Not if the email has been “in electronic storage” for more than 180 days, under the 1986 Stored Communications Act (18 U.S.C. Section 2703). The Stored Communications Act (SCA) is Title II of the Electronic Communications Privacy Act (ECPA).  In contrast, that same Act states that a warrant is required for disclosures of emails that have been stored for 180 days or less.

A Recent Battle Over Email Through Webmail

How to apply the SCA to emails stored by webmail providers was the central issue in a court battle pitting several tech company heavyweights and privacy advocates against the U.S. Department of Justice.  In December of 2009, the DOJ requested and received an order from a magistrate judge that Yahoo turn over emails in specified accounts stored for less than 181 days—without a search warrant.  The DOJ’s rationale? The emails had already been read by the recipient, and thus did not count as being in “electronic storage” within the meaning of the SCA.

Yahoo refused to comply with the magistrate judge’s order. The DOJ filed a motion to compel the production of the emails in March (PDF). Yahoo’s response brief (PDF) contested the DOJ’s interpretation of “storage” and accused the DOJ of trying to overturn years of precedent in an effort to gut Fourth Amendment protections for emails.

Yahoo was not alone in its battle. Google and a coalition of digital privacy groups came to its defense, filing an amicus brief (PDF) arguing that the Fourth Amendment protects email just as much as private conversations and written papers, and supporting Yahoo’s interpretation of “electronic storage” within the meaning of the SCA.

The Government Backs Off… For Now

The fight was just coming to a head when it ended abruptly. The DOJ withdrew its motion to compel the production of the emails (PDF)—without, however, backing down from its interpretation of the law. This means that the argument may not be truly over, but may simply have been postponed. Although Yahoo briefly expressed its pleasure over the new development, the digital privacy groups (for instance, the Electronic Frontier Foundation) are less pleased because the withdrawal delayed resolution of a contentious issue. Adding to their consternation: they thought they were going to win.  Precedent indicates that the resolution the DOJ’s withdrawal delayed may have been favorable to email users and companies like Yahoo, and less than favorable to the DOJ. Although Yahoo won this short-term victory, the government’s withdrawal means that Yahoo and Google and their users will likely face similar issues very soon.

“Electronic Storage” and Cloud Computing

Yahoo, in its response to the DOJ’s motion to compel, relied on the 2003 9^th Circuit case Theofel v. Farey-Jones (PDF) which plainly stated that opened emails fell within the SCA’s definition of “electronic storage.” For the purposes of SCA § 2701(a)(1), a communication is in “electronic storage” if it is stored temporarily and incidentally to transmission or if it is stored “for purposes of backup protection” (SCA § 2510(17)). In Theofel, the 9^th Circuit did not decide the question of whether opened emails were stored incidentally to transmission, but held that regardless of that issue, opened emails were stored for purposes of backup protection. Accordingly they are in “electronic storage” within the plain meaning of the SCA. Yahoo argued that not only are the opened emails stored for purposes of backup protection, but that the court should also consider them to be stored incidentally to transmission. Relying on the plain meaning of the SCA provisions, Yahoo argued that whether an email was opened or not was irrelevant to its classification as “electronic storage” and consequent protection under the SCA.

The DOJ, by contrast, argued that Theofel was an erroneous decision and that the 9^th Circuit was disregarding the structure and legislative history of the SCA. In particular, the DOJ argued that the protection for backup storage only applied to copies made by a service provider in case of system failure. Since opened email does not fall into this category, it is not in “electronic storage” for the purposes of the SCA, but instead falls into the category of communications held by a “remote computing service”—in this case, Yahoo.  The SCA, passed in the days before common use of webmail, does not have warrant requirements for such communications (see section 2703(a), regarding communications in “electronic storage,” compared with section 2073(b), discussing communications held by a “remote computing service”).

The SCA’s distinction between “electronic storage” and storage by a “remote computing service” suggests that much of the information stored by web users will have very little statutory privacy protection in the era of cloud computing, as more and more personal data is stored remotely. That is probably why the amici brief by Google and various digital privacy groups, in addition to supporting Yahoo’s interpretation of the SCA, also argued that the emails were protected under the Fourth Amendment—regardless of whether the SCA’s protections extend to them or not.

