AT&T exec: ISP will never terminate service on RIAA's word

Updated at 5:05 p.m. PDT to include explanation of RIAA's graduated response, quotes from RIAA, as well as information about how some ISPs had already implemented their own type of graduated response.

Jim Cicconi, a senior executive vice president at AT&T, says much has been written about his company's relationship with the music industry and some of it is flatly untrue.

This much at least Cicconi wants customers to understand: "AT&T is not going to suspend or terminate anyone's policy without a court order."

"We're pleased to be in constructive discussions with several ISPs. We're making important progress, and doing so in a manner consistent with everyone's respective priorities. We're grateful that some of the industry's leading executives came to Nashville and talked through these important issues."

--RIAA spokesman spokesman

On Tuesday, Cicconi told attendees of the Leadership Music Digital Summit that the ISP has begun issuing warning notices to people accused of pirating music by the Recording Industry Association of America. The RIAA, the trade group representing the four largest music labels, said in December that it had received cooperation from some large Internet service providers. CNET reported Wednesday that besides AT&T, Comcast and Cox Communications were also working with the music industry.

There has been some confusion about what the RIAA's graduated response program involves. The program could include suspension or termination of service for repeat offenders. It's up to the ISP to decide. But there are also other forms of escalating responses, such as the sending of multiple letters. Some of the notices could take a stronger tone or perhaps the ISP might follow up with a phone call.

Ideally for the the RIAA, the graduated response would culminate in a temporary suspension of the account for chronic offenders. Some ISPs have balked at that step, but the RIAA is still encouraged by discussions it's had with the ISPs so far.

"We're pleased to be in constructive discussions with several ISPs," said an RIAA spokesman. "We're making important progress, and doing so in a manner consistent with everyone's respective priorities. We're grateful that some of the industry's leading executives came to Nashville and talked through these important issues."

CNET News reported Tuesday evening that Cicconi said AT&T had begun issuing warning notices to people accused of pirating music by the RIAA. The Digital Millennium Copyright Act of 1998 has mandated that ISPs forward those letters to people accused of violating copyright. But AT&T has begun sending its own "cover letter" along with the RIAA's cease and desist notice, according to a company representative. Cicconi confirmed on Wednesday that those letters began going out last week. CNET also reported that in the notices sent to customers was language informing them that the company had the right to terminate service. Cicconi again confirmed that, but said the clause wasn't much more than legal boilerplate.

"What we do is send notices and keep track of violations and IP addresses. It's our view that any stronger action has got to rest with the copyright owner...That's what the courts are there for."

--Jim Cicconi, AT&T executive

"It's a standard part of everybody's terms of service," Cicconi said. "If somebody is engaging in illegal activity, it basically gives us the right to do it...We're not a finder of fact and under no circumstances would we ever suspend or terminate service based on an allegation from a third party. We're just simply reminding people that they can't engage in illegal activity."

Cicconi said the company began testing this kind of "forward noticing" late last year and even experimented with sending certified letters. Cicconi said the notices worked. The company saw very few repeat offenders.

The RIAA is encouraging ISPs to strengthen their responses to piracy. Some ISPs, such as Cox, says it had already implemented a policy very similar to what the RIAA is asking for.

Comcast said Wednesday afternoon that it hasn't changed its policy. An executive who spoke at the same conference as Cicconi told the audience that the company has sent 2 million notices on behalf of content owners. A company representative said the company has no plans to test "a so-called 'three-strikes-and-you're-out' policy."

But music industry sources told CNET that Comcast has agreed to cooperate with the RIAA in other ways.

But what happens to chronic offenders? Cicconi said that his company will only send notices and that if a content owner wants more done, they need to see a judge.

"What we do is send notices and keep track of violations and IP addresses," Cicconi said. "It's our view that any stronger action has got to rest with the copyright owner...That's what the courts are there for."

Cicconi raises some important questions. How many ISPs are willing to cut off a customer's Internet connection without a court order, and how effective is the RIAA's graduated response program without one?

Note to readers: Have you received a warning letter from AT&T or another ISP? If so, e-mail me by clicking on the link in my bio below. Please include your contact information. I won't reveal your name in any story if that's what you prefer.

[Pete Bardo]

Funny, AT&T is reminding it's customers not to engage in illegal activities. Maybe they should send that notice to all of their executives--and all their employees while they're at it.

I don't trust AT&T--never have, never will.

[sharmajunior]

I agree with you.

Also would like to add. Everyone who visits this forum and around the world who download music for free.

Don't stop downloading the free music. Let's see how many of us are the ISP's willing to lose as customers as compared to doing the devil's (RIAA) will.

Would they rather listen to some association or lose customers where they actually make money and have had for longer periods of time.

[computerguy_2001]

i think what we do on computer online is own in the privacy in home is our business nobody else.

[esteven4]

Yeah, it's your own business, until you break the law. Then it becomes the business of whatever party is being harmed by your illegal actions.

[somniferous]

Thinking what you do online is private is like thinking you can have a private cell phone call in the middle of a crowded street. it's not gonna happen.

