Background: https://my.pirateparty.ca/node/7
PART 0: Introduction
Greetings,
I am writing on behalf of the Pirate Party of Canada to explain how the “Notice and Notice” regime will impact our VPN service (which we discontinued, but plan to bring back).
We are disappointed that we only found out about this through the media. Because the distribution list of the consultation letter is not disclosed, it is difficult to know which stake-holders are being consulted. In general, the Pirate Party of Canada will not operate a VPN service that keeps extensive logs. However, we think a VPN service is important enough that we should still offer one: despite guidance that we should keep detailed logs for 6 months. The primary purpose of our VPN service is to defend human rights: something not possible to do while keeping extensive logs.
While the Pirate Party does not officially condone copyright infringement (especially commercial copyright infringement), I am troubled by the characterization that the Copyright Modernization Act is designed to deter copyright infringement. At it’s core, copyright is censorship. Authors are given a time-limited monopoly on publishing their work, with the understanding that it must eventually fall into the public domain. All works build on what came before. Technologies like Technological Protection Measures threaten to bring about a second dark age if not handled carefully.
PART 1: IT details; What is possible?
A: How reliable is e-mail notification?
E-mail is a “best effort” delivery medium. This means that delivery is not guaranteed. This is exacerbated by the SPAM problem: users and hosts may be reluctant to report delivery failure ([1], section 15.4). DMARC allows the sending host to request specific rejection handling, but the receiving host is still free to ignore the advice. One reason a receiving host may want to do this in the context of “Notice and Notice” is if a specific host is known for sending poor quality automated infringement notices; while not responding to follow-up e-mail. The person handling such mail for the Pirate Party has requested that we block one such domain as spam.
The mostly standard way of requesting Disposition Notification is described in RFC 3798.[2] By including the Disposition-Notification-To header, the sender is requesting a notification when the message is either opened of deleted (possibly without being read). Again, this is optional on the part of the receiving host. While the government may be tempted to enact regulations requiring intermediaries to respond to such requests, it is a bad idea for the reasons outlined in section 6 of the RFC: “Security Considerations.” In particular, “MDNs do not provide non-repudiation with proof of delivery.” If non-repudiation is required, registered letter mail should be used instead.
B: How safe is e-mail notification?
To internet intermediaries and users, entities sending notices of infringement are considered potential attackers. Even if the notice is genuine, internet intermediaries and users must mitigate potential de-anonymization attacks. Among the most common (used by the Pirate Party in it’s mail-outs), is the use of HTML e-mail including a “Web Bug.”[3] A web-bug works by downloading data from the attacker’s server whenever the message is opened. In the context of a VPN provider, this may reveal the user’s real IP address if they open a forwarded message from the attacker without the VPN connection being active. Unique URLs included in the message may also be used for de-anonymization.[4] The very nature of infringement notices may make some infringement-specific URLs unavoidable.
The aforementioned attacks can be mitigated by using only plain-text e-mail. However, e-mail attachments are potential attack vectors as well.[5] Extraneous attachments should be avoided. Even if the attached file format is not designed to execute arbitrary code; there have been numerous security vulnerabilities disclosed for most image handling libraries over the years. E-mail software also varies in how it handles the forwarding of attachments. I recommend that to simplify the forwarding of infringement notices to users, plain-text e-mail should be used as much as possible. Copyright holders sending infringement notices may want to consider cryptographically signing their messages as well.
C: What information is required to identify an alleged infringer?
Our VPN service issues its users RFC 1918 private addresses.[6] Network Address Translation is then used to provide a connection to the IPv4 Internet. This means that in order to have any hope of identifying an alleged infringer, the infringement notice must include: the time, the IP address, and port used by our user. While just the IP address may be enough for traditional ISPs to identify a customer: in the case of our VPN service, the IP address is used by many users at the same time.
If our VPN service ever implements IPv6, it is likely that we will assign our users temporary (randomly generated) addresses. In that case, the full 128 bit address should be sufficient to identify a specific user at any given time. However, in the case of our service, we will not be able to identify specific infringers due to a minimal logging policy. This policy is in place so that users of our service can enjoy the right to privacy: stated explicitly in Article 12 of the UN declaration of human rights. It is safer for our users (which may include political dissidents in foreign countries) to keep no logs at all.
PART 2: Legal details; Will the Pirate Party get deregistered for not keeping logs?
A: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
Our minimal logging policy generally follows the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.[7]
We follow the Collection Limitation Principle by limiting the logs we keep. Less data means that the Data Quality Principle is easier to implement.
