Welcome, European citizen, to a new world of criminality -- a world where you're the star. The IP Enforcement Directive, a proposed new law from the EU, has been attracting some attention from the usual quarters. In particular, the sainted Ross Anderson of Cambridge University has rolled out a masterly analysis of the threat to many of our accepted civil liberties and commercial freedoms. Yet even a cursory readthrough reveals much to be worried about.
The proposal is a hefty document with no shortage of long sentences. A third of the way through the 54 pages, we've learned that piracy and counterfeiting is bad and that different states have different ways of dealing with it -- also bad. So far, who's arguing? But the solution proposed is to criminalise many civil infringements and to back that up with thudding great powers spring-loaded in favour of the big guys.
By page 20, we're into the meat. Impressed by the UK's Anton Pillar orders -- where your premises can be searched and documents and computers seized without warning -- the proposal seeks to make this a standard European-wide process for intellectual property rights infringements. This is to be backed by freezing of bank accounts and other assets. You can do this now in the UK and many states with legislation based on English law, but it's a fairly rare procedure. Making it the backbone of new law will widen its scope tremendously: you only have to look at the way the RIAA in the US is throwing everything into all-out legal war with its customers to imagine how certain people would behave with this arrow in their quiver.
The really nasty bit comes in Article 21, which creates legal protection for ‘technical systems' intended to protect and authenticate products. That's stuff like the hologram on your credit card and Microsoft licence document, and things like RFID tags. The protection for these systems includes outright bans on the creation, selling and use of equipment that can interfere with their operation -- either by letting you clone the authentication devices, or blocking their use. As with the American Digital Millennium Copyright Act (DMCA), this can be extended to the act of analysing how the systems work.