internet service providers Archives - IPOsgoode /osgoode/iposgoode/tag/internet-service-providers/ An Authoritive Leader in IP Thu, 15 Oct 2015 15:28:36 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 Internet service providers liability and copyright protection in the EU /osgoode/iposgoode/2015/10/15/internet-service-providers-liability-and-copyright-protection-in-the-eu/ Thu, 15 Oct 2015 15:28:36 +0000 http://www.iposgoode.ca/?p=28034 The re-posting of this analysis is part of a cross-posting collaboration with MediaLaws: Law and Policy of the Media in a Comparative Perspective.   Which is the legal framework surrounding Internet Service Providers (ISPs) in the EU, when it comes to copyright protection? The following article analyses the importance of ISPs in the enforcement of […]

The post Internet service providers liability and copyright protection in the EU appeared first on IPOsgoode.

]]>
The re-posting of this is part of a cross-posting collaboration with : Law and Policy of the Media in a Comparative Perspective.

 

Which is the legal framework surrounding Internet Service Providers (ISPs) in the EU, when it comes to copyright protection? The following article analyses the importance of ISPs in the enforcement of rights in Cyberspace and in balancing different interests.

This work finds its roots in the essay composed in the context of the LSE Summer School 2015 Cyberlaw course attended by the author, during which he was given a full introduction on all the hot topics covered by Information Technology Law.

 

SCENARIO

A European ISP, EasyTelco, leases to its clients its fiber-optic cables to deliver fast Internet access.
A movie producer, DotCom Entertainment, has recently informed EasyTelco that some of its clients are allowing users to access a website based in Greece, called FreeShare.com, which hosts unauthorised copies of some of the products of DotCom Entertainment. Hence, they ask EasyTelco to block access to FreeShare.com and to any other site on which they know are illegally hosted DotCom Entertainment movies.

 

THE LAW

As a matter of simplicity, we will not domicile EasyTelco in any EU State in particular, in order to hold a more generic point of view. Moreover, we will focus only on the ISP regime, omitting the position of the other subjects involved in the case.

First, it is easy to recognise that DotCom Entertainment, being the author of the multimedia products involved in the dispute, holds a rightful copyright over them, which includes, among others, an exclusive right to make or authorise the making of copies of the work and to decide whether to issue those to the public. Thus, it is copyright infringing to engage in unauthorised copying for commercial purposes, and the law gives action on that to the right holder.

In the light of this right, the position of EasyTelco is a complex one, because it lays at the very cross-over between contrasting interests, as we will see.

The ISPs legal status has been shaped by the European Electronic Commerce Directive[1] and the Copyright and Related Rights in the Information Society Directive[2]. As a matter of fact, Art. 8(3) of the Copyright and Related Rights in the Information Society Directive creates a “notice and take down” system:

 “Member States shall ensure that rightholders are in a position to apply for an injunction against intermediaries whose services are used by a third party to infringe a copyright or related right.”

However, protection of copyright needs to be balanced with the safe harbour provision of the art. 15(1) of the Electronic Commerce Directive, which says that:

 “Member States shall not impose a general obligation on providers, when providing the services covered by Articles 12, 13 and 14, to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity.”

The article refers to art. 12, 13 and 14, which all define different types of ISPs, to identify the subjects benefiting from the protection of the above-mentioned article. In brief, the three articles set forth that “mere conduit”, caching and hosting providers shall not be liable for the information they transmit, cache and host, unless they are made aware of their (defamatory, copyright infringing, etc.) nature. In particular, art.12[3] is the one relevant for our purposes, as long as it defines the “mere conduit” provider as whoever allows transmission of information in or access to a communication network, which happens to be the exact activity of EasyTelco. As a final point, the third paragraph of the article allows norms such as art.8 of the Directive on copyright protection, stating that:

“3. This Article shall not affect the possibility for a court or administrative authority, in accordance with Member States’ legal systems, of requiring the service provider to terminate or prevent an infringement.”

Therefore, EasyTelco should not be held liable for copyright violations occurred within its connection services, as long as it is unaware of them, according to the general prohibition set forth by art.15 Ecommerce Directive on imposing a general duty to monitor the content of communications. However, following the “notice and take down” system, it is likely that a court would grant an injunction to the claiming party to oblige EasyTelco to unable access to copyright infringers such as FreeShare.com.

 

AN EXAMPLE FROM THE UK

An English case helps us understanding how courts balance the two contrasting EU provisions: Twentieth Century Fox and ors v British Telecommunications plc (Newzbin II) [4]. The “Studios” were trying to close the P2P sharing website Newzbin, liable of hosting copyright infringing materials. The claimants decided to seek an injunction under s.97A[5] of the CDPA 1988, which mirrors art.8 of the Copyright and Related Rights in the Information Society Directive, against BT, to oblige it to prevent users to access Newzbin via the inclusion of the URL in the Cleanfeed blacklist.

