An open letter from Boards.ie to Minister Sean Sherlock

volku wrote: »

It's against the Truth and the Freedom,
your e-mails may be read
your laptop at the airport can be searched for any "illegal" files
the medicines and car parts must be only original, with no substitutes
it's a bad law and against Irish Constitution
Sean Sherlock should be arrested, and jailed

Solution I: Detection

34. The IP address of those engaging in the peer-to-peer uploading/downloading of copyright material can be discovered easily and accurately. DtecNet software is a process which was described in evidence by Thomas Sehested. In essence, by checking with Résaux IP Européens (“RIPE”), an organisation based in Paris, a list of IP addresses provided to internet service providers in Europe is obtained. Digital files of copyright material are then obtained from the owners. There may be several thousand of these obtained directly from the record companies. As the download is proceeding through the system it carries the IP address of those who are downloading material. DtecNet does what any user of a peer-to-peer network does in order to obtain a download. No extra information is obtained. The fact of the download together with IP address, the digital information identifying the copyright material and the time or the crucial data is obtained. DtecNet searches peer-to-peer networks for files being uploaded which are subject to copyright. On finding such a file, DtecNet requests the file. This is then transmitted to, and copied, by DtecNet’s computer. It is integral to this process that basic information about the uploader from whom the work is being transmitted is obtained. The examples produced in Court show that the user’s pseudonym and the IP address of the user appears together with the relevant time, date and identification of the copyright material. As part of this process, if the IP address was registered to an Irish internet service provider, DtecNet identified how many sound recordings were being made available by that user on peer-to-peer software. A list of the files was then captured in the form of a log containing the name, size and hash value of user’s shared files. Although a music file may be split up in several hundred pieces, each of them carries a sufficient identification through the file # for it to be fitted into an appropriate order of sense and sufficient to clearly identify that it is a portion of a work which is subject to copyright. In all of the examples of which the Court was provided evidence, there is nothing to suggest that if only a tiny portion of the work was being uploaded that that would be insufficient to identify it. Rather, what peer-to-peer involves is obtaining the entire music recording that is desired. The file # identifier ensures that it is put into a correct format and order. The process of DtecNet is automatic, in the sense that the handshake between the computers, in peer-to-peer terminology, is fully automated. The search for particular files, for example the 1,000 most popular songs relevant to the recording companies, at that time, is inputted for the purpose of search. I am satisfied that from the evidence that the process is highly accurate. The activity log further transcribes the activity whereby the evidence is secured in a reliable format. There was nothing in the evidence to suggest to me that this process was subject to any degree of substantial error. Furthermore, the evidence establishes that there is a substantial problem on the UPC network with copyright piracy. Various figures on a monthly or annual basis were produced in Court. These related to an estimate of 15,000 per month, on a test run by DtecNet on 350 random tracks from a list of 10,000 U.K., Irish and internationally popular tracks. An extrapolation was made that at their peak downloads were likely to reach around 47,000 per month. These, however, are individual incidents. A person may be downloading a number of tracks in a single sitting, as it were, at their computer. A person may go back and download on their computer a number of times in the day. They may leave their computer on all day, downloading continually. It is highly unlikely that a person who enjoys an experience, having done it once, will simply desist. The figures produced by Ms. Sheehy speak for themselves. If, therefore, one is responding on a month-by-month basis, while it is difficult to say how many individual infringers one may be dealing with, it is certainly a small fraction of 47,500. Returning again to the figures mentioned by Ms. Sheehy on previous tests, it is apparent that there are likely to be, at most, some few thousand of them. Of them, perhaps a hundred or so will be the leaders in culpability. These few people are the ones who need to be processed. It is also apparent that the recording companies are going to have to make a choice in the implementation of any injunctive relief which they are seeking, whereby the worst infringers, namely those who download most frequently or who have the most illegally copied material on offer, will be prioritised

35. There are two potential methods of evading the DtecNet process. The first is by the use of proxy IP addresses. A sophisticated computer technician could hack into another person’s computer, and then request files using peer-to-peer technology. They would be downloaded to the second computer via peer-to-peer technology and, as I understand, then directly download it, bypassing peer-to-peer communications, and therefore DtecNet, back to the original computer user. A second way would involve using another computer as a proxy server. There are some free sites, as I understand the evidence, offering this service. There are, in addition, ways of paying for the hire of another computer so that this process can be engaged in. The figures that I have obtained from Mr. Sehested in evidence indicate to me that the current use of this technology to avoid the ultimate IP address that the user resides on is now around 0.3%. With any solution, there will be a technology battle, whereby this problem may increase, and may need to be addressed. As of the current time I do not regard it as significant.

