"Three strikes" copyright enforcement fiasco in Ireland
P2P filesharing peer-to-peer, posted: 18-Jun-2011 14:08
While New Zealand waits for its "three-strikes" act to kick in, the Irish are finding their version troublesome. It was set up in an agreement with the biggest ISP there, Eircom, and the music industry in 2009.
Will the Irish experience be mirrored in New Zealand? This is an excellent reminder and warning that presumed guilty upon accusation laws are not fair.
Thanks to @lawgeeknz for the EDRI-gram.
15 June, 2011
The Irish Data Protection Commissioner is investigating the Eircom / music industry three strikes system, a report in the Sunday Times has revealed. According to the story by Mark Tighe, predictions that Eircom would end up falsely accusing innocent users have now proved correct, with over 300 users wrongfully being sent a "first strike" letter accusing them of sharing music.
Eircom have admitted to the mistakes, stating that "this was due to a software failure caused when the clocks went back last October". However, far from being a technical sounding "software failure", this appears to show up failings in relation to a very basic aspect of network management - i.e. making sure that the server clock reflects daylight savings time. As a result, it seems that users found themselves being accused on the basis of what somebody else did from the same IP address either an hour earlier or an hour later. Consequently, the users who were wrongfully accused should consider themselves lucky that this incompetence did not lead to their being accused of a serious crime - for example, being arrested and having their homes searched due to the wrong time being used (as has previously happened e.g. to a number of Indian users).
The significance of this case goes well beyond simple technical failings however, as the complaint to the Data Protection Commissioner has triggered a wider investigation of the legality of the entire three strikes system. According to the Sunday Times, "the DPC said it was investigating the complaint 'including whether the subject matter gives rise to any questions as to the proportionality of the graduated response system operated by Eircom and the music industry'."
This is unsurprising. When the Eircom / music industry three strikes settlement was being agreed, the Data Protection Commissioner identified significant data protection problems with it. These problems remain, notwithstanding the deeply flawed High Court judgement which permitted the parties to operate the system - a judgement which, for example, decided on the question of whether or not IP addresses are personal data without once considering the views of the Article 29 Working Party. The Data Protection Commissioner was not convinced by that judgement (it was problematic at least in part because the Commissioner was not represented - the only parties before the court had a vested interest in the system being implemented). However, until a concrete complaint arose no further action could be taken.
The complaint in this case has now triggered that action, and it seems likely that the Commissioner will reach a decision reflecting his previous views that using IP addresses to cut off customers' internet connections is disproportionate and does not constitute "fair use" of personal information. If so, the Commissioner has the power and indeed the duty to issue an enforcement notice which would prevent Eircom from using personal data for this purpose - an outcome which would derail the three strikes system unless Eircom successfully challenges that notice before the courts, or unless the music industry were to succeed in its campaign to secure legislation introducing three strikes into Irish law.
Eircom investigated after falsely accusing customers of piracy (5.05.2011)
http://www.thesundaytimes.co.uk/sto/news/ireland/article642095.ece
Data Protection Commissioner investigating Eircom's "three strikes" system (11.06.2011)
http://www.tjmcintyre.com/2011/06/300-false-accusations-data-protectio...
(Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland)
Other related posts:
Megaupload and the US grand jury
Filesonic disables file sharing; due to MegaUpload?
An industry plundered by pirates
Will the Irish experience be mirrored in New Zealand? This is an excellent reminder and warning that presumed guilty upon accusation laws are not fair.
Thanks to @lawgeeknz for the EDRI-gram.
Irish "three strikes" system investigated by Data Protection Commissioner
15 June, 2011
The Irish Data Protection Commissioner is investigating the Eircom / music industry three strikes system, a report in the Sunday Times has revealed. According to the story by Mark Tighe, predictions that Eircom would end up falsely accusing innocent users have now proved correct, with over 300 users wrongfully being sent a "first strike" letter accusing them of sharing music.
Eircom have admitted to the mistakes, stating that "this was due to a software failure caused when the clocks went back last October". However, far from being a technical sounding "software failure", this appears to show up failings in relation to a very basic aspect of network management - i.e. making sure that the server clock reflects daylight savings time. As a result, it seems that users found themselves being accused on the basis of what somebody else did from the same IP address either an hour earlier or an hour later. Consequently, the users who were wrongfully accused should consider themselves lucky that this incompetence did not lead to their being accused of a serious crime - for example, being arrested and having their homes searched due to the wrong time being used (as has previously happened e.g. to a number of Indian users).
The significance of this case goes well beyond simple technical failings however, as the complaint to the Data Protection Commissioner has triggered a wider investigation of the legality of the entire three strikes system. According to the Sunday Times, "the DPC said it was investigating the complaint 'including whether the subject matter gives rise to any questions as to the proportionality of the graduated response system operated by Eircom and the music industry'."
This is unsurprising. When the Eircom / music industry three strikes settlement was being agreed, the Data Protection Commissioner identified significant data protection problems with it. These problems remain, notwithstanding the deeply flawed High Court judgement which permitted the parties to operate the system - a judgement which, for example, decided on the question of whether or not IP addresses are personal data without once considering the views of the Article 29 Working Party. The Data Protection Commissioner was not convinced by that judgement (it was problematic at least in part because the Commissioner was not represented - the only parties before the court had a vested interest in the system being implemented). However, until a concrete complaint arose no further action could be taken.
The complaint in this case has now triggered that action, and it seems likely that the Commissioner will reach a decision reflecting his previous views that using IP addresses to cut off customers' internet connections is disproportionate and does not constitute "fair use" of personal information. If so, the Commissioner has the power and indeed the duty to issue an enforcement notice which would prevent Eircom from using personal data for this purpose - an outcome which would derail the three strikes system unless Eircom successfully challenges that notice before the courts, or unless the music industry were to succeed in its campaign to secure legislation introducing three strikes into Irish law.
Eircom investigated after falsely accusing customers of piracy (5.05.2011)
http://www.thesundaytimes.co.uk/sto/news/ireland/article642095.ece
Data Protection Commissioner investigating Eircom's "three strikes" system (11.06.2011)
http://www.tjmcintyre.com/2011/06/300-false-accusations-data-protectio...
(Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland)
Other related posts:
Megaupload and the US grand jury
Filesonic disables file sharing; due to MegaUpload?
An industry plundered by pirates
Permalink to "Three strikes" copyright enforcement fiasco in Ireland
| Add a comment
(7 comments)
| Main Index
Comment by Nathan Ward, on 19-Jun-2011 19:13
"a very basic aspect of network management - i.e. making sure that the server clock reflects daylight savings time."
No.
The very basic aspect of network management is not using any form of DST, it's using UTC.
Comment by Jon, on 19-Jun-2011 19:54
What amuses me more is that when the UN decided that this fiasco was against human rights NZ said yes we think so to...idiots.
http://arstechnica.com/tech-policy/news/2011/06/us-nz-sweden-others-condemn-three-strikes-internet-laws.ars
Comment by techmeister, on 26-Jun-2011 22:38
Do we have a data protection commissioner?
Add a comment
Please note: comments that are inappropriate or promotional in nature will be deleted.
E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.
Comment by lucky015, on 19-Jun-2011 01:05
I think the larger issue would be the breach of privacy of those falsely accused.