Statement of Cary H. Sherman Chairman and CEO Recording Industry Association of America U.S. House of Representatives Committee on the Judiciary Subcommittee on Courts, Intellectual Property, and the Internet September 18, 2013 Chairman Coble, Ranking Member Watt, Chairman Goodlatte, Ranking Member Conyers, and members of the Subcommittee, thank you for inviting me to submit this statement. I serve as Chairman and CEO of the Recording Industry Association of America. The RIAA is the trade organization that supports and promotes the creative and financial vitality of the major music companies. Its members are the music labels that comprise the most vibrant record industry in the world. RIAA members create, manufacture and/or distribute approximately 85% of all legitimate recorded music produced and sold in the United States. There can be no doubt that the creative industries are undergoing a complete digital transformation. In the case of the music industry, it was not long ago that the CD was the dominant format and consumers had a relatively limited set of choices for accessing the music they wanted. Today, the music industry is leading the way beyond the physical format with digital sales making up nearly two-thirds of our revenue. There are now literally hundreds of authorized services worldwide offering tens of millions of songs. We, like others in the creative communities, are working very hard to grow this digital marketplace, driving new technologies and services, and entering into new licenses and partnerships. But in order to make this digital marketplace truly work, we must ensure that these vibrant new legitimate and authorized technologies are not undermined by those engaged in illegal activity. Voluntary initiatives with Internet intermediaries are a key component of that objective. We are encouraged by the growing awareness of, and support for, these efforts. The Copyright Office in the legislative branch and the Intellectual Property Enforcement Coordinator (IPEC) and Patent and Trademark Office (PTO) in the executive branch have taken active roles in fostering and building these voluntary initiatives, with the IPEC specifically highlighting them in her 2013 Joint Strategic Plan. The recent report by the PTO and Department of Commerce's Internet Policy Task Force repeatedly refers to the "great promise" of voluntary initiatives and best practices. The PTO is currently studying the efficacy of these initiatives. We greatly appreciate the ongoing recognition of the importance of best practices and voluntary agreements by the Administration and Congress, and this hearing, along with the copyright review being conducted by this Subcommittee, helps to shine light on the current initiatives underway as well as encouraging agreements where there is still work to do. What's been done? ISPs After several years of discussions, the content community and major Internet service providers (ISPs) collaborated to address the serious problem of infringing activity over peer-topeer (P2P) networks. The resulting Copyright Alert System (CAS), administered through the Center for Copyright Information (CCI) and officially implemented in early 2013, provides a means to inform users of their activity, to educate them on appropriate and legal ways to access the content they seek, and to implement reasonable mitigation measures when necessary. 1 The system enables content owners, after confirming a work has been illegally shared, to inform the relevant ISP so that the ISP can then pass on the notice to the corresponding subscriber, without revealing the subscriber's name or information to the copyright owner. Multiple notices to a subscriber result in "escalating" alerts by the ISP. The first one or two alerts provide the user with an online educational message about their activity and copyright. Alerts 3 and 4 provide a mechanism for acknowledging receipt. Alerts 5 and 6 implement a mitigation measure to deter future content theft. The CAS is intended to provide enforcement through a consumer-friendly approach: o o o o Consumers have a right to know when their Internet accounts are being used for content theft and the system provides information on steps consumers can take to identify and stop such activity. The multiple alerts and grace periods provide consumers with time to change their behavior before the next alert is sent and before any mitigation is imposed. No personal information about subscribers is exchanged between content owners and ISPs without subscriber consent, and then only in connection with certain challenges under an independent review. ISPs are not required to impose any mitigation measure that could disable a subscriber's essential services, such as telephone service, email, or security or health service. The CAS is still in the initial implementation stages and proper metrics are being determined. But feedback so far has been positive and it is worth noting that P2P content protection programs in other countries have been found to have an impact on either the amount of unauthorized P2P activity or on sales. Payment Processors In 2011, the IPEC helped finalize a set of best practices among Visa, MasterCard, Amex, Discover and PayPal, and content and product owners, in which these payment processors 1 See www.copyrightinformation.org for more information. 