Legislation to Address Illicit Peer to Peer (P2P) File Sharing

Transcription

1 Legislation to Address Illicit Peer to Peer (P2P) File Sharing September 2009 Response to BIS Consultation Jonathan Harley Regulation Manager Gemserv Limited 7th Floor Centurion House 24 Monument Street London EC3R 8AJ Company Reg. No: Tel: +44 (0) Fax: +44 (0)

2 Introduction Gemserv specialise in the development and management of efficient and effective governance agreements. We are the leading specialist UK consultancy in the field of consensus building and have expertise in a wide range of industries. Gemserv has over 10 years experience in managing and operating multi-party agreements, including a number of Codes of Practices and Accreditation Schemes, where competitors and/or constituencies are required to inter-operate and co-operate on matters of common interest. We have a reputation for providing a knowledgeable service through the delivery of impartial/independent advice and guidance, underpinned by a thorough understanding of the underlying relationships between the participants and stakeholders. Gemserv operate exclusively at the market level e.g. for Government Departments and Regulators, and not for individual market participants, which ensures that our independence, objectivity and integrity are never compromised. The below table demonstrates in better detail the Services we provide; Figure 1: Gemserv s Provision of Services Gemserv is responding to this consultation because we have extensive experience of developing and evolving processes and procedures to make markets work more efficiently, both for consumers and service providers. We have contributed to the evolution of a number of markets including Energy, Water and the Environment and would be keen to share our expertise with BIS in order to assist in the resolution of illicit file sharing. Moreover, Gemserv s wholly owned subsidiary, Red Island Consulting is a global leader in the provision of Information Security Solutions and has achieved ISO27001 compliance/certification for more organisations than any other consultancy. They work with their private and public sector organisations to help them manage their information security strategies and benchmark against ISO27001, PCI DSS, Business Continuity Planning/BS25999 and the Security Policy Framework. Collectively, our varied skills and expertise are transferable, particularly pertaining to the principles of good Governance, supporting and enabling legislation to be adhered to. The importance of internet access has been highlighted by a number of high profile bodies. Indeed, such is the significance of the internet that it was highlighted a number of times in the government s Digital Britain Page 2 of 19

3 report. The internet is being used more and more and is now seen as a virtual necessity; it is in this light that we would suggest that internet access is now a utility, in the same way as gas, electricity, water and telecommunications. We believe that the experience we possess in the arena of utilities could contribute to the improvement of the market, ensuring a sustainable future that encourages innovation, competition and also consumer protection. Steps to tackle illicit file sharing can only help to make the market more effective and efficient, which will in turn attract more entrants to the market, both in terms of creative artists, peer to peer providers and internet service providers. The problem of illicit file sharing is fast becoming a deep rooted issue and will require a significant amount of engagement with the general public in order to try and change consumers attitudes towards file sharing. The presence of illicit file sharing can be seen as an indication of a prosperous virtual underground economy, this presents a problem in that, as with all underground economies, no taxes are recovered and laws and regulations of trade are disregarded. The implications of this are that the UK economy is not receiving tax revenues in line with where they should be, rights owners and authors are not being paid what they should be and consumers are left vulnerable to downloading viruses and digital software that could help to fuel further illegal activities. These problems can have negative long term effects on society and regulation regarding file sharing is long overdue in a market that is moving towards maturity. Gemserv have experience in representing different industry stakeholders, writing and facilitating a number of Codes of Practices and designing and implementing governance arrangements. We are an independent body, capable of contributing to this consultation and in the future able to represent the interests of both rights holders and intermediaries. We recognise the need for increased legislation relating to the downloading (and uploading) of files from the internet as an important and necessary step in the evolution of the internet and indeed the digital media sector. It has been long identified that the internet is a modern outlet through which all artists and authors can interact with their customer base. In such a way as there are laws governing the sale of copyrighted articles in high streets, the same principles should apply on-line. Where (potential) customers are downloading from the internet and rights holders are not being recompensed for these articles; such actions can be seen as theft. We believe that the presence of such theft would act as a disincentive for (potential) artists and authors and further discourage the creation of innovative and entertaining art forms. This theft also has associated problems which arise in all illegal market places, which is that articles being sold cannot be properly verified or regulated, which leaves downloaders open to exposure of viruses and other malicious files. It is our belief that the problem of illicit file sharing, although quite common, is not at a stage where it would take any drastic or extensive measures to curtail. We believe that establishing a robust code of practice, agreed by the industry, along with the introduction of a central body to administer the code, educate the public and enforce the relevant legislation would lead to a significant reduction in illicit file sharing. Gemserv would advocate the implementation of a central agency for the following reasons; Page 3 of 19

