Despite ringing denunciations from small EU tech businesses, giant EU entertainment companies, artists' groups, technical experts, and human rights experts, and the largest body of concerned citizens in EU history, the EU has concluded its "trilogues" on the new Copyright Directive, striking a deal that—amazingly—is worse than any in the Directive's sordid history.
Goodbye, protections for artists and scientists
The Copyright Directive was always a grab bag of updates to EU copyright rules—which are long overdue for an overhaul, given that it's been 18 years since the last set of rules were ratified. Some of its clauses gave artists and scientists much-needed protections: artists were to be protected from the worst ripoffs by entertainment companies, and scientists could use copyrighted works as raw material for various kinds of data analysis and scholarship.
Both of these clauses have now been gutted to the point of uselessness, leaving the giant entertainment companies with unchecked power to exploit creators and arbitrarily hold back scientific research.
Having dispensed with some of the most positive versions of the Directive, the trilogues have also managed to make the (unbelievably dreadful) bad components of the Directive even worse.
A dim future for every made-in-the-EU platform, service and online community
Under the final text, any online community, platform or service that has existed for three or more years, or is making €10,000,001/year or more, is responsible for ensuring that no user ever posts anything that infringes copyright, even momentarily. This is impossible, and the closest any service can come to it is spending hundreds of millions of euros to develop automated copyright filters. Those filters will subject all communications of every European to interception and arbitrary censorship if a black-box algorithm decides their text, pictures, sounds or videos are a match for a known copyrighted work. They are a gift to fraudsters and criminals, to say nothing of censors, both government and private.
These filters are unaffordable by all but the largest tech companies, all based in the USA, and the only way Europe's homegrown tech sector can avoid the obligation to deploy them is to stay under ten million euros per year in revenue, and also shut down after three years.
America's Big Tech companies would certainly prefer not to have to install these filters, but the possibility of being able to grow unchecked, without having to contend with European competitors, is a pretty good second prize (which is why some of the biggest US tech companies have secretly lobbied for filters).
Amazingly, the tiny, useless exceptions in Article 13 are too generous for the entertainment industry lobby, and so politicians have given them a gift to ease the pain: under the final text, every online community, service or platform is required to make "best efforts" to license anything their users might conceivably upload, meaning that they have to buy virtually anything any copyright holder offers to sell them, at any price, on pain of being liable for infringement if a user later uploads that work.
News that you're not allowed to discuss
Article 11, which allows news sites to decide who can link to their stories and charge for permission to do so, has also been worsened. The final text clarifies that any link that contains more than "single words or very short extracts" from a news story must be licensed, with no exceptions for noncommercial users, nonprofit projects, or even personal websites with ads or other income sources, no matter how small.
Will Members of the European Parliament dare to vote for this?
Now that the Directive has emerged from the Trilogue, it will head to the European Parliament for a vote for the whole body, either during the March 25-28 session or the April 15-18 session—with elections scheduled in May.
These elections are critical: the Members of the European Parliament are going to be fighting an election right after voting on this Directive, which is already the most unpopular legislative effort in European history, and that's before the public gets wind of these latest changes.
Let's get real: no EU political party will be able to campaign for votes on the strength of passing the Copyright Directive—but plenty of parties will be able to drum up support to throw out the parties that defied the will of voters and risked the destruction of the Internet as we know it to pour a few million Euros into the coffers of media companies and newspaper proprietors—after those companies told them not to.
There's never been a moment where your voice mattered more
Watch this space. We will be working with allies across the EU to make this upcoming Parliamentary vote into an issue that every Member of the European Parliament is well-informed on, and we're going to make sure that every MEP knows that the voters of Europe are watching them and taking note of how they vote.
Digital rights activists across the EU will be working to make this upcoming Parliamentary vote into an issue that every Member of the European Parliament is well-informed on. Between the lobbying of Big Tech and Big Media, we’ll be explaining what this means for every day Internet users. And together, we’re going to make sure that every MEP knows that the voters of Europe are watching them and taking note of how they vote.