Fourth Amendment and Email

Citing a line of cases beginning with Katz v. United States, a Supreme Court decision from 1967 holding that governmental eavesdropping on phone conversations is a Fourth Amendment violation, the amici brief argued that email users have a “reasonable expectation of privacy” (a prerequisite to Fourth Amendment claims) for the contents of emails stored with a webmail provider. The argument was supported by analogy to conversations in person and over the phone (which are intangible, yet constitutionally protected), sealed postal mail (private for Fourth Amendment purposes even though carried by a third party) and the contents of hotel rooms (private even though the room is owned by a third party).

Possible Future Developments

Despite all these fine-tuned legal arguments, all of these parties will have to wait for a final conclusion on whether opening an email makes it less protected and whether email is as constitutionally protected as a phone conversation. However, Google and the digital privacy organizations behind the amici brief—along with Microsoft, AT&T, AOL, Loopt, and others—have joined forces to advocate federal laws that would render moot all of this analysis by changing the SCA so that police will need a search warrant to access emails even if they are stored “in the cloud.” Describing the issue as one of “digital due process,” the coalition argues that the 1986 attitude to “remote computing services” has become obsolete and that privacy protections need updating in the current era.

The fact that most of this diverse coalition banded together to support Yahoo’s case so quickly after it was announced (it was announced on March 30^th and the amici brief was filed on April 13^th) suggests that the coalition may have regarded the Yahoo case as the initial test run for its legal strategy. The DOJ’s withdrawal can be taken as a sign of uncertainty in its position, or at least unwillingness to argue it unless strictly necessary. However, the DOJ’s lack of any concession on this issue shows that it has by no means given up the possibility of pursuing this battle in later cases, which means that we will likely see giants like Google, Microsoft, and AT&T clash with the federal government over email privacy in the future.

The Case: FCC v. Comcast

The FCC based its legal argument on its 2005 “Internet Policy Statement” (PDF), which declared (among other things) that internet users had the right to freely access the internet content of their choice, subject to the requirements of “reasonable network management.” Comcast, the FCC argued, had violated the Internet Policy Statement by its traffic discrimination against BitTorrent, which did not fall within “reasonable network management.”

Comcast countered by arguing that the FCC had no right to regulate its network management in any way. The Internet Policy Statement was a set of guidelines, not rules, and the FCC admitted its unenforceability within the statement itself. Until the FCC makes the “Policy Statement” an active, binding policy, Comcast argued, the agency had no authority to enforce its rules.

The FCC, in response to sharp questions from the court about the source of its authority and asking which particular statute Comcast had violated, claimed that its “ancillary” power to implement its Congress-granted authority gave it the right to regulate Comcast. This ancillary power comes from Title I of the 1934 Communications Act, which gives the FCC to promulgate regulations “reasonably ancillary” to the agency’s specific duties outlined elsewhere in the Act.

The court did not buy this argument. In its opinion (PDF), the court stated that “ancillary” jurisdiction was not free-floating but had to be related to an explicit statutory grant of power. Finding no express Congressional permission for the FCC to regulate Comcast’s network management, the court threw out the FCC’s order.

The Larger Issue

The FCC’s fight for “net neutrality” is a part of its stated general agenda to make the internet easily accessible to every American. Through its proposed National Broadband Plan (NBP), submitted to Congress on March 16^th, 2010, it intends to make high-speed internet “the country’s dominant communication network.”

Aspects of the NBP include a subsidy for ISPs in rural parts of the country, auctioning broadband spectrum to wireless providers, a “digital literacy corps” to help Americans learn online skills, up to $16 billion for a public safety network to coordinate first responders to disasters and crises, a goal of having 100 million households with 100 megabit-per-second internet access (contrasted with the current average of three to four megabits-per-second) by 2020, and reduction of phone subsidies in favor of internet subsidies.

The FCC faces push-back from the television industry in particular, which is currently using parts of the over-the-air spectrum that, under the NBP, may be auctioned off for broadband use. The FCC already fought and won a similar battle with the enforced end of analog transmissions of TV signals—the spectrum used for over-the-air analog transmission was reclaimed (and all analog TV signals replaced with digital ones) and auctioned off.

What will likely happen next?