36. Secondly, peer-to-peer downloaders can use encryption. This is not a problem. An encrypted communication is only of use if the party sending it knows that the party receiving it can decode the message. This is how Mr. Sehested put the matter:-

“P2P encryptions basically make it hard… it encrypts the actual traffic flowing in and out of the network, but as we are residing within the network, actually communicating with the users on equal terms, encryption will not affect our scanning. However, if you were do what is called a “de-pack inspection”, that basically means if you are looking at the packages that is flowing back and forth, then encryption would hide that traffic so you are not able to see that it is potentially P2P traffic. But as we are actually residing on… either end of the communication, the traffic being encrypted is not an issue for our monitoring… ecause we are essentially part of the network, so we could also communicate encrypted. So the idea of encryption is that if you have two endpoints, if anybody is standing in the middle of that, they won’t be able to intercept that traffic, it will be encrypted to them. But if you are either end of the spectrum, you will have a key to unencrypt it, and we are on that side of it.”
37. Further, as I understand it, those internet thieves using peer-to-peer encryption, download standardised forms of encryption so that mass communication can take place. I do not regard this as a substantial reason why the use of DtecNet technology would not be appropriate. The analysis thus supports the conclusion that I have reached that the detection, notification and termination solution is viable and proportionate.


Solution II: Global File Registry
38. The solution of detection and diversion that was described in evidence by Jorg Michael Speck involves several steps: this is called Global File Registry. A programme which is capable of being integrated into the Cisco 8000 of the Firmwear upgrade requires, firstly, the identification of files which are not either out of copyright, by reason of a lapse of time, or in respect of which copyright has been waived. In this regard, the relevant programme has a database of around four million tracks which are subject to copyright. Secondly, an alternative offering of around one million tracks is made available for legal download through this system. Global File Registry can operate on a mirrored form of network, whereby there is no encumbrance of the speed or efficiency of the internet service provider’s offering to its customers. The database of music tracks which are likely to be infringed is taken from the owners. In microseconds, any peer-to-peer transmission involving the illicit sharing of copyright material is identified through the file hash. This indicates the contents and mandates the programme to take action. Once the file hash is cross-referenced to copyright material, the sought for file-link by the customer of the internet service provider is immediately terminated. Then, the second aspect of the system occurs. The customer seeking a particular track unlawfully is immediately diverted to a site, made available through Global File Registry, where that track may be accessed legally. The system uses deep packet inspection. Legal traffic is never interrupted. Privacy is not infringed as the system simply reads numbers which identify the illicit nature of the transmission. Integral to that, I infer from the other evidence presented to the Court, is that a relevant computer address can also be recovered, as it is part of the transmission. There are, therefore, no privacy issues involved as no aspect of the system described involves the identification of a customer. Therefore, the firewall which exists between the allocation of a bank of IP numbers through RIPE, which is publicly available, and the day-to-day, or hour-to-hour, ascription of that number by an internet service provider to a particular customer, is never breached. The recording companies can never, through Global File Registry, or any other system, discover who it is that is infringing their copyright materials. Only the internet service provider on being notified of an infringement through DtecNet can find that out.

39. Global File Registry by-passes any response by way of detection, notification, education and termination in favour of immediate interruptions. The advantage of the system is that it offers a legitimate alternative which Mr. Speck described as offering “solid value”. This changes the passive transmission of internet service provider customer’s data into intervention. It can operate as a source of revenue to the internet service provider since arrangements are predicated to be made between the companies offering internet service and the recording companies. Thus, the attempt to illicitly download a music track by peer-to-peer file sharing is immediately interrupted and a diversion is effected to a site, shared by the internet service provider and the music industry, whereby a legal download may be made by payment through a credit card or by an addition to a customer’s bill from its internet service provider.

40. A similar system is operated by police in Australia in relation to about 70,000 child pornography images. These are identified by reference to the file hash, but in that instance the transmission is simply interrupted. I would imagine that this system, which is fully tested and in operation, also involves the gathering of data as to the user for criminal detection purposes, but this was not developed in evidence. That police agenda does not form part of the operation for the disablement of copyright theft.

