Home » CyberSecurity » ACTA vs. the Open Source Credo

ACTA vs. the Open Source Credo

by Jane Ginn

As I’ve been pondering the effects of the populist uprising against the U.S. Congressional actions on the House Stop Online Piracy Act (SOPA) [H.R. 3261] and the Senate Protect Intellectual Property Act (PIPA) [S. 968] I’ve realized that the trade agreement covering intellectual property and recently signed by the U.S. and seven other countries[i] has been overlooked by many in the information technology (IT) community[ii]. This agreement, called the Anti-Counterfeiting Trade Agreement (ACTA) has some provisions that some Internet freedom advocates claim are similar to the concerns raised in the SOPA/PIPA debate.

The voluntary “blackout” of the Internet on January 18th staged by the Electronic Frontier Foundation, Public Knowledge, the Free Software Foundation and hundreds of others was intended to demonstrate, albeit using a sledge hammer approach, what a censored Internet might look like. Ultimately, it was intended to mobilize support and grass roots action against Congressional action, which it succeeded in doing, at least in the short term.

The debate on ACTA, beginning with the Doha Round, was conducted in a much more heady environment between trade specialists and technocrats; not one that usually draws much public attention. The U.S. Trade Representative’s (USTR) office makes the agendas and the revised drafts since 2009 from the negotiating rounds on ACTA accessible on their website[iii]; however, many in Europe are claiming that the negotiations were conducted in secret. Protests in Greece, Poland and Slovenia over the past week have stalled European action on the measure and the anti-ACTA rhetoric is heating up. However, giving legitimacy to the claims of secrecy in the USTR, 75 law professors from major universities signed an open letter to President Barack Obama calling for a halt to ACTA due to the lack of public input. What is the truth?

Let’s take a sober look at what the USTR claims ACTA would do.

ACTA Explained

ACTA was opened for signature on May 1, 2011 by the Government of Japan which functions as the Depositary of the Agreement. Parties who have not yet signed may submit their signatures to Japan. For those who have already signed, the next step for bringing ACTA into force is the development and deployment of national instruments of ratification, acceptance, and/or approval. The agreement will enter into force once at least six of the signatories have national implementation instruments[iv].

In a March 21, 2008 response to a request for comments on ACTA the International Intellectual Property Alliance (IIPA) provided some interesting data on the contributions of “core” copyright industries to the U.S. economy. IIPA argued that these core industries:

  • make major contributions to the U.S. gross domestic product (GDP) [6.56% in 2005] and real growth [12.96% in 2005];
  • provide strong employment [4.03% in 2005 and 8.49% in “total” copyright industries] and wages [with average annual compensation at $69,839]; and
  • result in significant foreign sales and exports ($110.8 billion in 2005).

These data support the stance the USTR has taken in proactively negotiating the terms and conditions of ACTA. So what are these provisions?

What struck me the most about the language of the agreement was how carefully it seeks to balance the rights and privileges of the various stakeholders. For example in the opening it states:

The Parties to this Agreement[v],

Desiring to address the problem of infringement of intellectual property rights, including infringement taking place in the digital environment, in particular with respect to copyright or related rights, in a manner that balances the rights and interests of the relevant right holders, service providers, and users [emphasis added];

Further, it is specifically aimed at the reduction of organized criminal activity that “undermines legitimate trade and sustainable development of the world economy.” And its purpose is to complement the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS)[vi]. Ratification of TRIPS is a compulsory requirement of World Trade Organization (WTO) membership. As a consequence TRIPS is the key multilateral instrument for the protection of intellectual property rights.

TRIPS does have an enforcement mechanism at the nation-state to nation-state level; however, in recent years the long and cumbersome process required for WTO dispute resolution was not seen to be responsive enough to the needs of border and nation-state enforcement personnel in fighting the exponential rise in global criminal activity. Further, the TRIPS focuses more specifically on what defines copyright terms and the legitimate interests of the rights holders. Specifically it notes that computer programs must be regarded as “literary works” under copyright law and receive the same level of protection.

In complementing TRIPS, ACTA seeks to address the significant economic impact that infringers are having on creative artists and scientists. It establishes the obligations of Parties to the Agreement for setting up civil and criminal enforcement mechanisms, remuneration frameworks, damages treatment, and the rights of enforcement authorities within each nation-state (i.e., Party) to destroy the infringing goods and equipment that had been used to create infringing goods (to be carried out at the infringer’s expense).

ACTA also provides a mechanism for gaining evidence (including seizure), a critical component of the successful prosecution of white collar crime, but one that is giving the anti-ACTA activists heartburn. Further, the provisions relating to import/export also give border and customs authorities’ authorization to act on their own volition, if there are legitimate concerns of suspect goods. This is another provision that anti-ACTA activists have taken issue with, fearing abuse of this authority.

To be fair, ACTA also requires Parties to “provide a security …sufficient to protect the defendant and to prevent abuse [emphasis added].” How this is to be accomplished is left up to each signatory to the Agreement.

What Do The Data Tell Us?

Although popular uprisings against a particular public policy approach make for good news copy, they rarely lead to alternatives that can address the core concern of the policy construct. According to the main supporters of ACTA, what is at risk is the profitability of companies in virtually every sector of the economy.

The October, 2011 report[vii] issued from the U.S. Office of the National Counterintelligence Executive notes: “Economic espionage inflicts costs on companies that range from loss of unique intellectual property to outlays for remediation, but no reliable estimates of the monetary value of these costs exist.” Brian Scott of ResearchCopyright.com did venture to make a guess that “most copyright infringement statistics cite that almost 30 percent of software is pirated in the United States.”