The FCC’s public reaction to the recent federal court decision has been unabashed and undismayed. In its release on April 8^th announcing its 2010 Broadband Action Agenda (PDF), an elaboration on the specifics of the NBP, the FCC Chairman Julius Genachowski declared, “The court decision earlier this week does not change our broadband policy goals, or the ultimate authority of the FCC to act to achieve those goals. The court did not question the FCC’s goals; it merely invalidated one technical, legal mechanism for broadband policy chosen by prior Commissions.” The announcement then lists those goals and the steps the FCC proposes to implement them. Ars Technica explains some of the FCC’s plans here.

The FCC may also have another legal option available to protect net neutrality specifically, in addition to implementing the NBP. University of Michigan law professor Susan Crawford persuasively argues that the FCC can easily acquire the legal authority to enforce net neutrality.  In an op-ed column for the New York Times, Professor Crawford points out that the recent federal court decision rests upon the labeling of ISPs as “information services” rather than “telecommunications services.”  Until 2002, the internet was considered a telecommunications service. But under the George W. Bush administration the FCC re-labeled high-speed internet providers as providers of “information services” because they offered services other than internet connection (like e-mail and web-hosting).

Why does this re-labeling matter? Because the Communications Act gives the FCC the authority to regulate “common carriers,” which includes “telecommunications services” and does not include “information services.” Since the FCC is in charge of this labeling process (which is how it changed the label from “telecommunications services” to “information services” in the first place), it is legally empowered to reverse its own decision and simply change the label back to “telecommunications services”—provided that it can offer a good reason for doing so. Professor Crawford argues that the reason for reversing the reclassification is obvious, because people buy internet services based on speed and price, and not because of the extra services some high-speed providers offer (such as e-mail).

At this point the FCC has not declared any intention of undoing the Bush administration-era re-labeling of high-speed internet.  Its legal authority to do so, however, presents an intriguing possible twist in this ongoing battle.

Among the companies targeted for criticism are Google, Amazon, McAfee, Yahoo, eBay, Microsoft, Apple and Verizon. These hearings may mark the beginnings of legal changes that could require information and communications technology companies to protect users’ rights overseas. The potential legal ramifications of these changes are unclear at present, though they are the subject of heated debates, as we will see below.

The Senate Hearings

U.S. Senator Dick Durbin of Illinois chaired a hearing before the Judiciary Subcommittee on Human Rights and the Law on Tuesday March 2^nd to review the practices of information technology companies in countries that restrict free access to the internet.

Senator Durbin sent letters to thirty companies requesting information on their business practices in China and other countries that censor the internet. The senator also encouraged companies to join the Global Network Initiative (GNI), a group of corporations, academics, human rights groups, investors and others committed to protecting internet users’ rights to freedom and privacy according to a specific code of conduct. (As of now, only the original three member corporations have joined the GNI, which is discussed further in the section below. ) The GNI submitted a written statement for the hearing, available here, which stresses the need for more communication between companies in the information and communications technology sector in order to identify important human rights issues. The GNI also affirmed its view that there is a strong need for more corporations to join the GNI and commit to its principles.

Testifying at the hearing were Michael Posner (Assistant Secretary of Human Rights, Democracy and Labor at the State Department), Daniel Weitzner (with the National Telecommunications and Information Administration of the Department of Commerce), Nicole Wong (Google’s Vice President and Deputy General Counsel), Rebecca MacKinnon (Visiting Fellow at Princeton University’s Center for Information Technology Policy and a drafter of the Global Network Initiative), and Omid Memarian (an Iranian blogger living in the U.S. since his release from detention by the Iranian security services in 2004).

Mr. Memarian testified about how his website was shut down—not by the Iranian government, but by his American domain and host provider, because of restrictions on transactions with Iran. He discussed how such restrictions and sanctions prevent Iranian dissidents from downloading software (including, for example, Google Chrome) and publishing their opinions. He also made several suggestions about how the U.S. government and American corporations could provide technologies that would help promote internet freedom in Iran, and further argued that a freer Iran would greatly help the security of the region.

