ensure the end user knows of the issue, and to take some action.
Basically Exetel agrees to give up it's common carrier status in exchange for ... nothing.
To liken this to your own analogy.
You are the bus driver. Rather than having the third party complain to the police, as they should do -- you take on the onerous duty of enforcement.
You ask the person when the board: "Did you steal any CDs.?"
Every single legal issue that you raise above applies, worse though, is that you actively participating in the process.
Despite you protestations, you have breached your contract. Your contract does not say "We will divert you to a captive server on the whim of a third party until you commit, under duress, to saying whatever it is we want you to say" (not accessible from a non-exetel address, apparently, so no idea what is there).
What are you? Lawyers? What business is it of yours is two private individuals have a dispute?
As you say above: you are not a lawyer, you are not competent to judge evidence, and there is lots of shaky ground.
I guess you must be hoping one of your customers, or a third party never sues you.
Good luck.
Here's a situation. I'm a customer of yours. I have a contract with you to supply internet.
MIPI, in a fishing expedition, erroneously reports my ISP for using file sharing software. They've transposed some numbers in the IP.
You block my connection. That day, I had to upload, via HTTP, a time critical tender document for my business worth 100 million dollars.
Because of the blockage of my internet connection, I was ruled out of the tender.
Now, on my reading of contract law, you are liable for the damages caused to my business.
Better brush up on your bankruptcy law.
In any event, it is sheer folly to use a non-SLA residential grade service for important business use.
If it doesn't, what mechanism does Exetel use there?
1) Users of business grade products are usually there during the day and are far more contactable that users of residential grade services tend to be
2) there is a promise of service continuity, which there explicitly isn't for residential ADSL.
3) it is very unlikely that the issue is deliberate or that it will be ignored. It is quite likely to be the result of a compromised system, which the network operator is very keen to fix as quickly as possible.
In most cases (and there have been very few) we forward the complaint notice as usual, and also give the customer a courtesy call.
Steve, get a backbone.
I will they go after the power company after they get no where with the ISP because they are providing electiricity to power the computer that thas the copyright material on it.
They new to get a life and a delivery system that consumers want to use, move on and profit from it.
They are flogging a dead horse that has long since turned into dust and left.
In the absence of a legal precedence,Exetel is covering it's deriere. The only ones who are likely to get caught are those who aren't using appropriate encryption etc.
One question though, now that it has been 2 years, have you seen a reduction in the letters that you receive?. If so, then the policy is working.
http://www.iinet.net.au/about/compliance/copyright.html
The hosting or posting of illegal or copyright material using an iinet service constitutes a breach of iinet contractual obligation under the Customer relationship Agreement Sec 4.1 & Sec 4.2 Customer relationship Agreement. Such a breach of contract may result in the suspension or termination of service without notice to the subscriber.
Where do you draw the line on who can have your customers disconnected?
Sure, if a record company is complaining about a U2 album being pirated that's pretty clear.
But what if it is a small record label complaining about the album of a band you havnt heard of being pirated?
What if it's an unsigned band complaining about their album being pirated?
What if it's a digital artist complaining about their photographs being pirated?
What if it's a 17yo kid, complaining that the dodgy mspaint image he made for amusement on an internet forum being pirated?
I think you are taking a fairly well thought-out approach to this, but I'm not sure if your logic has been tested enough?
We don't. We encourage the complainant and the person they are complaining about to work it out between them.
Since the end user is forced to acknowledge the fact that a complaint has been made, there can be no denying that 'they didn't know' or 'weren't told'.
So then all they have to do is sort it out.
"Sure, if a record company is complaining about a U2 album being pirated that's pretty clear."
Perhaps, if they haven't made a mistake in their allegation.
In any event, their complain it forwarded to the end user they are making the complaint about.
"But what if it is a small record label complaining about the album of a band you haven't heard of being pirated?"
Their complain is forwarded to the end user they are making the complaint about.
"What if it's an unsigned band complaining about their album being pirated?"
Their complain is forwarded to the end user they are making the complaint about.
"What if it's a digital artist complaining about their photographs being pirated?"
Their complain is forwarded to the end user they are making the complaint about.
"What if it's a 17yo kid, complaining that the dodgy mspaint image he made for amusement on an internet forum being pirated?"
Their complain is forwarded to the end user they are making the complaint about.
"I think you are taking a fairly well thought-out approach to this, but I'm not sure if your logic has been tested enough? "
It is what has worked best for us, trying to be fair to all parties and responsible for the enforcement of our AUP, over the last four years, with refinements along the way.
There is no way it is going to be perfect, since all parties are never going to be happy whatever the ISP does.
1) it has not happened in 4 years of operation,
2) some unknown person making a claim would not cause that response. Copyright infringement notices are sent by the lawyers representing various artists industry organizations. They are completely verifiable and 'swear under threat of prosecution for perjury' that the information they send is correct to the best of their knowledge. It would be very, very unlikely that anyone would, or even could, fake that.
3) in all cases, whatever the complaint, our policy is to send the complaint notice to the end user the complaint is made about. So the end user has the full details of the person making the complaint. If the person making the complaint wants the same information, they need a warrant to get it under Australian law.
4) In the very unlikely event that you were redirected to the captive portal because of some malicious prank, then it might take you a minute or two to fix the problem through the portal Now I know Internet access is more important than life itself to many people and one minute downtime represents a personal disaster of huge proportions, but I guess if it happens it happens. I doubt any reasonable person would have a problem with it.
You mention that the system has worked well over the last 2 years, and you ran the system manually for around 8 months. Was the 8 months part of the 2 years?
Also out of interest, do guys have to manually read a notice to find out the IP etc (time consuming?), or is the system able to automatically extract that kind of stuff?
Most infringement notices now have all the information in XML fields, which makes it much easier to parse.