WIPO Says Websites In Its Pirate Database Don't Deserve Due Process Because 'They Know What They're Doing'

from the they-know-what-they're-doing dept

You may recall that, recently, I posted on WIPO's bizarre decision to host a database of "pirate" sites that it would share with advertisers, encouraging them to block ads from appearing on any of the sites in the "Building Respect for Intellectual Property" (BRIP) database. As we noted in our original post, previous attempts at such databases showed how problematic they could be, as they almost always swept up perfectly legal sites, and they provided no due process, no checks and balances or anything of the like. I also had a list of questions about this for WIPO, which I noted were unanswered at the time of posting. WIPO actually did get back to me, but we'll get to that.

First, I wanted to point to a Twitter thread by New Zealand internet lawyer Rick Shera, who, in response to the news of the BRIP database, gave a real world example of how such databases create real harms for internet services through false accusations with no due process. Here's a lightly edited part of Shera's tweetstorm (the full thing is longer, but you get the point). After describing how the database is set up, he tells a story relating to one of his own clients:

WIPO does not disclose who the “Authorized Contributors” are, but, according to TorrentFreak, they are expected to be a mix of law enforcement, and industry groups such as MPAA and RIAA. Which reminds me of what happened to my client Mega a few years ago. In 2014 a UK-based online brand management agency NetNames published “Behind the Cyberlocker Door: A report on how shadowy cyberlocker businesses use credit card companies to make millions" commissioned by Digital Citizens Alliance, a US rightsholder lobby group. Mega was included in the report as a “cyberlocker”, without being given any opportunity to comment or rebut. Even by the report’s own criteria, Mega’s inclusion was patently incorrect. But don’t take my word for it. Mega commissioned Olswang, one of the leading IP, media and IT law firms in the UK, which in turn had Grant Thornton in New Zealand analyse Mega’s systems. Olswang concluded the NetNames report was clearly false and defamatory. NetNames and Digital Citizens Alliance of course refused to withdraw the report and, at that early stage in its operation, it was uneconomic for Mega to take defamation action in the UK. But it’s what happened next that provides a salutary lesson on the dangers of copyright guilt on accusation. The NetNames report was picked up by US Senator Patrick Leahy, who, also without the courtesy of checking with Mega, wrote to Visa and MasterCard encouraging them to cease providing payment services to anyone listed in the report. Here’s his letter to MasterCard. The NetNames report was picked up by US Senator Leahy, who, also without the courtesy of checking with Mega, wrote to Visa and MasterCard encouraging them to cease providing payment services to anyone listed in the report. Here’s his letter to MasterCard. pic.twitter.com/26nV1pMWgU — Rick Shera (@lawgeeknz) July 24, 2019 Visa and MasterCard blacklisted Mega, again, without notice. That resulted in PayPal ceasing service literally overnight. This despite the fact that PayPal had itself conducted exhaustive due diligence on Mega before giving it a clean bill of health just months earlier. Mega is not a cyberlocker. It complies with NZ and with European and US copyright laws. It is one of a handful of companies in NZ that publish a transparency report. Naturally, as a privacy protective business, it has put a huge effort into GDPR compliance. It has excellent relationships with law enforcement agencies worldwide operating under its takedown guidance policy. And yet a spurious report, commissioned by a non accountable industry backed lobby group, was able to run roughshod over all that. If Mega was not so well supported by its users and stakeholders, that false accusation would have driven it out of business. This is the danger in WIPO encouraging advertisers to cease service based on unsubstantiated allegations by non publicly accountable third parties. The allegations alone, which may be false, as they were for Mega, can kill a business.

That's a great example of the kind of mistake that is quite often made. We highlighted some other examples in our original post. Also, it's important to note that early innovations in new spaces often appear to be infringing. Imagine a similar rule in the time before the Supreme Court ruled that the VCR was perfectly legal. If retail shops relied on a "list" from the MPAA on what they shouldn't stock, it certainly would have meant they never would have sold VCRs (the same VCRs that helped drive the home video market, which quickly surpassed the box office market and saved Hollywood in the 1980s).

Back to WIPO's list, however. I had reached out to them before my story went up -- and they responded saying they'd be happy to set up someone for me to talk to, though that email was sent right around the time my original story went out. I told them I was hoping to do a follow up story and would like to speak to someone there. After a number of emails back and forth, WIPO eventually told me that since this database is "under formal discussion by WIPO member states at a meeting of the Advisory Committee on Enforcement" in early September, WIPO felt that it was best not to comment until after it's too late for it to matter and after the member states have discussed it. That strikes me as odd.

