April 22, 2010 | By Gwen Hinze

Preliminary Analysis of the Officially Released ACTA Text

The text of the draft Anti-Counterfeiting Trade Agreement was finally released to the public yesterday. We welcome the official release of the ACTA text after two years of negotiations. We can now have a serious public debate about its content and far-reaching impact on citizens' lives.

If the previous leaks (here, here, here and here) left any doubt, the officially released text makes it crystal clear that ACTA is not just about counterfeiting. When ACTA was announced two years ago, it was portrayed as a modest effort at increasing coordination between customs agencies tracking counterfeit physical goods. The officially released text shows that it's far broader. First, it is not just about trademarks; it covers copyright, potentially patents, and all other forms of intellectual property. Second, it's not just about physical goods. It's all about the Internet — which it targets very specifically — and citizens' ability to use it to communicate, collaborate and create. ACTA contains new potential obligations for Internet intermediaries, requiring them to police the Internet and their users, which in turn pose significant concerns for citizens' privacy, freedom of expression and fair use rights.

Read on for our preliminary analysis on copyright issues.

Unlike previously leaked ACTA documents, the official ACTA text does not contain countries' negotiating stances, so it actually contains less information than the most recent leaked documents. However we presume ACTA followers will be reading the official text alongside the leaked 18 January 2010 annotated text, and in many places will be able to work out the originator of particular text. It's obvious that there is still quite a bit of disagreement between negotiating countries about the scope of ACTA (in particular, whether it extends to patents, as Japan and the EU have sought) and some of its fundamental features. As expected, much text is enclosed by square brackets — indicating that it has not been approved by all countries — and in several places there are multiple proposals. There are recurrent disagreements about whether obligations should be mandatory or discretionary, which will lead to heated future lobbying battles in the various ACTA countries' national legislatures.

The official text raises several concerns:

First, ACTA contains a number of provisions that are inconsistent with US law, despite the oft-repeated claim of the USTR that ACTA will "color within the lines of US law".

For instance, the text includes a EU proposal, for criminal sanctions for "inciting, aiding and abetting" intellectual property infringement (Article 2.15(2)]. That language is taken from the draft 2007 EU IPR enforcement criminal sanction directive. US copyright law does not recognize the concept of "inciting" copyright infringement, so it is unclear what this means and when it would apply. This raises the concern that ACTA could expand the scope of secondary copyright liability for Internet intermediaries, consumer device manufacturers and software developers, beyond the boundaries of the doctrines enunciated by US courts. Next, ACTA's chapter on "Special Measures Related to Technological Enforcement of Intellectual Property in the Digital Environment" contains a proposal (apparently put forward by Japan, based on the leaked 18 January 2010 draft) requiring ACTA signatories to enable IP rightsholders to expeditiously obtain subscriber identity information from ISPs after giving "effective notification"(Article 2.18 (3ter)(Option 2). This appears to be inconsistent with US standards of due process and judicial oversight. US copyright holders must currently file a lawsuit and seek a court injunction to force ISPs to disclose such information. Further, ACTA's civil enforcement chapter includes two proposals for UK-style loser-pays attorney fee awards, something that is not common practice in US civil litigation (Article 2.2.5). In each of these examples the proposals are in square brackets and have not been agreed by all negotiating countries. In relation to the "inciting" proposal, footnote 39 notes that "At least one delegation has asked for the deletion of paragraph 3" (sic). Hence, there's no guarantee that this language will be in the final ACTA, but the key question is how will this be resolved in a way that does not involve changes to US law, or to EU law, as EU negotiators have claimed?