As a matter of fact, the majority of the ISPs in the UK have implemented since 2004 a technical system developed originally by BT, called Cleanfeed, which blocks all the requests from the UK to any webpage inserted in a blacklist because of hosting child abuse related images. This content blocking solution has proved to be the ideal solution to inhibit access to sites which have been found infringing copyright during their activities, but whose servers are located abroad, consequently voiding any chance of direct enforceability of a UK court order. Then, when BT claimed violation of art.15 of the Ecommerce Directive, Arnold J pointed out that, due to the previous existence of the Cleanfeed filter, adding a single site to the blacklist could not be regarded as imposing a general obligation, so he granted the injunction to the claimants. In arguing that, he referred to a similar Belgian case[6] at that moment under the scrutiny of the ECJ, where the Belgian authors society was asking the national ISPs to cover all the communications across their networks with a totally new monitoring system to prevent copyright violations. Arnold J underlined the striking difference between the two cases, and that only the Belgian one implied a violation of art.15, as it was eventually ruled by the ECJ, because it obliged all Belgian ISPs to create, at their own expenses, a brand new filtering scheme.

 

THE DEBATE

Nowadays, ISPs are one of the most powerful tools to regulate cyberspace and to enforce laws and court orders, in a manner that remembers the concept of “regulation by architecture” theorised by Lawrence Lessig[7].  As a result, they are at the very intersection of various interests, from copyright to freedom of expression, right to privacy and the preservation of a functional and efficient Internet.

”Originally the European legislature made a lot of efforts to restrain intermediaries from choosing
party and made sure they would take up a merely neutral-passive role. This is clearly reflected by the
special exemption regime installed by the E-Commerce Directive that was adopted in 2000 as a
response to the disparities that existed amongst Member States concerning the liability of service
providers acting as intermediaries which prevented the smooth functioning of the Internal Market”[8].

However, legislators are constantly looking for new solutions to regulate them, as the French HADOPI system. HADOPI (Haute Autorité pour la Diffusion des Oeuvres et la Protection des droits sur Internet) is an administrative authority to whom copyright holders may notify infringements of their copyright, hence activating a so-called “three strikes procedure”, which consists of two consecutive warnings, first an email, then a more formal letter, down to the last step if the user continues in his offending activities, which contemplates a temporary suspension of internet access. Concerns related to the constitutionality of the new law were raised before its approval by the Conseil Constitutionnel, which eventually led to introducing the possibility for the user to appeal to a court against the HADOPI’s suspension of Internet access. Similar multi-strikes approaches have been followed by countries like U.S., Eire and the UK with the Digital Economy Act 2010, but all of those hide a problem of fair balancing between the rights at stake.

There are clear problems surrounding that design-based manner of enforcing law on the Internet, unquestionably one is the power to limit freedom of expression, a fundamental right as acknowledged by the ECHR (art.10), which is given to an administrative authority, expression of the government, and not to the judiciary.

Again, as soon as copyright holders’ claims start growing, it is not clear how the courts will deal with extending blocking techniques to all the offending users without contrasting with the general prohibition of art.15 of the Electronic Commerce Directive and the neutral role of ISPs it wants to preserve. Lastly, it might be argued that also serious privacy matters arise when an administrative body such as HADOPI requires surveillance over a citizen. Indeed, art. 8 (2) of the Human Rights Act allows some limitations of the right to privacy one enjoys only for, amongst others, “the protection of the rights and freedoms of others”, which could be the case when enforcing copyright. Nevertheless, are we sure it is best way to allow a body of the Government to compress a fundamental right just to protect an economic interest of some corporations? An authoritative point of view on the subject was expressed in 2008 by the ECJ in the Spanish Promusicae v. Telefonica, in which a copyright holder asked the ISP to communicate the personal data of users of Kazaa to allow suing them in civil trial. The court decided that there was no obligation under UE law for Member States to impose a duty to disclose personal data to ensure copyright protection.

Curiously, it is interesting to notice how even in Italy the one year-old regulation on online copyright issued by AGCOM, it is under review at the moment by the Italian Constitutional Court. The reasons behind this is that the Authority, quiet similarly to HADOPI in France, wants to protect copyright holders up to blocking access to offending sites after a summary hearing of the parts involved. As distinctly reported by Marco Bellezza in an article appearing on Medialaws.eu[9], what basically has been challenged is that this procedure underlies some critical constitutional issues, i.e. the fact that orders to limit  a fundamental right as freedom of expression in favour of a so-called “economic freedom” should not come from a regulation of an executive body, but from an act of parliament, and together with the chance of battling them in court, not before a mere administrative authority.