4 1. A central agency would help to avoid the negative publicity that might affect File Sharing Providers or Internet Service Providers (ISPs). It is clear that many File Sharing Providers and ISPs are performing to their obligations more stringently and thoroughly than others but still may be subject to a negative perception from the public because of the illegal actions of a few. 2. A central agency would ensure that all legitimate File Sharing Providers or ISPs are perceived the same by the general public. They would all have the responsibility to perform to their obligations properly and consistently, which would be of great benefit to rights holders. We believe that the industry should endeavour to invest in the development of a number of commercial models that would rival the illicit peer to peer networks, specifically in terms of cost, ease of use and availability of content. Where such significant commercial models exist users would have no reason to use illicit file sharing applications unless they were explicitly aiming to evade copyright laws, therefore the presence of such commercial models would make it easier to identify flagrant illicit file sharers. It is also suggested that these commercial vehicles for legal digital media be licensed by an industry regulator and a code of practice developed. In this way the regulator would be able to have sight of all legal content providers, making it easier to identify illicit file sharing sites. The popularity and success of sites such as Spotify, Amazon and itunes have shown that commercial models can work and can be successful. Legislation and good governance to prevent illicit file sharing and promote commercial models to download legitimately will only serve to further grow this area of the creative content industry. However care must be taken to ensure that sufficient investment and guidelines are put in place as early as possible so that the development of this industry is as effective as possible. We believe that the absence of commercial models and strong governance frameworks would render any attempts to implement any regulatory measure redundant. Currently the presence of illicit file sharing networks represents a significant barrier to entry, why would people pay for downloads when they are available, sometimes at the same quality, for free? It has been suggested in relation to illicit file sharing that authorising ISPs to block or delete P2P sites that allow users to download copyrighted material may be a possible solution. We would suggest that such an approach may in fact be detrimental to the industry in the long term. It is clear that such P2P sites would have developed valuable experience of how to effectively manage P2P networks, such sites may also benefit from existing large consumer bases. This could serve as a positive in that such sites could help to improve awareness in relation to any forthcoming legislation. Gemserv would advocate that the government endorse a P2P (and non P2P e.g. centrally stored files) File Sharing website accreditation scheme, which would see those sites that had previously allowed users to illegally download or upload copyrighted content apply for accreditation to share files legally. Such accreditation would demonstrate that accredited sites had put in place effective tools to stop users uploading or downloading copyrighted content, and would impose sanctions (such as passing on users information to rights holders) on users that breached the site s terms and conditions. This accreditation could be developed in conjunction with a code of practice, to which all accredited sites would have to adhere to or risk having their accreditation withdrawn. The government should aim to engage P2P site owners in order to assess possible options to tackle the problem. Page 4 of 19

5 It is clear from the prominence and popularity of the Pirate Political Party in Sweden, who became the third largest political party in the country on the premise of the abuse of copyright by multi-billion dollar corporations, that illicit file sharing should be high up on the government s political agenda, as if the matter is tackled in the wrong way it could have wider implications. Gemserv believes that any potential governance arrangement should follow the good governance principles of: Participation Such a governance arrangement should encourage as many market participants as possible to be involved. We believe that the effectiveness of any forthcoming governance arrangements can only be enhanced through its ability to include as many parties as possible. We also believe that market participants should be encouraged to contribute to the definition and design of any governance arrangements. We believe in this case that P2P companies, rights holders (and those authorised to act on their behalf) and consumer groups must be involved in the construction and development of any forthcoming regulation. Transparency Gemserv believe that clarity and transparency are very important in the implementation of any governance arrangements. If industry parties do not understand governance instructions, they will be less likely to participate. Also if parties do not understand their individual responsibilities then compliance may become a real issue. Gemserv believe that any legislation or regulation must be as clear and explicit as possible, however we would advocate that the regulator refrain from using technical and specialist jargon. Reliability Suitable governance arrangements can and should only be constructed on the back of reliable information. The governance structure should also be reliable in itself; in this way regulators must ensure that arrangements are as robust as possible. The governance process must be reliable in that it solves the problem that it was established to solve without creating a number of wider related problems. Accountability Any governance arrangement that allows parties to conduct business without any regard for any of its shareholders or stakeholders should be avoided. Such governance arrangements would be largely ineffective in reducing the underlying problem. Industry participants must show levels of accountability to shareholders and each other and effectively communicate in order to reduce file sharing. Enforceability This regulation must be enforceable on the whole market, a regulation that cannot be enforced would be blunt. We believe that Royal Assent will help with this, however we would argue that Royal Assent may come too late. We would suggest that the more that industry participants are encouraged to proactively participate in the formation of these regulations, the easier they will be to enforce. Also if forthcoming regulatory measures are as robust as possible they will generally be easier to enforce. Page 5 of 19

