The Struggle in Online Copyright Enforcement: Problems and Prospects 9781509909575, 9781509905669

Citation preview

Introduction

Copyright enforcement on the Internet constitutes a controversial subject. One side in the debate, mostly the rights-holders, argue that copyright infringement takes place on a new scale and that there is not enough protection with the insufficient ability to enforce existing laws in “cyberspace”.1 The opposing side in the debate takes the position that traditional copyright concepts are outdated in a digital world, and current enforcement goes beyond what was initially intended by copyright law.2 Some argue that cyberspace has created its own norms that do not correspond to the law of nation states.3 Against this background, States are finding it increasingly difficult to apply to cyberspace domestic laws that are traditionally delimited by the borders of a State’s territory, so that they protect copyright efficiently. Thus, new legislation, specifically adapted to the Internet, has been on the agenda of many, including the European Union and its Member States.4 This research will analyse the problems of copyright enforcement on the Internet with a special focus on newly enacted legislation in some Member States and the struggle of applying existing

1 See for instance Spiegel online, Sven Regener zum Urheberrecht: “Man pinkelt uns ins Gesicht!”, Der Spiegel Online (22.03.2012); Spiegel Online, Urheberrechtskampagne: 1500 Künstler gegen Gier und Geiz, Der Spiegel Online (10.05.2012). In the UK, Simon Cowell, Roger Daltrey, Professor Green, Elton John, Andrew Lloyd-Webber, Brian May, Robert Plant, Roger Taylor, Tinie Tempah and Pete Townshend have signed an open letter to British Prime Minister David Cameron urging the British government to implement the antipiracy-focused Digital Economy Act 2010, see Musicians need strong copyright laws to excel globally, The Telegraph (24.07.2012). 2 Cf. for instance the call by Pirate Party MEP Christian Engström with support from the Greens/EFA-group in the European Parliament to reform copyright legislation, Christian Engström/Rick Falkvinge, The case for copyright reform (2012). See also Hector MacQueen/Charlotte Waelde/Graeme Laurie/Abbe Brown, Contemporary Intellectual Property, Law and Policy (2nd ed. 2011), pp. 244–246. 3 See Chris Reed, Making laws for cyberspace (2012), pp. 5 et seq. with further references. 4 For instance on a multilateral level: The draft for an Anti-Counterfeiting Trade Agreement (ACTA); on a European Union level: revision of the Intellectual Property Rights Enforcement Directive; on national level: Loi HADOPI in France, Digital Economy Act in the UK.

21

Introduction

laws in an online environment. In addition, the prospects of current approaches will be discussed, in particular since some of them fail to strike a fair balance between fundamental rights. A. Defining Copyright It has been difficult for consumers to regard copyright as property, due to its inherent immaterial nature. However, as long as the printing press has existed, there has been copyright, which grants the author of original work exclusive rights to the use of the work and its distribution,5 and sanctions for infringing it. Copyright does not only protect the author but also the exploiters of the work. Due to the many actors being involved in the creation and exploitation of works in music and audio-visual media, these actors are often referred to as the content industry or creative industry. The protection of the author is a prerequisite for the protection of the exploiters. The concept of copyright is based on the idea that creators of intellectual wealth receive compensation for their work and are able to financially support themselves, which would give them a motive to continue publishing. Without copyright, authors of creative works would have to find other ways for financial support. The idea of copyright protection can also be based on utilitarian thoughts for copyright protection, which emphasises the promotion of cultural and economic progress as reason and justification for copyright.6 The author of a work should be honoured and an incentive to create should be given. At the same time, the creative industry, meaning those who exploit

5 Generally, it is "the right to copy", but also gives the copyright owner the right to be credited for the work, to determine who may adapt the work to other forms, who may perform the work, who may financially benefit from it, and other related rights. See generally on this Wilhelm Nordemann/Anke Nordemann-Schiffel in: Ulrich Löwenheim (ed.), Handbuch des Urheberrechts (2nd ed. 2010), § 4 Urheberrechtliche Grundbegriffe in vergleichender Sicht, paras. 10–16; Hector MacQueen/ Charlotte Waelde/Graeme Laurie/Abbe Brown, Contemporary Intellectual Property, Law and Policy (2nd ed. 2011), pp. 104–118, and 124–128. 6 See Ulrich Löwenheim in: Ulrich Löwenheim (ed.), Handbuch des Urheberrechts (2nd ed. 2010), § 1 Gegenstand Zweck und Bedeutung des Urheberrechts, para. 4.

22

B. Defining Copyright Enforcement

copyright, should be encouraged to invest in the production of cultural goods.7 Copyright is also said to be beneficial to society: by protecting authors and exploiters of creative works, copyright is promoting the creation and dissemination of cultural goods and thereby serving cultural life and cultural diversity within a society.8 Accordingly, copyright is important: from a cultural point of view, it is essential for the personality of creative persons, and for the process of creation and exploitation of the work; from an economic point of view, important industries depend on copyright protection. These industries include enterprises that contribute to employment and innovation on a large scale, such as publishers, film and television, print media, and software industries. B. Defining Copyright Enforcement Copyright primarily refers to "the right to copy", but it also includes the right to be credited for the work, to determine who may adapt the work to other forms, who may perform the work, who may financially benefit from it, and other related rights. Copyright was initially conceived as a way for governments to restrict printing. By giving authors the control of copyright and the legal framework to profit economically from it, the contemporary intent of copyright is to promote the creation of works. Copyrights are territorial, which means that they do not extend beyond the territory of a specific state unless that state is a party to an international agreement. Today, however, this is less relevant since most countries are parties to at least one such agreement including most prominently the Berne Convention9 and the UN’s World Intellectual Property Organisation (WIPO) Copyright Treaty10.

7 Ibid. 8 Ibid. 9 Berne Convention for Protection of Literary and Artistic Works, adopted in Berne on 09.09.1886. The Berne Convention was the first multi-lateral copyright treaty, and established rights but no enforcement mechanisms. 10 WIPO Copyright Treaty, adopted in Geneva on 20.12.1996.

23

Introduction

While many aspects of national copyright laws have been standardised through these international copyright agreements, this is not the case with enforcement – although the Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS)11 provides minimum standards of intellectual property rights enforcement. Generally, copyright is enforced as a civil matter, though some jurisdictions also apply criminal sanctions, in particular when copyright infringements are committed on a commercial scale. In contrast to TRIPS, the Council of Europe Cybercrime Convention12 addresses enforcement on the Internet in specific. Article 10 of said Convention requires its signatory states to “adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law the infringement of copyright,…where such acts are committed wilfully, on a commercial scale and by means of a computer system”. In the European Union, copyright enforcement on the Internet is part of the European Commission’s policy “Digital Agenda for Europe”13 and partly covered by legislative acts, for instance the Information Society Directive14 and the Intellectual Property Rights Enforcement Directive15. The aim of the European Commission is to ensure that copyright and licensing stay fit for purpose in a digital context. C. The Problem: When Copyright and Technology Clash Before copyright existed, authors generally requested a one-off payment from the printer of their book before publication. With copyright in place,

11 Agreement on Trade-Related Aspects of Intellectual Property Rights, Annex 1C to the Agreement establishing the World Trade Organisation (TRIPS, Marrakesh 1994). TRIPS was negotiated at the end of the Uruguay Round of the General Agreement on Tariffs and Trade (GATT). 12 Convention on Cybercrime, CETS No. 185. 13 See European Commission, Digital agenda for Europe, A Europe 2020 initiative, Pillar I: Digital Single Market, Action 6: Protecting intellectual property rights online, http://ec.europa.eu/digital-agenda/en/pillar-i-digital-single-market/action-6 -protecting-intellectual-property-rights-online. 14 Directive 2001/29/EC of the European Parliament and of the Council of 22.05.2001 on the harmonisation of certain aspects of copyright and related rights in the information society (InfoSoc Directive), OJ L 167 (22.6.2001), 10-19 15 Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of Intellectual Property Rights, OJ L 157 (30.04.2004), 16-25. The directive is also known as “(IPR) Enforcement Directive” or “IPRED”.

24

C. The Problem: When Copyright and Technology Clash

and assuming efficient enforcement, authors of creative works can publish their creations immediately, and license subsequent use or re-publication of their works by third parties. A means for instant publication is for instance the Internet, which for many people has created the opportunity to become publishers themselves. It has never been as easy to publish while at the same time reaching – at least potentially – a worldwide audience as it is nowadays. Similarly, it has never been easier to copy, or disseminate copyrighted content without the authorisation of the rights-holder. In addition, it has never been easier to access information and share it with others. The assumption that “Internet changes everything” is thus even truer in the area of copyright. I. Ordinary Users Easily Become Infringers In the early days of the Internet, the Internet used to be all about communication. Like the telephone network or mail, people used email and other services to communicate with each other. This has changed within the last decade. While it is now common to communicate via Internet using additionally video and voice over IP, the growth of the Web meant, that the Internet is becoming more about content than about communication.16 The Web is used to find and access information including intellectual property creations. In an information society, access to information is becoming more important than ever. The Internet has in principle become the repository of thoughts, the memory of mankind. It thereby also stimulates creation. However, access to information does not mean that one is allowed to use this information freely, reproduce it, or adapt it. In the context of the above, it has been argued that until twenty years ago, copyright hardly concerned “ordinary” people.17 This is partly true, because at least copyright enforcement did not concern them. If someone wanted to copy a poem and send it to his loved one, or record his favourite songs from the radio, or copy an audio cassette and give it to a friend, he would not need to worry about becoming the target of legal action. Although he committed a breach of copyright in most jurisdictions when 16 Andrew S. Tanenbaum/David J. Wetherall, Computer Networks (5th ed. 2011), p. 734. 17 Christian Engström/Rick Falkvinge, The case for copyright reform (2012), p. 4.

