Punitive Responses to Cyber Piracy: Is ''Three Strikes, You're Out'' the Answer? - Part Two

Bloomberg Law®, an integrated legal research and business intelligence solution, combines trusted news and analysis with cutting-edge technology to provide legal professionals tools to be...

Contributed by Adam R. Bialek and Amanpreet Kaur, Wilson Elser

This is Part Two of a two-part article that examines the question of whether the Three Strikes system is effective in accomplishing its purpose and is likely to spread as the preferred method of combating global piracy. In Part One, we introduced the Three Strikes System and the problem it was developed to solve, the early adopters of the System, and the efforts of other nations attempting to implement similar systems.1 In Part Two, we consider the future of the System.

The Three Strikes System essentially involves a copyright holder notifying an Internet service provider (“ISP”) that his or her intellectual property is being infringed. The ISP, pursuant to a mandate by law, or voluntarily, then notifies the Internet subscriber implicated in the infringement. After three such notices, if the subscriber does not remove the infringing content and cease the infringing activity, the subscriber’s Internet connection can be terminated, at least temporarily. This system, however, has not been without criticism, and the efficacy of the program remains to be determined. It appears that regardless of the system that is ultimately employed, the public perception of cyber piracy will need to change in order for such conduct to be thwarted.



The most notable criticism of the Three Strikes approach has come from the Human Rights Council of the United Nations General Assembly. The “Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression” noted the Special Rapporteur’s alarm caused by proposals to disconnect users from Internet access if they violate intellectual property rights.2 The Special Rapporteur specifically pointed to the legislation based on the concept of graduated response as enacted in France and as contemplated in the UK’s Digital Economy Act 2010. The Report notes that “the Special Rapporteur considers cutting off users from Internet access, regardless of the justification provided, including on the grounds of violating intellectual property rights law, to be disproportionate and thus a violation” of civil and political rights. The Report calls on states to “refrain from adopting such laws.”3


The Swedish government’s speech at the 17th session of the Human Rights Council was one of its most recent public announcements that it does not approve of the Three Strikes system by indicating its support for the concerns noted by the Special Rapporteur on the right to freedom of opinion and expression.4 This speech was addressed on behalf of multiple nations, including Austria, Brazil, Canada, Denmark, India, Israel, Japan, Mexico, the Netherlands, New Zealand, Norway, Palestine, South Africa, Switzerland, Turkey and the United States. New Zealand is the noteworthy signatory to the speech, considering the Three Strikes provision in its Copyright (Infringing File Sharing) Act.



The United States is recognized for its “notice and takedown” approach, included within the Digital Millennium Copyright Act (“DMCA”). Under the Act, an ISP is provided a “safe harbor” and exempted from liability for monetary, injunctive or other equitable relief for copyright infringement as long as it (1) does not have actual knowledge that the material or activity using the material on the system or network is infringing; (2) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or, most importantly, (3) upon obtaining such knowledge or awareness, acts expeditiously to remove or disable access to the material.5

A similar limitation on liability contingent on notice and takedown was included under a European Union-wide E-Commerce Directive in 2000.6 In it, a provider of hosting services for user-generated content can avoid liability for such content if it does not have actual knowledge of illegal activity and if it expeditiously removes or disables access to such content when made aware of it, in the observance of the principle of freedom of expression and of procedures established for this purpose at the national level.

However, these notice and takedown regimes also have been the subject of criticism due to the possibility of improper use and lack of transparency. As explained by the Special Rapporteur in a report on promotion and protection of the freedom of opinion and expression: “Users who are notified by the service provider that their content has been flagged as unlawful often have little recourse or few resources to challenge the takedown.”7Moreover, the service providers often are inclined to err on the side of safety by over-censoring potentially illegal content.8 “Lack of transparency in the intermediaries’ decision-making process also often obscures discriminatory practices or political pressure affecting the companies’ decisions. Furthermore, . . . [ISPs], as private entities, are not best placed to make the determination of whether particular content is illegal, which requires careful balancing of competing interests and consideration of defences.”9


Chile has resisted a Three Strikes system of combating piracy, where the ISP or a quasi-judicial body is responsible for determining the guilt of an accused infringer. However, recent amendments to the Chilean La Ley Propiedad Intelectual (No. 173336) allow only a court to order the termination of Internet service between an ISP and its subscriber once the subscriber has been found by the court to be a repeat infringer.10


The Anti-Counterfeiting Trade Agreement (“ACTA”) is a proposed plurilateral agreement on intellectual property rights enforcement. Although an early draft of the agreement included a Three Strikes system, the most recent version does not. Instead, the latest version has adopted an approach similar to that in the DMCA. Specifically, it limits the civil liability of OSPs for online copyright infringement on condition, among other things, that the OSPs remove or disable access to infringing material or infringing activity upon obtaining actual knowledge of the infringement. This may be a sign that the Three Strikes system, at least as it now stands, is losing popularity.


