iiNet: What of the safe harbours?

Justice Cowdroy’s decision in Roadshow v iiNet held that a person who provides facilities that are used for infringement but does not play a more active part — for example by intentionally designing the system to profit, or providing facilities in circumstances where there are only limited non-infringing uses, or explicitly inviting or promoting the use of the system for infringement — will not be held to ‘authorise’ those infringements, because it does not provide the ‘means’ for infringement.

This construction minimises the role of the Category A safe harbour, which is designed to insulate ISPs who “facilities or services for transmitting, routing or providing connections” (s 116AC) for copyright material from monetary damages for copyright infringement. What is the extent of the overlap between this safe harbour and Cowdroy J’s intrepreation of authorisation for ISPs?
Read More

ZDNet Twisted Wire interview

This week I was interviewed by Phil Dobbie for ZDNet's Twisted Wire program. Also interviewed were Peter Coroneos from the Internet Industry Association and Adrianne Pecotic from AFACT. You can listen to the podcast (direct link (mp3)).

One thing I found disturbing about this interview was AFACT's suggestion that the law was clear and that iiNet had a clear responsibility to monitor its subscribers' internet use and disconnect users who infringe. This is obviously a contested issue, and the law certainly is not clear. The particular requirement of the Safe Harbours are largely untested – both here and in the US – and particularly against ISPs. We have mostly assumed that ISPs were more like common carriers than the P2P networks that have been found responsible for secondary copyright infringement. The iiNet case challenges that assumption, but it is misleading to argue that the law is clear in any meaningful way.

AFACT v iiNet copyright infringement suit


Not really pirates. Pirates of the Caribbean: At World's End is one of Disney's films at the centre of the law suit. Image © Disney.

As you may have heard, the movie industry has sued iiNet for copyright infringement. iiNet have responded that they will 'vigourously defend' the case. EFA released a press release here. Kim Weatherall has a detailed post on the case here.

AFACT allege that they have evidence that iiNet users have downloaded copyright films without permission. Lets assume that they do, no big surprise here. Implicit in the BitTorrent protocol is that users are sharing as they download the film. It AFACT used DtecNet to download video files, and logged the IP addresses in the pool that belonged to iiNet users. On this basis, AFACT alleges that iiNet users 'made available' and 'electronically transmitted' the films to other persons. As part of this, AFACT has to show that even if it received some data from iiNet IP addresses, that data formed a 'substantial part' of the film. Because torrents typically have hundreds of peers, it would be possible to believe that each peer generally does not, by itself, transmit a 'substantial part' of the film. I imagine, however, that each peer would be liable as a joint tortfeasor. Still, it's an important question of fact.

AFACT also alleges that users made physical copies of the films onto DVDs to watch, although it's not clear how they obtained this evidence.

Edit: APC Mag have made the full statement of claim available.

Inducement liability

AFACT allege that iiNet is liable for copyright infringement on two alternative theories. The first is based on the inducement test that we saw in Kazaa. AFACT allege that iiNet

  • knew or should have known that iiNet users engaged in filesharing of infringing material
  • took no action in response to emails sent by AFACT alleging infringement
  • 'offered encouragement' to iiNet users to engage in illicit filesharing
  • failed to enforce iiNet's terms and conditions which prohibit using iiNet to infringe copyright
  • continued to offer internet access to customers who AFACT alleged engaged in filesharing; and
  • 'through its own inactivity and indifference permitted a situation to develop and continue where iiNet Users engaged in, or continued to engage in' illicit filesharing.


In Australia, authorisation liability requires that the person 'sanction, approve, or countenance' (UNSW v Moorhouse. Section 101(1A) of the Copyright Act 1968 (Cth) provides a non-exhaustive list of factors to be taken into consideration when determining authorisation:

(a) the extent (if any) of the person's power to prevent the doing of the act concerned;

(b) the nature of any relationship existing between the person and the person who did the act concerned;

(c) whether the person took any other reasonable steps to prevent or avoid the doing of the act, including whether the person complied with any relevant industry codes of practice.


AFACT argue that iiNet, by failing to terminate users accounts in response to allegations of infringement made by AFACT, 'sanctioned, authorised or countenanced' those infringements. This is where it gets interesting. AFACT allege knowledge, but since iiNet is only given notice of allegations of infringement – infringement was never proven in court – this may be enough to negate knowledge. So the question is whether iiNet 'through its own inactivity and indifference' effectively passively encouraged infringing acts, or, alternatively, actively encouraged infringement by offering support to filesharers.

