Accused of infringement? AT&T will take away YouTube and Facebook and send you to Copyright Reeducation Gulag

um, if AT&T’s copyright policy bothers you, you are free to not do business with them. “if they catch me stealing content, they take away my Facebook! IT’S JUST LIKE TEH SOVIETS!!!!”

This is crazy. What happened to innocent until proven guilty? Oh, that’s right. This isn’t the government; it’s a private corporation, so we have no constitutional rights or protections if some corporate entity decides to use copyright to censor us.

Allow me to also recommend Sonic.net in the Bay Area. They are superb, and not just technically: Their legal policies and procedures are top-notch, too. No business connection with them except being a happy customer for a decade.

Wow the FUD about this one is deep.
This plan is being run by a “company” headed by a PR agent for the **AA’s – obviously qualified to run an extrajudicial system.
The board is filled with content holders and the leaders of some of the ISPs involved.
The company “gathering” the IP addresses is a rebrand of Dtecnet.
Dtecnet proved in writing they did not understand BT and how it works.
They were purchased by MarkMonitor, but Dtecnet is being maintained separately, possibly to avoid the liability when they get sued.
The secret system has no legal basis, despite the attempts to make it appear as such.
This is corporations making law, make no mistake about this.
AT&T’s claim that their TOS makes you responsible for activities 3rd parties might do with your connection ignore current federal court rulings.
To challenge one of these notices costs the consumer $35, and then it is reviewed by an arbitrator paid for by CCI.  (No possible way that they could be biased.)
The challenge to these notices is limited to certain options.  There is a 1 time pass for my connection was unsecured and you can never use that again.  They also believe nothing made since 1929 can be in the public domain.
You have to prove they were incorrect and invest time and money to fight an automated system that at best is flawed.
One merely need look at any DMCA complaint sent by the **AA’s to know that the systems they employ are “perfect”.
When you collect the full set of these notices then the ISPs are supposed to take some actions, but because this is a private agreement between corporations (one of whom gets direct government subsidies for their networks) we aren’t allowed to know what they might do.  The **AA’s want the speeds of these connections cut to dialup speed, I don’t think they understand in some areas that is faster than the connection offered to begin with.
Because slowing down an net connection would never screw up someones VOIP connection, I look forward to the first time a 911 call fails and they try to spin the whole don’t violate copyrights and you won’t die in your home angle.

They were unable to get every ISP to join this program, but they hope they can force it onto every ISP.
I would suggest suing your ISP at your first opportunity, the letter of agreement lets them bail once they get sued.  They have such faith in the system they built in an escape clause if someone stands up to them on legal grounds.

They plan to keep a database of notices issues to customers and then turn those over to CCI with a court order to help prove your an evil pirate.  They might sue you… but then most likely in DC where Judge Howell has decided that copyright holders deserve super special extra rights placing them above the law.

As to the whole pirates steal money from the mouths of children, the carcass of EMI was sold for just over 4 billion dollars paid for by an industry that pirates have “stolen blind”.  While it is a nice way for the execs to tell the small people why they are being paid less, the exec is making more than ever.  Something doesn’t add up.

Many of the ISPs get federal, state, local help to put their networks into place and enjoy monopoly standing in several areas.  It might be time to remind them we can open their pipes up to competition, we did help fund them after all.

We have people living in cardboard boxes, people who don’t know where their next meal is coming from… copyright is not and should never be more important to these things and it is damn well time we remind corporate america of these things.

Man, this got way WAY tldr. Here’s hoping you’ll still skim it at least….

Cory previously linked to a book by Jason Mazzone, arguing that we need accountability for rights holders (a good example would be putting some kind of penalty on baseless subpoenas or subpoenas where a plaintiff doesn’t actually turn out to own the rights to a work).

http://boingboing.net/2012/09/07/copyfraud-making-the-case-for.html
Technically, there are some penalties for these shenanigans already, but they’re tepid:
1. Rights holders are required to swear on penalty of perjury that a subpoena for customer information is only to obtain their identity, and that the information is only going to be used to enforce copyright interests [512(h)(2)(c)]. So, in theory, you could wind up in prison for abusing copyright subpoenas. (This never happens, though).
2. And rights holders can be on the hook for attorney’s fees if they don’t take reasonable steps to prevent the subpoena from imposing an undue burden.[45(c)(1)] (This penalty also rarely happens).

