American Internet users, get ready for three strikes "six strikes." Major US Internet providers—including AT&T, Verizon, Comcast, Cablevision, and Time Warner Cable—have just signed on to a voluntary agreement with the movie and music businesses to crack down on online copyright infringers. But they will protect subscriber privacy and they won't filter or monitor their own networks for infringement. And after the sixth "strike," you won't necessarily be "out."

Much of the scheme mirrors what ISPs do now. Copyright holders will scan the 'Net for infringement, grabbing suspect IP addresses from peer-to-peer file-sharing networks. If they see your IP address participating in a swarm for, say, Transformers, they will look up that IP address to see which ISP controls it, then fire off a message.

ISPs have committed to forward such notices to subscribers—though, crucially, they won't turn over actual subscriber names or addresses without a court order. This is a one-way notification process.

The agreement puts heavy emphasis on "education," going so far as to recast this behavior as some "right to know" on the part of parents unaware of a child's P2P activity. According to today's announcement materials, the goal is to "educate and stop the alleged content theft in question, not to punish. No ISP wants to lose a customer or see a customer face legal trouble based on a misunderstanding, so the alert system provides every opportunity to set the record straight."

It would be much easier to see "education" focus as a principled stand by content owners if they hadn't spent years suing such end users, securing absurd multi-million dollar judgments in cases that they are still pursuing in court. As it is, the shift looks more like a pragmatic attempt to solve a real problem through less aggressive measures after the failure of scorched earth tactics.

In addition, the ISPs were never going to go along with draconian penalties imposed on their own paying customers. The end result, then, is actually a fairly sensible system arrived at years too late, after infringement has already begun its shift away from easily-monitored P2P networks to HTTP streaming and one-click download services which can't be so easily monitored by third parties.

The result is "copyright alerts," a series of messages warning users that their (alleged) activity has been detected and that penalties could result if it continues. These notes continue repeatedly—two, three, even four warnings likely won't result in any penalties—but the scheme certainly does have a punitive component.

ISPs have agreed to institute "mitigation measures" (or, as you and I know them, punishments) based on the collected say-so of copyright holders. These measures begin with the fifth or six alert, and they may include "temporary reductions of Internet speeds, redirection to a landing page until the subscriber contacts the ISP to discuss the matter or reviews and responds to some educational information about copyright, or other measures that the ISP may deem necessary to help resolve the matter."

There is no requirement that ISPs disconnect a user's Internet connection at any point, and indeed ISPs say they will refuse any measure that might cut off a user's phone service, e-mail access, "or any security or health service (such as home security or medical monitoring)." But ISPs are free to disconnect users if they wish (as indeed they have always been).

As such approaches go, this one sounds fairly sane, and ISPs certainly claim the rights to take such actions in their terms of service. The stated goal is to provide enough "education" that the punishment stick can stay in the shed, but there's no avoiding the fact that the "mitigation measures" are the result of private, unverified accusations not vetted by a judiciary. Depending on your view of Internet access—is it a human right as some in the UN think?—such private countermeasures on infringement may look problematic. (The French courts also demanded that any tough measures by ISPs come only after judicial scrutiny, though their system is actually administered by the government; this one, run voluntarily, is not.)

An appeals process does at least exist. Before a "mitigation measure" is taken, users can request an independent review of the accusation, but not from a judge; it remains unclear who exactly will handle the appeal. To keep everyone from using the system every time, there's a $35 filing fee (which can be waived by the independent reviewer). In addition, subscribers can always still sue their ISP in court.

Baby steps to mitigation

The complete list of "alert" steps is included below for your reading pleasure:

First Alert: In response to a notice from a copyright owner, an ISP will send an online alert to a subscriber, such as an email, notifying the subscriber that his/her account may have been misused for content theft, that content theft is illegal and a violation of published policies, and that consequences could result from any such conduct. This first alert will also direct the subscriber to educational resources which will (i) help him/her to check the security of his/her computer and any Wifi network, (ii) provide explanatory steps which will help to avoid content theft in the future and (iii) provide information about the abundant sources of lawful music, film and TV content.

Second Alert: If the alleged activity persists despite the receipt of the first alert, the subscriber may get a second similar alert that will underscore the educational messages, or the ISP may in its discretion proceed to the next alert.

Third Alert: If the subscribers account again appears to have been used for content theft, he/she will receive another alert, much like the initial alerts. However, this alert will provide a conspicuous mechanism (a click-through pop-up notice, landing page, or similar mechanism) asking the subscriber to acknowledge receipt of this alert. This is designed to ensure that the subscriber is aware of the third copyright alert and reminds the subscriber that content theft conducted through their account could lead to consequences under the law and published policies.

Fourth Alert: If the subscribers account again appears to have been used for content theft, the subscriber will receive yet another alert that again requires the subscriber to acknowledge receipt.

Fifth Alert: If the subscribers account again appears to have been used for content theft, the ISP will send yet another alert. At this time, the ISP may take one of several steps, specified in its published policies, reasonably calculated to stop future content theft. These steps, referred to as Mitigation Measures, may include, for example: temporary reductions of Internet speeds, redirection to a landing page until the subscriber contacts the ISP to discuss the matter or reviews and responds to some educational information about copyright, or other measures that the ISP may deem necessary to help resolve the matter. ISPs are not obligated to impose any Mitigation Measure which would disable or be reasonably likely to disable the subscribers voice telephone service (including the ability to call 911), e-mail account, or any security or health service (such as home security or medical monitoring). The use of the mitigation measure is waivable by the ISP at this point.

Sixth Alert: Whether or not the ISP has previously waived the Mitigation Measure, if the subscribers account again appears to have been used for content theft, the ISP will send another alert and will implement a Mitigation Measure as described above. As described above, it's likely that very few subscribers who after having received multiple alerts, will persist (or allow others to persist) in the content theft.

.... grabbing suspect IP addresses from peer-to-peer file-sharing networks. If they see your IP address participating in a swarm for, say, Transformers, they will look up that IP address to see which ISP controls it, then fire off a message.
....