The Three Strikes And You Are Out Challenge
Felipe Romero Moreno 
Cite As: Romero Moreno, F., ‘The Three Strikes And You Are Out Challenge’, European Journal for Law and Technology, Vol. 3, No. 1, 2012
The UK Digital Economy Act 2010 (DEA), which comprises graduated response measures intended to prevent virtual intellectual property (IP) contravention has generated heated debate. While some research has started to investigate the provisions for dealing with online copyright infringement, little attention has been paid to the fact that technology is fast exceeding the confines of this legislation. Drawing on, inter alia, the provisions of the DEA, a number of online copyright infringement cases and some European Court of Human Rights (ECtHR) jurisprudence, this paper evaluates the suitability of the graduated response approach to copyright enforcement where internet subscribers alleged to be unlawfully file-sharing will be disconnected from the internet following increasingly strong warnings. The paper presents the findings of a case law research study of recent graduated response decisions, makes use of information obtained from publicly available sources and discusses a number of possible implications. In particular, it considers whether tracking software technology employed to detect alleged copyright infringers constitutes monitoring of personal internet usage under article 8 of the European Convention on Human Rights (ECHR) and whether detecting an IP address in this manner would be able to establish if any contravention of copyright has occurred. The paper also assesses the deterrent potential of the DEA process and whether in view of the double edge-sword of peer-to-peer technology its online copyright infringement provisions may be deemed proportionate. It suggests that given that as online copyright infringement takes place via non-P2P methods P2P is similarly employed for non-infringing purposes, in order to strike a fairer balance between the interests of copyright holders and users a global licensing scheme might be a better alternative instead of resorting to tactics, such as, terminating subscribers internet connections.
1. Background and Introduction
Modification is a characteristic of Internet Services Providers (ISPs) behaviour with regard to unlawful Peer-to-Peer (P2P) distribution of files on their networks. The modifications might eventually restrict the unlawful duplication of music, movies, video games, et cetera; this is rampant on the internet (Taylor R, 2008, p.1). As Sony Corp. of America v Universal City Studios Inc 464 US 417 (1984)  reflected, duplicating material is nothing new, analogue duplication however has limitations because of quality issues something that does not exist in digital duplication which is extremely precise and can be of sufficient quality that replication can occur almost indefinitely. Nevertheless, as the Department for Business Enterprise and Regulatory Reform (BERR) the Department for Culture, Media and Sport (DCMS) and Digital Britain Interim Report (2009, p.41) notes, digital duplications can frequently be exact and definitely of sufficient quality for continual employment. Manipulation of legal peer-to-peer systems can likewise permit any number of people to gain access to content. This has generated an opposition to paying for material, especially among adolescents, and a number of legislators say that access to material will have to be limited because there is no way of controlling payment.
Indeed, countries, such as, France (Entraygues A, 2009), the UK (Stagg A, 2010), New Zealand (Rudkin-Binks J and Melbourne S, 2009), Taiwan (Chen E and Brown M, 2009) and South Korea (Yu, 2010) have implemented, or, are drafting, innovative law to enforce ‘graduated response’ measures where content owners and ISPs join forces to curtail online copyright infringement. Implementing this ‘three strikes and you are out’ system signifies that the content industry and its investigatory agents are expected to screen and police all the infringing content being circulated via the ISPs’ connections in pursuit of individual action. In practical terms, web subscribers alleged to be unlawfully file-sharing will be provided with increasingly strong warnings, and in the case that copyright infringement still continues, internet disconnection will ensue.
2. The UK - Digital Economy Act 2010
According to Geiger (2010) the concept of a graduated response regarding sanctions was originally conceived in France by a bill which paved the way for the implementation of the Law 2006-961 of August 1, 2006 on copyright and related rights in the information society. In the UK the Digital Economy Act 2010 (DEA), which enforces many of the suggested proposals contained within the Digital Britain Interim Report, was enacted by the Queen’s most Excellent Majesty on April 8, 2010. This piece of legislation was ratified during the ‘wash-up’ period that permits a law to be adopted a short time prior to a vote and with little discussion (Prat G, 2010, p.1). The new law resembles one of those graduated response regimens, presenting a three strikes response to online copyright infringement. As the Draft Initial Obligations Code published by Ofcom (2010) notes, the process is essentially as follows. Content holders detect instances of alleged copyright infringement via tracking technology. Accordingly, they send a copyright infringement report (CIR), with proof of online copyright infringement, to the relevant ISP. The ISP assesses such information, and supposing that it meets a specific standard, sends a warning notification to the alleged copyright infringer.
