Of all the legal advice I've seen posted to NANOG, I think this might be the first time it's come from a lawyer. Great post, Anne. Thanks for the advice. Owen On Aug 22, 2012, at 11:17 , "Anne P. Mitchell, Esq." <amitchell@isipp.com> wrote:

...

On Thu, Aug 16, 2012 at 6:16 AM, groupstudytac groupstudytac <groupstudytac@gmail.com> wrote:

...

I get copyright notices from companies like Irdeto , saying that one of my customers IP is downloading unauthorized material using bittorent. I also have processes in place to handle such notices .

Can anyone share how he handles such notices in his ISP environment , i am ready to adapt some valid steps to improve the existing process.

Or should i just ignore such messages ?

If you're in the U.S., the process for handling these notices is prescribed by law, specifically the Digital Millennium Copyright Act (search: DMCA takedown notice). It details what the infringement notice must include in order to be actionable and what steps the ISP must take on receipt of an actionable notice. It also prescribes procedures for the alleged infringer to object and for the ISP to restore the material following an objection.

Follow the procedures described in the law to retain your immunity as an ISP. Consult a local lawyer if you don't find them sufficiently obvious.

The thing that muddies this is that, as I understand it, the notice was not for takedown (i.e. there is not an allegation that they are *hosting* infringing material) - it is a notice that one of their users *downloaded* copyrighted material (IP, do I have that right?)

This is part of the RIAA's "graduated response" program, to which several major ISPs, including AT&T, Verizon, and Comcast, have agreed.

Basically, the accuser contacts the ISP, and the ISP sends a warning (a "copyright alert") to their user (without giving up the user to the accuser).

If the same user is accused subsequently, they get another, sterner warning. In total there is a series of six warnings, with "mitigation measures" accompanying the fifth and sixth warning.

If I were counseling an ISP - whether one that was part of the agreement, or not - I would say that the first order is to *put your policy around copyright alerts in writing* - asap - and make it as specific as possible - and then *ALWAYS FOLLOW IT EVERY SINGLE TIME*.

It almost (I say almost) doesn't matter what the policy is so long as it's reasonable, but it matters that it be followed to the letter every time, no exceptions.

And, if you are an ISP that isn't part of the agreement with the RIAA, it's still not a bad idea to structure your policy to follow the six "copyright alert" structure, because there is some precedent there, and then you come off looking like you are trying to do the right thing, which will make you a less easy target.

These two articles give a pretty good explanation of the deal:

https://www.eff.org/deeplinks/2012/03/graduated-response-deal-steamrollers-t...

http://arstechnica.com/tech-policy/2011/07/major-isps-agree-to-six-strikes-c...

Anne

Anne P. Mitchell, Esq CEO/President Institute for Social Internet Public Policy http://www.ISIPP.com Member, Cal. Bar Cyberspace Law Committee ISIPP Email Accreditation: http://www.SuretyMail.com

The 6 strikes system doesn't kick in til Jan 2013 AFAIK. Does the legal letter make any kind of demand? Usually the sender (aka copyright troll - a technical term) will be looking for personal info to associate with the IP in order to institute a shakedown of some nature. IANAL but I believe one can wait for a subpoena, and even then it's not open and closed. j On Wed, Aug 22, 2012 at 2:17 PM, Anne P. Mitchell, Esq. <amitchell@isipp.com

wrote:

...

On Thu, Aug 16, 2012 at 6:16 AM, groupstudytac groupstudytac <groupstudytac@gmail.com> wrote:

...

I get copyright notices from companies like Irdeto , saying that one of my customers IP is downloading unauthorized material using bittorent. I also have processes in place to handle such notices .

Can anyone share how he handles such notices in his ISP environment , i am ready to adapt some valid steps to improve the existing process.

Or should i just ignore such messages ?

If you're in the U.S., the process for handling these notices is prescribed by law, specifically the Digital Millennium Copyright Act (search: DMCA takedown notice). It details what the infringement notice must include in order to be actionable and what steps the ISP must take on receipt of an actionable notice. It also prescribes procedures for the alleged infringer to object and for the ISP to restore the material following an objection.

Follow the procedures described in the law to retain your immunity as an ISP. Consult a local lawyer if you don't find them sufficiently obvious.

The thing that muddies this is that, as I understand it, the notice was not for takedown (i.e. there is not an allegation that they are *hosting* infringing material) - it is a notice that one of their users *downloaded* copyrighted material (IP, do I have that right?)

This is part of the RIAA's "graduated response" program, to which several major ISPs, including AT&T, Verizon, and Comcast, have agreed.

Basically, the accuser contacts the ISP, and the ISP sends a warning (a "copyright alert") to their user (without giving up the user to the accuser).

If the same user is accused subsequently, they get another, sterner warning. In total there is a series of six warnings, with "mitigation measures" accompanying the fifth and sixth warning.

If I were counseling an ISP - whether one that was part of the agreement, or not - I would say that the first order is to *put your policy around copyright alerts in writing* - asap - and make it as specific as possible - and then *ALWAYS FOLLOW IT EVERY SINGLE TIME*.

It almost (I say almost) doesn't matter what the policy is so long as it's reasonable, but it matters that it be followed to the letter every time, no exceptions.

And, if you are an ISP that isn't part of the agreement with the RIAA, it's still not a bad idea to structure your policy to follow the six "copyright alert" structure, because there is some precedent there, and then you come off looking like you are trying to do the right thing, which will make you a less easy target.

These two articles give a pretty good explanation of the deal:

https://www.eff.org/deeplinks/2012/03/graduated-response-deal-steamrollers-t...

http://arstechnica.com/tech-policy/2011/07/major-isps-agree-to-six-strikes-c...

Anne

Anne P. Mitchell, Esq CEO/President Institute for Social Internet Public Policy http://www.ISIPP.com Member, Cal. Bar Cyberspace Law Committee ISIPP Email Accreditation: http://www.SuretyMail.com

-- --------------------------------------------------------------- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com VP (Admin) - ISOC-NY - http://isoc-ny.org -------------------------------------------------------------- -

On Wed, Aug 22, 2012 at 2:17 PM, Anne P. Mitchell, Esq. <amitchell@isipp.com> wrote:

...

If you're in the U.S., the process for handling these notices is prescribed by law, specifically the Digital Millennium Copyright Act (search: DMCA takedown notice). It details what the infringement

The thing that muddies this is that, as I understand it, the notice was not for takedown (i.e. there is not an allegation that they are *hosting* infringing material) - it is a notice that one of their users *downloaded* copyrighted material (IP, do I have that right?)

Thanks Anne. You are, of course, correct and the information you provided is very much on point. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004