nic.suzor.net » afact

iiNet: What of the safe harbours?

nic — Fri, 05 Feb 2010 08:10:45 +0000

Justice Cowdroy’s decision in Roadshow v iiNet held that a person who provides facilities that are used for infringement but does not play a more active part — for example by intentionally designing the system to profit, or providing facilities in circumstances where there are only limited non-infringing uses, or explicitly inviting or promoting the use of the system for infringement — will not be held to ‘authorise’ those infringements, because it does not provide the ‘means’ for infringement.

This construction minimises the role of the Category A safe harbour, which is designed to insulate ISPs who “facilities or services for transmitting, routing or providing connections” (s 116AC) for copyright material from monetary damages for copyright infringement. What is the extent of the overlap between this safe harbour and Cowdroy J’s intrepreation of authorisation for ISPs?

The crucial question is whether an ISP will ever be in a position to have authorised infringement but be able to rely on the protection of the safe harbours. It seems that a purely passive general purpose ISP could not, as it would never infringe. Accordingly, the hypothetical ISP must be engaged in some sort of other activities – it must be found to be inviting or promoting copyright infringement, designing its systems to profit from infringement, or perhaps engaged in the provision of a filtered feed where it exercises some form of control over what its users may access. These extra circumstances would give rise to an inference that the ISP is providing the ‘means’ of infringement and would, prima facie, be liable for the infringing acts of its users.

In these cases, the next question becomes whether such an ISP would be entitled to rely on the safe harbours? The safe harbours provide protection where the primary infringement occurs “in the course of carrying out”(s 116AG) activities – relevantly, “providing facilities or services for transmitting, routing or providing connections for copyright material”.(s 116AC) In the paradigmatic case, an ISP who only provides the facilities for infringement will not be liable for authorising any infringements; so this question is really whether the extra circumstances that are required for liability to accrue will necessarily not be “in the course of carrying out” the provision of facilities or services and accordingly remove an ISP from the protection of the safe harbours.

It seems likely that many of the acts that would cause liability to accrue for authorisation would not fall within the definition of being “in the course of carrying out” the provision of facilities or services. In our only authority, we can take the example of the ISP in Cooper. This ISP negotiated an agreement not to charge Cooper for the hosting of his website in return for advertising revenue from the high levels of traffic his website attracted. While this relates to Category C activity, we can imagine a scenario where an ISP negotiates a similar monetary incentive for infringement, or otherwise encourages its users to infringe. Some of the examples come out of the judgment – if iiNet drew a direct financial benefit from infringement and set up its service in order to benefit from infringement, it would probably have been held to have authorised that infringement. Would this still be done ‘in the course of’ providing facilities or services for communications? While there would be some circumstances where an ISP would be liable for authorisation that do not strictly relate to its provision of access, I think that we would have to conclude that an ISP that is promoting or benefiting from infringement is still acting ‘in the course of’ providing access. Prima facie, then, the safe harbours will operate where the ISP is playing some active role in the infringements of its users.

Whether the safe harbours will protect such an ISP then depends on the conditions for compliance set out in s 116AH, which require that an ISP must “adopt and reasonably implement a policy that provides for termination, in appropriate circumstances, of the accounts of repeat infringers”, and must not initiate or modify transmissions of copyright material. The second two requirements are relatively straightforward and easy to comply with. The ‘reasonable’ implementation of a ‘repeat infringer’ policy, however, may be a different matter.

I think that in many cases where an ISP designs its service to encourage or directly profit from its users infringements, or provides a service that has limited non-infringing uses, it will probably fail the repeat infringer test. The requirement is not only to have a policy, but to ‘reasonably implement’ it. We see in particular authority from the US in Aimster that a provider that wilfully blinds itself to infringement or structures its activities in such a way that it cannot identify repeat infringers will not be held to ‘reasonably implement’ such a policy. The safe harbours, in this construction, would only have operation in a sliver of circumstances where the ISP acts in sufficient bad faith to ‘authorise’ infringement but in sufficient good faith to ‘reasonably implement’ a policy for termination of repeat infringers. In practice, this sliver would appear vanishingly small.

