In a voluntary self-policing effort most likely intended to help safeguard their Communications Decency Act (“CDA”) Section 230 immunity from suit, several Internet Service Providers (“ISPs”) have created a “Copyright Alert System” (“CAS”) to allow content owners the opportunity to report piracy, through which “strikes” can be issued to Internet service users as a warning for piracy. This YouTube user who I can’t identify as an authority, has a few generally accurate, and fairly informative videos about the CAS regime. It’s not clear whether this user is a representative of the ISPs or not. Comcast also has a pretty good set of faqs on the CAS.
Essentially, the CAS allows content owners to identify infringing IP addresses after verifying that infringement is taking place by P2P (“peer to peer”) file sharing. The ISP then sends a warning to the Internet service user who had that IP address at the relevant time. After multiple warnings the Internet service user may be required to view a video about piracy, and after several warnings that user’s service may be “throttled,” or slowed down to make piracy more difficult or time-consuming. The CAS includes an arbitration process for challenging warnings (Russell’s teapot: How do you prove you weren’t pirating?), but no circumstance under which an Internet service user’s account is to be terminated.
The House of Representatives has plans to focus on cybersecurity in the coming weeks and, as a result, is slated to consider at least two bills that have gained substantial traction out of committee. These bills carve out exceptions to privacy laws to allow private companies to disclose “cyber threat intelligence” to the government. The need for such a law is proclaimed by political officials and private entities alike. Current privacy laws—such as the Electronic Communications Privacy Act or the Privacy Act—provide an all-important shield against disclosure of private information but often have the consequence of hamstringing efforts to identify and prevent cyber threats. Read more
On March 27th, the Federal Trade Commission announced that it has settled its complaint that RockYou, Inc., an online gaming site, allowed hackers to access the personal information of 32 million users while it touted its security features and that it violated the Children’s Online Privacy Protection Act (COPPA) Rule when it collected information from approximately 179,000 children. The settlement requires RockYou to stop its deceptive claims about privacy and data security, implement a data security program, stop all future violations of COPPA, and pay a civil penalty of $250,000. Read more
Issue remain, however.