Nicole Wong’s testimony reviewed Google’s recent problems with China and affirmed Google’s unwillingness to keep censoring search results for Chinese users. She stated that Google would “reconsider [their] approach” in China if the situation worsened after more monitoring. Beyond restating Google’s decision to stop censoring search results in China, she did not commit to any concrete action. However, she discussed various strategies that governments could use to combat censorship. She also analyzed the issue from an economic perspective, elaborating on the damaging effects of internet restrictions on both the “host” country and on foreign companies.

Rebecca MacKinnon testified about authoritarian regimes’ exploitation of the internet to cement their power and suppress dissent. Ms. MacKinnon discussed and countered the view, popular in the 1990s, that the internet by its nature would elude and eventually defeat authoritarianism. It was then widely believed that no government could truly stop the spread of information over the internet. The internet, the theory went, would be an invaluable and unstoppable weapon in the hands of dissidents.

Contrary to predictions, as China and Iran in particular have demonstrated, authoritarian governments have adapted to and co-opted the internet. Filtering, deletion of content by internet companies, cyber-attacks, politically motivated law enforcement, and device-level controls are the major techniques a government may use to control the spread of potentially threatening information over the internet.

Mr. Posner and Mr. Weitzner made general comments in support of internet users’ liberties and of using business regulation to promote free exchange.

The Corporations’ Response

The point of the hearings, as suggested by Senator Durbin’s letters to the various companies, was to highlight the role corporations can play in either reinforcing or undermining government surveillance and control of the internet. Senator Durbin’s opening remarks discussed how pressure from U.S. companies and the government influenced the Chinese government to back down from its decision to require all computers sold in China to include filtering and information-gathering software. Ms. Mackinnon also discussed ways in which corporations could fight internet censorship, from locating servers outside the territories of authoritarian countries to refusing to comply with informal demands from governments to creating surveillance-circumvention technologies.

However, only three corporations in the sector have committed to the GNI code of conduct: Google, Microsoft, and Yahoo. Whether these companies will adhere to the code of conduct is uncertain, as the New York Times points out.

Additionally, AT&T, Skype, and McAfee have committed to discuss joining GNI.  Facebook and Twitter were invited to send representatives to the hearings but declined. Senator Durbin expressed his disappointment in this unenthusiastic but probably inevitable response.  Without legal pressure, it is unlikely that corporations will take actions against their own self-interest by defying laws in countries where they do business.

Possible Legal Consequences

At this time, enactment of any new legislation is far off. The bulk of lawmakers’ attention is focused on exhorting companies to voluntarily comply with GNI standards.

However, many have made legislative proposals and suggestions. For instance, Rebecca MacKinnon has argued for legal changes allowing targets of state repression to sue U.S. companies who turned over information on them. Additionally, Senator Durbin is working on legislation to compel companies to either defy censorship overseas or face civil or criminal penalties at home, the St. Louis Post-Dispatch and PC Magazine report. He has not stated what actions would trigger these penalties under the hypothetical bill. However, this is not a new idea: some activists have been proposing the Global Online Freedom Act (GOFA) for years, as the Guardian reports, which would make it illegal for a U.S. company to provide information or technology aiding restriction of internet services. Brendan Ballou, who blogs on Harvard Law Professor Jonathan Zittrain’s website, analyzes some aspects and limitations of the GOFA here.

Criminal or civil penalties in the U.S. may simply present U.S. companies with the following calculation: will defying the U.S. law cost them more or less than circumventing internet restrictions in China or Iran? The efficacy of such a bill is questionable. It may present some companies with a difficult choice: they must either violate the law at home, or abroad. Furthermore, many of the technologies that make internet-restriction possible were developed in U.S. and European countries at the behest of their governments, to aid in lawful surveillance in those countries. Nokia Siemens made this point in response to a European Parliament resolution condemning its technological aid to the Iranian government and calling for a ban on surveillance technology exports to certain countries, as Ars Technica reports.  This suggests that the scope of the bill will have to be very clearly defined if it is to differentiate between surveillance carried out in the most repressive countries and surveillance in western democracies.

Opting in vs. opting out, and the difficulties of opting out

Google automatically enrolled all Gmail users into Buzz without permission, rather than giving them the choice to opt in. Users could opt out after the automatic enrollment, but they could not avoid enrollment in the first place. And Google initially made things difficult and confusing for users who wished to opt out. The “turn off Buzz” button at the bottom of the Gmail inbox screen did not actually turn off Buzz unless the user deleted her Google profile and blocked her followers, as CNET reported. This initially confused many users although, as CNET explains here, Google has now made disabling Buzz much easier in response to complaints.