Does such an interpretation mean that the transmission safe harbour has no practical effect? I think that it will have little effect in the case of ‘bad faith’ ISPs, but there may still be circumstances where ‘good faith’ ISPs are held to ‘authorise’ the infringement of their users. Part of the reason that iiNet did not authorise was that it had no control over BitTorrent; so the analysis would change where ISP had more control, or with a different protocol over which ISPs have more control in general. The particular scenario that comes to mind is similar to the cases in the US in the 90s, where ISPs who wanted to provide a ‘cleaner’ experience for their users found themselves potentially liable for their increased control. So, for example, an ISP who offers some sort of filtered service may, if their filters are good enough, exercise sufficient control over what its users can access that it would have the ability to prevent infringements when it is provided with actual or constructive knowledge that it could be held to ‘authorise’ any infringements. In these circumstances, the safe harbours will be useful: as long as the ISP ‘reasonably implements’ some termination policy, it will be insulated from monetary damages.

This is one hypothetical, but it seems clear that the Category A (transmission) safe harbour does still have some (limited) application in Australian law. This doesn’t really come up in US jurisprudence, because the US safe harbours extend beyond ISPs to service providers more generally. Nevertheless, it seems as though the Australian transmission safe harbour still has a role to play in providing certainty for good faith ISPs who wish to do something more than ‘merely’ providing the facilities for infringement.

Who will shed a tear for ss 39B and 112E?

The limited role of the transmission safe harbour remains much broader than that of ss 39B and 112E, which provide that

A person (including a carrier or carriage service provider) who provides facilities for making, or facilitating the making of, a communication is not taken to have authorised any infringement of copyright in a work merely because another person uses the facilities so provided to do something the right to do which is included in the copyright.

On the analysis of Cowdroy J, it is apparent that there are no circumstances where an ISP would be held to have ‘authorised’ an infringement but done no more than provide the “facilities for making, or facilitating the making of, a communication”. Justice Cowdroy rejects this construction, but accepts that it would “highly unlikely” that either of the hypotheticals he poses where s 112E would be useful would result in a finding of authorisation liability.([572]-[573]) This is based off the Full Federal Court authority in Cooper that states that s 112E “‘…presupposes that a person who merely provides facilities for making a communication might, absent the section, be taken to have authorised an infringement of copyright in an audio-visual item effected by the use of the facility’.”([573], quoting Cooper [2006] FCAFC 187, [32]). Justice Cowdroy found himself bound to accept the Full Federal Court authority, although it left “little room for s 112E to have meaningful operation.”([574])

There certainly seems to be some inconsistency in this view, as either s 112E has no practical effect, or Cowdroy J’s rationale for authorisation liability must be incorrect to the extent that a person who does no more than provide facilities will not provide the ‘means’ of infringement and therefore be liable for authorisation. While there is some room to argue that because authorisation is a question of fact that it is technically possible (but practically inconceivable) that someone may authorise for ‘merely’ providing the facilities, this seems, with respect, quite strained. The better view – which Cowdroy J may not have been entitled to reach – would seem to be either that ss 39B and 112E operate to limit liability in some circumstances where the provider does something more than ‘merely’ provide the facilities for infringement, or that ss 39B and 112E have no practical effect. I think that the best construction is that of Wen Wu, who argues that

Ultimately, if recourse must be had to [s 101(1A)] and other authorisation factors, sections 39/112E are superfluous and were probably introduced out of an abundance of caution. (unpublished)

ZDNet Twisted Wire interview

nic — Thu, 27 Aug 2009 23:58:21 +0000

This week I was interviewed by Phil Dobbie for ZDNet's Twisted Wire program. Also interviewed were Peter Coroneos from the Internet Industry Association and Adrianne Pecotic from AFACT. You can listen to the podcast (direct link (mp3)).

One thing I found disturbing about this interview was AFACT's suggestion that the law was clear and that iiNet had a clear responsibility to monitor its subscribers' internet use and disconnect users who infringe. This is obviously a contested issue, and the law certainly is not clear. The particular requirement of the Safe Harbours are largely untested – both here and in the US – and particularly against ISPs. We have mostly assumed that ISPs were more like common carriers than the P2P networks that have been found responsible for secondary copyright infringement. The iiNet case challenges that assumption, but it is misleading to argue that the law is clear in any meaningful way.