 


 

[1] Dir. 2000/31/EC of the European Parliament and of the Council of 8 June 2000, OJ L 178, 17 July 2000.
[2] Dir. 2001/29/EC of the European Parliament and of the Council of 22 May 2001, OJ L 167, 22 June 2001.
[3] “(1)Where an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network, Member States shall ensure that the service provider is not liable for the information transmitted […]“
[4] [2011] EWHC 1981 (Ch).
[5] “(1)The High Court (in Scotland, the Court of Session) shall have power to grant an injunction against a service provider, where that service provider has actual knowledge of another person using their service to infringe copyright.”
[6] Scarlet Extended SA v SABAM. (C-70/10) [2012] ECDR 4.
[7] Lessig, L. (1999) “Code and Other Laws of Cyberspace”. New 91ɫ: Basic Books.
[8] Werkers, E. Intermediaries in the Eye of the Copyright Storm – A Comparative Analysis of the Three Strike Approach within the European Union (August 15, 2011). ICRI Working Paper No. 4/2011.
[9] Bellezza, M. #dda online: la questione di costituzionalità e il regolamento AGCOM. Retrived: 05/08/15, from: http://www.medialaws.eu/ddaonline-la-questione-di-costituzionalita-e-il-regolamento-agcom/

The post Internet service providers liability and copyright protection in the EU appeared first on IPOsgoode.

]]>
More Than a "Bit" of Win for Australian ISP /osgoode/iposgoode/2012/06/01/more-than-a-bit-of-win-for-australian-isp/ Fri, 01 Jun 2012 13:58:31 +0000 http://www.iposgoode.ca/?p=16628 Previously cited as "the case that could shut down the internet", Roadshow Films Pty Ltd v iiNet Ltd [2012] HCA 16 (commonly known as AFACT v iiNet or the iiTrial) concluded with a unanimous decision from the Australian High Court ruling that the iiNet, an internet service provider, was not liable for copyright infringement from […]

The post More Than a "Bit" of Win for Australian ISP appeared first on IPOsgoode.

]]>
Previously cited as "", Roadshow Films Pty Ltd v iiNet Ltd (commonly known as AFACT v iiNet or the iiTrial) concluded with a unanimous decision from the Australian High Court ruling that the iiNet, an internet service provider, was not liable for copyright infringement from BitTorrent peer-to-peer file-sharing.

The , filed on behalf of the appellants, thirty-four Australian and American companies that either own or exclusively license the copyright in thousands of commercially released films and television programs. The respondent, iiNet, is . The case began nearly four years ago in November 2008, when AFACT alleged that iiNet’s conduct in ignoring repeated requests to disconnect users said to be involved in illegal content swapping constitutes authorization of copyright infringement. In response, iiNet asserted that AFACT was asking them “” despite their failure to provide adequate evidence. The High Court agreed, noting that (para. 138) used to obtain the information on their notices to the ISP. iiNet further claimed that ”

Three questions, largely of fact, determined the outcome of this case. First, whether iiNet had the power to prevent primary infringements committed through BitTorrent use. Second, whether reasonable steps, such as warnings and suspension or termination of infringing accounts, were taken to prevent these infringements. And lastly, whether and to what extent the relationship between iiNet and its customers have bearing on these questions.

The Court observed that while the relationship between iiNet and its customers involved the provision of technology, iiNet had no direct power to prevent primary infringements through technical power and could only ensure that result indirectly by terminating customer contracts. Furthermore, the inaction from iiNet resulting from AFACT’s notices was not due to indifference but rather unwillingness to act based solely on information provided from AFACT.

The case at hand demonstrates a significant departure from what Matthew Rimmer called a “” concerning authorization of copyright infringement. Indeed, a host of earlier cases found intermediaries liable. In Telstra Corp v Australasian Performing Right Association , the High Court held Telstra, a telecommunications carrier, directly liable for the playing of music by its subscribers to their clients despite the fact that Telstra had no control over the content of the music played.

Similarly, in Universal Music Australia Pty Ltd v Cooper , Tamberlin J held that the proprietor of a website that provided links to music files on other websites was liable for authorizing copyright infringement. Tamberlin J also considered whether the “safe harbour provisions” introduced by the could apply to ISPs. Section 29(b)(iv)(D) requires that the service provider was “” Since the ISP in question did not act expeditiously, Tamberlin J concluded that the safe harbour scheme could not apply to the website’s ISP even if AUSFTA had been inducted at the time of the infringements.

iiNet had submitted safe harbour defences, which would have been successful at the trial level had authorization of infringement been found, but were later dismissed by the Full Court, stating that iiNet had not satisfied the conditions necessary to attract the benefits of the provision.

The results of Roadshow Films Pty Ltd v iiNet Ltd also departed from another High Court ruling, University of New South Wales v Moorhouse (interestingly, a decision considered but not followed in CCH Canadian Ltd. v. Law Society of Upper Canada ) where the failure by a university to exercise supervision over photocopying in their library amounted to authorization of copyright infringement. The facts in Moorhouse were distinguishable because “” (para. 61).

