The Copyright Alert System (CAS) was rolled out in late February 2013. CAS constitutes the United States realization of the international concept of “graduated response programs:” frameworks for media owners to address alleged online copyright infringements with computer users through their Internet Service Providers (ISPs). Key features of CAS – and other graduated response programs – are the monitoring of peer-to-peer (P2P) file sharing systems followed by electronic notifications of supposed violations to the user of the computer as well as measures against her that increase in severity with every instance. CAS is a private “six strikes” program based on an agreement between major media corporations and ISPs setting up the so-called Center for Copyright Information (CCI). The consortium’s website describes CAS’ features and emphasizes its educational nature, noting especially that no mandatory termination is built into the agreement and that commercial accounts are not meant to be affected. The Electronic Frontier Foundation, EFF, launched a FAQ of their own when CAS was initiated, however, and pointed out that vast amounts of local businesses are small and reliant on residential-type online access so that in fact “CAS will chill open Wi-Fi.”
Now, two months after the introduction of CAS, how has public access to the Internet already been affected? Where did this scheme come from – and where is it going?
CAS: An Origin Story
Large entertainment corporations have long complained about practical difficulties of enforcing copyright infringement. It is of course possible to either directly sue the actual entity violating copyright in court or to approach the intermediary service provider via the legal Notice and Takedown procedures of the Digital Millennium Copyright Act (DMCA). The infrastructure of the world-wide web – virtual environments based on code, not concrete — has enabled the quick, easy, and legal spread of digital media. But the web’s dynamic set-up also allows participants to spread such media further in often illegal ways: through file-hosting and file-sharing systems that are not actively inducing copyright infringement and thus largely immune under the Supreme Court’s seminal 2005 rule in Grokster. So call it a hydra or a game of “whack-a-mole”; forcing one infringer to cease his actions or disabling one site often sees the next one spring up to serve a – real or perceived – demand. In light of the narrow scope of precedent and the continued use of P2P in particular for disseminating content, rightholders began to focus on the consumers.
Private Action – Condoned and Coaxed
The 2011 memorandum of understanding (MOU) between representatives of the MPAA, RIAA, other content-owning corporations, and primary ISPs Verizon, AT&T, Time Warner, Cablevision, and Comcast set out to create CCI as a private regulatory body to enforce copyright against end users. The Obama Administration has backed CAS, adding to the considerable controversy. Among others, the EFF has sharply criticized CAS’ intransparent set-up and its one-sided “appeals” process called “Independent Review.” Focusing on the six strikes as such, Gizmodo explained the plan:
“When you’re caught downloading illegal materials from peer-to-peer networks the first time, you receive an email letting you know that you’re doing something illegal, and educating you on the laws of copyright. The second offense may be another email requiring you to acknowledge receipt, or an educational call from your ISP. From there, the ramifications step up. The second level of warnings (third and fourth emails) require you to watch a video before getting online (or a redirect from certain web sites to an education video). The final tier of warnings are for the fifth and sixth infraction. They range from throttling your bandwidth to redirection to a new landing page. Each ISP has a different policy with how they’ll tackle each offense.”
“Different” may be one way to describe policy and implementation.
While content creators hoped to stop infringements via CAS, other players feared monitoring and the privacy issues inherent in the system. Additionally, the system has been criticized for its constitutional shortcomings: by allowing law enforcement purely through private parties, the Due Process Clause is not so much violated as circumvented from the get-go. CAS has been considered one element of “a new wave of censorship”, not state action yet sanctioned by it due to informal pressure.
Hits and What’s Missing
In the time that has followed the activation of the program, few private parties came forward to tell of CAS enforcement. Even given the declared targeting of individuals alone, this seems at first glance a curious turn in the age of viral information and in an arena surrounded by highly interactive spectators. The usual suspects from A to Z, from Ars Technica to professor Jonathan Zittrain, could and would have gladly received intelligence from private recipients of Alert notifications. Instead, widely published screenshots of Comcast Alerts (four only, interestingly enough) were procured by asking the provider for them. Purposeful pirates seem to have failed to actually garner a response from the system after torrenting TV, movie, and music files, as per a study conducted and then reported upon by the Daily Dot at the end of April:
“[U]sers attempted to get caught [by MarkMonitor software as the CAS’ instrument] using the peer-to-peer filesharing program BitTorrent in a common, but illegal way. That means downloading torrents of popular movies, shows, and albums, and uploading them, piece by piece, for other users.
But damn if that thing isn’t hard to trigger.”
The Daily Dot is shy with details beyond the basics here. It gives the time-frame – three weeks immediately following CAS’ late February’s start – and the methods as well as targets (Game of Thrones, The Avengers, and Rihanna songs via Verizon as an ISP) but does not disclose who or how many test subjects were involved so that the representative nature of this trial remains unclear, admittedly so:
“The results of this study do not prove, by any means, that the CAS isn’t working. It just didn’t work in this instance, in a limited test of just one of the five participating ISPs.”
The early nature of the test run, which cannot have lasted longer than the third week of March by this account, adds to its inconclusiveness. It is possible that alerts are sent out in batches, that is, staggered and significantly delayed. The current lack of large numbers of complaints does not preclude CAS action. As commentators have noted and the Daily Dot repeated more recently, “users who have been flagged once or twice might not even know it; they might only be informed through their rarely-used Internet service provider email account, for instance.” Relatedly, the effects on Open Wireless that the EFF warned about may already be starting, only in an incremental fashion due to the several steps – not strikes – involved in alerts that target small businesses. The CCI’s private nature makes it impossible to petition it for actual statistics, which the consortium will have gathered from Day One.
Troll Tactics and the Bridges they may Build
Even beyond statistics, personally identifiable information (PII) is at stake, and its collection on part of the ISPs has already allowed for significant privacy problems. According to Torrentfreak with regard to CAS, copyright trolls are already seeking PII and related data in civil actions:
“The program specifically leaves the door open for the MPAA and RIAA to request a list of serial pirates for legal action. While this may never happen, new court documents reveal that copyright alerts data is already at stake in a lawsuit brought against an alleged BitTorrent user in Texas. The case, started by adult movie studio Malibu Media last year, is that of a typical copyright troll. It deals with copyright infringements via BitTorrent and after settlement attempts failed, Malibu is now gearing up to take one John Doe defendant to trial. To do so, Malibu has demanded more information on the accused subscriber from ISP Verizon.”
Verizon in this case refused to respond to the successfully court-obtained subpoena in order to protect its customers from “shakedown tactics”, but Malibu Media has motioned the court to enforce said subpoena, as Techdirt’s records reveal. Should the court decide to make key information – to prove a pattern of infringing behavior through the Alerts, for example – discoverable in a copyright infringement action, things could change very quickly. As the more recent Daily Dot post above mentioned, structures supposedly private and minimally intrusive would cease to be a parallel, extrajudicial system.
The CCI has claimed to merely want to “help consumers”; it has touted CAS to be blind on one eye, in that rightholders cannot receive an ISP subscriber’s information directly. If indirect yet immediate obtainment in court were possible, it would not just be eye-opening – CAS could open the floodgates for copyright infringement litigation against individuals.