The Copyright Alert System has called it quits, but questions remain about what, if anything, will replace it. Known also as the “six strikes” program, the Copyright Alert System (CAS) was a private agreement between several large Internet service providers (ISPs) and big media and entertainment companies, with government support. The agreement allowed the media and entertainmenet companies to monitor those ISPs' subscribers' peer-to-peer network traffic for potential copyright infringement, and imposed penalties on subscribers accused of infringing. Penalties ranged from “educational” notices, to throttling subscribers' connection speeds and, in some cases, temporarily restricting subscribers’ web access.

From the beginning, the Copyright Alert System presented problems for ordinary Internet users. The agreement creating the CAS was negotiated without the opportunity for public input. As is often the result with such secretive private agreements, users’ interests weren’t sufficiently protected when the program finally came into effect. For example, because the program treated accusations of infringement as conclusive, and the appeals process was both costly and offered unnecessarily limited defenses, the CAS failed to adequately protect users who were wrongfully accused of infringement. Further, the program included surveillance by copyright owners of Internet subscribers’ peer-to-peer network activity, a level of monitoring that many found invasive of their online privacy. Even the program’s educational materials were biased. And throughout its operation, the program struggled to provide enough transparency into how it was impacting Internet users.

But the CAS wasn’t nearly as bad as it could have been. For example, while the media companies could join swarms to track users’ activity on peer-to-peer networks, the ISPs themselves were not required to monitor their subscriber’s activity by using deep packet inspection (DPI), a much more invasive tactic. And ISPs were not required, under the terms of the agreement, to cut off subscribers’ Internet access after repeat allegations of infringement. Lastly, the program had an advisory board that did include consumer advocates (a measure we believed to be inadequate).

EFF had serious concerns with the program from the start, and we welcome its retirement. But we’re not celebrating just yet. The statement from the Center for Copyright Information (the organization that administered the CAS) announcing the program’s retirement states:

While this particular program is ending, the parties remain committed to voluntary and cooperative efforts to address these issues.

As we’ve said before, a big problem with these private agreements is that they frequently leave Internet users without at seat at the negotiating table, and with little or no recourse when the companies involved violate users’ privacy or silence users’ online speech. And when government actors pressure companies to come to terms, these agreements can easily become the “de-facto” law of the Internet – with none of the potential for democratic accountability that accompanies actual laws. If companies and governments are committed to protecting Internet users in future voluntary agreements, we’ve provided a simple set of criteria for how those agreements can be done well.

While there are as yet no details as to why the CAS closed up shop, or what could be coming next, the MPAA’s statements following the announcement are far from reassuring. The MPAA’s general counsel stated that he believed the program didn’t do enough to punish people the media companies decided were “repeat infringers”:

[the CAS] was simply not set up to deal with the hard-core repeat infringer problem. Ultimately, these persistent infringers must be addressed by ISPs under their 'repeat infringer' policies as provided in the Digital Millennium Copyright Act.

This statement comes on the heels of another industry attempt to turn ISPs into draconian copyright enforcers in the BMG Rights Management v. Cox Communications case. Copyright holders in that case argued that ISPs, like Cox (Cox was not part of the CAS) should cut off subscribers’ Internet access on the basis of copyright holders’ mere allegations of infringement.

We hope the CAS is not being abandoned simply so big media and entertainment companies can try to impose something worse. Whatever happens, we’ll be on the lookout for threats to Internet users from future Shadow Regulations like the CAS.