The danger of false intellectual property infringement accusation - a thread:

The World Intellectual Property Organisation (WIPO) recently provided more detail on its “Building Respect for Intellectual Property” (BRIP) Database Project wipo.int/edocs/mdocs/en…

The BRIP database will list websites that “Authorized Contributors” from WIPO member states *allege* to be infringing #copyright and other IP rights.

The BRIP database will be able to be accessed by advertisers who are encouraged to stop having their ads served on the listed sites. The so called “follow-the-money” approach to bringing down infringing sites.

WIPO will *not* assess the legitimacy or otherwise of these allegations. It will rely on the bona fides and rigour of the “Authorized Contributors” in their assessments of infringement.

That’s right. Advertisers are encouraged to stop providing services to businesses based on unproven, non-verified, unchallenged, allegations, or, as it was once described in New Zealand, “guilt on accusation”.

WIPO does not disclose who the “Authorized Contributors” are, but, according to TorrentFreak, they are expected to be a mix of law enforcement, and industry groups such as MPAA and RIAA torrentfreak.com/wipo-aims-to-c…

Which reminds me of what happened to my client @MEGAprivacy a few years ago.

In 2014 a UK-based online brand management agency NetNames published “Behind the Cyberlocker Door: A report on how shadowy cyberlocker businesses use credit card companies to make millions" commissioned by Digital Citizens Alliance, a US rightsholder lobby group.

@MEGAprivacy was included in the report as a “cyberlocker”, without being given any opportunity to comment or rebut. Even by the report’s own criteria, Mega’s inclusion was patently incorrect.

You can see this from a slide shown by one the the report’s authors when it was launched. Mega did not (and still does not) have the characteristics of a “cyberlocker” as identified in the report. It should never have been included.

But don’t take my word for it. Mega commissioned Olswang, one of the leading IP, media and IT law firms in the UK, which in turn had Grant Thornton in New Zealand analyse Mega’s systems. Olswang concluded the NetNames report was clearly false and defamatory.

Here’s @MEGAprivacy’s press release mega.nz/Mega_Limited_P…

and the Olswang report mega.nz/Mega_Limited_O…

NetNames and Digital Citizens Alliance of course refused to withdraw the report and, at that early stage in its operation, it was uneconomic for Mega to take defamation action in the UK.

But it’s what happened next that provides a salutary lesson on the dangers of #copyright guilt on accusation.

The NetNames report was picked up by US Senator Leahy, who, also without the courtesy of checking with Mega, wrote to Visa and MasterCard encouraging them to cease providing payment services to anyone listed in the report. Here’s his letter to MasterCard.

Visa and MasterCard blacklisted Mega, again, without notice. That resulted in PayPal ceasing service literally overnight. This despite the fact that PayPal had itself conducted exhaustive due diligence on Mega before giving it a clean bill of health just months earlier.

@MEGAprivacy is not a cyberlocker. It complies with NZ and with European and US #copyright laws. It is one of a handful of companies in NZ that publish a transparency report. Naturally, as a privacy protective business, it has put a huge effort into GDPR compliance.

It has excellent relationships with law enforcement agencies worldwide operating under its takedown guidance policy mega.nz/takedown

And yet a spurious report, commissioned by a non accountable industry backed lobby group, was able to run roughshod over all that. If @MEGAprivacy was not so well supported by its users and stakeholders, that false accusation would have driven it out of business.

@MEGAprivacy came through it all and has some 150 million users worldwide now but it should not have had to suffer those attacks.

This is the danger in WIPO encouraging advertisers to cease service based on unsubstantiated allegations by non publicly accountable third parties. The allegations alone, which may be false, as they were for @MEGAprivacy, can kill a business.