March 19, 2010
The House of Lords has now published its report on the EC Communication on Protecting Europe Against Large Scale Cyber-Attacks. The conclusions seem broadly to agree with the evidence that Chris Gibson (FIRST) and I presented to them in November: that disruption to the Internet (whether deliberate, accidental or environmental) is something that needs to be taken seriously; that the UK is relatively well-placed in this respect; that there is a role at European level for encouraging the adoption of good practice; and that ENISA (the European Network and Information Security Agency) should be provided with adequate resources to play a role in this.
Chapter 2 of the report also provides a useful summary of the range of disruptive incidents that can occur and is worth reading even if you aren’t interested in the other policy and political stuff.
March 16, 2010
Not my words, but those of Lord Whitty on the conclusion of the Lords debate on the Digital Economy Bill. It appears that the 3rd reading debate last night made no significant changes. In particular the amendment on site blocking by ISPs that was passed last week has not been altered, despite the harm it is likely to do to both free speech and safety on line. The Bill now moves to the Commons, where the closeness of the Budget and General Election seems likely to limit the possibilities for debate.
Although we haven’t managed to improve the text of the copyright-infringement parts of the Bill we do at least have a public acknowledgement from the Government that the application of the Bill to universities and colleges is not simple, and that inappropriate application could seriously damage our existing work to reduce copyright infringement on JANET. I hope that will be enough to persuade Ofcom to fit us into the Bill’s definitions and Code in a way that does not do too much harm either to rights holders’ interests or ours.
March 11, 2010
I’ve been asked by a number of people to set out the current problems that the Digital Economy Bill is likely to create specifically for universities and colleges, so here’s a summary. This reflects the state of the Bill at the end of the Lords’ Report stage, and doesn’t cover more general problems around liability, reporting, disconnection and blocking that have been widely discussed elsewhere. I think that the Government is starting to understand the complexity of our situation, but so far they haven’t made any changes to the Bill to address them. Indeed the most significant change – made by the opposition parties last week against the wishes of the Government – has actually added two points to my list of concerns.
JANET is the UK’s National Research and Education Network. It connects universities, colleges and schools to each other and to the Internet. JANET and its customers’ networks are large, fast and complex: the JANET backbone runs at 40 Gigabits per second; many universities have thousands of devices and tens of thousands of users, connected to the backbone at speeds up to 10Gbps.
Copyright infringement is a breach of the Acceptable Use Policies of JANET and its customers. Effective enforcement of those policies and education of users has reduced infringement to what is recognised by rightsholders and Government as a very low level. Universities with thousands of users typically receive less than one report of copyright infringement per day. There is a serious risk that inappropriate application of the Bill may seriously damage these effective processes.
The scale and variety of education networks and organisations means that they do not fit easily into the Bill’s definitions: the Government has indicated that a university may be an ISP, a Subscriber, a Service Provider, or fall outside the Bill! Thus the Bill will create uncertainty and may force the adoption of unsuitable, expensive measures against infringement; the provisions on web site blocking in Clause 18 may conflict with universities’ statutory duty to promote free speech and will encourage users to circumvent security measures designed to keep them and their computers safe.
- The Government has stated that every university will have to determine its own status under the Bill. This will be an expensive and time-consuming process for them and the regulator. Different statuses would also mean rightsholders and JANET having to use a different infringement reporting system for each university, college and school, causing considerable disruption to the existing effective process.
- The most effective place to report infringements is the organisation that (a) is publicly listed as owner of the IP address, and (b) can identify, warn and educate the individual user. In most cases that will be the university or college, though for schools the situation is less clear. If the Bill results in reports being sent to the wrong place then this will delay processing of the report and may make it impossible to identify and educate the responsible individual.
- Universities, colleges and schools use a wide range of measures to reduce copyright infringement. Some focus on policies and user education, others on restricting applications, sites or bandwidth. Mandating specific solutions (for example requiring a 10Gbps network to proxy all traffic) is likely to be very expensive, cause serious disruption to the proper use of the network, and may even be impossible, with little or no benefit for rightsholders.
- Universities, unlike ISPs, have a duty under section 43 of the Education (No.2) Act 1986 to promote free speech, which may prohibit them from blocking access to allegedly infringing websites without a court order. Clause 18 assigns the costs of such cases to the “ISP”, so universities may incur significant costs as a result of this conflict of statutes.
- By imposing technical blocks on material that users are actively seeking, Clause 18 creates an incentive for users to circumvent those blocks. Techniques to do this are widely available, and not technically complex; their use will nullify the existing measures used by schools, colleges and universities to protect users from malicious and harmful content.
March 4, 2010
Even worse news on the Digital Economy Bill, I’m afraid. A successful amendment (amendment 120A) to the Bill last night has given courts the power to order ISPs to block access to any website where a “substantial proportion of the content” infringes copyright.
In his blog, Lord Clement-Jones, who proposed the amendment, quotes the Internet Watch Foundation’s list of indecent images of children as a precedent for this. Apparently he has failed to notice the IWF’s own FAQ on blocking, which states:
Blocking is designed to protect people from inadvertent access to … images … No known technology is capable of effectively denying [those] who are actively seeking such material
and
We consider blocking to be a short-term disruption tactic which can help protect internet users from stumbling across these images.
In the case of copyright infringing material it seems that far more people are “actively seeking” it than are “stumbling across” it. So while the recognition that the courts are the right place to resolve questions of copyright infringement is welcome, the power given them by the amendment is to order ISPs to do something that is known to be impossible.
What’s worse is that blocking material that people want to access will encourage them to use methods to get around those blocks (which can be simple and do not require technical knowledge). And once someone starts using those techniques, they are also exposed to all the viruses, trojans and other harmful things on the Internet that we work so hard to protect them from.
UPDATES
The amendment is getting a lot of comment, almost all of it critical:
