IPEC Filing

The PRO-IP Act of 2008 created the position of "Copyright Czar," also known as the Intellectual Property Enforcement Coordinator or ‘‘IPEC." The IPEC "serve[s] within the Executive Office of the President, and an interagency advisory committee specifically tasked with formulating and implementing a Joint Strategic Plan to improve the effectiveness of the U.S. Government’s efforts to protect the rights of intellectual property owners and to reduce the costs of and threats posed by intellectual property infringement, in the U.S. and in other countries."1

President Obama appointed Victoria Espinel to that position. On February 23, 2010, Ms. Espinel issued a call for public input, in the form of written comments, on the formulation of a Joint Strategic Plan and on the U.S. Government’s intellectual property enforcement efforts.

Our response to that call for comments is reprinted below. It is in the exact form that it was filed, except that we have added some links/footnotes to various technical terms and other words or phrases that were not linked/footnoted in our original submission. These have been added in this version as some of those who read this version may not be as versed in the technical and legal aspects of our filing as are the intended recipients of the original filing.


Recommendations for improving the U.S. Government’s

Intellectual Property Enforcement Efforts

Submitted by

www.StopMusicTheft.com

March 23, 2010

To the Honorable Victoria Espinel, White House Intellectual Property Enforcement Coordinator:

Introduction

Madam, we appreciate the opportunity to, and respectfully submit our thoughts on how to stop the wholesale theft of intellectual property online.

We offer 4 specific recommendations:

(1) Repeal the safe harbor provision of the Digital Millennium Copyright Act ("DMCA") as it applies to internet service providers ("ISP"s). In the place of that safe harbor for ISPs, make them specifically culpable for intellectual property ("IP") theft that takes place on their networks and require them to develop systems and procedures to interdict IP theft taking place over their networks.

(2) Pass a law that makes it specifically legal for ISPs to engage in URL blocking and deep packet inspection and any other techniques you deem necessary for them to interdict IP theft on their networks. (In the absence of legislation on this and point (1) above, perhaps the full might and power of the U.S. government can be brought to bear in negotiations with ISPs and in an Executive Order which combined, persuade them that it is in their best interests to voluntarily interdict illegal file sharing and enable them to do so.)

(3) Reject the "3-strikes" approach to interdicting online IP theft (assuming you adopt recommendations (1) and (2)).

(4) Overhaul the provisions of the Copyright Act of 1976 that concern infringement lawsuits. The act was written before any of the methodologies were created that actually are used to steal IP online. Give IP owners a streamlined and ironclad means of proving who is doing the online IP stealing and what they have stolen (because the ISPs can know both of these things). Give infringed IP owners a simple and financially effective means of redressing IP theft in state small claims courts.

The Principal Arguments Against Interdicting Online IP Theft

There are two lines of attack against taking any measures to actively interdict online intellectual property theft:

(1) Interdiction will compromise individual privacy, impinge free speech, and conflict with net neutrality.

(2) Technical means can never stop all online IP theft so we shouldn't even try. Put another way, "the perfect is the enemy of the good."

We believe both arguments are specious and unsupportable for various reasons as follow.

The "Spam Model"

We believe a multi-faceted technical approach (such as that which is used these days to block virtually all spam email) can stop illegal file sharing.

Email services, as offered by the nation's internet service providers and Google (Gmail), Yahoo, Microsoft, Lycos, AOL, etc., utilize a suite of techniques including whitelists, blacklists and greylists; deep and shallow packet inspection; Bayesian techniques; heuristic filters; etc. to block almost all spam.

Privacy and 1st Amendment advocates and the email providers (like ISPs) themselves raise little objection to this spam filtering. We think that is so because spam email is such an irritation to all of us. ISPs even absorb the expense of this filtering without objection as they see it as a service to their customers. (In fact, they know it is a necessity in order to have a competitive email product.)