AFACT v iiNet copyright infringement suit

nic — Sat, 22 Nov 2008 00:10:56 +0000

Not really pirates. Pirates of the Caribbean: At World's End is one of Disney's films at the centre of the law suit. Image © Disney.

As you may have heard, the movie industry has sued iiNet for copyright infringement. iiNet have responded that they will 'vigourously defend' the case. EFA released a press release here. Kim Weatherall has a detailed post on the case here.

AFACT allege that they have evidence that iiNet users have downloaded copyright films without permission. Lets assume that they do, no big surprise here. Implicit in the BitTorrent protocol is that users are sharing as they download the film. It AFACT used DtecNet to download video files, and logged the IP addresses in the pool that belonged to iiNet users. On this basis, AFACT alleges that iiNet users 'made available' and 'electronically transmitted' the films to other persons. As part of this, AFACT has to show that even if it received some data from iiNet IP addresses, that data formed a 'substantial part' of the film. Because torrents typically have hundreds of peers, it would be possible to believe that each peer generally does not, by itself, transmit a 'substantial part' of the film. I imagine, however, that each peer would be liable as a joint tortfeasor. Still, it's an important question of fact.

AFACT also alleges that users made physical copies of the films onto DVDs to watch, although it's not clear how they obtained this evidence.

Edit: APC Mag have made the full statement of claim available.

Inducement liability

AFACT allege that iiNet is liable for copyright infringement on two alternative theories. The first is based on the inducement test that we saw in Kazaa. AFACT allege that iiNet

knew or should have known that iiNet users engaged in filesharing of infringing material
took no action in response to emails sent by AFACT alleging infringement
'offered encouragement' to iiNet users to engage in illicit filesharing
failed to enforce iiNet's terms and conditions which prohibit using iiNet to infringe copyright
continued to offer internet access to customers who AFACT alleged engaged in filesharing; and
'through its own inactivity and indifference permitted a situation to develop and continue where iiNet Users engaged in, or continued to engage in' illicit filesharing.

In Australia, authorisation liability requires that the person 'sanction, approve, or countenance' (UNSW v Moorhouse. Section 101(1A) of the Copyright Act 1968 (Cth) provides a non-exhaustive list of factors to be taken into consideration when determining authorisation:

(a) the extent (if any) of the person's power to prevent the doing of the act concerned;

(b) the nature of any relationship existing between the person and the person who did the act concerned;

(c) whether the person took any other reasonable steps to prevent or avoid the doing of the act, including whether the person complied with any relevant industry codes of practice.

AFACT argue that iiNet, by failing to terminate users accounts in response to allegations of infringement made by AFACT, 'sanctioned, authorised or countenanced' those infringements. This is where it gets interesting. AFACT allege knowledge, but since iiNet is only given notice of allegations of infringement – infringement was never proven in court – this may be enough to negate knowledge. So the question is whether iiNet 'through its own inactivity and indifference' effectively passively encouraged infringing acts, or, alternatively, actively encouraged infringement by offering support to filesharers.

Section 112E means that a person who merely provides the facilities for infringement does not 'authorise' that infringement. This means that iiNet has to do something more than merely providing internet access. In Kazaa, this was established by exhortations to 'join the revolution' and at least partly premised on the fact that there were few non-infringing uses of Kazaa in evidence. [404-5].

In the case of iiNet, this is a bit harder to see. I don't think that anyone can make out that “a major, even the predominant” use of internet connections is to infringe copyright. AFACT allege that iiNet, by failing to take any steps to discourage copyright infringement, passively encourage any infringements which do occur. AFACT also allege that iiNet actively encouraged its users to infringe 'by not suspending or terminating' their internet service, and by not shaping or restricting P2P downloads. This seems to be a pretty far stretch from the Kazaa advertisements that were decisive in that case. Primarily, both internet use in general and BitTorrent use in particular have substantial non-infringing uses, so it is hard to see that a decision not to restrict all BitTorrent use could 'authorise' infringement. So the real question here is whether, by not suspending or terminating accounts based upon allegations of infringement provided by AFACT, iiNet were 'encouraging' any illicit filesharing that was, in fact, carried out. This is a question of fact, but it also imports significant issues of public policy. If the court finds that not terminating subscriber accounts upon allegations of infringement is 'encouraging' (meaning 'sanctioning', 'authorising', or 'countenancing') that infringement, it will mean that ISPs will effectively be under a positive duty to investigate and police allegations of infringement.

