iiNet: What of the safe harbours?

Justice Cowdroy’s decision in Roadshow v iiNet held that a person who provides facilities that are used for infringement but does not play a more active part — for example by intentionally designing the system to profit, or providing facilities in circumstances where there are only limited non-infringing uses, or explicitly inviting or promoting the use of the system for infringement — will not be held to ‘authorise’ those infringements, because it does not provide the ‘means’ for infringement.

This construction minimises the role of the Category A safe harbour, which is designed to insulate ISPs who “facilities or services for transmitting, routing or providing connections” (s 116AC) for copyright material from monetary damages for copyright infringement. What is the extent of the overlap between this safe harbour and Cowdroy J’s intrepreation of authorisation for ISPs?
Read More

The ‘means’ of infringement: tracing a line through Moorhouse, Tape Manufacturers, Cooper, and Kazaa (via Sony)

The ‘means’ of infringement: tracing a line through Moorhouse, Tape Manufacturers, Cooper, and Kazaa (via Sony)

The iiNet judgment traces an interesting line through authorisation liability in the context of technology cases. Cowdroy reads the technology authorisation cases (Moorhouse, Australian Tape Manufacturers, Cooper, and Kazaa) as predicating liability firstly upon whether the defendant has provided the ‘means’ of infringement; a complex factual determination that depends on the context, but seems to implicitly incorporate the Sony test of whether the technology has substantial non-infringing uses and an intention test that goes to the design of the system and the invitation to infringe.

The conclusion that Cowdrow J draws is that iiNet does not provide the ‘means’ to infringement, because (a) the internet has many ‘lawful uses’ (Tape Manufacturers) (cf Sony, ‘substantial non-infringing uses’); and (b) iiNet has not actively supported the system that is the ‘means’ of infringement (the BitTorrent system, as a whole). Crucially, one does not infringe merely by using the internet – users need to do something else (seek out BitTorrent trackers and files) in order to infringe. If iiNet had played a more active part in the infringement, then it may be seen as providing the ‘means’ (in Moorhouse, this was by providing a copier in a library and effectively extending an invitation to infringe (per Jacobs J) or where it was ‘likely’ to be used for infringement (per Gibbs J); in Kazaa this was the advertising, predominantly ‘join the revolution'; in Cooper it was the knowledge and intent that most files on the website were infringing). What makes this interesting is that ‘means’ appears to incorporate intent in some way, although it is not exactly clear how this plays out.

Only after the ‘means’ are identified do the other factors become relevant – control, power to prevent, and knowledge of infringements. It would seem that the best reading of Cooper is that the ISP in that case was that while it did not provide the ‘means’ by hosting Cooper’s website, it was drawn into his infringement by the support it gave him with knowledge and intent that the files were predominantly infringing. No such relationship of control or support existed between iiNet and anyone providing BitTorrent services.

Much of this reasoning appears to depend on a finding that the internet is much more useful for non-infringing uses (not a ‘human right’, but performs a “central role in almost all aspects of modern life”).([411]) This distinguishes general technologies that “have lawful uses” (Tape Manufacturers) from technologies like Kazaa and Cooper’s website, whose ‘predominant’ or ‘overwhelming’ uses are to infringe ([412]). This seems explicitly draw Australian authority into line with the development of US authority in Sony, that developers will not be liable for products that have “substantial non-infringing uses”, and the exception that was drawn in Grokster holding developers liable where they ‘induced’ infringement. In this way, Cowdroy neatly reads Moorhouse in line with Sony and both Cooper and Kazaa in line with Grokster.

This is actually quite a neat distinction. Rather than treating every link in the chain that makes infringement possible as the ‘means’ of infringement and then having to carefully examine factors such as control, power to prevent, and knowledge, Cowdroy J has managed to articulate a distinction between mere facilities and services that are actually either designed to aide infringement, promoted to do so, or have little other purpose than to facilitate infringement. This puts an end to the classic confusion – if iiNet are liable for the acts of its users, surely the electricity company can also be liable, because but for their power, infringements could not occur. By interpreting ‘means of infringement’to require some more active role, Cowdroy J has created some certainty for the providers of general use technologies.