25

Introduction

he copied the works with the intent to pass them on to a third party, he hardly risked punishment or claims for damages. Today however, the technological means to which anyone has access have changed not only the way media is consumed, but it has also changed the way we deal with creative works. The hand-written letter is more often replaced by email; friendships sometimes only exist in digital format (the Facebook “friends” with whom one is not personally acquainted), thus communication and passing on of messages take place online in a digital format; instead of phoning a friend, people chat or post messages on social media platforms. If someone wants to copy a poem, he can do so by just pressing the copy and paste keys on the keyboard; if someone wants to share music with friends, he may do so by publishing a link leading to a digital copy stored in the “cloud”; copying the content of a CD is only a few clicks, sharing it as well. Technological progress means that what ordinary people can do with creative works has changed. However, just because one can do it, does not mean that one is allowed to do it. While the way we enjoy and deal with creative content, copying and sharing it, has changed, the law has not. As a consequence, copyright is infringed all the time. One may argue that the extent to which enforcement is practically possible has an effect on the individual’s perception of the applicability of a law.18 This means that a law which is never enforced or is clearly unenforceable may send the message that it is not really intended to be complied with.19 Accordingly, copying in the analogue world that has not been subject to civil or criminal enforcement may have sent the message that it is alright “because no one cares”. In that regard, many Internet users may underestimate the range of availability of online content. A link which was published in a forum and directs to content stored on a file-hosting service is regularly not just made available to the participants in that online discussion group, but to every Internet user. The poem published on a Facebook page may not be visible only to the person to whom the personal profile belongs, or his friends, but to every Internet user. A file uploaded to a peer-to-peer network is not just made available to another peer, but usually to everyone else that joins the “swarm” of sharers of a particular file. The disseminating factor plays an important role why rights-holders

18 Chris Reed, Making laws for cyberspace (2012), p. 15. 19 Ibid. At least does the likelihood of detection and enforcement have a substantial effect on the behaviour of those that are subject to the law. See ibid, p. 55 with further references.

26

C. The Problem: When Copyright and Technology Clash

disapprove of content sharing. At the same time, rights-holders face problems in enforcing their rights, such as difficulties of identifying infringers who hide behind pseudonyms, which are completely anonymous or of whom they can only get hold via the IP address tied to the infringement. While in the physical world, infringements are usually detected by geographical presence, on the internet, the infringement may be visible for the rights-holder, but the infringer may be located in a jurisdiction where it is difficult to get hold of him, if not impossible, in order to enforce his rights. That omnipresence of content makes it also difficult for users to comply with copyright. Even if a user had some level of understanding of national copyright law, he is likely to be ignorant of the multiplicity of foreign laws that may equally apply to his online activities.20 Thus, it is not surprising that even scholars suggest that “beneath some threshold of activity – and that would have to be determined carefully – copyright infringement should not be an actionable offence...leave[ing] everyone free to devote resources to the infringers above that threshold, and it would remove ordinary people, going about ordinary use of innovative products and services, from the long arm of copyright law”.21 II. Changed Concept of Ownership Besides the emergence of new forms of adaption of content such as mashups, voice-overs, remixes that also infringe copyright, one may also wonder whether the concept of how one owns music has changed. Digital music sales are growing22 as is the use of streaming portals such as Spotify23. With more content “owned” and being consumed in a digital format, it may well be that ownership becomes a different “feeling”. Questions arise such as whether it makes a difference for digital natives,

20 Cf. ibid, p. 13. 21 Jeff Lynn, Copyright for growth, in: Ian Hargreaves/Paul Hofheinz (eds.), Intellectual property and innovation. A framework for 21st century growth and jobs, p. 15. 22 See for instance Bart Cammaerts/Robin Mansell/Bingchun Meng, Copyright & Creation, A case for promoting inclusive online sharing (September 2013), London School of Economics and Political Science, Media Policy Brief 9, p. 7. 23 According to the ranking by web traffic ranking service Alexa, as of June 2014, Spotify is within the 1000 most popular websites globally, see http://www.alexa.co m/siteinfo/spotify.com (last accessed on 06.06.2014).

27

Introduction

whether they download a music track from the online music store iTunes or whether they listen to music on the music streaming service Spotify. Do they lose the relationship of owning an album because they cannot touch and feel it, because it is not tangible? Do they value immaterial “stuff” differently than other generations used to value tangible products? Will they feel the same if they lose their “record collection” because the service where it was stored went bankrupt, because their hardware broke, because licenses are withdrawn? Especially the latter may lead to confusion, because essentially what users acquire when they purchase an mp3 album is merely a licence to use the digital files. With digital content, one does not have the same rights as for instance with vinyl, CDs or print books. This is an issue that many people are not yet aware of. They may only become aware, if something goes wrong like for instance when Amazon deleted a Disney Christmas movie from their servers of which they had previously “sold” digital copies to consumers.24 Amazon had to delete the movie, because Disney had withdrawn the licence from Amazon in order to exclusively stream the movie via its own streaming channel. Consumers are also rarely aware that while vinyl or CD collections can be passed on to third parties and can be inherited, this is not the case with music that is purchased online only in a digital format (as long as it is not moved to an external hard disk). Against this background, one may argue that the idea of ownership seems in a process of gradually disappearing.25 This assumption triggers a new question, namely what is the benefit of purchasing digital content? If one only acquires a licence, and has thus limited options regarding the use of the data, for instance not being able to sell a used copy or inheriting it, what is the benefit of purchasing digital music or Ebooks online – especially if it is sold at (almost) the same price as a hard copy? Again, this system makes it difficult for users to relate to the idea of copyright and may lead to frustration. One may also argue that it may be difficult for users to develop guilt for producing illegal copies, if they cannot relate to the idea of copyright and see no benefit in legal copies.

24 Felix Knoke, Streaming: Disney löscht Weihnachtsfilm für Amazon-Kunden, Der Spiegel Online (16.12.2013). 25 Cf. Dan Gillmor, The Bruce Willis dilemma? In the digital era, we own nothing, The Guardian (03.09.2012).

28

C. The Problem: When Copyright and Technology Clash

III. Do Consumers Understand the System and Vice Versa? The aspects mentioned above are only a few examples of what makes the copyright system difficult for consumers to understand. History has shown that the system, and also to some extent the rights-holders, do not understand the consumer. One may argue that copyright infringement, in particular file-sharing, is the result of ignorance and missed opportunities by rights-holders: File-sharing probably became the norm because the music industry refused to make its music available in a downloadable form.26 Instead they sued the innovators of file-sharing technology and introduced copyright protection measures that also prohibited consumers from making private copies, which is legitimate in most civil law copyright systems. They ignored that consumers want easy access to music that can be played on all of their devices. Technical protection measures that hinder copying, or allow data only to be played on certain devices, interfered with this desire. Similarly, consumers want easy, convenient and reliable access to music and films. Most piracy websites are far from reliable. Most of them are also not convenient to use because advertisements windows pop up, and they may even be infected with viruses. These piracy websites nevertheless attract many users, with probably a substantial number of users paying for premium accounts insofar as file-hosting services are concerned. The reasons for their popularity may be manifold, with the primary reason being presumably the variety of content available, including content that is otherwise not or hardly available.27 While window releases (i.e. content being published region after region and for type of service 26 As regards the latter see Chris Reed, Making laws for cyberspace (2012), p. 12. 27 This may include the desire of many users for example in Germany to watch US or UK movies and TV serial dramas in their original language as they do not want to wait for the release date in German or just prefer the original. Streaming services in Germany will however only have acquire a license for the German language version. Copyright infringement may thus be driven by the lack of legal alternative sources and the current system of windowing releases (See Lilian Edwards, Next steps in the UK, in: Ian Hargreaves/Paul Hofheinz (eds.), Intellectual property and innovation. A framework for 21st century growth and jobs, pp. 39 et seq. with reference to Christopher Williams, E-books drive older women to piracy, The Telegraph (17.05.2011). Further many TV programmes are not available elsewhere after they have been broadcast. While some German TV stations still offer their so-called “Mitschnittservice” (see e.g. http://www.ndr-mitschnittser vice.de/ [last accessed on 06.06.2014]) where copies of TV programmes are sold

29

Introduction

after type of service) were not such a problem in pre-Internet days, today users are more aware of the content’s availability.28 In a networked world it may be difficult to understand why content is circulating in the US and discussed in online fora or online newspapers for example, while users in another state must wait to access the materials after a later official regional release date. Worldwide attention and awareness trigger worldwide demand. It is questionable whether users develop guilt when they have no legal or comparably easy to use legal alternatives to consume the desired content. Users may also not develop guilt if enforcement is perceived as “ripoff”29 and if they consider infringement claims as “bogus”.30 In this regard, businesses with great economic dependence upon copyright, such as those in the music business, have been advocating the extension and expansion of their intellectual property rights, and seek additional legal and technological enforcement. D. The Research Topic: Copyright Enforcement on the Internet As aforementioned, new technologies have altered the dimensions and the scale of copyright issues. The development of digital media and computer network technologies has prompted reinterpretation of for instance private copying and fair use exceptions31, introduced new difficulties in enforcing copyright, and inspired additional challenges to copyright law's philosophic basis. When the recording of a lecture by Harvard Law School professor and co-founder of the non-profit Creative Commons Lawrence Lessig was blocked on the online video portal YouTube based on copyright infringe-

28 29 30 31

30

on DVD-R or Blu-Ray, the acquisition of such a copy may involve too much hassle and take too long for some consumers. Markus Brauck/Isabell Hülsen/Alexander Kühn/Ann-Kathrin Nezik, Was glotzen Sie so?, Der Spiegel online (13.01.2014). Spiegel Online, Gesetz gegen Abzocke: Bundestag setzt Massenabmahnungen Grenzen, Der Spiegel online (27.06.2013). See for instance Electronic Frontier Foundation, Lawrence Lessig strikes back against bogus copyright takedown, EFF press release of 22.08.2013. Most jurisdictions recognize copyright limitations, allowing “fair” exceptions to the creator's exclusivity of copyright, and giving users certain rights.

D. The Research Topic: Copyright Enforcement on the Internet

ment allegations,32 one may ask whether this was intended by the idea to give copyright to the creators.33 Did the rights-holders lose any revenues due to Lessig’s lecture being disseminated via YouTube? Did the band members lose their incentive to create further songs and/or perform them? Although this may be considered an extreme case, the list of similar cases is long.34 Questions may be raised of whether the protection of intellectual property rights goes beyond what was initially intended, namely to guarantee that creators can live on revenues generated by their creations and have an incentive to create. While the issue of whether the scope of infringements raises questions of legitimacy of the law is a more philosophical question, this research will focus on copyright as it stands today. It is accepted that copyright has always been a controversial issue with regard to its subject-matter, scope and methods of enforcement.35 Based on the fact that ignorance of the law is no defence, this research examines current and proposed enforcement schemes in terms of their respect to technology and fundamental rights.

