As of January 27, 2017, the Copyright Alert System (CAS) is retired. Read more in our deeplinks post about the program's end here. You can learn about other private agreements that aim to regulate how you use the Internet on our page on Shadow Regulation.

It’s been a long time coming, but the copyright surveillance machine known as the Copyright Alert System (CAS) — aka “Six Strikes” — has finally launched. CAS is an agreement between major media corporations and large Internet Service Providers to monitor peer-to-peer networks for copyright infringement and target subscribers who are alleged to infringe — via everything from “educational” alerts to throttling Internet speeds. Unfortunately, the Center for Copyright Information, which is running this “educational” program, is hardly a neutral information source. So, as the participants finally begin to reveal some details, we’re here to provide an alternative.

Who’s behind this program?

The Center for Copyright Information (CCI) is a private consortium consisting of several large copyright owners, such as the Recording Industry Association of America and the Motion Picture Association of America, and five major Internet service providers – Verizon, AT&T, Time Warner, Cablevision and Comcast. These companies created the Copyright Alert System, or CAS – as a private initiative to tackle what they see as “online content theft.”

The CCI has its own introductory video here.

How do I know if my ISP is participating in CAS?

AT&T, Cablevision, Comcast, Time Warner, and Verizon are all part of the CCI. Each of these corporations has a number of related companies and/or subsidiaries that act as ISPs. They are:

SBC Internet Services, Inc., BellSouth Telecommunications, Inc., Southwestern Bell Telephone Company, Pacific Bell Telephone Company, Illinois Bell Telephone Company, Indiana Bell Telephone Company, Incorporated, Michigan Bell Telephone Company, Nevada Bell Telephone Company, The Ohio Bell Telephone Company, Wisconsin Bell, Inc., The Southern New England Telephone Company, and BellSouth Telecommunications, Inc. (the AT&T Inc. companies); Verizon Online LLC, Verizon Online LLC – Maryland, and Verizon Online, Pennsylvania Partnership (the Verizon companies); Comcast Cable Communications Management, LLC; CSC Holdings, LLC (solely with respect to its cable systems operating in New York, New Jersey, and Connecticut) (the Cablevision systems); and Time Warner Cable Inc.

At this stage, no other ISPs are part of CAS.

If you are fortunate enough to live in an area that has ISP options other than those listed above, you might consider whether you might want to opt out of the copyright surveillance machine by choosing another provider.

Which content owners are participating?

At present, only major content owners, such as Disney Studios and Paramount Pictures, are signatories. The MPAA and RIAA are also signatories, but it is not clear whether they will be sending notices on behalf of small content owners.

What’s the background on this program?

For years, the major content industries have wanted to turn ISPs, search engines, and payment processors into the copyright police. So while they were publicly lobbying for draconian legislation like SOPA, (which was ultimately roundly defeated), they were privately negotiating directly with the ISPs to set up a private system of justice—with the White House putting pressure on the ISPs to agree to a deal.

How does CAS identify users?

Content owners claim that they will join peer-to-peer networks to monitor users sharing copyrighted songs, movies and TV shows without permission. If a content owner concludes that an IP address is associated with infringing activity, it will notify the ISP that claims that IP address. The ISP will then send a notice to the account associated with that IP address. If the ISP gets further complaints, the notices will escalate to additional requirements and sanctions. Importantly, the ISP will not provide the content owner with any customer details (such as name or street address) associated with the IP address.

At this time, it does not appear that the ISPs will be directly monitoring their customers’ traffic through deep packet inspection. Rather, the content owners will monitor peer-to-peer traffic from public BitTorrent trackers. CAS will not identify those who take steps to anonymize their internet traffic using a VPN or Tor. Thus, as is the case with so many misguided attempts at controlling the internet, CAS casts a wide net and impacts the privacy of many users, but fails to capture anyone actually intent on avoiding it.

What are the consequences of receiving a notice?

The consequences will vary. Each ISP has its own policy on how many “strikes” it will allow its customers and what sanctions it will impose for each additional strike. With each additional strike, ISPs may take steps including:

  • Informing you by email and voicemail that your account has been linked with possible copyright infringement and ask you to remove filesharing software from your computer.
  • Subjecting you to a browser-lock until you contact your ISP, or until you complete an online “copyright education program”

For example, after five strikes, Comcast will subject its customers to in-browser alerts that require a call to Comcast Security Assurance before deletion. After four alerts, AT&T will require its customers to review an online copyright education course. Verizon is the only ISP that will throttle its customers' data speeds under CAS. The company has said that, after two weeks notice, it will cap customers’ bandwidth at dial-up speeds.

Neither the ISPs nor CCI have clarified what consequences await customers who receive more than six notices. The CCI’s website currently states that “ISPs will not use account termination” as a sanction under this program.

What can I do if I receive a notice?

In most markets, not much, except read the notices, undergo the copyright education of your ISP’s choice, and continue using your Internet account.

If you believe you have been targeted erroneously, you may be able to dispute the notice. However, you may not be able to dispute the first few notices you receive. After three or four alerts (depending on your ISP), you can challenge the validity of a notice. Your ISP will demand a $35 fee before it will allow you to defend yourself.

The review process is administered by the American Arbitration Association. To challenge a notice, you must apply no more than 14 days after your ISP offers you an independent review. If you successfully challenge at least half of the notices you have received by then, your ISP will clear the record of the notices from your account, your connection will not be temporarily throttled or suspended, and you will receive a $35 refund.

Your challenge is limited to the following defenses:

  • Your account was incorrectly identified as the source of the file in question
  • The file was shared by an unauthorized user of your account, whose use you were not aware of and could not have prevented (e.g., you have an open WiFi connection)
  • You had permission from the copyright owner to share the file
  • The file was mislabeled or misidentified and did not “consist primarily” of the alleged copyright work at issue, but rather contained other, non-infringing material
  • The work was published before 1923
  • Your peer-to-peer reproduction and distribution of the file was fair use under U.S. copyright law

You will not be allowed to raise any other defense. For example, if you shared material that is in the public domain for a reason other than being published before 1923 (for example, it was published before 1989 without a proper copyright notice) then you will be treated as if you engaged in copyright infringement.

The CAS’s private system of adjudication has no appeal process—the arbitrator’s decision is final.

What happens if I don’t challenge the notice?

You are not required to challenge the notices through the independent review process. If you choose not to, your ISP will take further measure as explained above. Again, it is unclear what measures ISPs will take with users after they receive six notices but the CCI says that ISPs will not use account termination as a sanction.

But I maintain an open Wi-Fi network. Someone using my connection might have shared a file, but I didn’t!

Open Wi-Fi is available as a defense under the CCI’s private system of justice, but you can only assert it once. Thus, a café may have its internet connection throttled based on the actions of its customers.

The CCI claims that no “legitimate” open Wi-Fi connections will be impacted because CAS will not apply to business accounts. The CCI argues that the ISPs’ terms of service prohibit allowing open Wi-Fi on residential accounts. But the reality is that many individuals and small businesses, such as local cafés, have residential internet accounts with open Wi-Fi. Thus, at a time when we should be encouraging more open access, CAS will chill open Wi-Fi.

How can the ISPs implement this program without warning their customers and changing the terms of service?

CAS was not part of the deal when you signed up with your ISP. But ISPs generally have very one-sided terms of service that essentially allow the ISP to make any changes it wants. This is particularly unfortunate (though predictable) where, as in many markets, consumers have no real choice about their ISP.

Is CAS a law?

No. This is a voluntary agreement between segments of the content industry and ISPs.