The role of s 101(1A)

A potential problem on appeal may be whether this definition of ‘means’ is consistent with s 101(1A), which requires that in addressing authorisation, a court must take into account control (power to prevent), relationship, and reasonable steps taken. If the enquiry is ended by the definition of ‘means’ of infringement, these factors may not be adequately taken into account. Justice Cowdroy dealt with this by relying on Kazaa and Metro as authority that 101(1A) did not change the common law for authorisation([415]); the statutory considerations are therefore relevant, and must be considered, but they seem to be subsumed within the threshold question of whether the respondent provided the ‘means’. So, in this case, iiNet did not have a power to prevent because they had no control BitTorrent – which meant that iiNet did not provide the ‘means’.([424],[444]) Similarly, there was nothing in the relationship of iiNet with its subscribers that suggested that iiNet authorised their infringements – unlike Kazaa.([452]) Finally, the Court found that iiNet had no reasonable steps it could have taken to prevent infringement.([458]) It would seem, in Cowdroy J’s framework, that if any of these factors were different, iiNet may be taken as having provided the ‘means’ for infringement (though they are not determinative of themselves). The same goes for knowledge and encouragement, which are relevant but not statutory factors.([463], [473]). More analysis is required as to how exactly the statutory factors inform both the finding of whether a technology provides the ‘means’ of infringement and the questions that must be asked after the means have been identified, but, as a complex question of fact, Cowdroy J’s use of a distinction based upon the ‘means’ does not seem to fall into an error of law and seems to provide a useful way to distinguish active from passive actors.

Read More

iiNet did not ‘authorise'; providing internet access is not providing the ‘means’ of infringement'; safe harbours are effective

[ edit: full decision is now available: Roadshow Films Pty Ltd v iiNet Limited (No. 3) [2010] FCA 24. More commentary to come. ]

More analysis on iiNet, after I have seen the written summary of the judgment. Justice Cowdroy found that iiNet did not ‘authorise’ the infringements of its users. In coming to this conclusion, Cowdroy J drew a distinction between iiNet and Moorhouse, Jain, Metro, Cooper, and Kazaa based upon what it meant to provide the ‘means’ of infringement:

“There does not appear to be any way to infringe the applicants’ copyright from the mere use of the internet. Rather, the ‘means’ by which the applicants’ copyright isinfringed is an iiNet user’s use of the constituent parts of the BitTorrent system. iiNet has no control over the BitTorrent systme and is not responsible for the operation of the BitTorrent system.”

This is very interesting; it suggests that not every link in the chain that enables infringement will constitute providing the ‘means’ of infringement. It seems to make sense, but it does change the way we have come to think about infringement. Having said that, Cowdroy J did not find that ss 39B and 112E, which insulate a provider from liability where it merely “provides the facilities” for infringement, would have prevented iiNet from being liable. This suggests that the scope of ss 39B and 112E are not particularly greater than the Moorhouse test for infringement, which is something the Philips Fox report suggested, but has never been made clear.

Interestingly, as a finding of fact, Cowdroy J found that iiNet had actual knowledge of infringements and did not act to stop them.

So, the decision was based primarily upon the Moorhouse test for infringement – whether iiNet ‘sanctioned, approved, or countenanced’ the infringements of its users. Justice Cowdroy found, in relatively strong terms, that iiNet could not be seen as authorising any infringements, as “iiNet has done no more than to provide an internet service to its users.” His Honour contrasts this clearly with the most recent secondary liability cases, where there was clearly bad faith in the actions of the providers: “This can be clearly contrasted with the respondents in the Cooper and Kazaa proceedings, in which the respondents intended copyright infringements to occur, and in circumstances where the website and software respectively were deliberately structured to achieve this result.”

