News

The Effectiveness of Notice and Notice

The CBC runs a story today on the growing use of "notice and notice" by copyright holders.  Telus apparently sends out about a thousand notices each week, while the Business Software Alliance says it sent out 60,000 notifications to Canadians last year. These numbers are consistent with my own experience as I now regularly receive emails from Canadians asking about the implications of such notifications. 

The notice and notice system involves a notification from a copyright holder – often involving movies, software or music – claiming that a subscriber has made available or downloaded content without authorization on file sharing systems.  The Internet Service Provider forwards the notification to the subscriber but takes no other action – it does not pass along the subscriber's personal information, remove the content from its system, or cancel the subscriber's service.  It falls to the subscriber to act and as the CBC story notes, many remove the infringing content (if indeed it is infringing) voluntarily. 

Some people object to U.S.-based notifications that carry no legal weight in Canada being sent to Canadians with the cooperation of Canadian ISPs.  I am supportive of the system since I think it balances various interests in fair manner.  First, it stands in marked contrast to the U.S. notice and takedown approach, which creates incentives for ISPs to remove content without warning or evidence of actual infringement.  The recent avalanche of Viacom notices – which targeted dozens of non-infringing videos – provides a good case study for why the notice and takedown system can have a chilling effect on online speech.  Second, the approach protects user privacy, consistent with national privacy law and the CRIA file sharing case from 2004.  Third, it reflects a consistency between industry practice and proposed legislation.  While Bill C-60 was criticized for some its provisions, many applauded the decision to codify a notice-and-notice system into law (I assessed the ISP provisions here).  The IIPA may be demanding that Canada follow the U.S. approach, but the effectiveness of the Canadian notice and notice system demonstrates that a balancing privacy, free speech, and copyright can lead to solutions that serve everyone's best interests.

20 Comments

  1. I have no problem with ISP’s warning or even suspending their users that are using file sharing software to distribute copyrighted content without appropriate permission, as long as they do not harass users that are only using such software in ways that are, in fact, entirely legitimate.
    Bittorrent, for example, now more commonly associated with piracy than with a distributed computing technology designed to reduce bandwidth constraints for content providers, still has numerous legal uses. In fact, it was because of how effective bittorrent was that illegal users began to migrate towards using it in the first place, and now, unfortunately, outnumber the legal users. But the legal use still remains.

  2. Darryl Moore says:

    Nix to notice-and-takedown
    I have no problem with ISP’s forwarding these warnings either. I do have issue with the idea of them suspending users accounts with anything less than a court order though. That would amount to notice-and-takedown which has already been shown not to work as intended. Contrast that with this notice-and-notice system which does appear to be working and there is not rational argument for having such a system.

  3. Well, an ISP’s terms of service does mention that you can’t use their services to violate the law, so if you really were breaking the law, then the ISP would be authorized to suspend the account. I suspect that in many cases with regards to copyright infringement, this level of punishment would probably be enough to dissuade people from continuing to do it, all without going to court or paying fines or whatever.

    But of course, if such a system were implemented, there better darn well not be any false positives. If that’s not possible to guarantee, then it’s not worth even considering, IMO.

  4. But there’s a difference between violating the law and being accused of violating the law. A simple accusation should not be enough to warrant an account suspension, otherwise we would see false positives along the lines of the Viacom notice and takedown that just happened. Thats one reason why I think it should take more then that to result in a takedown and/or account suspension.

    I think Viacom abused the system by issuing a huge blanket of notices with little regard for accuracy, because there is no penalty, and there probably ought to be.

  5. Do the BSA notices conform to the CAN SPAM act or are they illegal according to US law?

    Just because “Paris Hilton” is in the file title doesn’t mean the content is copyrighted.

  6. I never said it should be *EASY* for an ISP to prove that a user is committing copyright infringement, although they are probably the only ones that have even the slightest chance of being able to make that call. I realize that it probably wouldn’t do much good to resort to spying on all their users’ internet habits because people with something to hide would just use encryption, and of course using encryption should not by itself be construed as an admission of some sort of guilt. But it still might be possible to do. I just don’t know how. As it is, sending email notices to users seems reasonable… it has a better chance of making infringers stop than doing nothing at all, doesn’t it?

