What you need to know about Canada’s new anti-downloading laws, and why all Canadians should be concerned with how their privacy will be affected
Image by Marta Kierkus
When Chelsea chose to download Vampire Academy last spring, she considered the innocuous act of online piracy as unmemorable as the movie itself.
Not so for the copyright holder. In August, she received an email from the company that produced the movie, forwarded by Rogers, her internet service provider (ISP). The email said the company had evidence that she had illegally downloaded Vampire Academy—a movie about a teenage half-vampire trying to survive private high school—and threatened further action if this type of activity continued at her residence.
Chelsea, whose full name the Fulcrum has withheld, was bothered by the sudden realization that her online micro-actions were being monitored, but it was her mom who freaked out the most, suddenly frightened about her family’s activities landing them in a lawsuit pursued by a powerful media company.
Regardless of whether they illegally download digital content, Canadians ought to be concerned about the new Notice and Notice program that came into place on Jan. 1, a system that streamlines and formalizes the process that Chelsea went through.
The new anti-downloading laws are about what you do when you think no one is watching. When you think no one cares. Internet surveillance is personal, it’s creepy, and its stakes are well beyond the choice of what to watch on movie night.
The battle over online anonymity
The Notice and Notice Provision is not a reflection of any new powers of copyright holders; it’s simply one aspect of a new law, the Copyright Modernization Act, that updates and clarifies the legal rights and responsibilities of copyright owners, ISPs, and Internet users. Under this law, ISPs are now legally required to pass on notices of copyright infringement to its customers who have been flagged for illegal downloading. Before the provision, there was no clear legal requirement for ISPs to send out the notices they received from copyright holders to their customers, like the one Chelsea received from Rogers.
These notices, while quite intimidating in language, are not proof of any guilt or damage. They are designed simply to discourage future illegal activity. Michael Geist, a law professor at the University of Ottawa and the Canada Research Chair in Internet and e-commerce law, says Canadians shouldn’t panic over potential litigation arising from these notices.
“They should be aware of the fact that there’s been an allegation of infringement, but at the same time the likelihood of litigation or a lawsuit following is pretty low,” says Geist.
The low odds are due mainly to logistics, he says. Suing thousands of Canadians in individual cases would be difficult for our court system to handle.
“This is really designed to be an educational system to make people aware where the law stands, as opposed to an attempt to try to leverage this immediately.”
The reason notices are so important to copyright holders is that they do not know the identity of the customers illegally downloading their content. They only know their Internet Protocol (IP) number, an address for a device’s online activity. The ISPs do know the names of their customers who are matched with particular IP addresses, but as decided in a June 2014 ruling by the Supreme Court of Canada, they are not legally allowed to give out this information to a copyright holder unless ordered to do so by a court.
There has only been one case in Canada in which a copyright holder has gone to court over the identity of downloaders. Last February, TekSavvy, an Ontario-based ISP, was ordered by the Federal Court to hand over the personal information of 2,000 customers to Voltage Pictures, a small California film company that owns the rights to The Hurt Locker and Dallas Buyers Club, among many lesser-known films.
But the process is more complicated than TekSavvy simply handing over a list of customers. The Voltage ruling stipulated that the transfer of customers’ personal information must be court-monitored to ensure how and when Voltage can use this information. The danger is that Voltage could use the personal information to bully customers with threats of legal proceedings and damages that exceed what they would be legally entitled to under Canadian law.
The range of damages for non-commercial copyright infringement in Canada is between $100 and $5,000. According to multiple legal experts, if a case ever went to Canadian court the amount of damages would far likelier be nearer to $100 for a first-time case.
David Fewer, director of the Canadian Internet Policy and Public Interest Clinic, explains that Canada’s statutory damages system shields Canadians from so-called “copyright trolls,” whose business model is predicated on leveraging people and the court system to get more money than they’re entitled to. The ruling in the Voltage case and the Copyright Modernization Act made such copyright troll tactics illegal.
“The system we have is a friend to ordinary Internet users, not something to live in fear of,” says Fewer.
Principled by profits
It first appeared the privacy protections ordered in the Voltage case would set a precedent that would make it too costly and resource-consuming for copyright trolls to target Canadians. However, the recently proposed Bill S-4, the Digital Privacy Act, would make it easier for ISPs to share personal information without consent. The proposed bill, which has already made it through the Senate, would allow ISPs to voluntarily disclose customers’ personal information to another company, without telling the person affected and without a court order.
“Right now it’s good because Canada’s ISPs mostly understand that protecting users’ privacy is still good business,” says Fewer. “But they don’t have to, and there’s always the potential for an unscrupulous ISP to say you know what, instead of you, the copyright troll, spending thousands of dollars on a court order, why don’t you just pay me a reasonable sum of money to cover our costs, maybe make a profit, and we’ll give over this information.”