41. While the system is now partnered with the Cisco Corporation as a joint venture, and while it presents as a viable future alternative, it is yet to be fully tested. It would not be right for the Court to order such a system by way of injunctive relief because its integration and testing will take time. A trial exists with an Australian internet service provider but this trial, the Court notes, is only in respect of 200 musical tracks. To ramp up the trial towards a significant number of tracks, which in an Irish context would certainly run into several thousand, involves moving into an area which is not sufficiently predictable. It is possible, as was established in cross-examination, for persistence to lead a determined customer to an illegal download. It is also possible that the file hash in a very popular music track, that was constantly blocked, could be changed. I am satisfied that this would be an elaborate process. There would be a likely response from the music industry whereby, that would be detected and added, under that new format, to the files to be searched for and detected in the course of illegal transmission.

42. There are obvious advantages to the Global File Registry system. The routes around it are difficult and time consuming. It represents a viable future way of responding to internet copyright piracy. It has no privacy implications. Any aspect of encoding is not demonstrated in the evidence to be different to the obvious solution of uploading the encryption programmes that are widely shared in this mass market. However, this system requires further work in order to operate at the level required. Finally, on this issue, I am not satisfied that in order to markedly decrease the internet piracy of copyright material that it is necessary to upload the entire discography of modern civilisation. Instead, the evidence demonstrates that deterring, through interruption and diversion, the most widely shared musical tracks at a particular time is highly effective. These need only be in the hundreds or thousands of tracks level. In the future, with development, the evidence establishes that this solution to internet piracy is likely to be effective.

Solution III: CopySense
43. In the United States, the Digital Millennium Copyright Act 2000 and the relevant legislation governing higher education institutions require all universities to control illegal file sharing on their networks. Charles Benjamin, the senior network and systems administrator for the Department of Housing and Residents in the University of Florida, gave evidence as to how the system functions in the University. This is called CopySense.

44. Every student who enters the University receives an email which informs them that they are to avoid the violation of copyright through peer-to-peer downloading. Despite this, many students in their first time regularly upload and download music which is subject to copyright. In response to this, the university has a graduated series of sanctions. The implementation of that graduated response is achieved by the use of the CopySense programme produced by Audible Magic. The University evaluated it as most appropriate or its needs because it had a database of six million signatures of copyright works, when it was first chosen, and now has increased that to some eight million tracks. Mr. Benjamin, in his witness statement described how it works:-

“It operates like an anti-virus programme in a sense that there is a database of signatures, in the case of CopySense signatures of copyright media, frequently updated that is compared to data being transmitted on the network. It creates a violation notice which we use to place the student in a restricted [network], disrupting the P2P transmission and restricting internet access to the … campus. It does not monitor the contents of email, web travel, instant messaging, FDP, newsgroups, legal copyrights works being downloaded etc. It only monitors peer-to-peer protocol.”
45. The system is not connected to the University of Florida network. Instead, the transmissions are mirrored under a parallel system and analysed. Once a violation is detected, the CopySense programme is mandated to interrupt the communication, immediately terminating it, and sending a warning notice to the students. The system does not cause any disruption of the network, because of the manner in which it is deployed. Instead, the network is made available for legitimate peer-to-peer activity.
46. The level at which this succeeds is less than with a medium size internet service provider, such as UCP, which has 150,000 customers. The university has 49,000 students, with 200 buildings in the Housing Department and with 10,000 Ethernet connections for the students that live in the university. The formal graduated response was described by Mr. Benjamin in this way:-

“We then operate a system of giving warning notices to students who attempt to share copyright material, essentially it is a graduated response. Accordingly when a student is first detected sharing or downloading copyright material with a peer-to-peer programme, they are sent an email warning them of the violation and are directed to a web page. The web page contains the unique case number, the violation level, and the type of peer-to-peer protocol that was detected and a description of the [University Housing Unit] acceptable usage policies… The students must click “I will comply” before the restriction is lifted. In the first occasion the student is restricted to on campus usage for 30 minutes. If there is a second violation the student is restricted to on campus usage for five days and if there is a third violation, the student is directed to appear before the Housing Judicial Office. It is remarkably effective. We do not get a lot of repeat offenders, less than 2% proceed to level 3. Statistics show that the three graduated response system educates the student not to use P2P software in conjunction with copyrighted material. We have seen consistent results in each semester since the installation.”
47. On the issue of privacy, the inspection maintained by CopySense on the appliance which mirrors the university network access to the internet does not violate privacy. The university is not looking at content. Instead, similar considerations apply as in the DtecNet solution. There are some instances where the university does monitor the content of communications, but this is not one of them. There are therefore no implications in respect of privacy.
48. The strong effectiveness of the CopySense solution within the University of Florida is dependent on the high levels of detection that the system displays, the discipline inherent within the university setting and the ultimate sanction of expulsion that may emerge for repeated violations. As I understand Mr. Benjamin, for a modern student to be denied internet access is to place them in a position where they would be left dependent on text books; many lectures are also offered or summarised online. In effect, this will leave the student without vital research resources and result in the termination of their relationship with the university. In consequence, the very good results can be explained by that, but only in part. While I accept that a student group is quite different from an outside internet service provider and its customers, it is also apparent that detection and warning have a salutary effect on those who seek to violate copyright. This solution does not undermine the effectiveness of the network. The first and second stages of the process are automated. Six dedicated staff and some part-timers manage the system. I am satisfied that this is not a severe burden as those employees also manage the telephone system and security monitoring for the housing network.