All that it takes is for you to speak up. Over four million Internet users have signed the petition against the Directive. If you can do that, you can pick up the phone and call your MEP. Tell them why you’re against the Directive, what it means for you, and what you expect your representatives to do in the forthcoming plenary vote. It really is the last chance to make your voice heard.
Big reputation: What the Australian Parliament can learn from Taylor Swift
Near the end of 2018, Netflix debuted a live recording of Taylor Swift’s “Reputation” tour, filmed in Texas during the tour’s last U.S. performance. Shortly after the performance, Swift and her entourage would sprint off for Australia, playing four shows from Perth to Brisbane.
We can only hope that some of the members of Australia’s Parliament were able to make it to one of those shows, because they’re going to need some tips on how to deal with their own reputation issues. That’s because, as Ms. Swift was touring across Oz, Parliament was closing its consultation on the “Assistance and Access Bill,” now the law after passage of the bill in late December.
Few laws passed in large democracies could achieve the draconian impact that the Telecommunications and Other Legislation Amendment (Assistance and Access) 2018 law is poised to unleash. Its provisions allow representatives from Australian law enforcement and intelligence agencies, without judicial oversight, to order companies to do just about anything in the pursuit of national security or enforcement of criminal law, including hacking devices and deliberately weakening the security of the products that Australians use every day.
It seems natural, then, that Australia is earning its own big reputation as the Assistance and Access law attracts international scrutiny and criticism. The law garnered nearly unanimous opposition from anyone who actually understands technology, and has caused some to compare Australia’s approach to China’s, given the threat the legislation poses to privacy and the scare tactics used to rush it through. Even Australia’s own Human Rights Commissioner reacted with alarm, pointing out during the legislative process that Australia has “passed more counter-terrorism and national security legislation than any other liberal democracy since 2001.”
Fortunately, even though the law has been implemented and is already in use, there is still a chance to influence the end game. That is because the eleventh-hour passage of the law, which took place right before the December holidays, was secured on the basis of a promise of further review in 2019, with the potential for adding badly needed amendments, safeguards, and transparency requirements.
This means, much like T-Swift herself, Australia still has an opportunity to rise from international scandal to global leadership. Here are 10 lessons Parliamentarians should consider as they initiate their review of the law.
1.) I don’t trust nobody, and nobody trusts me
The internet operates on trust. It’s the backbone of the digital economy, social media, communications, and just about everything else we do online. The Assistance and Access law doesn’t just erode that trust — it annihilates it entirely. The law sets up a regime where Australian government officials can pressure or compel companies to make significant changes in digital devices and services with woefully inadequate transparency, no accountability, and no system for judicial accountability or oversight of what officials decide to do.
2.) We are never, ever, ever getting back together
Since trust is so critical in the digital age, the Assistance and Access law could have significant ramifications for Australians, including the loss of important products and services. While we don’t know yet how companies will respond when authorities invoke its powers (and it’s not likely the public will know about it when it happens), several prominent companies are taking a bold public stand against creating government-mandated vulnerabilities. When faced with a government order to undermine the security of their devices or services and put their users’ safety at risk, these companies may instead remove themselves from the Australian market to avoid compliance, including geo-blocking their websites so that Australians cannot access them.
3.) I’ll make the moves up as I go…and that’s what they don’t know
Some of the worst parts of the law are its broad gag provisions. Experts deduce that companies can’t even say they haven’t received a notice under the law without risking jail time. There is a five-year penalty built in, meaning that if a company violates a gag order, it is a serious crime for which the provisions of the law can be used. That’s significant because if the law is misused or abused, there is little accountability. In addition, while there are provisions for transparency, they are minimal: providers can report total number of notices they get over a six-month period, and the government is expected to publish annual statistics for each type of notice, as well as a list of any serious offenses for which they are invoked.