2 agree to terminate their relationship with a website if the site persists in intentionally selling illegitimate products.2 Payment processors have implemented the agreement with members of the International Anti-Counterfeiting Coalition (IACC) through a mechanized process for submitting secure and valid evidentiary requests for ending affiliation with rogue sites. Some data on the impact of this program has already been provided by IACC. 3 Per the IACC, as of August 21, 2013, nearly 7,000 websites had been referred via IACC's portal for investigation, resulting in termination of over 1,500 individual merchant accounts. Perhaps more importantly, as IACC notes, the collaboration resulting from the portal will likely result in "systematic long term improvement in addressing the trafficking of counterfeit goods online". 4 Advertisers and Advertising Intermediaries There have been three significant developments on voluntary initiatives with regard to advertising. First, the Association of National Advertisers (ANA) and the American Association of Advertising Agencies (4A's) established best practices by brand owners and their agencies to deter advertising on rogue sites. 5 These best practices define rogue sites as those dedicated to infringement because they have no significant or only limited use or purpose other than engaging in, enabling or facilitating infringement. These best practices and their implementation would be more effective if they required ANA Members and 4A Members to include in their insertion orders to ad networks that such networks comply with IAB's Quality Assurance Guidelines (QAG). The IAB established these network and exchanges quality assurance guidelines in 2010, and recently updated the QAG this year to include other online ad intermediaries.6 The QAG prohibits the sale of any ad space inventory on sites that infringe on copyrights, or are warez sites, including illegal streaming sites, torrent sites, illegal music download sites, etc. Unfortunately, while complaints regarding QAG non-compliance may affect QAG certification, the QAG makes clear that IP infringement complaints do not. 2 See U.S. Intellectual Property Enforcement Coordinator, 2013 Joint Strategic Plan on Intellectual Property Enforcement. June 2013, p. 36, available at http://www.whitehouse.gov/sites/default/files/omb/IPEC/2013-usipec-joint-strategic-plan.pdf ("IPEC 2013 Report"). 3 See Comments submitted by the International AntiCounterfeiting Coalition re: Request of the Patent and Trademark Office for Public Comments: Voluntary Best Practices, Study, Docket No. PTO-C-0036-02, dated August 21, 2013, available at http://www.uspto.gov/ip/officechiefecon/PTO-C-2013-0036.pdf#page=33. See also International AntiCounterfeiting Coalition. IACC Payment Processor Portal Program: First Year Statistical Review, October, 2012, available at http://www.gacg.org/Content/Upload/MemberNewsDocs/October%202012%20Report%20to%20IPEC%20%20FINAL.pdf. 4 Id. 5 See ANA press release about Pledge to Deter Advertising on Rogue Sites, May, 2012, with link to pledge, available at http://www.ana.net/content/show/id/23408. 6 Available at http://www.iab.net/QAGInitiative/overview/quality_assurance_guidelines and http://www.iab.net/about_the_iab/recent_press_releases/press_release_archive/press_release/pr-072513. 3 Third, several ad networks established a set of best practices to reduce the amount of ad revenue that funds, and largely enables, pirate and counterfeit sites.7 These best practices categorize rogue sites as those principally dedicated to selling counterfeit goods or engaging in copyright piracy and have no substantial non-infringing uses. They require the establishment of policies prohibiting such sites from participating in the ad network's advertising program, that the ad network be QAG certified (though as noted above, IP complaints do not affect QAG certification), and that the ad network maintain a complaint procedure. Reports such as those from the USC Annenberg Innovation Lab, as well as information from companies such as MarkMonitor, DoubleVerify, Integral Ad Science and WhiteBullet, can provide useful data and metrics to determine the effectiveness of these programs on the placement of ads on rogue sites. Domain Name Registries/Registrars As part of the roll-out of new generic Top Level Domains, ICANN recently passed a resolution that, among other provisions, provides that a "Registry Operator will include a provision in its Registry-Registrar Agreement (RRA) that requires Registrars to include in their Registration Agreements a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name." 8 While the practical impact of this resolution remains to be seen (few if any new gTLDs will "go live" before the end of this year), it will be worth monitoring what best practices, if any, develop among registries, registrars and right holders to implement this resolution. It would also be useful to track how this provision is implemented in the new gTLD space as compared with controls chosen from existing gTLDs whose operators are not parties to the updated registry-registrar agreement. UGC Principles Leading commercial copyright owners and services providing user-uploaded and usergenerated audio and video content ("UGC services") collaborated to establish principles to foster an online environment that promotes the promises and benefits of UGC Services while protecting the rights of copyright owners. 