blogarticle

The Digital Rights Bill, what it means for your business?

Introduction

Since the dawn of the internet some 50 years ago, never have so many people had so much access to so much content. There are estimated to be over 1.7 billion people in the world with internet access (around a quarter of the population). Practically every country will represented by users. It is then no wonder that the issue of regulation is a complex and hotly debated topic. Generally each user must abide by the laws of their own country despite the  the content itself being represented in another. A perfect example of this is in the Communist state of China where the government censors the content that users can access.

Here in the UK we may use the internet for any purpose as long as it does not break any laws. I cannot create a website inciting racial hatred nor can I use the internet to plan acts of terrorism, just as I cannot do these things in an off-line forum.

Digital Rights

“Hold On!” you may be saying, “this is not what the the digital rights bill is trying to address.” And you are right. The bill is set to protect the digital rights of copyright holders. So why the comparison to any illegal activity? Generally anything that can be digitally represented (books, films, music, software, games, etc.) can potentially be copied and distributed. Ever since there have been public networks people have distributed these. Distribution of copy-righted material is illegal.

If such an activity is clearly illegal why does it continue in such abundance (It is estimated that 1 in 5 internet users have illegally downloaded material " that’ s over 500 million people!) without prosecution? Why do people still defend this in a way that they surely wouldn’t defend shoplifting or car-jacking? Theft is the usual analogy but it does not equate as neatly as one would hope. I have just stolen your car. It was sat outside your office and I got in and drove it away. In the act of stealing it I have removed it from your possession. To make matters worse I then downloaded a copy of the music track you just released. I now possess that piece of music but you have not lost possession of it. The actual analogy of digital sharing to car jacking would be that “I go outside your office make a copy of your car and then drive that away”. Despite the difference, the law, quite rightly, forbids this activity. I am not stealing your possession I am stealing the idea of your possession. In some peoples minds this justifies the act. Not every illegal download is a lost sale but the act of this devalues the effort that person has taken to create the item.

Secondly it is very hard to detect. Say I were to download a file from your computer or an web server. Firstly I am connected to an Internet Service Provider (ISP). They give me access to hosted content all over the world. They also assign me an IP address that I use in that session of web browsing. I use this connection to access a file sharing technology. This provides a link between our two IP address (sometimes, but not always via a middle-man server). I then download the file from you. However the method of transferring the file is split in tiny fragments. Each fragment is encrypted. Say I were to read one fragment. Even if I were to break the encryption (no easy task) I would still be looking at essentially one jigsaw piece. I will use this jigsaw piece in the later section Methods of Monitoring . To even get access to that one packet I must provide some way of monitoring these communications. This is again covered in the later section.

Thirdly the technology used for illegal file sharing is abundantly used for legal file sharing. If you were to own a shop and were scared of shop lifters, you wouldn’t close the whole shop to stop the problem.

Methods of Monitoring

So we have identified in very simple terms the technology used to “share” a file. How does the government propose to identify the infringements. The following lists the possible ways:

  1. The first and most controversial method is the government want to hand the ball the over to the ISPs themselves. The logic is that they provide the connections and can, in theory, monitor the information being sent and received. ISPs have strictly opposed these plans. They state that the amount of information means this is impractical and it is not their place to “police the internet”.
  2. Often agencies will partake in the file sharing themselves. When someone connects to them they log that IP address. They then petition for that persons details. The government have not advocated this method although they have opened the doors for accusal in this manner.
  3. The most advocated method is to use data monitoring agencies that specialise in tracking copyrighted data. They achieve this by sitting on one of the nodes that internet traffic pass through. This method only gives them the jigsaw pieces. They identify each piece by comparing them to a database of full jigsaws. Perhaps the analogy is a little simple but this is fundamentally the theory.

How they (don’t) know its me ?

So will any of the above methods of monitoring actually work. I have already mentioned that pretty much every ISP has come out in strong opposition to them monitoring their users. Some ISPs have already supported different schemes. Virgin sent thousands of letters out to a list of users based upon IP addressing alerting them that they were illegally sharing files.

The biggest problem underlying all of the technologies is that it relies on identifying users based upon and IP address and a time-frame of infringement. Lets run through this in a generic setting that we will assume for simplicity that a communication is illegal.

The illegal communication takes place between a client machine and a server.

The government will request the identity of this user providing the public IP address and a time.

The ISP will check their records (that must be kept for ten years) to identify the actual user.

Whatever action the government is proposing can then be aimed at that particular person.

Sounds simple enough, right? Well not quite. Here’s why:

I share my internet connection with 3 other people. When connected to the internet, externally we all have the same IP address. Therefore the ISPs can only give the details of the account holder. The justification for this is that each account holder must be responsible for any action taking place using their connection. There was recently the first case where a pub was actually sued because it offered free Wi-fi and one of the hundreds of users downloaded something illegally. A huge percentage of businesses have one internet connection that all its staff use. Without proper observation any one of your staff could trigger a series of events that end up with your company being sued. It is the equivalent of being able to use my bosses body to go and steal a car. I think we would all agree this doesn’t feel right.

There is some argument that a particular machine can be identified by a MAC address. This is a unique identifier on the actual network adaptor in your computer. The problem is with this and IP addresses is simple. There are many ways to “spoof” both a MAC address and an IP address. It is a technological invisibility cloak that could ensure the wrong people fall foul of these new laws. I am not aware of one compelling argument that the government has raised that can get around these issues. I raise the question, would they use DNA proof if it was only 75% reliable?