ISPs monitor how often each web client is detected and warned, and on the assumption that they reach a particular threshold of suspected contraventions (at present 3 in 1 year), at this point their IP address is added to a copyright infringement list (CIL). The CIL is anonymous, but the content holder is in position to obtain a Norwich Pharmacal order (Norwich Pharmacal Co. v Customs and Exercise Commissioners  AC 133)  compelling the ISP to disclose all or some of the alleged copyright infringers on the list. Once disclosure is granted the content holders can initiate infringement proceeding against the unlawful file sharers (Taylor R, 2010, p.1).Whilst the DEA Explanatory Note 51 asserts that ‘the government’s intention is for the obligations to fall on all ISPs except those who are demonstrated to have a very low level of online infringement’ , the Draft Initial Obligations Code proposes that the code should not be initially applicable to mobile ISPs. Additionally, the draft code suggests that the code should primarily apply to ISPs with over 400,000 clients.
Furthermore, as stated by the DEA Explanatory Note 62:
‘The government’s aim is for the initial obligations... to significantly reduce online infringement of copyright. However, in case the initial obligations prove not as effective as expected... 124H gives the Secretary of State the power to introduce further obligations.’ 
The draft code also contains the manner in which client appeals are to be implemented. Fines of up to £250,000 can be imposed. However, the codes are still required to specify the means by which evidence of contravention will be gathered and their reliability. Moreover, the codes will additionally need to deal with the difficulties of contravention through communal web access, such as, Wi-Fi facilities in shared houses, libraries, universities or coffee-shops. As Baden-Powell E and Eziefula (2010) argue, this is to prevent specific individuals finding themselves liable for online copyright infringement perpetrated by hackers or by another member of their household.
3. Graduated Response Case Law Decisions
The French and British are not alone in commending the graduated response as an effective means to address online copyright infringement. In other countries such as Ireland, Belgium and Australia the implementation of the three strikes law has been and is being argued before the courts. In EMI (Ireland) Ltd v Eircom Ltd  IEHC 108 Mr Justice Charleton concluded that the three strikes system that could result in internet subscribers being disconnected from Eircom’s broadband facility due to repeat online copyright infringement was legal (Nagle E, 2010, p.1). Mr Justice Charleton wrote: ‘This is a serious sanction. Some would argue that it is an imposition on human freedom. There is no freedom, however, to break the law’.  Moreover, in Belgium, in SCRL Societe Belge des Auteurs, Compositeurs et Editeurs v SA Scarlet  ECDR 19  the court granted an injunction that would require the Belgian ISP Scarlet to put into operation software that would monitor and block peer-to-peer file-sharing activity. It is of particular interest to note however that on 28 January 2010 the Belgian Court of Appeal referred the following binary question to the Court of Justice of the European Union (CJEU):
‘Do Directives 2001/29... 2004/48... 95/46, 2000/31 and 2002/58... in the light of Articles 8 and 10 of the... Convention on... Human Rights... permit Member States to authorise a national court... to order an... (ISP) to introduce... as a preventive measure... a system for filtering all electronic communications... in particular those involving the use of peer-to-peer software, in order to identify on its network the sharing of electronic files... and subsequently to block the transfer of such files? ‘‘If the answer to the question... is in the affirmative, do those directives require a national court... to apply the principle of proportionality?’ 
In all likelihood, the CJEU response will have critical repercussions in the UK in which the DEA has been recently passed. Nevertheless, one ought to question whether by that point in time the answer will already be too obsolete. Indeed, as the very same decision notes in the SCRL case; ‘the effectiveness of the solutions which filter the P2P application cannot be ensured on a medium term (2-3 years) as a result of the increasing use of cryptography with this type of application.’  In any case, as stated by the Federal Court of Australia in Roadshow Films Pty Ltd v iiNet Ltd (No 3)  FCA 24  ‘... the relevant power to prevent by warning, suspension or termination of subscriber accounts... even if feasible, such a scheme would likely lead to significant expense.’  Thus, one can understand why according to Valenti R and Martini E (2010), assuming that ISPs are compelled to screen the content of the information communicated by their subscribers, this could bring about an increase of the expense of supplying web access. Sure enough, this would be transmitted to its clients including those who are not participating in unlawful file-sharing.
