The February 2011 decision of the Federal Court of Australia in Roadshow Films Pty Ltd v iiNet Ltd  FCAFC 23–exonerated Australia’s second-largest internet service provider (“ISP”) from claims that it authorized primary copyright infringement of the works of a 34-member rightsholder conglomerate called the Australian Federation Against Copyright Theft. The decision represents a significant breakthrough in the field of liability for an internet-based intermediary (essentially any entity that receives, transmits and/or provides other services with regard to an electronic message over the internet) since-the lead opinion by Judge Emmett puts forward an innovative set of criteria for evaluating intermediary liability of ISPs. Paragraph 257 of Judge Emmett’s opinion captures these criteria in the following words:
“[W]hile the evidence supports a conclusion that iiNet demonstrated a dismissive and, indeed, contumelious, attitude to the complaints of infringement by the use of its services, its conduct did not amount to authorisation of the primary acts of infringement on the part of iiNet users. Before the failure … to suspend or terminate its customers’ accounts would constitute authorisation of future acts of infringement, the Copyright Owners would be required to show that at least the following circumstances exist:
(a) iiNet has been provided with unequivocal and cogent evidence of the alleged primary acts of infringement …
(b) The Copyright Owners have undertaken:
(i) to reimburse iiNet for the reasonable cost of verifying the …infringement alleged and of establishing and maintaining a regime to monitor the use of the iiNet service … and
(ii) to indemnify iiNet in respect of any liability reasonably incurred by iiNet as a consequence of mistakenly suspending or terminating a service on the basis of allegations made by the Copyright Owner.”
These criteria form a good point of departure for Indian copyright law, which is still struggling to answer some basic questions on how liability for copyright infringement should apply to ISPs.
In India, intermediary liability is addressed by the Information Technology (IT) Act, 2000, Section 2(1)(w), whichincludes ISPs in its definition of -‘intermediaries’. Section 79(3)(b) of the IT Act holds ISPs liable only if they have actual knowledge of infringing content or have received a notification to that effect by a government agency and the threshold of due diligence in acting expeditiously to remove content or disable access to it. This permits ISPs to be painted with the same brush as other online intermediaries such as websites, social networking portals and the like, which perhaps answer more faithfully to the definition of intermediaries in this context. This is particularly damaging since it leaves the door open for generalizations and characterizations to be made of ISPs when, certainly in terms of business models and incentive structures, ISPs bear little resemblance to online intermediaries that better fit the definition.- Separating ISPs from other online intermediaries has been fairly successful under 17 U.S.C. § 512(k)(1)(A) in the United States, which segregates ISPs from other types of intermediaries within a broad framework which sets out the conditions in which content posted by intermediaries online will not be considered infringing.
Even allowing for the deliberate vagueness necessary to bring all of Section 2(w) within its sweep, Section 79(3)(b) of the IT Act remains rudimentary at best from a substantive perspective, primarily because it does not recognize the significant compliance costs incurred by ISPs and the genuine dilemma for such service providers of being caught between intellectual property enforcement efforts and potentially losing a large proportion of their customer.
Charting a balanced way forward for the Indian law on intermediary liability is vital in light of Super Cassettes Industries Ltd v. MySpace Inc. 2011 (47) PTC 49 (Del), India’s first substantive decision on intermediary liability, which found the social networking website MySpace liable for authorizing copyright infringement of works by its users on an interpretation of Section 51(a)(ii) of the Copyright Act, 1957. Section 51(a)(ii) saves from infringement an intermediary who is not aware and has no reasonable ground for believing that the communication of the work would be infringing. This “knowledge and reasonable belief” standard (paragraph 47) applied in MySpace highlighted the acute need for a robust substantive standard on intermediary liability.
ISPs need to be more proactive than reactive in confronting copyright infringement and – owe a general duty to assist in copyright enforcement. However, guided by iiNet, this general duty should only extend to cases where other stakeholders such as internet users and the State regulatory agencies are not unreasonably prejudiced, whether on legal, economic or moral grounds. The iiNet guidelines show ISPs a feasible way out of the enforcement problem, especially since the fallout of the decision appears to have enabled ISPs to protect their business interests while complying with the law but making few, if any, changes to their -copyright enforcement commitments.
