|November 16, 2012
By Mitch Stoltz, EFF
The "Copyright Alert System" – an elaborate combination of surveillance, warnings, punishments, and "education" directed at customers of most major U.S. Internet service providers – is poised to launch in the next few weeks, as has been widely reported. The problems with it are legion.
Big media companies are launching a massive peer-to-peer surveillance scheme to snoop on subscribers. Based on the results of that snooping, ISPs will be serving as Hollywood’s private enforcement arm, without the checks and balances public enforcement requires. Once a subscriber is accused, she must prove her innocence, without many of the legal defenses she’d have in a courtroom. The "educational" materials posted for subscribers thus far look more like propaganda, slanted towards major entertainment companies' view of copyright. And all of this was set up with the encouragement and endorsement of the U.S. government.
One of the mechanisms that was supposed to ensure some degree of fairness was independent auditing of the P2P surveillance methods used to identify alleged infringers, and of the ISPs' procedures for matching Internet Protocol addresses to actual humans. But last month, the group set up to oversee the system - the Center for Copyright Information - revealed that its "independent" reviewer was Stroz Friedberg, a lobbying firm that represented the Recording Industry Association of America in the halls of Congress from 2004 to 2009. Needless to say, RIAA's former lobbying firm is hardly an "independent" reviewer. And CCI could have discovered the relationship between Stroz and the RIAA – it’s on the public record, in reports that lobbyists must file with Congress every year.
It gets worse.
In response to criticism of this obvious conflict of interest, CCI acknowledged that "[r]ecent reports that a former employee of Stroz Friedberg lobbied several years ago on behalf of RIAA on matters unrelated to CCI have raised questions" about the group's impartiality. In the name of “maintaining transparency,” CCI released the Stroz report to the public last week.
But it turns out the CCI has a funny definition of “transparency.” Nearly every significant detail of how the massive P2P monitoring scheme will work is redacted out of the public version. What remains is this: CCI hired a company called MarkMonitor, which will join BitTorrent networks and collect the Internet Protocol addresses of computers that are sharing certain movies and songs (MPAA and RIAA members supply the lists). Their software, described only as "collection mechanisms" and "scanning systems" in the public version, compares the beginning, end, and some of the middle of the file against a reference version, and, if they match, emails the ISP with the IP address of the accused file-sharer. The ISP then sends an escalating series of warnings and punishments to the subscriber, including mandatory "copyright education" and potential bandwidth throttling or blocking of popular websites.
There's a lot we simply can't tell from this heavily redacted report. Most importantly, we have no way of knowing if legal, non-infringing uses of copyrighted movies and music will be flagged as infringing, leading to escalating "mitigation measures" for law-abiding Internet subscribers. We don't know what, if any, protocols other than BitTorrent the system will be snooping on. And we don't know how, or how accurately, the ISPs match IP addresses to the names of actual human beings. That process, says CCI, was described in another Stroz Friedberg report that hasn't been released.
CCI and its backers have made every effort to portray the system as fair and balanced. But subscribers are rightly wary of a copyright surveillance machine that dispenses warnings and punishments based on a secret process. Hopefully CCI will go to greater lengths to find an “independent” reviewer next time – but we’re not optimistic. According to CCI, this fatally flawed system, created via a backroom deal with no subscriber input, will start spying on U.S. subscribers' Internet usage, and sending out warnings and punishments, before the end of 2012. In light of what we already know, the better course would be to press reset.
Please visit The Electronic Frontier Foundation for the latest copyright, privacy, and digital surveillance news.