In June last year Ofcom outlined a draft anti-piracy code that would, if brought into law, place IP addresses at the heart of a new enforcement framework to combat online copyright infringement.
Under Ofcom's proposals, ISPs would issue "standard form" notifications to customers on the basis of evidence of alleged online copyright infringement gathered by rights holder groups and compiled in a 'copyright infringement report' (CIR). The evidence gathering procedures must be approved by Ofcom.
ISPs that issue subscribers with three letters within the space of a year would add the anonymous details of those customers to a 'copyright infringement list'. Rights holders would be able to request access to the list each month and could seek a court order obliging the ISPs to disclose the identity of the suspected infringers so that they can take legal action against them under the Copyright, Designs and Patents Act.
Under Ofcom's plans suspected infringers would generally have 20 working days to challenge warning letters from the moment they receive them. An "independent appeals body" would be appointed by the regulator to deal with the cases, although the suspected infringers would have to pay a refundable £20 fee to have their appeals heard. One of the grounds of appeal is that "the copyright infringement report did not relate to the subscriber’s IP address at the time of the apparent infringement."
BT told Out-Law.com that its CGNAT technology would not prevent the correct perpetrators of illegal online activity from being identified.
"The technology does still allow individual customers to be identified if they are sharing the same IP address, as long as the port the customer is using is also known," a BT spokesperson said in a statement. "Although the IP address is shared, the combination of IP address and port will always be unique and as such these two pieces of information, along with the time of the activity can uniquely identify traffic back to a broadband line."
"The IP address determines the location (each computer or device on the internet will have one) and a port makes a connection for the required application, e.g. accessing a web page, connecting to an email server. We dynamically allocate our broadband customers a source IP address which is allocated to the customer's Hub or router by our broadband network. The port is allocated by the TCP or UDP language the computer is using, based on the application or task in progress. For each IP address there are 65,000 ports that can be used," the statement said.
"With CGNAT our broadband network ‘translates’ the source IP address on the Hub to a shared IP address, and also translates the ports being used to one within a unique block, from the 65,000 IP addresses ports available. This block is assigned for that user and that user only. We log this translation i.e. the shared IP address assigned, the block of ports and the time. If we subsequently receive a request to identify someone who is using IP address x, and port number y, and time z we can then determine who this is from the logs," the spokesperson said.
"[In the case of the application of Ofcom's draft anti-piracy code] the copyright owner will provide the IP address, port and timestamp for a CGNAT customer, or IP address and timestamp for a non CGNAT customer. If only the IP address and timestamp are provided for a CGNAT customer then we are unable to identify the activity back to a broadband line," they added.