The story so far. We've taken a quick overview of "digital media" and the febrile state of the market and gone on to look at the first of my four focal areas of change - what and how to regulate.
Deep breath - the hottest and probably most difficult area is the 2nd: the issue of liability (or not) of service providers and other intermediaries for user contributed/created content. My apologies in advance for a very lengthy post but it's probably best to get it over in one go!
WHO CARRIES THE CAN?
The issue of how far – if at all – intermediaries such as ISPs and social network sites should have responsibility for illegal content transmitted by users over their networks or hosted on web servers or other hosting services, is not, in Internet-time, a new issue.
Indeed, it was at the heart of the E-Commerce and Copyright Directives when they were negotiated during the mid to late 1990’s.
So why is it such a hot topic now? There are two reasons. First, it’s been put firmly at the top the digital media law agenda because of pirated audio-visual goods and illegal downloads.
Second, the legal rules about intermediaries’ liabilities, certainly in Europe and the US, were developed in the mid to late 1990’s in a pre Web 2.0 world, before social network sites and search engines became ubiquitous. As a result, there is a lack of legal certainty about how these rules apply to the likes of Facebook and YouTube.
So as legal fights continue, such as the ongoing litigation in the US between Viacom and YouTube, the emerging theme, I believe, is that voluntary agreements reached by collaboration and negotiation between all stakeholders underpinned, where necessary, with legal sanctions, is the best way forward.
With that background in mind, I am going to look first at the position of ISPs and then at hosts.
Liability of ISPs
This is arguably hot topic numero uno. The issue is being driven by the music industry but there’s no doubt that it is of equal significance to providers of on-demand services of all types of digital content.
The position of the two main protagonists is clear. The BPI says that “Studies show that more than six million ISP customers regularly use their broadband accounts to unlawfully download and distribute music online.” As a result, the BPI wants UK ISPs to help cut down unlawful downloads by operating a three step procedure which could ultimately result in them cutting off their offending subscribers.
In response, Charles Dunstone, of TalkTalk says: “We give access to the internet, we do not control it, nor do we control what are users do on it. I cannot foresee any circumstances in which we would disconnect a customer’s account on the basis of a third party alleging a wrongdoing. The music industry has failed to adapt and seeks to foist their problems on someone else”.
This is tough talk but he’s right to point out there is a vital link between the fight against illegal downloads and the available of legitimate, commercially available online services. This link is also one to which the Regulators’ pay a lot of attention. However, Mr Dunstone is likely to be proven wrong about the future role of ISP’s on this issue.
Following the Gowers Review on Intellectual Property, the Government has given a commitment to legislate by April 2009 if ISPs are unable to reach a voluntary agreement or code of practice with industry.
So here are the key questions:-
1. Given the fact that ISPs enjoy a number of legal immunities, how can they be forced to play a role? (The short answer is they can, because they are immune from damages, but not absolved from all legal responsibilities).
2. If they can be forced to play a role, how active a role will that be? In particular, will they have to use filtering technologies to detect infringing content? Can they be compelled to disclose personal information about their subscribers?
Let’s take a closer look at ISP immunities.
Under the E-Commerce Directive and the implementing UK Regulations, service providers have immunity from damages for all types of illegal content transmitted or ‘cached’ in their networks at the initiation of their customers. This immunity covers all types of illegal content, from copyright and defamation to obscenity and blasphemous material.
In the EU, this ‘across the board’ immunity for service providers is complemented by ‘mere conduit’ and ‘caching’ exemptions in the Copyright Directive (and now in UK copyright law) specifically for copyright materials carried or ‘cached’ on their networks.
In addition, the E-Commerce Directive reinforces these exemptions by providing that there is no obligation on service providers to monitor the information they transmit or store, nor a general obligation to actively seek facts or circumstances indicating illegal activity.
However, immunity from damages does not equate to exemption from all responsibilities. Both the E-Commerce and Copyright Directives contain provisions which allow member states to introduce legal rules to force ISPs to play a ‘middleman’ role in dealing with illegal content, although there is debate about their precise scope.