However, a WIPO employee, Jeremy Thille, decided to come into our comments and take it upon himself to give, as he called it, "WIPO's reply." Thille is a web developer, who notes that he helped build the database. I am quite sure that Thille thought he was being helpful here -- and, he actually was being super helpful in revealing WIPO's complete and utter disgust for basic due process on issues that impact speech and innovation. Most tellingly, he responded to my question about whether or not sites are notified that they're being put in this database that can literally put them out of business by saying:

No. They know what they're doing.

This isn't a surprise. In two decades of doing work in and around the copyright space, this attitude is pervasive. It ignores, of course, that throughout all of this time, those in legacy industries are often way too quick to declare something, or some tool or service, "dedicated to infringement," when it is not. It ignores that making mistakes here have massive impacts on both free expression and innovation. This is especially galling given that WIPO is a part of the UN and the UN is supposed to be bound by the principles of free expression in the Universal Declaration of Human Rights. To brush off such blatant censorship without any due process as "they know what they did" is astoundingly cavalier.

Other parts of Thille's responses (er... "WIPO's reply") are equally enlightening, if not surprising. He argues that there really aren't any problems with WIPO keeping such a censorship database, because it's all really maintained by member countries:

The BRIP platform is merely a central repository for national authorities such as HADOPI in France, AGCOM in Italy, or Roskomnadzor in Russia. These authorities are governmental and they declare websites as infringing, as they legally have the power to do so. We don't have this power, so we don't add or remove anything from the database.

He leaves out the earlier statements that industry representatives get to take part as well. He also leaves out the, uh, rather checkered history of some of the agencies he names in censoring the internet. Remember, when the company that Hadopi employed to run its copyright enforcement program decided that the DNS address 127.0.0.1 was a pirate site? (For the non-technically savvy, 127.0.0.1 is your own local machine). Or how about the time that Roskomnadzor used its copyright naughty list to shut down an entire news site. AGCOM? Remember how they ordered a user-generated-content platform blocked throughout Italy based on claims of 11 infringing works, and then ignored the fact that the site quickly removed all 11 works when informed?

Odd that the three examples of "trusted" government agencies that WIPO uses as examples for its database all have histories littered with problematic sites and censorship. Seems like, maybe, something WIPO should have considered, rather than merely assuming that if a government says "kill this site" that it must "know what they did."

Thille also passes the buck on WIPO's database, noting that while WIPO won't remove stuff, it will be left up to those problematic trusted authorities to create any due process. Though, he is candid that basically, any site in the database is fucked:

If they have been flagged by their national supreme internet authority, it will be difficult to contest, but here again, this is a process we have noting to do with. Displeased websites will have to try and contact their national authority directly, as they alone can remove a website/domain from their list in the BRIP database. Technically, we could of course remove a website from an official list, but legally we absolutely can't.

That's fascinating. Given just how hard all of the industry reps have been fighting over the years to argue that the maintainer of a website should have liability for what's in it, it does seem just slightly ironic for WIPO and the industry to team up on a database while insisting they have no liability whatsoever for putting companies into it incorrectly, even if it cuts of free expression or innovation.

Thille further clarifies -- as we expected -- that there is literally no way for the public, or even an NGO, to check the database and review it for accuracy. So it's a hidden, secretive database, put together by organizations that have a troubled history of censorship, that will be used to starve sites out of existence, and there is no due process, no transparency, no way to review, no way to appeal. But it's all cool because, WIPO believes, those sites "know what they're doing."

Of course, as we saw with Mega, yes, those sites know that they're complying with the law. And it didn't matter.

I asked WIPO whether or not it would like to comment on Thille's clarifications, suggesting that as an organization pushing such a database, it would probably be in their interest to have a better response to these questions. WIPO declined to respond and has provided no additional comment. It seems like the kind of thing that might help member states have a more informed discussion at their meeting September 2 - 4, at which there will be a discussion on "recent activities" regarding the BRIP database.

Unfortunately, responding to pesky journalists asking silly questions about censorship and due process is not on the agenda. I guess, the best you can say about WIPO and this database is... "they know what they're doing."

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: accusations, brip, copyright, database, due process, free speech, infringement, innovation, wipo

Companies: mega, wipo