Graduated Response: More ‘Humane’ or Missing Court Protections?

The revised French HADOPI law that instituted a graduated-response system, with judicial protections for alleged infringers, shields user identities from record labels, provides “educational opportunities” and largely formalizes ISP terms of service, Perlmutter said. Graduated response creates a “level of inconvenience” but is hardly “exile from the Internet,” she said: Kicked-off users can choose a new ISP or get online at a public Wi-Fi hotspot. The U.S. Digital Millenium Copyright Act creates a “backdrop” that makes it hard to adopt such a system, but in other countries, ISPs have asked the government for a “level playing field” so cooperating with rights holders won’t lead to an exodus of subscribers, she said.

U.K. Member of Parliament John Robertson, co-chairman of the All Party Communications Group, said he expected the Digital Economy bill to be “a lot more weakened than I would want” when it emerges from the House of Commons after concessions to satisfy other parties. Yet it will not only satisfy industry but give the government its “pound of flesh” in tax revenue on new sales. “We're not trying to criminalize anybody,” he said, but simply learn lessons from Sweden, where new infringement penalties led to a dramatic, if short-lived, falloff in P2P activity. He said the U.K. bill is “not quite as bad as the French model,” which added the option of criminal penalties for unrepentant infringers in the revised bill.

Due process and harms on those connected to the accused are tech groups’ biggest concerns with a cutoff mechanism. Where automated infringement notices from ISPs to customers have been used, there hasn’t been “really any process” to protect the accused or consider fair use, said John Morris, general counsel for the Center for Democracy and Technology. Internet access is “indispensable” and the entire family could suffer for “the alleged sins of the 15-year-old file-sharer.”

Perlmutter said lawmakers in countries considering cutoff systems invariably discuss a “pre-approval process” that sets standards for evidence of infringement that a court could accept and challenge procedures for the acused. The federation uses a “very robust identification procedure,” she said. “The idea, of course, is that it would never get to that [cutoff] stage” because swappers would reform their ways if threatened, Robertson said, pointing to a large-scale educational effort already under way in U.K. schools. Tom Sydnor of the Progress & Freedom Foundation, whose research largely focuses on risks from file-sharing software, said from the audience he once found file-sharing software on a home computer, and would much rather get cut off temporarily than sued. He challenged tech advocates to find a study where parents expressed a preference for being sued over a cutoff.

Lawyers disagreed whether a “notice-and-notice” system, absent a threatened cutoff, would work as well as notice-and-cutoff. The Canadian recording and ISP industries have a “gentleman’s agreement” to use the former and it’s effective, despite U.S. industry “beating up” on perceived Canadian indifference to enforcement, said Matt Schruers, senior counsel for litigation and legislative affairs at the Computer and Communications Industry Association. That’s bunk, said Perlmutter: “As soon as it becomes clear that [a notice] has no further consequences -- and that [news] will be all over the Internet” -- those swapping will continue undeterred.

Morris said he prefers litigation to an administrative cutoff system. “It actually goes to the precise problem” of infringement, and has a “full panoply” of court oversight. RIAA suits “did a fair bit to raise consciousness” and build respect for copyright, he said. Cutoff mechanisms may rely on imperfect notification procedures as well, such as e-mailing an account holder at their seldom-checked ISP e-mail address, Morris said. Tim Lordan, executive director of the Internet Education Foundation sponsoring the conference and panel moderator, said he hadn’t checked his Verizon e-mail for 11 of the past 12 years. “The government eventually has to make decisions” that shouldn’t please everyone, Robertson said. The policy decision is to do what’s “most humane” and go after the pot dealer, not the smoker, in a manner of speaking, he said.

Perceived disproportionality in the penalties under graduated response troubles tech advocates. The HADOPI law allows for a suspension of service for one to 12 months, and Robertson confirmed U.K. regulator Ofcom would decide on suspension terms under the Digital Economy bill -- prompting Schruers to ask if anyone wanted the FCC to set suspension rules. At least two federal appeals courts in the U.S. have struck down cutoff penalties on convicted child pornographers, citing the importance of the Internet to modern life, Morris said. His own daughter has to submit her homework online, so even a 30-day cutoff would materially harm the family, as it could a household in an area with limited broadband competition, he added. Robertson said most people have multiple options to connect, such as in the office or phone. “I'm quite comfortable with what we're doing."