32 Lessig had included in his presentation several short clips of amateur dance videos set to a song by a French band in order to highlight emerging styles of cultural communication on the Internet. 33 While US copyright law allows for the fair use of works for purposes such as criticism, comment, and teaching, the license-holder of the song filed a takedown notice with YouTube. Following threats that they will sue Lessig, Lessig withdrew his counter-notice and sought clarification before a US court. See Electronic Frontier Foundation, Lawrence Lessig strikes back against bogus copyright takedown, EFF press release of 22.08.2013. In February 2014, Lawrence Lessig and the rights-holders agreed on a settlement, see Electronic Frontier Foundation, Lawrence Lessig settles fair use lawsuit over Phoenix music snippets, EFF press release of 27.02.2014. 34 The first prominent case was presumably the case of Stephanie Lenz, who recorded her toddler dancing to a song by the artist Prince. Because she wanted to show the cuteness of her little boy to friends and family, she uploaded the video clip on YouTube. Although the audio was of poor quality, and the song was audible for only approximately twenty seconds, Universal Music group asked YouTube to take the video clip down. Lenz is currently asking for a declaratory judgment that her home video does not infringe any copyright nor trigger damages, and is seeking injunctive relief restraining Universal from bringing further claims in connection with the video. For a case history and the briefs that have been filed see Electronic Frontier Foundation, Lenz v Universal, https://www.eff.org/cases/lenz-v-uni versal (last accessed on 06.06.2014). 35 Cf. Irini A. Stamatoudi, Preface, in: Irini A. Stamatoudi (ed.), Copyright enforcement and the Internet (2010), p. xv.

31

Introduction

If one looks at common enforcement schemes, it becomes clear that legislators follow the approach that “rights without sanctions are no rights”36. Thus, one will encounter enforcement via criminal law, meaning that the government becomes the arbitrator for private rights. Copyright is nevertheless primarily enforced via private law. If rights-holders want to pursue civil claims, they need an identifiable and locatable addressee of their infringement claim who is ideally located within the same jurisdiction or at least situated in a jurisdiction in which the rights-holder is able to enforce a judgment. If the infringer does not fulfil these conditions, rights-holders may search for other actors that fulfil these criteria. Thus, lately one can witness an increase in lawsuits being filed against online intermediaries: when action against host providers did not promise any results, access providers became targets. On which basis such action could be pursued and what can be required from online intermediaries that not necessarily themselves participated in the act of infringing copyright will be discussed throughout this work. E. Macrolevel Approaches to Fight Online Copyright Infringements As this contribution focusses on copyright enforcement, it is necessary to also address the level of enforcement. With copyright being territorial, enforcement naturally has been territorial as well. The Internet however neither knows nor respects national borders. Applying laws in an online environment means that an appropriate link to the territory of the legislator must be established. Private international law has developed techniques and rules for such localisation. These, however, are of limited use, if not all States share the same approach. Operators of websites dedicated to copyright infringement know well enough how to hide their identities and settle down their business in “safe havens”. Thus, States have been seeking agreements whereby enforcement of copyright would be strengthened and cooperation encouraged. Already in 2005, the EU published a Strategy for the enforcement of intellectual property rights in third countries37 as

36 Michael Keplinger, Enforcement of IP rights in the digital environment: The role of the World Intellectual Property Organisation, Gewerblicher Rechtsschutz und Urheberrecht – Internationaler Teil 2007, 648. 37 European Commission, Strategy for the enforcement of intellectual property rights in third countries, OJ C 129 (26.05.2005), 3–16.

32

E. Macrolevel Approaches to Fight Online Copyright Infringements

a logical consequence of EU internal enforcement instruments. Although the Strategy focusses on counterfeit tangible goods, the strategy’s main statement also applies to digital piracy: Instead of unilateral solutions, approaches are needed which recognise that any proposed solution can only be effective if it is received positively by the recipient country.38 I. Unilateral or Multilateral Enforcement: Strengthening Enforcement within and outside of National Borders Enforcement on EU level, the focus of this research, must be divided into trade-related external enforcement measures and internal enforcement measures that are part of safeguarding the functioning of the Internal Market.39 For instance, the EU Intellectual Property Rights Enforcement Directive40only concerns the internal market. In order to ensure external enforcement, copyright enforcement must be tackled in the framework of multilateral and bilateral negotiations with third countries. While the WIPO Copyright Treaty and its predecessors provided for some protections for copyright deemed necessary due to advances in information technology, it did not contain any enforcement mechanisms. TRIPS closed this gap on a multinational level by specifying enforcement procedures, remedies, and dispute resolution procedures. However, these instruments only provided a general umbrella for copyright protection and enforcement. In particular Europe and the US have identified the use of foreign-based and foreign-controlled websites and web services as a growing problem for domestic intellectual property rights. In the very recent past, an attempt to agree on a multilateral antipiracy mechanism, the Anti-Counterfeiting Trade Agreement (ACTA),41

38 Ibid, p. 4. 39 See Jörg Reinbothe, The EU Enforcement Directive 2004/48/EC as a tool for copyright enforcement, in: Stamatoudi, Irini (ed.), Copyright enforcement and the Internet (2010), p. 5. The legal framework for enforcement measures inside the EU is the acquis communautaire, which includes horizontal measures like the Intellectual Property Rights Enforcement Directive, and provisions on sanctions and remedies in the various harmonising instruments. 40 The Directive was based on Article 95 EC Treaty (now Article 114 TFEU). 41 For the full text of the ACTA draft cf. http://register.consilium.europa.eu/pdf/en/11/ st12/st12196.en11.pdf (last accessed on 06.06.2014).

33

Introduction

has prominently failed.42 Similarly unilateral attempts as for instance the US Stop Online Piracy Act (SOPA)43 and Protect-IP Act (PIPA)44 did not become law. One reason for their failure was the strong public opposition which caused policymakers and legislators to reconsider their approach. With the public perception that these instruments are over-regulating and giving preferential treatment to rights-holders whereas end-users’ rights are not respected, the EU legislators find it difficult to revise the current enforcement regime. It is obvious that legislators find it difficult to pass legislation within a tough climate for “anti-piracy” legislation. II. Multilateral: Proposal for New Trade Agreement ACTA ACTA was supposed to be a multilateral treaty for the purpose of establishing international standards for intellectual property rights enforcement targeting inter alia copyright infringement on the Internet.45 This approach to combat the proliferation of counterfeiting and online piracy within the global economy was met by extensive protests all over the world and membership to ACTA was subsequently rejected by the European Parliament on 4 July 2012,46 meaning that neither the EU nor its individual Member States can join the Agreement. The rejection obviously was a result of strong opposition to the Agreement with a single petition from

42 Cf. Duncan Matthews/Petra Zikovska, The rise and fall of the Anti-counterfeiting Trade Agreement (ACTA): lessons for the European Union, International Review of Intellectual Property and Competition Law 2013, Vol. 44 Issue 6, 626–655. 43 H.R. 3261, 112th Congress (2011), available online at http://www.gpo.gov/fdsys/p kg/BILLS-112hr3261ih/pdf/BILLS-112hr3261ih.pdf (last accessed on 06.06.2014). SOPA was initially entitled Enforcing and Protecting American Rights Against Sites Intent on Theft and Exploitation Act (E-PARASITE Act). 44 S. 968, 112th Congress (2011), available online at http://www.gpo.gov/fdsys/pkg/B ILLS-112s968rs/pdf/BILLS-112s968rs.pdf (last accessed on 06.06.2014). The Protect-IP Act, also known as PIPA, is the abbreviation for Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011. 45 For an analysis of the regulation foreseen by ACTA see Luc Pierre Devigne/Pedro Velasco-Martins/Alexandra Iliopoulou, Where is ACTA taking us? Policies and politics, in: Irini Stamatoudi (ed.), Copyright enforcement and the Internet (2010), pp. 29–42. 46 By 478 votes to 39, with 165 abstentions. See European Parliament, ACTA before the European Parliament, press release Ref. no. 20120217BKG38488 of 04.06.2012.

34

E. Macrolevel Approaches to Fight Online Copyright Infringements

citizens calling on MEPs to reject ACTA having been signed by over 2.8 million people from all over the world.47 David Martin himself, the MEP responsible for steering the ACTA dossier through Parliament, gave the recommendation to reject ACTA following identification of some unintended consequences such as individual criminalisation, the definition of “commercial scale” infringements, and the role of Internet service providers.48 It is striking that the most controversial enforcement measures, proposed in the initial stages of the negotiations of ACTA, had been narrowed down or abandoned in its final version, which did not require the parties to introduce “Three Strikes Laws” as discussed during negotiations. This, however, neither silenced the protests, nor did it prevent the negative vote in the European Parliament. One of the major points of criticism was and still is that ACTA contains a number of broad and vague provisions.49 Article 27(1) of ACTA, for example, provides that the parties to ACTA shall ensure the availability of civil and criminal enforcement proceedings under their domestic law, including expeditious remedies to prevent infringements and remedies that constitute a deterrent to further infringements. As concerns enforcement proceedings, ACTA encourages “cooperative efforts with the business community”. There is no explanation what is actually meant by this and thus it leaves plenty of room for speculation. Accordingly, this obligation has been interpreted as legitimising and promoting the policing and even sanctioning of alleged infringers outside the regular judicial frameworks.50A lack of judicial oversight is, however, one of the core concerns when private actors are involved in the enforcement of intellectual property rights.51

47 Ibid. 48 Ibid. 49 Cf. Roberto D’Erme/Christophe Geiger/Henning Große Ruse-Khan/Christian Heinze/Thomas Jaeger and Others, Opinion of European academics on anti-counterfeiting trade agreement, Journal of Intellectual Property, Information Technology and E-Commerce Law 2011, Vol. 2 Issue 1, 65–72. 50 European Digital Rights, ACTA fact sheet, EDRi (02.02.2012). 51 Obviously, businesses have to be profitable and hence, may not be interested – from an economic point of view – in investigating alleged infringements any further once they are notified of an infringement. In the light of the costs and efforts involved inter alia for further investigations, it is likely that even legal materials will be taken down.

35

Introduction

Finally, the most problematic premise for ACTA´s success was the secrecy of its negotiations.52 Negotiators ignored that such an important agreement, which has the potential to have a broad impact on consumers and businesses alike, cannot be negotiated behind closed doors with minimal non-industry input.53 Controversial parts of the confidential draft version were subsequently leaked to the public,54 and largely influenced the general public’s perception of the Agreement as “jeopard[ising] free speech by prioritising private sector repressive measures aimed at copyright protection over the fundamental rights to privacy and freedom of communication...without guarantees of due process and equality of arms”.55 The lawmakers learnt from the protest against the bill that in order to gain the support of the public, drawing up laws relating to intellectual property rights enforcement in a digital context requires transparency and participation of the public rather than one-sided lobbying of the entertainment industry.56 It must be noted that with the EU and its Member States’ rejection of ACTA the Agreement is not “dead” on an international level as the EU is considered to be a single negotiating party and ratification by six parties to the negotiations is sufficient for the agreement to come into force. This does not mean that an international agreement on the enforcement of intellectual property rights has disappeared from the agenda of the EU. Currently, negotiations are ongoing with the US regarding a Transatlantic Trade and Investment Partnership (TTIP), which will also include a chapter on intellectual property rights. Unsurprisingly, this has caused a lot of ACTA-related bells to ring57 and needs to be watched.