  7. As a USian who has never uploaded any copyrighted material without the permission of the copyright holder and has never knowingly downloaded any unauthorized material I think Canadians not bothered by notice and takedown are unaware of the mess it has caused in the USA. I\’ve had my internet access and phone service suspended without any notification due to an illegitimate DMCA takedown notice from EMI. It wasn\’t until a week after these services were suspended and after several support service escalations that someone figured out that they had cut off my business\’ access to the world because of this notice that was never forwarded to me. I recieved no compensation for my troubles and didn\’t even get an apology from my ISP/Phone company after I explained how the DMCA notice referred to IP address that, while assigned to me, had not yet been placed into service and wasn\’t even routable.

    The DMCA and other laws the Bush, Clinton & co have been trying to force on other countries have no penalty for the copyright holder that hires the takedown goons when they take down a small competing business for a week.

    Of course, if I got 300% of their daily revenue each day my smaller business was out of business due to their actions, I might not mind so much. 🙂

  8. Yes, thats one of the (many) problems with the US system. There’s no balance to it, nothing to make them think, “Are we absolutely sure thats infringing, or does it just look like it might be?”. As it stands in the USA, the answer to that would be “Who cares? If we’re wrong, nothing happens to us anyway.” And it shouldn’t work like that.

    I like the notice and notice system myself, especially as compared to the US system, and I’m sure Daniel would undoubtedly agree with me on that ;). I am a (voting) Canadian, and I have a problem with the US system.

    An ISP shouldn’t be the one trying to prove anything against a user, they are simply data carriers. It should take a court-ordered subpoena to get the ISP involved in proving anything against a user, not just a court clerk signing/stamping a form.

  9. Mister
    Perhaps there should be a form of bondage – if the claimaint is adamant that the material is violating copyright, they should have to post a bond to have an account shut down, which is forfeit if their claim is not proven. $200 is sufficiently non-trivial to make a point.

    The next step is \”what constitutes proof\”? The proof should not come from the claimant, but from the ISP. The claimant must show how the offending material is downloaded, the ISP follows the instructions and stores the evidence. The ISP may keep half the bond for their trouble. If no evidenc is found, the alleged offender keeps the other half. If it is found, the claimant gets half their bond back (ISP keeps half), and the claimant can take the offender to small claims court for the full amount – or regular court for a copyright claim.

  10. Rediculous
    I personally find it offensive. I haven’t received one of these letters; but I certainly don’t appreciate the stink of American law and politics polluting my country. They pay our ministers and hire lobbyists to force their backwards “modern” law down our throats.

    Blacklist? I say, who gives a damn. I don’t care about your big-scary-list.

    Their laws aren’t “modern” at all. They seek to limit or outright destroy the potential of modern technology to serve their present purposes. They seek to make criminals of their customers. It’s draconian and wrong.

    Professors, economists, journalists, and lawyers around the country and the world have all commented on file-sharing. I believe the majority of them have said time and again that file-sharing has had little — if any — impact on industries who’s profits rely on the sale of so-called, “intellectual property.” In fact, as the CBC article had shown in an interview with a suspected “file-sharer,” people who do download copyrighted material still purchase product from these very companies that would call them thieves.

    Cory Doctorow said it best in his Forbes article. He gives away his books online for free and his business has only increased. He believes that if someone downloads a copy of his book; he hasn’t “lost” any money at all — but if that person who downloaded his book goes out and buys a hard-copy, then he’s made money. The digital copies out there had cost nothing to produce or distribute and have made customers from people who might’ve otherwise never heard of him or his work.

    The same can be said to be true for music or software. I mostly use free software, but when there’s a commercial program I find useful or want to try; I look for a shareware copy. I’ve even downloaded full-versions when no shareware is available — but in the end, I buy a legal copy anyway.

