Some of the biggest U.S. Internet service providers are getting ready to embrace the Copyright Alert System, a policy of escalating alerts and “mitigation measures” that ISPs will force on their customers when copyright holders accuse them of pirating content.
The Copyright Alert System is often described as a “six strikes” policy — with the implication that if someone’s accused of piracy six times, they’ll lose their Internet service. That’s a misrepresentation. First, it’s a system of four to six alerts — some folks might get six, but others will get fewer. Second, the system doesn’t actually have a stage where users lose their Internet service — as always, that’ll remain solely at the discretion of ISPs, who can turn it off anytime they like for any reason.
So what is this thing, and do you need to be worried about it?
What is the Copyright Alert System?
First, the Copyright Alert System is not a law. It’s a series of escalating notices and educational materials that ISPs will voluntarily present to subscribers allegedly distributing or consuming pirated digital content. The initial emphasis will probably be on movies, television shows, and music, but it can apply to anything. Content owners — movie studios, publishers, record labels, and the like — will give ISPs specific IP addresses any time that users on their networks are allegedly engaging in piracy. ISPs will then start sending notices to users.
The system was supposed to go live in July of this year, but is now expected to roll out with major ISPs by the end of 2012.
Where did the Copyright Alert System come from?
Right now, most ISPs have their own set of policies and procedures for dealing with digital piracy — and they’re usually pretty hands-off. ISPs generally do not want to act as copyright police — they view that role as tremendously costly (with no upside), and a slippery legal slope that could alienate customers. As a result, most ISPs pursue anti-piracy policies in the name of network management — think of bandwidth caps that limit the amount of data subscribers can send or receive, with penalties for going over those limits.
Movie studios, record labels, publishers, and other representatives of the content industry aren’t happy with that situation. When they believe an Internet user is engaging in piracy, they can contact that person’s ISP and present their evidence, but the ISP isn’t under any obligation to do anything about it. After all, the report doesn’t carry any legal weight, and enforcement represents a burden. Most ISPs will warn users (or, sometimes, eventually disconnect them), but the policies are inconsistent and sometimes even non-existent. For the content industry, the Copyright Alert System means a more consistent response to reports of digital piracy — and, more importantly, that participating ISPs have agreed to participate.
For the content industry, the Copyright Alert System is also less likely to blow back on them. If there’s one thing the content industry has proven, it’s that threatening to bring legal action against all fire-sharers they believe might be engaging in piracy is costly, embarrassing, and largely unsuccessful (even with a recent re-instatement of a $222,000 penalty against Jammie Thomas). Groups like the RIAA and MPAA would rather work with ISPs — quietly and directly — than get lawyers involved.
The two groups hammered out the basics of the Copyright Alert System in mid-2011; their memorandum of understanding is filled with legalese but remains the most detailed articulation of the system to date. The system is being shepherded by the Center for Copyright Information, headed up by former People for the American Way executive Jill Lesseris.
What are the alerts?
There is no fixed system of alerts, but ISPs participating in the Copyright Alert System will probably implement four to six stages.
The first time a user’s account is accused of piracy, the ISP will send an alert (probably via email) that their account has been accused of distributing copyrighted material, perhaps as the result of misuse. The notices will point out that piracy violates the ISP’s terms of service and potentially subjects users to malware and other security risks. The notice will also point out legal ways for users to get the digital content they want.
If the alleged behavior doesn’t stop, the notices will escalate, but how remains up to the ISP. One path might be to send another notice, or perhaps send notices via postal mail or with return receipt technologies if the alleged abuses continue. From there, ISPs can move on to “mitigation” measures, like throttling a user’s Internet service, redirecting Web browsers to a landing page telling users they’ve been accused of piracy, or forcing them to watch educational videos before letting them resume full Internet access.
The Copyright Alert System does not mandate any fixed number of “strikes” that will cause users to lose their Internet access. Any decision to terminate Internet service is completely in the hands of individual ISPs, just like it is today. In fact, it actually has some protection systems for users built in. Any mitigation actions taken by the ISP cannot terminate email service, voice services (like calling 911) or things like home security and health equipment monitoring services.
What ISPs are involved?
Right now, AT&T, Cablevision, Comcast, Time Warner Cable, and Verizon have all agreed to participate in the Copyright Alert System. Combined, these ISPs account for about three quarters of all residential Internet service in the United States.
Who is doing all this “alleging”?
The two main organizations representing the content industry in the Copyright Alert System are the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA). Both organizations already employ organizations to track and identify systems engaged in digital piracy, usually over peer-to-peer file sharing networks.
How will accusations work?
Record labels and movies studios hire companies (like Peer Media or DtecNet) to sniff out pirates. Once they identify a torrent or other pirated content that they believe infringed on their copyrighted content, they can collect quite a bit of information, including the IP addresses of other users connected to a torrent, either to upload or download the content. In the industry’s eyes, all those people are conducting or at least enabling piracy. Sometimes, the companies will even bait pirates by seeding torrent sites and other peer-to-peer services with blocks of data that purport to be hot new content items… and then seeing who nibbles.