The official text also contains a number of provisions that appear to be based on parts of US copyright law, but are either incomplete or inaccurate characterizations of US law. For instance, ACTA requires countries to adopt laws prohibiting circumvention of copyright owners' technological protection measures modeled on the US Digital Millennium Copyright Act (discussed in more detail below). But ACTA does not precisely mirror the DMCA; in particular, it does not includes the seven exceptions in section 1201 of the Copyright Act, nor the triennial rulemaking process in section 1201(a)(1)(C), which provide a small measure of flexibility. ACTA contains two proposals that would permit (but not require) countries to create exceptions to these bans. In addition, as currently framed, particularly if read in conjunction with square-bracketted Article 2.18(5) or (4.2), the ACTA provisions are inconsistent with recent US Circuit court judgments on the scope of the US provisions, which required a nexus between copyright infringement and legal protection for TPMs. As a result, the ACTA text would require signatories to adopt anti-circumvention prohibitions that are even broader than those in U.S. law. Similarly, ACTA requires countries to adopt third party liability, but several proposals only permit, and do not require, countries to create limitations on the liability of Internet intermediaries, and contain vague limitations that are weaker than the limitations on monetary damages against Internet intermediaries found in the US safe harbor provisions.

Second, ACTA contains provisions that could constrain the ability of the US Congress to engage in legislative reform to meet changing public policy needs.

The ACTA text contains a proposal mandating countries to adopt statutory damages. While US copyright law contains a statutory damages regime, it is subject to an important limitation for innocent infringement done without knowledge, allowing judges to reduce or remit statutory damages in certain circumstances. ACTA includes a limitation provision, but it is discretionary, leaving it up to ACTA countries to decide whether to transpose it in their national law (Article 2.2(3)). Even with this important limitation, the US statutory damages regime has led to disproportionately large awards of damages against individuals in the file-sharing context, far exceeding the actual harm caused, and has had a significant chilling effect on innovation by Internet intermediaries and technology creators, who cannot afford to be threatened with statutory damages for engaging in activity that might be found to be fair use, or infringement. For that reason, Congress has been considering statutory reform in this area, (for instance in H.R. 1201 before the 110th Congress). ACTA would appear to lock-in the existing regime, to the detriment of US citizens and the technology sector.

Similarly, the inclusion of the DMCA TPM provisions in ACTA could act as a constraint on Congress' ability to amend the DMCA to clarify the scope or address other concerns with the current anti-circumvention provisions, such as those contained in the respective reform proposals of Representatives Boucher and Lofgren.

Third, ACTA will create new international norms, beyond those agreed in the 1994 Agreement on Trade Related Aspects of Intellectual Property and the 1996 WIPO Copyright Treaty and Performances and Phonograms Treaty. Aside from creating a new international institution -- the ACTA Oversight Committee -- ACTA will create new norms in the following areas.

(a) Internet Intermediary Liability

Internet intermediaries are the chokepoints for the Internet. Creating or increasing Internet intermediaries' liability for their users' behavior and content on their networks creates incentives for intermediaries to police their users and platforms. This in turn has a direct impact on citizens' privacy, freedom of expression, and ability to create and collaborate. Policy makers in the 1990s understood that Internet intermediaries had to be shielded from potentially unbounded liability if the Internet was to flourish. That is why many countries adopted special legal regimes for Internet Service Providers and other Internet intermediaries, limiting their potential legal liability for copyright infringement, and defamation. Now, as more and more of our cultural and civic life depends on the existence of content hosting platforms, discussion forums, wikis and social networking communities, these rules have come to have even greater significance. In short, appropriately tailored limitation of liability regimes for Internet intermediaries are key to individuals' freedom of expression and user generated content. The existing limitation of liability regimes are under attack in a range of national and international venues, but ACTA is the most troubling.

ACTA contains various provisions requiring countries to impose liability on intermediaries for their users' behavior (Article 2.18(3)). This would apply to Internet intermediaries, but also to intermediaries such as libraries and educational institutions, which frequently provide Internet access to their customers and users. This is not required by any of the major international IP treaties – not by the 1994 Trade Related Aspects of IP Agreement, nor the WIPO Copyright Treaty or WIPO Performances and Phonograms Treaty, and so would establish a new global norm.

Previous ACTA leaks disclosed that the US was proposing that signatory countries recognize third party liability based on the secondary copyright liability doctrines developed by US courts, including for "inducement" of copyright infringement. (Apparently opposed by New Zealand, Canada, the EU and perhaps Japan). The official text shows that this is still proposed. Footnote 47 states that:

"[For greater clarity, the Parties understand that third party liability means liability for any person who authorizes for a direct financial benefit, induces through or by conduct directed to promoting infringement, or knowingly and materially aids any act of copyright or related rights infringement by another….]"