Vicarious liability

The second grounds for liability alleged by AFACT is US-style vicarious infringement, as developed in Cooper. AFACT allege that iiNet:

had to power to prevent the infringements of its users;
had a direct and commercial relationship with iiNet customers that allowed it to 'take action' against those customers who engaged in illicit filesharing; and
did not take adequate steps to prevent or avoid the infringements.

AFACT allege that iiNet have the power to prevent infringement by terminating or suspending internet accounts. The problem with this allegation is that iiNet itself may be liable to its users if it begins terminating accounts based upon unsubstantiated allegations from copyright owners. It would have to undertake significant investigation on its own initiative, and there again it may face liability or at least significant pressure for invading the privacy of its users. Finally, AFACT allege that iiNet could have taken 'other reasonable steps', including sending a notice to iiNet customers that AFACT had identified their accounts as potentially infringing and 'requesting that [they] cease such conduct'. Given that the copyright industry has not had the best track record of accurately identifying infringers, and in fact, has no real incentive to do so, iiNet may not be acting unreasonably by refusing to issue such notices. If appropriately construed, this type of behaviour could also conceivably come dangerously close to prohibited groundless threats of legal proceedings.

Finally, as with the other allegation of liability, any claim is limited by s 112E, which goes some way to immunising ISPs if they do nothing more than provide the network link. We have to reconcile the alleged grounds for authorisation liability above – that the ISP did not take 'adequate steps' – with the statutory provision that an ISP will not be liable “merely because another person uses the facilities so provided to do something the right to do which is included in the copyright.”¹⁾ Section 112E, on its face, appears to justify the position that an ISP which is doing absolutely nothing to either encourage or discourage copyright infringement will not be liable. It is not really clear how AFACT intend to make out that, even if the ISP has a 'power to prevent' and a 'direct commercial relationship', it would be positively required to act in oversight, despite s 112E.

These are all interesting questions of fact – to be determined by a judge at first instance – that will have to be proved by AFACT. Their resolution will depend largely upon what actions would be deemed 'reasonable' to prevent alleged infringements. This is really a public policy argument – to what extent do we want internet service providers to be responsible for identifying and terminating the accounts of alleged infringers, outside of the scope of proper judicial oversight?

What about the safe harbours?

Something we haven't spoken about yet are the safe harbours introduced in 2004 as a result of the Australia – US Free Trade Agreement (commenced 01 January 2005). Section 116AG, read with 116AC, provides that courts may not award monetary remedies against ISPs that are only “providing facilities or services for transmitting, routing or providing connections for copyright material”. Remedies are limited to “an order requiring the carriage service provider to take reasonable steps to disable access to an online location outside Australia” and “an order requiring the carriage service provider to terminate a specified account.”²⁾

Interestingly, it does not appear that AFACT have yet dealt with the conditions of the safe harbours. Assumedly they are waiting for iiNet to raise the safe harbours in defence, at which time they may decide to argue that iiNet are not eligible on the basis that iiNet has failed to “adopt and reasonably implement a policy that provides for termination, in appropriate circumstances, of the accounts of repeat infringers.”³⁾ If AFACT is able to show that iiNet's policy is either not appropriate or not reasonably implemented, then the claims of authorisation liability may go ahead. How exactly, however, AFACT plan to do this, is anyone's guess.

Assumedly, iiNet will claim that it has an reasonable and enforced policy to deal with repeat infringers, in that once ordered to do so by a court, it will terminate access. AFACT is likely to counter that iiNet's policy is neither reasonable nor enforced, and that iiNet should instead be investigating allegations of infringement proactively, rather than waiting for either the AFP or the copyright owner to bring (and prove) an action for infringement. The resolution will likely come down to whether the text of s 116AH ('repeat infringers') requires proof of infringement or merely a reasonable suspicion (or some other test?).