In coming to this conclusion, Cowdroy J worked through the requirements for authorisation liability in s 101, which include the extent of iiNet’s power to prevent infringements and whether iiNet took any reasonable steps to prevent or avoid infringements. Very interestingly, His Honour found that a scheme for notification, suspension and termination of customer accounts is not “a relevant power to prevent copyright infringement” pursuant to s 101(1A)(a); nor is it a ‘reasonable step’ pursuant to s 101(1A)(c). It seems that here the Judge must have been impressed with iiNet’s arguments that disconnection of internet access is not a correct or reasonable response to allegations of copyright infringement. Given the way in which Cowdroy J distinguished the earlier authorisation cases, it seems that the factors in 101(1A) are more likely to be relevant where the provider has some sort of more fine-grained control over the network or service that provides the actual ‘means’ to infringement; not just a big switch on the entirety of a customer’s network connection.

This is an excellent finding of fact – it shows that Cowdroy J rejects AFACT’s argument that it would be ‘reasonable’ to disconnect users based upon unproved allegations of infringement. Clearly a win for the interests of users.

This finding of fact in itself is sufficient to allow iiNet to escape liability. Justice Cowdroy, however, also made some findings of facts on the safe harbours, in case of any appeal. Interestingly, His Honour held that the safe harbours would have covered iiNet’s actions if it were liable for authorisation; the critical finding here is whether iiNet reasonably implemented a policy for termination of the accounts of repeat infringers. In explicitly turning to US authority, Justice Cowdroy found that though it was not a policy of the form that AFACT would have liked, iiNet did reasonably implement a repeat infringer policy. There’s not much detail on this point in the summary, but this will be an important consideration in the future. We were a bit concerned for a while that the safe harbours, which many of us had assumed were designed to cover ISPs in iiNet’s position, did not provide adequate certainty. It seems that that may now have been rectified, at least for passive ISPs, and the interpretative battle lines will have to be redrawn around content providers now – particularly sites like YouTube who are more directly involved in any infringements.

All in all, this seems like a very strong win for iiNet. The two main findings of fact – that iiNet did not ‘authorise’ and that iiNet’s policy was ‘reasonable’ – will make it extremely difficult for AFACT to appeal. Having said that, an appeal does seem inevitable. I will provide some more information when the full text of the judgment is available.

ZDNet Twisted Wire interview

This week I was interviewed by Phil Dobbie for ZDNet's Twisted Wire program. Also interviewed were Peter Coroneos from the Internet Industry Association and Adrianne Pecotic from AFACT. You can listen to the podcast (direct link (mp3)).

One thing I found disturbing about this interview was AFACT's suggestion that the law was clear and that iiNet had a clear responsibility to monitor its subscribers' internet use and disconnect users who infringe. This is obviously a contested issue, and the law certainly is not clear. The particular requirement of the Safe Harbours are largely untested – both here and in the US – and particularly against ISPs. We have mostly assumed that ISPs were more like common carriers than the P2P networks that have been found responsible for secondary copyright infringement. The iiNet case challenges that assumption, but it is misleading to argue that the law is clear in any meaningful way.

AFACT v iiNet copyright infringement suit


Not really pirates. Pirates of the Caribbean: At World's End is one of Disney's films at the centre of the law suit. Image © Disney.

As you may have heard, the movie industry has sued iiNet for copyright infringement. iiNet have responded that they will 'vigourously defend' the case. EFA released a press release here. Kim Weatherall has a detailed post on the case here.

AFACT allege that they have evidence that iiNet users have downloaded copyright films without permission. Lets assume that they do, no big surprise here. Implicit in the BitTorrent protocol is that users are sharing as they download the film. It AFACT used DtecNet to download video files, and logged the IP addresses in the pool that belonged to iiNet users. On this basis, AFACT alleges that iiNet users 'made available' and 'electronically transmitted' the films to other persons. As part of this, AFACT has to show that even if it received some data from iiNet IP addresses, that data formed a 'substantial part' of the film. Because torrents typically have hundreds of peers, it would be possible to believe that each peer generally does not, by itself, transmit a 'substantial part' of the film. I imagine, however, that each peer would be liable as a joint tortfeasor. Still, it's an important question of fact.

