Does your business follow copyright law to the best of its ability? Not good enough. At least that was the case for one long-standing peer-to-peer network, which had its payment processing shut down after more than 14 years of being a loyal PayPal customer.

Soulseek, a peer-to-peer file-sharing network, faced a Kafkaesque battle with PayPal. When its donors were cut off from making payments to Soulseek, the network struggled to figure out what it had done wrong—or even get a response from PayPal to its questions. Thankfully, Soulseek reached out to EFF. We got in touch with Paypal and helped convince them to reinstate the network.

PayPal did the right thing by restoring Soulseek’s account, and we commend them for that. But we’re also concerned: it’s not scalable for EFF to intervene whenever a law-abiding website is shut off from a payment provider (as we have done with an online bookseller and a short story archive). In addition, we think of Soulseek’s situation as indicative of a larger trend of Web censorship, as websites that haven’t violated any laws are choked of funds—a situation that was disastrous for WikiLeaks and is currently tightening a noose around the electronic neck of Backpage.com.

Soulseek describes itself as “an ad-free, spyware free, just plain free file sharing network for Windows, Mac and Linux.” The passion project of a husband and wife team, Soulseek itself doesn’t host files for users. Instead, users can join the network, connect with one another, and share files directly.

The platform is donation-driven. Without ads or fees, the service relies on the good will of the community to contribute back to keeping Soulseek going. While hardly profitable, this has been enough to keep the servers running and the software updated for many years.

And that was all fine, until the summer of 2015.

Not Granting Pre-approval at This Time

Instead, Roz Arbel, who runs the site with her husband Nir, heard from users who were unable to send in donations using MasterCard. I spoke with Roz in November and she briefed me on what happened. Roz called PayPal, and spoke to a general support agent. Through that agent, Roz learned that PayPal had sent Soulseek a questionnaire because, as Roz reported hearing from the PayPal representative, MasterCard was coming down on PayPal regarding filesharing networks.

Roz hadn’t seen any questionnaire from PayPal, so they sent a new one over. Roz was assured that service would be reinstated within 48 hours after the questionnaire was completed and returned.

Roz and Nir answered the questions promptly (see below for a list of the questions) and sent the questionnaire back. Most of the questions related to copyright infringement and whether the site was taking the necessary precautions to stay on the right side of the law. Soulseek has existed for as long as it has in large part because it has complied with the Digital Millennium Copyright Act’s safe harbor provisions. For example, Soulseek has a DMCA agent and a policy of blocking user accounts that get repeated copyright infringement notifications.

A week went by with no word from PayPal. It was now October, and Soulseek had been limping along without donations from MasterCard users. Roz again contacted PayPal. This time she heard from a representative of the company that the questionnaire had been received, but nobody inside PayPal had looked at it. Roz was assured that it would be escalated and dealt with immediately.

Within an hour, Soulseek received an email from PayPal stating that the account was being permanently limited. Funds could be withdrawn, but Soulseek would not be able to receive donations through PayPal. No reasons were provided for this decision. There wasn’t even a phone number.

As Roz and Nir Arbel explained in a blog post, 

We have asked repeatedly for an explanation of this behavior, but we have been stonewalled at every turn, and have received only form emails telling us that we needed to be “pre-approved” for an account. When we asked what we need to do to be pre-approved, they emailed back and said that they are “not granting pre-approval at this time.”

After this, Roz reached out to EFF. We were able to connect with PayPal and discuss our concerns about the situation. We were happy that PayPal was willing to reverse its decision.

A Little Bit of SOPA

Payment networks blacklisting those accused of copyright infringement without due process is not a new idea. In fact, we saw something remarkably similar in SOPA, the notorious Internet blacklist bill introduced in 2011:

[A] payment network provider shall take technically feasible and reasonable measures, as expeditiously as possible, but in any case within 5 days after delivery of a notification under paragraph (4), that are designed to prevent, prohibit, or suspend its service from completing payment transactions involving customers located within the United States and the Internet site, or portion thereof, that is specified in the notification under paragraph (4). (text)

One of the most troublesome aspects of SOPA was that it did not require a neutral magistrate to consider the merits of a case and then rule on whether a site was actually engaged in copyright infringement. Instead, SOPA empowered payment providers to start shutting down websites as soon as they received written notification from a copyright holder.

This was a bogus idea in 2011, and was defeated in the single most powerful Internet protest to date. So Congress knows that the Internet community won’t stomach this type of censorship, and hasn’t dared to move a similar bill since.

Instead we’re seeing this sort of thing: quiet pressure from content holders aimed at putting pieces of SOPA into place without actually passing a bill. 

These kinds of actions come with real costs. As Roz said in a phone interview, “It’s drastically reduced the number of donations we receive. It’s free for our users but it’s not free for us…we’re not doing anything wrong. We’re totally above board, and we’ve always tried to be.”