6 Integrity The integrity of any forthcoming regulation will be judged by its ability to tackle the problem at hand. The legislation must not put any extreme strain on any particular party and must encourage fair and proportional measures in order to tackle the problem of illicit file sharing. Cost-effectiveness This regulation must not impose any substantial financial burdens upon any of the industry participants, legislation must also represent value for money for all parties involved. Services such as educating the public and the administration of notifications must be carried out in such a way as to minimise waste and keep costs down; such measures will ensure that value is added to the process and encourage industry wide efficiency. Flexibility The fast changing nature of the telecommunications industry, and more specifically the internet, has been highlighted by a number of people; Minister for Digital Britain, Stephen Timms, noted that Technology and consumer behaviour is fast-changing and it s important that Ofcom has the flexibility to respond quickly to deal with unlawful file-sharing. Any legislative structure must be able to cope with this change; if not the implications in terms of cost and reputation could be enormous. There must be an avenue to enable change (both procedural and legislative) to be implemented as quickly as possible. Practicality Any legislative measure must be practical in its approach, it must be realistic and must endeavour not to be overly prescriptive and overly demanding in terms of the obligations it places on market participants. The government must ensure that it takes into account the range in sizes of the different market participants (and their parent companies). Legislative measures must be realistic and achievable with defined specific timescales. Page 6 of 19

7 Question 1: Is this restriction right? Is there anyone else who ought to have a right to trigger the obligation? The right to trigger an obligation is a significant issue due to the fact that there needs to be an effective balance between having enough parties able to trigger the obligation so that there is a sufficient number of people initiating this obligation, and having too many parties able to trigger the obligation which may lead to unnecessary bureaucracy and the inundation of ISPs with requests to fulfil the obligation. It is our view that two main parties should be responsible for the initiation of obligation proceedings, these two parties could possibly be; Rights Holders We agree with the fact that rights holders (and those authorised to act on their behalf) should be responsible for instigating obligations linked to specific infringements. It is felt that as they are the ones that stand to lose out in the long run were illicit file sharing to continue, they should primarily be responsible for instigating this obligation. This will give them ownership of the process and ensure that they are proactive in their approach. Central Authority We believe that the creation of a central agency to administer the code of practice, amongst other things, would provide the opportunity for this obligation to be triggered centrally. We believe that this will be of great benefit as it would allow an independent agency to ensure that those users who wish to flagrantly abuse the system would be brought to justice and would also give smaller rights holders support in carrying out a key function for which they might not have adequate infrastructure or resources in place. Where the incentive for rights holders to initiate such an obligation is clear, the incentive for initiation by a central agency may need some clarification. A central authority, which would be funded by the industry, initiating the obligation could be seen as the industry investing in its long term sustainability. Essentially where a party has the right to trigger an obligation, there may be a significant transition period between a party having the right to initiate an obligation and a party having sufficient infrastructure or resources in place to initiate such an obligation. If the central authority were to assume the majority of responsibility for instigating obligations this would alleviate a significant amount of the burden that such legislation would have on rights holders (and those authorised to act on their behalf). Such power could be incrementally implemented in such a way that total responsibility falls with the central agency at first but then responsibility is migrated to rights holders over the course of the next five years, for example. This migration would probably coincide with a reduction in the number of obligations that would need to be instigated due to the (anticipated) effectiveness of the legislation, which has been estimated at around a 70% reduction in two to three years. This may mean in actual fact that a significant infrastructural change to the parties involved may not be needed by the time total responsibility falls on them. We would however suggest that the central body remains active for the purpose of acting on behalf of new, smaller or independent rights holders, for whom notifying obligations might be more costly than the perceived benefits. The cost to rights holders of identifying infringements then notifying ISPs may be a substantial one, however if these activities were carried out centrally, the cost of carrying out these activities could decrease due to specialisation and economies of scale. Page 7 of 19