4. Tracking Technology Used To Detect Copyright Infringement
Another debatable element of the three strikes law is the ability of the content industry to indirectly detect copyright infringers via tracking software that is capable of collecting and processing file sharers IP addresses without their consent. How does tracking software work? Practically speaking, the file-sharing monitor system records all IP addresses, which exhibit a file and start a download. Supposing that the download is allowed, the software records the filename, file size, IP-address, P2P application, P2P protocol, the username and point in time when identification occurred. Accordingly, it executes a mechanical inspection, classifying the ISP that the IP address belongs to and transfers this data to the content owner who then applies for Norwich Pharmacal relief (Murray A, 2010, p.1). 
However, could collecting alleged copyright infringers IP addresses without their consent be tantamount to monitoring of personal internet usage, or possibly most crucially, constitute a violation of the right to respect for private life under article 8 of the European Convention on Human Rights (ECHR)? In Copland v United Kingdom (Application 62617/00) (2007) 45 EHRR 37 the European Court of Human Rights (ECtHR) ruled that the gathering and storage of personal data belonging to the claimant’s phone, together with her e-mail and internet usage, without her permission, was tantamount to a transgression of article 8.  Indeed, according to the Court:
‘... telephone calls... are covered by the notions of ‘private life’ and ‘correspondence’ for the purposes of Art 8(1)... It follows logically that emails sent from work should be similarly protected under Art 8, as should information derived from the monitoring of personal internet usage’ 
Taking everything into account, it seems evident that the three strikes utilization of indirect detection systems to track and prevent online copyright infringement is expected to amount to an invasion of article 8 of the ECHR and would therefore be illegal.
5. The IP Address Question And Some Wi-Fi Hazards
As has been seen, the employment of tracking technology by the graduated response supporters and the detection of internet subscribers who obtain unlawful copyrighted material each involve the processing of IP addresses. As a result, critical issues will arise from whether or not IP addresses are classified as personally identifiable information. In Cinepoly Records Co Ltd v Hong Kong Broadband Network Ltd  1 HKLRD 255,  the respondent claimed that it was not technologically feasible to detect the actual infringer through an IP address since such a numerical label could only detect the account holder of the internet contract but not the real internet subscriber at the relevant moment. Arguably, this reasoning is certainly compelling given that unexpected occurrences, say, Wi-Fi hacking, might impact upon the computer and the IP address at issue (Mo J, 2009, p.2). Or put differently, as held by His Honour Judge Birss QC in Media CAT Ltd v Adams  EWPCC 006:
‘Does the process of identifying an IP address in this way establish that any infringement of copyright has taken place by anyone related to that IP address at all... Even if it is proof of infringement by somebody, merely identifying that an IP address has been involved with infringement then encounters the... problem. It is not at all clear to me that the person identified must be infringing one way or another. The fact that someone may have infringed does not mean the particular named defendant has done so.’ 
Certainly, since as a simple mouse click on, http://www.aircrack-ng.org/ reveals, the vast majority of password-protected Wi-Fi routers can be easily decoded and hacked. This regrettably indicates that even if computers are compelled to leave the factory after being fittingly secured, the vast majority of account holders of a shared internet connection could be unfairly prosecuted. Therefore, whilst implementing the three strikes rule, the mere possession of web access from which the contravention might be executed should not be mistakenly deemed sufficient legal evidence to hold somebody personally liable. This is since as His Honour Judge Birss QC suggests the same IP address could have been utilized by an entire family, a friend, an outsider, an unauthorised user gaining access to the wireless router, or, perhaps there might merely have been a technical fault when identification occurred.
