Columns Archive

Web privacy vs. identifying infringers

Music industry, others want access to identities

In the aftermath of the tragic events of 9/11, the consensus within the privacy community was that a shift in the security vs. privacy balance was inevitable.


Privacy took centre stage in the late 1990s and early 2000, with governments worldwide enacting new regulations designed to enhance personal privacy. With security emerging as the top priority, it was readily apparent that privacy interests would be sacrificed in the pursuit of greater security.


As expected, governments have both proposed and enacted a plethora of new legislation designed to enhance security but at the price of lessening personal privacy.


The Canadian federal government has introduced a wide range of new, potentially invasive security proposals including the traveler database, a national identification card, and network surveillance requirements that would force Internet service providers to capture and retain enormous volumes of data traffic.


While the attention of the privacy community was focused on the privacy vs. security balance, a new challenge has quietly emerged. Although seemingly unrelated, a privacy vs. intellectual property law balance is beginning to unfold as the goal of protecting copyright and trademark interests takes priority over personal privacy.


This trade-off is best illustrated by the world of copyright and the difficulty in bringing lawsuits against illegal music file sharing while simultaneously maintaining adequate protection of personal privacy. In the United States, the Recording Industry Association of America has filed hundreds of subpoenas for information on the identity of particularly active file sharers.


The RIAA has employed a statutory provision that sides squarely with copyright interests over those of personal privacy. The U.S. Digital Millennium Copyright Act (DMCA) provides copyright holders with the right to file a subpoena with a local court and be granted an order to disclose the identity of an alleged copyright infringer.


The copyright holder need only serve the subpoena on an Internet service provider who is then compelled by law to disclose the identity of the previously anonymous Internet user.


This approach stands in stark contrast to the legal hurdles that exist for identifying other anonymous Internet users. For example, where a company has been the target of defamatory Internet postings and seeks to uncover the identity of an anonymous poster, it must first obtain a court order.


Such orders are reviewed on a case-by-case basis by a judge, creating both a higher evidentiary burden and greater costs.


The DMCA subpoena provisions have been unsuccessfully challenged by several entities, including telecommunications providers such as Verizon and Pacific Bell, a number of universities, and the ACLU. Thus far, the U.S. courts have maintained that the law is constitutional.


Canada has yet to establish a similar approach. Copyright holders seeking to identify file sharers are still subject to the more onerous requirements of filing a motion before a court with a full vetting by a judge. With reform to Canada's copyright law expected in the coming months, however, changes to this procedure and the copyright vs. privacy balance may be on the way.


A similar tension exists between privacy and intellectual property interests in the trademark arena.


Domain name registration information, which includes details such as the name of the registrant, their address, phone number, and e-mail address, is contained in a massive database commonly referred to as the WHOIS database (so named because interested parties can discover "who is" the registrant of a particular domain name).


The accuracy and disclosure requirements associated with the WHOIS database are fast emerging as a hot policy issue as intellectual property interests demand that steps be taken to ensure that the registration information be accurately maintained. It argues that more reliable information is essential in order to effectively launch complaints over potential trademark-infringing domain names.


The privacy concerns associated with the WHOIS database stem from misuse of the personal information contained therein. The database has become a popular source of e-mail addresses for spammers who can harvest millions of active addresses from a single source. Privacy regulators have become more vocal on the issue, with European authorities expressing concern over potential privacy law violations.


Despite those concerns, a recent U.S. Congressional hearing made it clear that trademark interests are likely to get their way on the WHOIS issue. Members of Congress expressed their desire for greater accuracy, calling on the Internet Corporation for Assigned Names and Numbers (ICANN), the agency responsible for the domain name system, to clean up the database — without expressing a corresponding concern for the privacy implications of the changes.


As privacy advocates began to react to the gradual deterioration of privacy protections in the name of security, they realized that it was necessary to promote a policy agenda that sought to protect both privacy and security. With a similar trend emerging in the intellectual property field, the privacy community must consider how it can promote a balanced approach that ensures respect for both intellectual property rights and personal privacy.

Comments are closed.