There is increasing debate and discussion about regulatory moves in the internet sphere that have direct implications for the kind of society we want to live in and the rights we can expect to have: freedom of speech balanced against rights to privacy; centralized data gathering and storage by governments versus rights to control over personal information; rights to protection of intellectual property balanced against rights of fair use; rights to freely communicate versus protecting, for example, minors from abuses such as child pornography; and the emerging recognition of the need to break down the digital divide with a right of access to the world wide web through universal broadband access.
I have been arguing for some time that there are natural balances to be struck between these rights and proposed regulatory measures, whilst well-intended, aren't addressing them satisfactorily. In their attempt to try to stamp out abuses regulators aren't giving full consideration to the rights of the consumer and the implications of technological innovation.
France invented the graduated response with HADOPI;
Australia is actively promoting filtering and internet censorship;
The United Kingdom is discussing the Digital Economy Bill to implement the so-called Three Strikes law.
In all cases the regulatory weapon is clear – cutting perceived offenders off from access to the internet, whether or not they were able to control their ISP accounts.What do I take from all this?
As a starting point I am convinced that the internet is one of the greatest media inventions in many areas: communication, knowledge sharing democracy and there are many other ands… We should only restrict and regulate this great medium where necessary, and in a way that is technically feasible.
That brings the discussion to network surveillance and conflicts with copyright protection envisaged in the regulations referred to above. Enforcing such protection implies monitoring, and a key issue is the extent to which there should be monitoring of internet communications, and who will be held responsible for this.
Do we consider the situation of representatives of copyright holders in the music, film and software industries to be sufficiently in danger to justify a level of surveillance that will lead to a modification of peer to peer network communication as we know it today?
The French edition of the “ReadWriteWeb” online magazine has published its own theory that is worthy of consideration.
Many technical experts whom I have personally questioned – from Ralf Bendrath whom I met at the Privacy conference in Brussels to Chris Parsons who did a presentation at Counter Conference and the inventor of the World Wide Web itself, Tim Berners Lee – consider that there is a high likelihood that illegal file sharers (and it's important at this point to mention that file sharing is NOT necessarily an illegal activity) will modify their behavior by using encryption technologies and Virtual Private Networks to escape the censorship of copyright protection.
What does that mean exactly?
Putting it In other words, the speed of technological evolution will continue to make it difficult for regulation to keep pace. The heavy, tech savvy illegal downloaders will find and use technology to escape the censors.
Why should child protectors be concerned?
Simply because this repression will not only generalise but also encourage the advance of encryption technologies which will not allow the monitoring of internet communication in the interest of child protection.
If copyright law enforcement advances then this involves further Deep Packet Inspection and this is where privacy advocates should be alarmed.
Why is Privacy at risk?
Simply because Deep Packet Inspection or filtering of online communication will allow a ‘deeper’ look at packet transfer although we are re-assured that no one is actually looking at the content of the packets but instead simply scrutinizing the ‘headings’. I can't see what would stop the process once it has been legalized (engaged or generalised).
There is a lack of transparency at the moment on the use of Deep Packet Inspection by ISPs and this can only get worse if the Three Strikes law and like measues are passed.
In our judicial systems, a balance of rights is essential. Article 8 of the European Court of Human Rights, as a ‘guarantor’ of Fundamental rights, has strict rules on the limitation of the individual's privacy. The storing and processing of personal data for the purpose of copyright protection constitutes an interference with the right to private life. The test of proportionality has to be applied in order to justify invasion of privacy and collection of data.
From that point of view, there are three major obstacles for the adoption of the measures:
- there is no evidence that the action can achieve its purpose;
- the action is not necessary to accomplish the purpose;
- there are alternatives available for accomplishing the same purpose with a lesser cost in terms of individual privacy.
In parallel, the ISPs have expressed their own limitations:
- It would be technically impossible or unreasonably expensive to block peer to peer downloads even with filtering techniques.
- There would be no totally secure network as anyone could hack the network or snoop an IP Address.
In other words the ISPs are being asked to be judge and jury whereas they are unable to do so.
How could we handle the balance of rights in a context in which it is unclear what should be considered a valid notice of take down. I refer here to the results of two research studies, one run by the Oxford University – the Liberty experience – and the “Multatuli Project” experience by “Bits of Freedom” on a larger scale. In both cases material that was obviously out of copyright was posted by the researchers. However, in most cases the ISP followed requests to take down without any sort of verification. This bogus take down is against individual rights and freedom of speech.
I note in passing the irony that the font characters used for the HADOPI logo have been registered and belong to Orange of France Telecom. Indeed even the brand ‘HADOPI’ itself is copyright protected. Is the Government above the very types of protection that it is attempting to implement?
Giving more voice to consumers
At the European meeting of the Family Online Safety Institute Conference in Paris, at which I was invited to speak on Privacy, issues of net-citizenship were discussed. FOSI and other family organisations promote awareness of internet users from kids to parents and carers to the education system. The EU Consumer Group recently organised a meeting in Brussels on this topic which unfortunately I could not attend.
I strongly believe that internet is still at its early stages and users have not yet learned how to master it.The situation can be compared to that of drivers of automobiles. When first invented, few owners were on the road and they were able to deal with the relatively minor issue of cross-roads. Once the automobile became a democratic means of transport the need of regulation arose. This regulation came in parallel with education.