Similarly, high statutory damages available under U.S. copyright law -- where actual damages don’t have to be proven -- is the real problem in pursuing infringement through litigation, Schruers said. Statutory damages, which top out at $150,000 per infringed work, seem “indexed to inflation in Zimbabwe,” he said to laughter. Perlmutter said advocates were flipping positions from when the RIAA first initiated “punitive” end-user lawsuits. She criticized “hysterical overestimates” of how much graduated response would cost in the U.K., which range from 500 million pounds -- cited by Morris -- to “cents” per subscriber. “We don’t want to go down that road” of lawsuits, Robertson said.

The evolution of ISPs as copyright owners pursue new methods worried some in the audience. A George Washington University law student said the pending Comcast-NBC Universal merger would seem to make the merged company “judge, jury, executioner and police” in enforcing programmers’ copyrights. “It raises our anxiety,” Morris said, though Perlmutter said the concern has been around since the AOL-Time Warner merger during her time there. Verizon Internet and tech policy executive Michael McKeehan said IP-enabled services such as VoIP and telemedicine could be the “fly in the ointment” for graduated response, cutting off users from vital services delivered over the Internet. “Who wins the civil lawsuit in front of the jury” if a spurned subscriber can’t call an emergency number, he asked. There are protections for emergency services in both the France and U.K. measures, Perlmutter said. But how would, say, Verizon know if a subscriber had phone service through Vonage? Morris said. -- Greg Piper

State of the Net Notebook …

The new White House cybersecurity czar, barely a week into his position, sought to address widespread concerns that he didn’t have enough authority to effectively coordinate the federal government’s efforts or have “the ear of the president.” Howard Schmidt, until recently president of the Information Security Forum, told the conference that he does indeed have that authority and President Barack Obama’s direct attention, as well as “tremendous relationships” with businesses, referring to joint efforts as “private-public.” His “dual-hatted role,” consulting with the National Security Council and Economic Security Council, ensures that Schmidt will bring “balance” to his duties, he said. It’s important to remember “we will never have 100 percent security” and can’t stop threats “by edict,” Schmidt said, promising that taking down botnets attacking the government will be a top priority. Officials should also consider that security for a long time didn’t work well with business goals. “We've got to live with the systems” that weren’t designed for security as businesses integrate those concerns into day-to-day planning, he said. Policymakers should focus on “moving the battlefield” away from end users such as employees, who should not be “the policemen of the desktops.” Small businesses and entrepreneurs also should get a helping hand from the government, Schmidt said: “We should not be in a position where they fail” for lack of cybersecurity. As more devices become IP-enabled -- even pacemakers -- business and government will have to work harder on protecting supply chains and having the ability to “recover quickly” when an attack gets through, he said. Schmidt said he wanted to correct a misperception that White House cybersecurity efforts had been stalled until he took the position. Federal agency chiefs are eager to show their progress, and such reports will be rolling out in the next few months, he said. The goal is an “organized, unified response” to attempted intrusions. Schmidt said he'll be reviewing R&D expenditures with an eye to go beyond existing rollouts such as the government’s IPv6 adoption. He declined a questioner’s offer to define “cyberwar,” given the attacks on Google traced to China recently. The concept may not even exist, and it will take more efforts by international legal scholars to come to a conclusion, Schmidt said. He couldn’t answer several questions due to his newness in the office, including his assessment of multiple competing cybersecurity bills in Congress, he said. But lawmakers he’s met with are “extremely excited” to help Schmidt, he said. He will soon be briefed on White House identity-management reviews, and said that user IDs and passwords are “long overdue to be retired.” Schmidt said he'll be involved at some level with the Office of Science and Technology Policy in commenting on the FCC’s open Internet rulemaking, for its potential effect on cybersecurity and encryption. The goverment should consult businesses for how they use the cloud and see if it can help develop common standards for cloud use, a focus of Federal CIO Vivek Kundra, Schmidt said. Asked about “scant” information about cybersecurity incidents and efforts from the Office of the Director of National Intelligence, Schmidt said “it’s really difficult to give attribution” for what the government knows. But it wants to get information to the public outside of “normal intelligence channels.” -- GP