One of Ireland’s ISPs, eircom, announced at the end of 2010 that “coinciding with the launch of eircom’s new . . . on line music service eircom MusicHub,” it would maintain its initiative with the Irish Recorded Music Association (“IRMA”) to implement a graduated response program as part of the company’s approach to combating copyright infringement.11 Only a brief description of the protocol was provided by eircom: IRMA would provide eircom with notifications containing the IP address implicated in the file sharing, and eircom would in turn notify the subscriber of the finding. Where there is a third notification of the same customer, eircom will withdraw the customer’s broadband service for seven days. With a fourth notification, the broadband service will be disconnected for one year.

In the United States, ISP Suddenlink may have adopted a similar Three Strikes policy. It was reported to have disconnected alleged copyright infringers who received three DMCA notices.12


Not waiting for further government intervention, the Motion Picture Association of America (“MPAA”), the RIAA and top entertainment companies reached an agreement on a new warning system and graduated response initiative with several of the United States’ top ISPs, including AT&T, Cablevision, Comcast, Time Warner Cable and Verizon. The agreement provides that the ISPs will send “copyright alerts” to subscribers whose Internet connection was implicated in copyright infringement.13 The agreement does not include the possibility of disconnection, but may involve providing severely curtailed bandwidth, leading to slower speeds.14

The new “alert” system recognizes that subscribers to Internet service often do not even know when their service is being used for piracy and content theft. The new copyright alert system provides for up to six electronic notices, advising the subscriber that their account has been used for content theft.15 The system also will provide for “mitigation measures” for those accounts that are serial offenders and that fail to respond to the alerts.16 The agreement establishes the Center for Copyright Information, which is charged with implementing the system and educating the public.17

Finding that up to 70 percent of users would cease infringing conduct if notified that it is occurring, that it is illegal and that there are consequences associated with it, the coalition developed a system of alerts as follows:

First Alert: In response to a notice from a copyright owner, an ISP will send an online alert to a subscriber, such as an email, notifying the subscriber that his/her account may have been misused for content theft, that content theft is illegal and a violation of published policies, and that consequences could result from any such conduct. This first alert will also direct the subscriber to educational resources which will (1) help him/her to check the security of his/her computer and any Wifi network, (2) provide explanatory steps which will help to avoid content theft in the future and (3) provide information about the abundant sources of lawful music, film and TV content.

Second Alert: If the alleged activity persists despite the receipt of the first alert, the subscriber may get a second similar alert that will underscore the educational messages, or the ISP may―in its discretion―proceed to the next alert.

Third Alert: If the subscriber’s account again appears to have been used for content theft, he/she will receive another alert, much like the initial alerts. However, this alert will provide a conspicuous mechanism (a click-through pop-up notice, landing page, or similar mechanism) asking the subscriber to acknowledge receipt of this alert. This is designed to ensure that the subscriber is aware of the third copyright alert―and reminds the subscriber that content theft conducted through their account could lead to consequences under the law and published policies.

Fourth Alert: If the subscriber’s account again appears to have been used for content theft, the subscriber will receive yet another alert that again requires the subscriber to acknowledge receipt.

Fifth Alert: If the subscriber’s account again appears to have been used for content theft, the ISP will send yet another alert. At this time, the ISP may take one of several steps specified in its published policies, reasonably calculated to stop future content theft. These steps, referred to as “Mitigation Measures,” may include, for example: temporary reductions of Internet speeds, redirection to a landing page until the subscriber contacts the ISP to discuss the matter or reviews and responds to some educational information about copyright, or other measures that the ISP may deem necessary to help resolve the matter. ISPs are not obligated to impose any Mitigation Measure which would disable or be reasonably likely to disable the subscriber’s voice telephone service (including the ability to call 911), e-mail account, or any security or health service (such as home security or medical monitoring). The use of the mitigation measure is waivable by the ISP at this point.

Sixth Alert: Whether or not the ISP has previously waived the Mitigation Measure, if the subscriber’s account again appears to have been used for content theft, the ISP will send another alert and will implement a Mitigation Measure as described above. As described above, it’s likely that very few subscribers who after having received multiple alerts, will persist (or allow others to persist) in the content theft.18

While this system of alerts is a voluntary system enacted by the country’s top ISPs, it is not a Three Strikes system mandated by law, and it does not require termination or modified access to the Internet. While ambitious, there are no guarantees that this system will diminish the ever-rising incidence of content theft. In addition, while 70 percent of users may be expected to cease infringing conduct if notified it is occurring, illegal and subject to consequences, there has been no finding that this system would have enough severity to discourage the infringing conduct.


This system is still relatively new, and thus its effectiveness will have to be judged only after completion of an analysis of the impact on piracy rates in France and South Korea after their respective laws have been in place for some time. However, as noted in the WIPO report, repeat infringers who deliberately disregard warning notices are unlikely to be deterred by temporary suspension of their Internet connection, since such users could “access unsecured Wi-Fi [a high-frequency wireless local area network], create their own ISP, or simply use another person’s Internet access with their consent,” among other creative means.19 Nevertheless, the report suggests that the policies may discourage casual infringers.