8 Question 2: Should there be a time limit from the date of a specific infringement by which a request needs to be made? If so, what should it be? It is our opinion that there should be a time limit from the date of a specific infringement to when a request must be made, we believe that the absence of a time limit would expose the industry to a lot of inefficient administration. Situations such as changes of service provider, changes of tenancy, changes of marital status, etc. all mean that any attempts to make a request following an extensive lapsed period would be wasteful and would not add any value to the obligations process. While we are certain that the presence of a time limit would be of great benefit to the overarching code of practice, we remain uncertain as to what this exact time limit should be but do propose timescales below as a initial starting point. We would therefore recommend that the industry reach a consensus on this initial time limit and then aim to reassess this time limit once it has become clear whether there is a need to extend or reduce the time period. Where it is clear that those that must abide by such a time limit should have a major input into determining what this time limit should be, it is also clear that there must be input from a consumer representative body in order to ensure that such a time limit would not have a negative impact on consumers. We would be inclined to state that if a time limit was too long customers (and companies) may be exposed to lengthy legal processes. Key Step Stage Timescale Infringement occurs S0 Day Zero (D0) RH becomes aware of infringement S1 Within 6 weeks of S0 RH informs ISP/DRA S2 Within 4 weeks of S1 ISP/DRA records infringement and S3 send notification to subscriber Within 2 weeks of S2 Figure 2: Timescales for Infringements We believe the above outlined timescales in figure 2 could be sufficient to ensure effective operation of notification obligations. It is thought that the whole process, from the subscriber committing an infringement to that subscriber receiving a notification should take no longer than three months. We realise that the imposition of timescales on rights holders may be a little restrictive as the extent of evidence to be provided may affect rights holders abilities to meet these timescales. For this reason we believe that stages 1 and 2 could be combined so as to provide rights holders (and those authorised to act on their behalf) with sufficient time to gather the required evidence. It is thought that there should be a different time limit for the different parties involved in the process, i.e. a time limit for when a rights owner can request a notification and a time limit regarding when the notification needs to be turned around by ISPs. It is suggested that the time limit on the ISP needs to be strict enough to ensure that time isn t wasted in sending out notifications, but flexible enough to ensure that there aren t significant cost implications placed upon ISPs, we would therefore feel that a time limit of two weeks is reasonable in recording and sending out a notification. We have indicated in Page 8 of 19

9 the timeline that a Digital Rights Agency could be used as opposed to ISPs, if this were the case we would envisage a smaller lead time due to the fact that this would be one of their primary roles. Another alternative to an industry wide time limit would be for the code of practice to stipulate that all ISPs should implement company specific time limits and communicate these time limits to all of their customers. In doing this companies would have an incentive to carry out their work in this area efficiently, as companies that contact their customers regarding infringements that have occurred recently will benefit from an enhanced reputation with consumers, in comparison to those companies that contact infringing customers after a long elapsed period. This should encourage companies to endeavour to reduce such time limits and would also ensure that companies are not contacting the wrong customers or the right customers unnecessarily; for example, once they have changed their behaviour. It is also our opinion that the market should offer a retrospective amnesty in which previous offences that were committed outside the proposed time limit cannot have proceedings brought against them, it is our view that in such cases subscribers should be made aware that where they would have been dealt with more severely they are being given this privilege. Question 3: Is this list right? Is there anything else that should be specifically added to this list? Should there be any more detail on any of these points in the legislation, or is it OK to leave that for the code? Gemserv believe that the list of provisions is generally right, but we do suggest some aspects may need amending slightly. Due to the fact that we envisage that the notification correspondences will become progressively direct and categorical in their approach, we feel that caution must be employed when deciding what aspects of regulation need to be legislated and which points would fall under a code of practice. It is important not to make legislation so rigid and restrictive that all companies must operate in the same manner, as this would restrict companies abilities to innovate and develop competitive advantages. However any legislation should be robust enough to remove a company s ability to misinterpret or elude these regulations. In our experience of drafting and managing governance frameworks and codes of practice, we have observed that universal industry codes of practice work best as opposed to situations where regulators leave it up to companies to decide what to cover in their individual codes of practice. We feel that these industry codes of practice work best due to the fact that these codes are developed in collaboration with industry participants and a consensus is generally reached on what should and should not be included, we feel that this act of collaborative ownership encourages participation, adherence and consistency and serves to support participants. Page 9 of 19