Privacy and 1st Amendment advocates also say the "spam" model approach to stopping IP theft will "take too long" and slow down the internet2. This is nothing more than another variety of the perfect versus good argument.

Yes, initially some acceptable system degradation will occur, but it will be quickly offset by two results from the interdiction activity: (1) network volume will drop dramatically as all of the illegal downloading is stopped and (2) over time, illegal downloaders will give up as they realize they can't steal anymore.

And finally, the same advocates that argue for the "free and open" internet are also pushing hard for the 100 Mbps plus internet in the US and as that system arrives, the "degradation" argument becomes even more specious.

URL Blocking: If you block the URL of a BitTorrent site that is known to traffic IP illegally, how is that different than blocking traffic from a known spammer operating from a specific URL? (The "blacklist" approach.) So, why should ISPs not be able to blacklist known IP trafficking internet addresses?

Additionally, URL blocking is used in various countries like Germany and even in the United States to block access to child pornography sites. 1st Amendment and privacy arguments have failed to derail these efforts and the argument that all sites can not be blocked (the perfect versus good argument) have also failed (as they also should in the fight to eliminate online IP theft).

The model resulting from the agreement between New York Attorney General Andrew M. Cuomo and Verizon, Time Warner Cable, and Sprint (which companies agreed to block access to child porn from two significant sources: newsgroup and child porn websites) is essentially what we are proposing.

Deep packet inspection: ("DPI"), or the process of computers analyzing the body of packets traversing the internet is also a powerful tool for derailing spam. 1st Amendment and privacy advocates argue that it is a "Big Brother" activity and therefore should not be used to identify and interdict illegal file sharing transfers. Yet, this approach is commonly used in spam blocking and to identify and block phishing attacks and viruses. Moreover, it's computers reading computer code, so we fail to see how an individual's privacy is compromised (unless he/she is engaged in illegal activity?)

Some limited overblocking and underblocking will occur as these and other means are used to stop online IP theft just as they do in spam blocking. But, that seems a small price to pay to protect and save the IP industries that employ millions of Americans. Just think of the jobs that will be saved or created!!

One final argument of the privacy and 1st Amendment advocates that we'd like to explode too is that encryption and various tunneling protocols can be used to get around URL blocking and DPI. Yes, that's true. But again, let us not let the perfect be the enemy of the good. Moreover, there are workarounds in this area too. Client side interdiction installed in internet users' modems can defeat encryption and tunneling.

Let us heed the words of one of the greatest advice givers the world has ever known, Kahlil Gibran:

Advance, and never halt, for advancing is perfection. Advance and do not fear the thorns in the path, for they draw only corrupt blood.

We implore you to do everything in your power to not take URL blocking and DPI away from internet service providers as a means of interdicting intellectual property theft.

The DMCA Safe Harbor

We ask that you repeal the safe harbor provision of the DMCA as it relates to ISPs. In fact, we ask that you go in exactly the opposite direction. Make ISPs responsible and accountable for online theft that takes place over their networks. Do that one simple thing and the endless creativity that has stopped virtually all spam email from reaching our inboxes will be replicated and stop virtually all online IP theft.

There is an entire ecosystem of companies and individuals that are feeding off of the rightful revenue stream of IP owners. They are pirate websites hosting unlicensed IP, websites and companies that sell software and services to steal IP anonymously, website eZines dedicated to how to steal IP online, ISPs that specialize in hosting pirate sites, usenet sites that have abused and perverted the concept of the old newsgroups to traffic in unlicensed IP, websites that hide behind the DMCA safe harbor provision and provide links to millions of unlicensed IP files all over the world, etc.

This ecosystem can be shut down and must be shut down. The internet can not be some Wild Wild West where anything goes. First and foremost, online file sharing of unlicensed IP is theft and must be stopped.

The "3-Strikes" Approach

We ask that you specifically reject the "3-strikes" approach that France recently adopted and which the UK seems poised to. This approach requires many of the techniques for identifying illegal filesharers that we advocate above (like DPI), but, it is a half measure.