Similarly, the Hargreaves Review of IP and Growth found the effectiveness of the French HADOPI law to be inconclusive. However, it noted that one survey provided a “key finding”: it found that “half of the web users surveyed who admitted illegal use said that they did not plan to change their behaviour and a third said that they would (around a quarter of the sample did not respond to this question).”

The preliminary results of the South Korean experiment were summed up best in a report for PRS for Music, cited by the Hargreaves report: “Korea’s success has been in making piracy somewhat less mainstream . . . illegal material is less likely to be readily available on those otherwise legitimate sites . . . [nevertheless] absolute levels of piracy remain extremely high by international standards. It is possible that in time piracy will increasingly rely on offshore servers or distributed peer-to-peer, which will be harder to control both from a technical and enforcement perspective.”

From a purely legal enforcement standpoint, it remains to be seen whether the Three Strikes rule, a voluntary copyright alert system or other legislative actions will reduce the level of cyber piracy. There are several systems currently in use, and the entertainment industry is carefully monitoring the results of these systems.

Perhaps the most critical determinative factor will be whether society’s view of cyber piracy changes. A study by Dr. Jo Bryce, a senior lecturer in psychology at the University of Central Lancashire, and Dr. Jason Rutter, a research fellow at the ESRC Centre for Research on Innovation and Competition at the University of Manchester, found that cost was “the most frequently chosen motivation for purchase (of counterfeit goods) by the majority of participants.”20 Consumers also are “reluctant to accept downloaded copies as ‘theft’, ‘wrong’ or having a direct economic impact.”21 When confronted with tough economic times, and a general view that cyber piracy is not equal to stealing a book off a shelf at a bookstore, it will be difficult to thwart cyber piracy without a change in public attitude.


The entertainment industry is trying its best to push through a Three Strikes system, either through direct agreements with ISPs or lobbying, not because there is any proof that such a system deters piracy, but because they do not see an alternative. As for governments, it can only be said that it is far from clear whether the costs, both financial and constitutional, of setting up a Three Strikes infrastructure―equipped to handle appeals and everything else that is required under due process―is worth the deterrence effects, if any, it may have on copyright infringement.

Technology advances are making it more difficult to track infringing conduct, even with the technology advances on the enforcement side. If there is a battle of wills between an online community and the industry they believe are overcharging for their products, illegal downloading likely will continue, despite the adoption of the Three Strikes rules, the voluntary copyright alert system or tougher government penalties.

Online infringers are likely to continue despite the stepped-up enforcement. While the punitive responses to cyber piracy may reduce the number of illegal downloads, the greatest reduction likely will only be seen when the public accepts the concept that cyber piracy is no different than common theft, that cyber piracy makes a significant impact on the economy and job retention, and that the penalties associated with such conduct are real and significant.

Until such time as public perception can be altered, society is faced with a need for a punitive system to address cyber piracy. The graduated response system for dealing with cyber piracy, including notification and the potential loss of use of the Internet, is the common mode of choice for addressing these wrongs, but its success remains to be seen.

Adam R. Bialek is a partner in Wilson Elser’s New York offices. He is chair of the firm’s Intellectual Property practice and focuses his practice on intellectual property, Internet law, data security and privacy, commercial litigation, insurance law and small business general counsel work. Mr. Bialek counsels clients in intellectual property rights analysis, execution and transactions, including registration and licensing of copyrights and trademarks, preparation of software and development agreements, all aspects of Internet law and general brand building. His IP litigation experience includes copyright, trademark, trade dress, trade secret, patent infringement, data breaches, domain name disputes and complex international counterfeiting matters.  

Amanpreet Kaur is an associate in Wilson Elser’s San Francisco office and a member of the firm’s Intellectual Property practice. She graduated from law school in 2010 with a specialization in intellectual property law. Prior to joining the firm, Ms. Kaur spent her final summer of law school at the International Trade Commission, working for an administrative law judge on patent, copyright and trade secret matters. She is also on the board of the South Asian Bar Association of Northern California Foundation, which provides fellowships to law students doing public interest work.  

© 2011 Wilson Elser Moskowitz Edelman & Dicker LLP


This document and any discussions set forth herein are for informational purposes only, and should not be construed as legal advice, which has to be addressed to particular facts and circumstances involved in any given situation. Review or use of the document and any discussions does not create an attorney-client relationship with the author or publisher. To the extent that this document may contain suggested provisions, they will require modification to suit a particular transaction, jurisdiction or situation. Please consult with an attorney with the appropriate level of experience if you have any questions. Any tax information contained in the document or discussions is not intended to be used, and cannot be used, for purposes of avoiding penalties imposed under the United States Internal Revenue Code. Any opinions expressed are those of the author. The Bureau of National Affairs, Inc. and its affiliated entities do not take responsibility for the content in this document or discussions and do not make any representation or warranty as to their completeness or accuracy.  

©2014 The Bureau of National Affairs, Inc. All rights reserved. Bloomberg Law Reports ® is a registered trademark and service mark of The Bureau of National Affairs, Inc.  

Request Bloomberg Law®