52 Only following the eighth round of negotiations, a draft version of ACTA has been released. For further information on the negotiations see Peter Yu, Six secret (and now open) fears of ACTA, Southern Methodist University Law Review 2011, Vol. 64 Issue 3, 975, 978 et seq. and 1011 et seq. 53 Ibid, 1018. 54 Paul Meller, Leaked ACTA draft reveals plans for Internet clampdown, Computerworld (20.02.2010). 55 European Digital Rights, ACTA fact sheet, EDRi (02.02.2012). 56 Cf. Duncan Matthews/Petra Zikovska, The rise and fall of the Anti-counterfeiting Trade Agreement (ACTA): lessons for the European Union, International Review of Intellectual Property and Competition Law 2013, Vol. 44 Issue 6, 626, 653. 57 Ana Ramalho, The EU mandate to negotiate the TTIP: should copyright be an outcast?, Kluwer Copyright Blog (21.05.2013).

36

E. Macrolevel Approaches to Fight Online Copyright Infringements

III. United States: SOPA and PIPA – Initiatives to Strengthen Enforcement Globally Parallel to the negotiations on ACTA, States also looked into combatting the global reach problem on a domestic basis. In order to have an effect outside national borders, these approaches were deemed to interfere with legitimate interests of third parties. Thus, opposition to the US initiatives has not been limited to the US and escalated on 18 January 2012 when a number of Internet sites including the English language version of Wikipedia turned black as a demonstration of their opposition to the Stop Online Piracy Act (SOPA).58 Besides SOPA, which is a US House of Representatives initiative, the US Senate had been discussing an almost identical bill, known as Protect-IP Act (PIPA). Like many recent initiatives, both bills were the result of lobbying of the “content industry”, primarily the Hollywood movie industry and record labels, whose representatives argue to suffer economic loss from the fact that pirated content is readily available on the worldwide web.59 They reflect the US Government’s policy of strengthening enforcement of Intellectual property rights internationally – outlined in the 2010 Joint Strategic Plan on Intellectual Property.60 The bills aimed to “crack down” on international infringement of intellectual property rights held by US companies/authors by restricting access to sites that host or facilitate the trading of pirated content. Their main tar-

58 Jimmy Wales, founder of Wikipedia, defended the blackout as “a broad global message that the internet as a whole will not tolerate censorship in response to mere allegations of copyright infringement”, see Emma Barnett, Wikipedia founder Jimmy Wales defends SOPA protest blackout, The Telegraph (17.01.2012). For a list of opponents of the bills as of December 2011, see http://www.net-coaliti on.com/wp-content/uploads/2011/12/Opposition_Dec16.pdf (last accessed on 17.05.2014). Fierce opposition against SOPA was seen all around the globe. While previously so called net activists fought their battle against Internet content blocking initiatives more or less on their own, this was the first time that they got massive public backup by Internet giants like Google, Wikipedia and co. 59 The bills are supported by predominately media companies and associations such as the Motion Picture Association of America and the Recording Industry Association as well as such that have an interest in banning counterfeit goods entering the US market like the NBA, NFL or MLB. 60 Executive Office of the President of the United States, US Intellectual Property Enforcement Coordinator, Joint Strategic Plan on Intellectual Property Enforcement (June 2010).

37

Introduction

gets are so called “rogue” overseas sites such as the torrent hub “The Pirate Bay” that are a trove for illegal downloads and against which the US content industry finds it particularly difficult to take action, or enforce US judgements.61 As the servers of the (in)famous torrent hub “The Pirate Bay” are physically located in Sweden, the newly proposed acts aimed at “cutting off the oxygen”62 by requiring US search engines, advertising networks and other providers to withhold their services in relation to such websites. As a result, the piracy websites would be cut off from US-based funding and visibility in the US. As regards search engines, this would have meant that websites flagged as “rogue” would not appear among the search results. Payment services like Paypal would have been obliged to stop processing payments to these websites, and advertising services would have been required to cease providing their services to offending websites.63 Although the proposed legislation was US legislation, it would have had a deep impact on websites around the world as many of the major search engines, payment services and social networking sites are based in the US. Generally, besides the risk of over-censoring, two severe side-effects were identified, namely a chilling effect on websites containing user-generated content and an impact on the critically fundamental internet architecture and security.64 As regards the latter, the major concern was that requiring service providers to bar access to foreign websites may break the Internet’s core technical infrastructure by interfering with the Internet’s fundamental interconnection principle.65

61 SOPA utilised a very broad definition of infringing websites, extending its applicability to any site that facilitates copyright infringement, meaning that potentially all user-generated content sites were to be included. 62 Julianne Pepitone, SOPA explained: What is is and why it matters, CNN (20.01.2012). 63 For an in-depth outline and analysis of the proposed provisions see Sandra Schmitz, The US SOPA and PIPA – A European Perspective, International Review of Law, Computers & Technology 2013, Vol. 27 Issue 1–2, 213–229. 64 For an analysis of the threat, see ibid, 218 et seq. 65 Peter Eckersley/Parker Higgins, An Open Letter From Internet Engineers to the U.S. Congress, EFF (15.12.2011). Both bills proposed DNS (Domain name Server) blocking. This blocking system will be outlined in the third Chapter of this work. The interconnection principle would be at risk, if countries decide unilaterally who can find what on the Internet. The principle of domain name universality requires that all domain name servers, irrespective of their location, will return the

38

E. Macrolevel Approaches to Fight Online Copyright Infringements

Although the bills targeted “rogue” websites directed at US residents, they were clearly designed to have an extra-territorial effect. If they had become law, this would have had a severe impact on European website operators. This means that the risks addressed above also apply to European Internet sites. They are not shielded from the collateral damage that may arise and may be affected by the broad scope of these bills. However, it was unsustainable that both bills meant in practice that the US claimed jurisdiction over the property of non-US sites: The bills allowed for court orders requiring service providers to block sites and Internet search engines to stop linking to them. Irrespective of the severe sanction of content blocking, in an ever-growing Web, linking is essential for an Internet site to be found. Considering that most search engines are US-based, they would have been required to comply with an order. Accordingly, a search engine like Google would have been obliged to stop linking to content that infringes US laws. Even Chinese content blocking (the often colloquially referred to as “Great Firewall of China”)66 does not require content to be blocked for users outside of China.67 But this is exactly what SOPA and PIPA proposed to do: irrespective of the user’s location, search engines would not link to the allegedly infringing content. Thus, US law would have applied directly to third State citizens outside of US jurisdiction. Should a website operator have wished to challenge a court order, he would necessarily have had to consent to the jurisdiction of US courts. Consequently, one might go as far as to conclude that the US government would force compliance with US IP laws on third countries. From a third country point of view, this is not acceptable. Non-US citizens would have to comply with domestic laws and may have been bound by international treaties and agreements, but not by unilateral US initiatives. However, the US IP enforcement strategy seemed to export its rules to other countries, including European countries.

same answer when queried with respect to an Internet address. This core principle would be undermined if domain servers ceased resolving specific domain names to the respective IP address. 66 The Chinese web content blocking scheme is officially named the “Golden Shield Project”. 67 See Ronald Deibert/John Palfrey/Rafal Rohozinski/Jonathan Zittrain, Access denied, the practice and policy of global Internet filtering (2008), Country summary China, pp. 263–268.

39

Introduction

The protests against SOPA and PIPA were remarkably effective and none of the bills might ever be turned into law.68 Thus, on the day of the Wikipedia blackout, a bipartisan group of US lawmakers introduced the Online Protection and Enforcement of Digital Trade Act (OPEN) and asked for public contribution so that the Act “becomes a digital citizen’s bill of rights”.69 Whether this project, on which everyone can comment, criticise and collaborate will be successful and will lead to a feasible result remains to be seen. It shows, however, a change in the attitude towards law-making where laws affect basically each citizen. IV. EU: IPRED2 In the European Union, remedies and sanctions for intellectual property rights infringements are foreseen in several EU Directives, with the most detailed being the Intellectual Property Rights Enforcement Directive (IPR Enforcement Directive or IPRED).70 The IPR Enforcement Directive harmonises inter alia the rules on standing, evidence, provisional measures, seizure and injunctions in civil matters. The primary aim of the Directive is to provide for civil remedies necessary to enforce intellectual property rights. Initially, it was foreseen that the Directive is supplemented by a further Directive, known as IPRED2, which was to provide for criminal measures aiming at ensuring the enforcement of intellectual property rights.71 However, the second Directive was never passed and the European Com-

68 PIPA has already been voted out of the Senate Judiciary Committee in September. A vote on SOPA had been scheduled for 23 January 2012, but due to the public protest and a White House statement that it will not support SOPA, see Victoria Espinel/Aneesh Chopra/Howard Schmidt, Combating online piracy while protecting an open and innovative Internet, Official White House response to the petitions “Stop the E-Parasite Act” and “VETO the SOPA bill and any other future bills that threaten to diminish the free flow of information” (14.01.2012), and US Senate, Committee on the Judiciary, Statement from Chairman Smith on Senate Delay of Vote on PROTECT IP Act, Senate press release of 20.01.2012. 69 See http://keepthewebopen.com/ (last accessed on 06.06.2014). 70 Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of Intellectual Property Rights, OJ L 157 (30.04.2004), 16–25. 71 See European Commission, Proposal for a European Parliament and Council Directive on criminal measures aimed at ensuring the enforcement of intellectual property rights, COM(2005) 276 final (12.07.2005).

40

E. Macrolevel Approaches to Fight Online Copyright Infringements

mission decided to withdraw the proposal for the Directive in 2010.72 Criminal sanctions for enforcement of intellectual property rights are therefore currently not harmonised. The effective fight against counterfeiting and piracy is still on the European Commission’s agenda. In order to encourage greater collaboration in the area of intellectual property rights enforcement, in April 2009 the Commission launched the “European Observatory on Counterfeiting and Piracy”, which shall provide evidence-based contributions and data to enable EU policymakers to shape effective intellectual property enforcement policies and to support innovation and creativity.73 However, as the need for a stronger, horizontal and harmonised instrument at EU level to combat piracy, in particular online piracy, is still perceived, the IPR Enforcement Directive is currently under review. The EU Commission intended to publish a revised draft version of the IPR Enforcement Directive which is intended to be fit for the digital age, in autumn 2012.74 However, in the current harsh climate for anti-piracy legislation, it seems that the Commission is not in a hurry to publish the draft bill. Being faced with protests all around and with the rejection of ACTA in the European Parliament, the Commission decided to extend its review of IPRED1 and postpone the publication of a draft version for a revised Directive. In this regard a public consultation on the efficiency of proceedings and accessibility of measures was conducted in 2013.75 Against the background of ACTA, SOPA and PIPA, the public carefully watches anti-piracy initiatives and the follow-ups of the Commission consultation remain to be seen.