    Music is much the same way. A friend might play a song for me or I’ll hear something about a band online. I’ll download a few of their songs or preview them on their site. If I like their stuff, I’ll buy a copy. If I didn’t or wasn’t didn’t feel compelled to for whatever reason; they certainly didn’t “lose” any money at all — I wouldn’t have been a customer in the store anyway and at least that band got a chance to be heard.

    Finally — I’m sick of ISP’s these days being forced into all of this. I’m very curious as to whether I should start an ISP based on principles of privacy. A company that acts purely as a service provider. Like other utilities. You certainly don’t hear about telephone companies hand out info on customers who play their favorite songs on their voicemail greeting message. Nor do you hear about electric companies shutting off the power when they find electricity is being used to power a CD player playing a CD a friend burned for you.

    Just because the information is there at the ISP doesn’t make it right to hand it out to every damn lawyer who comes knocking. People need to get smart and realize that draconian regulation of the Internet is not going to help the users. It may serve your lobbyist organization well, but it impedes on the greater good. Before I get the police argument — it must’ve been hell dealing with criminals who’d use payphones.

    I’m just waiting for the day when the thought-police come around. When unregulated innovation becomes illegal. When breaking an EULA becomes binding and sends you to jail for 6 years. When ubiquitous computing hits and “smart objects” can start working against you. When the thought-police can hear you curse under your breath in public and charge the offense to your legal-protection credit card.

    Unnecessary tirade, I know.

    But I sincerely hope that the US legal system will eventually litigate itself out of existence so we can all enjoy a fresh reboot and set things off on the right foot.

  11. What Proof?
    The ISPs themselves can’t provide “proof” of the offense either. Users can get hacked, run open wireless networks, open proxies or the like without even realizing it. True offenders can use these network holes to download copyrighted material all they want, and the ISP can only point the finger at their customer who has paid for the internet service. Even worse; these “hackers” can do other actions such as engage in child pornography or perform credit-card fraud using such systems. I for one don’t want to get in trouble because my ISP decided to hand out my name and phone number for somebody else’s crime.

    Sure, you can argue that “if it happened through their IP address, they’re responsible,” but are they really? It is the digital equivalent of me being the guilty party if somebody gets murdered in my backyard just because I paid for the property.

    “Proof” when it comes to computers is a relative term. The ISPs cannot deliver this proof; all they can do is provide a name to those in search of a suspect.

  12. ISP’s are in a better position to offer proof than any other entity… although the most they can do is prove that an infringement was coming from a particular computer at a particular time, they cannot of course, prove who was using the computer at the time. Any other entity can only prove that things _appear_ to be coming from a particular IP (because IP addresses can be faked… but since the ISP and the user are directly connected together, an ISP can tell exactly which user particular stuff is coming from even IF the IP’s are faked). And of course, even upon the availability of such “proof” by the ISP, each case should be assessed individually long before any legal actions are taken, and any conditions that could actually render a user innocent for any particular accusation should be presented by the user and considered equally to the ISP’s alleged evidence to the contrary. Recall, after all, that in any “innocent until proven guilty” system, failing to defend oneself against an accusation when one is given fair opportunity to do so is still presumed to be an implicit admission of guilt. And even then, I would expect that it should still require an actual court order (which would require either proof of infringement that cannot be plausibly controverted by the user’s defense, or else an aforementioned admission of guilt by the user) for the ISP to surrender the identity of any infringing user to another party (whereupon actual charges could be filed).

  13. Darryl Moore says:

    No
    Mark, regarding your argument above. Let’s see. Wrong, wrong, and oh yeah, uh… wrong.

    1) ISPs are in no position to prove copyright infringement because to do so they would have to prove who actually owns the copyright AND prove that the downloader does not in fact have permission to copy the data. The most an ISP can do is identify who had what dynamic IP address at any given time.

    2) IP addresses CANNOT be faked, at least not on a P2P network, because the other peers need to know your real IP address or they can’t send the data to you.

    3) There is no implied admission of guilt. If you are “innocent until proven guilty”, then you are just that. The crown needs to prove you are guilty. They cannot simply make an accusation and then interpret your silence as a confession. It does not work that way.