10 In direct relation to those provisions stipulated, we note that advice on how/where to access legitimate content could come in a number of forms, i.e. a link to a website, a physical list of providers, etc., however we would oppose any provision of details that is not exhaustive, and as accurate as possible, as this may exclude and to some extent disadvantage smaller content providers. We would advocate an approach which would see legal content providers licensed or accredited, which would ensure that details of current legal content providers were up to date and would mean that anyone operating without a license would not receive the promotion and endorsement that would come in the form of these notifications and from being licensed or accredited. In this way legal content providers would be incentivised to obtain a license or accreditation and fees could be used to contribute to the funding of any digital rights agency that may be used in this manner. We would also be in favour of a system that would see initial notifications used to educate subscribers with regards to the consequences that their actions would or could have on the economy, industry and society in general. In order for legislative measures to be effective, a change in downloading culture is needed, otherwise any approach taken will be ineffective as people would just find alternative ways to break the law; in this vein a lot of time and effort needs to go into effectively communicating the importance of legislation and the negative impact that such problems can have. With regards to initial notifications, Gemserv believe that there needs to be a compromise between fairness and firmness. Companies must try as much as possible not to appear to be criminalising consumers, least not in the first notification of infringement. Customers may not be aware that they are facilitating or engaging in illegal activities or may not be the individual(s) responsible and therefore the first notification must be more informative than anything else. Question 5: This obligation is specified without any volume limit. Is that right? Should there be a restriction on how many notices a rights holder can serve, or that an ISP needs to honour (either from a specific rights holder or in total)? This is quite a contestable area due to the fact that restrictions or volume limits would have different implications for those companies involved depending on their size. In terms of restrictions on how many notices a rights holder can serve, we would generally be minded to consider that any restrictions on the number of notices that can be sent would be a hindrance rather than a help to the industry and the effectiveness of any legislation. We believe that the regulator should not prescribe a minimum or maximum level (both in terms of sending notices and complying with obligations) however we would encourage the regulator to clearly express their expectations in terms of levels of compliance and cooperation. On further examination we can see why it may be desirable to limit the amount of notices that a rights holder can send, maybe in order to protect smaller ISPs from becoming inundated with notifications that may not get dealt with for a long period. However we would advocate that any restrictions or limits placed on rights holders abilities to send notifications would only be detrimental to the market, we believe that the way to prevent potential compliance problems would be to remove the responsibility to comply with the obligation Page 10 of 19

11 from ISPs (the smallest ISPs at the least) and place it with a central administrator. In this vein we also believe that ISPs should be obliged to honour all notices that they receive, regardless of any limit or restriction on rights holders. We believe that limits on ISPs and other arrangements aimed at ISPs would represent a waste of time and resources on the part of the rights holders, as their efforts to compile evidence of infringements may not be used to secure the provision of notifications. If it was decided that there was a need for restrictions and limits in the administration of this process, Gemserv would be in favour of the regulator enforcing lower limits only. We would be cautious of any application of upper limits due to the fact that we feel such a move would negate any positive effects of this process. Any attempts to impose an upper limit on the number of notices sent could be seen as discriminating against a number of illegal downloaders and would be inefficient in that companies would have to decide the criteria that will be used in determining which subscribers are sent notifications and which are allowed to continue illegally downloading. Whether it is decided that limits should apply to ISPs or rights holders or both, and whether it was decided that there should be upper limits or lower limits or both, the use of effective monitoring will be fundamental in reviewing whether the process is working or not. The regulator should ensure in any case that it makes explicit, prior to the implementation of any code of practice or alternative regulatory measure, which key performance indicators it will be looking at most stringently and all ISPs and rights holders should be assessed on the same basis. Effective regulation is the key to the success of such an approach; participants also need to be informed of any implications for non-compliance. The phrasing of the question,...that an ISP needs to honour (either from a specific rights holder or in total), implies that there is scope for ISPs to favour specific rights holders at the cost of others. We believe that the fact that this could be a possibility strengthens the call for a Digital Rights Agency to administer the process. We feel that were a central body to control or at least monitor the process, the possibility of specific rights holders being favoured over others would be greatly reduced. Question 7: Is this approach to costs the right one? Is there anything else in relation to costs that should be taken into account in the legislation? Should the legislation specify exactly how costs are to be shared or is it right to leave some flexibility in how the legislative requirements are reflected to the code? The issue of cost allocation will effectively win or lose supporters of any legislative or regulatory approach, therefore it must be well thought out. The costs outlined in the consultation document seem accurate based on the methodology used, however as the regulatory arrangements are yet to be defined it is impossible to state the quantity and extent of those costs, for example presenting the evidence in the required format might end up being very expensive as the evidence required might be quite comprehensive. Page 11 of 19