9 Published in 2007, these were one of the first multistakeholder negotiated voluntary initiatives established to address copyright issues in the digital environment. 7 See http://www.whitehouse.gov/blog/2013/07/15/coming-together-combat-online-piracy-and-counterfeiting and http://www.2013ippractices.com/bestpracticesguidelinesforadnetworkstoaddresspiracyandcounterfeiting.html. 8 See http://www.icann.org/en/groups/board/documents/resolutions-new-gtld-25jun13-en.htm. 9 See www.cgcprinciples.com. 4 Copyright owners and UGC services recognized that they share several important objectives: (1) the elimination of infringing content on UGC Services; (2) the encouragement of uploads of wholly original and authorized user-generated audio and video content; (3) the accommodation of the fair use of copyrighted content on UGC Services; and (4) the protection of legitimate interests of user privacy. To achieve these objectives, the parties agreed to: o o o o o o during the upload process on UGC sites and services, prominently inform users that they may not upload infringing content according to the services' terms of use; use effective content identification technology to eliminate infringing useruploaded audio and video content for which Copyright Owners have provided detailed reference material; to work together to identify sites that are clearly dedicated to, and predominantly used for, the dissemination of infringing content or the facilitation of such dissemination; to remove or block links to such sites; to provide commercially reasonable enhanced searching and identification means to Copyright Owners; to accommodate fair use; to use reasonable efforts to track infringing uploads of copyrighted content by the same user and to use such information in the reasonable implementation of a repeat infringer termination policy; and to use reasonable efforts to prevent a terminated user from uploading audio and/or video content. The UGC principles serve as a model of intermediaries and content owners working together voluntarily to assure that the provisions of the Digital Millennium Copyright Act (DMCA) have meaning and are adapted to new technological advancements. They should serve as a blueprint for new voluntary agreements between content owners and Internet intermediaries to carry out the intent of the DMCA to protect both copyright owners and intermediaries (see "Notice and Takedown Under the DMCA," below.) What's missing? Search Engines If ISPs can be considered the gateway by users to rogue sites online, search engines may be considered the roadmaps or, more directly, the turn-by-turn directions and door-to-door service to these sites. There can be no doubt that search engines play a considerable role in leading users to illicit services and can be a key part of addressing infringing activity online. Unfortunately, while there has been some action and steps taken by search engines under the notice and takedown system of the DMCA, there has been little movement toward finding tools that have the impact of actually reducing theft and damage. One reason for this 5 may be the failure by these intermediaries to measure whether actions taken are, and have been, effective. The result is at its best wasted effort on a solution that doesn't work and at worst lip service that merely buys time and, often, money from the advertising revenue such linking generates. There have been occasional instances of progress, but with disappointing outcomes. For example, Google announced in August 2012 that: "Starting next week, we will begin taking into account a new signal in our rankings: the number of valid copyright removal notices we receive for any given site. Sites with high numbers of removal notices may appear lower in our results. This ranking change should help users find legitimate, quality sources of content more easily--whether it's a song previewed on NPR's music website, a TV show on Hulu or new music streamed from Spotify." 10 But several months later, our studies, which we have shared with Google and Congress, indicate that sites for which Google has received hundreds of thousands of infringement notices are still appearing at the top of search returns. 