49. The system can be by-passed by the student returning home and, in the absence of similar general controls through internet service providers in the United States, violating copyright in a private setting. Nonetheless it is clear that the system is enormously effective, it does not impact on the network efficiency, is balanced in its approach by way of a graduated response and has no impact on privacy. To deploy the CopySense solution on an internet service provider, with 150,000 customers, would require testing an appropriate expansion of the system. While detection may not be 100% effective, I accept Mr. Benjamin’s evidence that it captures the bulk of violations. Were there a willingness by UPC to engage with such a system, it could readily be made to work. It is clear why they do not wish to so engage.

oscarBravo wrote: »

That document doesn't warm my heart. It terrifies me.

Look at the first step in the proceedings: a rights holder takes an ISP to court, and the court orders that the ISP do something that is technically impossible. The ISP is forced to appeal to a higher court, which in turn seeks input from the ECJ.

The upshot of the ECJ ruling is that the particular measure sought by the rights holder is incompatible with EU law - but it also reaffirms that the rights holder may seek an injunction against an ISP to prevent copyright violation.

So yes: that particular (and very specific) remedy has been ruled unacceptable by the ECJ. That doesn't mean that another (equally technically infeasible) remedy won't be ordered, and require separate testing in a higher court.

Do you have any idea what that case cost Scarlet in legal fees?

oscarBravo wrote: »

Let's examine those three options in detail, from a technical rather than a legal perspective.

I can't take down content. I don't have any content. That's a problem for the boards.ies and YouTubes of the world, and it's a problem that's easily addressed: if you are asked to remove a file from your server, you remove it. It's not relevant to me.

The second option is to stop access to content. How? Prevent all users from using Dropbox, thereby denying non-infringing users access to legitimate content? Nope, that goes against the ECJ judgement. Filter all traffic looking for infringing content? Nope, that goes against the ECJ judgement. In fact, the more you look into this, the more you realise that ISPs are simply not in a position to prevent copyright infringement, any more than hardware stores are in a position to prevent burglaries.

The third option is deny a customer access to the Internet. That means losing that customer's business. Will I be compensated for the loss of earnings? Will I be indemnified against a lawsuit by the customer for breach of contract? These are not trivial concerns for me, and they are not concerns I want to have to pursue to the ECJ. But why can a copyright owner get an injunction against me in the first place? Why not Level 3? Why not Cisco or Dell? Why not Corning, who made the fibre-optic cables over which the infringing material was carried? I disagree. As an intermediary, this SI is explicitly about giving copyright owners the power to take out an injunction against me for something that someone else has done.

If on no other grounds, surely you'd agree that there's a principle of natural justice being violated here? Again, I disagree. The existing law allows for the removal of infringing material - it doesn't apply to an ISP like me. The SI is being introduced to make me subject to the same penalties as someone hosting copyrighted materials, but with none of the same clarity on what is expected of me by way of compliance. The problem is that such steps are either beyond technical feasibility, or require that I terminate my contract with a paying customer.

I've sent you a copy of the type of email we're already receiving. It includes this line: "We hereby request that you immediately remove or block access to the infringing material..." If that was an injunction instead of a request, I have no choice whatsoever but to go to court and try to make a case that there is no technological means available to me to block such access.

Yes, the Court might ultimately side with me. But in the meantime, I'm fighting a battle in court instead of running my business, and I'm running the risk of losing that battle, and I'm in every possible way the ultimate loser in this fight. And I didn't even do anything wrong in the first place.

Can't you see why I'm aggrieved about this?

I wish I had your confidence. This may look like a boundless opportunity to you, but it looks like a yawning abyss to me.