72 See Withdrawal of obsolete Commission proposals, OJ C 252 (18.09.2010), 7. 73 In June 2012, the European Observatory on Counterfeiting and Piracy has been transferred to the Office for Harmonization in the Internal Market (OHIM) in Alicante on the basis of Regulation (EU) 386/2012 (OJ L 129 (16.05.2012), 1–6), and has been renamed as “the European Observatory on Infringements of Intellectual Property Rights”. 74 See European Commission, Proposal for a revision of the Directive on the enforcement of intellectual property rights (Directive 2004/48/EC). 75 European Commission, Civil enforcement of intellectual property rights: public consultation on the efficiency of proceedings and accessibility of measures, consultation period 30.11.2012 to 30.03.2013 (July 2013). For a summary of the responses see http://ec.europa.eu/internal_market/consultations/2012/intellectual-p roperty-rights_en.htm (last accessed on 06.06.2014).

41

Introduction

V. Copyright Enforcement in the EU: No Uniform Approach in Member States Due to little progress on EU level intellectual property rights enforcement, Member States are increasingly adapting specific online legislation in order to respond to copyright infringements on the Internet. These regimes include the Lois HADOPI76 in France, the Ley Sinde77 in Spain and the Digital Economy Act 201078 in the UK. These schemes are targeted at different actors, but primarily seek to enforce copyright against end-users by way of graduated response schemes. Graduated response schemes foresee the sanctioning of an infringer following a certain number of notifications of infringements that also inform him about possible sanctions. The Member States thereby respond to the problem that enforcement schemes that functioned in the offline world, reach their limits when applied in the online world. The major issue in this regard is that in the online world, it is difficult and often impossible to identify the actual infringer. The only digital trace infringers leave in Cyberspace are usually their IP addresses. An IP address, however, only allows the identification of the subscriber of a specific Internet access service. Thus, new legislation constructs responsibility of subscribers, which would make the identification of the actual infringer more or less obsolete. Where criminal sanctions are concerned in this respect, issues arise with regard to the proportionality of criminal sanctions against non-infringers. Some proposed and implemented sanctions even go so far to ban subscribers from the Internet. In this regard, this research will also examine the legal implications for other users affected by a disconnection order. As opposed to the offline world, sanctions that interfere with the subscriber’s Internet access service will likely affect users other than the subscriber. The suspension or limitation of Internet access is a novel instrument, nothing comparable ever existed before; it is unknown whether the disconnection of telephone lines in con-

76 Loi no. 2009-669 du 12.06.2009 favorisant la diffusion et la protection de la création sur Internet and Loi no. 2009-1311 du 28.10.2009 relative à la protection pénale de la propriété littéraire et artistique sur Internet. 77 Ley 2/2012, de 4 de marzo, de Economía Sostenible, available at http://www.boe.e s/boe/dias/2011/03/05/pdfs/BOE-A-2011-4117.pdf. 78 Digital Economy Act 2010, available at http://www.legislation.gov.uk/ukpga/2010/ 24/pdfs/ukpga_20100024_en.pdf.

42

F. Limits of the Research

nection with criminal offences has been on anyone’s agenda in the past. The Internet is, however, not only a means of one-to-one communication, but also a means to seek, receive and impart information. Consequently, any interference with Internet access must be balanced against the fundamental rights of the users concerned. Where no Internet-specific legislation is passed, Member States seek to apply their traditional regime to Internet scenarios. An example for such an approach would be Germany, where courts construed responsibility of Internet access service subscribers by applying a liability concept that derives from liability for dangerous property. The same regime is also applied by German courts to host providers when requiring them to stop the continuation of an infringement. While the approach to establishing online intermediary liability differs in the EU, the European legal framework provides for common liability exemptions for online intermediaries. In that respect, all Member States are faced with indefinite legal concepts that call for clarification by the Court of Justice of the European Union (CJEU). F. Limits of the Research Against all the issues that have already been touched, it is necessary to identify the limits of the scope of this research. Obviously a multitude of issues arise in respect of copyright enforcement on the Internet, which include inter alia: questions of digital evidence, in particular the collecting of evidence and its reliability; identification of infringers; liability of potential non-infringers, in particular liability of online intermediaries and subscribers of Internet access services; colliding rights and interests, such as the conflict between copyright protection on the one hand and freedom of speech and information, data protection and privacy on the other; private international law issues, such as the applicable law when infringements are committed online; enforcement of rights where the targets of legal action are located elsewhere. Addressing all these issues would go beyond the scope of this book as the main focus of this research, the issue of online copyright enforcement, would perish in discussions of national copyright law. The territoriality of copyright and a lack of complete harmonisation of copyright laws, makes it impossible to compare enforcement one-to-one. Thus, only selected questions with regard to the establishment of an infringement will be dis43

Introduction

cussed, for instance whether sharing of bits and pieces of a work amounts to a copyright infringement, or whether back-up copies on file-hosters are legitimate under the private copying exception. The issues addressed are carefully selected and solely intend to highlight that already the establishment of an infringing activity is not so easy as it may seem at first glance. In that respect also technology issues, such as the reliability of digital evidence, will be briefly addressed without clarifying them exhaustively. Further, although this research refers to online copyright enforcement with a focus on enforcement within the EU, it was necessary to restrict the national instruments that are examined to three EU Member States, namely France, Germany and the United Kingdom. Again, these Member States have been carefully selected because they do not only stand for different and innovative approaches but also provide more case law than other States with regard to copyright enforcement on the Internet. The assessment of these measures will focus on their compliance with secondary EU Law and fundamental rights. As regards the assessment of fundamental rights, in particular a fair balance between copyright enforcement and the rights of others, it will be discussed to what extent or to what human rights’ cost copyright on the Internet can and should be enforced. In this respect, social policy and behaviour questions such as whether we should enforce copyright on the Internet at all will not be addressed. The assessment of the legitimacy and proportionality of responses to copyright infringement constitutes the centre of consideration of this work. The research will finally show that as of now governments are not moving from constraining human behaviour with laws to indirectly constraining behaviour by regulating software, a scenario that Lawrence Lessig was worried about in his influential work “Code: Version 2.0”.79 G. Terminology It is important to clarify some of the terminology that is used throughout this work. Infringement in this work refers to the unauthorised copying, distribution or use of a copyrighted work. As stated above, it is not the intention of this work to define what constitutes an infringement under dif79 As regards Lessig’s worries in relation to a shift from “East Coast Code” to “West Coast Code” see Lawrence Lessig, Code: Version 2.0 (2006), pp. 4 et seq. and pp. 74 et seq.

44

I. Outline of the Research

ferent national laws, but to analyse how infringements are sanctioned, eliminated and ultimately also prevented, hence how copyright is enforced. Different terms are used to describe the increasing phenomenon of online copyright infringements and they are used interchangeably. The most common terms are: Internet or online piracy, illegal downloading or illegal file-sharing. The basic statement of all of these notions is that the activity referred to is in violation of the law. In order to use a uniform notion throughout this work, the terminology used in the following when addressing the fight against these activities will be copyright enforcement. Copyright enforcement does not only include the imposition of sanctions for copyright infringements but also the prevention of such infringements. It further encompasses infringements of copyright and related rights. H. Sources This research encompasses principally legislation and jurisprudence from the EU Member States France, Germany and the UK. Further, the analysis of EU secondary legislation, in particular the relevant Directives, builds an essential part of this research. In order to identify the fundamental rights concerned and potential justifications for interferences with these rights, the jurisprudence of the European Court of Human Rights (ECtHR) and the Court of Justice of the European Union (CJEU) are important sources. The latter plays a significant role when it comes to the interpretation of the applicable Directives. Further legal doctrine, opinions, legal commentaries, legal papers as well as scientific papers discussing technology are important sources for this work. I. Outline of the Research This work is divided into three main chapters. In order to provide some general background to the subsequent research, the first Chapter begins by outlining the history of online copyright infringements and enforcement (A.). When examining the status quo of copyright enforcement, it is instructive to also look at the predecessor technology and be familiar with new technologies that facilitated copyright infringements. The second part

45

Introduction

of the first Chapter provides some background on the functioning of information and communications technology (ICT) (B. I.), identifies the fundamental rights that may be interfered with and defines the scope of protection guaranteed by these rights (B. II.). The second and third Chapter are both in a similar way structured, with the second Chapter discussing enforcement measures that are targeted at end-users, and the third Chapter discussing enforcement measures that are targeted at the infringing content itself and are addressed to online intermediaries. To facilitate the legal assessment, both Chapters at first outline the activities addressed and the reasons for addressing either users or online intermediaries (A. I.–II.). In the following, both Chapters outline the respective technological challenges that enforcement is faced with (A. III.). On this basis, both Chapters will then set out the applicable European legal framework before enforcement in the Member States is assessed (B. I.). In the second Chapter, the assessment of national enforcement is divided into two major parts. First, enforcement by criminal sanctions by way of graduated response schemes is discussed (B. II.). In this regard the French approach (B. II. 1.) is compared to the approach in the UK (B. II. 2.), before the concerns relating to technology, secondary EU legislation and fundamental rights are focussed on (B. II. 3.). The same structure is employed with regard to enforcement against end-users through private litigation (B. III.). In this respect, the German approach will be focussed on (B. III. 1.), and the UK approach only addressed briefly, highlighting the concerns of the UK courts when the German model of cease and desist letters was imported to the UK (B. III. 2.). On the basis of the prior assessment of criminal enforcement, the final section will discuss the concerns relating to technology, secondary EU legislation and fundamental rights (B. III. 3.). In the third Chapter, the assessment of national enforcement measures is divided into three major parts. The first part discusses the failed attempts to enforce copyright upon the initiative of administrative authorities (B. II.). Due to diverging approaches to this subject matter, all three Member States (France, Germany and the UK) will be addressed in this context. In the following, enforcement upon initiative of the rights-holders via access providers is analysed (B. III.). In this regard, the focus is on the approach conducted in the UK (B. III. 1.), which is then contrasted against the German refusal of granting injunctions against access providers (B. III. 2.). Similar to the second Chapter, the outline of the enforcement scheme 46

I. Outline of the Research

is followed by an assessment of the concerns in relation to technology and fundamental rights (B. III. 3.). The final section of the third Chapter addresses enforcement upon the initiative of the rights-holders that is directed against host providers (B. IV.). In this respect, the German (B. IV. 1.) and French (B. IV. 2.) approach will be compared and subsequently analysed in terms of how technological issues are dealt with and in terms of compliance with secondary EU law and fundamental rights (B. IV. 3.). The three main Chapters will be followed by a general conclusion which addresses the problems and prospects of online copyright enforcement in brief.

