Q&A: RIANZ chief backs 'robust' detection methods

We won't get it wrong on s92A investigation, says RIANZ chief

Anti-piracy investigators from the New Zealand recording industry will use only the same methods to access file-swapping networks used by anyone downloading music, so there are no privacy issues involved, says Campbell Smith, CEO of the Recording Industry Association of New Zealand.

In answer to a series of questions from Computerworld, Smith says the standard of evidence to be used by copyright owners under the terms of the Copyright Act, Section 92A and its attendant code of practice is “fully robust”.

Smith says to his knowledge no “evidence pack” produced by a member of IFPI (the International Federation of the Phonographic Industry, to which RIANZ belongs) has ever been shown to have an error that led to an incorrect notice to an internet service provider.

He also discounts any suggestion investigative techniques will impose any unusual load on a file-exchange network that could disadvantage legitimate users.

Such a suggestion was made in a Washington University research paper, but pertained to more intrusive techniques than those RIANZ is using.

And an organisation or family need have no fear they will be cut off entirely from the internet through misdeeds by an individual under its roof, he insists, provided the miscreant is dealt with appropriately. ISP terms and conditions, he says, usually make one person responsible for the use of the account.

Could you briefly describe the techniques your members will be using to detect online copyright infringement?

Our anti-piracy investigators will log onto file-sharing sites, as anyone can, and identify the publicly available information on the IP addresses concerned that are used to upload copyright infringing music tracks.

They will put together an evidence package, which will include details of the names of the copyrighted files being uploaded, exact timestamps and the protocol used. This evidence package will be handed over to the relevant ISP who then can notify its customer(s).

The evidence supplied by our investigators is synched to a trusted atomic time source and based on ICANN (APNIC) information regarding the allocation of internet protocol address spaces. This evidence has been accepted in countries around the world as the basis of criminal and civil legal actions. We have also been through this evidence gathering process with ISPs in New Zealand and they accept its validity and reliability.

Are any of those techniques likely to raise questions of privacy under New Zealand law or impose a performance penalty on legal users of peer-to-peer and similar services?

The approach provided for under the draft code of practice (and in our suggested changes to that draft code of practice) does not raise any privacy questions. It does not require identification of the people using file-sharing networks or look at the actual content of the traffic data, since the IP address involved is made public by the uploader.

Any law-abiding user of a file-sharing network will not be affected at all since we can identify the files being uploaded to the file-sharing networks against our database of our members’ music and will only pull together an evidence pack and notify the ISP if the files being uploaded infringe our members’ copyrights.

If copyright holders want to make their works available freely, these works will not be searched for and identified. So there is definitely no “performance penalty” for any legal users, and these techniques certainly will not affect the operation of networks and/or the legal sharing of files on networks.

Do you expect that a proof of the legality, integrity and lack of performance penalty of the detection procedures, will form part of the pre-approval process outlined in the TCF draft code? Do you agree with this?

The standard for evidence gathering will be clearly set out in the agreed code of practice. RIANZ and other eligible rightholders will be “pre-approved rightholders”, following satisfaction of agreed standard of evidence requirements and acting in good faith as good corporate citizens. Other non-pre-approved rightholders will have to meet similarly robust evidence when sending notices to the ISP, case by case.

Have any of these procedures already been vetted in this way for operation in New Zealand?

The standard of our evidence gathering would be sufficient for a court if we were to bring legal actions for infringement against uploaders. However, this is not our preferred course of action in the first instance — we think a series of warnings by way of education notices will be more effective, giving users the chance to modify their behaviour and stop infringing. In our view the proposed approach is far less punitive, more aimed at educating and more effective than individual court cases so we think it’s a preferable alternative.

Have you read the Washington University paper suggesting that such procedures as used in the US can yield false identification data relating to a possible infringer and result in incrimination of innocent parties, either inadvertently or by deliberate action of a guilty party? Might they impose a load on a P2P service that will degrade performance for legal users and amount effectively to a “denial of service”?

We have absolute confidence in the robustness of our evidence gathering and you will note from that paper that there were no “false-positives” for music. We had no issues or concerns raised by local ISPs when we went through the evidence gathering process with them at the beginning of the S92A discussions.

As far as I know, the techniques and current technologies that investigators working for IFPI members use — and RIANZ as an IFPI member would use these techniques and technologies as well — have never led to an evidence pack with an error leading to an incorrect notice to an ISP.

The evidence used by IFPI members is fully robust and required to meet strict standards. If the evidence gathered by investigators does not match these standards 100%, no notice is sent out and all evidence gathered is deleted.

Of course, errors could happen regarding the (publicly available) information of IP accounts and regarding the processing of the notice by the ISP.

However, such errors can be dealt with and this is one of the main advantages of the approach under the draft code of practice: users have the possibility to challenge any errors in notices they receive, and the approach also allows users to change their behaviour. It may be, for example, that a child in a household has been using the internet connection.

The terms and conditions of the ISP’s contract with the account holder, and the law, clearly state that the internet account holder is responsible for how that account is used. A warning letter can therefore act as a prompt for parents to talk to their children about the importance of obeying the law and making sure that they do not continue to use the account to infringe.

There is no way the evidence gathering approach we are taking can impose a load on the peer-to-peer service. Our anti-piracy experts simply log onto the network as any member of the public can do and note the publicly available IP addresses that are being used to upload copyright infringing music and inform the ISP. The ISP then contacts the relevant account holder. This will not degrade the peer-to-peer service for legitimate users in any way.

Is there any way of dealing effectively with single infringers within an organisation without (a) cutting off the entire organisation or (b) requiring an organisation that considers computing a mere adjunct to its main business to register as an ISP?

Yes, of course. There is no need to cut off an entire organisation, say, a business with 30 employees sharing 10 computers, if one of the staff members engages in illegal file-sharing. This business, when receiving a warning notice, should and would get in touch with its provider and, if necessary, take measures to stop infringing activity on its network. It should be in every responsible business’ interest to make sure that its employees don’t abuse their position and workplace to break the law — and that these rules are clearly communicated to the staff.

No organisation with internet access would have to register as an ISP — unfortunately the distinction between “upstream” and “downstream” ISPs as contemplated by the draft code of practice can be a bit confusing.

Rightholders will only contact the ISP furthest down in the internet access provision chain, according to the contact details set out in the “WhoIs” records that are publicly available. If the WhoIs information is not correct so that the “wrong” ISP is contacted, the account user can say so and we can go and address the “correct” ISP.

If the ISP set out in the WhoIs records is for example a big university, there will be no “collateral damage”, as long as that university takes reasonable action when notified that its connection is being used for illegal purposes.

It is as simple as that. As long as the university acts upon receiving a notice and contacts us, they will not run the risk of having their account terminated. We want to deal directly with such businesses and entities, if they wish, to help them prevent infringing activity on their networks — activity which is obviously a cost and a security threat to them.

Join the newsletter!

Error: Please check your email address.

Tags copyrightRIANZs92a

Show Comments
[]