AT&T’s new extrajudicial system still won’t really do anything about subpoena abuse. But it doesn’t aggravate the problem either. In fact – and I’m going to get flamed intensely for this, I’m sure – AT&T’s upcoming policy seems BETTER for customers than its previous one. Or at least, better for customer privacy.

AT&T’s policy has ALWAYS been to withhold customer information until a federal court tells it otherwise (i.e., through a subpoena, or maybe a court order enforcing a subpoena). This new system is NOT an exception to that rule. In fact, AT&T is adding EXTRA conditions (five strikes).

But AT&T doesn’t actually have the authority to add these conditions. The RIAA and the MPAA brokered the various ‘six strikes’ deals, so they’re probably going to comply with AT&T’s tit-for-tat policy. But this is an agreement between those trade groups and the ISP. Any rights holder can still independently subpoena AT&T based on a single ‘strike’. AT&T is saying, up front, that it’s going to refuse to comply with any ‘single strike’ subpoena from now on. Great, but AT&T doesn’t get to rewrite federal law. If a rights holder is able to get a court order enforcing a ‘single strike’ subpoena, that’s all she wrote, and AT&T’s new policy will be neither here nor there.

SO HERE’S THE PROBLEM: everyone here is confusing ‘six strike e-mails’ with unmasking customers. And the difference is huge. AT&T is not going to dole out customer information just because someone sends them a six-strike notice. They’re not even going to give that information after the fifth or sixth time a customer is flagged. Instead, AT&T is going to refuse to comply with subpoenas for that information, as a rule, like it always has, and then, if a customer is independently flagged five times by the same rights holder for copyright infringement, AT&T will…do nothing. Again.

AT&T’s policy-to-be seems to say, “hey film studios, if you jump through this extra hoop, we agree not to resist a subpoena for customer information…If that subpoena is backed up by a court order.” But this would be meaningless. AT&T can resist any subpoena for customer information with a simple letter from its attorneys, explaining why AT&T thinks it’s unfair. And once this happens, a rights holder is completely stonewalled from the information unless they can convince a court to help them out. But if a court agrees a subpoena is valid, and once that court has issued an order enforcing that subpoena, the matter has been completely decided. AT&T could only meaningfully ‘resist’ a court order like that if it were willing to go into contempt.

And note what AT&T’s policy DOESN’T say. It doesn’t say, “AT&T will reveal the names of customers who infringe five times without a subpoena.” It doesn’t even say “AT&T will comply with subpoenas after five flags.” Instead, it says, “after five flags, AT&T is STILL going to resist subpoenas, and require rights holders to open a federal lawsuit and tattle to a judge before revealing customer information.”

Practically nothing will change, except certain rights holders will have signed away their own rights to immediately subpoena AT&T. And what will the RIAA and MPAA get in exchange? Alleged infringers will be sent doctrine e-mails and forced to do corny “copyright courses.” Sure, that’s completely pedantic, and it would be infuriating to get one of these e-mails if you didn’t actually infringe. But consider the alternatives. Throttling? Knee-jerk subpoenas for one-time infringements?

On AT&T’s part, this looks like a customer privacy coup – the two biggest players in copyright litigation just signed away the right to zero-tolerance subpoenas. And however you feel about RIAA or MPAA, the agreement prioritizes some kind of ‘proselytization’ over
actual enforcement of IP rights. It prioritizes generalized DETERRENCE over individualized RETRIBUTION. That was the non-troll call. And I’m happy to see the groups made it.

Remember, only AT&T is going to know when an AT&T customer has been flagged five times, under five different IP addresses. AT&T could simply choose not to report a five-flagged customer to a complaining studio, and no one would ever know. But let’s say AT&T does hold to its end of the bargain, and actively lets a studio know when five of the studio’s complaints about anonymous IP addresses happened to have been directed at the same underlying customer account. The studio would still need a subpoena – and because AT&T is STILL going to resist that subpoena – a court order to obtain that information. And then, if the studio decides to sue based on that information, it’s going to be on much surer footing. This is because the infringement has been independently verified five times. And it’s ‘double blind’, so to speak.

