Anti-Counterfeiting Trade Agreement (ACTA) Highlights

by Sharon Polsky
President and CEO — AM¡NAcorp.ca
National Chair — CAPAPA

ACTA is an international agreement hammered out by a handful of countries (led by the US, including Canada) that requires signatories to create civil and criminal law to give force and effect to ACTA.

ACTA is intended as a global standard to ‘protect’ against intellectual property and counterfeit products, containing very specific discussion about digital information.

The negotiating parties did NOT include:

• India,
• Brazil,
• China,
• Russia
• or any countries known as the greatest sources of counterfeit goods.

Nor did it include any:

• consumer rights groups,
• human rights groups, or the
• Information and Privacy Commissioner of Canada.

The intent to negotiate a deal was announced in late 2007. Because there’s an economic impact component to it, the US declared the draft ACTA text to be confidential as a matter of national security. A draft was circulated amongst rights-holder lobbyists (generally from the recording and motion picture industries). After three years of negotiations, the text was leaked in April of 2010. The Government of Canada released a copy of the draft in October 2010. The final text was issued in November 2010.

An unprecedented degree of secrecy for a set of copyright protection rules.

Once ACTA is approved, its member countries are expected to put pressure on their trading partners to have them join the treaty — of course, after ACTA is finalized.

The final text includes a provision for amending the agreement, and that’s viewed as a back door to get acceptance of the three strikes provision that was rejected during negotiations.

Three strikes law describes the penalty: after three allegations of inappropriate Internet use, service will be suspended for 12 months.

heavily stacked in favor of “rightsholders” at the expense of consumer human rights

Under ACTA, prosecution, remedies and penalties are acted upon based on allegations advanced by the rights holder, and all can be decided by judicial or ‘administrative’ authorities. ACTA sets out the items that can be included in calculating restitution. For instance, an alleged infringer can be ordered to reimburse the rights holder for the retail price and “lost profits” (as calculated by the rights holder), legal and court costs, etc etc. Allegedly counterfeit products must be destroyed, at the expense of the alleged infringer. If it’s ultimately found that there was no infringement, the alleged infringer can ask for damages, but no process or formula is articulated.

ACTA puts individuals in jeopardy since border officials will be compelled to carry out the injunctions obtained in other countries, even if the activity is legal in the border official’s country. Thus, ACTA empowers officials to seize medicines that are off patent in the country of production and in the countries where they are being exported to, if a company holds a patent to that medicine in any member country.

Similarly, ACTA’s border enforcement provisions empower member countries to seize and destroy exports while in transit to other countries. ACTA provides that “parties MAY exclude small quantities of goods of a non-commercial nature contained in travelers’ personal luggage”, so it still leaves it to countries to seize and inspect personal devices to determine if and how much pirated material is there; and the individual will have to bear the cost of inspection, storage, and destruction. So anyone who rips music from the CD they bought and transfers that ripped music onto their iPhone or Blackberry, and then tries to carry it through the border might not get very far. Imagine what it could do at airport screening lineups!

ACTA offers many privacy-invasive provisions, including requiring the release of information necessary to identify an alleged infringer, and any party who might be associated with that alleged infringer.

ACTA puts third parties (i.e., distributors, NGOs, public health authorities) at risk of injunctions, provisional measures, and even criminal penalties, including imprisonment and severe economic losses. This could implicate, for example, suppliers of active pharmaceutical ingredients used for producing generic medicines; distributors and retailers who stock generic medicines; NGOs who provide treatment; funders who support health programs; and drug regulatory authorities who examine medicines. The potential repercussions are expected to serve as a deterrent to being involved — directly or indirectly — in the research, production, sale and distribution of affordable generic medicines. Ascertaining the third party involvement will require inspecting digital records; and ACTA compels disclosure and international sharing of that information.

Deep Packet Inspection

Deep packet inspection of online activity will be used to identify alleged infringements. ISPs will be required to shut down alleged infringers’ Internet connections, and publicize the identity of the alleged offender amongst other ISPs.

DPI is also expected to cause ‘collateral damage’ when blameless sites at the same IP address get shut down along with the accused. DPI was approved for use by ISPs and telcos when, in August 2009, Canada’s Privacy Commissioner ruled on the Bell/Sympatico case (Case Summary #2009-010). The only limit was a recommendation Bell Canada inform customers about Deep Packet Inspection.

The Commissioner did note that “It is relatively easy to paint a picture of a network where DPI, unchecked, could be used to monitor the activities of its users.”

In January 2010, President Nicolas Sarkozy gave a speech to members of the French music and publishing industries and said that “authorities should experiment with filtering in order to automatically remove all forms of piracy from the Internet.”

France

Liberté, égalité, fraternité?

