BitTorrent Pirates Won’t Receive ISP Warnings (It Will Be Something Worse)

Home > Piracy >

As part of its overall strategy to reduce piracy in the Netherlands, local anti-piracy group BREIN announced a program to identify major or frequent uploaders by their IP addresses so that warnings could be sent via their ISPs. Under this system, user identities would not have been obtained by BREIN, but after a local ISP refused to cooperate and BREIN's request to proceed was denied twice in court, BREIN had a decision to make. (SPOILER: It's bad news for pirates)

pirate warning2Many copyright holders believe that if they’re able to communicate with pirates, a proportion will change their behavior. The tone of the messaging varies but legal consequences are typically found somewhere in the mix.

When attempting to reach alleged BitTorrent pirates at scale, the immediate problem is accurate identification. While IP addresses can lead to an infringer or at least the person who pays the internet bill, it’s an expensive process when there’s no intention to sue while recovering costs.

BREIN Hatches a Plan

In late 2020, Dutch anti-piracy group BREIN believed it had found a solution. The plan was to monitor BitTorrent swarms, identify IP addresses sharing content most frequently or long-term, and then match them to local ISPs. After receiving warning notices from BREIN targeting those IP addresses, all the ISPs had to do was match them to the relevant customers and forward BREIN’s notices.

BREIN’s plan didn’t require knowledge of the alleged infringers’ identities; the ISPs would act as proxies, ensure the notices were delivered, leaving BREIN to monitor BitTorrent networks for any signs of changes in behavior. Nobody was getting sued, at least not at this stage.

BREIN presented its plan to Ziggo, the largest ISP in the Netherlands, which declined to cooperate on privacy grounds. Just as it had done many times previously, BREIN took Ziggo to court aiming to force compliance, arguing that its plan was a proportionate and privacy-respecting response to piracy.

Two Courts, Two Rare Defeats for BREIN

During the first hearing at a court in Utrecht, among other things Ziggo argued that BREIN’s request was too broad. While the court disagreed, Ziggo’s privacy concerns found fertile ground thanks to the Netherlands’ implementation of the EU’s General Data Protection Regulation (GDPR).

To legally process personal information, companies must meet certain criteria and obtain appropriate licensing. BREIN had already obtained permission from the Dutch Data Protection Authority before starting its work. Ziggo, on the other hand, had no reason to obtain permission, at least not until BREIN requested cooperation.

The court found that without obtaining permission from the data protection authority, the law didn’t allow Ziggo to comply with BREIN’s request. Since Ziggo had no intention of obtaining permission and couldn’t be compelled to do so, that effectively settled the matter in Ziggo’s favor.

BREIN filed an appeal but the outcome was the same. With no legal basis for Ziggo to process personal data, the ISP couldn’t be compelled to forward the notices.

BREIN Decides Against a Supreme Court Appeal

In March 2023, BREIN announced that it would not appeal to the Supreme Court. Those familiar with BREIN’s history would’ve recognized that as out of character, but it’s also unusual for EU privacy laws to rub up against rightsholders’ ability to protect copyrights and then come out on top.

While obviously a setback, it was always likely that BREIN would find another way. In a statement Thursday, BREIN said that with anonymous warnings off the table, it will adopt a ‘tit-for-tat’ policy that does away with warnings completely.

“This means that from now on, BREIN will simply identify first, major or frequent infringers, if necessary with the provision of their name and address data by their internet providers, and hold them accountable for their infringement,” BREIN says.

“Depending on the circumstances of the case, this involves signing a declaration of abstention with a penalty clause for future infringements, full or partial reimbursement of the costs incurred and, if necessary, compensation for the damages of injured rights holders.”

Given a choice, pirates may have preferred ‘anonymous’ warnings, but that would’ve been in addition to the above, which at no point was ever off the table. Whether it’s financially-viable at scale is a different matter but BREIN has options to balance the books, mostly at alleged pirates’ expense.

“If intermediaries wrongly refuse to voluntarily provide name and address data, BREIN must incur costs in order to obtain a court order. If these are not reimbursed by the intermediary, BREIN may choose to recover them from the infringer,” the anti-piracy group explains.

“This is one of the reasons why BREIN usually requests intermediaries to inform their customers of the request for [personal details] so that they can choose to report themselves to BREIN.”

In Some Cases, ISPs May Be Compelled to Send Warnings

In a separate case, BREIN accused a Ziggo subscriber of offering over 200 pirated eBooks to the public via an open directory. BREIN asked the ISP to forward a warning or share their personal details. When Ziggo declined to cooperate, BREIN took the ISP to court and in 2022, lost the case on the same privacy grounds.

On appeal, however, it was BREIN’s turn to come out on top. Where the GDPR previously scuppered BREIN’s ability to send anonymous warnings, the court of appeal found that BREIN’s interests in shutting down access to the pirated eBooks outweighed the Ziggo subscriber’s privacy rights. Moving forward, this means that BREIN will be able to obtain suspected pirates’ details, providing it meets certain requirements.

BREIN says it must demonstrate “that (i) the damage and unlawfulness are sufficiently plausible, (ii) the applicant (BREIN) has a realistic interest in obtaining the data, (iii) there is no other, less intrusive option to retrieve the data. , and (iv) when weighing the interests, the interest of the applicant is greater than that of the data subject and the provider.”

In other words, every case will be judged on its merits and there will be no blanket coverage on disclosure. There will be no opportunities for pirates to regret being caught in a way that doesn’t cost money either.

After almost two decades of public warnings, thousands of news articles, and millions of cash settlements paid worldwide, the final warning always ends up being the most critical warning of all.


Popular Posts
From 2 Years ago…