47

First Chapter: Legal and Technological Background

A. The Status Quo – or How Did We Get to Where We Are Today? I. Copyright in a Digitalised World In simple terms, copyright is a legal concept that grants the author of an original work exclusive rights to its use and distribution, usually for a limited time, with the intention of enabling the author to receive compensation for his work and be able to financially support himself. In a digital world these rights are challenged more than ever due to the dissemination factor of the Internet and the ease by which works can be reproduced by everyone without a loss in quality. The following sections seek to explore the fundamentals of copyright and its enforcement in order to understand, where the core ideas of copyright derive from and to explore the challenges for copyright in an online environment. In this respect, it will also be necessary to look at the scope of copyright infringement. This being said, the challenges for copyright that derive from technological progress and the scope of technology are put forward as justifications for new legislation in this field of law. 1. A Short History of Copyright and Copyright Enforcement in the Offline World In civil law tradition, the scope of copyright extends beyond being a mere economic right for the distribution of creative content and it includes also moral rights of the author. It first developed in the early modern period as a response to the printing technology that facilitated the vast and fast multiplication of copies of written works.80 At the “heart” of copyright law lies the assumption that respect needs to be paid to intellectual property. It grants the author of an original work

80 Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4th ed. 2013), Einleitung para. 10.

49

First Chapter: Legal and Technological Background

exclusive rights to it for a limited time. These exclusive rights give the copyright-holder the right to charge third parties for accessing the work. This basic principle does not only serve as an incentive for authors to create, but also establishes a system whereby intellectual property can be marketed. A work in the sense of copyright law as defined in Article 2 (1) of the Berne Convention for Protection of Literary and Artistic Works includes productions in the literary and artistic domain, whatever may be the mode or form of their expression, such as books and other writings, musical compositions, cinematographic works, drawings, paintings and photographic works. Today, copyright promotes the creation of new works by giving authors control of and profit from them. Copyright is confined to specific territories, which means that it does not extend beyond the territory of a specific state, unless that state is a party to an international agreement.81 Most countries are parties to at least one such international copyright agreement with the result, that many aspects of national copyright laws have been standardised. Nevertheless, national copyright laws may have some unique features such as the fair use exception in US copyright law.82 Most jurisdictions recognise certain copyright limitations, allowing for example exceptions to the creator's exclusivity of copyright, and giving users certain rights such as the aforementioned fair use of protected works. The birth of copyright was the attempt of governments to regulate and control the output of printers in the 15th century. Before the 18th century, the term of copyright was not used, instead the concept was referred to simply as the “copy”, which was substituted for the word “licence”.83 The modern concept of copyright is believed to stem from the early 16th century.84 At that time, it was tied to the ownership of printing presses and was a right to print and distribute printed materials; it was not linked to the author as it is in the contemporary context. Unlike today, it was a mere economic right, associated with the book trade, and it was not seen as a property right or as having any regard to culture.85 Hence, up to the 18th century, copyright was characterised by state licenced printers holding a

81 82 83 84 85

50

Ibid, Einleitung, para. 42. 17 US Code § 107: Limitations on exclusive rights: Fair use. Monica Horten, The Copyright Enforcement Enigma (2011), p. 14. Ibid. Ibid.

A. The Status Quo – or How Did We Get to Where We AreToday?

monopoly over the printing and distribution of books.86 In return for control of the market, printing licensees had to comply with state censorship demands.87 The first known copyright statute is the English Statute of Anne of 1709,88 which marked a change in the approach to licensing by giving the “copyright” to authors who could then authorise the printing of their own work for a limited time. Since the Statute of Anne, copyright is associated with the author of a work rather than the printer or publisher.89 The Statute also contained copyright enforcement mechanisms when giving copyright-holders the right to sue for damages, as well as setting forth that unauthorised book copies could be seized by the rights-holders.90 The Statute also introduced a concept of indirect liability, whereby booksellers, who knew of an unauthorised copy might also be sanctioned.91 The move from the monopoly of printers to a limited monopoly right, where authors were given the copyright in their works marked the recognition of copyright as an economic incentive to create.92 While under common law the focus was on the economic interests of the author, a number of civil law jurisdiction such as Germany, France, and Belgium also recognised the importance of moral rights of an author.93 Once copyright had become a statutory right guaranteed by law,94 the rights-holders turned to the judicature to enforce their rights. Subsequently, many disputes dealt with territoriality or technical formats.95 Territori-

86 For the situation in France see ibid, pp. 19 et seq. 87 Ibid, pp. 15–17; Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4th ed. 2013), Einleitung para. 10. 88 Ian J. Lloyd, Information Technology Law (6th ed. 2011), p. 285. 89 Monica Horten, The Copyright Enforcement Enigma (2011), p. 18. 90 Statute of Anne 1709, p. 262. 91 Ibid. 92 Cf. Monica Horten, The Copyright Enforcement Enigma (2011), pp. 18 et seq. 93 Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4 th ed. 2013), Einleitung para. 10. 94 In France, it only became a statutory right after the French Revolution with the Loi du 13 janvier 1791, relative aux théâtres et au droit de représentation et d’exécution des œuvres dramatiques et musicales which was amended by the Loi du juillet 1793, relative à la propriété littéraire et artistique. In Germany, a first statutory regulation of the relationship author – publisher can be found in the Allgemeines Preußisches Landrecht 1794; the basis for the modern German copyright code was the Badisches Landrecht 1809. 95 For the so-called Battle of the Booksellers, see Monica Horten, The Copyright Enforcement Enigma (2011), pp. 22 et seq.

51

First Chapter: Legal and Technological Background

ality became such an important issue as copyright is national and early statutes did not necessarily grant protection to foreign works. This resulted in the ability of publishers to take works from one country and publish them in another without paying the original authors. Territorial disputes, even between the small German states96, led to the signing of the Berne Convention in 1886, the first multi-lateral copyright treaty, which established rights but no enforcement mechanisms.97 Not until 1994, were the latter introduced by the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS).98 In the 20th century, new technologies allowed for improved publishing and reproduction formats, providing a catalyst for copyright reforms.99 Cross-border business and interaction had made it necessary to agree upon a basic international copyright framework. The Berne Convention sets up minimum standards for copyright protection and requires the parties to the Agreement to recognise the copyright of works of authors from other signatory states in the same way as it recognises the copyright of its own nationals. While new technologies like piano role, records, radio, television, copy machines, video recorder, digital storage media, and data networks are content-neutral, they have required adaptions of copyright, once the economic changes brought by these technologies as well as the societal changes in the wake of new communication formats became known. Protection had to be extended and adapted to cover new forms of works (i.e. photography, film, sound recording, or software), of multiplication (i.e. printing press, tape recorders, or photocopiers) and of transmission (inter alia broadcasting, cable transmissions, Internet). Already at the end of the 19th century, sheet music publishers started fighting new technologies, i.e. the piano roll and gramophone records, by accusing the emerging record industry of breaching copyright.100 The dispute was settled in 1909 when the US Congress introduced a mechanical

96 Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4th ed. 2013), Einleitung para. 42. 97 The US did not sign the Berne Convention until 1989. 98 Agreement on Trade-Related Aspects of Intellectual Property Rights, Annex 1C to the Agreement establishing the World Trade Organisation (TRIPS, Marrakesh 1994). TRIPS was negotiated at the end of the Uruguay Round of the General Agreement on Tariffs and Trade (GATT). 99 Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4 th ed. 2013), Einleitung para. 11. 100 See Monica Horten, The Copyright Enforcement Enigma (2011), pp. 23 et seq.

52

A. The Status Quo – or How Did We Get to Where We AreToday?

licence, requiring a fee to be paid to the composer for the right to make a recording.101 The next copyright battle was fought in the 1970s when the video recorder enabled copyright infringement by consumers. The Walt Disney Company and Universal Studios wanted to make Sony as the producer of the Betamax recorders responsible for contributory infringement. The US Supreme Court held that it was legal to manufacture and sell standardised copying equipment, and that it “does not constitute contributory infringement if the product is widely used for legitimate, unobjectionable purposes”.102 While the Hollywood industry feared the wide availability of video recorders, in particular blank tapes, videotapes and their successor the digital video disc (DVD)103 became a lucrative product line for the film industry.104 The movie industry is nowadays seeking to protect exactly this product line. The same development can be seen in the music industry: with rising popularity of cassette recorders, the music industry feared that people recording music from the radio onto cassettes would cause a decline in record sales. Thus, music industry trade groups like the British Phonographic Industry (BPI) started to campaign against private copying with the slogan “Home Taping is Killing Music”.105 Similar campaigns were run when new reproduction products entered the market, such as the “Don‘t Copy That Floppy” anti-copyright infringement campaign run by the US Software Publishers Association (SPA) in 1992.106 Rightsholders associated with new technologies feared a loss of control over their rights as protected by law, and beside their campaigning, demanded a strengthening of their position. In the context of industry campaigning and lobbying, it needs to be mentioned, that the current developments are characterised by a material Zeitgeist and a strong economic-oriented perspective, which protects investment rather than the creativity of an author.107

101 Ibid, p. 25. 102 US Supreme Court, Sony Corp. of America v Universal City Studios Inc., 464 U.S. 417 (1984), 442. 103 Nowadays the abbreviation DVD stands for digital versatile disc. 104 Monica Horten, The Copyright Enforcement Enigma (2011), p. 26. 105 The logo consisted of a Jolly Roger formed from the silhouette of a compact cassette. 106 Cf. Software & Information Industry Association (SIAA), SIIA Releases Sequel to Classic Anti-Piracy Music Video “Don’t Copy That Floppy”, Reuters (09.09.2009). 107 Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4th ed. 2013), Einleitung, para. 17a.