Because extensive logs have no clear purpose, other than investigating possible abuse, we are following the Purpose Specification Principle. The guideline in question says that “the purposes for which personal data are collected should be specified not later than at the time of data collection.” However, it is possible that we may receive a court-order to keep additional logs: while being prohibited from disclosing the logging. The way privacy-conscious services have handled this in other jurisdictions is by partially or completely shutting down the service.[8,9] By limiting the logs we keep, we reduce the chances of violating the Use Limitation Principle.
Keeping minimal logs increases the security of the service from a privacy perspective: following the Security Safeguards Principle. By keeping our logging policy simple, we follow the Openness Principle. Minimal logs also reduce the administrative overhead in following the Individual Participation Principle. Simplified logging also simplifies our Accountability to our members: fewer logs mean inevitable mistakes have fewer ramifications in the event of a data-breach.
B: Explain the difference between criminal and civil liability
The Copyright Act[10] sets out two broad classes of remedies: Civil and Criminal. Section 41.27 also allows copyright holders to receive an injunction against the providers of information location tools. While a broad reading of subsection 5 may include keyboards, the VPN service is not really an “information location tool,” so that section is not likely to apply.
The following acts appear to have Criminal Remedies:
- Selling, renting, distributing, exhibiting, or importing infringing copies of a protected work in a manner prejudicial to the owner of the the copyright.
- Making a plate for making infringing copies or performing a protected work in public for private profit.
- Circumventing a Technological Protection Measure for commercial purposes.
- Performing in public for private profit a dramatic, operatic or musical work without permission from the copyright owner.
- Suppressing the title of or name of the author: of any dramatic, operatic or musical work.
The VPN service is essentially an anonymized Internet connection. While the service may be used by some of its users for the above acts, the service itself is not responsible for such acts. In general, our service is not suitable for commercial copyright infringement because only individual users are allowed to purchase a subscription. Corporations and Unions are prohibited from making donations to the Party by the Canada Elections Act.[11] (Section 404(1))
The following acts appear to have Civil Remedies:
- Infringing copyright
- Infringement of moral rights (described in sections 14.1 and 17.1).
The Copyright Modernization Act[12] introduced section 30.71 that clarifies that incidental buffering is not in itself an infringement of copyright. However, the wording of subsection (b) is troubling because our service has no way of knowing if a specific packet is infringing copyright or not.[13] Even if the packet can be identified as containing a fragment of a copyrighted work, not under a permissive license: one of our users may be making a copy for personal study; a specific exemption under the Copyright Act (section 29). Our service makes use of shared IP addresses, and does not allow our users to forward ports using UPnP. Because of this, our service does not lend itself to seeding infringing content. It is still possible: but any “downloaders” would have to have ports forwarded at their end of the connection.
The $5000 to $10,000 statutory damages mentioned in the consultation letter comes from Sections 41.25 and 41.26.
Our interpretation of the wording of subsection 41.26(2)(b) is that we must only retain the records we have at the time of the notice. Because the wording may be interpreted in such a way that logs must be recorded for a period of 6 months or more: we may, out of an abundance of caution, patch our kernel to black-list and log the ports named in any notices.[14] NAT should continue to work with 10,000 or more ports black-listed before we may be forced to allocate a second IP address for our VPN.
C: It is an infringement of copyright to operate a service solely for the purposes of copyright infringement — Section 27 Subsections (2.3), (2.4)
Section 8 of the Canadian Charter of Rights and Freedoms[15] prohibits unreasonable search or seizure. Due to the shared nature of our VPN service, any logging to track down a specific infringer constitutes an unreasonable search of all of our other users. The only way to universally enforce copyright is to impose a regime of universal surveillance. Universal surveillance prejudices the “fair dealing” exemptions outlined in section 29 of the Copyright Act.
Fair dealing allows copyright law to avoid conflicting with[16]:
- The right to freedom of thought, conscience and religion (Article 18)
- The right to freedom of opinion and expression (Article 19)
- The right to education (Article 26)
- The right freely to participate in the cultural life of the community (Article 27)
D: How does contracting an off-shore provider impact the above?
If we sub-contract to an off-shore provider, any infringement notices would be subject to the laws of the foreign jurisdiction. Since international copyright treaties have wide reach, this would (hopefully) require careful jurisdiction shopping to make sure that the host countries’ laws are not actually more severe than those in Canada. If the regime in Canada becomes too oppressive to maintain a viable VPN service, we may investigate other jurisdictions that actually respect the right to privacy.