Conclusion

This case raises some pretty important public policy questions. As I highlighted in EFA's press release, “ISPs are not in a position to monitor and terminate internet access to users based upon unsubstantiated threats from copyright owners, and should not be asked to do so.” I think that basic principles of procedural fairness and due process would in fact prevent iiNet from suspending and terminating accounts based upon allegations made by AFACT. iiNet has said that it will terminate in response to a court order, and I think that this is reasonable. Copyright infringement is not infringement until proved, and the courts are able to exercise judicial oversight and care in their binding findings of fact. These safeguards do not exist when private corporations are making the decisions. A system which required termination of internet access based upon untested allegations would be likely to result in substantial hardship to internet users. If ISPs are liable for not terminating user accounts, the power imbalance between individual users and ISPs and copyright owners would generally mean that rational, risk averse ISPs are more likely to terminate access based upon unsubstantiated allegations, and innocent individuals are more likely to be adversely affected.

Kim very aptly summarises the dangers of forcing disconnection without trial:

[I]f individuals were sued, rather than disconnected, (a) the cost of enforcement would lie on the copyright owners, and (b) consumers, and media, and everyone else, would be clear on what was happening, who it was initiated by, and, in fact, that it was happening. And in the case of Australia, unlike the US, damages are linked to the harm suffered by the copyright owner, so the threat of exorbitant fines of the Jammie Thomas variety would not be there. The advantage of the lawsuit option is that it is public and that everyone takes responsibility for their action. That is not necessarily a bad thing, on all sides. In other words, if MIPI decides to sue individuals, it will, in so doing, at least have to articulate its reasons, justify them to the Australian population at large, and to politicians. Politicians, too, would need to observe the effects of copyright laws and to justify them to the Australian people. I think that’s only appropriate, rather than going through the back door of managing it all second hand through the ISPs.

To this, I would just add that although copyright suits brought against end users may be better in aggregate than 'back door' enforcement through ISPs, they are likely to bring significant hardship to individuals. We have seen the extraordinary pressure that the copyright industry is able to bring to bear on individuals accused of copyright infringement, essentially forcing a settlement for several thousand dollars rather than the high risk and extreme expense of a drawn out legal process. We have to realise that this is not a dichotomy between enforcement at the ISP level and mass individual suits. If they are our only two choices, I would suggest that there is something fundamentally flawed about the way our copyright system is organised. There are certainly other ways in which we can compensate (or incentivise) investment in the creation of copyright expression that do not involve either making examples of individuals or forcing ISPs to police subscriber accounts. We are always able (at least in theory) to redraw the boundaries here, as to what, exactly, will constitute infringement, and how incentives can be distributed – a tax on internet usage being the apparent current best option,⁴⁾ with an exclusion of liability for non-commercial or private use running a close second.⁵⁾

This case also raises important questions as to the appropriate penalty for copyright infringement. Personal small scale infringement is not a crime in Australia. As such, the proper remedy is damages, not punitive. Disconnecting an entire household's internet access, even if it is able to be proved that a member of the household downloaded copyright material, is a punitive measure that will in many cases greatly outweigh any harm done to the copyright owner. It will prevent children from researching school assignments, or video calling their grandparents. It could prevent others from telecommuting or working remotely. It would indeed prevent all forms of internet mediated communication – something upon which we have become increasingly reliant. It would in most cases involve a significant financial burden for reconnection fees.

Remember that claims for damages in copyright cases are generally hyper-inflated. We have seen the music industry calculate damages per song by taking the album price and dividing by the average number of tracks on an album, and then multiplying that number by a punitive factor. The introduction of statutory damages (proposed for ACTA: beware) is designed to do just that, and has resulted in absurdities like a US jury award of $222,000 in damages for infringing copyright in 24 songs.

If AFACT succeeds in this case, the result is likely to be disastrous for internet users in Australia. ISPs will be terrified of being sued, and will likely disconnect individual users without taking the care to determine the merits of allegations of copyright holders. There will be no court processes, so individual users will have no ability to contest the allegations, short of suing their service providers. There will be no court processes, so the media will not fully report on the issues, and a lot of the injustices will go unnoticed. Copyright owners will have extra judicial justification for their flawed tracking processes, resulting in a likely increase in the number of spurious and oppressive claims.⁶⁾ And, importantly, thousands of individuals are likely to be severely punished for small-scale copyright infringement in an environment where the copyright industry shows an almost complete lack of respect for its legitimate customers. In short, not good news.

¹⁾
s 112E.

²⁾
s 116AG(3).

³⁾
s 116AH.