As others have noted, the language here and in previously leaked texts does not accurately reflect US case law in this area, and effectively takes one side in an ongoing debate about the interpretation of the 2005 Supreme Court decision in MGM v. Grokster. The official text also contains other potential new sources of liability for intermediaries, including a proposal for pre-litigation injunctions against intermediaries (Article 2.5 X).

ACTA allows, but does not require, countries to create limitations on intermediaries' civil liability (Article 2.18(3), Options 1 and 2 and Footnote 47). However, unlike the US safe harbor provisions, the ACTA text does not specify what types of limitations of liability can be created, and for what activities. This may reflect an effort to find compromise language between the safe harbor regime in section 512 of the US Copyright Act and similar provisions in the laws of US Free Trade Agreement partners, the European Union's eCommerce Directive framework, and Japanese law. Much would then depend on the national implementation and judicial interpretations of these provisions in ACTA countries. This creates the potential for US Internet companies to be subject to more onerous requirements and higher levels of liability in other countries in which they operate. And this in turn, is likely to have an adverse impact on citizens' freedom of expression, and ability to access content hosted on platforms in different countries.

(b) Three Strikes

"Graduated response" or "three strikes" regimes which require ISPs to disconnect their subscribers' Internet access for alleged copyright infringement are extremely controversial. Three strikes laws currently exist in only three countries – South Korea, France and Taiwan – so inclusion in ACTA might result in more countries adopting such regimes. This has rightly been the subject of much debate in Europe, where the European Parliament has categorically rejected three strikes regimes on several occasions. Accordingly, the European Commission went to considerable lengths in their press release yesterday to emphasize that ACTA does not require countries to adopt three strikes laws:

The negotiation draft shows that specific concerns, raised in particular by the civil society, are unfounded. No party in the ACTA negotiation is proposing that governments should introduce a compulsory "3 strikes " or "gradual response" [sic] rule to fight copyright infringements and internet piracy.

We agree that ACTA does not require countries to adopt a three strikes law, but the more interesting question is: does it create a legal framework that facilitates that? Article 2.18(3) of ACTA contains three proposals in this area. In our view, the answer is yes under at least two of those proposals. Here's why.

The words "graduated response" and "three strikes" do not appear in the official ACTA text. The three strikes discussion is taking place in the context of intermediary liability for copyright infringement. The first proposal, put forward by the US, in Option 1 of Article 2.18.3 (on page 21), sets out conditions that intermediaries will need to comply with in order to get the benefit of limitation of liability provisions that countries might enact. The US proposes that online service providers should be required to adopt and reasonably implement a policy "to address the unauthorized storage or transmission of materials protected by copyright".

A previously leaked European Commission memo describes how US negotiators had explained the intent of this provision:

"On the limitations from 3rd party liability: to benefit from safe harbors, ISPs need to put in place policies to deter unauthorised storage and transmission of IP infringing content (ex: clauses in customers' contracts allowing, inter alia, a graduated response). From what we understood, the US will not propose that authorities need to create such systems. Instead they require some self-regulation by ISPs."

And footnote 29 in the leaked 18 January 2010 consolidated text stated that:

"An example of such a policy is providing for the termination in appropriate circumstances of subscriptions [US: and][AUS:or] accounts on the service provider's system or network of repeat infringers."

That footnote has now disappeared. If the US proposal is adopted in the final ACTA language, what constitutes appropriate policies for this purpose will therefore be a question for interpretation by national policymakers and perhaps by the ACTA Oversight Committee, which is tasked with monitoring and evaluating whether signatories' laws comply with ACTA.

The EU has tabled its own proposal (in square brackets in Option 2 on page 21). It would permit countries to create a system requiring ISPs to terminate particular subscribers upon receipt of an order from a judicial or administrative body should they be inclined to do so – as in the French HADOPI law's internet disconnection regime.

