JISC

Download the publication

It is vital that organisations across the public sector ensure they implement robust measures to avoid risks of infringing the provisions in the Digital Economy Act and as a result possible future limitation or suspension of their network and internet access. There are a number of practical measures that public sector organisations can consider implementing to help ensure compliance with the Act.

Overview of the Digital Economy Act 2010

The Digital Economy Act 2010 includes provisions relating to the UK’s communications infrastructure, public service broadcasting, copyright licensing and online infringement of copyright, and security and safety online and in video games. Many of these measures will come into effect immediately, whilst others will require further public consultation and in some cases approval by Parliament, before they can be implemented. Specifically the Act includes provisions relating to online infringement of copyright by placing obligations on Internet Service Providers (ISPs) to work with rights holders and, if a future Secretary of State deems necessary, to take technical measures against infringing subscribers for alleged infringements. The Act also provides a power for the Secretary of State to introduce regulations for rights holders to seek a court injunction to prevent access to specified online locations for the prevention of online copyright infringement. 

A briefing paper (PDF) produced by LINX (the London Internet Exchange), has outlined a number of scenarios in which internet access can be provided by organisations such as public sector bodies and businesses. As a result, it has highlighted the potential difficulties that may be faced by libraries, schools, universities, colleges and museums under the various definitions in the Act. The Department for Business, Innovation and Skills has also issued guidance (PDF) in which it acknowledges that 'without examining the situation for each university and their relationship with JANET, it is not possible to say whether JANET is acting as an ISP or not; nor is it clear whether a university is a subscriber, ISP or is simply not in the scope of the Bill. As such, we cannot say simply who the ISP is and who is the subscriber, only that this is something that each university would have to look at and establish for themselves.'

The Ofcom Code of Practice

Ofcom has just developed a draft Code of Practice for the first stage notification of ISPs and subscribers. This Code provides the framework for the implementation of the measures in the Act relating to ISPs and subscribers, as well as establishing mechanisms for the resolution of disputes (PDF) between parties. In particular, the draft Code sets out how and when ISPs covered by the Code will send notifications to their subscribers to inform them of allegations that their accounts have been used for copyright infringement.

ISPs must also record the number of reports made against their subscribers and provide copyright owners on request with an anonymised list which enables the copyright owner to see which of the reports it has made are linked to the same subscriber – also known as the ‘copyright infringement list’. It was hoped that the Code would also clarify the scope of the Act: which organisations are required to act as ISPs and which as subscribers, however the wording of the Code remains ambiguous.

The Code is currently open for consultation

The closing date is 30 July 2010. Public sector bodies are strongly urged to respond to this consultation, and where possible outline the following ramifications for their organisations as a result of the Act:

• The ambiguity of the wording in the Act whereby public sector bodies may, by virtue of their activities, be defined as both ISPs and subscribers
• The implications and impact for them in providing online and/or wifi access to students and/or visitors as a result of their potential definition as ISPs under the Act, as well as the effect on them in being classed as subscribers
• The costs that they are likely to incur in ensuring that they have the necessary technological infrastructure in place to comply with any obligations associated with their definitions of ISPs under the Digital Economy Act
• The impact on their organisations of being responsible for 25% of costs associated with allegations copyright infringements in their role as ISPs

4 step guide to ensure compliance with the Digital Economy Act

To understand the implications of the Act in terms of the individual public sector organisation, it is suggested that the following steps may aid understanding of the implications and ramifications:

Practical suggestions to ensure compliance with the Digital Economy Act

It is vital that organisations across the public sector ensure they implement robust measures to avoid risks of infringing the provisions in the Act and as a result possible future limitation or suspension of their network and internet access. There are a number of practical measures that public sector organisations can consider implementing to help ensure compliance with the Digital Economy Act. All organisations should have policies that prohibit breach of copyright (with thanks to Andrew Cormack, Chief Regulatory Officer, JANET for his additional suggestions)

Roles and responsibilities regarding the services you provide

Understand your organisation’s roles and responsibilities regarding the services that you may provide and receive with regards to the Act’s definitions, such as 'ISPs' and 'subscribers'. These may be clarified by the Ofcom code of practice.

1. Ensure that there are robust regulations in place issued by public sector organisations for users, such as staff, students, formal visitors and contractors, in their use of institutional IT facilities and systems. See an example of the type of regulations used across UK universities. E-safety guidance to support effective practices across schools has been developed by Becta.
2. Develop acceptable use polices, such as those developed by JANET and Becta. Codes of conduct for use of software and data, for example EduServ, will also be of benefit.
3. Ensure that all users of the organisation’s applications, software, systems or networks (including remote users and visitors) are aware of these policies and the need to comply with them, for example by providing a landing page that requires active consent to terms and conditions, prior to
   access being permitted. Software such as the 'u-Approve' module in Shibboleth may be beneficial for institutions wishing to implement such a process.
4. Take disciplinary procedures and/or legal action against  those who breach the organisation’s acceptable use policies and/or codes of conduct, possibly including suspension of the individual’s access to network services

Measures to reduce the level of copyright breach 

The Act also requires organisations to take measures to reduce the level of copyright breach, however it recognises that different measures will suit different types of organisation. The experience of sites implementing the JANET Acceptable Use Policy is that approaches concentrating on user education, accountability or technical prevention can be equally effective in reducing copyright infringement to well below the UK Internet average. The following are examples of measures that may be effective in various combinations:

1. Educate users on the correct and incorrect uses of copyright material of all kinds. This can include signposting to legal file sharing sites such as: Bleep; Sky Songs; iTunes; Orange; Tesco Entertainment etc and streaming services (as long as streamed content is not recorded)
2. Implement a rapid and robust notice and take down policy and procedures relating to infringing content appearing on web, repositories, VLEs, intranet etc etc. A template notice and take down policy and associated procedures can be found on the Strategic Content Alliance Blog
3. Ensure that users must authenticate themselves before gaining unrestricted Internet access (see JANET guidance) and that logs are kept as appropriate. User logs are considered to contain Personally Identifiable
   Information (PII) so retention and use of this data must conform to the Data Protection Act. Consent management policies and procedures to deal with these and similar issues will be available from JISC Legal and see a paper on log files (PDF)
4. Implement and advertise a rapid and effective process for receiving reports of copyright infringement, identifying and dealing with the responsible users (see the JANET guidance)
5. Monitor and manage new software installed by users on the organisation’s computers, especially the installation of BitTorrent client
6. Monitor, manage and where necessary block unacceptable or inappropriate websites.
7. Block or limit network protocols known to be associated with copyright infringement (but note that some lawful services also use peer-to-peer protocols) See an example
8. Monitor and track web traffic and user activities
9. Review policies for proxy servers and Virtual Private Networks (VPN) by your institution. These will allow users at home to appear as if they are accessing via an institutional IP address. The same policies for logging  activity, authenticating users, and restricting sites should be applied within the proxy or VPN environment as on the organisational network

Podcast: Digital Economy Act advice for universities and colleges from JISC Legal (Duration 8.09)

Supplementary interviews on this topic

The implications for universities and colleges Professor Charles Oppenheim, Loughborough University (Duration 4.54) MP3 

The implications for museums Dr Naomi Korn, Copyright adviser (Duration 6.36) MP3

Reducing copyright infringement in education Saskia Walzel, Policy advocate, Consumer Focus (Duration 7.12) MP3

Want to find out more?

• JISC Legal
• BIS Factsheets on the Bill
• SCA IPR Toolkit
• Ofcom Draft Code of Obligations on Copyright Infringement