- The iiNet decision
The seemingly onerous demands required by Judge Emmett to be met by copyright holders in order to get ISPs to aid in copyright enforcement indicates that the threshold of ‘authorisation’ – which is understood to be the grant or purported grant of the right to do the act complained of – is being met increasingly easily by ISPs. Indeed, the ingredients of authorisation identified by Judge Emmett in the excerpt from his opinion provided above – (i) the power to-control the means of infringement, (ii) making that means available to others and (iii) failure to take reasonable steps to limit infringement — are more in line with those recently outlined in Twentieth Century Fox v. Newzbin Ltd.  EWHC 608 (Ch) (involving a website service that made copyrighted content available to its users) than those provided over two decades ago in CBS Songs v. Amstrad  1 AC 1013 (involving tape recording facilities that allowed buyers to create copies of copyrighted musical works), where, arguably, elements of these ingredients were present and yet not held to constitute authorisation.
In place of authorisation, Judge Emmett- correctly recognizes that in order to expect ISPs to side with enforcement rather than infringement, two main concerns need to be addressed. First, the holders’ claims must be based on strong, cogent evidence and not infringement notices, which are assertive and speculative. To this end, they must provide indemnity to ensure that when the ISP pulls the plug on infringing users, it is not held liable for doing the holders’ bidding. This addresses the fact that infringement surveillance mechanisms remain unreliable and terminating internet connections on the basis of mere allegations would violate procedural fairness (P. Yu, ‘The Graduated Response’ (2010) 62 Florida Law Review 1373). Second, ISPs must be compensated for the considerable costs likely to be incurred in surveillance, policing and data retention for the purpose of enforcement. This responds to the concern that enforcing holders’ copyrights would unfavourably skew ISPs’ profit structure, making it difficult to offer low-cost and quality service to users (Yu).
Judge Emmett – also wisely leaves these requirements open-ended by using the words ‘at least the following circumstances’, allowing for flexibility to be built into these requirements over time. The overall standard required to be met by copyright holders is a justifiably high one, indicating judicial cognizance of the extreme (and often disproportionate) nature of the measure of disconnection as an enforcement action (Yu) and a more balanced approach to enforcement by requiring from full confirmation of an infringement before taking enforcement action (see H. Travis, ‘Opting Out of the Internet in the United States and theEuropean Union: Copyright, Safe Harbors, and International Law’ (2008)
84 Notre Dame Law Review 331 -).
- Passive-reactive to active-preventive ISPs
The articulation of pre-enforcement requisites to be fulfilled by copyright holders in iiNet could also be seen as going some way towards stabilising the position of ISPs vis-à-vis enforcement obligations. It assumes greater significance in the context of the recent shift from clearly defined ISP safe harbours to a co-operative model of graduated sanctions, which responds to the evolution of ISPs from being passive carriers of information to active managers of content, possessing direct enforcement means (Annemarie Bridy, ‘Graduated Response and the Turn to Private Ordering in
Online Copyright Enforcement’ (2010) 89 Oregon Law Review 81; -; Jeremy de Beer and Christopher Clemmer, ‘Global Trends in Online
Copyright Enforcement: A Non-Neutral Role for Network Intermediaries?’
(2009) 49 Journal of Jurimetrics 375). Indeed, in the present scenario in the U.S. for instance, while there is no affirmative requirement for ISPs to implement technological/monitoring measures to claim safe harbour protection (Yu), it would be difficult to do so without implementing some policy against repeat infringers (Bridy).
Interestingly, this trend has not been instigated purely by pressure from copyright holders. ISPs’ self-interest has also played an important role in the voluntary assumption of these responsibilities in at least two ways—first, the burden imposed by infringers’ file-sharing on ISPs’ network resources and second, the scope for synergy between holders (content suppliers) and ISPs (distribution networks) in offering an integrated product (Yu; de Beer/Clemmer).
- When should ISPs owe a duty to prevent infringement?
If indeed ISPs’ self-interest suggests that complying with enforcement demands of copyright holders may not be onerous under some circumstances, the next question is of what these circumstances are. Given that the law protects copyright per se (rather than making protection contingent on a feasibility-of-enforcement analysis), ISPs should owe a general duty of co-operation to assist in copyright enforcement. However, this duty should only extend in circumstances where enforcement does not unreasonably prejudice other parties on legal, moral or economic grounds.
One set of situations where unreasonable prejudice may be caused to users is where their individual liberties are violated without any procedural safeguards in place (Yu). This would cover cases where a user is disconnected from the internet on the basis of merely alleged infringement, where such a measure is not preceded by a formal notice of infringement, where disconnection is not an ‘appropriate, proportionate and necessary measure’ (Yu) and where the individual does not have an opportunity for judicial redress.
