Italy Approves Piracy Shield VPN/DNS Proposal, Risk of Prison For ISPs Intact

In 2023, the Italian government passed new legislation that aimed to rid the country of illegal IPTV services and web-based streaming platforms. At least in part, this would be achieved by blocking their domain names and IP addresses via the now-infamous Piracy Shield system.

To drive the message home, the law also introduced tougher criminal sanctions at the supply end of the market, with increased fines and custodial sentences on the table. For consumers, it meant that those pirate IPTV users face fines of up to 5,000 euros, and authorities suggest that automated fines might be just around the corner.

Last week, it was revealed that the tough new law (Law 93/2023), introduced last year and already amended once, was about to find itself amended again. Set to benefit top-tier football league ‘Serie A’ most in the short term, the original proposals can be summarized as follows:

• Compel VPN and DNS services to block pirated content, not just ISPs

• Allow blocking of IP addresses and domains, even if legal content is present

• Remove limits on the volume of domains and IP addresses ISPs must permanently block

• Compel service providers to report suspected crime, or face up to a year in prison

Amendments Approved, After a Series of Amendments

The proposals were signed by Senator Dario Damiani of the Forza Italia party on the input of Senator Claudio Lotito, also of Forza Italia. Senator Lotito understands football and lives and breathes Serie A. As the majority owner and president of Serie A football club Lazio, he’s uniquely positioned to take part in the lawmaking process and then benefit from the outcome.

The Senate Budget and Finance Committees have now approved the proposals we reported late last week but only after further amendments. The first set of changes are shown in the image below, with unchanged text in white, red representing the earlier text, and green the now-approved text; summarized as follows:

Amendments (6.0.35) (Law 93/2023)

• Incidental blocking of non-infringing sites and services permitted as long as shared server/resources “predominantly” used for infringement.

• New provision allowing those negatively affected by blocking to request revocation.

• “Alternative DNS services” clarified as “publicly available DNS” (Pi-Hole users can therefore relax).

• Proposal to block unlimited domains/IP addresses left intact.

• Introduction of provisions for domain registries / IP assignment services to unblock domains / IP addresses six months after initial blocking, providing illegal use has been discontinued.

• Introduction of provisions for domains / IP addresses to be removed from the Piracy Shield platform. Current law provides no mechanism for revoking domain or IP address blocks, leading to concerns IPv4 addresses could eventually run out.

Amendments 6.0.35 (Law 93/2023)

Original documents (old text / approved text) (Italian)

Amendments (6.0.36)

• The requirement for providers of network access services, search engines, ISPs, VPN providers, CDN services, DNS providers and reverse proxy services, to report suspected criminal activity has been withdrawn.

• A replacement requirement specifies that when any of the above “become aware” that “criminal conduct is underway or has been committed or attempted” they must immediately report the circumstances to the “judicial authority” or “judicial police” providing all relevant information.

• A new requirement for online services to register a point of contact for direct communication with the authorities, for the purposes of tackling crime

• A prison sentence of up to one year, for failure to comply with the reporting requirements listed above, remains intact.

Amendments (6.0.36)

Original documents (old text / approved text) (Italian)

What Happens Next

A vote is scheduled for today and, if that goes to plan, the amendments will head immediately to the Chamber of Deputies (lower house of parliament) for a second reading before the measure expires on October 8, 2024.

The proposals, should they become law, could trigger a legal challenge. In an article published last Friday, the president of AIIP – the Italian Internet Provider Association – described the amendments as “an initiative that betrays two years of commitment and loyal collaboration in the sector.”

Giovanni Zorzoni says that the amendments run contrary to the conclusions reached following an AGCOM technical table last year, while introducing “new and dangerous surveillance obligations” on communication operators, supported by threats of imprisonment under criminal law.

In our article last weekend we mentioned an amendment in 2023 that allowed rightsholders to block domains without AGCOM oversight; that was considered a betrayal, Zorzoni’s public comments go much further than that.

Keeping ISPs Happy Seems Less of a Priority

Confirmation that ISPs feel let down doesn’t come as a surprise. Assurances previously given to ensure full cooperation appear to have been forgotten once the critical phase ended. From the outside looking in, ISPs’ concerns never seemed likely to get in the way of the mission.

Months before Piracy Shield began blocking IP addresses in February, ISPs and other experts warned that permanently blocking IPv4 IP addresses would be unsustainable. Running out of viable IPv4 addresses was a real concern, but one that continually fell on deaf ears. In parallel, fears over the scale of blocking and the financial burden on ISPs led to an agreement which limited how many domains/IP addresses could be blocked.

The arbitrary removal of those limits via the amendments led Zorzoni to decry the method of their introduction in his article on Friday. Buried in an unrelated financial bill and handled by committees with no competency in the electronic communications sector, Zorzoni said the ruling majority appear set authorize limitless blocking, regardless of agreement and contrary to expert advice.

Tweaked Amendment Throws Zorzoni a Bone, It May Not Be Enough

Whether intentional or not, the approved amendments contain changes that may be intended to steal Zorzoni’s thunder, arriving as they did after his article was published last Friday. Limitless blocking has already been approved but as detailed above, measures to unblock IPv4 addresses suddenly appeared over the weekend, perhaps as an implied quid pro quo.

Whatever the circumstances, the second set of amendments that threaten to criminalize ISPs remain, albeit with a tweak that removes “suspicion” and replaces it with “awareness” of actual criminal conduct. Why ‘mere conduit’ ISPs are suddenly required to police the internet while rejecting the “innocent until proven guilty” standard, is certainly controversial.

Zorzoni describes the proposal as “an unconstitutional, indeterminate provision, which would impose generalized surveillance obligations on Internet operators, following a model that is outside the democratic West.”

“As AIIP, but I am sure that we will not be the only ones, we will oppose these changes in every Italian and European forum, if they are approved,” he concluded.

It’s true that Article 15(1) of Directive 2000/31 prohibits the imposition of an obligation on an ISP to carry out general monitoring of information that it transmits on its own network. The rightsholders who came up with this provision understand that, and already have a solution.

After identifying problematic platforms as part of their regular piracy monitoring, they will write letters to service providers detailing the criminal behavior taking place on their networks. After helping ISPs meet the “awareness” standard – which immediately triggers the reporting requirement – ISPs could be left in an impossible position.

When news of the vote breaks later today (Tuesday), an update will appear here.

From: TF, for the latest news on copyright battles, piracy and more.