Legal Woes

With any law public support will be in abundance if the method of prosecution is fair and transparent. If one were to commit a murder they would be tried by a judge and jury where evidence must prove the crime beyond a reasonable doubt. The police is heavily involved in gathering evidence and the system, although not perfect, is widely accepted. Which brings us to Davenport Lyons.

Davenport Lyons are a legal company based in London that has almost single handedly led the charge in prosecuting illegal file sharers. However there means are less than altruistic. Reading through forums from various people who have had dealings the situation seems to go as follows:

  1. Davenport Lyons are commissioned by a publisher to protect the copyright of a product / piece of music etc.
  2. They collect people who they believe have downloaded the product illegally. (the methods of collection are not fully known).
  3. They formally request the details from ISPs
  4. They then send letters threatening legal action if a large amount of money is not paid straight away.

It is the method of accusal that has gathered almost universal outcry. I will not claim to know Davenport Lyons motives but it would appear that it is basically a revenue scheme for the clients and themselves. They tend to send out large volumes (20,000 at last knowledge) with a demand for money. It can be pointed out at this point that the persons guilt has not been proved. No evidence is attached (bar a date and time). Davenport Lyons are not the police. They cannot assert guilt on another. Out of the 20,000 many do pay this charge (reportedly between £500 " £1000, despite the cost of the product itself, supposedly for damages). Currently not one case has been contested in court. None-payers are sent increasingly threatening letters.I would contend this is not a fair and transparent systems. Casually researching the topic will turn up numerous cases of elderly people and otherwise obvious cases where the accusation is false that have been bullied and scare-mongered for the point of making profit from a government bill.

Many of you may remember a news story a little while back that one of these cases had been tried in court with Davenport on the winning side. This is in fact false. A case was taken to court but the defendant was a no-show. The law in this country states that a no-show is automatically found guilty in a monetary dispute. No proof, no justification regarding the above problems in identifying the guilty party, simply a “no-show”,

If pirates or file sharers are to be tried and help accountable for their actions there must be a better method for quantifying damages and due fair trial. Currently Davenport Lyons are not it.

I urge any interested parties to read the forum on Slyck’s website for the “victims” of this process.

Will it work?

France have already implemented the three strike rule which has actually been reported to increase piracy as it forces users further underground by learning of more effective ways to hide their activity.

As of yet not one case has been tried as a result of the law.

What does this mean for my business?

The digital rights bill is a vast and complex subject with roots in technology politics and business. Many of the above conversations will not bear any relevance to your business or dealings. However it is worth thinking about the possible ramifications. Most significantly is the threat to your internet connection.

Many businesses require non-stop connection. Without it e-mails, information and possibly your own website is unreachable. How much impact would your business suffer if you were victim of a three-strike rule? How would you feel if this measure was taken without proper review?

I expect most offices would have wireless internet connection. Do you know for sure how secure this is? Do you want to be potentially legally liable for its use even if it wasn’t even one of your employees?

Letter to the House of Commons

I wrote a letter to my local member of parliament, Ben Bradshaw from the Exeter constituency. I expressed concerns that the bill was not being given the necessary time for review and debate.

I received a photocopied response that stated the bill had had time to be viewed and voted upon.

Conclusion

Post 9/11 the government approved a law that would allow police the authority to deny basic laws of freedom under the heading of the “Terrorism Act”. It was passed with the justification that it would help identify and catch terrorists quicker. In basic terms one can be questioned or even arrested without trial of reason if the authorities believed that you posed a risk. It was a subjective assessment critically without peer review or justification.

At the time it may be said the danger justified the shrinking of one’s right. Ten years later it is not terrorists but normal people using the internet that are a threat.  They are the justification that the government can shut down your website. They can cut your internet connection. They can fine you £50,000. Potentially without review.

In mythology the horses were being constantly attacked by wolves. The horses decided to entrust the humans to help them rid themselves of the threat. The human promised results if they could ride on the back of the horses to fight the wolves. The humans rode the horses and slayed the wolves. When it came time to to relinquish the new form of transport the humans decided,  riding the horses were more beneficial.

No one is arguing illegal downloading is right.  No one is arguing that it has some, although not as much as they claim,  impact of several industries including software, games, music and film. The warnings are out there from open rights groups and famous literature. The government wants to open the door to internet legislation with these targets in mind. But when the door is opened it cannot be closed so easily.

References

http://www.internetworldstats.com/stats.htm

http://www.slyck.com

Updates

This bill has had constant amendment and revised. The below article relates to the general issues it has faced rather than being an up to date commentary on it’s current status.

Update 16/03/2010   the bill has now been passed.

Update  29/09/2010 adding further controversy to the bill, it has been discovered that British Telecom emailed a list of suspected piracy offenders’ details to Davenport Lyons (Solicitors) via an insecure e-mail. This effectively breaks the data protection act and provides evidence of the broad brush approach of piracy legislators. See BT involved in data leak for the BBC news story.

Date: 09/11/2010

gettingintouch

If you like to get in touch, please telephone our offices on +44 (0) 1364 582017 or complete our on-line form and we'll get back to you as soon as possible.

stayingintouch

Stay in touch with what we're up to at Ayrmer Software by following us on one of our social media feeds: we'd be delighted to welcome you as a follower on twitter, become friends on facebook or add us to your circle on Google+. You'll also find us on Linkedin, of course.