Anonymity is a great good on the Internet but increasingly there are calls for stricter identity checks.
Such requirements are not new. In daily life many people have encountered situations where they had to prove their identity. When opening a bank account, for example. But online it is rare.
If it’s up to a large group of organizations with ties to copyright industries, this should change. They call for stricter policies so that hosting companies, domain registrars, and advertisers must properly check who their customers are.
This message was sent in a letter to the European Commission this week. The signatories include anti-piracy outfits such as MPA, BREIN, BPI, IFPI, and RettighedsAlliancen, as well as the international brands Heineken, Nike, and Philips. Together, they call for thorough “know your customer” requirements.
Europe’s Digital Services Act
The letter was sent in response to a public inquiry on Europe’s proposed Digital Service Act, which will determine how online services and platforms are regulated. The senders zoom in on one element, namely, the “Know Your Business Customer” requirements for online platforms.
In the impact assessment published by the European Commission, such a requirement is highlighted. However, that ‘online’ applies to online marketplaces only. This is a missed opportunity and should be broadened, the letter notes.
Online Intermediaries Should Properly Identify Business Customers
According to European law, online businesses are already required to identify themselves based on Article 5 of the e-Commerce Directive. However, this is often ignored by bad actors. This is where the new requirements could prove helpful.
“The DSA represents a real opportunity to rectify the situation that allows bad actors to ignore Article 5 of the ECD with impunity,” the letter explains.
“A business cannot go online without a domain name, without being hosted, or without advertisement or payment services. These intermediary services, having a direct relationship with the business, are therefore best placed to make sure that only businesses that are willing to comply with the law have access to their services.”
The copyright holders and anti-piracy groups state that these checks won’t involve any active monitoring. Some simple due diligence checks based on information that’s publicly verifiable is already sufficient.
Identification Helps to Tackle Online Piracy
At the moment, scammers, counterfeiters, plus pirate sites and services can operate relatively easily in the dark. They often provide false information, when registering a domain name for example. More detailed checks could make this harder.
Knowing who’s behind a pirate site or service obviously makes enforcement efforts much easier. And when the provided information turns out to be false, the customers should be disconnected.
“Should the information provided prove to be manifestly wrong, or the intermediary be notified that the business customer isn’t who it claims to be, the intermediary should stop providing services until the business customer remedies the situation.”
Bad actors have been flaunting the law for years and the Digital Service Act provides an opportunity to fix this, the letter notes. Implementing stricter checks facilitates a “safe and trustworthy online environment” and will make it harder to “distribute illegal content,” the senders add.
Intermediaries Should (be forced) to Take Responsibility
TorrentFreak spoke to Tim Kuik, director of Dutch anti-piracy group BREIN, which is one of the letter’s signatories. He says that it’s no surprise that criminals use fake identities online. However, that intermediaries are not properly verifying the identities of customers is surprising.
“On the one hand, we see upstream providers that are reluctant to disclose customer identity to injured parties who then can not hold the perpetrators liable. On the other hand, we see that when customer identity is disclosed – ultimately providers have to in case of illegal activity – it is fake, either completely made up or of unsuspecting people and their addresses.”
“This frustrates enforcement against all kinds of illegal activity while intermediaries – unknowingly or not – indirectly earn income from it,” Kuik adds.
BREIN has repeatedly emphasized the importance of proper customer identification. Earlier this year it sued several hosting providers that worked with the pirate streaming CDN Moonwalk, to require these companies to verify the identity of customers and require resellers to do the same.
“The latter is necessary because we see a tendency of upstream providers using foreign parties either offshore or to sell in their respective countries, who then do not have true identity information and refuse to provide other identifying information,” Kuik tells us.
The idea to use stricter ‘know your customer’ regulations as a tool to thwart piracy is a hot topic. Just a few weeks ago, a group of prominent anti-piracy groups discussed the same matter in a webinar, which also involved Europol and the Italian Financial Police
A copy of the letter sent to Brussels earlier this week is available here (pdf)