More detail has now emerged on ‘three-strikes’ developments in the UK. ‘Three strikes’ refers to proposals currently doing the rounds – heavily pushed by various IP rights-owning organisations – to have ISPs monitor online copyright infringement (particularly P2P), warn users, and, if infringement persists, impose sanctions such as termination of service. The French have been drafting up such a scheme, it’s being pushed elsewhere (including here in Australia) and yesterday there were two significant developments in the UK:

  1. The UK government announced a voluntary ‘Memorandum of Understanding’ between six UK ISPs and BPI (music industry body) and the Motion Picture Association; and
  2. The UK Department for Business Enterprise and Regulatory Reform launched a consultation on ‘legislative options to address illicit Peer-to-Peer (P2P) File-Sharing.

There is already some online commentary: see Pangloss and the Open Rights Group [update: IAM Blog also has some commentary, as does IP Watch]. Some thoughts of my own over the fold.

The Memorandum of Understanding
The MoU is available as Appendix D to the BERR Consultation Document. On close inspection, it’s actually pretty vague in a lot of ways – certainly nowhere near (at least yet) some of the draconian ideas that have been floating around.

There’s plenty of fluffy language (signatories will work to educate consumers, signatories agree on the importance of providing legal alternatives, signatories do not want legislation). This is what’s actually agreed:

  1. The ISP signatories are going to send letters to 1000 subscribers a week, for 3 months. The subscribers will be identified by the music rights holders. This ‘trial’ will provide evidence for all parties to assess;
  2. On the basis of that evidence, Ofcom (communications industry regulator in the UK) will ‘agree with Signatories an escalation in numbers, widening of content coverage [presumably movies, maybe TV?], and a process for agreeing a cap [presumably a cap in number of notifications being sent];
  3. Ofcom will set up a group – signatories invited – to “identify effective mechanisms to deal with repeat infringers” – that group will report in 4 months. It will look at [emphasis mine] solutions “including technical measures such as traffic management or filtering, and marking of content to facilitate its identification” – and the rightsholders will also “consider prosecuting partiuclarly serious infringers in appropriate cases”; and
  4. The signatories will draw up codes of practice on evidence, actions against alleged infringers, “indemnity resulting from incorrect allegations of file sharing”, and “routes of appeal for consumers”.

So here’s what is not agreed yet:

  1. What ‘sanctions’, if any, will actually be imposed on repeat infringers;
  2. whether there will be any termination of users, or traffic management, or anything like that;
  3. how costs will be shared (the MoU notes that “apportionment to be agreed”), although it does say that costs will be shared; or
  4. whether or not there will be an independent body involved in all of this (the idea of an independent arbiter is canvassed in the BERR consultation document)

So what you could say about the MoU is that it is, in effect, an agreement to do a trial, to do a study, and to discuss codes of practice. It’s a step towards some kind of system (one envisaged not to involve heavy-handed legislation), but it’s a long way from institution of a system.

I’m also heartened by fact that the BERR is – simultaneously with these studies/discussions – holding a public consultation on options for a system to manage P2P file-sharing. One of the things that tends to be objectionable about ‘industry-led’ processes is that the consumer voice, and the citizen voice, is all-too-often missing in the discussions over the appropriate systems. The BERR consultation has the potential to include that too-often-missing voice.

The BERR Consultation Document
The BERR (UK Government) consultation comes with a quite long (66 page) consultation document, and a reasonably long deadline – comments are due at the end of October.

The BERR document canvasses a number of options:

  1. Requiring ISPs to provide personal data to rightsholders on request, without any court order (then putting responsibility for enforcement on the rightsholder it would seem);
  2. Requiring ISPs to take direct action against infringers identified by the rightsholders;
  3. Setting up a third party body to consider evidence provided by rightsholders, and to direct the ISP to take action against individual users as required;
  4. Requiring ISPs to either allow filtering technology to be installed, or install it themselves, to block infringing content; or
  5. The self-regulatory approach: have codes of practice, which would include notifications to consumers, and (maybe) technical measures such as management, filtering, or marking of content, as well as ways rightsholders can prosecute serious infringers – all overseen by a Regulator who would approve the Codes of Practice.

Perhaps unsurprisingly, the government prefers the last of these options. Looking at the other options, I can see why – some certainly infringe on any reasonable concept of civil liberties: try number 1 which disregards privacy and sets up a secret monitoring culture (in the sense that you don’t know when or if your information has been passed on to others). Or 4, which has all the problems attendant on using filters (false positives, false negatives, cost, impact on speed of network). To a government, my guess would be that 3 just looks expensive and troublesome.

3 should, perhaps, be given some thought. It has the benefit of having an independent arbiter. And it wouldn’t necessarily need to be expensive – speedy lower level courts could be used, or we could do what Lemley and Burk examined in detail some years ago (shorter version here) and use the UDRP as a kind of model (Pangloss makes the same point). The danger with four is a lack of transparency to users, consumers – and citizens. If it is all settled between the industries, who’s protecting us? Of course, a regulatory scheme could be set up, and codes of practice, negotiated in such a way as to protect the consumer and citizen voice, but you can’t assume that that will be the effect, unless active thought is given to how to achieve that.

Conclusions
One thing I will say – I’m quite liking the serious discussion that is evident in all these materials. As far as I can tell, no agreement on anything that we fear so far has been reached. The next few months will clearly be very important. I hope lots of people get involved in these consultations. If you happen to know anyone in the UK, suggest you tell them to make some noise.

The process being set out here, taken together with the emphasis on light-handed government involvement evident in all these documents – should give ACTA negotiators some pause too. How can we even contemplate concluding a multilateral or plurilateral agreement by the end of 2008, that even touches on these issues – when this is going on? All the evidence from such processes as this suggests that countries are finding their own way. They must be allowed to do so if anything useful is to be achieved in the longer term.