Section 112E means that a person who merely provides the facilities for infringement does not 'authorise' that infringement. This means that iiNet has to do something more than merely providing internet access. In Kazaa, this was established by exhortations to 'join the revolution' and at least partly premised on the fact that there were few non-infringing uses of Kazaa in evidence. [404-5].

In the case of iiNet, this is a bit harder to see. I don't think that anyone can make out that “a major, even the predominant” use of internet connections is to infringe copyright. AFACT allege that iiNet, by failing to take any steps to discourage copyright infringement, passively encourage any infringements which do occur. AFACT also allege that iiNet actively encouraged its users to infringe 'by not suspending or terminating' their internet service, and by not shaping or restricting P2P downloads. This seems to be a pretty far stretch from the Kazaa advertisements that were decisive in that case. Primarily, both internet use in general and BitTorrent use in particular have substantial non-infringing uses, so it is hard to see that a decision not to restrict all BitTorrent use could 'authorise' infringement. So the real question here is whether, by not suspending or terminating accounts based upon allegations of infringement provided by AFACT, iiNet were 'encouraging' any illicit filesharing that was, in fact, carried out. This is a question of fact, but it also imports significant issues of public policy. If the court finds that not terminating subscriber accounts upon allegations of infringement is 'encouraging' (meaning 'sanctioning', 'authorising', or 'countenancing') that infringement, it will mean that ISPs will effectively be under a positive duty to investigate and police allegations of infringement.

Vicarious liability

The second grounds for liability alleged by AFACT is US-style vicarious infringement, as developed in Cooper. AFACT allege that iiNet:

  • had to power to prevent the infringements of its users;
  • had a direct and commercial relationship with iiNet customers that allowed it to 'take action' against those customers who engaged in illicit filesharing; and
  • did not take adequate steps to prevent or avoid the infringements.


AFACT allege that iiNet have the power to prevent infringement by terminating or suspending internet accounts. The problem with this allegation is that iiNet itself may be liable to its users if it begins terminating accounts based upon unsubstantiated allegations from copyright owners. It would have to undertake significant investigation on its own initiative, and there again it may face liability or at least significant pressure for invading the privacy of its users. Finally, AFACT allege that iiNet could have taken 'other reasonable steps', including sending a notice to iiNet customers that AFACT had identified their accounts as potentially infringing and 'requesting that [they] cease such conduct'. Given that the copyright industry has not had the best track record of accurately identifying infringers, and in fact, has no real incentive to do so, iiNet may not be acting unreasonably by refusing to issue such notices. If appropriately construed, this type of behaviour could also conceivably come dangerously close to prohibited groundless threats of legal proceedings.

Finally, as with the other allegation of liability, any claim is limited by s 112E, which goes some way to immunising ISPs if they do nothing more than provide the network link. We have to reconcile the alleged grounds for authorisation liability above – that the ISP did not take 'adequate steps' – with the statutory provision that an ISP will not be liable “merely because another person uses the facilities so provided to do something the right to do which is included in the copyright.”1) Section 112E, on its face, appears to justify the position that an ISP which is doing absolutely nothing to either encourage or discourage copyright infringement will not be liable. It is not really clear how AFACT intend to make out that, even if the ISP has a 'power to prevent' and a 'direct commercial relationship', it would be positively required to act in oversight, despite s 112E.

These are all interesting questions of fact – to be determined by a judge at first instance – that will have to be proved by AFACT. Their resolution will depend largely upon what actions would be deemed 'reasonable' to prevent alleged infringements. This is really a public policy argument – to what extent do we want internet service providers to be responsible for identifying and terminating the accounts of alleged infringers, outside of the scope of proper judicial oversight?

What about the safe harbours?


Something we haven't spoken about yet are the safe harbours introduced in 2004 as a result of the Australia – US Free Trade Agreement (commenced 01 January 2005). Section 116AG, read with 116AC, provides that courts may not award monetary remedies against ISPs that are only “providing facilities or services for transmitting, routing or providing connections for copyright material”. Remedies are limited to “an order requiring the carriage service provider to take reasonable steps to disable access to an online location outside Australia” and “an order requiring the carriage service provider to terminate a specified account.”2)

Interestingly, it does not appear that AFACT have yet dealt with the conditions of the safe harbours. Assumedly they are waiting for iiNet to raise the safe harbours in defence, at which time they may decide to argue that iiNet are not eligible on the basis that iiNet has failed to “adopt and reasonably implement a policy that provides for termination, in appropriate circumstances, of the accounts of repeat infringers.”3) If AFACT is able to show that iiNet's policy is either not appropriate or not reasonably implemented, then the claims of authorisation liability may go ahead. How exactly, however, AFACT plan to do this, is anyone's guess.

