Comparing DEA Requirements to JANET AUP

I’ve been having a look at what the first stage of the Digital Economy Act 2010 will require of qualifying ISPs and comparing it with what JANET already requires of the universities and colleges that connect to the network. And I can’t see that the Act would add anything to our existing measures against copyright infringement, confirming a statement by a Government Minister a couple of months ago.

I’ve included references to the legislation in the discussion below, though these are a bit complicated as the detailed section numbers (beginning 124) are actually references to the Communications Act 2003 as amended by the Digital Economy Act. The hyperlinks will take you to the appropriate parts of the Digital Economy Act where you can find the text of the amendments. I hope that makes sense…

Organisations Covered (s.124C(3)-(5))

All JANET-Connected Organisations (JCOs) are required by the JANET Acceptable Use Policy to deal effectively with reports of copyright breach by their users.

The Act would apply to “ISPs” and their “Subscribers”, as defined in section 124N.

Copyright Infringement Reports (ss 124A(3) and 124E(2))

JANET’s guidance states that as a minimum a Copyright Infringement Report should include the source IP address, synchronised time and timezone, and a statement of the reporter’s authority in relation to the content. Since dynamic address allocation and address translation are commonly used by universities and colleges, the guidance points out that including the source and destination IP addresses and port numbers will significantly increase the likelihood of being able to identify a responsible person.

The Act leaves the detail of CIRs to the Initial Obligations Code.

Notification to Alleged Infringers (ss 124A(6) and 124E(3)-(4))

JANET’s only formal requirement is that the action taken by connected organisations when they receive a Copyright Infringement Report must be effective. Our guidance recommends that provided that the report appears consistent with the organisation’s own records (e.g. address allocation and network flows) and that the report contains sufficient detail to allow a responsible individual to be identified, then that individual should be informed of the apparent breach and be provided with information about copyright and computer security. We would expect any repeated infringement by the same individual to be treated as a serious matter.

If a report is inconsistent with the organisation’s own records we encourage them to contact the reporter to determine the source of the error.

The Act requires ISPs to inform their subscribers of CIRs, probably through a graduated response process to be defined in the Code.

Serious Infringers List (ss 124B(3) and 124E(5)-(6))

JANET-Connected Organisations will generally record copyright infringement as part of their staff and student disciplinary processes, and retain records as required by those processes. Repeat infringements after a warning are understood to be rare. The identity of individual users is protected under the Data Protection Act 1998 so is likely to be released only under a RIPA s.22 notice (criminal) or Norwich Pharmacal Order (civil).

The Act requires ISPs to maintain a list of serious infringers, above a threshold to be set in the Code. Anonymised identities of serious infringers can be released to copyright owners on request.

Appeals (s. 124K)

Individual JANET users identified as being responsible for copyright breaches may challenge this informally or formally under their organisation’s disciplinary process (which must comply with the Human Rights Act 1998). Since most organisations check reports against their own flow logs before passing them on, such challenges are understood to be rare.

The Act will create an independent body to hear appeals against notices and inclusion on the serious infringers list.

Cost Sharing (s. 124M)

The costs of dealing with copyright infringement on JANET are met by the organisations that incur them

The Act may require copyright owners to contribute to ISPs’ costs, and both to pay the costs of Ofcom and the Appeal Body. The mechanisms and proportions are the subject of a consultation by the Department for Business, Innovation and Skills.

By Andrew Cormack

I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!

Leave a Reply

Your email address will not be published. Required fields are marked *