Italy’s Piracy Shield: Lessons Learned and Mistakes to Avoid
Main takeaways
- Italy set up a Piracy Shield to fight the illegal streaming of live events, which allows rightsholders to demand the blocking of websites via an automated system
- Its 30-minute blocking rule is radical and flawed, given the internet’s complexity
- Any ‘shield’ causes overblocking, lacks due process, and should be avoided altogether
At the beginning of this year, Italy put in place its national anti-piracy platform, the so-called ‘Piracy Shield’. It was established through a law that enables rightsholders to obtain orders directing local internet service providers (ISPs) to block websites offering illegal streaming or downloads of copyrighted content, such as movies, TV shows, live sports and music. This content then needs to be taken down within a very short time frame of 30 minutes, with rightsholders using an automated system administered by the Italian Audiovisual Authority (AGCOM) to submit such claims.
While the overall aim is to protect intellectual property rights and reduce the spread of pirated content online, particularly in the case of live streams, in practice the Piracy Shield constitutes the perfect example of what to avoid when setting up rules that allow for the blocking of content on the internet.
1. What is going wrong in Italy right now
In order to better understand the case of the Italian Piracy Shield, a little bit of history and technicality is required. Firstly, discussions around how to fight online piracy have existed since the very beginning of the internet. The traditional approach consists of fines to punish infringing users and content providers. In recent years, another approach in the European Union was for authorities to order the blocking of websites directly.
While this may not sound like a difficult task, it is trickier than it seems, particularly given the increasingly complex ways in which the internet is structured. To put it very simply, the internet is a huge network that connects computers all around the world, allowing them to communicate. Every device connected to the internet has an Internet Protocol (IP) address, which acts like the home address of your device. IP addresses can be either dedicated to a single website or shared between multiple websites and domains.
Nowadays, shared IP addresses are the most common option as they are easier to manage and help meet the growing demand for IP addresses, given the limited number of unique addresses that can be created. Since IP addresses are just a set of numbers that is difficult to remember, website owners usually resort to the Domain Name System (DNS) which connects the actual uniform resource locator (URL) of the website that we type in the address bar of our browser with the website’s IP address. Indeed, the DNS acts like a phonebook that redirects these text-based URL names to IP addresses. So, when you surf to a URL, the DNS looks up the right IP address for that site and sends you there.
The problem is that Italy’s Piracy Shield enables the blocking of content at the IP address and DNS level, which is particularly problematic in this time of shared IP addresses. It would be similar to arguing that if in a big shopping mall, in which dozens of shops share the same address, one shop owner is found to sell bootleg vinyl records with pirated music, the entire mall needs to be closed and all shops are forced to go out of business.
2. Pitfalls of blocking content on the internet
The longstanding legal approach to combating online piracy is to first warn the website’s owner that some of their content consists of illegal streams and ask them to take the pirated content down. This allows for infringing content to be removed at the source and provides an opportunity to contest incorrect requests. It also helps ensure that actions taken are targeted at the infringing content, rather than an entire website on which only a single image or video is infringing copyright.
Any attempts to (structurally) resort to blocking entire websites need to be handled very carefully and should remain a last-resort measure. And when legal frameworks and mechanisms to fight piracy focus on the blocking of IP addresses, other serious risks emerge.
The first and most obvious risk is overblocking. For example, if in the case of a shared IP address, one website or domain using that shared address is blocked, internet users are also being prevented from accessing non-infringing content on any of the other websites that use the same IP address. Likewise, the owners of those other websites are prevented from sharing their content with the world.
This does not only pose severe risks to the rights to freedom of information and expression, but also causes economic damage to legitimate businesses using their websites to sell goods and services. False positives and wrongful blockings are bound to happen. It’s exactly what recently happened to Cloudflare’s IP address in Italy and previously also in Austria. Overblocking has significant negative consequences for legitimate businesses and the overall user experience, without necessarily solving the problem of piracy.
The second main pitfall of IP blocking is the lack of transparency. The Piracy Shield that has been implemented in Italy is fully automated, which prevents any transparency on the notified IP addresses and lacks checks and balances performed by third parties, who could verify whether the notified IP addresses are exclusively dedicated to piracy (and should be blocked) or not.
The problems with overblocking are compounded by the fact that the Italian system allows rightsholders to obtain orders seemingly without oversight and that ISPs are expected to act on those orders within 30 minutes. The lack of transparency on the (legal) basis for such orders, and the absence of any meaningful or realistic way to challenge orders after they are put in place, also makes it unlikely that those incorrectly targeted have any means to get mistakes corrected.
The Piracy Shield does not specify either how long the reported IP address should remain on the ‘block list’. To top it off, no proper redress mechanisms are foreseen in case of mistakes or overblocking instances. This complete lack of transparency can also negatively impact unrelated services that may use (or are assigned) the blocked IP at a later moment.
Thirdly, the blocking of websites and issuing dynamic injunctions are not necessarily the most effective way of dealing with online piracy. Bad actors are usually able to quickly change IP addresses and subdomains in such a way that blocking systems can be circumvented. And the blocking of content addresses neither the actual act of piracy nor the entities responsible for spreading it.
Even after blocking, content still risks being spread on the internet, it therefore does not necessarily contribute to the fight against piracy. With any system similar to the Italian one the burden always ends up falling on the ISPs that have to block content for local users. It does not target the hosts and distributors of pirated content, which actually should be the first step by default.
That is also why the Piracy Shield is not even likely to be really effective in practice. Given the ever-changing nature of IP addresses, it is relatively easy to quickly change malicious IP addresses and to move content from one address to another in order to evade attempts at blocking.
3. How can we avoid repeating the same mistakes?
Rumour has it that Italy is currently considering a review of its Piracy Shield, but also this process lacks transparency again and the timeline is unknown. In light of the disproportionate, unintended, and ineffective results of the mechanism, continuing with the Piracy Shield in its current form would be a big mistake.
The first lesson we can draw from the Italian experiment is the need to consult stakeholders. The Piracy Shield was never put up for consultation, so experts could not advise the Italian government and regulator on it. Even more problematically, the Shield was also never submitted to the European Commission and other EU Member States to hear them out, while in fact they should always be consulted when a law with cross-border ramifications is adopted.
The second lesson is that Europe needs to adopt a different approach to fighting piracy. The Digital Services Act (DSA), the new EU content moderation rulebook, and the European Recommendation on Live-Event Piracy all moved away from the overly simplistic solution of blocking websites as the main starting point. Future EU rules should focus on reducing supply and demand for piracy, and place liability on those responsible for providing and disseminating illegal content.
In other words, a more effective EU framework would seek to resolve conflicts directly with the hosts, without necessarily involving the providers of intermediary services. Other effective measures to reduce piracy could include preventing bad actors from financing their piracy operations and increasing the supply of legitimate and affordable content.
The fight against piracy is crucial for rightsholders as well as for intermediaries hosting lawful content, there’s no doubt about that. Nevertheless, other fundamental rights need to be upheld when designing anti-piracy policies and mechanisms, including Europeans’ freedom of expression and their right to information.
Let’s hope that these important lessons we can draw from the unfortunate example of the Italian Piracy Shield will lead to better EU and national policies in the future.
