As I and many others noted at the time, the Digital Economy Act was one of the most disgraceful abuses of the parliamentary process in recent years. It was a badly-drafted bill, with lots of glaring problems, but it was pushed through a near-deserted House of Commons in the dying hours of the previous government. Despite its incorrect premises, shoddy framing and outright final stupidities, it is still hauling its unlovely carcass through the implementation process after several legal challenges failed to put it out of its misery.
The latest manifestation of this is Ofcom's consultation on the "initial obligations code". These are actually the core issues, and define things like how alleged copyright infringement is notified, how warnings are sent etc. Strangely for such an important stage, Ofcom is only allowing a month for consultation responses – cynics might almost suspect that it doesn't want too much pesky scrutiny. But since Ofcom sets the rules, there's not much we can do about that, which means that the deadline for comments is soon – 26 July to be precise.
To be fair, Ofcom's main document (pdf) is commendably thorough and even handed. It's also over a hundred pages long and hard going. Fortunately, commenting on the proposals is relatively easy: as usual, there is an online response form that you can use, as well as more traditional methods.
Here's a handy summary of the proposals:
The code will initially cover ISPs with more than 400,000 broadband-enabled fixed lines – currently BT, Everything Everywhere, O2, Sky, TalkTalk Group and Virgin Media. Together these providers account for more than 93% of the retail broadband market in the UK.
The draft code requires ISPs to send letters to customers, at least a month apart, informing them when their account is connected to reports of suspected online copyright infringement.
If a customer receives three letters or more within a 12-month period, anonymous information may be provided on request to copyright owners showing them which infringement reports are linked to that customer's account. The copyright owner may then seek a court order requiring the ISP to reveal the identity of the customer, with a view to taking legal action for infringement under the Copyright Designs and Patent Act 1988.
Copyright owners can already seek such court orders under existing law, but the Code is designed to enable them to focus legal action on the most persistent alleged infringers.
As that points out, the Digital Economy Act has been made largely redundant by various cases that have passed through the courts in recent years. This makes the huge cost and effort required for implementing it even more of a waste. Worse, the Act is based on a fundamentally flawed idea, that of "significantly reducing online copyright infringement".
This is simply perverse. What matters is whether the creative industries are flourishing – and they are - not whether people are sharing files. Indeed, there is a strong argument that the reason the industries are flourishing is precisely as a result of people sharing files; that's because those who share files tend to spend more. Moreover, such sharing obviously acts as free marketing that encourages other to buy. So, arguably, the Digital Economy Act is doing precisely the wrong thing when it sets as its key metric the reduction of online copyright infringement.
After that misguided premise, it's no surprise that everything that flows from it is completely wrong-headed. It's also fundamentally unjust, since it assumes guilt until innocence is proven – a disgusting inversion of the British legal system brought about purely because of the refusal of the copyright industries to move with the times and work with the Internet, rather than against it.
All we have by way of safeguards is the following:
To ensure allegations of copyright infringement are evidentially robust and accurate, we proposed in the May 2010 Consultation that a copyright owner (or an agent acting on their behalf) should, before submitting their first CIR (and from then on an annual basis), provide Ofcom with a quality assurance report, which details the processes and systems used by the copyright owner (or any party acting on its behalf) to gather evidence, including steps to ensure the integrity and accuracy of evidence, audits of its systems and addressing quality assurance issues. We also proposed that as part of a quality assurance report a copyright owner (or their agent) should include a statement of compliance with relevant data protection laws.
Well, if there's a quality assurance report, that's OK, then...
It's true that Ofcom writes the following:
The DEA provisions are clear that the burden of evidence falls on the copyright owner and ISP respectively to prove that an online copyright infringement has taken place and that it is associated with the subscriber's IP address.
The DEA provisions are also clear that the appeals body must find in favour of the subscriber where it determines that the act constituting the apparent infringement was not done by the subscriber and the subscriber took reasonable steps to prevent other persons infringing copyright by means of his/her internet access service.
But both of those presuppose that ordinary people are going to have the time, money and energy to fight accusations by taking them to the appeals body. While copyright companies are stuffed to the gunwales with lawyers whose entire job is make life hell for opponents in the courts, the end users will find themselves at huge disadvantage under the proposed system.
Here's an example of why that's the case.
A number of respondents asked for specific detail on the definition of ‘reasonable steps' taken to prevent others infringing copyright using a subscriber's connection. In relation to the appeals process, the draft Code sets out a framework in paragraph 27 for the handling of subscriber appeals by the appeals body but it is for the appeals body to determine its rules of procedure within this framework. Those rules will be subject to approval by Ofcom.
So how is that going to work in practice? Supposing guests use your connection to download stuff: is it enough to have asked them not to? What about if children do it? What's "reasonable" in this context? As the above paragraph makes clear, even Ofcom doesn't know.
And then, of course, there's the whole issue of open wifi networks:
Several respondents commented in particular on the need for guidance on the status of open Wi-Fi networks run by subscribers. We have set out in Annex 5 to this Interim Statement our understanding of the relevant definitions in the DEA provisions. However, ultimately, the application of the DEA provisions to open Wi-Fi networks is likely to be an issue that the appeals body will be required to determine.
Again, Ofcom doesn't know. And this is going to be really hard area to come up with anything reasonable. For example, if you use open wifi like a good neighbour, does that mean you are automatically held responsible for everything people do with your connection? What about if you use WEP encryption – which, as everyone knows, is almost trivial to break? So does that mean you must use WPA in order to avoid being found guilty? Is that a reasonable thing to demand? And what happens when WPA can be broken just as easily?
All that indicates the fundamental unworkability of the Digital Economy Act, not least because it is based on the unjustified assumption that an IP address is enough to identify someone – something that is by no means clear, not just technically, but legally. That suggests that further challenges to the Act will occur.
Another aspect that simply hasn't been thought through concerns libraries. Here's what a recent press release from the Chartered Institute of Library and Information Professionals says on the subject:
"Under the Act libraries would be treated the same as an individual at home going online," said Phil Bradley, President of the Chartered Institute of Library & Information Professionals, "A library acting as an intermediary, providing internet access to hundreds if not thousands of people is fundamentally different from you or I going online at home. This isn't about excluding libraries from the Act, it isn't about breaking copyright law or endorsing piracy – it's about recognising libraries' unique role by creating an exception within the Act – which Ofcom are perfectly able to do. Ofcom are already creating an exception for commercial suppliers of WiFi for example."
Measures will include a legal appeals process, being placed on a copyright infringement list, and if the Act is implemented in full potentially in the future the slowing of internet speed or the suspension of internet access altogether.
The basic problem is that if a few people are alleged to have downloaded copyright materials without authorisation using a library's network, it is the library that will be punished – along with all the other users.
By all means, go ahead and reply to the consultation, as I intend to do. However, the real solution to this appalling piece of political favouritism is to repeal it immediately, rather than wasting any more time trying to implement its vindictive provisions that are not only trying to "solve" a non-problem, but will also cause all kinds of collateral harm to important institutions like libraries and educational establishments.