6. Deterrence Fallacies
The above problem of objectionable bias should also be noted while considering the British characterisation of the deterrence potential of the three strikes legislation. As the DEA Explanatory Note 61 observes, ‘technology used for the purposes of online infringement of copyright is changing fast.’  It is true that the crisis confronting online copyright infringement is that the identity of offenders is frequently unknown to content holders, and it is hard for the latter to obtain the IP addresses of the former without the collaboration of ISPs. However, it is presently possible to employ software, from sites, such as, http://www.btguard.com/that conceals IP addresses, rendering accurate personal attributable internet tracking nearly impossible. However, as the Belgian court in the SCRL case identified:
‘... the circumstance that data may possibly be encrypted in the future cannot prevent a cease and desist measure from being ordered today... the... judge cannot take account of speculation on future technological evolutions, even more so as parallel adaptations could also be made to blocking and filtering.’ 
Thus, even if the graduated response legislative groundwork is being laid, technology, which avoids the disclosure of IP addresses of alleged infringers, is fast exceeding the confines of this law. Insufficient attention has been paid to the fact that although IP addresses of offenders are frequently detectable on P2P networks, it is much more difficult for monitoring companies to identify clients employing unlawful streaming or index websites, file hosting services, such as, http://www.4shared.com/ and http://www.megaupload.com/ not to mention Virtual Private Networks and anonymous file-sharing systems, say, Syndie or Freenet.
7. The Double Edged-Sword Of P2P Technologies And Proportionality
A final shortcoming in the three strikes legislation is the governments’ portrayal of how the technology that permits the sharing of unlawful content could be employed for legitimate purposes. If the extraordinary idea of granting Ofcom permission to use blocking technical measures goes ahead, it is fair to question whether there will be a 100 per cent effective manner to block unlawful sharing of copyrighted content, which will not impact upon lawful file-shares. In SCRL the Belgian court resolved that ‘... technical measures could have the limited effect of blocking certain authorised exchanges... some of which are not counterfeit (e.g. a film, book, CD, ...).’  Indeed, the above statement is supported by the British High Court in Metropolitan International Schools Ltd (t/a Skillstrain and t/a Train2Game) v Designtechnica Corp (t/a Digital Trends), Google UK Ltd, Google Inc  EWCH 1765 (QB) where it was observed that:
‘... any such filtering would simultaneously block thousands of websites without any unlawful content and... is likely to have a serious negative effect on the speed, objectivity, accuracy and functioning of... the Internet.’ 
Furthermore, as Phillips (2009) argues, it might likewise be questioned whether any action apart from an obligation to compensate a content holder with the exact sum that has gone astray is a ‘proportionate’ one. Or put differently, once more as found by His Honour Judge Birss QC in the Media CAT case : ‘The damages claimed deserve scrutiny. If all that is proven is a single download then all that has been lost is one lost sale of one copy of a work.’  All things considered, in line with the European Commission (EC) Communication on Creative Content Online prohibitions upon the employment of lawfully obtained licences and access to personally identifiable information by the content industry could be regarded as grossly excessive in relation to gains. This is since in implementing the three strikes rule, ‘lawful’ P2P file-sharing activity by internet subscribers with non-commercial use could also be available for screening.
8. Striking Out Knock-On Effects and Senses Of Balance
Arriving on the scene in California in the late 1980s and early 1990s, with a modification being established in the UK subsequently in the late 1990s, the baseball metaphor three strikes and you are out seems a somewhat clear-cut illustration of growing criminal justice awareness at national as well as international level. However, as Jones T and Newburn T (2006) observe, most criminal legislations are intentionally drafted to ‘bark louder than they bite’. They place the figurative ‘get tough’ measures along with political rhetoric to obtain votes, as well as to obtain more income for the creative industry.
As has been observed earlier, one could argue that the graduated response law in itself might not preclude or even significantly diminish online copyright infringement; the gains may not eclipse the aforementioned shortcomings. However, for content holders, there are positive testimonies of triumphs in South Korea and Sweden. According to the International Federation of the Phonographic Industry (IFPI) Digital Music Report (2010, p.26) and (2011, p.18), in July 2009, the three strikes law was adopted in South Korea. Electronic and CD sales rose thirty two per cent and eighteen per cent respectively and a revealing study suggests that 42 per cent of infringers have decreased their unlawful acquisition of files. Again, in Sweden, electronic commerce proliferation in 2009 was powered mainly by Spotify and iTunes, with a number of corporations increasing their online income twofold in 2009.