The response iiNet CEO Michael Malone imparted was quite conciliatory. "" he said. ""

In contrast, AFACT began last December.

Nancy Situ is a JD candidate at Osgoode Hall Law School.

The post More Than a "Bit" of Win for Australian ISP appeared first on IPOsgoode.

]]>
IP Addresses and the Expectation of Online Privacy /osgoode/iposgoode/2009/10/21/ip-addresses-and-the-expectation-of-online-privacy/ Wed, 21 Oct 2009 10:56:20 +0000 http://www.iposgoode.ca/?p=6263 Amanda Carpenter is a JD Candidate at Osgoode Hall Law School. The recent Ontario case R. v. Cuttell, 2009 ONCJ 471 concerns the issue of online privacy, more specifically the issue as to what the privacy expectations are in regards to finding a user’s name and physical address based on their IP address. In this […]

The post IP Addresses and the Expectation of Online Privacy appeared first on IPOsgoode.

]]>
Amanda Carpenter is a JD Candidate at Osgoode Hall Law School.

The recent Ontario case R. v. Cuttell, concerns the issue of online privacy, more specifically the issue as to what the privacy expectations are in regards to finding a user’s name and physical address based on their IP address. In this case the police identified an IP address used in sharing child pornography. They determined who the Internet Service Provider (ISP) was for that IP and sent them a request for the name and address of the user of that IP for that particular date and time. Since it was a case involving a child sexual exploitation investigation, the ISP complied.

The question here is whether the police needed to have a warrant to obtain the subscriber information from the ISP to comply with Section 8 of the Charter. In order to determine whether the police needed to obtain a warrant, it must first be determined whether there is a reasonable expectation of privacy in the name attached to an IP address. It was determined that such an expectation exists because this information discloses revealing personal biographical information about the user. A reasonable expectation of privacy doesn’t exist if the contract between the subscriber and ISP demonstrates an agreement to disclose the subscriber’s information to groups such as the police which relieves the ISP of an obligation of confidentiality. Since a contract where it was written that the subscriber’s information could be disclosed to the police could not be found in this case, it was determined by the judge that the reasonable expectation of privacy was not rendered void. Therefore, the police, by obtaining the subscriber information from the ISP without a warrant, breached Section 8 of the Charter. It was also found that neither the or of the Criminal Code confers authority for a warrantless search.

What does one think of the idea that the reasonable expectation of privacy would be voided if there was an agreement to disclose information to groups such as the police? Most ISPs, among them Bell, Rogers, Telus, and Shaw all have contracts with their subscribers where the disclosure of a subscriber’s information attached to an IP address is allowed for certain groups such as the police. This seems to go against what some Canadian judges have decided is good public policy.  In Irwin Toy Ltd. v. Doe, [2000] O.J. No. 3318 (S.C.J.), it was held that “some degree of privacy or confidentiality with respect to the identity of the internet protocol address of the originator of a message has significant safety value”. If most of the ISPs require that users waive their right to privacy, it wouldn’t give individuals any choice regarding the privacy of the information attached to their IP address. Is this okay if the groups that can access this information would only do so in the interests of the protection of society (for example, to catch child molesters)?  Or is this just continuing a trend in Ontario towards limiting the scope of reasonable expectations of privacy? More information regarding this trend can be found in the IPilogue article written by George Nathanael by clicking . Concerned citizens might need to start taking greater precautions to protect the privacy of their online behaviour if these trends continue.

If it is believed that the waiving of the reasonable expectation of privacy in contracts would be a positive development, it is noted in paragraph 48 of this case that in the United States, disclosure of subscriber information is permitted because any privacy expectation is destroyed by giving it to a third party such as an ISP.  Should Canada follow the US law? Perhaps the consequences of voiding the reasonable expectation of privacy by ISPs in Canada could be examined by looking at what the consequences of destroying privacy expectations by giving it to a third party has been in the United States. Regardless, whether one thinks this would be a positive development there is enough case law upholding the requirement for judicial authorization for access to information disclosed to third parties in Canada that it would be difficult for this court to overturn the precedents and decide that this judicial authorization is not required.

Despite the ruling that the police carried out an improper search, the evidence obtained was still admitted based on of the Criminal Code. This is because the police had consulted with the RCMP who advised them of the correctness of this course of action, and had told the judge issuing the warrant for the search on the user’s property about the origin of the address information who was free to refuse to issue a warrant on these grounds but let them conduct the search anyways. Thus they acted in good faith and not in a manner that “would bring the administration of justice into disrepute.”

The post IP Addresses and the Expectation of Online Privacy appeared first on IPOsgoode.

]]>