The cause of the outcry

One major cause for complaint was the way Google took users’ private e-mail address list and made them public in Buzz. The outrage over Google’s action highlights one of the few clear public-private boundary expectations that exist in online communications: we do not expect our e-mail communications or contacts to be known to our personal acquaintances.  On Facebook, those we have “friended” can generally see each other. But in e-mail, we do not expect each of our e-mail contacts to be made aware of each other simply because they’re in the same address book.  The myriad personal implications of this are obvious.  For example, people do not necessarily want their former significant others to know the e-mail addresses of their current partners. The consequences of this privacy breach can be severe: one blogger found her address book exposed to her abusive ex-boyfriend, as the New York Times reported. Furthermore, as the Times went on to explain, dissidents under authoritarian regimes have reason to fear their contacts being made available to any casual governmental monitor.

As Ars Technica commented, these problems arose directly from Google’s attempt to use information given by its users in a private context (e-mail) by linking it to a public service. Furthermore, Google also took public information (public Picasa Web Albums and Google Reader shared items) and connected it to users’ Buzz account. This made it likelier that the users’ Buzz contacts would see the albums or Reader items. Google defended this by saying the information was public anyway, but linking users’ public information to their social networking account still has consequences. Information that is not hidden behind a password may still be unknown to a user’s personal acquaintances, and the user may wish to keep it that way.  While technically Google “it was public already” defense may have some legal merit, it did not incur any good will from its users by failing to seek their permission on this issue.

Google’s response

Google has apologized and begun rolling back some of Buzz’s problematic features. Google got rid of the automatic creation of a Buzz contact list from users’ email accounts, made it easier to disable Buzz, and no longer automatically connects public Picasa Web Albums and Google Reader shared items to Buzz accounts. The response was both rapid and dramatic, which is a point in Google’s favor in the eyes of many complainants. However, because of the circumstances that made such a response necessary, Google’s critics are still not entirely satisfied.  

The legal repercussions

Google may have to face a class-action suit in federal court in San Jose, CA, the San Francisco Chronicle reports. Plaintiff Eva Hibnick of Florida is seeking to file the suit on behalf of all Gmail users whose account information was automatically linked to Buzz. The complaint accuses Google of unlawfully sharing personal information without permission, as ABC explains. The plaintiff seeks injunctive relief from similar actions in the future, as well as unspecified monetary damages.

Furthermore, the Electronic Privacy Information Center (EPIC) calls Google’s response inadequate, reports Digital Media Wire. EPIC argues that Google Buzz should be opt-in, rather than opt-out. Google’s most recent changes have made it much easier for users to opt out of Buzz, but they still must opt out. Additionally, EPIC argues that Buzz should not have access to Gmail address books. EPIC has also filed a request with the Federal Trade Commission to investigate Google Buzz.

The Electronic Frontier Foundation has also sharply criticized Google Buzz. The EFF’s arguments go beyond the immediate impact of the Buzz features and suggest that courts should be more skeptical of the Google Books settlement. As the EFF points out, a BBC report suggests that Google did not properly test Buzz before launching it. As Google tries to finalize its Books settlement, as the BBC reports, the problematic Buzz launch suggests Google might use Books information for its own competitive advantage in the same way it used Gmail information. The EFF argues that the Buzz incident highlights the need for Google to make “firm enforceable commitments to protecting user privacy.”

The future

Buzz might be doing better than one might anticipate given the uproar. The New York Times reports that Google claims “tens of millions of people” tried Buzz in the first two days after its launch. Google competitors Microsoft (as MediaBistro reports) and Yahoo, meanwhile, are naturally pooh-poohing Buzz’s prospects. But one thing is clear. Google might get away with asking for forgiveness rather than permission while dealing with Google Books and other copyright law issues, but taking that cavalier approach to personal information is a different matter, even in an age of decreasing privacy. Google may be dealing with both the public relations fallout and the legal consequences of the Buzz launch for a long time.