AFACT also alleges that users made physical copies of the films onto DVDs to watch, although it's not clear how they obtained this evidence.

Edit: APC Mag have made the full statement of claim available.

Inducement liability

AFACT allege that iiNet is liable for copyright infringement on two alternative theories. The first is based on the inducement test that we saw in Kazaa. AFACT allege that iiNet

  • knew or should have known that iiNet users engaged in filesharing of infringing material
  • took no action in response to emails sent by AFACT alleging infringement
  • 'offered encouragement' to iiNet users to engage in illicit filesharing
  • failed to enforce iiNet's terms and conditions which prohibit using iiNet to infringe copyright
  • continued to offer internet access to customers who AFACT alleged engaged in filesharing; and
  • 'through its own inactivity and indifference permitted a situation to develop and continue where iiNet Users engaged in, or continued to engage in' illicit filesharing.


In Australia, authorisation liability requires that the person 'sanction, approve, or countenance' (UNSW v Moorhouse. Section 101(1A) of the Copyright Act 1968 (Cth) provides a non-exhaustive list of factors to be taken into consideration when determining authorisation:

(a) the extent (if any) of the person's power to prevent the doing of the act concerned;

(b) the nature of any relationship existing between the person and the person who did the act concerned;

(c) whether the person took any other reasonable steps to prevent or avoid the doing of the act, including whether the person complied with any relevant industry codes of practice.


AFACT argue that iiNet, by failing to terminate users accounts in response to allegations of infringement made by AFACT, 'sanctioned, authorised or countenanced' those infringements. This is where it gets interesting. AFACT allege knowledge, but since iiNet is only given notice of allegations of infringement – infringement was never proven in court – this may be enough to negate knowledge. So the question is whether iiNet 'through its own inactivity and indifference' effectively passively encouraged infringing acts, or, alternatively, actively encouraged infringement by offering support to filesharers.

Section 112E means that a person who merely provides the facilities for infringement does not 'authorise' that infringement. This means that iiNet has to do something more than merely providing internet access. In Kazaa, this was established by exhortations to 'join the revolution' and at least partly premised on the fact that there were few non-infringing uses of Kazaa in evidence. [404-5].

In the case of iiNet, this is a bit harder to see. I don't think that anyone can make out that “a major, even the predominant” use of internet connections is to infringe copyright. AFACT allege that iiNet, by failing to take any steps to discourage copyright infringement, passively encourage any infringements which do occur. AFACT also allege that iiNet actively encouraged its users to infringe 'by not suspending or terminating' their internet service, and by not shaping or restricting P2P downloads. This seems to be a pretty far stretch from the Kazaa advertisements that were decisive in that case. Primarily, both internet use in general and BitTorrent use in particular have substantial non-infringing uses, so it is hard to see that a decision not to restrict all BitTorrent use could 'authorise' infringement. So the real question here is whether, by not suspending or terminating accounts based upon allegations of infringement provided by AFACT, iiNet were 'encouraging' any illicit filesharing that was, in fact, carried out. This is a question of fact, but it also imports significant issues of public policy. If the court finds that not terminating subscriber accounts upon allegations of infringement is 'encouraging' (meaning 'sanctioning', 'authorising', or 'countenancing') that infringement, it will mean that ISPs will effectively be under a positive duty to investigate and police allegations of infringement.

Vicarious liability

The second grounds for liability alleged by AFACT is US-style vicarious infringement, as developed in Cooper. AFACT allege that iiNet:

  • had to power to prevent the infringements of its users;
  • had a direct and commercial relationship with iiNet customers that allowed it to 'take action' against those customers who engaged in illicit filesharing; and
  • did not take adequate steps to prevent or avoid the infringements.