He says it’s particularly a concern with larger ISPs that have a vested interest in the content being illegally downloaded—as they are content owners and producers themselves—or who may look at online infringement as competition to their cable or satellite services.
The real danger for downloaders, and all Canadians concerned about their privacy, is the day when ISPs decide to turn on their subscribers and start cooperating in the sharing of data, a decision that would be all too easy to make should Bill S-4 become law.
“ISPs are businesses, and at the end of the day they will do what makes the most business sense, and that’s why I worry that if trolls make it profitable for ISPs to hand over subscriber data then that’s where they’ll wind up,” says Fewer.
“Certainly we’ve seen that many Canadian ISPs put shareholder interest ahead of customer or privacy interests.”
Finding the right person for the right activity
Another major concern comes from the margin of error when equating a person with a specific IP address. Notices are sent to the email address provided to ISPs from each customer in the case of infringement allegations.
But the person receiving these emails may not be the same person responsible for the downloading. This is especially a concern for students living in a house or apartment with friends who share an Internet connection, and thus one IP address.
It gets even more complicated in a massive network such as the one here at the University of Ottawa. According to a U of O spokesperson, should the university receive an illegal downloading notice directly from Rogers, they would remit the notice to the individual.
But to do so the university would have to take steps to associate your network activity with the credentials used to login into their system. To the content holder, all student activity would appear to stem from the U of O.
This type of non-specific accusation may not be a serious issue when only non-binding notices are at stake, but it could be problematic in the event of the person whose name is linked to a flagged Internet account becoming the target of future litigation.
“They don’t know who the user is otherwise, so that’s who they are going to target,” says Geist.
While due process in the court of law could mitigate the problem, an even greater danger arises if copyright trolls get a hold of customers’ personal information and begin suing.
“For these trolls, it’s not about getting compensation from the right person for the right activity,” he says. “It’s about identifying a subscriber and getting more money than they’re entitled to through a settlement, basically leveraging the fear of litigation and the cost of defending yourself.”
Privacy, not by default
The best defence against copyright trolls and future litigation is obvious: stop downloading. But the Copyright Modernization Act is troubling not because of who or what is targeted, but how. The pushback against downloaders reveals just how tenuously the value of privacy is respected in Canada.
The Supreme Court of Canada’s ruling last June stated that Canadians have the right to be anonymous on the Internet and that police would have to get a warrant before uncovering their identities. Current legislation put forward by the Harper government, such as Bill S-4, directly contradicts this ruling.
CBC News and the Intercept also revealed on Jan. 28 that the Canadian government is behind a massive covert operation that “taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files.”
Says Geist, “As we learn more and more about what’s taking place, it’s quite clear that virtually everything is being captured.”
“If you look at how the telephone evolved and how those kind of lines of communication evolved, the privacy was on by default,” says Fewer. “And we didn’t take the view that you had to take extraordinary steps to protect your privacy. In fact, we took the opposite view that privacy was the default, and if the state wanted to listen in on your conversations, it actually had to go to court and get a wire to monitor all that stuff.
“The state apparently took the opposite view with online browsing.”
Protecting yourself and your privacy
One such extraordinary step students can take to protect their privacy is purchasing a virtual private network (VPN). VPNs essentially create an encrypted tunnel that a device enters from a particular online location—an IP address—destined for some other online location, with no way to track the device to the original location.
This is how so many of your friends most likely get American Netflix: They make it appear as if their computer has an American IP address.
While both Fewer and Geist don’t advise students to get a VPN in order to continue illegal activity, they say it is one of the best tools available to those concerned about their fundamental right to privacy.
“Your business is your business and it’s nobody else’s business,” says Fewer. “If people aren’t going to respect those boundaries then you should use the tools to enforce those boundaries.”
It’s still unclear how anti-downloading efforts will play out in Canada, and whether the associated litigation will ever be practical enough to make VPNs or other extraordinary efforts necessary for downloaders.
The problem with the cat and mouse game that copyright holders are currently engaged in with illegal downloaders is they always seem to be a step behind.
“The experience in a lot of other jurisdictions is that it’s not lawsuits that have proven effective,” says Geist. “It’s typically been in offering up compelling alternative services that are well-priced and encourage people to go in another direction.”
Chelsea says that despite the initial scare when she received the notice from Rogers, she hasn’t stopped downloading.
“I just avoid movies produced by the company that produced the movie I got booked for. And while it did freak me out a bit, I haven’t stopped and don’t plan to.”