Why You Are Wrong about Copyright

They say the customer is always right. Phooey. Customers are often wrong. We should treat customers well, but they can still be wrong. And there is nothing worse for a supplier than politely telling a customer why they are wrong. Unfortunately, I am rarely polite. So today I want to explain why most of you – my customers – are wrong. And I will explain why you probably will not read this article, even though you really should.

Do you think copyright is somebody else’s problem? Probably. And that is why you probably skipped this article. After all, you are not a lawyer. You have not been trained to deal with copyright issues. The words ‘copyright’ or ‘intellectual property’ cannot be found in your job description. But that is all phooey. Copyright is your problem. Nobody told the first fraud managers and first RA professionals how to do their job, but they still did it. You work in the communications sector. You worry about frauds, and risks, and losing money. That is why copyright is your problem. It is either affecting your business now, or will affect your business soon. Losing money and losing customers because nobody cares enough about copyright is as dumb as losing money and customers for all the other reasons that telcos lose money and customers.

I do not care if you think copyright is outside the scope of your job, or is the responsibility of someone else. Who else should worry about copyright? A corporate lawyer, perhaps? But do you seriously expect lawyers to take a practical approach to managing operational risks?

Passing the buck on copyright is as lame as the arguments I used to hear about simboxes. Back when they were first identified as a threat, you would hear revenue assurance teams and fraud managers insisting it was somebody else’s problem, even though they knew – or should have known – that the business was bleeding money as a consequence. The same thing is happening today, because of a poor understanding of copyright law, and why it matters to modern comms providers.

My web analytics tell me a simple truth. Of all the content on this site, you are least likely to read posts in the category called “privacy and intellectual property”. In contrast, “risk, fraud and security” is the most popular category. I find this discrepancy to be absurd. Are there no risks surrounding copyright, the most common form of intellectual property? Do fraudsters not exploit copyright? Are there no security implications for copyright? Of course there are.

The editorial stance of Commsrisk is that the value of intellectual property must be factored into the tasks performed by risk and assurance managers, whether they work at the strategic level or focus on operations. Our readers need to be educated about the subject, and aware of its growing relevance to their role.

They say you can take a horse to water, but you cannot make it drink. As I wrote that sentence, I was thinking of you, my metaphorically equine friends. The water is there, under the category marked “privacy and intellectual property”. But you are not drinking. A better businessman than me would simply stop supplying you with free water. I am not a good businessman, which is why I am ranting now, beseeching you to drink more, before you get dehydrated, before you discover your thirst and realize the well has run dry! And it gets me even more frustrated that probably will not read these words, because you decided the article was not relevant to you when you glanced at its title, and which category it was posted under…

There are lots of reasons why you need to learn about copyright. One of the best reasons is that copyright is complicated. Another reason is that the laws keep changing. However, I have lost count of the times I had to explain the most fundamental copyright concepts to people with ‘risk’ or ‘assurance’ in their job title, even though they work for businesses which own or distribute assets whose value is dependent on copyright. Moving beyond the basics, it is discouraging that copyright law is such a complicated area, but that is also why risk and assurance professionals need a solid grounding. We need to know the essentials so we can effectively work with people who have more particular expertise. Risk and assurance specialists need a relationship with copyright experts in the same way they have a relationship with network experts or accounting experts or experts in the field of business continuity.

I would not expect the average revenue assurance professional to know the detail of the IFRS on revenue recognition, but I would expect them to know the basic concepts of revenue recognition. Otherwise, when they say ‘revenue’ is being lost, they literally do not understand what they are saying. In the same way, risk, fraud and assurance professionals need to understand the basics of copyright when they work for telcos with business models that depend on copyright. Otherwise, they have no sense of the value put at risk by copyright infringement.

Copyright laws may be subject to international treaties, but the rights and wrongs of copyright disputes will be resolved by looking at national laws, and sometimes by examining the small print in contracts. These complications make copyright risky. And copyright risk balloons when firms work across international borders, and hence need to respect the laws of different nations.