Assuming individuals are disconnected from the internet by their ISP for illegal downloading, they simply find a new ISP. So, it results in the same "whack'a mole" that has failed to solve the illegal file swapping problem in the past (the serial lawsuits against one pirate site after another).

Moreover, cutting off an internet user seems to us to be over-correcting. If you can identify a file being downloaded illegally, why not just stop the download? Or better yet, steer the would-be illegal file sharer to a legitimate site where he or she can purchase the IP they are trying to steal. Moreover, give the ISP a commission if the sale takes place. That way, the ISPs can monetize their interdiction costs.)

The use of blacklists and greylists (before the DPI stage is even reached) will block hundreds of millions if not billions of illegal downloads per year. In time, the ecosystem we discussed earlier will wither on the vine and die off.

Again, URL blocking and DPI are not perfect technologies. Encrypted downloads and anonymous file sharing may be missed by these techniques, but if just half of illegal file sharing is stopped, a huge benefit will accrue to the IP industries and the entire country (we estimate in excess of $5 billion per year for the recording industry alone in the U.S.).

The "pro-piracy" community argues that you can't stop illegal file sharing and whatever technical solution is tried will be endrun by a countervailing technology. They use this argument to bludgeon into submission those who would try.

Again, the perfect should not be allowed to be the enemy of the good and the Spam Model is proof that real world success can be achieved.

While surely new sites will spring up when URLs of old pirate sites are blocked, the same has happened in the past in the spam "world," but the blacklists can be updated hourly and ISP computers can log onto the blacklist servers and update their lists hourly too.

We cannot stress this enough, the United States must pass legislation that will place the responsibility for illegal file sharing squarely on the ISPs. Only ISPs are in a position to monitor and interdict what is going over their networks. (For privacy advocates, there is a far more pernicious alternative and that would be to have all traffic routed onto a law enforcement or government router and have all the checking for illegal downloads effected there! Since we doubt that's a solution anybody wants, we suggest that keeping the interdiction activity at the ISP level is a far more palatable option.)

It should be noted too that there is a distinct benefit in this approach to ISPs. They must size their networks (bandwidth) to the number of customers they have and the volume of traffic those customers produce on the network. Illegal file sharing is estimated to take up substantial ISP bandwidth and eliminating it will allow ISPs to handle more customers with less bandwidth reducing the capital and operating expense associated with bandwidth build-out and management.

Additionally, ISPs are keen to use DPI to identify and segment types of activities on their networks for the purposes of network management and designing and selling different service packages based upon a customer's usage and desires. We would suggest that ISPs accept the trade-off of having to filter for and interdict illegal downloading for the benefits that would accrue to them in the use of DPI to do what they want to do anyway. In that way, ISPs would get the right to offer variable priced plans that could be based around usage caps and/or activities (such as gaming or legal BitTorrenting). The days of "one size fits all" internet plans in the US needs to come to an end as it already has in many foreign countries.

Many ISPs are fighting hard against the responsibility that is naturally theirs to interdict online IP theft due to the costs, but in the longer run, if they do not shoulder this responsibility, they will miss a huge business opportunity.

The internet is clearly an excellent medium to deliver all content that can be digitized—and that is just about all content: music, movies, TV shows, software, games, books, magazines, and newspapers. But, as more and more of that content is ripped off; as the profits of the content industries are destroyed by such theft; eventually, content will disappear and so will the profits the ISPs could earn from its delivery.

One final thought on ISPs: While traditionally ISPs have been "dumb pipes" carrying content, as the pending deal between Comcast and GE over NBC Universal illustrates, ISPs may well one day be major content owners. Thus, getting on the anti-piracy bandwagon now might be a good idea!