If a film studio lets AT&T know that it thinks an IP address is infringing its work, AT&T says it’s going to send an e-mail to the customer associated with that IP address. I GET IT, this sucks, because an IP address is not a person, and so there might be situations where infringement actually happened, but AT&T e-mails a customer who had nothing to do with that infringement. Or worse, there might be situations where no infringement happened AT ALL – but someone still gets an e-mail about it.

But these are different from the ‘false positive’ situations Mazzone thinks we should police, in two ways. First, there appears to be no penalty whatsoever if a film studio sends AT&T a six-strikes false positive. BUT, second, since there’s no ‘risk-reward’ analysis going on, the rationale for penalizing this kind of false positive doesn’t apply.
What do I mean by ‘no risk-reward’? If a studio files a subpoena based on a ‘single strike’, there is a chance that the customer responsible for an IP address was not, in fact, the infringer. This is the risk. The reward to be gained by the studio from taking that risk is that sometimes – if not most times – the customer WILL be the actual infringer, and the studio can deter infringement directly. Mazzone argues that if we don’t attach any real consequences to the ‘risk’ part of that equation, then studios are not going to go out of their way to avoid false positives. In fact, they’re incentivized to overreach here, because the reward will always outweigh the risk. And this is why we should penalize false positives with regard to SUBPOENAS.

But with the six-strikes stuff, there’s no payoff. There’s nothing to be gained by risking a false positive. Say studio S complains about IP address I at a date and time when customer A was responsible for I. Now say person B, who has nothing to do with A, actually did the infringing, using A’s Wi-Fi, for example. If A – who did not infringe – receives a six-strikes notice, S gains nothing. This would not put S any closer to identifying, deterring or suing B. And in the EXTREMELY unlikely situation that A is independently misidentified across five separate IP addresses as having infringed S’s work, S still doesn’t benefit. If S’s goal is deterrence, S’s ability to now subpoena AT&T for the identity of A – a person who doesn’t need deterring – is useless.

Let’s consider the ‘traffic laws’ idea. Don’t you sometimes feel like speed limits and various rules of the road are put in place so that police will have a plausible reason to pull over just about ANYONE? Have a hunch that car contains drugs? Forget the warrant, just follow the driver for five minutes until he forgets to use a turn signal.

Subpoenas don’t work that way. Or even if they did, the idea that S BENEFITS from a false positive against A in the abstract would require the ridiculous assumption that because P2P is so ubiquitous, A is INEXORABLY going to infringe S’s work anyway. Yes, the MPAA could just send out a billion complaints to put everyone at five-flag status. You just blew my mind. Moving on…

If a film studio sends an IP address to AT&T, and says “this address infringed at X date and time,” the film studio will have no idea who is responsible for that IP address. Now say that film studio sends AT&T another complaint, and says “the exact same IP address infringed the exact same work again 30 minutes later.” It’s entirely possible that the IP address refreshed during that time, or that a completely different person performed a second infringement using the same IP address.

Contrast this with so-called ‘SLAPP’ litigation – where a company decides they don’t like something someone says on a thread, and even though the company knows that comment doesn’t rise to the level of defamation, they sue for defamation and subpoena an ISP for identifying information to scare the person into taking the comment down with the threat of high litigation costs. There, armed just with an IP address, a company can abuse the subpoena power to get a result they shouldn’t otherwise be able to get. That’s why many states have laws against SLAPP litigation.

But six strikes is more like that scene from Spartacus. With a six-strikes plan, there’s no way to use an IP address to directly ‘vindicate’ anything. A film studio bound by this agreement can’t just send five consecutive complaints about a single IP address, hoping to fast-track someone to their fifth strike and discover that person’s identity, because different people will be behind the IP address for each complaint. There’s no way a studio can ‘pick on’ any particular customer. They’ll have no idea who any of their complaints are about.