⁴⁾
see proposals by Prof Terry Fisher and Peter Eckersley, amongst others

⁵⁾
For a detailed examination of the scope of copyright in Australia, see Ben Atkinson, The True History of Copyright.

⁶⁾
See, for example, the 'Dancing baby' suit, where a 29 second home movie clip of a baby dancing to a song on the radio was removed from YouTube: http://www.eff.org/cases/lenz-v-universal

IIA Australian ISPs will not forward copyright enforcement letters

Mon, 04 Aug 2008 05:49:41 +0000

There is always a danger when intermediaries are pressured to act in the interests of copyright owners. There is little oversight, large risks to privacy, and little incentive to refuse in the interests of subscribers. Pressure on intermediaries really alters the copyright balance, making it much easier for copyright owners to attack users, shrinking grey zones and chilling speech, and abrogating the presumption of innocence.

In this environment, it is always reassuring to hear that ISPs will not bow to the pressure that is brought to bear by the copyright industry. The Age is today reporting that BigPond have strongly opposed the pressure from AFACT.

Last week I had the opportunity to meet again with Peter Coroneos, CEO of the Internet Industry Association at a briefing hosted by QUT Law Faculty.

Peter raised some points of oppisition by Austrlaian ISPs against the 3 strikes policy which is being pushed by MIPI and AFACT.

It seems that a formal agreement has stalled. I am still, however, highly concerned by informal agreements where ISPs voluntarily agree to play the role of copyright enforcers on behalf of the copyright industry. In the US, we are now seeing the copyright industry issuing what they call “settlement letters” to ISPs (mainly universities), purporting to identify users who are involved in copyright infringement. In fact, the letters have been shown to be highly inaccurate. The letters threaten the individual identified by the university with the initation of a copyright lawsuit if the user does not settle immediately, through an easy to use settlement gateway (which accepts credit card settlements of between $3000 and $11000 with a minimum of hassle). The process generates significant revenue for the copyright industry, and practically eliminates the cost of bringing lawsuits and proving both infringement and damages. Faced with the prospect of an up-front settlement or an expensive trial process, rational users may often chose to settle, even if they are not legally liable.

I asked Peter Coroneos if, when Australian ISPs are handed a letter purporting to identify a user by ip address who is alleged to have downloaded infringing material, whether they will identify the subscriber or pass on the threat? This process poses significant privacy risks to Australian individuals, and substantially alters the copyright balance. By facilitating this method, the law effectively eliminates any presumption of innocence or requirement for copyright owners to prove their case. I wrote a paper several years ago on the risks to individuals if intermediaries are co-opted into acting on the behalf of copyright owners without proper judicial oversight – simply put, intermediaries have little incentive to look out for the legitimate interests of individual subscribers, and individual subscribers have little standing to object on their own behalf. That paper considered formal pre-trial discovery and anton pillar orders – with recent evidence suggesting that even judicial oversight is somewhat limited in these cases: see Privacy v IP Litigation: preliminary third party discovery on the Internet.

Peter answered that this is an issue which will require a test case to determine. The argument made by copyright owners is that Section 36 of the Copyright Act 1968 (Cth), which provides for secondary liability for authorisation of copyright infringement (for Part III works), is not covered by the safe harbours introduced in 2004. Accordingly, if ISPs are provided with actual knowledge of alleged infringements, and do not act on their Acceptable Use Policies to terminate the users' subscriptions, they will be liable for authorisation of copyright infringement.

The ISPs, on the other hand, argue that their behaviour is caught by the first limb of the safe harbour, Category A activty. This seems to be a straightforward reading of the legislation. The ISPs also note that the obligation to terminate repeat infringers under s 116AH(1) requires proof of infringement, not mere allegations of infringement. The ISPs, therefore, should fit squarely within the safe harbour, even if the copyright interests forward multiple letters alleging infringement.

Peter concluded that the position is too uncertain in Australian copyright law, and will probably require a test case to determine. I asked whether, until the law is clarified, Australian ISPs would refuse to volunteer identifying details of their subscribers purportedly identified by IP address, short of an Anton Pillar Order or subpoena (with the concommitant judicial oversight). Peter reassured me that he believes that Australian ISPs would oppose such attempts by copyright owners… I certainly hope that he's correct.