___

Google Director of U.S. Public Policy Alan Davidson stayed mum about what Google might do in China, following its accusations of sophisticated cyberattacks against its system traced to China, targeting e-mail accounts of human-rights activists. “I'm actually here to hear from Alan” what happened in China, joked Philip Verveer, deputy assistant secretary of state and U.S. coordinator for international communications and information policy. Davidson instead made a pitch for more companies to join the Global Network Initiative, led by Google, Yahoo, Microsoft and several human rights and investor groups. “We need government’s help” to encourage companies to join, and to press Internet freedom issues in trade and aid talks. The “take-home lessons” from the Google attacks are that companies should be transparent when they're attacked, Davidson said. Verveer, building off Secretary of State Hillary Clinton’s Internet freedom speech last week, said the department’s overriding approach to Internet freedom was that “more connectivity is better.” That includes a hands-off approach to Internet governance, cybersecurity that views an attack on one country as an attack on the Internet itself, and an “almost inevitable requirement to modernize legal regimes” to account for cloud computing and other new technologies, “sooner rather than later,” he said. He cautioned, though, against activists expecting “dramatic, clear-cut results” from low-level State diplomacy with the Chinese government over cybersecurity and Internet freedom, though State will continue funding circumvention technology projects. The U.S. can reduce tensions over Internet policies by emphasizing “we're never perfect” and want to engage other countries in dialogue on shared concerns, as Microsoft did in a forum with Chinese officials last year on child protection online, said Rebecca MacKinnon, a fellow with the Open Society Institute who is writing a book on China’s “cybertarianism.” Davidson told Stephen Balkam, executive director of the Family Online Safety Institute, not to take too seriously Google executive Vint Cerf’s suggestion years ago that the Internet have a “law of the sea"-style treaty. There’s been “really interesting thinking” on the subject, but until countries can decide on “shared values,” that arrangement is best suited to narrow topics such as cybercrime, Davidson said. He also took pains to emphasize that Google hadn’t blamed China for state involvement in the attacks, a claim that Verveer seconded. As a global company with more than half its revenue coming from outside the U.S., Google doesn’t see the world from a “U.S.-centric lens” and it’s not trying to “politicize” the attacks, Davidson told Milton Mueller, chairman of the scientific committee at the Internet Governance Project. MacKinnon had a suggestion for how Google could fight the perception that it’s an “extension” of the U.S.: It could vocally oppose the Anti-Counterfeiting Trade Agreement, thought to include strong secondary-liability provisions. -- GP

___

Online safety and privacy solutions provider TRUSTe launched a pilot behavioral advertising notice and choice program, it said. The program was presented at the State of the Net conference. The pilot will test icon placement, alternative notice and choice messaging and consumer engagement levels. TRUSTe’s program, based on FTC and industry coalition self-regulatory guidelines for behavioral or interest-based advertising, offers website publishers a “plug and play” widget that provides consumers with an easily accessible and transparent notice of advertising practices, including retargeting, outside the privacy policy and the ability to exercise opt-out choices quickly and easily for the advertising networks and other third parties that deliver advertisements on those sites, TRUSTe said. AT&T and Comcast supported the program, the companies said. TRUSTe created the program in collaboration with its Behavioral Advertising Advisory Committee, whose members include Microsoft, Monster, Comcast, AT&T and the Future of Privacy Forum and in collaboration with PrivacyChoice.

--

The wireless industry needs a national set of consumer protections that would preempt state laws, House Communications Subcommittee Chairman Rick Boucher, D-Va., told the State of the Net conference Wednesday in an overview of the subcommittee’s 2010 legislative agenda. “It is really the poster child for an area where national standards are necessary,” because wireless service is mobile and wireless customers take their service across state lines regularly, Boucher said. “For millions of users, it’s confusing to establish which state has the most relevant consumer protections,” he said. Internet privacy safeguards and spectrum inventory are also key goals for the subcommittee, he said. (See separate report in this issue.) And he hopes to have a markup on his and Rep. Lee Terry, R-Neb.’s, USF reform bill by early March at the latest, he said. “It’s going to be a reasonably short legislative year,” with fewer days in session than in 2009, “but I think this agenda can be accomplished,” he said.