These provisions could lead to legislative measures in member states allowing the Courts to compel ISPs to terminate or prevent infringement or to require them to provide information to competent public authorities of alleged illegal activities by their customers “with whom they have storage arrangements.” This could information such as IP addresses.
But this is a tricky and complex area of the law. As I try to navigate you through this complexity, you may think like me that cross-industry voluntary codes have got to be the preferred route, with the legal rules as ‘backstop’ measures.
Let me give you an example of that complexity. In March this year, the European Court of Justice (ECJ) made a somewhat Delphic decision in Promusicae v. Telefonica. This arose out of an action which the Spanish music collecting society brought against Telefonica in the Spanish Courts for an order to force the ISP to disclose the names and physical addresses of its users who exchange illegal copies of copyright works using KaZaA' P2P software.
The ECJ were asked to answer this question: does European law require member states to impose an obligation on ISPs to disclose personal information about their users in the course of civil proceedings Answer: "no".
But the ECJ's decision does leave the legislative door open for rights holders. The ECJ said that what it had to do was balance the provisions in Community law that protected intellectual property rights (IPRs) with those that protected personal privacy. So introducing legal measures that could, in carefully prescribed circumstances, force the disclosure of user information is not precluded.
We have also had a few interesting Court cases which show that the ISPs’ mantra of “hear no evil, see no evil’ is becoming increasingly unsustainable as the digital world evolves. The issue is therefore this: how far will an ISP have to go in dealing with infringing material on its services in order to preserve its immunities?
In a recent case in Belgium, (May 2007) SABAM, a collecting society in the music industry, sued the ISP Scarlet (formerly Tiscali) for handling peer to peer traffic containing musical files which breached copyright.
The Judge noted that there was no obligation on the ISP to monitor, the Court decided in favour of SABAM. Nevertheless, he decided that to be able to take advantage of the immunity, the ISP in this case had a duty to use filtering technology. He was influenced by one of the introductory paragraphs in the E Commerce Directive that said that the absence of a duty to monitor "should not preclude the development and effective operation of technical systems of protection and identification and of technical surveillance instruments made possible by digital technology.” But whether and to what extent the use of such technology should be mandated by law is a moot point.
Following that decision, four major record companies – EMI, Sony, Warner and Universal - are suing Ireland’s largest ISP, Eirecom, demanding that it takes action to prevent users from illegally downloading or sharing music.
As a result, it’s clear that the UK Government has a mandate to legislate if the ISP and music industries cannot reach a voluntary agreement. Whilst the issue has been driven by the music industry, it’s of equal concern to all sectors of the media industry as they build their online businesses. It seems to me that it’s far better to negotiate a cross-industry deal than risk the heavy hand of legislation.
Against this background, the BPI on behalf of the music industry is trying to negotiate a ’3 strikes and you’re out’ procedure with UK ISP’s, through the Internet Service Providers Association (ISPA).
The BPI routinely gathers evidence about illegal downloads by logging on to sites which offer files and downloads via peer to peer. Under the BPI’s proposals, instead of using the evidence to begin a process of legal action against the individual customer, the BPI would send the evidence to their ISP, who can identify that customer from the IP address and send them an advisory letter. That way, it would avoid the issue of disclosure of personal information by the ISP.
Here is how the BPI describes the procedure it would like to see:
· If an ISP’s customer’s account is being used to file share music illegally, they would be informed about what is happening and advised as to how they can avoid it happening again.
· If the advice is not followed, the customer does not act on the letter and the account continues to be used unlawfully, the account is suspended pending a signed undertaking from the customer to the ISP that the unlawful activity will cease.
· If, after the suspension and undertaking, the customer‘s account is used unlawfully a third time, the contract is cancelled.
But ISPs are not happy with these proposals and these negotiations will be protracted and difficult. For example, ISPA wants an indemnity for ISPs in the event that it transpires that an innocent customer has his or her account wrongly terminated.
But in my view, however difficult to achieve, a voluntary agreement is preferable to surrendering to the uncertainties of legislation.In Europe, there are already initiatives underway to create more collaborative arrangements with all the stakeholders in the digital media industries.