4.) This is why we can’t have nice things…because you break them
While the law prohibits its authorities from being used to compel a “systemic weakness” or “systemic vulnerability,” this limitation is inadequate. To be prohibited, a mandated weakness must affect a “whole class of technology,” so the government could presumably compel changes to create a weakness and it would be allowed so long as it does not impact 100% of users or devices. There is also the risk of problems that we cannot foresee in any mandated updates to a system for deliberately introducing vulnerabilities. Consider that even official Apple systems updates, developed and planned by technologists and tested extensively over time, have inadvertently “bricked” a large number of iPads — that is, rendered them totally useless as anything but a paperweight.
5.) My mind forgets to remind me that you’re a bad idea
This law would be frightening enough if these authorities were available only to Australian government officials. But it can also be invoked on behalf of a foreign government in relation to what that government determines a “serious crime.” The law defines serious crime as any crime with a sentence of three years or more. There is no transparency into which governments may ultimately enjoy access to these powers, and no requirement that they must provide for minimum human rights protections. Consider, then, that India metes out life sentences for sedition crimes, and in Saudi Arabia, homosexuality and witchcraft are crimes that under some circumstances are punishable with prison time or the death penalty.
6.) But if he’s a ghost then I can be a phantom, holdin’ him for ransom
While a mandated vulnerability may be intended to provide law enforcement with an assured means of accessing certain types of sensitive user data, a deliberate weakness, once created, could be available to any bad actor. Where government officials go, criminals will follow. Companies forced to comply with the law, and the customers relying on their products, would therefore become even more vulnerable to cyber attacks or data breaches. That’s a feat, considering that Australia had more than 800 data breaches in 2018 alone. Providing more ways to bypass security features on smartphones and other devices is also likely to result in increased device theft, which has reportedly been on the decline after companies began implementing hard drive encryption by default. That kind of protection, without deliberate holes in the system, meant the devices were useless to those not authorized to get access, and by extension, they were worthless on the black market.
7.) What you’re looking for has been here the whole time
Another problem with the law is that of omission: it fails to include provisions to assist law enforcement and intelligence investigations that would avoid the risks of the current approach. It does not provide funding to educate law enforcement on the availability of alternative methods for accessing digital evidence, nor for hiring technologists or other experts in digital security. Instead, it could endanger access to evidence, since the unchecked powers of the law might persuade the U.S. to think twice about entering into an agreement with Australia to enable direct law enforcement access to data held by U.S. companies.
8.) Darling I’m a nightmare dressed like a daydream
While Australia’s law enforcement and intelligence agencies lobbied hard for the Assistance and Access law, taken as a whole the law threatens to be more of a headache than a helping hand. As we’ve explained, the law is likely to limit Australians’ access to products and services that are driven out of the market, increase data breaches and device theft, and hurt Australia’s chances of entering into beneficial international agreements to assist law enforcement. While these are predictable outcomes, the negative impact of the law is not likely to be measurable until it’s too late…
9.)You should’ve said no
…which is why it would have been prudent for Parliament to postpone enactment of the law until there was more information to show that it is necessary (the current justifications are lacking). This would have given lawmakers the opportunity to study other options or, at a minimum, fix the ambiguous and confusing provisions that resulted from the rushed, inadequate process for drafting the legislation.
10.) Today is never too late to be brand new
Australia can still shake this off. While the Australian Federal Police claims to be close to reaching agreement with several companies to exercise its authority, officials have reportedly used the law in only very limited circumstances so far. Parliament can act to substantially revise its provisions or even vacate the law altogether in favor of a more thoughtful, useful, and effective approach that would preserve digital security and protect human rights. We can only hope Parliamentarians will ask themselves, “what would Taylor do?,” and act accordingly.
In the meantime, the Australian public has until February 22, 2019, to submit comments on the law, and you can do so online, as we all will do.