12 Below we suggest alternate approaches where costs could be allocated differently according to the approach that is implemented: Central agency With this approach we would advocate that all those involved in the process are responsible for payment to a certain extent depending on the further costs incurred and the perceived benefit of any potential arrangement. We would anticipate that rights holders and their representatives would be the greatest beneficiaries in the implementation of this process, and would therefore suggest that they contribute the greatest proportion to the running of the central agency. We would consider that such an approach be flexible enough to consider the different possible activities of such an agency. If the only role for the central agency were to oversee the notifications process on behalf of the ISPs, we would advocate a regime where all ISPs are charged a specific proportion of expected costs at the beginning of a specified time period according to their market share, then these fees would be reallocated at the end of the previously specified time period according to which proportion of notifications were sent to which ISPs customers. Such a method would be proportional and would incentivise ISPs to endeavour to combat illicit file sharing. Legal content providers As previously mentioned we believe that all legal content providers should be licensed or at least accredited. Fees could be built into these licensing or accreditation requirements, in order to contribute to the effective running of the Digital Rights Agency; this would serve a number of purposes: Help keep track of legal content providers making it easier to pass this information to the general public. Incentivise legal content providers to implement models that work and are profitable if they were not making a profit they would not be able to pay license fees. A key consideration here would be that license fees could represent a significant barrier to market entry if the fees aren t as economical and reasonable as possible. We generally believe that the approach to costs outlined in the consultation document is the correct one. However we would be in favour of an approach that would see the legislation expressing that costs are to be set out in a code of practice, which would allow for greater flexibility and would provide scope for effective review. Page 12 of 19

13 Question 8: Do you see any legal difficulty with linking a new notification with a previously gathered set of anonymised data in this way? If so, what specifically is likely to be the problem? With regards to storing information regarding the amount of times internet service providers have been requested to send, and have sent notifications to consumers, we would enquire as to what this information would contain, and the extent of this information. If it is simply a specific customer identifier, date of alleged infringement, date notified and the cumulative number of notifications, we would not envisage too many l difficulties. However any requirement for the internet service providers to keep records that are more exhaustive and invasive than this may prove precarious. Caution must be taken in order to ensure that any companies that are required to collect (and store) information about their customers, have the relevant management systems in place to keep and potentially pass on or dispose of this information in a secure and robust manner. Internet service providers must be closely regulated in order to ensure that they comply with these obligations unerringly, in order to ensure that no customer is put at risk. The obligation would need to be compliant with the Freedom of Information and Data Protection Acts. The problems associated with identifying the actual infringer become even more evident when ISPs are asked to keep track of notifications sent to customers. Where ISPs are linking infringements to IP addresses the process of static IP allocation may mean that the individual(s) responsible for the infringement might have already moved on. This problem would become even more apparent with the shortage of IPv4 addresses; this may lead to ISPs recycling addresses, meaning that any customer moving into a house previously occupied by an infringer may run the risk of being accused of being an infringer, or even being threatened with legal action, through no fault of their own. This of course could be negated by effective ISP record keeping and IP allocation processes, but the same level of record keeping and IP allocation processes cannot be guaranteed across all ISPs, unless of course minimum processing criteria is set out in any forthcoming code of practice. With regards to rights holders sending requests for ISPs to notify customers, is it envisaged that rights holders would have to send out any evidence to all existing ISPs and wait for the relevant ISP to indicate ownership of the IP address. In our view it would be more efficient for a central agency to administer this part of the process, in that all requests from rights holders could go directly to the central agency at which point the agency would ascertain which ISP had ownership of the IP address in question and inform that ISP of their obligation to notify their customer. This approach could be taken a step further in that the central agency themselves could send out the notification on their behalf, in this way rights holders would be spared the cost of finding out which ISPs were responsible for which IP addresses. ISPs would also be spared the cost of sending out notifications which would have a disproportionate affect on smaller ISPs. In view of the fact that ISPs are only going to be keeping records of the amount of times that they were requested to send, and had sent, customers notifications; does this mean that there will be no regulation or verification of alleged infringements? Page 13 of 19