Copyright Act of 1976

Under current copyright laws in the U.S., only the very rich can sue for copyright infringement. For this reason, virtually all such lawsuits brought that are internet-related (i.e., involve the hosting of unlicensed IP on the web or the illegal downloading of IP from the web), have been brought by "rich" artists (like AC/DC3 [Metallica], Prince. etc.) or record labels or the trade groups like the RIAA or MPAA that represent IP industries.

We believe this is wrong. We believe that individual copyright holders like songwriters and indie artists should have an effective legal recourse (and by effective, we mean "affordable" legal recourse). Under current law they do not.

One of the reasons for this is that the Copyright Act of 1976 took virtually all copyright matters out of state courts. Currently, only federal courts can be used to bring an IP infringement case and bringing a federal court case is expensive (we've been quoted $250,000 minimum).

Moreover, the "proof" of infringement in file sharing cases is a "bridge too far" for a songwriter or other individual IP owner. Generally a "John Doe" case must be brought to even identify the infringer. Then technical and complicated computer and network forensic investigatory techniques must be presented in court to "prove" the infringement and prove who did the infringing.

We believe a totally different burden of proof needs to be codified into law. We do not want to get tangled in the weeds on exactly how this needs to be done, but let us say this: In order for IP to be infringed over the internet, an ISP must be involved.

Those ISPs must be forced to know when an illegal act takes place over their networks and be required to archive it so that it may be retrieved. An IP owner should be able to inquire as to whom (which customers of an ISP) have infringed their IP and retrieve the proof. (Note: This assumes that ISPs have not been required to interdict illegal filesharing as we advocate for above. If that is being done effectively, this recommendation may be moot.)

This proposed requirement of ISPs is not too dissimilar to what is required of colleges currently by The Higher Education Opportunity Act (HEOA) of 2008. For instance, it requires colleges have…

a plan to "effectively combat" copyright abuse on the campus network using a "variety of technology-based deterrents."

This proposal may well enrage ISPs. They often express that they are not in the business of policing the internet. But, should they be? If someone slips and falls on my steps, they can sue me and I am responsible (hence umbrella liability policies). If I manufacture a car and it is defective and someone gets killed in it because of that defect, I am likely to be sued—hence I am clearly responsible.

One more thing: IP owners need to be able to bring copyright infringement cases in state court and they need the ironclad proof (as we outlined above) of who infringed their copyright and when it was done so that the case can be brought without a lawyer in small claims court.

That way, a songwriter for instance can bring a case for the minimum statutory damages of $750 per infringement against a single individual who infringed one song and have a good chance to win the case and collect the $750.00. (As it is now, the usual target of a copyright case almost has to be someone who has engaged in many many instances of infringement so that the cumulative award in the case is based on a lot of songs and thus may justify the litigation costs involved.)

While the RIAA campaign against individual downloaders may have not yielded a desirable public policy and deterrence result (because of some of the large judgments which led to a bad PR outcome), hundreds of thousands of small successful infringement cases by songwriters and indie artists might raise public awareness that illegal file sharing is theft and does have deleterious and immediate consequences TO THE FILE SHARERS!!.

With the minimal costs of a small claims court case, thousands of IP holders could bring suits and recover what to them is a significant amount of money. Moreover, most any defendant can afford to pay $750.

Summary & Conclusion

Many industries have been hard hit by online IP theft, but the music industry in particular has suffered. Many other commenters will no doubt make that case so we won't belabor it, but we have detailed the damage at http://www.stopmusictheft.com/the-scope-of-internet-intellectual-property-theft.

Simply put, we estimate, in 2009, United States recording industry sales were 30% of what they should have been and would have been if illegal downloading wasn't occurring. Moreover, on average, top artists sell 1/3rd of what their peers sold a decade earlier.

Unless there are new laws enacted and some of the technical solutions we recommend are adopted, we don't see how those numbers are going to improve and that will just lead to more of, as Hank Williams, Jr. says, the "Red, White, and Pink-slip Blues"!!

Thank you for this opportunity to share our ideas with you.