[screamapillar]

Perhaps somniferous, but having a private conversation on my phone in my home - even IF the context is for illegal activities - is still my own business. You see, the thing is, you wouldn't know it was illegal unless you were listening in. But what right should you have to ever listen to my call? What, because some biased organisation with clearly a stake in me being guilty says so? Since when should a company have the right to deem me guilty based on their suspician without evidence and then gain access to my private actions to then gather evidence against me without my knowing?? And how would I prove them wrong? I shouldn't have to, they should have to prove my guilt not vice versa. You need to not be so happy to shoot first and ask questions later.

This whole 'if you're not doing anything wrong you have nothing to fear' arguement is ignorant at best. Protecting privacy isn't about protecting criminals, it is about protecting the innocent! It is about the right to due process.

Once you are accused of something it no longer matters if you are guilty or innocent. Mud sticks.

So esteven4 - once you break the law it becomes someone elses business yes, but you still have the right to due process. They can't sit there monitoring you just in case you break the law. It is unethical and just a grave a violation of my rights as the infringment they wish to accuse me of.

[rapier1]

What a few people seem to be overlooking is that putting files onto a P2P network isn't a two way private conversation. Its more like a party line - anything you say is automatically heard by anyone who feels like listening in. As such, there is no expectation of privacy - there can't be because the underlying design of a peer to peer network necessitates against it.

That being said, even a 'private' conversation between two IP addresses 'leaks' information into the public domain. The routers and switches and other devices along the path have to be able to know how to get the information from one place to another. Think of a single packet of information like an envelope - the contents of that envelope may be private but the address and return address *have* to be public. In the case of the packet the ip addresses, ports, and other header information are all public by necessity. If someone sees enough packets go by its not very hard to build up a pretty clear picture of what the user is doing without ever looking at the contents of the packet. Even seemingly ephemeral data like the routing diversity of the packets, the inter packet timing, and so forth can help 'fingerprint' the class of application being used.

So just based on the necessarily public information you generate when using the internet it's easy to help figure out a lot about what the user is doing. The point of this is that you don't have as much privacy as you think you do and you can't have it if you want the internet to actually work. What we need is a policy decision to not engage in the relatively minor work required to unearth behavioural information we feel should be private.

[gunchmofo]

I agree esteven4, but at the same time you have to realize that in "keeping track of these violations" it means that the ISP is literally monitoring all activities coming from that IP Address. It's simply an invasion of privacy regardless of whether or not you are doing something illegal.

Now I'm not saying that in the TOS you sign with your ISP they don't allow themselves to violate your privacy and do exactly that, but I think you will be more likely to see ISP's specifically offering "privacy protection" where they do not monitor content without a court order or some other legal force.

It just seems odd that any ISP would back the RIAA in this fight without some kind of huge donation or something to that effect because essentially at the very least they will probably be losing customers if not locking them up. I wonder how much ISP's think privacy is worth and how much they're selling it to the RIAA for?

[aka_tripleB]

It dosn't sound like it's the ISP, at least not AT&T, that's doing the monitoring. It sounds like AT&T will keep a data base of accused violators, but it's actuall the RIAA that is monitoring your activities. Of course, there probably is a simple solution to that problem, and that is encrypt your traffic. Then if the RIAA accuses you of anything, use their own tools against them and file a DMCA violation complaint because they broke the encryption on your data.

[rapier1]

Data encryption only does so much. The packet header information, by necessity can't be encrypted. For real security you need to use a well maintained well trafficed proxy and engage in some counter measures to deal with behavioural useage patterns, interpacket timing, routing patterns, and so forth. You can find out a lot from basic traffic analysis without ever actually looking at the packet payload data.

[Len Bullard]

"Cicconi raises some important questions. How many ISPs are willing to cut off a customer's Internet connection without a court order, and how effective is the RIAA's graduated response program without one?"

That is the dilemma. The RIAA should pursue a broadband tax instead. Threats don't work.

Copyright as currently conceived cannot produce the revenues of the systems that came before the web. The choices of tools to sustain that erode the social contracts for privacy in ways unacceptable to the consumer as the tools to violate copyright law are unacceptable to the owners of those rights. Copyright has to adapt to the reality of the free copies of any digital work bought past the first copy. All aren't free but a signficant number are, are going to be, and the only way to fight absolutely is go after the fans. That's bad juju for the artists.

Copyright law must be adapted to this. It doesn't work the other way around.

Otherwise, the system of distribution on the social networks and other free services is working and if not yet producing those Big Big Big Dollars that paid for the intermediaries of the old model, it is expanding the role of the artist in tending their own flocks. The critical ingredient in that model is the artist. The difference in iTunes and MySpace/MyMusic is the word "friends". It is not just a store. It's a world of artists befriending. That is a significant change in a business that has people who's job it is to keep the artist isolated from any of that. These people don't have cherry futures.

Look at the way Arlo Guthrie's family does it. It's a smart model and it's working.