AFACT allege that iiNet have the power to prevent infringement by terminating or suspending internet accounts. The problem with this allegation is that iiNet itself may be liable to its users if it begins terminating accounts based upon unsubstantiated allegations from copyright owners. It would have to undertake significant investigation on its own initiative, and there again it may face liability or at least significant pressure for invading the privacy of its users. Finally, AFACT allege that iiNet could have taken 'other reasonable steps', including sending a notice to iiNet customers that AFACT had identified their accounts as potentially infringing and 'requesting that [they] cease such conduct'. Given that the copyright industry has not had the best track record of accurately identifying infringers, and in fact, has no real incentive to do so, iiNet may not be acting unreasonably by refusing to issue such notices. If appropriately construed, this type of behaviour could also conceivably come dangerously close to prohibited groundless threats of legal proceedings.

Finally, as with the other allegation of liability, any claim is limited by s 112E, which goes some way to immunising ISPs if they do nothing more than provide the network link. We have to reconcile the alleged grounds for authorisation liability above – that the ISP did not take 'adequate steps' – with the statutory provision that an ISP will not be liable “merely because another person uses the facilities so provided to do something the right to do which is included in the copyright.”1) Section 112E, on its face, appears to justify the position that an ISP which is doing absolutely nothing to either encourage or discourage copyright infringement will not be liable. It is not really clear how AFACT intend to make out that, even if the ISP has a 'power to prevent' and a 'direct commercial relationship', it would be positively required to act in oversight, despite s 112E.

These are all interesting questions of fact – to be determined by a judge at first instance – that will have to be proved by AFACT. Their resolution will depend largely upon what actions would be deemed 'reasonable' to prevent alleged infringements. This is really a public policy argument – to what extent do we want internet service providers to be responsible for identifying and terminating the accounts of alleged infringers, outside of the scope of proper judicial oversight?

What about the safe harbours?


Something we haven't spoken about yet are the safe harbours introduced in 2004 as a result of the Australia – US Free Trade Agreement (commenced 01 January 2005). Section 116AG, read with 116AC, provides that courts may not award monetary remedies against ISPs that are only “providing facilities or services for transmitting, routing or providing connections for copyright material”. Remedies are limited to “an order requiring the carriage service provider to take reasonable steps to disable access to an online location outside Australia” and “an order requiring the carriage service provider to terminate a specified account.”2)

Interestingly, it does not appear that AFACT have yet dealt with the conditions of the safe harbours. Assumedly they are waiting for iiNet to raise the safe harbours in defence, at which time they may decide to argue that iiNet are not eligible on the basis that iiNet has failed to “adopt and reasonably implement a policy that provides for termination, in appropriate circumstances, of the accounts of repeat infringers.”3) If AFACT is able to show that iiNet's policy is either not appropriate or not reasonably implemented, then the claims of authorisation liability may go ahead. How exactly, however, AFACT plan to do this, is anyone's guess.

Assumedly, iiNet will claim that it has an reasonable and enforced policy to deal with repeat infringers, in that once ordered to do so by a court, it will terminate access. AFACT is likely to counter that iiNet's policy is neither reasonable nor enforced, and that iiNet should instead be investigating allegations of infringement proactively, rather than waiting for either the AFP or the copyright owner to bring (and prove) an action for infringement. The resolution will likely come down to whether the text of s 116AH ('repeat infringers') requires proof of infringement or merely a reasonable suspicion (or some other test?).

Conclusion


This case raises some pretty important public policy questions. As I highlighted in EFA's press release, “ISPs are not in a position to monitor and terminate internet access to users based upon unsubstantiated threats from copyright owners, and should not be asked to do so.” I think that basic principles of procedural fairness and due process would in fact prevent iiNet from suspending and terminating accounts based upon allegations made by AFACT. iiNet has said that it will terminate in response to a court order, and I think that this is reasonable. Copyright infringement is not infringement until proved, and the courts are able to exercise judicial oversight and care in their binding findings of fact. These safeguards do not exist when private corporations are making the decisions. A system which required termination of internet access based upon untested allegations would be likely to result in substantial hardship to internet users. If ISPs are liable for not terminating user accounts, the power imbalance between individual users and ISPs and copyright owners would generally mean that rational, risk averse ISPs are more likely to terminate access based upon unsubstantiated allegations, and innocent individuals are more likely to be adversely affected.