11 Worse still, users are being directed to these sites through the use of "autocomplete" features, which purport to predict what users are looking for after merely a few keystrokes. We believe it would be useful to see voluntary initiatives by search engines that take into account whether or not a site is authorized to provide the content at issue in determining search result rankings for searches to consume that content. This could take into account not only the absolute number of copyright removal requests sent about a site to trigger demotion of that site, but also whether the site is authorized to provide the content to trigger a higher search rank for that site. There are certainly other voluntary actions that could be taken by search engines to stop encouraging and directing users to illegitimate sources of copyrighted material, and to evaluate whether such measures could have a demonstrable impact, possibly by proxy to similar efforts with other content. For example, Google has announced that it intends to develop and deploy technology to eradicate links to child pornography images from the web. Certainly similar technology can be used to remove links to other illegal content. Also, Google has tools in its Chrome browser to warn users if they are going to sites that may be malicious. Shouldn't that technology be used to warn users of rogue sites? Or better yet, can Google use similar technology to highlight or identify sites that are authorized? Imagine if links to content on legitimate sites were labeled - directly in the search result -with a certification mark 10 See http://insidesearch.blogspot.com/2012/08/an-update-to-our-search-algorithms.html. See RIAA, "Six Months Later - A Report Card on Google's Demotion of Pirate Sites', Feb. 21, 2013, available at http://76.74.24.142/3CF95E01-3836-E6CD-A470-1C2B89DE9723.pdf. Also, on a search conducted August 29, 2013 for mp3s or downloads of the recent top 50 billboard tracks, www.mp3skull.com, a site for which Google has received over 1.25 million copyright removal notices, showed up in the top 5 search results 42 times. 11 6 indicating that the site is licensed and actually pays royalties to creators. That educational message could have a profound and positive impact on user behavior. Storage Services Today, there does not seem to be any form of best practices for storage services when it comes to protecting works online - whether for technical hosting providers that maintain the servers where content is hosted or for locker services that interact directly with the user. Unfortunately, some storage services - whether unwittingly or not - appear to be the "go to" services for rogue websites, and some locker services have an abundance of infringing content available via their service. It would be helpful to engage these services in developing best practices for deterring infringement on their services. As a first step, it may be useful to measure if any U.S.-based technical hosting storage services host a concentration of sites that engage in widespread infringement. To determine which sites to include in such a study, one could look at those sites for which Google has received multiple notices of infringement, as indicated on the Google Copyright Removal Transparency Report, or engage website reputation services, such as WhiteBullet or Veri-Site. Of course, it is always beneficial to consult copyright holders directly. For lockers services that are known to be used for infringing activity, best practices should involve more than notice and take-down. For example, a German Court recently ordered RapidShare to scan for incoming infringing links. This and/or other tools should be considered to deter infringing activity over locker services. Notice and Takedown Under the DMCA When Congress passed the DMCA in 1998, it intended to protect copyright owners from widespread infringement made possible by the Internet, and to protect Internet intermediaries from liability for illegal acts committed by their users. At the time, several cases had already detailed the potential ease with which new methods of digital dissemination could facilitate massive amounts of content theft. Congress sought to create a partnership between content creators and Internet intermediaries to make the Internet a safe place for legitimate commerce, providing the public with access to legitimate high-quality works. Congress's stated objective was to "preserve strong incentives for service providers and copyright owners to cooperate to detect and deal with copyright infringements that take place in the digital networked environment." 12 Unfortunately, while the liability limitations have, in large part, worked to protect intermediaries, copyright owners have not received meaningful protection. Courts have often failed to apply the statute in a practical manner, effectively requiring copyright owners to 12 S. Rep. No.. 105-190, at 40 (1998). 7 monitor millions of websites and networks every day and send detailed notices to all of them specifically identifying every individual infringing item and requesting that the items be removed. Moreover, even if a copyright owner takes on this challenge, the courts have eliminated any expectation that any removed infringing items will not be immediately reposted. As was done with the UGC Principles, there is an opportunity for intermediaries and content owners to sit down and negotiate practical solutions that will make the "notice and takedown" system more meaningful and effective. From more stringent repeat infringer policies to takedowns that don't automatically repopulate, many practical solutions can be adopted that would assure the intent of the DMCA is carried out. We hope the relevant parties will join together to start this process and we need Congress to encourage and facilitate such a process. Mobile As noted above, the voluntary initiatives