PART 3: References
- [1] Domain-based Message Authentication, Reporting and Conformance (DMARC)
- draft-kucherawy-dmarc-base-01
- https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/?include_text=1
- [2] Message Disposition Notification
- https://tools.ietf.org/html/rfc3798
- [3] Wikipedia: Web bug
- https://en.wikipedia.org/wiki/Web_bug
- [4] Bitmessage users de-anonymized
- http://secupost.net/2325962497/bitmessage-security
- [5] E-mail Viruses
- http://www.thegeekprofessor.com/guides/email/email-viruses/
- [6] Address Allocation for Private Internets
- https://tools.ietf.org/html/rfc1918
- [7] OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
- http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm
- [8] Lavabit
- http://lavabit.com/
- [9] CryptoSeal VPN shuts down rather than risk NSA demands for crypto keys
- http://arstechnica.com/information-technology/2013/10/cryptoseal-vpn-shuts-down-rather-than-risk-nsa-demands-for-crypto-keys/
- [10] Consolidated Copyright Act
- http://laws.justice.gc.ca/eng/acts/C-42/
- [11] Canada Elections Act
- http://elections.ca/content.aspx?section=res&dir=loi/fel/cea&document=index&lang=e
- [12] Copyright Modernization Act
- http://www.parl.gc.ca/HousePublications/Publication.aspx?Language=E&Mode=1&DocId=5697419&File=4
- [13] What Colour are your bits?
- http://ansuz.sooke.bc.ca/entry/23
- [14] Reserved network ports
- http://lwn.net/Articles/375976/
- [15] Canadian Charter Of Rights And Freedoms
- http://laws-lois.justice.gc.ca/eng/Const/page-15.html#h-39
- [16] The Universal Declaration Of Human Rights
- http://www.un.org/en/documents/udhr/
Comments
3 comments for “Notice and Notice” copyright submission for the Pirate Party with respect to their VPN service
Concise, extensive, and backed with definitive references; the Pirate Party can certainly excel in technical debates. I don’t think I’ve ever seen that from a political party. Thank you.
My instinctive response to notice-and-notice is “Laugh and Laugh”. As detailed in “Conservatives Set To Kill Growing (Canadian) VPN Industry” and here, VPNs will now be forced by law to collude with spy agencies and copyright industries and betraying their customers by recording everything they do. I’m glad that the Pirate Party is wary about putting itself into that impossible position by running a Canadian VPN, but even “minimal logging” is an issue when competing services disclaim any logging in non-corporatocratic countries. I’m interested in how a Domestic+International possibly-Dual-VPN donation/service could take shape.
Maybe PPoC should contact our Piratpartiet shipmates in Sweden for technical advice and cooperation? Canada has suffered Washington’s interference much longer, but Sweden has suffered new tactics and the appearance of copyright interests corrupting their judiciary. Piratpartiet.se “have a certain technical competence” and experience with Bahnhof at Pionen.
I didn’t know that the “Pirate Party does not officially condone (non-commercial) copyright infringement”. You’ll need to delete the Our Manifesto line “Legislation should be amended such that it only regulates the use and copying of works in the commercial context.”, or be more clear on law breaking=bad amending=good. I got confused for a moment.
The author likes to follow the “letter of the law” (makes shopping for a webhost or ISP inconvenient (due to silly Terms of Service nobody reads)). I don’t actually “pirate.” I joined the Pirate Party because restrictions on copying prevent me from sharing works with a liberal licenses attached. Some pirates may be more inclined to civil disobedience, but as a party we can’t really officially encourage that.
I think the sentiment over the logs is that services that promise “no logs” are probably lying. Even if you have a goal of “no logs,” your router is still going to save at least some state like open TCP connections.
I always loved the letter of the law, the simplicity and clarity of following rules. I’ve found it becomes difficult when compliance can be impossible, contradictory, or over-enforced. I too often read law acts before I do things, and the quantity and obfuscation can be burdensome, let alone differences in how authorities interpret vague language. Terms of Service will say anything. I do empathize with that position. I should look up what legal protections a Canadian political party enjoys.
“No Logs” VPNs may be lying or co-opted by spy agencies, but international VPNs in friendly nations enjoy the difference of worst-case-scenarios between government-enforced logging and a malicious administrator. Lists of open TCP connections have to be maintained locally in realtime, but past connection logs can be disabled and verified to not exist in custom open-source firmware, or the VPN can be configured on the PC so the router only sees one connection. There has to be trust somewhere, but hopefully VPNs will open up to 3rd-party verification now that trust is genuinely unreasonable.
You’ll know creativecommons and the legal complexities there, but check out copyheart.org ‘s lovely fantasy of licencing terms. The companies that wrote copyright laws couldn’t conceive of liberal licences, or that people wouldn’t always want automatic and non-refusable copyright to their works.
It's not possible to make comments anymore.