I attended the annual BCNet conference in Vancouver yesterday where I was presenting on the BC Open Textbook Project (my slides).
While I was there I sat in on a session title the Copyright Modernization Act presented by Larry Carson, Associate Director, Information Security Management (UBC), Eric van Wiltenburg, Manager, Information Security Office (UVic), Dave Kubert IT Security Officer (UNBC), and Michal Jaworski, Legal Counsel (UBC). The session focused on how higher ed institutions have been responding to a new clause in the Canadian copyright act that came into effect in January of this year, the “Notice and Notice” provision .
In essence, the notice and notice provision now gives copyright holders a mechanism to track down suspected copyright infringement by putting the onus on ISP’s and other intermediaries (like post-secondary institutions) to contact suspected copyright offenders. Barry Sookman has a nice, succinct post describing the new regulation.
The regime permits copyright owners to send notices to internet service providers and other internet intermediaries claiming infringement of copyright. The notices must be passed on by these service providers to their users. Because there are no regulations, the notices must be processed and passed on by the internet intermediaries without any fees payable by copyright owners.
As illustrated in the session, this new provision is putting a large burden onto the shoulders of institutions that now have to track and contact potential copyright offenders on their network.
All the institutions made it clear that the only information that copyright holders have to go on is an IP address. How the copyright holders are obtaining the potential infringing IP addresses is unclear to me, but it is happening. Which explains to me why this has become a security issue at most institutions since they are often the first point of contact when any odd IP related activity comes up.
Once the copyright holder contacts the institution with an IP address that they alleged is being used to illegally download their material, the institution then has an obligation to match the IP with a person and send that person a notice saying…well, that is one of the first problems institutions are struggling with. What to actually say in their notice. Institutions are grappling with this. Is it simply a notice to the alleged offender that this activity has been noticed on the network, or does the notice go further and ask them to stop? Institutions are (rightly so) hesitant to become the police and be forced into a role where they then become the enforcers of the legislation.
This process is placing a huge administrative burden on institutions as they have been spending a large amount of time and resources dealing with these notices. One of the panel participants reported their institution was receiving up to 10 notices per day, with the others stating that they were dealing with hundreds of these notices each month. Hence the desire to come up with technical processes to automate the routine.
Specifically, the administrative burden looks like this.
First, when the institution receives a notice from a copyright holder, the notice may not come from the actual copyright holder, but instead from a third party contracted by the copyright holder to act on their behalf. So the first step for the institution is to try and figure out if the notice request they receive is, in fact, legitimate. And, early on when the regulation came into effect, there were many non-legitimate requests being sent to Canadians demanding that they pay a fine for alleged copyright infringement (and who knows how many Canadians actually did this when there was no need to). So, the first task is figuring out who is actually contacting them and whether they have the authority to act on behalf of the actual copyright holder.
Second, the institution then needs to match the IP address with a person to send the notice to. Not an easy task, especially if you are using NAT. Another time consuming task when you are dealing with hundreds of requests a month.
There is a big stick for institutions that don’t forward notices to an offending party. If an institution fails to forward a request, then the institution can be held liable for the alleged copyright infringement even if there is no further proof that copyright infringement has occurred. This put an incredible onus on the institution to comply with forwarding notices as it presumes their guilt that a copyright infringement has occurred, and makes the institution responsible for the presumed offense.
Finally (at the risk of burying the lede here, depending on what role you have at an institution), one of the more ridiculous aspects of the “notice and notice” system is that faculty and academic researchers have been receiving these notices for posting their own journal articles and published research online. Imagine posting your journal article on your institutional website (or, perhaps on an open course where you might want your students to have access to the research for teaching and learning purposes) and you receive a “notice” from your own institution saying that you have been reported as a potential copyright thief? I can’t imagine that is a good feeling. There seems to me to be a real risk that this type of notification from your own institution, regardless of how benign or moderate the wording may be, could lead to internal divisiveness between faculty and administration (a point that was touched on briefly in the session).
Now, there is always the new fair dealing clause that you could use in your defense. But the onus is then on you to defend your use of your own work in response to the notice. There again is a presumption of guilt for a perfectly legitimate use of the material (and if you are a faculty or researcher where this type of scenario has happened to you, I would love to hear whether this paragraph rings true to with your own experience).
Using technology to fix bad legislation, while understandable given the circumstances, does feel like a coping mechanism; one that is putting a large administrative cost onto the backs of the institutions. It forces them to act as an intermediary on hundreds of alleged infractions or else risk being fined over suspected infringements. The legislation also casts such a wide net that legitimate uses of copyright material are being tagged as malicious, forcing faculty and researchers to prove that their use is legitimate. All this not only sucks up time and resources, but puts the institution in the position of being the one to cast a cold copyright chill down the backs of its staff, students and faculty.