Ofcom Unveils Anti-Piracy Policy For UK ISPs 234
krou writes "Under plans drawn up by Ofcom, UK ISPs are going to draw up a list of those who infringe copyright, logging names and the number of times infringement took place. Music and film companies will then be allowed access to the list, and be able to decide whether or not to take legal action. '"It is imperative that a system that accuses people of illegal online activity is fair and clear," said Anna Bradley, chair of the Communications Consumer Panel.' The Panel, in partnership with Consumer Focus, Which, Citizens Advice, and the advocacy body the Open Rights Group, has released a set of principles it believes should govern the code of practice. The principles say sound evidence is needed before any action is taken, consumers must have the right to defend themselves, and the appeals process must be free to pursue. The code shall come into practice by 2011, and initially applies only to ISPs with 400,000 customers or more." Update: 05/29 09:11 GMT by T : As an anonymous reader points out below, that's 400,000 users, rather than 40,000 as originally rendered.
Correction (Score:2, Informative)
400,000
FTFY (Score:5, Informative)
UK ISPs are going to draw up a list of those who are suspected of infringing copyright
Re:Piracy clarification (Score:5, Informative)
Here in the Netherlands we got a similar debate going on, with some groups demanding the downloading of copyrighted works to be made illegal (currently legal for movies and music). My housemate and good friend Pieter Hulshoff was present at a debate on this last Thursday together with a number of politicians, artists, lawyers and many other types of people (including the very embarrassing Dutch Pirate Party). As he pointed out during this debate, there is no conceivable way one could successfully implement a 'roadblock' against the downloading of copyrighted content. First of all, there's the technical limitation.
DPI, or Deep Packet Inspection, is a technique which can look into the packets sent through an ISP's network and which is suggested as a way to find those guilty of infringement. There is no way to figure out in even a fraction of all cases, even after assembling multiple packets, what format the packet's contents are in, what encoding was used, how to read it, let alone somehow figure out whether it is copyrighted information.
P2P, or basically anything involving Bittorrent, eDonkey and similar networks used for filesharing can easily be anonymized using encryption, private trackers, making it very hard to get into a cloud or similar, or figure out what is being shared.
Then there's the aspect of determining whether a copyrighted work being downloaded is actually 'illegal'. If personal copies are allowed like here in the Netherlands, or some form of fair use exists and the person downloading Generic Movie #24 also has a matching copy of the DVD he or she legally bought but feels too lazy to make a rip off (or wants a rip of the Blu-Ray version... another huge grey legal patch). Look at for example the demands made by media companies at Youtube and similar sites to keep out copyrighted content. It should be clear that it isn't feasible for even a huge company like Google to keep people from uploading copyrighted material they supposedly don't have the rights to to YouTube. Automatic filters fail, reports aren't affective enough and employing people to sift through incoming videos is so ridiculous for being impractical that it's laughable.
In other words this is yet another wet dream of the companies behind such constructs as the RIAA/MPAA and their many cousins throughout the world, put into law thanks to bribes and clueless politicians and completely not feasible in the Real World (tm).
Proxy, proxy, proxy (Score:4, Informative)
Like it's not pathetically easy to proxy yourself out of the whole mess. For those inclined a small VPS can be obtained for a few dollars a month in one of the more liberal european countries such as the Netherlands or Sweden, or if you feel the need go further afield to the obscurity of Panama, Hong Kong or Malaysia. Setting up Squid server and SSL tunnel is then the work of less than an hour. Alternatively if that's too complex there's any number of companies offering private non-logged VPNs for a similar price.
If the media companies pursue this then all that's going to happen is it'll be increasingly lucrative for companies to set up anonymising VPN services in regimes around the planet where their copyright writ doesn't run or is practically impossible to enforce. Instructions for how to use these will pass from geeks to common knowledge, and furthermore because people will be paying a few dollars a month for the proxy they will be more inclined to use it to "get their money's worth", and hence 'piracy' will actually increase.
Of course the sensible alternative would be to provide a widespread service such as Spotify which would effectively do the above but legally, but the media companies are too short-sighted to see that.
Re:This is simply wrong (Score:3, Informative)
Via the proposed OFCOM list on one hand we have people suspected of infringing copyright and on the other hand we have proof of ISPs monitoring, recording and invading the privacy of citizen upon a nationwide scale. That diseased myopic organisation is proposing that private corporations have the right to monitor and record every action of their customers. What next those tin foil hatters, cameras and microphones in cable TV boxes to monitor people in their homes, compulsory mobile phones that cannot be turned off and can be activated by OFCOM memebers to monitor suspect activity.