  14. Also, regarding the statement that ISPs can identify who had what particular address at a given time, who is to say that the ISP\’s own logs are accurate? For all we know unless the ISPs log on a server which is in no way accessible from an external network, or even from its own employees (I have doubts on whether this can be realistically achieved) who is to say a hacker could not change the logs? Granted the chances of this happening is probably very slim, but you never know.

  15. Clarification
    ISPs are in a position to offer *further evidence*, not proof.

    Also, I think my point was escaping everybody; in that an IP address (even if it could be accurately given) does not indicate a guilty person. It’s by no means equivalent to a bloody fingerprint on a knife.

    I agree with Joe as well, in that my ISP rarely gets my bill correct, so do I trust them to accurately indicate who is infringing the terms and conditions of their service? No. Although I believe them to have the capability of knowing that, I don’t trust them to get it right.

    Each tiny bit of evidence needed to build a case in such a situation has an unusually low probability of being accurate, such that by the time the offense is traced to a human, there is probably only a 30% chance it is the right person. I’m no lawyer, so maybe this kind of thing is usual, but it seems like that would constitute “reasonable doubt”.

    Also, how is my ISP supposed to know that the supposed “copyright holder” is correct? Just because one if their users downloads a file called “Pulp Fiction.avi” doesn’t mean they’re stealing the movie; they could be downloading a video-blog movie review. Should the ISP be giving out information without proof that the material actually was owned by the enraged copyright holder?

    I think basically everybody is in agreement: the notice and notice practice is fair in that it a) balances rights, and b) is not overly harsh in a system where allegations are prevalent and have been known to be incorrect –with no penalty for the accusers.

    I was trying to say that, on top of that, the “proof” is scarce if not nonexistent.

  16. In addition to all the previous points raised, there is also the problem of the so-called copyrightholder’s “evidence”, now unless my memory is playing a trick on me, I don’t recall the ISPs keeping complete logs of what particular files or URLs people access, as that would be too much information to log, even if it were legal (though they have the ability to monitor flagged people I believe). Given that this is the case, how accurate could the copyrightholder’s claim that a certain IP accessed a certain file at a certain date be? Especially since in all of the cases I can recall, the files “accessed” are not stored on any server under the control of these copyright holders, so at best their claims of certain IPs accessing certain files would be from screenshots/observations and the like as they do not have any server logs and we all know how “temper-proof” that can be. Taking into consideration that they have a record targetting wrong people their lawsuits (I seem to recall one case where they targetted a family who didn’t even own a computer, though this may be the ISP’s fault, the fact that they weren’t even able to confirm such a simple fact with the family in question before the lawsuit puts their entire “evidence” collection tactics in question), I question the accuracy of any so called “evidence” they produce which claim a certain IP accessed a certain file at sometime. Now I am all for the notice-and-notice practice, as it is much better than what is available in the states, but should not the copyrightholders who wish to send out a notice be required to provide a much more… definitive evidence before they’re allowed to do so?

  17. I’m not sure what the big deal is here, if you get a notice & have DSL, just switch your modem off for a few minutes & once turned back on you’ll have a new IP address. It would be wise to also change the port your running your favorite BT client on. Rogers users can also force a new IP but you need to change your MAC address to get one.

    Add a decent firewall with outbound protection, block ICMP along with changing your IP address & ports regularly keeps those nasty industry groups at bay.

  18. I dont know how nobody complained about the ISPs allowing the tons of viruses and spoofing,spamming, phishing emails that we receive everyday through their network and nobody took them(ISPs) to court for being an accessory to identity theft over the internet.

  19. lets keep this issue simple…
    I would be appalled at any ISP that would cancel my account if the RCMP contacted them without a court order.
    Why should we allow american companies this priviledge?

  20. Are the notices even reaching people?
    After surveying people I know who have received notifications, it appears that rogers is sending notices to your primary @rogers.com email address, not the email address associated with your rogers billing.

    I would suspect there is a high percentage of notices that are never received given the number of people who have “dead” @rogers.com address after switching to gmail.com, live.com and the like.