Free Speech On the Line

While the First Amendment imposes strict limitations on how the government can squelch online speech, corporations have more leeway. The argument, of course, is that consumers have choices about the companies they patronize, and companies also have certain First Amendment rights to choose what sorts of customers they want to allow.

When it comes to payment providers, that’s not exactly true.

Payment platforms are currently extremely centralized, creating what in practice is a duopoly. MasterCard and Visa are behemoth payment service providers, able to dictate through their internal policies what types of speech will and won’t be acceptable online. Other payment providers, including smaller entities like PayPal, Stripe, and many of the Bitcoin payment service providers, are bound by their agreements to Visa and MasterCard.

Until another payment alternative gains widespread popularity in processing online payments, websites are beholden to the terms set up by MasterCard and Visa. So the idea of consumer choice is entirely false.

Threats to free expression online can come in many forms, but shutting down or limiting a law-abiding website is censorship. While the situation with Soulseek turned out well in the end, we’re concerned about the many websites we haven’t heard from that may be facing similar problems. It’s time for the payment providers to start erring on the side of supporting legal speech and let courts—not arbitrary corporate policies—decide what content should be censored.

  

Questionnaire from PayPal (provided by Roz Arbel)

  1. Business Overview. Please provide a general overview of your business, identifying all related website URLs or apps, describing the services you offer and how revenue is earned, and indicating how you use or would like to use PayPal’s services. (The terms “you” and “your” refer to your business in the remainder of this questionnaire.)
  2. Typical Usage. Please describe the kinds of files that are most often stored or transferred using your services (indicating, for example, typical file types, sizes, content and/or other relevant attributes) and, to the extent of your knowledge, the typical purposes that your customers have for using your services.
  3. Incentives for Uploaders. Do you offer rewards, cash payments or other incentives to some or all users who upload files? If so, please describe your related practices, including the criteria used to determine the nature and amount of incentives that users are entitled to receive.
  4. Membership Tiers and Benefits. Please describe any membership tiers, subscription plans or service levels that you offer (e.g., “free,” “premium,” etc.), indicating for each any payments required and the main benefits users receive. Are paying users entitled to enhanced benefits related to downloading or otherwise accessing files uploaded by other users, such as faster access speeds, higher allowances for total amount of data accessed, or the reduction/elimination of wait times, captchas or advertising? If so, please describe the related terms.
  5. Forum Codes. Do you offer “forum codes,” “URL codes,” “HTML codes” or other features that facilitate the incorporation of links to uploaded files on third-party websites? If so, please describe such features.
  6. Link Checker. Do you offer users a link checker or other functionality that helps users determine whether links to uploaded files have been disabled. If so, please describe such functionality.
  7. File Deletion. Please describe any practices you employ related to the expiration, purging or other automated deletion of uploaded files. Is the timing of a file’s deletion influenced by the frequency with which it is downloaded or otherwise accessed? If so, please explain.
  8. Information Collection. Do you collect information about the uploaders of files? If so, please describe your related practices, including whether you collect any of the following: name, postal address, email address and IP address.
  9. Repeat Infringement. Please describe any practices you employ to prevent users of your system from uploading copyright infringing files on multiple occasions. Please include information about any technological methods you use to identify repeat infringers, such as methods involving the IP addresses of computers used to upload files. If a policy or other information related to repeat infringement is available on your website, please provide a link.
  10. Copyright Infringement Reports. Please describe your practices related to soliciting, receiving and responding to reports from third parties about copyright-infringing files accessible through your service. If a policy, reporting instructions or other information related to such practices (e.g., a DMCA policy) is available on your website, please provide a link.
  11. Illegal File Reports. Please describe your practices related to soliciting, receiving and responding to reports from third parties about illegal files accessible through your service (other than reports of copyright infringement covered by Item 10 above). If a policy, reporting instructions or other information related to such practices is available on your website, please provide a link.
  12. Monitoring. Do you employ any practices involving the monitoring of uploaded files to identify and remove copyright infringing files or other illegal files? If so, please describe those practices, including any manual review or automated scanning of files performed by your staff or by any third-party firms. Please indicate the names and website URLs of any such third-party firms.
  13. Law Enforcement Cooperation. Please describe your practices with respect to responding to requests or orders from law enforcement, courts or other government bodies, such as information requests, discovery orders, search warrants and subpoenas.
  14. Child Exploitation. Please describe any actions you take if you become aware that a file uploaded to your system involves child exploitation or any sexually-oriented depiction of a minor.
  15. Other Controls. If you employ any processes or controls not otherwise covered in your responses to this questionnaire that are aimed at preventing or otherwise addressing any actual or potential use of your system for the storage or transfer of illegal files or for other illegal activities, please describe them.
  16. Point of Contact. Please identify and provide contact information (including phone number and email address) for a person who will serve as PayPal’s point of contact with respect to our review of your business and any future inquiries or concerns we may have.