Timeline

The first trial took place in 2007. A jury found that Thomas-Rasset (then simply Thomas) had “willfully” infringed and held her liable for $222,000 in damages. That figure came from a penalty of $9,250 per song, out of the $150,000 per song maximum permitted by the Copyright Act .

Thomas was granted a retrial because of a jury instruction that making a copyrighted file “available” was sufficient to show infringement. Federal Judge Michael Davis, who presided over the first trial, came to believe after appeal that his jury instructions were incompatible with Eighth Circuit precedent. Citing National Car Rental System, Inc. v. Computer Associates International, Inc. (8^th Cir. 1993), Judge Davis decided that the plaintiff had to show that defendant actually shared a file with a third party, rather than simply making the file available for sharing.

In the second trial in 2009, Judge Davis set aside a jury award of $1.92 million, calling it “monstrous” and pointing out that Thomas-Rasset did not make a monetary profit from her infringement. Davis reduced the damages to $54,000, allowing the parties to accept the award or proceed to a third trial.

The RIAA not only accepted the damages, but reduced them further in a settlement offer of $25,000. The RIAA’s terms allowed Thomas-Rasset to pay the award in installments to a fund for musicians. As a condition for the settlement, the RIAA said the judge would have to vacate his remittur (reduction) of the jury award.

Thomas-Rasset’s lawyers have announced her intention to reject this and any other settlement offer that requires her to pay damages. The RIAA’s deadline for accepting the offer was last Friday, January 29^th.

Issues

The major issue raised in this case is the constitutionality of the awards against Thomas-Rasset—and, by implication, future file-sharers like her. She intends to challenge the constitutionality of not only the $1.92 million jury award in the second trial, but also the judge’s reduced award. Even the reduced award, her lawyers contend, is unconstitutionally excessive: it is 2,250 times the usual $1 price of a downloaded song.

The RIAA is adamantly opposed to any finding that the judge’s awarded damages are unconstitutional. Moreover, the RIAA is trying to vacate the judge’s remittur because it is keen to prevent any precedent allowing judges to reduce jury awards in copyright infringement cases. That is why the vacature (making the original judgment legally void) of the remittur was the sole—and firm—condition of its settlement offer. For its absolute insistence on this point, the RIAA has been accused of bullying. Joe Sibley, one of Thomas-Rasset’s attorneys, recently described the situation as the RIAA trying to “scare” people into paying “exorbitant” damages. Nevertheless, the RIAA continues its attempt to vacate the remittur and thus keep the legal door open for million-dollar damages awards in file-sharing cases.

This trial raises another issue, namely what exactly it takes to prove infringement against a particular individual. Proving that songs were shared from a particular computer or IP address is often simple. However, proving that a particular user of that computer was the infringer is a different matter. Here, the files were shared from Thomas-Rasset’s password-protected computer at her IP address, using a username she had used for a number of years. The two juries evidently found this compelling evidence of Thomas-Rasset’s guilt, although Thomas-Rasset’s lawyers argued that anyone could have used the computer and username in question. Judge Davis was not convinced by and did not approve of Thomas-Rasset’s attempts to suggest that her children or ex-boyfriend infringed using her computer. The defense lawyers argued that alternative explanations were possible, and that MAC and IP addresses (identifiers for a particular computer that are transmitted during file-sharing) can be spoofed, though they offered no evidence that this had happened here.

Possible Future Developments

Wired recently described the RIAA as “winding down” its lawsuit campaign against file-sharers and shifting its efforts to getting internet access to infringers cut off. But there are still loose ends. Thomas-Rasset insists on going to a third trial rather than accepting a settlement. Therefore, it is still unclear whether there will be the precedent of a judge setting aside a jury award in a copyright infringement case will stand. That will depend on the outcome of the third trial.  Additionally, Thomas-Rasset’s challenge to the constitutionality of the judge’s award is still unresolved.

Furthermore, a second infringement case with a U.S. defendant also went to trial in July 2009: the recording industry’s suit against Joel Tenenbaum. The jury held Tenenbaum liable for $22,500 per song; since he was found to have infringed 30 songs, this amounted to $675,000 in damages. The judge finalized the jury award in December 2009. Like Thomas-Rasset, Tenenbaum is challenging the award’s constitutionality. Anyone who has ever shared a song using BitTorrent, Kazaa, or LimeWire should probably pay attention to what happens next.