At any rate, all the present discussion is not only in connection with throwing alleged infringers off the web, but founded upon evidence collected by record labels (Van B, 2008, p.2). On behalf of the alleged ‘pirates’, one ought to be cautious about the suggestions being made that those individuals are representative of ‘public interest’, since these suggestions appear in fact clear facades for self-interest. The ex-administrators of http://thepiratebay.org/ portray themselves as ‘digital freedom fighters’ against greedy corporate America, they defended their black flag Robin Hood industry on a public interest basis. This however is nothing new, as James Frederick Willets, the pioneer ‘King of the Pirates’ did so over a century ago (Alexander I, 2007, p.11-14).
9. Concluding Thoughts and Proposals
As, neither the British nor the French are famous for their passion for baseball. It is perhaps predictable that the introduction of graduated response measures or ‘three strikes and you are out’ law has proved problematic in both countries (Tulquois G, Boiron P and Calow D, 2009, p.1). Indeed, there remains some legal uncertainty concerning the three strikes law. What is required is a solution that has been thought through properly, which takes into account the interests of both content holders and internet subscribers, a better balanced approach which tackles all the complex issues surrounding digital infringement in order to create suitable copyright legislation.
Perhaps in line with the EC Communication on Creative Content Online the more pertinent solution is the formula of ‘eat as much as you can’ in return for an established subscription but also free material on some sites with ‘compulsory’ advertising. However, with electronic material being shared at an international level, one could debate that what might indeed be required is an international response instead of preventive actions taken by specific countries. For instance, according to the European Data Protection Supervisor’s (EDPS) Opinion on the Anti-Counterfeiting Trade Agreement (ACTA), supposing that content owners are able to successfully prove that their losses are attributable to peer-to-peer file-sharing utilization, the former along with ISPs could put into service differentiated internet access subscriptions in which a portion of the payment for a subscription with unlimited access is allocated to the entertainment industry. What is clear is that further investigation is required by researchers and the people backing them to ensure that copyright regulations are not constrained by Machiavellian interest groups, signatory countries and global law makers (Geiger C, 2008, p.16).
Alexander I (2007) ‘Criminalising copyright: a story of publishers, pirates and pieces of eight’, The Cambridge Law Journal 66(3), 625-656.
Baden-Powell E and Eziefula N (2010) ‘Legislative Comment Coalition Britain - A New Era of Digital Politics’, Entertainment Law Review 21(6), 205-208.
BT Guard http://www.btguard.com/.
Chen E and Brown M (2009) ‘Taiwan: Taiwan enacts ISP ‘safe harbour’ amendments to Copyright Act’, Computer Law & Security Review 25(4), 389-390.
Commission (EC), ‘ Opinion of the European Economic and Social Committee of 31 March 2009 on the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Creative Content Online in the Single Market’ (Communication) COM (2007) 836 final  OJ C77/64.
Department for Business Enterprise and Regulatory Reform (BEER) and the Department for Culture, Media and Sport (DCMS) (2009) Interim Report, Digital Britain The Interim Report (January 2009) available at http://news.bbc.co.uk/2/shared/bsp/hi/pdfs/29_01_09digital_britain_interimreport.pdf accessed 2 March, 2011.
Digital Economy Act 2010
Digital Economy Act 2010 Explanatory Note, note 51
Digital Economy Act 2010 Explanatory Note, note 61
Digital Economy Act 2010 Explanatory Note, note 62
Entraygues A (2009) ‘Legislative Comment The Hadopi Law - new French rules for creation on the internet’, Entertainment Law Review 20(7), 264-266.
Geiger C (2008) ‘Flexibilising copyright - remedies to the privatisation of information by copyright law’, International Review of Intellectual Property and Competition Law 39(2), 178-197.
Geiger C (2010) ‘The future of copyright in Europe: striking a fair balance between protection and access to information’, Intellectual Property Quarterly 1, 1-14.
IFPI, (2010), Digital Music Report (London: IFPI).
IFPI, (2011), Digital Music Report (London: IFPI).
Jones T and Newburn T (2006) ‘Three strikes and you’re out: exploring symbol and substance in America and British crime control politics’, British Journal of Criminology 46(5), 781-802.
Mo J (2009) ‘Case Comment Cinepoly Records Co Ltd v Hong Kong Broadband Network Ltd and others’, European Intellectual Property Review 31(1), 48-51.