[timothywmurray]

Len,
The idea of paying a broadband tax to the coffers of the RIAA is enormously distasteful. I Have had broad band for a decade and I have never downloaded music. I never even listen to the music on my aging CDs. I have an iPod and I listen to it every day for almost 3 hours a day during my commute. I listen to podcasts and audio books and lecture series from iTunesU and MIT open Course ware. Why should I pay a fee to the RIAA as either a Broadband tax or as has bee suggested elsewhere a tax on any device that plays MP3s.

It makes me agree to think that I would be charged a fee that would be turned over to such disreputable Copyright trolls as the RIAA.

I work in publishing and I make a living from copyright but those guy are foul.

[somniferous]

While I strongly disagree with what the RIAA is doing, assuming that anything you do on the net that is private is just plain stupid. Anything you put out on the net is not private info, I know this may come as a shock to most of you, but it's true. The internet is a public place and is therefore not considered private space.

I can understand anything on your personal computer as being private, but the moment it leaves your computer without you taking some action (like making sure you banking or any sensitive info is going through an https site or having the data encrypted) to make it private, anyone with the right tools can see your trail. If they were personally searching a persons hard drive I'd be saying something completely different, but they really are not, at least not yet.

I think eventually the RIAA will end up driving itself into the ground, mainly because they refuse to adapt to the new market. You know it's bad when even the musical artists have started to ignore what the RIAA is doing, and have started to make content available for free (like NIN). Unfortunately for us consumers, it will be a very bloody battle to the end.

[dalilamakarma]

Actually, I think you need to revisit the law on privacy. When you are paying an ISP you are entering into a rental agreement, and when you rent something you do have a certain expectaion of privacy. You can't rent someone a house or apartment with cameras and microphones to monitor what they are doing to make sure they don't break the law. The same holds true here to a certain degree.

[eswinson]

While I understand there should be no reasonable expectation of privacy when you are advertising on the Internet that you have music to share, this is a little different. What is happening here would be like the Cotton, inc. telling the power company to cut off your power because you (may) have grow lights in your house and you may be growing hemp (or its evil cousin) illegally and that might be interfering with their monopoly and causing them lost revenue. If there really is a crime being committed and the evidence warrants it, there are proper law enforcement channels that can be leveraged to deal with it. You can still retain the right to file a civil suite for damages as well. But when all you have is suspicion and vague evidence all you can do is send nasty-grams and get pissy with people and hope you can scare them.

One thing we have to realize is that suing individuals obviously was not as effective as the RIAA would have liked us to believe or they would not have stopped doing it. My guess is that the cost of investigation and litigation (even sending letters from and attorney wasn't cheap) outweighed the gain and the public perception about downloading free music didn't budge because a very small percentage of those offenders unlucky enough to be in America got a slap on the wrist. When you realize that 2 million people on Comcast alone think that it is ok to share music it is obvious the RIAA is fighting a loosing battle in a war that they have already lost.

[umbrae]

So AT&T will not kick you off, but they will bully and pester you with no proof of wrong doing.

[sanenazok]

I can see why, if they kicked their customers off, the bills would have to end. No early termination fee either if the provider axes the service.

[inachu1]

This was proven when the people trying to track you were interviewed themselves and they turned out to be very very old senile retired people who retained ip information for very long periods of time and when the account holder quits their ISP service that ip address goes to a new customer and they send out notices to the new customer who was innocent.

Old retired people do not work with technology very well. No reliable data from them at all.

[juliestevenson23]

That's exactly what I see here too Umbrae. But still, I'm glad AT&T is at least taking that step, and not terminating contracts, just because the RIAA says they should.

- Julie
http://www.profitablenuggets.com/

[juliestevenson23]

Oh, I forgot to add:

"I think eventually the RIAA will end up driving itself into the ground, mainly because they refuse to adapt to the new market."

Very true, I really hope that this exact thing happens within the next few years. It seem like their holding on to some type of hope that's been gone since 2000 now.

- Julie, consultant for <a href="http://www.profitablenuggets.com/">Credit Report</a>

[ClockworkEel]

Why should an ISP be involved with what a user is downloading?

This could be compared to making telecom companies responsible for anything said on the telephone.

If two bank robbers discuss their robbery plans over the phone, should the phone company be prepared to terminate a customer's service because he may have used the phone aid in his illegal activity?

What if the robbery was planned by snail-mail? Would the post office terminate mail delivery because criminal used that medium?

When will lawmakers get with the times? If a user is doing something illegal, that is between the legal system and the user. A 3rd party watchdog should be dealing with the legal system. The provider of the medium should not be involved.

Oh, and technically, the ISP isn't even transmitting illegal files. Just packets of data - these packets are reassembled at the user's computer into the illegal file. While it's in transmission, it's just unassembled packets of data. Again, it is the user not the ISP that needs to be dealt with legally.

The ISP is just providing a pipeline for packets of data. They should not be involved until the legal system asks them to. It should not be their responsibility to police what's contained in these data packets any more than policing what people discuss on the telephone.