Kim very aptly summarises the dangers of forcing disconnection without trial:

[I]f individuals were sued, rather than disconnected, (a) the cost of enforcement would lie on the copyright owners, and (b) consumers, and media, and everyone else, would be clear on what was happening, who it was initiated by, and, in fact, that it was happening. And in the case of Australia, unlike the US, damages are linked to the harm suffered by the copyright owner, so the threat of exorbitant fines of the Jammie Thomas variety would not be there. The advantage of the lawsuit option is that it is public and that everyone takes responsibility for their action. That is not necessarily a bad thing, on all sides. In other words, if MIPI decides to sue individuals, it will, in so doing, at least have to articulate its reasons, justify them to the Australian population at large, and to politicians. Politicians, too, would need to observe the effects of copyright laws and to justify them to the Australian people. I think that’s only appropriate, rather than going through the back door of managing it all second hand through the ISPs.


To this, I would just add that although copyright suits brought against end users may be better in aggregate than 'back door' enforcement through ISPs, they are likely to bring significant hardship to individuals. We have seen the extraordinary pressure that the copyright industry is able to bring to bear on individuals accused of copyright infringement, essentially forcing a settlement for several thousand dollars rather than the high risk and extreme expense of a drawn out legal process. We have to realise that this is not a dichotomy between enforcement at the ISP level and mass individual suits. If they are our only two choices, I would suggest that there is something fundamentally flawed about the way our copyright system is organised. There are certainly other ways in which we can compensate (or incentivise) investment in the creation of copyright expression that do not involve either making examples of individuals or forcing ISPs to police subscriber accounts. We are always able (at least in theory) to redraw the boundaries here, as to what, exactly, will constitute infringement, and how incentives can be distributed – a tax on internet usage being the apparent current best option,4) with an exclusion of liability for non-commercial or private use running a close second.5)

This case also raises important questions as to the appropriate penalty for copyright infringement. Personal small scale infringement is not a crime in Australia. As such, the proper remedy is damages, not punitive. Disconnecting an entire household's internet access, even if it is able to be proved that a member of the household downloaded copyright material, is a punitive measure that will in many cases greatly outweigh any harm done to the copyright owner. It will prevent children from researching school assignments, or video calling their grandparents. It could prevent others from telecommuting or working remotely. It would indeed prevent all forms of internet mediated communication – something upon which we have become increasingly reliant. It would in most cases involve a significant financial burden for reconnection fees.

Remember that claims for damages in copyright cases are generally hyper-inflated. We have seen the music industry calculate damages per song by taking the album price and dividing by the average number of tracks on an album, and then multiplying that number by a punitive factor. The introduction of statutory damages (proposed for ACTA: beware) is designed to do just that, and has resulted in absurdities like a US jury award of $222,000 in damages for infringing copyright in 24 songs.

If AFACT succeeds in this case, the result is likely to be disastrous for internet users in Australia. ISPs will be terrified of being sued, and will likely disconnect individual users without taking the care to determine the merits of allegations of copyright holders. There will be no court processes, so individual users will have no ability to contest the allegations, short of suing their service providers. There will be no court processes, so the media will not fully report on the issues, and a lot of the injustices will go unnoticed. Copyright owners will have extra judicial justification for their flawed tracking processes, resulting in a likely increase in the number of spurious and oppressive claims.6) And, importantly, thousands of individuals are likely to be severely punished for small-scale copyright infringement in an environment where the copyright industry shows an almost complete lack of respect for its legitimate customers. In short, not good news.

2)
s 116AG(3).
4)
see proposals by Prof Terry Fisher and Peter Eckersley, amongst others
5)
For a detailed examination of the scope of copyright in Australia, see Ben Atkinson, The True History of Copyright.
6)
See, for example, the 'Dancing baby' suit, where a 29 second home movie clip of a baby dancing to a song on the radio was removed from YouTube: http://www.eff.org/cases/lenz-v-universal