The leaked ACTA Internet chapter has a footnote that says an ISP can only hang on to its “safe harbor” by implementing certain policies designed to discourage the use of their networks for copyright infringement, and that “An example of such a policy is providing for the termination in appropriate circumstances of subscriptions and accounts in the service provider's system or network of repeat infringers.” Three strikes and you're out.
USTR's claim that ACTA wouldn't “change” US law is plausible (if not comforting). Similar language is already part of US law (17 U.S.C. 512 §(i)(1)(A))–as is the Fifth Amendment to the US Constitution, of course, which assures that no person can be “deprived of life, liberty, or property, without due process of law.” One would hope that, like the existing statute, the ACTA language will be read in the context of the Constitution, which assures that mere accusations of copyright infringement are not enough to kick someone off the Internet. One would also hope that other countries, if they end up agreeing to a version of ACTA with this language, also understand that a “repeat infringer” must have been afforded due process.
Unfortunately, not everyone is going to read that language in this way. So much paperwork is required to actually prove something in a court of law! I'm sure the MPAA would rather just send a quick note over to an ISP and take care of things with minimum fuss. Because some people's priorities put limiting file-sharing above the Constitution, I need to explain why “safe harbors” are so important that making them contingent on a three strikes policy is the same as directly enacting them.
Don't Shoot the Messenger
ISP safe harbors are a great idea. ISPs are not like newspapers, where the paper itself controls what it prints, and can be held (at least partly) responsible for a libelous letter to the editor. They are not publishers, who can be held liable for acts of copyright infringement done by their authors. They're intermediaries.
The difficulty a communications intermediary can have in determining whether or not a particular message is unlawful has long been recognized–see Henry Perritt Jr.'s overview here. Most communications services act as “dumb pipes,” transmitting others' content and not attempting to control it. It's unreasonable to expect an intermediary to review each communication it transmits, and hold it liable for any slip-ups. Even if doing this were possible, the public wouldn't want it–the benefit (reduced use of networks for libel and other unlawful activities) doesn't outweigh the costs (inefficiency and loss of privacy).
Thus, communications services were given a deal: They were not liable for the uses their networks were put to if they acted as “common carriers,” transmitting all messages and serving the public in a nondiscriminatory fashion.
Online services, of course, are more advanced than telegraph networks. You could argue that they have more opportunity to control what's on their systems, and that they are more like newspapers than telegraph networks. Thus, a few cases held online services liable for content on their systems that was put there by users. Prodigy, for instance, was held liable for postings to its forums. But anyone who used services like Prodigy in the 1990s knows how unrealistic it was to expect the service to control everything on its system. Holding online services liable for their users' conduct could shut them down or vastly increase their costs.
As part of the DMCA, Congress stepped in with a balanced approach, which is found in 17 U.S.C. § 512. This law gives a safe harbor from liability to online service providers that meet certain requirements. Online services that passively transmitted content would not be liable for that content, mirroring the approach that worked for older communications services. Online services that fit into this category are what we usually think of as “ISPs” today. Online services that actually store content are neither classic “dumb pipes” nor publishers, and a new approach was needed. Thus, to qualify for the safe harbor from liability, they have to follow notice-and-takedown provisions, can't actively seek out unlawful content, and a few other things. We've been critical of the exact way these generally good ideas have been implemented–the Copyright Reform Act proposes changes. But the basic ideas are good.
Safe harbors are a sensible way to limit online services' liability, without giving them free reign to abuse their immunity. They're necessary for the free flow of commerce and ideas on the Internet today.
Oh yeah: like I said before, under current law all online services are required to terminate “repeat infringers” of copyright.
Point Finger, Repeat
A “repeat infringer” is a person who has repeatedly been found by a competent body to have infringed copyright. Simply accusing someone of copyright infringement is not enough to brand him an infringer–such a person is just a repeat accused. We don't punish people in our country without due process, where the accused is given notice of the charge against him, and an opportunity to be heard by a neutral tribunal and to rebut the charge. In additional to being constitutionally required, due process is especially appropriate in a copyright context, where no algorithm or checklist can tell you whether a particular use of a work is lawful or not. For example, there has to be a fact-specific economic and legal analysis to determine whether a use a copyright holder objects to is “fair,” and therefore lawful despite the objection.
People like Bono want to get rid of safe harbors for ISPs. There's no question that many people use the Internet to infringe copyright and otherwise break the law, and to some the loss of privacy and increased inefficiency that could result from widespread network monitoring (and the necessary blocking of encrypted traffic that is necessary to ensure that the filters and taps aren't bypassed) are worth it. Thus, they argue that ISPs should actively monitor the traffic they transmit, putting them back into the category of publishers that are responsible for the communications they carry.
I believe that convenient, legal, and cheap beats inconvenient, illegal, and free, and that by giving customers what they want at reasonable prices the content industry can continue making money without requiring ISPs to implement ubiquitous wiretapping, and without stripping away their traditional immunities. But that's another debate–the kind of cost/benefit policy argument that keeps Washington humming.
But do we really want to subject due process rights to a cost/benefit analysis? If those that are pushing for mandatory disconnection policies believe it is appropriate to cut off people's Internet service on the basis of accusations of copyright infringement, I'd like to hear from them exactly why this does not contravene the due process fundamentals of US law. No hand-waving, please. If you tell an ISP that the only way it can qualify for a safe harbor is to “voluntarily” adopt a disconnection policy, that's the same as making the policy mandatory–an offer the ISP can't refuse. It's true that ISPs can voluntarily adopt termination policies. But if the government engages in arm-twisting and carrot-dangling, it can't turn around and pretend like the disconnection policies that inevitably result are just private arrangements, the free market at work. Just as Congress can pass unconstitutional laws, the executive branch can adopt unconstitutional readings of laws, and its “enforcement” policy can overreach.
Limitations on liability have been essential for the growth and success of the Internet, and are necessary for the continued existence of individual ISPs. It would be unconstitutional to condition ISPs' qualification for safe harbor protections on their implementing systems it would be flatly illegal for the government itself to implement.
Thus, if agreed to by the US, the current ACTA Internet chapter needs to be read as merely reflecting section 512: an ISP has to cut off people who have been repeatedly adjudicated by neutral tribunals to have infringed copyright, or the ISP loses its safe harbor. This is a reasonable requirement that comports with due process.
It's a shame, though, that the same language in the agreement may be implemented by nations without the same due process tradition as the United States. But at least in the US, we can take comfort that, ACTA or no ACTA, accusations of copyright infringement from interested parties are not enough to trigger mandatory disconnection policies.