Once the IP addresses of alleged infringers have been identified, they will be passed along to the ISPs — with timestamps, which ISPs need for this information to be meaningful. Under the Copyright Alert System, the ISPs will initiate (or escalate) alerts or mitigation steps applied to the identified subscribers. Under the content alert system, the ISPs will not be sharing users account information with the MPAA, RIAA, or each other, nor will they be sharing the lists of IP addresses accused of piracy. If the MPAA or RIAA wants that information to initiate potential legal action, they’ll still have to get it the old-fashioned way: by filing a suit and doing discovery.
But I’m not pirating anything!
The content industry doesn’t care whether the alleged sharing is deliberate or inadvertent. Under the Copyright Alert System, they’re out of the loop once they’ve reported infringement to the ISPs — any enforcement actions are solely in their hands.
There are plenty of scenarios where someone could be accused of piracy without committing it. For instance, if you run your wireless network without security, or it has simply been compromised, anyone in range could be using you Internet connection (and IP address) to download or upload pirated content.
Small businesses are another great example: Lots of cafes, coffee shops, book stores, restaurants, bars, hair salons, grocery stores, and even offices offer free Wi-Fi as a convenience to patrons or clients. Despite their lack of control, they will find themselves subject to the Copyright Alert System. And, although it’s rare, the technosavvy can pretty easily crack passwords on many Wi-Fi networks. That quiet kid in the apartment down the hall might be doing all his torrenting on your Internet connection, rather than his own.
If users believe they’ve been unfairly or inaccurately accused of piracy, the Copyright Alert System does allow folks to request an independent review to be conducted by the American Arbitration Association — starting the process will involve a $35 fee.
More insidiously, the Copyright Alert System has no “watchers for the the watchers.” ISPs will take groups like the RIAA at their word that they’ve reliably determined an IP address is engaging in piracy. If those reports are wrong — whether through a technical errors or deliberate fraud or harassment — everyday Internet users could pay the price.
Do “strikes” carry over?
Nobody knows yet, but right now the indication is “no.” The Copyright Alert System is set up so ISPs don’t share account data or IP address lists with the content industry or each other. In theory, that means a user accused of piracy while using one ISP wouldn’t have those black marks on their record if they switch to another ISP.
So how can I protect myself?
Most everyday Internet users will never notice the Copyright Alert System — especially if they’ve locked their Wi-Fi networks. The content industry is gradually learning that making media easily available via legitimate channels — like iTunes, Netflix, and other mechanisms — is the best way to deter piracy. So, the simple way to avoid being dinged by the Copyright Alert System is probably not to engage in piracy. Mistakes may happen, but that should keep most users clear.
Folks who do engage in file sharing — which is not in itself illegal — can take steps to protect themselves. Using encryption technologies in file-sharing client software probably won’t do much to protect users: Sure, ISPs won’t be able to peer into your traffic, but ISPs generally don’t want to peer into your traffic anyway. However, other users of the file-sharing service will be able to see what you’re doing, and some of those users work for RIAA and MPAA. And they know how to work around things like PeerBlock that claim to keep spying eyes off your file sharing.
The cleanest way for file-sharing users to protect themselves is probably by using VPN (to encrypt data transiting your ISP’s network) or proxy services. A proxy will effectively mask a user’s IP address from other users on a peer-to-peer network; a VPN establishes an encrypted connection for all network traffic to and from your computer. Neither are foolproof (or necessarily easy to set up), but they represent the best, easily available technology to stay out of sight of the Copyright Alert System.
Should I worry?
The Center for Copyright Information is right about one thing: most users will probably never need to know the Copyright Alert System exists. Folks who watch movies via Netflix, download some stuff from iTunes, and watch videos on YouTube have nothing to worry about. For the time being, the MPAA and RIAA are mostly concerned with peer-to-peer file sharing through services like BitTorrent, and particularly, folks who make copyrighted content available on those services.
The thing is, serious content pirates are already used to working around piracy reporting systems like this. They encrypt their traffic, set up seed sites outside the United States, and generally know what they’re doing. The Copyright Alert System is not going to stop them or even slow them down.
The real question is how smoothly — and competently — piracy sleuths and ISPs can manage this system. If piracy reports are very accurate and ISPs actions on them consistent, the Copyright Alert System will at most be a minor annoyance for folks who are inadvertently participating in piracy, and just “business as usual” for serious pirates.
If the system is inaccurate or causes users to unfairly lose Internet access — particularly in areas where there’s little or no competition for Internet service — then the Copyright Alert System could become another albatross on the content industry’s shoulders — just like that time they proved in court that sharing 24 songs on a file sharing network was worth $1.5 million in damages.