In France– home of author’s rights – there is already quite a far-reaching agreement in place. The Memorandum of Understanding, otherwise known as the 'Accord Olivennes', is an agreement sponsored by the French Government between the public authority, rights holders and service providers, including ISPs and hosts. Interestingly, it imposes obligations on all participants and makes a direct link between the development of legitimate business models for online delivery and the fight against piracy.
There are several other features of the agreement which are interesting:-
· The procedure is more heavily Court-based than the proposed UKprocedure. The warning messages are sent out via the ISP in the name of the public authority, not the ISP’s. Court authority is needed to suspend or terminate the account.
· ISPs and rightholders have agreed to work together to test filtering technologies and ISPs have agreed to use them where technically and financially realistic.
· As regards hosting and content-sharing platforms, ISPs have agreed to cooperate in good faith with rightholders regarding the potential use of fingerprinting and watermarking technologies.
That’s a sensible approach in my view. As compared with technologies used to identify content, there are freedom of speech issues to be taken into account when deploying filtering technologies which, for example, could have the effect of barring legal forms of communication.
Interestingly, as their part of the deal, Audiovisual, film and music rights holders undertake a number of obligations. These cover technical issues and potentially far reaching changes to existing ‘windows of exploitation’ to accelerate the availability of films online.
What about the liability of social networks and other hosts?
Hosts, including social network sites, also have immunity under the E-Commerce Directive from damages claims for content posted by users to their platforms. Furthermore, there is no general duty to monitor content.
But there are several problem areas in how the law works here. The E-Commerce Directive shows its age when it refers almost quaintly to “information society service providers.” Article 14 says that “Where an information society service is provided that consists of the storage of information provided by a recipient of the service, Member states shall ensure that the service provider is not liable for the information stored at the request of the service”, provided certain conditions are met.
Does Facebook, MySpace, YouTube sound to you like an information storage service? Think about AOL’s recent $850m acquisition of Bebo to enable it to become, in the words of its CEO, “a social medium powerhouse”. You can immediately see why many rightsholders say “no” or, at the very least, “in some aspects “yes” and in others “no”.
Rightsholders point to sites like YouTube and argue, essentially, that they are not service providers as envisaged by the E-Commerce Directive or DMCA but are, in essence, content providers and therefore are either directly infringing copyright or inducing its users to infringe copyright.
But even if a service provider is covered by the exemption, their immunity disappears with knowledge of the infringing activity, such as the posting of copyright infringing material.
The immunity therefore only applies on condition that:
- The provider does not have actual knowledge of illegal activity nor aware of any facts or circumstances from it is apparent; or
- On obtaining knowledge or awareness “acts expeditiously to remove or disable access to the information”.
So in its legal action against YouTube in 2007, another argument raised by Viacom was that YouTube knew its users were posting copyright infringing material and did nothing to stop it.
The issues here are essentially practical ones. What constitutes “knowledge”, how quick does a service provider have to be to be “expeditious”? There is no prescribed form of notice.
So the solutions here need to be developed on a cross-industry collaborative basis rather than through the Courts.
Generally speaking, ‘notice and take down ‘procedures do seem to work. But there are uncertainties, especially as regards user contributed content. For example in 2007, a French Court, in Zadig Productions v Google, Inc had to decide whether a hosting site is liable for subsequent re-postings of the same infringing content, having been notified about it and taken it down once.
The Court looked at what Google needed to do in order to 'act expeditiously' to remove infringing content from Google Video, and so be able to rely on the exemption from liability for hosts. The problem here was that although Google removed the infringing content, it was re-posted. The Court rejected Google's argument that each post required another takedown notice. It took the view that, having received the first notice of the infringement, Google was responsible for implementing technical measures to block posting of the same content. This follows the same logic as the judge applied in the case of SABAM v Scarlett to which I referred earlier.
The law, being the law, will continue to evolve. Cases will continue to test the boundaries between ISP and social network immunities, filtering and information disclosure obligations and freedom of speech.
But this takes time and is imperfect. As a result, the relationship between technology, business and the law is never truly in sync. That is why self-regulation and voluntary codes, backed where necessary with legal sanction, will increasingly be the regulatory instrument of choice.
If you're still reading - well done and enjoy a well deserved weekend break.