These concerns are addressed by the Digital Economy Act, 2010 (“DEA”) in the UK, which incorporates two important procedural guarantees as part of a graduated response—inserting a three-stage notification process to subscribers under Section 124A of the UK’s Communications Act, 2003 (which, ideally, should coalesce multiple infringements over the relevant period into a single notice rather than direct separate notices for every individual infringement; Bridy) and measures for an independent system for appeals by users (which would ensure fairness by adjudicating each case on its merits; Bridy), including a right to anonymity (Ofcom, Online Infringement of Copyright and the Digital Economy Act 2010:
Draft Initial Obligations Code (28 May 2010) -).
As the DEA implementation strategy correctly acknowledges, the educative and rehabilitative functions of these procedures must also be taken seriously and preliminary infringement notices in particular must outline, in simple language, the nature of the alleged infringement, possible corrective measures and legal options in terms of challenging the alleged infringement (Ofcom Draft Code; Yu).
Further, in line with the iiNet conditions, the DEA recognises that procedural fairness also requires that allegations of infringement should be based on credible evidence and not mere allegations. This is this important from a procedural perspective and anchoring infringement allegations to credible evidence also increases the likelihood that the eventual enforcement measure will be proportional to the infringement (Yu).
To this end, a ‘quality assurance report’ for infringement reports has been proposed, which would require holders to reveal measures taken to assure the integrity, accuracy and legality of evidence of infringement (Ofcom Draft Code). This system would impart sufficient flexibility to allow copyright holders to develop the necessary technical measures while preserving scope for intervention vis-à-vis the substance of the reports, either by Ofcom or by the appellate body (Ofcom Draft Code).
Another legal safeguard that may need to be contemplated relates to the appellate body. Even where infringement notices are based on credible evidence, since the case against the user is of infringement, the adjudicating authority must be willing to consider defences to copyright infringement (Yu). Additionally, given the criticality of internet access to many ISP users, the adjudicating authority should give due weight to the absolute nature of internet disconnection and the possibility for alternative arrangements for internet access (Yu).
These provisions should go a long way towards placating concerns of procedural fairness in the enforcement process, especially if further reforms such as mandatory requirements for ISPs to disclose their copyright enforcement practices (including any invasive technological monitoring measures used) to their users (Bridy). ISPs could then be justifiably required to use the means at their disposal to assist in enforcement.
Economic and moral grounds
There is a further reason for requiring ISPs to assist in copyright enforcement—since ISPs benefit indirectly from infringement (through more users and greater usage) and exercise greater control than in the past over user content, they should also bear fair share of responsibility for assisting with enforcement (Yu; Bridy).
However, this responsibility depends on the ISP’s scale because as unreasonable as it is to allow large ISPs with several thousands of users to be unaccountable for infringement by those users, it is equally unreasonable to require, say, a small ISP to incur significant costs to comply with legislation designed to address infringement which it does not notably contribute to (Ofcom Draft Code).
A balance between these extremes could be attempted along the lines of Section 124C(5) of the UK’s Communications Act under which a moving target threshold can be set to identify ‘qualifying’ ISPs. The flexibility in this measure would ideally allow a regular review of the threshold to ensure that infringing users are not out of the reach of enforcement by migrating to smaller ISPs that perpetually remain below the threshold (Ofcom Draft Code). This is supplemented by Section 124M(3)(a) which allows scope for ISPs to claim costs of enforcement from copyright holders, reflecting another of the iiNet conditions.
While this threshold establishes a workable basis for determining which ISPs should owe a duty to assist in copyright enforcement, there remains the possibility that, in practice, enforcement actions by ISPs will disproportionately target small users. This is because the economic loss to ISPs resulting from these users being bumped off the network for infringement is likely to be far lesser than if large users with deep pockets are disconnected (Yu).
Even if such open discrimination is not practiced, there could be interference by ISPs with the principle of network neutrality (requiring no restrictions on internet content accessible to users) by using technological measures to restrict/prohibit certain types of bandwidth-intensive activities (de Beer/Clemmer). While such measures would broadly appear to be in aid of copyright enforcement, they would do so by unreasonably prejudicing that demographic of users.
To that end, there is a need to ensure that copyright enforcement by ISPs (though more an obligation than a duty in such cases) does not so discriminate between infringers, possibly by strengthening procedural safeguards for users and allowing a broad scope for the adjudicating authority to scrutinise ISPs’ enforcement policies.
Eashan Ghosh graduated with Distinction Honours on the Bachelor of Civil Law (B.C.L.) programme at the University of Oxford in 2011 and is a multiple gold medalist on the B.A. LL.B. (Hons.) programme at the National Law School of India University (NLSIU), Bangalore. He is currently an Associate with Fidus Law Chambers, a leading Indian intellectual property law firm, and practices intellectual property law at the Delhi High Court.
By Eashan Ghosh