This is what I meant by ‘double blind’. An IP address is not a person. And that’s exactly WHY false positives are – I think – a little more forgivable in the context of a five-strikes regime than with subpoenas. If the MPAA complains about customer A when person B actually infringed, that sucks. But now, that’s going to result in a cheesy letter, instead of a lawsuit. And more importantly, if A didn’t actually infringe, the truth will out.

Imagine that on five separate nights, S sees five people trespass on his land. Each of the trespassers was wearing a different costume. And at the time, each was unidentifiable under his or her costume. For all S knows, all five were the same person. Now imagine all the costumes were of different Tintin characters, and Abdullah, Thomson & Thompson (AT&T) is the only shop in the universe that rents any form of Tintin get-up. (In fact, there’s an organization that makes sure AT&T can’t rent anything but Tintin costumes, and that no one else can rent Tintin). The AT&T shopkeeper keeps a record of all the customer accounts used to make rentals, but tells S it would be impossible to know for certain whether the account holder of record was actually wearing the rented costume at any moment. The costume could have been borrowed or stolen, after all.

“And really, trespass isn’t such a big deal,” AT&T added.
“Maybe for you, but the world’s largest ball of twine is on that land, and I make money from entrance fees,” S moped.
“Well, I want my customers to stick around. And my customers value privacy. I run a costume shop, after all. So I can’t just show you the rental log. Instead, how about this? You tell me which costumes you see each night. I’ll cross-reference that with the log. I’ll note to myself whoever’s responsible for that costume. Then, if five separate costumes all point to one account, I’ll let you contact the sheriff, and he can force me to tell you the name of that account holder.”
“Wait, you won’t just tell me?
“Nope.”
“But I can just go to the Sheriff right now. Why would I agree to this?”
“Because in exchange for keeping the sheriff out of this, I’m going to lecture all of the account holders you implicate on the importance of trespass laws.”

“But what if it’s a stolen costume? That account holder doesn’t need a lecture.”
“My customers rarely ever wear the same costume twice within a month, and they exchange costumes often, generally somewhere around three times a day.”
“So?”
“So even if I occasionally give a lecture to someone who’s innocent of trespass, the sheriff’s involvement – the more extreme measure – is a lot more likely to involve the actual trespasser.”
“How do you figure?”
“You won’t know who’s in the costume. I won’t know who’s renting that costume until I check the log. So any pattern we start to see between costume rentals and the trespasser will be more reliable.
It won’t prove anything, of course – that’s between you and the sheriff – but it makes it less likely that you’ll get the sheriff involved on a false alarm. We’re talking about five separate costumes on five separate nights. Seems like more than coincidence.”
“What if there’s another relationship between the trespasser and the customer? Like what if the trespasser only steals costumes from one person over and over? Maybe he lives nearby that person or something.”
“I would hope that after the first lecture, that customer would start locking his costume closet. And, I mean, you could just get the sheriff involved every morning if you cared to, but you know as well as I do that the costume renter won’t be the same person as the trespasser EVERY time. This way, you can save face and only bring really solid hunches to the sheriff.

“I still have to take a lot on faith, though. If they’re going to stay anonymous, how will I even know that you’re actually lecturing these customers? And if someone gets lectured five times, and I’m allowed to finally get the sheriff involved, how will I know if you don’t tell me?”
“You won’t. But you have to ask yourself – do you care more about punishing the people who have already trespassed on your land, or about convincing people not to trespass in the future? If you want the second option, then these are your terms, because I’m never going to voluntarily give you this information.”

I just don’t understand why a policy that seems to put MORE obstacles between my online conduct and the cold light of day is a bad thing. Sure, it’s not the most elegant solution. It’s kind of demeaning, even. But if Tor required me to watch a lecture titled ‘Shame on You,’ before each session, I’m pretty sure I’d take that deal.

I’m disappointed this needs saying, but I have no affiliation with any of these organizations. No one paid me to write this. I think this stuff is interesting. Cory’s a celebrity in this field, and whether or not he ever reads this, it’s fun to feel like I’m in dialogue with him. If you’re going to take the time to call me a shill or concern troll, maybe ask yourself why that’s your first instinct. I’m sure there are plenty of things in here that I’m just plain wrong about. But if I am wrong, it won’t be because you impugned my motives.