The Anti-Counterfeiting Trade Agreement

ACTA is a proposed agreement between the United States, the European Union, Australia, Canada, Japan, Singapore, Morocco, Mexico, the Republic of Korea, New Zealand, and Switzerland. The purpose of the agreement is to combat the spread of counterfeit goods, including software and information technology.

All states that have been party to the negotiations know the details of its provisions. Additionally, ACTA proponents in the recording industry, critics at Public Knowledge (home page), as well as some internet providers and electronics companies have been given the text of the agreement. Yet despite this information-sharing among the key players, the actual text of ACTA is still a “properly classified” secret—a state of affairs that has sparked ire and curiosity among those watching its progress.

The Obama administration claims to be keeping the text a secret for reasons of national security.  The White House denied a Freedom of Information Act request for the text of ACTA by Knowledge Ecology International in March 2009. This follows the Bush administration’s decision to deny a similar FOIA request by the Electronic Frontier Foundation and Public Knowledge in early January 2009. EFF and Public knowledge later dropped their suit, finding it futile.

As the MPAA memo shows, proponents argue that ACTA is a reasonable—indeed, a necessary and overdue—response to increased global piracy. They argue that the entertainment and recording industries will suffer tremendously if this piracy is allowed to continue, and that ACTA is a win-win solution for creators, copyright owners, and consumers. The Office of the United States Trade Representative (USTR) ACTA Fact Sheet (pdf) also points to physical threats to health and safety from counterfeit medical supplies, as well as alleging the economic dangers of Internet piracy.

Controversial Aspects

ACTA opponents point to public comments and leaked documents that suggest problematic aspects of the proposed agreement. Although the secrecy of ACTA negotiations prevents any precise legal analysis of its terms, particular concerns have emerged among ACTA critics.

Leaked documents suggest ACTA proponents want the agreement to “encourage” ISPs to “cooperate” with copyright holders in removing infringing materials. There are no specifics on what this cooperation means or how it will be encouraged. However, the Electronic Frontier Foundation notes that ACTA-supporting copyright holders are the same people who want Internet providers to terminate customers’ Internet access after repeated allegations of copyright infringement. These ACTA supporters also want to make network-level filtering mandatory for Internet providers, which would involve deep packet inspection (looking at the data of Internet transmissions) of customers’ communications. These measures have serious privacy implications because Internet providers would have to look closely at the actual content of their users’ communications. There are also due process issues. Would a copyright-holder have to prove infringement in court to get an Internet provider to cut off service to an alleged repeat offender? Or would a complaint from a copyright-holder be enough?

ACTA might also create greater border search power, which has inspired fears of inspectors seizing travelers’ iPods filled with downloaded songs.  Participants in ACTA negotiations have sought to allay these fears by saying that ACTA will not target personal use of iPods and computers. The ACTA Fact Sheet contains a statement that ACTA’s focus is on large-scale infringement and does not require searching personal iPods or laptops.

ACTA critics also have more generalized concerns. First and foremost, as Public Knowledge argues, is the secrecy of the ACTA proceedings.  The USTR denies any secrecy in the fact sheet linked above, pointing out that preliminary negotiations were announced and that the USTR asked for comments from the public. However, it is undeniable that proposed provisions have been kept secret and even been declared classified. Another concern is that ACTA will not actually be a treaty. Instead, it will be an “executive agreement,” which means it will not require Congressional approval. Finally, critics fear ACTA will be used as leverage to pass expansive domestic copyright legislation.

While ACTA may be controversial and scary to many, its supporters show little sign of slowing.

ACTA Timeline

The 6th round of ACTA negotiations took place November 4-6, 2009. Representatives from the various countries agreed to meet again for another round in January 2010. They aim to conclude the agreement “as soon as possible” in 2010.

For More Information

• ACTA Summary of Key Elements Under Discussion, from the Swedish Presidency of the European Union (document link at top of right sidebar)
• Comments filed with USTR by various organizations of differing views on ACTA
• EFF’s ACTA page
• The Free Software Foundation’s ACTA campaign (ACTA critics)

By Anjali Bhat and Paul Sullivan.