14 We feel that there must be an impartial body at some stage in the process that will verify whether those customers accused of illicit file sharing have actually participated or facilitated this activity. The presumption of guilt without verification of, or stringent criteria for evidence will only reduce the credibility of any notification or legal action process. Another consideration would be concerning the fact that the lack of a central repository for past infringements means that potential infringers could move from ISP to ISP in the absence of transparency between ISPs. This would mean that in the long term infringers could continue to illicitly share files without incurring any legal ramifications. Such a lack of transparency would reduce the effectiveness of any notification process and may actually render any forthcoming legislation useless. Page 14 of 19

15 Code of Practice Question 13: Do you agree with this list of things that Ofcom need to satisfy themselves of before approving a code? Is there anything else that Ofcom should be obliged to consider before approving such a code? We are very pleased that BIS have expressed urgency to address the problem in their consultation paper, we feel this urgency needs to be communicated effectively in order to set the universal priority for this issue. Where the list of things that Ofcom need to satisfy themselves of is a good starting point, we feel that this list must be taken further. The code must be flexible and must be open to review, also in light of its suggested transparency any code should avoid the use of jargon and technical terminology. We believe that if the industry is going to be able to prepare an agreed code of practice in time for common commencement the debate around what should be in the code needs to start as soon as possible. In our experience it is impossible to develop a fully robust industry code through consultation. Whilst consultation is a good starting point in assessing the various areas that need further thought and development we would advocate the implementation of a development of a working group, in order to look at key issues and related solutions. We feel that given the modest timescales involved a working group would be the fastest way to develop a universally agreed code of practice. We also feel that if it were left to Ofcom to develop and impose a code on the industry, levels of compliance could be quite low and such a code would not be as robust as a universally agreed code. Question 14: Do you agree that a code needs to be in place in time for common commencement? Is it realistic to expect such a code to be developed in less than 12 months, could it be done sooner, and if not what would be a realistic estimate? We would advocate that a code needs to be developed as soon as feasibly possible, the materiality of this issue would suggest that market participants need to be proactive in their approach to dealing with this issue. We would suggest that a code of practice would need to be in place prior to a common commencement date. We would not, at this stage, like to suggest a possible timescale but would comment that the use of an independent company with experience in the development of codes of practice may speed up the process, and ensure that the resultant code of practice is as effective as possible. The sooner participants come together and start focusing on the development of a code of practice the easier it will be. It would be of no benefit to the industry to leave the development of a code of practice to the last minute as this would create more problems, both in the short and long term. Page 15 of 19

16 Question 15: This list seeks to set out all the requirements of the code to enable the operation of the first two obligations. Does it do so? Is there anything else that the code must cover in order to enable the effective operation of those obligations and if so, what? We believe that the provisional requirements of the code outlined in the consultation document would enable the operation of the two obligations. However we would be concerned that these requirements are not exhaustive enough, which may leave the industry exposed and the absence of certain provisions may detract from the effectiveness of the code. We would consider that the code should also include details regarding: How provided evidence will be verified We believe that there needs to be some sort of verification procedure which should ensure that the end to end process is as robust as possible. This may also help in removing any possible strain on the appeals process that will be put in place. Roles and responsibilities We believe that the code should also explicitly indicate which parties or types of parties have which specific responsibilities. Timescales Elaborating on the last point. We would suggest that the code needs to specify particular timescales relating to when certain parties need to carry out which obligations. We believe that the inclusion of these details would ensure that the code is more effective in enabling the effective operation of the obligations; such details would also provide much needed clarity and transparency. Question 16: Are there any other restrictions or requirements that should be placed on Ofcom in pursuit of their role in relation to this code? In addition to the items outlined, we believe that it is important for the code to determine practices that are not sanctioned and possible penalties for breach of code. The code must also outline the ways in which companies that are party to the code it will be audited, and relevant timescales for carrying out their responsibilities. Role of a Self Regulatory Body Question 18: Do you agree that this is an appropriate role and structure for the rights agency? Gemserv have developed a strong background and expertise in encouraging different industry participants, often with vastly contrasting views and objectives, to come together in order to reach consensus on industry governance arrangements and codes of practice. Speaking from experience we generally agree with BIS in its belief that the only way to have an effective central agency would be to allow the industry to reach a Page 16 of 19