Assumedly, iiNet will claim that it has an reasonable and enforced policy to deal with repeat infringers, in that once ordered to do so by a court, it will terminate access. AFACT is likely to counter that iiNet's policy is neither reasonable nor enforced, and that iiNet should instead be investigating allegations of infringement proactively, rather than waiting for either the AFP or the copyright owner to bring (and prove) an action for infringement. The resolution will likely come down to whether the text of s 116AH ('repeat infringers') requires proof of infringement or merely a reasonable suspicion (or some other test?).

Conclusion


This case raises some pretty important public policy questions. As I highlighted in EFA's press release, “ISPs are not in a position to monitor and terminate internet access to users based upon unsubstantiated threats from copyright owners, and should not be asked to do so.” I think that basic principles of procedural fairness and due process would in fact prevent iiNet from suspending and terminating accounts based upon allegations made by AFACT. iiNet has said that it will terminate in response to a court order, and I think that this is reasonable. Copyright infringement is not infringement until proved, and the courts are able to exercise judicial oversight and care in their binding findings of fact. These safeguards do not exist when private corporations are making the decisions. A system which required termination of internet access based upon untested allegations would be likely to result in substantial hardship to internet users. If ISPs are liable for not terminating user accounts, the power imbalance between individual users and ISPs and copyright owners would generally mean that rational, risk averse ISPs are more likely to terminate access based upon unsubstantiated allegations, and innocent individuals are more likely to be adversely affected.

Kim very aptly summarises the dangers of forcing disconnection without trial:

[I]f individuals were sued, rather than disconnected, (a) the cost of enforcement would lie on the copyright owners, and (b) consumers, and media, and everyone else, would be clear on what was happening, who it was initiated by, and, in fact, that it was happening. And in the case of Australia, unlike the US, damages are linked to the harm suffered by the copyright owner, so the threat of exorbitant fines of the Jammie Thomas variety would not be there. The advantage of the lawsuit option is that it is public and that everyone takes responsibility for their action. That is not necessarily a bad thing, on all sides. In other words, if MIPI decides to sue individuals, it will, in so doing, at least have to articulate its reasons, justify them to the Australian population at large, and to politicians. Politicians, too, would need to observe the effects of copyright laws and to justify them to the Australian people. I think that’s only appropriate, rather than going through the back door of managing it all second hand through the ISPs.


To this, I would just add that although copyright suits brought against end users may be better in aggregate than 'back door' enforcement through ISPs, they are likely to bring significant hardship to individuals. We have seen the extraordinary pressure that the copyright industry is able to bring to bear on individuals accused of copyright infringement, essentially forcing a settlement for several thousand dollars rather than the high risk and extreme expense of a drawn out legal process. We have to realise that this is not a dichotomy between enforcement at the ISP level and mass individual suits. If they are our only two choices, I would suggest that there is something fundamentally flawed about the way our copyright system is organised. There are certainly other ways in which we can compensate (or incentivise) investment in the creation of copyright expression that do not involve either making examples of individuals or forcing ISPs to police subscriber accounts. We are always able (at least in theory) to redraw the boundaries here, as to what, exactly, will constitute infringement, and how incentives can be distributed – a tax on internet usage being the apparent current best option,4) with an exclusion of liability for non-commercial or private use running a close second.5)

This case also raises important questions as to the appropriate penalty for copyright infringement. Personal small scale infringement is not a crime in Australia. As such, the proper remedy is damages, not punitive. Disconnecting an entire household's internet access, even if it is able to be proved that a member of the household downloaded copyright material, is a punitive measure that will in many cases greatly outweigh any harm done to the copyright owner. It will prevent children from researching school assignments, or video calling their grandparents. It could prevent others from telecommuting or working remotely. It would indeed prevent all forms of internet mediated communication – something upon which we have become increasingly reliant. It would in most cases involve a significant financial burden for reconnection fees.

Remember that claims for damages in copyright cases are generally hyper-inflated. We have seen the music industry calculate damages per song by taking the album price and dividing by the average number of tracks on an album, and then multiplying that number by a punitive factor. The introduction of statutory damages (proposed for ACTA: beware) is designed to do just that, and has resulted in absurdities like a US jury award of $222,000 in damages for infringing copyright in 24 songs.