to date have focused on web and wireline based activity and services. With the beneficial and rapid adoption of mobile devices, we need to focus our efforts on the mobile space as well, and deal with the unique challenges that ecosystem presents. What works best? The established best practices and voluntary agreements outlined above represent a considerable positive step in the evolution of the legitimate digital marketplace. The true goal should not only be to enable content owners to discover and inform intermediaries of illegal use of their works, but also for intermediaries to take active steps themselves to ensure that their products and services are not being used to engage in illegal behavior. Intermediaries increasingly understand that cooperating in efforts to prevent infringement redounds to their benefit as well as to the owners of the content they serve, host, transmit, or otherwise handle. But beyond the security and integrity such engagement provides, establishing best practices and voluntary agreements provides an opportunity to form lasting and meaningful partnerships that will benefit businesses, creators, and consumers alike. Of course, these initiatives are very much in their infancy and we will have to give them appropriate time to operate and be properly evaluated. But there are some considerations we should keep in mind going forward: o o o The initiatives must be flexible to adapt over time. True goals of the initiatives should be determined. Initiatives must go beyond what is already done or expected of intermediaries under existing law. 8 o o o o Baseline measurements should be taken to measure the impact of initiatives and to determine whether the private sector can adequately "self-regulate" to deter infringing and other abusive behavior. Academic and research papers should be considered in determining whether initiatives are effective and what can be done differently. Qualitative impacts should be considered - raising awareness among consumers, other stakeholders, and other governments, and should consider any changing attitudes towards infringement. Each initiative should be evaluated separately, and direct stakeholders/participants should be consulted. In addition, it is worth noting that best practices and voluntary agreements negotiated and agreed to among all stakeholders are more promising than those that are established unilaterally. For example, ICANN's Registry-Registrar Agreement could be very effective because it binds anyone who wants to operate a new gTLD or sell registrations in the new registries as an ICANN-accredited registrar. CCI's Copyright Alert System and the payment processor agreement required both sides to compromise and work together toward a solution. While unilateral principles and public commitments such as the ad networks' are valuable, they do not offer the same promise of effectiveness since they don't have the same buy-in from both sides and may not lead to a common process or solution. This point has been made particularly clear by Google's recent report entitled "How Google Fights Piracy". As we noted in a blog on the report, we are grateful for the efforts Google has taken, and there is much to applaud. However, as much as Google may be doing, as Benjamin Franklin cautioned, we must "never confuse motion for action." While we have seen some measurable impact in Google's AdSense based initiatives, we cannot say the same for its other anti-piracy activities. We invite Google and the other major search engines to sit down with us to formulate a plan that goes beyond promises of action and actually serves its intended purpose of deterring piracy and giving the legitimate marketplace an environment to thrive. Certainly, no one has claimed that implementing voluntary initiatives with Internet intermediaries is a single silver bullet to stop piracy online. But in fulfilling the promise of a healthy and growing legitimate digital marketplace, enforcement in any form is worth considering. As reports by the NPD Group have shown, taking legal action against infringing services, such as unauthorized activity on p2p networks and digital locker sites, can have a major impact on usage of licensed music services. Implementing voluntary initiatives in a thoughtful manner compliments prior enforcement initiatives and helps fulfill that promise. Again, we thank the Subcommittee for holding this hearing. While unilateral enforcement efforts and legislative options have played a large part in our past and may necessarily play a role going forward, we truly believe that strengthening our partnerships and mutual efforts through voluntary initiatives is preferable and can be much more effective. 9 Voluntary initiatives can address new and changing situations and adapt easily to new business models. They can set industry standards that form norms in the Internet eco-system. And importantly, they help build necessary trust and cooperation among content owners, intermediaries, and consumers. We appreciate the attention brought to the development of voluntary initiatives, and look forward to working with you and all our partners in the Internet marketplace to determine how to make them most effective. 10