“But telcos just transmit stuff, so we are not legally responsible for the content of what is transmitted!” I give credit to the person who shouted that out, whoever they were. At least they know one basic fact concerning the topic, and so understand the best excuse for apathy. Unfortunately, that statement is no longer 100 percent true, if it ever was. Laws are being changed to make telcos more and more responsible for the content they transmit. Politicians continue to argue for exceptions to the rule which says telcos need not worry if they merely transmit content, and are not aware of the content. And telcos increasingly do know about the content that moves across their network. It is no good arguing you need deep packet inspection to gather valuable and exploitable data on your customers, but then pretend you had no idea they just downloaded a pirated movie.

If that was not bad enough, your business is changing. There was a time when communications was one-to-one, or one-to-many. The one-to-one model could be slightly augmented, by things like conference calls, but communication was essentially between a few individuals who all chose to be on the line at the same time. In contrast, the one-to-many model appeared very similar to broadcasting, like asking the public to tune into a television program. The issue with copyright is obviously relevant to the latter, and less relevant to the former. Broadcasters need to police their content, to make sure copyright is not violated. Firms that handle one-to-one communication can pretend ignorance and say they have no idea what kind of stuff is said and shared by their customers. However, the distinction between one-to-one and one-to-many is outdated. The World Wide Web, YouTube, Twitter… these and other new modes of interaction mean there is no longer a simple dividing line between one-to-one, and one-to-many. I could tweet you a private message with a link to a copyrighted document on Google Drive. And I could tweet that same message to the whole world. So where should the policing of copyright start in your business? If you do not know, then you are ‘managing’ this risk by ignoring it and hoping no harm will result.

And it gets worse. Your telco is no longer a telco like it used to be. People do not want to pay for one-to-one calls. Those revenues are declining. But customers will pay for films, and games, and sports clips, and pop songs. That is why your telco has already launched ventures, bid for rights, initiated partnerships and done a hundred other things to ensure it makes money from selling copyrighted content to customers. I know of one telco group that even owns cinemas! Do you want to manage risk for the one-to-one comms type stuff, but not the other stuff? If so, what if the person who manages the other risks thinks they can do your job too?

And it gets even worse than that. Suppose your business writes software – many do. Or maybe you allow others to get access to software via the cloud. Software is protected by copyright. Somebody needs to ensure that software is protected. When distributed, somebody has to collect the revenues, and make sure nobody is cheating to avoid payment. If that is not your job, then whose job is it? If somebody else does that job, what prevents them from doing your job too? Do you really think that what you know about CDRs cannot be learned by the clever people who manage operational risks that you believe are too complicated for you to handle?

20 years ago I sat alongside a man called Phil Gillett. We were both managers in the London office of Deloitte. These days, I like to joke that my work at Deloitte was revenue assurance, except it was done before there was a name for revenue assurance. Phil’s job was just like mine, except instead of doing revenue assurance for telecom carriers, he did it for software firms, like Microsoft.

Phil and I did similarly techy stuff, reviewing data and processes, to make sure our clients collected all the money they deserved. I might be looking at contracts for interconnect settlement, whilst Phil would be looking at contracts to license software. My work did not involve copyright, whilst Phil’s work did. His work and my work ended up having different names, and focused on different kinds of business, but the principles were the same and the techniques were pretty similar. So what makes you think you should do a job like mine, but not a job like Phil Gillett’s? Why are you drawing a dividing line between those jobs, when the same assurance and risk management skills could be used either way, so long as you have the relevant domain knowledge? And why are you ignoring the 20 years of progress in the field of electronic communications, that has made copyright relevant to the business model of many more telcos?

I believe you are better than you think you are. If you are interested in fraud, but not copyright, then you should do better, because you need to understand copyright to stay relevant. If you are interested in securing software, but not copyright, then you have no idea where the limits of legal protection are drawn. If your business sells content, as well as bytes and minutes, then the revenues generated by content need at least as much protection as other revenues. If you are still reading this, I thank you. I also implore you to keep learning about copyright and understanding how it relates to your responsibilities. And if it does not currently relate to your responsibilities, I recommend that you add it to your responsibilities. Please do your colleagues a favor as well – tell them they should read this too.