There is absolutely no way an ISP should be aware of what a customer is doing on the internet, it is none of their fucking business. They provide a service, the transmission of data at the defined bandwidth via interconnected services. It is not their place to intercept record and, monitor private communications of their customers.
That POS http://www.ofcom.org.uk/ [ofcom.org.uk] organisation is proposing the trappings of a totalitarian corporate state, where corporate masters will monitor all your and your families digital communications for anything "THEY" deem to be infringing upon their profit and control humanity. I find it disgusting to see how readily greedy socipaths will sell away the freedoms and rights of their fellow citizens and even their future descendent all to line their own pockets and feed their ego today, basically an ideology of fuck the future I want more now, now, now.
Re:Dear customer (Score:2, Informative)
> which currently only has 399,998 customers
From the summary:
>> only initially(emphasis mine) applies to ISPs with 400,000 customers or more.
Anyway, we all know that the more the fight against piracy revs up, the more pirates will find ways to circumvent the enforcement. And the worse and worse PR this will generate for the media companies.
We live in interesting times, as the Chinese might say.
Re:Piracy clarification (Score:3, Informative)
Don't mod him down! This guy understands the fundamental problem and even has a solution, albeit a morally suspect one.
Re:Piracy clarification (Score:3, Informative)
What I consider worst about this legislation is that major ISPs are going to have to monitor *all* traffic passing through them
ISPs don't have to monitor anything. nothing. zero. zilch.
what they have to do, is accept 'infringement notifications' from copyright holders - and keep count how many each customer receives.
the first 3 times per-customer these notifications are received, the ISP must write to the account holder, detailing the alleged offence, offering advice about securing their wireless router and offering alternatives to downloading illegally. the customer can appeal these notifications, if they think they're in error.
if a customer receives more than 3 notifications within 12 months, then the ISP must anonymously list the customer on a 'list of possible repeated copyright violators'. copyright holders can periodically browse this list, and may decide to apply for a court order to reveal a customer's name and address. they can then choose to sue them in the courts, where they will have to provide unequivocal proof of wrong-doing.
every 12 months, each customer's list of 'alleged violations' is cleared.
Re:Piracy clarification (Score:3, Informative)
the liberal democrats voted against it
Re:Piracy clarification (Score:1, Informative)
the liberal democrats voted against it
Yes, the handful that could be bothered to turn up...
Re:Piracy clarification (Score:3, Informative)
I'm cancelling a couple of moderations to post this, but I think it needs to be said.
Making a personal copy for format shifting is illegal [tortuous] in the UK. Ditto for downloading a rip.
A specific format-shifting exemption is definitely on the way. It was recommended by Gowers and has basically been accepted by everyone in government, it just hasn't been put into law yet.
Also, at least one big name music label is on record saying they won't prosecute people for format shifting. They know MP3 players and similar devices are big business, and going after people who buy your music through legit channels with the sole aim of transferring that music to their portable player is just shooting yourself in the foot for no reason.
Re:How? Passive traffic analysis? (Score:3, Informative)
Indeed, why don't torrent sites and trackers already run over https? Wouldn't that kill this idea entirely, plus any other ISP-based snooping?
Many private trackers (maybe some public, too) already offer https. I'm not a security analyst so I'm unable to comment on how effective the provided services are, but there has certainly been a stab at doing just that.
Encryption alone doesn't work (Score:3, Informative)
You need to link up to an anonymizing network with some kind of routing (like onion routing) that creates a level of anonymity... see the link in my sig for a good example of such a network.
The reason encryption alone doesn't work (turning encryption on as a connection requirement in a torrent client) is that anyone from the ISP to the police to the MPAA can simply join the swarms the same way you do. From the standpoint of large corporations, that requires very little effort and may even be less complex than setting up special packet-inspecting equipment to scan unencrypted traffic.
Adding simple encryption only makes it hard for an ISP to throttle or attempt disconnection on P2P traffic. It doesn't prevent anyone from easily discovering that you're uploading.
Summary misleading? (Score:1, Informative)
I'm looking through the draft code (the full 74 page pdf) and it says that copyright holders will be responsible for finding instances of copyright infringement, and ISPs required to keep a record of that, to be made available to rights holders. It does not say that ISPs must proactively monitor their customers' traffic, which is what the summary implies and most commenters here seem to assume. Or have I got this wrong?