"[Paragraph 3(a) shall not affect the possibility for a judicial or administrative authority in accordance with the Parties legal system, requiring the service provider to terminate or prevent an infringement, nor does it affect the possibility of the parties establishing procedures governing the removal or disabling of access to information."

While this might be consistent with one EU Member States' national law, creating the global framework for ISP termination obligations on the basis of a non-judicial administrative body order poses significant due process concerns for citizens.

A third proposal is in square brackets in Article 2.18 (3 quater), apparently put forward by Japan. It states that:

"Each Party shall promote the development of mutually supportive relationships between online service providers and right holders to deal effectively with patent, industrial design, trademart and copyright or related rights infringement which takes place by means of the Internet, including the encouragement of establishing guidelines for the actions which should be taken."

This language would also leave room for a Three Strikes policy.

If ACTA incorporates the EU proposal permitting regimes requiring ISPs to terminate Internet access by non-judicial administrative order, or the US or Japanese proposals for conditions that ISPs must comply with to obtain the benefit of a limitation on liability, it will create a new global norm - facilitating an ISP practice of Internet user disconnection on the basis of copyright holder allegations of copyright infringement.

(c) Technological Protection Measures – a Global DMCA

As we have previously noted ACTA would make the US DMCA TPM legal framework the de facto global norm, effectively displacing the more open-ended language finally adopted in the 1996 WIPO Copyright Treaty and Performances and Phonograms Treaty. The US TPM regime contains at least three characteristics that are broader than what is required to implement the WIPO Treaty obligations. First, it creates an absolute ban on TPM circumvention, even where done for lawful non-copyright infringing purposes. Second, it requires legal protection for TPMs that control access (and not just use) of technologically protected copyrighted works. (To which Japan strenuously objected in the leaked 18 January 2010 text.) Third, it includes a broad prohibition on the manufacture and distribution of circumvention devices. Fourth, it requires criminal penalties for flouting the TPM circumvention bans,while the WIPO treaties are silent on this point.

Other countries have chosen to implement the WIPO treaties by creating TPM legal regimes with different features to avoid some of the collateral damage experienced in the US. If ACTA contains an obligation to adopt the DMCA TPM framework, the US will be able to achieve what it was not able to do by international agreement in Geneva in 1996, and has only been able to do on a piecemeal basis since then via its bilateral free trade agreements.

(d) Criminalization of Individuals' Non-Commercial Behavior

Finally, ACTA could rewrite the current internationally agreed standards for criminal penalties for copyright and trademark infringement. At the time that the TRIPS Agreement was negotiated it was understood that criminal penalties would be reserved for the worst cases of willful, commercial-scale copyright piracy and counterfeiting. This is reflected in the language of Article 61 of TRIPs. However, ACTA could expand this, imposing criminal sanctions for individuals' non-commercial activities via a broad definition of "commercial scale". ACTA contains a US proposal to define "commercial scale" to include activities that have no direct or indirect motivation of financial gain (Article 2.14 (1)(a) and (b) (in square brackets)). While that appears consistent with US law, incorporating this in ACTA would amount to a wholesale re-write of the internationally agreed TRIPs standard.

This clearly reflects a desire to penalize P2P file-sharing. But no matter what views you hold about file-sharing, no one should lose sight of the larger impact of this: some of the 37 countries negotiating ACTA are seeking to overturn the standards agreed to by the more than 150 member countries of the World Trade Organization.

There is much more to digest in the official ACTA text. We'll be doing further analysis in coming days.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

EFF "Stupid Patent" Buster @DanielNazer explains how we saved podcasting from a patent troll on @slategist https://eff.org/r.fhzl

May 6 @ 7:50pm

Good news: Virginia now requires warrants for drones. Bad news: @GovernorVA vetoed license plate reader limits. https://eff.org/r.xpit

May 6 @ 3:48pm

Libraries and HTTPS go together like 323.445 Freedom of information and 005.8 Data security. https://eff.org/r.s2d1

May 6 @ 1:17pm
JavaScript license information