Under the new voluntary antipiracy regime agreed to this week by Internet providers, users who receive a first "alert" regarding copyright infringement on their account won't be able to challenge that alert. Nor can they challenge the second alert, or the third, or the fourth. They can only challenge the alerts when they move from "education" to "mitigation"—after the fifth or sixth alert, depending on the Internet provider.

(RIAA head Cary Sherman told me yesterday that this was because the first "educational" alerts are like traffic warnings rather than traffic tickets; there's no penalty, so who would want to challenge them?)

At that point, before a user's Internet connection is throttled, curtailed, or otherwise hobbled, the account subscriber can pay $35 and appeal to a new independent body funded by the ISPs and the content owners. But the appeals process won't accept just any defense; indeed, the official memorandum of understanding (MoU) governing this whole process describes the six possible defenses the independent reviewer will even consider (they are incorrectly numbered in the MoU and so run up to "vii," but only six items are listed). Here they are:

(i) Misidentification of Account - that the ISP account has been incorrectly identified as one through which acts of alleged copyright infringement have occurred. (ii) Unauthorized Use of Account - that the alleged activity was the result of the unauthorized use of the Subscriber’s account of which the Subscriber was unaware and that the Subscriber could not reasonably have prevented. (iii) Authorization - that the use of the work made by the Subscriber was authorized by its Copyright Owner. (iv) Fair Use - that the Subscriber’s reproducing the copyrighted work(s) and distributing it/them over a P2P network is defensible as a fair use. (vi) Misidentification of File - that the file in question does not consist primarily of the alleged copyrighted work at issue. (vii) Work Published Before 1923 - that the alleged copyrighted work was published prior to 1923.

Each defense category is governed by specific rules. For instance, if you claim that neither you nor anyone else using your computers or network had downloaded said file ("misidentification of account"), here's how you can win:

A Subscriber shall prevail on this defense if the Participating ISP’s and/or Copyright Owner’s records indicate, upon Independent Review, that a factual error was made in (1) identifying the IP address at which the alleged copyright infringement occurred and/or (2) correlating the identified IP address to the Subscriber’s account. In reviewing the Participating ISP’s or Copyright Owner’s records, automated systems for capturing IP addresses or other information in accordance with Methodologies have a rebuttable presumption that they work in accordance with their specifications, unless the Independent Expert’s review of any such Content Owner Representative Methodology resulted in a Finding of Inadequacy in which event such rebuttable presumption shall not apply to such Content Owner Representative Methodology.

What about the "open WiFi defense" ("unauthorized use of account")? You can only use it once.

A Subscriber shall prevail on this defense if the Subscriber adequately and credibly demonstrates that the alleged activity was the result of unauthorized use of the Subscriber’s account by someone who is not a member or invitee of the household (e.g., via an unsecured wireless router or a hacked Internet connection) of which the Subscriber was unaware and that the Subscriber could not reasonably have prevented. The foregoing sentence notwithstanding, the Reviewer may in his or her discretion conclude that a Subscriber is entitled to prevail under this defense despite the Subscriber’s failure to secure a wireless router if the Reviewer otherwise concludes that the Subscriber adequately and credibly demonstrates that the alleged activity was the result of unauthorized use of the Subscriber’s account by someone who is not a member or invitee of the household of which the Subscriber was unaware. In determining whether this standard has been satisfied, the Reviewer shall consider the evidence in light of the educational messages previously provided by the Participating ISP. Except as set forth herein, this defense may be asserted by a Subscriber only one (1) time to give the Subscriber the opportunity to take steps to prevent future unauthorized use of the Subscriber’s account. Any subsequent assertion of this defense by a Subscriber shall be denied as barred, unless the Subscriber can show by clear and convincing evidence that the unauthorized use occurred despite reasonable steps to secure the Internet account and that the breach of such security could not reasonably have been avoided. [emphasis added]

Should you win one of these challenges, you get your $35 back and the "alert" is taken off your account, though no other alerts are. Your next alert will therefore begin the "mitigation" process once more.

These alerts do eventually expire; any subscriber who makes it 12 months without receiving a notice has their slate wiped clean.

If you fail here, prepare to be mitigated with extreme prejudice. ISPs can basically pick their preferred punishment, but the MoU offers a few tasty ideas, including:

( a ) temporary reduction in uploading and/or downloading transmission speeds; ( b ) temporary step-down in the Subscriber’s service tier to (1) the lowest tier of Internet access service above dial-up service that the Participating ISP makes widely available to residential customers in the Subscriber’s community, or (2) an alternative bandwidth throughput rate low enough to significantly impact a Subscriber’s broadband Internet access service (e.g., 256 - 640 kbps); ( c ) temporary redirection to a Landing Page until the Subscriber contacts the Participating ISP to discuss with it the Copyright Alerts; ( d ) temporary restriction of the Subscriber’s Internet access for some reasonable period of time as determined in the Participating ISP’s discretion; ( e ) temporary redirection to a Landing Page for completion of a meaningful educational instruction on copyright

Our take: After years of complaining that dragging people through federal litigation and securing hundreds of thousands of dollars in damage awards was about the most asinine (and unfair) way possible of dealing with the P2P file-sharing issue, it would be churlish not to admit that this is step up from such a low bottom. The federal court system, where all copyright claims are heard, was never made to handle mass litigation against millions of people, many without the money for lawyers, over petty instances of infringement (even if they may not be so petty in the aggregate). There's just no possible way that six warnings, followed by a speed throttle, could be worse than what happened to people like Jammie Thomas-Rasset and Joel Tenenbaum.

And the new mechanism is set up in a fairly careful way, with its emphasis on notification and its creation of a centralized (and allegedly independent) body vetting P2P detection mechanisms and making sure that they are accurate. (Given the numerous false positives we've seen over the years, this is surely a good thing.) It also downplays disconnection as a possibility, and we suspect (and hope) that American ISPs will rarely disconnect users over noncommercial IP issues.

But none of that means the new approach is an actively great idea, either; ISPs playing copyright cop, with a presumption that all allegations are legitimate, is a dangerous way to go once we move from education into non-judicial punishment. It sets a bad precedent for network intermediaries that may well come back to haunt them, like Marley's ghost, in the years to come. This is not how we want the Internet of the future to look, policed by intermediaries who assume the validity of incoming complaints and who dole out private justice over a such a crucial communications link.

These are the moments at which we need to the protections of due process and judicial review, but making such a system functional would surely require something more streamlined than current federal process. Combining the French system of faster judicial oversight of ultimate punishments and appeals with this much-improved US approach, emphasizing education and user privacy, might have more potential... but it's not the approach we're going to try. By the time we hear the echo of those rattling chains and look back with regret, it may be hard to reverse the ISP deputization process.