53

First Chapter: Legal and Technological Background

This economic component reflects the concentration of individual rights in the hands of global players, namely collecting societies and associations.108 The integration of the World Intellectual Property Organization (WIPO) into the United Nations marked a transition for WIPO from the mandate it inherited from the Bureaux Internationaux Réunis pour la Protection de la Propriété Intellectuelle (BIRPI)109 in 1967, promoting protection of intellectual property, to one that involved the more complex task of promoting technology transfer and economic development.110 Enforcement mechanisms, however, were not implemented at an international level until TRIPS in 1994.111 TRIPS as such is the result of intense lobbying by the US supported by the EU and other developed nations. Ratification of TRIPS is a compulsory requirement of World Trade Organisation membership and for this reason, it has become the most important multilateral instrument for the globalisation of IP laws. The Agreement has a detailed chapter dedicated to the setting of minimum standards of intellectual property rights enforcement and technical cooperation and provides for a structure responsible for monitoring the implementation of the provisions of the Agreement and for consultation between Member States. Under Part 3 of TRIPS (Articles 41–61), governments must ensure that intellectual property rights can be enforced under their domestic laws, and that the remedies constitute deterrents to further infringements. The provisions oblige WTO Member States to provide enforcement procedures, including civil or administrative remedies, as well as criminal penalties, that permit effective action against any act of copyright infringement. The TRIPS enforcement provisions describe in some detail how enforcement should be handled,

108 Ibid. 109 The WIPO is the successor of Bureaux Internationaux Réunis pour la Protection de la Propriété Intellectuelle (BIRPI), which was established in 1893, and administered the Berne Convention. 110 Preamble to the Convention Establishing the World Intellectual Property Organization, signed in Stockholm on 14.07.1967. 111 The so-called Berne-plus minima for substantive protection. “Berne-plus” means that the minimum standard for international copyright protection has risen beyond the Berne standard in the ways enumerated in the substantive section of the TRIPS Agreement on copyright (Section II, Articles 9-14). A detailed discussion of the substantive standards of TRIPS and to what degree these go further than the standards of the Berne Convention would be beyond the scope of this research.

54

A. The Status Quo – or How Did We Get to Where We AreToday?

including rules for obtaining provisional measures, injunctions, damages and other penalties, as well as rules for obtaining evidence. Key to the TRIPS enforcement standard is, that remedies must constitute a “deterrent to further infringements”. Article 61 TRIPS also requires Member States to provide that wilful copyright piracy is a criminal offence, and that criminal enforcement must be used by governments against copyright piracy “on a commercial scale”. However, TRIPS did not yet contain provisions concerning digital enforcement. This began to change with the adoption of the 1996 WIPO Copyright Treaty, which addressed questions raised by new economic, social, cultural and technological developments.112 The WIPO Copyright Treaty was the basis for the US Digital Millennium Copyright Act and was implemented into EU law by Directive 91/250/EC creating copyright protection for software113, Directive 96/9/EC on copyright protection for databases114 and the InfoSoc Directive 2001/29/EC115. The Treaty does not directly introduce new enforcement mechanisms, but obliges the contracting parties to provide legal remedies against the circumvention of technological measures (the so-called “anti-circumvention” clause), e.g. encryption, used by authors in connection with the exercise of their rights and against the removal or altering of information, such as certain data that identify works or their authors, necessary for the management (e.g. licensing, collecting and distribution of royalties) of their rights.116 The digital rights management is a first response to copyright challenges that arose with the digitalisation of content and that will be addressed in the following section. The WIPO Copyright Treaty as well as the WIPO Performances and Phonograms Treaty also introduced the “making available” right, a concept that considers the necessity to control the use of material in addition to control the existence of physical copies. With an increasing

112 See Preamble to the WIPO Copyright Treaty, adopted in Geneva on 20.12.1996. 113 Council Directive 91/250/EEC of 14.05.1991 on the legal protection of computer programs, OJ L 122 (17.05.1991), pp. 42–46. 114 Directive 96/9/EC of the European Parliament and of the Council of 11.03.1996 on the legal protection of databases, OJ L 077 (27.03.1996), pp. 20–28. 115 Directive 2001/29/EC of the European Parliament and of the Council of 22.05.2001 on the harmonisation of certain aspects of copyright and related rights in the information society (InfoSoc Directive), OJ L 167 (22.6.2001), pp. 10–19. 116 See Article 11 WIPO Copyright Treaty.

55

First Chapter: Legal and Technological Background

dematerialisation of content, control over the use of material becomes essential. 2. Copyright Challenges in an Online Environment History shows that copyright is a response to evolving technology, from the past until today. The resistance with regard to offline copying equipment gives an idea of what to expect in the digital age where copying is becoming increasingly easier. Major copyright challenges in a digitalised world are the growing use of the Internet and communication technologies that allow the instantaneous copying of materials as well as the emergence of user-generated content. In addition, many users find it more and more difficult to distinguish between legal and illegal use of intellectual property. a) Technological Progress The development of digital media and computer network technologies introduced new challenges for rights-holders to enforce copyright. These days, it requires not much effort to produce and distribute a work that itself required a certain degree of effort and investment to be created. It does not require a high degree of computer skills to copy a CD; neither does it require elaborated skills to download content from the Internet or upload content to the Internet. The dissemination of content in general has never been as easy; neither has been the copying. Copying now also plays a significant role in the creation of new content: users use existing works to remix them, create mash-ups or alter them in another way. Technological progress means that some goods and services can nowadays be traded independently from any physical medium. In this context, one may speak of the aforementioned digital “dematerialisation”. Music, films and books can be consumed remotely without the need to acquire a physical copy. Historically, music was the first digital content that was available on the Internet. With increased broadband capacity, the distribution of larger files, for example cinematographic works, became faster and easier. With increased popularity of e-book readers, e-books are the newest form of media affected by piracy. Nowadays, access to content is quick and easy.

56

A. The Status Quo – or How Did We Get to Where We AreToday?

E-books for instance can be downloaded directly from the e-book reader onto the reader via an Internet connection. At the same time the publication of own works on open electronic networks is easier than ever before. While digitalisation facilitates or improves many aspects of our daily life, it also opens the door to new types of criminal offences. Intellectual property rights infringements are not a new phenomenon, but they are tremendously facilitated by digitalisation. The basis for digital copyright infringements is fast and accurate reproduction. During the pre-digital age, people recorded songs played on the radio onto tape. This kind of recording as well as the copying of a record or a video-tape necessarily resulted in a degree of loss of quality. Today the popular self-produced “mix-tapes” have been replaced by digital recordings from Internet radio channels. The self-produced copy commonly does not lack quality when compared with the original. Similar to the way of copying, the distribution of unauthorised copies has changed. In the past, an actual physical copy had to be handed over physically one-to-one. Accordingly, the self-produced mixtape was actually given to friends in face-to-face. Similarly, professional counterfeit products such as illegal pressings of records were sold by street vendors or at car boot sales. This was due to the fact that copies were intrinsically linked to a tangible good. Today, a copy is distributed one-tomany or many-to-many. It is possible to duplicate digital sources without loss of quality anytime and anywhere, and also to make copies from any copy. Content can be rapidly multiplied and distributed worldwide at no cost. As previously mentioned, it is essential, that copying does not lead to reduced quality and does neither involve huge effort nor disproportional costs. Since the launch of the original Napster website in 1999, copyright violation has become a mass phenomenon. Simultaneously, enforcement of copyright has become significantly more difficult. While some argue that the anonymity of the Internet lowers the threshold for illegal behaviour,117 it is obvious that anonymity, by nature, at least makes copyright enforcement more difficult.

117 Boris Paal/Moritz Hennemann, Schutz von Urheberrechten im Internet, ACTA, Warnhinweismodell und Europarecht, MultiMedia und Recht 2012, 288.

57

First Chapter: Legal and Technological Background

Rights-holders are most commonly faced with the exchange of copyright-protected works in peer-to-peer118 file-sharing networks and the dissemination of copyright-protected works via file-hosting services119 or streaming websites120. File-sharing systems are being used to exchange any kind of computer data, including music files, videos or software. Especially during the first decade of the 21st century, peer-to-peer technology was extremely popular for exchanging music files and later on, with increasing bandwidth, also for (HD) movies. Techniques of exchanging computer data have become highly sophisticated and now also enable the exchange of large files within short time. As technology progresses, file-sharing systems have moved on from such using a central server to decentralized networks. While centralised file-sharing models enabled rights-holders to take action against unauthorised file-sharing, the decentralised structure of modern file-sharing networks makes it more difficult for rights-holders to trace infringers. Technological progress also meant that the scale of copyright infringement grew. More and more people gain access to the Internet, which also allows for copyright infringement to become a large-scale, global phenomenon that causes worldwide concern. b) Failure of Technological Protection Measures Early responses to copyright infringements saw rights-holders protecting their works with Technical Protection Measures (TPMs) against unauthorised access and copying. The digital format also allowed for the so-called Digital Rights Management (DRM), which was used to prevent actual access to copyright works, to prevent unauthorised copying, or to control the use of a copyrighted work, which the user was authorised to access.121 The use of TPMs and DRM was paralleled by legal provisions in the WIPO Copyright Treaty and the WIPO Performances and Phonograms 118 Peer-to-peer (P2P) describes direct connectivity between participants in networks instead of communicating over centralised server-based structures. As regards the functioning of peer-to-peer file-sharing see A. II. 1. Peer-to-Peer File-Sharing. 119 Such as Rapidshare or Megaload. 120 Most prominently kino.to, whose providers were convicted for copyright infringements in Germany. 121 Diane Rowland/Uta Kohl/ Andrew Charlesworth, Information Technology Law (4th ed. 2012), p. 348.