If AFACT succeeds in this case, the result is likely to be disastrous for internet users in Australia. ISPs will be terrified of being sued, and will likely disconnect individual users without taking the care to determine the merits of allegations of copyright holders. There will be no court processes, so individual users will have no ability to contest the allegations, short of suing their service providers. There will be no court processes, so the media will not fully report on the issues, and a lot of the injustices will go unnoticed. Copyright owners will have extra judicial justification for their flawed tracking processes, resulting in a likely increase in the number of spurious and oppressive claims.6) And, importantly, thousands of individuals are likely to be severely punished for small-scale copyright infringement in an environment where the copyright industry shows an almost complete lack of respect for its legitimate customers. In short, not good news.

2)
s 116AG(3).
4)
see proposals by Prof Terry Fisher and Peter Eckersley, amongst others
5)
For a detailed examination of the scope of copyright in Australia, see Ben Atkinson, The True History of Copyright.
6)
See, for example, the 'Dancing baby' suit, where a 29 second home movie clip of a baby dancing to a song on the radio was removed from YouTube: http://www.eff.org/cases/lenz-v-universal

IIA Australian ISPs will not forward copyright enforcement letters


There is always a danger when intermediaries are pressured to act in the interests of copyright owners. There is little oversight, large risks to privacy, and little incentive to refuse in the interests of subscribers. Pressure on intermediaries really alters the copyright balance, making it much easier for copyright owners to attack users, shrinking grey zones and chilling speech, and abrogating the presumption of innocence.

In this environment, it is always reassuring to hear that ISPs will not bow to the pressure that is brought to bear by the copyright industry. The Age is today reporting that BigPond have strongly opposed the pressure from AFACT.

Last week I had the opportunity to meet again with Peter Coroneos, CEO of the Internet Industry Association at a briefing hosted by QUT Law Faculty.

Peter raised some points of oppisition by Austrlaian ISPs against the 3 strikes policy which is being pushed by MIPI and AFACT.

It seems that a formal agreement has stalled. I am still, however, highly concerned by informal agreements where ISPs voluntarily agree to play the role of copyright enforcers on behalf of the copyright industry. In the US, we are now seeing the copyright industry issuing what they call “settlement letters” to ISPs (mainly universities), purporting to identify users who are involved in copyright infringement. In fact, the letters have been shown to be highly inaccurate. The letters threaten the individual identified by the university with the initation of a copyright lawsuit if the user does not settle immediately, through an easy to use settlement gateway (which accepts credit card settlements of between $3000 and $11000 with a minimum of hassle). The process generates significant revenue for the copyright industry, and practically eliminates the cost of bringing lawsuits and proving both infringement and damages. Faced with the prospect of an up-front settlement or an expensive trial process, rational users may often chose to settle, even if they are not legally liable.

I asked Peter Coroneos if, when Australian ISPs are handed a letter purporting to identify a user by ip address who is alleged to have downloaded infringing material, whether they will identify the subscriber or pass on the threat? This process poses significant privacy risks to Australian individuals, and substantially alters the copyright balance. By facilitating this method, the law effectively eliminates any presumption of innocence or requirement for copyright owners to prove their case. I wrote a paper several years ago on the risks to individuals if intermediaries are co-opted into acting on the behalf of copyright owners without proper judicial oversight – simply put, intermediaries have little incentive to look out for the legitimate interests of individual subscribers, and individual subscribers have little standing to object on their own behalf. That paper considered formal pre-trial discovery and anton pillar orders – with recent evidence suggesting that even judicial oversight is somewhat limited in these cases: see Privacy v IP Litigation: preliminary third party discovery on the Internet.

Peter answered that this is an issue which will require a test case to determine. The argument made by copyright owners is that Section 36 of the Copyright Act 1968 (Cth), which provides for secondary liability for authorisation of copyright infringement (for Part III works), is not covered by the safe harbours introduced in 2004. Accordingly, if ISPs are provided with actual knowledge of alleged infringements, and do not act on their Acceptable Use Policies to terminate the users' subscriptions, they will be liable for authorisation of copyright infringement.

The ISPs, on the other hand, argue that their behaviour is caught by the first limb of the safe harbour, Category A activty. This seems to be a straightforward reading of the legislation. The ISPs also note that the obligation to terminate repeat infringers under s 116AH(1) requires proof of infringement, not mere allegations of infringement. The ISPs, therefore, should fit squarely within the safe harbour, even if the copyright interests forward multiple letters alleging infringement.

Peter concluded that the position is too uncertain in Australian copyright law, and will probably require a test case to determine. I asked whether, until the law is clarified, Australian ISPs would refuse to volunteer identifying details of their subscribers purportedly identified by IP address, short of an Anton Pillar Order or subpoena (with the concommitant judicial oversight). Peter reassured me that he believes that Australian ISPs would oppose such attempts by copyright owners… I certainly hope that he's correct.