Latest is that your lobbying and political pressure on Sherlock has forced him to have a mini debate on this next Thursday. That is inadequate as it is merely window dressing and we will continue to press for the whole issue to be properly debated and voted on and that the Ministerial order not go ahead pending that and pending proper legislation, with full input from people interested in the issue; to protect intellectual freedom, access to information and sensible measures to protect copyright holders where there is blatant commercial exploitation rather than this hamfisted and potentially dangerous measure as it stands.


Ferris calls for full debate and vote on internet legislation





The Sinn Féin Spokesperson on Communications, Martin Ferris TD has called on the Government to have a full debate in the Dáil on measures governing access to the internet. He was responding to an interview with the Minister responsible Seán Sherlock yesterday which Deputy Ferris said leaves many questions to be answered regarding the implications of the legislation.


Deputy Ferris said: “While the Minister is claiming that he needs to act in order to reflect both a recent Court judgement and two EU directives, he appears to be pretty vague regarding the implications of what he is proposing. Experts in the field are taking a diametrically opposed view to that of the Minister.

“There is understandable fear among both commercial and private users of the internet that this will leave the door open to actions that would severely restrict access to information if copyright holders can secure orders preventing it being made available.

“That would not only represent a significant attack on individual freedom but also a threat to a healthy sector of the Irish economy which has attracted major international players to locate here.

“In the interests of teasing all of this out I am calling on the Government to facilitate a debate and to present legislation that will require approval by the Oireachtas prior to any enactment. That would allow a full debate with meaningful inputs from all interested parties.”





ENDS

DEPUTY Tom Barry has urged serious caution in relation to proposals to introduce a Statutory Instrument to allow the courts to block access to websites suspected of infringing copyright.
“While I have not seen the specific text of this proposed order yet; I would like to put on record my considerable concerns at any threat to restrict personal freedom in relation to freedom of expression or access to information on the Internet. In addition, I also think the proposal raises serious concerns about protection for Internet users.
“In the case that has led to this proposal, Mr. Justice Charleton said that existing legislation constrained the judiciary from granting injunctions to prevent infringement of copyright against Information Service Providers. However, I feel we should be reluctant to pre-empt criminal activity. We already have sufficient law to allow prosecution for copyright infringement if and when it does occur. I am fearful of the consequences of introducing preventative legislation that may impact on personal freedoms.
“If we are to tackle the suggested flaws in the existing Copyright and Related Rights Act 2000 we must examine in detail the potential implications of handing control of the monitoring of Information Service Providers over to the judiciary. There are some extremely large corporations who would welcome this legislation or something like it; but there are even more organisations - upon whom we depend for a great deal of employment and potential future growth - who are vehemently opposed.
“We must consider the stringent opposition to this kind of restrictive and legislative Internet control from companies like Google, Facebook, Yahoo, EBay, Linkedin, AOL and Twitter – amongst others – who represent so much promise for Irish employment and innovation into the future. The very nature of the Internet means that inadvertent copyright breaches are almost inevitable – but we already have legislation to deal with these breaches after they happen. Allowing for the blocking of any website where infringements occur seems like an extreme and counter-productive response.
“Another serious consideration relates to the recent decision by the European Court of Justice ruling that Internet access is a human right. The position of the European Court of Justice is very clear – the matter can be taken to the courts after the holders of intellectual-property rights have had their rights infringed. But the Court categorically underlined the prohibition of the monitoring of information transmitted on ISP networks.
“The key word in Mr. Justice Charleton’s judgement is ‘prevent’. I do not, at this stage, believe that it is possible to ‘prevent’ the offending activity without putting personal freedoms and human rights, as clarified now at EU level, in danger. I await the final wording of the proposed Statutory Instrument but the Internet Industry must be protected. I believe it is vital to our future and that the core principle of the Internet - the principle of freedom of access to information - must be protected.”

Pro. F wrote: »

Yes thanks for pointing that out. I've just now seen your previous post on it and it is very disturbing.

ResearchWill's point that a Judge protected UPC's rights in this regard is completely spurious anyway as this is the very bit of the law that is proposed to be changed.

Pro. F wrote: »

Doesn't he say that encryption currently used by pirates in P2P won't be an issue because they will be monitoring the flow acting as normal users. The keys are freely available to read what is encrypted if you monitor from the end points. That's how I understood it anyway.

The use of proxies that he kicks down the road, like you point out, seems to be the critical failing to me. (Aside from the obvious gross unfairness and impracticality in general of getting ISPs to police the internet.)