I am not saying we necessarily need an internet driving license. The internet needs to find its own way of reaching a balance of rights that needs to be discussed democratically and not behind closed doors as has been the case for the secret ACTA negotiations. It is likewise inappropriate to announce measures such as HADOPI and the Three Strikes Law which strike at fundamental consumer rights without a full debate on their implications. All the more so as today it is unclear even for many academics what is copyright infringement and what is fair use.
This is an area of cross-roads of law and technology where many lawmakers and political representatives have no actual knowledge of the technical impact of the regulations. Prior to the vote of the HADOPI law in France, the parliamentary members interviewed actually had very little knowledge, and many false conceptions, of peer to peer file sharing. They can't be blamed as many people are still not using all of the potential of the net. However this, plus the limited number of representatives engaging in the parliamentary debates, show the lack of real debate.
The lobby of the film and music industries is exercising a strong influence. It is regrettable that the consumer point of view, as well as the individual artists rights themselves, are under-represented. In my view, the threat to privacy and the principle of Net neutrality do not justify ceding to industry lobbyists.
Lawmakers need expert advice on the actual functioning of the internet and the legal consequences of the new regulations. Legal specialists need to work in parallel with technical experts to measure the consequences of the measures of censorship and Deep Packet Inspection or any other measures of traffic monitoring.
While these measures can be justified on the basis of protection against personal harm, this has to be exceptional and subjected to judicial scrutiny. However at this point I do not feel the economic interest of wealthy organizations could justify such a restriction of fundamental rights of internet access and privacy, all the more as there is no evidence that the goal could not be achieved by other means. There is also evidence that the measures are unable to achieve their aim as file sharing can bypass the measures by encouraging the use of encryption technologies and Virtual Private Networks that can in turn make criminal investigation more difficult.
It could be added that the ISPs have expressed deep concern, technical as well as financial, on the implications of the Three Strikes Law.
Ultimately, if the graduated response was applied, it would create a collective responsibility of the account holder, held liable for the use and abuse of it's network.
The view of the French advocacy group ‘La Quadrature du Net’, which promotes the rights and freedoms of citizens on the Internet, is that for technical reasons it is not possible for private individuals to properly secure their networks.
There are multitude hacking technologies enabling those accessing networks to make illegal downloads by accessing the network or using IP addresses.
As mentioned by Orange Senior Legal Counsel the actual design of dynamic attribution of IP addresses is in total contradiction with the new measures.
While reducing the digital divide and encouraging a more democratic access to the internet has been the policy, copyright repression will take a reverse path, creating a general fear among many parents to even allow access to the internet for fear of being cut off. What we need is better education, encouraging safer access to the net, adopting net-citizenship attitudes.
I remain confident that education and awareness are the key to many of these issues.
The American Law scholar, Lawrence Lessig, initiator of Creative Commons and whose videos have been silenced twice for including a few seconds of protected music, has used this to demonstrate the re-mix concept. I agree with him that it cannot be expected from your users to respect copyright law while it remains unclear for the specialist what is actually being protected.
Are we certain that the ipod offered by the President of the United States to the British Queen, with itunes downloaded files was or was not copyright infringement?
Coming back to the Google Adwords seminar, I share the view of my colleagues expressing concerns on the effect of the quasi-monopoly of one institution in the digital world. The Search Engine is the central key of internet knowledge. Being at the two first pages of the search result is determinant for many users. Taking a more general view, it is unhealthy to have one company with this level of dominance and ability to aggregate so much private data.
My very last argument is the climate of repression that Three Strikes measures can create: the escalation of attacks and ripostes. Many security experts believe the file sharer would use more sophisticated, and less traceable, means of file sharing.
In fact the regulatory deterrent will probably only discourage small individual file sharers who hardly cause any harm to the industry. They might face unscrupulous law firms that will threaten them of legal action to push users to settle to avoid court action. Already, ACS:Law and now Tilly, Bailey & Irvine schemes to chase alleged file-sharers have raised concerns. The professional downloader will only respond by modifying his or her behavior. Some believe that this could actually create an organised ‘mafia’ of professional file sharing in parallel with child abuse related activities.
Our society should remember the presumption of innocence principles where the rights of individuals are protected unless and until infringement has ben proven. Reversing the burden of proof is a dangerous path against democracy.
The Privacy Implications of Deep Packet Inspection, Danielle Keats Citron.
How Deep Packet Inspection Changed the Privacy Debate – Ronald W. Del Sestro Jr. and Jon Franket.
See Liliane Edwards on her blog PanGloss ‘Filtering round up: French filtering, Ireland backs off, UK slide steps?‘.
Telegraph UK ‘Terrorism and Child Pornography used to justify surveillance society says academic‘.
28th March 2010
Creative Common CC
A week of balance or a weak balance? by Tara Taubman – clarinette02 is licensed under a Creative Commons Attribution-No Derivative Works 2.0 UK: England & Wales License.
Social comments and analytics for this post…
This post was mentioned on Twitter by magneda2: GVa: HADOPI, ACTA, Digital Economy Bill : From Human Rights to Economic Rights: There is increasing debate and dis… http://bit.ly/as7LFz…