17 consensus on which roles, if any, they were happy to be adopted by a central rights agency (CRA), and would strongly encourage BIS to allow such an agency to coordinate education and awareness of its activities. Gemserv also believe that the CRA should be entirely accountable to the industry and consumer groups and regulated by Ofcom, ensuring that ownership and responsibility for the agency lie with those that will be most strongly affected by its actions. Gemserv believe that the industry must think carefully about the problems and implications of either owning a particular responsibility or allowing the CRA to take responsibility for an action. For example if the CRA were to assume responsibility for sending out notifications it would mean that companies would not have the opportunity to develop a competitive advantage by being as efficient as possible in its administration of these notifications. This absence of the opportunity to develop a competitive advantage in this area would ensure that participants concentrated on consumer focused objectives such as price, network quality, etc. In this way the CRA administering the notifications could be seen to contribute to the competitiveness of the market and remove the possibility of an otherwise efficient ISP being forced out of the market based solely on the grounds that they were unable to administer the notifications process effectively. We believe that whilst it would be beneficial to start thinking about the structure of a central rights agency, such an approach may be inefficient. We would advocate an approach that would see the industry clearly define which roles it did and didn t want such an agency to assume, then after this has been established a potential structure can be outlined. Impact on Small Businesses Question 19: Do you agree that we should proceed with an intention to exempt small businesses? If so, have we chosen the right criteria? Do you have a preferred method of exemption? Please give reasons if you object or if you foresee any unintended consequences not discussed here. Gemserv believes that any decision to allow exemptions needs to be carefully thought through in order to make the process as robust as possible. We believe safeguards should be in place in order to make it impossible for any exemption scheme to be abused. Gemserv generally take the view that the more people that are party to exemption would reduce the overall impact of the legislation. We would advise that there needs to be a balance between effective governance and protection of those to whom compliance would be unfeasible. In general we would be in favour of any approach that would protect small businesses; however we would be sceptical of exempting these businesses completely. In terms of the structure that any exemption scheme might take, Gemserv would be open to a number of possibilities and would aim to highlight some of the key considerations with regards to possible scheme structures identified in the consultation document. Page 17 of 19

18 Universal small business exemption Would see all business below a certain predetermined size exempt from notification obligations. o A key issue here would lie in the definition of a small business, will firms be measured in terms of their market share, their revenue, their turnover, the size of bandwidth provided, etc. Whichever method is chosen to assess the size of eligible firms there will be market participants that feel aggrieved, due to the fact that they may have marginally missed exemption. Such an approach may result in certain services being over or under provided. It may also lead to the market becoming less competitive as companies would be less willing to move out of the exemption zone. o The fact that a proportion of the market (whatever the size) would not have to abide to the same regulations as the rest of the market could be seen as discriminatory. This may also have other implications, in that if customers become aware that subscribers to small ISPs are exempt from the same rules as others, many customers may be tempted to switch service providers so as to avoid incurring sanctions. Technical exemption The case for excluding those companies that fall below a particular level of bandwidth speed seems very clear. Such an approach would be adequately effective in targeting specific companies and exempting those that are less likely to be responsible for much P2P activity. However we would envisage that in future the number of companies falling under this exemption criteria would fall quite dramatically to close to zero, especially considering the governments ambition to provide households with at least 2mb/s broadband speed. Overall Gemserv would favour the named inclusion order process due to the fact that this seems to be the most direct approach. We do however have grave concerns over the intention to exempt all but the top five ISPs. This would leave potential infringers with the choice of over 450 ISPs with whom to continue infringing. The work involved in identifying possible candidates for inclusion would also represent an extensive commitment of resource from the secretary of state s office. We would recommend an approach that would see the top twenty companies, in terms of market share or P2P traffic, included in any notification obligation scheme which would tackle over 90% of internet subscriptions. Overall, we would advise caution in regards to BIS s intention to exempt any ISPs from the notification process as this would only make any regulatory approach unreliable and flawed, even if only by a relatively small quantity. Where we would see the need and desire to protect smaller ISPs from the possibility of an increasingly heavy administrative burden that may be placed on them we would take the view that the protection provided would not justify compromising the integrity of the notification process. Therefore we would suggest that responsibility for the administration of these notifications be removed from smaller ISPs and placed with a central agency. Such an approach would provide adequate protection for smaller ISPs and would also ensure that the integrity and effectiveness of the notification process remains intact. Page 18 of 19