New Legislation: SAFE and PRO IP

There has been some controversy over two new security-related bills in the United States Congress right now: the SAFE Act and PRO IP.

The SAFE Act (Secure Adolescents From Exploitation Online; another case where the acronym almost certainly came first) aims to protect children and teenagers from exploitation by increasing enforcement of child pornography laws.  Not, on the surface of it, a bad thing.  The controversy comes from its means: it requires anyone operating an internet service to report not just actual child pornography, but also fully-clothed minors in “lascivious poses” (whatever that means) and any “drawing, cartoon, sculpture, or painting” consisting of an obscene depiction of minors.  This troubles people for two reasons: first of all, due to the vagueness of what is prohibited (can you tell if a drawing, cartoon, sculpture, or painting is of a 17-year-old or an 18-year-old?), and second, because of the apparent requirement that providers monitor all their traffic in order to make these reports.

According to C|Net News, the monitoring requirement would apply to anyone providing an open Wi-Fi node, such as coffee shops, restaurants, and even homes that simply don’t choose to encrypt their Wi-Fi, in addition to social networking sites, web-based email providers, domain name registrars, etc.  Were the bill interpreted in this way, this would place an impossible burden on any provider of connectivity — there is no automated way to scan the traffic of all your subscribers for vaguely-defined unlawful depictions of fictional minors, you would need to have a person manually inspect all the traffic, which is obviously impossible at any scale (not to mention a terrible privacy invasion.)

However, I think that this is an overly alarmist reading of the bill.  It’s certainly not the author’s intent (indeed, Rep. Rick Lampson’s office has responded to the C|Net article) for the bill to apply to every small Wi-Fi provider, though author’s intent is often beside the point once a law is passed.  More importantly, though, the bill does not mandate surveillance or detection at all — it mandates reporting if child pornography (or something that kind of sort of looks like it) is detected.  In other words, it forbids finding out about illegal activity and looking the other way; it does not mandate actually looking for it.  I think that Ars Technica has a much more balanced article about the bill.  Overall, I think it’s feel-good “for the children” legislation that won’t accomplish much (ISP’s are already required by law to report child pornography if they detect it, this just raises the penalties and expands the definition), and that prohibiting fictional depictions of children where no actual children are involved is a poor idea from a legal standpoint (since it is very open to abuse by subjective interpretations of judges, prosecutors, and jurors), but that this bill, if it passes — which is likely — will not impose a serious technical burden on service providers.

Meanwhile, the Electronic Frontier Foundation reports on the PRO IP Act (“Prioritizing Resources and Organization for Intellectual Property (PRO IP) Act of 2007” — doesn’t anyone ever just name a bill and then come up with the acronym anymore?), which aims to fight copyright infringement in the typical ineffective way, presumably to shore up the music industry’s failing business model.  It increases penalties for peer-to-peer file sharing from their current ridiculous levels (which build animosity toward the recording industry via outlandish million-dollar damages levied against ordinary university students) to new even more ridiculous levels, while also creating a new $25 million federal bureaucracy to step up copyright enforcement.

Having a copyright system is important.  However, you would think that by now the music industry would realize that if suing customers for $250,000 does not stop piracy, the problem is not that they’re not suing them for enough money, and stepping up the penalties will have no effect.  People believe either a.) that they’re not doing anything wrong or illegal, or b.) that they’re extremely unlikely to get caught (this latter belief being true.)   In order to change this, they’ll need to either offer a legal alternative that at least approaches the convenience and usability of illegal downloading (which you would think would not be a high bar — BitTorrent is not very convenient) and is affordable for broad categories of consumers, or they’ll need to decrease the penalties while increasing the percentage of people who get caught.

With regard to the former, coming up with a pricing model seems to be their stumbling block.  Some customers buy several CDs a month, spending $100 or more on music.  These customers would love a monthly-fee option, and would pay a substantial amount for unlimited downloads.  Other customers buy one CD in a great while, and a subscription model is terrible for them — and thus they prefer individual song downloads like iTunes.  All customers hate DRM, as it prevents them from using music in ways we now take for granted (e.g. playing on multiple devices.)  What the music industry is doing now is akin to the government trying to win the War on Drugs by dropping defoliant in Colombia while doing nothing to reduce local demand — if the demand for illegal material exists, an infrastructure will spring up to fill it.

With regard to the latter, the recording industry faces a backlash when they impose penalties that vastly outstrip the perceived seriousness of the crime.  People have an idea of what fair use entails, and anything you could do with a tape recorder in the 1980’s pretty much fits in that category.  Thus, multi-million-dollar prosecutions of parents and students seems grossly unfair.  However, people also know that “everyone” shares files, yet we only occasionally hear about these huge lawsuits, and thus people assume it won’t happen to them.  The only people who believe they’ll get caught for file-sharing are those that already have.  However, if being caught file-sharing leads to financial ruin, this must of necessity be only a very small percentage.  If university students got caught by the thousand file-sharing and got fined $100 for it, they might consider legal alternatives a better option after a fine or two.

All this said, I think the future will eventually be in DRM-free downloads, and that that future will result in less profit both for recording companies (which may die entirely) and for hit artists (though it will result in substantially more profit for well-known local and regional acts, or less-popular national acts, which currently get almost nothing from the “star” system of the recording industry.)  It’s understandable that the recording industry and the most-successful recording artists want to fight this future, but I don’t see any way that continuously stepping up penalties for actions taken by half the American population is going to do it.

As for creating a new federal bureaucracy to fight copyright infringement, having law enforcement involved in what is essentially a civil matter (as copyright should be) is always dangerous, because it eliminates risk and return from the equation.  When something is a civil matter,  the injured party must decide that its worth its while to pursue a given enforcement action.  Industrial-scale piracy would certainly be worth a lawsuit; a university student running Kazaa probably isn’t.  However, when the injured party can simply ask the government to use taxpayer dollars to go after infringers, then why not go after everyone?  it doesn’t cost them anything; instead we get to pay for it.

DRM is a dead end; as a trusted-client problem, it is unsolvable.  I think this “get tough” legislative approach is a dead end as well.

dmca, legal, piracy, society

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.