Enforcement actions under U.S. International Trade Commission Section 337 rules may also serve as a surrogate for getting a sense of the magnitude of the problem, at least for U.S. companies that have filed a complaint. The fiscal year 2010 report is provided here: In examing these data, which shows a comparison between 2005 and 2010, there was a general trend showing that IP infringement is on the rise. We can, therefore, conclude that the economic impacts are becoming more and more significant, and are negatively affecting the bottom line for many U.S. companies.

Even with the economic impacts to businesses and the resultant job losses, there is a significant backlash against ACTA in Europe. In the U.S., the concerns appear to be an afterthought of the SOPA and PIPA popular protest, especially given that the U.S. has already signed the Agreement. Nonetheless, it is worth looking more closely at the political underpinnings of these popular uprisings to seek a deeper understanding of why they have appeal to the very people whose job prospects are negatively impacted by actions against ACTA.

The Mismatch of Priorities

I’ve written before about the ideological chasm that exists between the Keynesian economists and the devotees of the Austrian school as articulated by Von Mises. In the field of IT there is a similar chasm: between those businesses that use a proprietary code IP business model (e.g., Microsoft, Adobe, Oracle) and those that use an open source business model (e.g., Netscape (Mozilla), Google, ). The debate is waged over the licensing and use of the source code for computer systems, not over any other aspect of IP as it relates to these businesses. Nonetheless, it represents a significant ideological battle which was characterized by Eric S. Raymond as the Cathedral and the Bazaar (abbreviated CatB); the Cathedral representing the proprietary camp, and the Bazaar representing the open source aficionados. In subsequent essays Raymond has expounded upon the anthropological roots of the open source movement and uses the analogy of the explorer on the frontier as a metaphor for the model. This obviously has a romantic appeal that melds nicely with the populist anti-ACTA movement.

Tied more integrally to the debate between economic camps is the “libertarian” model. This is a political philosophy that holds the freedom of the individual as the basic moral principal of society and eschews government involvement in commercial and private spheres. The anti-WTO movement has been spearheaded by libertarian thinkers who argue that there is a loss of national sovereignty in multilateral agreements with broad enforcement mechanisms. By extension, the anti-ACTA cadre adopts a similar argument when criticizing the secrecy of the ACTA negotiations or denouncing its law enforcement mechanisms.

Many of the peer-to-peer file sharing websites use both the open source and libertarian ideologies to justify what others see as IP infringements. In short, they use business models built on the open source credo.

Science, Technology and the Erice Declaration

In my New “Hot War” article I argued that the Council of Europe’s Convention on Cybercrime could be used as a model for framing international law enforcement authority in the fight against organized cyber crime. The ACTA does just that. As noted above Parties to ACTA are committing themselves to undertaking a broad assault against IP infringement. Unfortunately, the way it is written, it may compel some Parties (nation-states) to place some of the burden on Internet Service Providers (ISPs) for policing their networks. This gets to the crux of the problem that activists have with SOPA and PIPA.

This approach would call for deep packet inspection of Internet traffic. Some analysts claim that this infringes on the goal of net neutrality and that it would run counter to the Internet Engineering Task Force (IETF) Domain Name System Security Extensions (DNSSEC) project[viii]. DNS adds security to the traditional DNS by protecting Internet resolvers (client machines) from DNS cache poisoning. This is accomplished by adding a digital signature as part of an authentication step in the data encapsulation process (See Figure 1)[ix].

Figure illustrating data encapsulation

Figure 1 - OSI and Data Encapsulation

Other technical problems arise with deep packet inspection at the ISP juncture. Many companies are currently evaluating migrating from TCP/IP v.4 to TCP/IPv.6 for increasing security. With IPv. 6 there will be enhanced encryption that will likely render deep packet inspection useless. Similarly, some companies are adopting the Internet Protocol Security (IPsec) suite which includes both authentication and encryption of each IP packet.

It is evident that the framers of the ACTA did not take some of these technical issues under consideration when drafting the language of the Agreement. How they can be reconciled is the challenge that law enforcement agencies will face in the implementation of this Agreement. Perhaps a clue can come from the Erice Declaration.

The Erice Declaration on Principles for Cyber Stability and Cyber Peace, drafted by the Permanent Monitoring Panel on Information Security of the World Federation of Scientists in Geneva was adopted on August 20, 2009. It artfully brings the dialogue back around to the issue of using information and communication technology (ICT) for economic development. It notes that “ICTs can be a means for beneficence or harm, hence also as an instrument for peace or for conflict.” Notably, it calls for a “common code of cyber conduct” and a “harmonized legal framework.” It goes on to call for all “governments, service providers and users” to support international law enforcement efforts against cyber criminals.

In conclusion, I will argue that the problems of IP infringement are real and there are significant economic and employment impacts that accrue from the practice. Beyond ideologies, finger-pointing and retaliatory attacks there must be some common ground for addressing these problems. How can the open source credo help to overcome the genuine challenges facing modern global society in finding balance in the debate?



[i] Australia, Canada, Japan, Republic of Korea, Morocco, New Zealand, Singapore, and the United States – signed the Agreement on October 1, 2011 in Tokyo.

[ii] For those of you not monitoring U.S. Congressional actions, here are links to good articles on the SOPA and PIPA bills.

[iii] Since the 5th round of negotiations on July 16, 2009.

[v] “Parties” to the Agreement refers here to the nations that have signed both TRIPS and ACTA.

[vi] Annex 1C of the Marrakesh Agreement Establishing the World Trade Organization negotiated in 1994.

[vii] Foreign Spies Stealing U.S. Economic Secrets in Cyberspace: Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011 (October, 2011).

[ix] The Open Systems Interconnection (OSI) model is a technical model used for standardizing networking started by the International Standards Organization in 1977. It is not related to the open source movement referenced earlier in this article.

  • chartenstein

    Great Article Jane. Was able to login! Cathy