Murray A (2010) ‘Volume litigation: more harmful than helpful?’, Computers and Law 20(6), 43-45.
Nagle E (2010) ‘Case Comment ‘To every cow its calf, to every book its copy’- copyright and illegal downloading after EMI (Ireland) Ltd and Others v Eircom Ltd’, Entertainment Law Review 21(6), 209-214.
OFCOM (2010) OFCOM Consultation Report, Online Infringement of Copyright and the Digital Economy Act 2010: Draft Initial Obligations Code (28 May 2010) available at http://stakeholders.ofcom.org.uk/binaries/consultations/copyright-infringement/summary/condoc.pdf accessed 5 February, 2011.
Opinion of the European Data Protection Supervisor (EU) of 5 June 2010 ‘on the current negotiations by the European Union of an Anti-Counterfeiting Trade Agreement (ACTA)’  OJ C147.
Phillips J (2009) ‘‘Three strikes’ ...and then?’, Journal of Intellectual Property Law & Practice 4 (8), 521.
Prat G, Beazley E and Smith R (2010) ‘All washed up: unauthorised file-sharing and the UK Digital Economy Act 2010’, Intellectual Property Magazine 49-51.
Rudkin-Binks J and Melbourne S (2009) ‘Legislative Comment The new ‘three strikes’ regime for copyright enforcement in New Zealand - requiring ISPs to step up to fight’, Entertainment Law Review 20(4), 146-149.
Stagg A (2010) ‘UK’s Digital Economy Bill: controversial copyright infringement provisions’, World Communications Regulation Report 5(1), 32-33.
Taylor R (2008) ‘In Practice: IP/IT law Illegal file-sharing and internet service providers’, Law Society Gazette 24.
Taylor R (2010) ‘In Practice: Legal update: IP/IT’, Law Society Gazette 1.
The Pirate Bay http://thepiratebay.org/.
Tulquois G, Boiron P and Calow D (2009) ‘A shift away from three strikes’, Copyright World 192, 11.
Van B (2008) ‘Data on the market’, European Lawyer 80, 17.
Valenti R and Martini E (2010) ‘Italy opens a new front in the fight against infringers’, Managing Intellectual Property 197, 133-135.
Yu P (2010) ‘Enforcement, economics and estimates’ WIPO Journal 2(1), 1-19.
 Mr Felipe Romero Moreno is a Law graduate from Spain. LLM, LLM by Research, PhD candidate, Oxford Brookes University.
 Sony Corp. of America v Universal City Studios Inc. 464 US 417 (1984).
 Norwich Pharmacal Co. v Customs and Exercise Commissioners  AC 133.
 Digital Economy Act 2010 Explanatory Note, note 51.
 Digital Economy Act 2010 Explanatory Note, note 62.
 EMI (Ireland) Ltd v Eircom Ltd  IEHC 108 at .
 SCRL Societe Belge des Auteurs, Compositeurs et Editeurs v SA Scarlet  ECDR 19.
 Scarlet Extended SA v SABAM OJ 2010 C113/20.
 SCRL Societe Belge des Auteurs, Compositeurs et Editeurs v SA Scarlet  ECDR 19 at 
 Roadshow Films Pty Ltd v iiNet Ltd (No 3)  FCA 24 at .
 Norwich Pharmacal Co. v Customs and Exercise Commissioners  AC 133.
 Copland v United Kingdom (Application 62617/00) (2007) 45 EHRR 37 at .
 Copland v United Kingdom (Application 62617/00) (2007) 45 EHRR 37 at .
 Cinepoly Records Co Ltd v Hong Kong Broadband Network Ltd  1 HKLRD 255.
 Media CAT Ltd v Adams  EWPCC 006 at .
 Digital Economy Act 2010 Explanatory Note, note 61.
 SCRL Societe Belge des Auteurs, Compositeurs et Editeurs v SA Scarlet  ECDR 19 at .
 SCRL Societe Belge des Auteurs, Compositeurs et Editeurs v SA Scarlet  ECDR 19 at .
 Metropolitan International Schools Ltd (t/a Skillstrain and t/a Train2Game) v Designtechnica Corp (t/a Digital Trends), Google UK Ltd, Google Inc  EWCH 1765 (QB) at .
 Media CAT Ltd v Adams  EWPCC 006 at .