France recently passed its HADOPI “three strikes” law that targets alleged illegal Internet file-swappers. There is no no presumption of innocence in HADOPI. After a rights holder advances an allegation of infringement and gets administrative approval, the alleged infringer receives two warnings, and then gets cut off the Internet.

And there is no judicial recourse.

Under the terms of HADOPI, Internet access is only restored after the “offender” allows spyware to be installed on his/her computer, monitoring every single thing that happens on said computer, and that could also reach to the entire network (personal or corporate) that the computer is attached to.

HADOPI has been sending out notices. Initially, it sent out about 10,000 per day, with plans to ramp up to 50,000 per day. ISPs must hand over information to the government about those accused within eight days. If they don’t, hey could get fined 1,500 euros per day per IP address.

USA

A few weeks after Thanksgiving weekend in November 2010, the US Homeland Security’s Immigration and Customs Enforcement (ICE) department seized and shut down 82 domain names during “Operation In Our Sites II” without prior notice. Not all of these domains contained counterfeit products.

The web sites included a search engine and some well-known music blogs.The released partial affidavit and seizure warrant show that that the decision to seize the domains was almost exclusively dependent on what the Motion Picture Association of America said were the facts, and the MPAA’s numbers about the economic importance of the movie industry and MPAA testimony about how piracy hurts its income.

The MPAA and the Recording Industry Association of America were two of the 42 individuals and groups in the US that were given access to the draft text early on.

Canada and the International Sacrifice of Personal Privacy

Canada’s Anti Terrorism Act and the Proceeds of Crime (Money Laundering) and Terrorist Financing Act in conjunction with other legislation allows governments to trade and swap Canadians’ information with around the world without our knowledge.

The PATRIOT Act does the same in the US. The UK Home Office recently resurrected the so-called ‘Super Snooper Bill’ that will allow the police and security services to track the British public’s email, text, Internet and mobile phone details. And the “Server in the Sky” global biometric database will tie it all together.

Canada’s Bill C‑52 — referred to as the “Investigating and Preventing Criminal Electronic Communications Act” — is intended “to ensure that telecommunications service providers have the capability to enable national security and law enforcement agencies to exercise their authority to intercept communications and to require telecommunications service providers to provide subscriber and other information” upon request.

No warrant necessary in Canada.

C-52 also requires the telcos and ISPs to provide the transmissions in an unencrypted form and to “comply with any prescribed confidentiality or security measures“. A gag order, in other words.

And the information to be provided is quite specific and broad: It is “any information in the service provider’s possession or control respecting the name, address, telephone number and electronic mail address of any subscriber to any of the service provider’s telecommunications services and the Internet protocol address,
mobile identification number, electronic serial number, local service provider identifier, international mobile equipment identity number, international mobile subscriber identity number and subscriber identity module card number that are associated with the subscriber’s service and equipment”.

C52 compels ISPs to spy on their customers

Under C-52, Telcos are required to have and bear the cost of the equipment necessary to comply; and the equipment can be specified by the government or enforcement agencies.

Between ACTA and other international agreements and multilateral treaties to share information it’s easy enough to circumvent the provisions of Section 8 of Canada’s Charter of Rights and Freedoms by having an agency outside of Canada do the work, and then share the results back into Canada. Canada and the US have been known to do that on occasion, typically to protect ‘national security’ or guard again ‘terrorism’.

ACTA is based on allegations and assurances of the rights holder.

---

---

Guest blogger Sharon Polsky is the President & CEO of AM¡NAcorp.ca as well as the
National Chair — CAPAPA, the Canadian Association of Professional Access and Privacy Administrators. This article provides the necessary background for the Sharon’s article “The Hidden Rationale for Usage Based Billing” scheduled to be published here in the Stop Usage Based Billing blog February 10th.

Post Script:
Internet Service Providers are in the business of providing Internet Service, and ‘deputizing’ them to spy on citizen customers is an atrocious breach of net neutrality, which I wrote about a year ago in Nutshell Net Neutrality

Looking over my blogs, I was surprised to see just how much I have actually written about ACTA shared both in this blog:

• ACTA is Bad
• Errata: ACTA is Bad
• ACTA is still Bad
• Much Ado about ACTA
• Cat Joke: Making Light of ACTA
• Vanilla Copyright Treaty
• Sign the Wellington Declaration
• 2010 is the New 1984
• ACTA Conspiracy Theory
• Did ACTA Pass?

as well as on my Oh! Canada political blog:

• A.C.T.A.: Anti Counterfeiting Trade Agreement (double speak)
• ACTA keeps chugging along
• ACTA and democracy
• ACTA: Truth or Pravda
• ACTA W5
• Memo to World: Stop ACTA Now
• From ACTA to Bill C-32