58

A. The Status Quo – or How Did We Get to Where We AreToday?

Treaty supporting their use. In the EU, Article 6 InfoSoc Directive implemented the international obligations of Article 11 WIPO Copyright Treaty and Article 18 WIPO Performances and Phonograms Treaty. The Directive required Member States to provide for protection against acts of circumventing protective technological measures (Article 6 (1)) and against dealings in such circumvention devices (Article 6(2) InfoSoc Directive). According to the Directive, the protection of TPM complements the protection of copyright.122 However, TPMs, in particular DRM, was of limited success in the beginning: CDs with DRM schemes could not be played on various CD players because they are rather CD-ROM media123 than standard audio CDs.124 Computers running Microsoft Windows have been reported to have crashed when attempting to play these types of CDs.125 DRM policies also did not allow for legal uses, such as making backup copies of CDs, or DVDs or fair use. Accordingly, DRM was not appreciated by consumers. Notably, Article 11 of the WIPO Copyright Treaty 1996, implicitly allows circumvention of anti-copying measures for acts that would be permitted by law, but it does not give any practical guidance as to how this should or could be accomplished. The circumvention of anti-copying mechanisms, however, raises questions relating to the ability and the legality of de-compilation or disassembly of a computer program, which will not be discussed here.126 In January 2007, music recording and publishing company, EMI, stopped publishing audio CDs with DRM, arguing that “the costs of DRM do not measure up to the results”.127 This example was followed by other

122 Commission of the European Communities, Commission Staff Working Document, Report to the Council, the European Parliament and the Economic and Social Committee on the application of Directive 2001/29/EC on the harmonisation of certain aspects of copyright and related rights in the information society (30.11.2007), SEC(2007) 1556, p. 7. 123 CD-ROMs are identical in appearance to audio CDs, but differ from audio CDs in the standards used to store the data. 124 Rita Lewis, What is DRM and why should I care?, Firefox News (08.01.2008). 125 Ibid. 126 For more information on these issues see Diane Rowland/Uta Kohl/Andrew Charlesworth, Information Technology Law (4th ed. 2012), p. 348. 127 The Economist, Criminalising the consumer – Where digital rights went wrong, The Economist (27.04.2007).

59

First Chapter: Legal and Technological Background

record labels and a number of online music stores including Apple‘s iTunes.128 The failure of CDs with embedded DRM schemes showed that the approach to see a criminal in every consumer is not a good starting point to protect and enforce copyright. One may even argue that the interoperability, which was also linked with some schemes such as Apple iTunes and the fact that legitimately acquired CDs could not be played on every CD player, backfired. It may as well have raised awareness of users in terms of circumvention tools or made them turn to file-sharing networks, where they could get a “ripped copy”,129 which they could play on all their devices without restrictions. c) Lack of Understanding Intellectual Property Rights It is important to understand that file-sharing as such is not illegal. There is also legitimate use of file-sharing networks, for example the exchange of authorised copies or works from the public domain. A variety of business models exists online, such as free downloads supported by advertising or free browser games with premium charges for advanced use. For consumers, it is not always obvious whether a music service is providing copyrighted material without authorisation unless the service – as Hargreaves puts it his Digital Opportunity Report130 – puts the “skull and

128 Ibid. Apple has its own DRM system called FairPlay which is used by the iPhone, iPod, iPad, Apple TV, iTunes, and iTunes Store and the App Store. FairPlay has however been abolished in relation to music files in 2009, but is still used in relation to videos. 129 Ripping is the process of copying audio or video content to a hard disk, typically from removable media such as CD or DVD, although the word refers to all forms of media. “Ripping” is often used to shift formats, and to edit, duplicate or back up media content, thus must not be confused with simple file copying. Ripping always involves reformatting the content. Accordingly, a “ripped copy” is a copy in a format that is distinct from the original format. 130 Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011). The Hargreaves Review of Intellectual Property and Growth, or Digital Opportunity – A review of Intellectual Property and Growth, was an independent review of the United Kingdom's IP system, focusing on domestic copyright law. Professor Ian Hargreaves was commissioned to chair a review of how the IP framework supports economic growth and innovation in November 2010 by Prime Minister David Cameron. The review was published in May 2011.

60

A. The Status Quo – or How Did We Get to Where We AreToday?

crossbones” on its mainsail (like the Swedish download service, the Pirate Bay, did).131 So it came to no surprise that face to face interviews with British adults conducted in September 2009 showed that 73 % of consumers are unaware of what they are allowed to replicate or record.132 This indicates that consumers are confused by the concept of ownership in the digital age. In the analogue world, the situation was different: Intellectual creations were intrinsically tied to movable things, i.e. books, cassettes, vinyl or film reels. An infringing copy commonly came with a lack of quality unless made by using professional equipment. In a digital world of intangible goods, copied works come in the same quality and format as the originals. Users may get an electronic version of a book or record, either through a retailer like Amazon or via a file-hosting platform like Rapidshare, without being able to tell, if there is a difference between the original and a pirated version. Against this background, users may be confused why downloading from some sources is legal and from other sources it is illegal. They may be unaware, that the act of downloading copyrightprotected digital content can be qualified as a copyright-relevant reproduction and that essentially, every form of downloading involves copying. 133 If a user wants to be on the safe side, he will need the copyright owner’s prior permission in order not to contravene copyright laws. Such prior permission can be acquired by a licence, including an implicit licence.134 A licence, however, does not necessarily imply that the user needs to pay for the content. Several business models exist, that are funded by advertisements, making it difficult for users to distinguish between legal and illegal content. These platforms as well as websites with user-generated content are also used by newcomers to become known to a large public, or by established musicians for promotion purposes. Similarly, peer-to-peer networks are increasingly used by artists as a new form of promotion.135 The band Georgia Wonder for instance seeded its songs in peer-to-peer net131 Ibid, para. 8.6. 132 Consumer Focus, Outdated copyright law confuses consumers, press release (24.02.2010). 133 European Parliament, DG for Internal Policies, Policy Department C: Citizens‘ Rights and Constitutional Affairs, File Sharing (2011), p. 8. 134 The latter will for example be granted where the copyright owner himself offers a work for downloading on his website. 135 European Parliament, DG for Internal Policies, Policy Department C: Citizens‘ Rights and Constitutional Affairs, File Sharing (2011), p. 8.

61

First Chapter: Legal and Technological Background

works and became the 14th most downloaded band in the world, and only thus known to the wider audience.136 So called viral marketing can also mean that content is initially offered free of charge before it goes on sale.137 Some users may also be confused by the “private copying exception” which exists in most Member States138 and allows them to make a copy without the copyright owner’s permission for private use.139 Where such an exception does not exist, the reproduction of a legitimate copy that the user purchased for his personal use – for example, making a private backup of the copy, would constitute a copyright infringement.140 This is difficult for users to understand. Particularly in regard to copies for back-up in a cloud service or elsewhere, the exclusion of a private copying exception

136 Techradar, Cheap promotion, Twitter and peer-to-peer, How one band used YouTube, Twitter and file-sharing to create a community of fans, Techradar (16.01.2010). 137 Ibid. 138 Notably, the UK has no such exception. However, the UK government intends to introduce a narrow private copying exception which will allow individuals to copy content under the condition that they own the content, and have acquired the content lawfully. Under this circumstances, they will be allowed to copy the content to another medium or device for their own personal use. See HM Government, Modernising Copyright: A modern, robust and flexible framework, Government Response to Consultation on Copyright Exceptions and Clarifying Copyright Law (December 2012), p. 25. The House of Lords proposed to insert the following new clause into section 28 of the Copyright Designs and Patents Act 1988: “(5) Any provisions of this Chapter relating to an exception for private copying shall not apply where further copies of copyright works are commercially available, under the terms of the acquisition of the copy of the copyright work concerned, by or with the authority of the copyright owner.” See Intellectual Property Bill [HL], Session 2012–14, 17.07.2013. 139 Exception or limitation for private copying is enshrined in Article 5(2)(b) of the InfoSoc Directive, which foresees that “Member States may provide for exceptions or limitation to the reproduction right provided for in Article 2 in the following cases: ...(b) in respect of reproductions on any medium made by a natural person for private use and for ends that are neither directly nor indirectly commercial, on condition that the rights-holders receive fair compensation which takes account of the application or non-application of technological measures referred to in Article 6 to the work or subject-matter concerned”. 140 As regards the lack of a private copying exception in the UK, see HM Government, Modernising Copyright: A modern, robust and flexible framework, Government Response to Consultation on Copyright Exceptions and Clarifying Copyright Law (December 2012), p. 22.

62

A. The Status Quo – or How Did We Get to Where We AreToday?

or defence, is considered unfair.141 Adding to the confusion of legitimacy, is the fact that where a private copying exception exists, the exception may even encompass downloading materials from the Internet.142 The conditions for the private copying exception however vary, but regularly have their limits where the making of multiple copies for friends or other third parties is concerned.143 Downloading from peer-to-peer networks, in particular BitTorrent networks, is also generally not considered as copying for private use, especially since the content is both, uploaded and downloaded simultaneously.144 Although downloading is commonly conducted for private use, the fact that the content is made publicly available to a third party, excludes the application of the private copying exceptions. Therefore, the user’s option to block the upload function is irrelevant. One condition for applying the private copying exception is also the absence of any direct or indirect commercial aim.145 If one argued, that every download constituted a lost sale, the download without payment would imply a commercial benefit for the downloader. As noted above, an unauthorised download cannot be equalled with a lost sale.146 A private copy exemption implies that a fair compensation system must be put in place.147 In relation to private copies, it is also discussed whether it is relevant or not that the copy is made from an evidently illegal source.148 Germany, for 141 Cf. Ibid. 142 European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 8. 143 Limitations can be found in the national Copyright Acts or the national interpretations of private use. As regards the interpretation of “private use” in Germany, see Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4th ed. 2013), para. 7 with further references. 144 See below Second Chapter, II. Peer-to-Peer File-Sharing: Scope,Specific Functioning and Consequences. 145 European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 9. 146 See also ibid. 147 Such a system is required by Article 5(2)(b) of the InfoSoc Directive. 148 The question whether a law which allows copying from illegal sources for private use is compliant with EU copyright law has recently been subject before the CJEU in the case C-435/12 ACI Adam v Stichting de Thuiskopie. In concreto, the Dutch Supreme Court sought guidance from the CJEU, asking: “Should Article 5(2)(b) – whether or not in conjunction with Article 5(5) of the [InfoSoc] Directive be interpreted as meaning that the limitation on copyright referred to therein applies to reproductions which satisfy the requirements set out in that provision,

63

First Chapter: Legal and Technological Background

instance, prohibits downloading from an evidently illegal source,149 whereby the Dutch copying regime considers the legality/illegality of the origin of the downloaded material as irrelevant.150 While there is less discussion about what constitutes an illegal source (either the content copied is distributed without the rights-holder’s permission or the file from which the content is downloaded has been created without the rights-holder’s consent), the question is to determine when the illegality is evident. For the average user it is regularly difficult to determine if the source is illegal. Especially with regard to streaming this question has recently been in focus in Germany, when thousands of users were addressed by rightsholders for watching copyrighted streams of porn clips.151 In this regard, it is even questionable whether the consumer of stream is actually infringing copyright or not. At least the illegality of the source may not be obvious to him. Finally, there are also users that argue that the Internet is about sharing, meaning that once content has been published on the Internet, this shall imply that the author wants it to be shared. Of course this is a radical view, only shared by a few, but it highlights that there is also opposition to accept the application of the traditional concept of copyright being applied to the World Wide Web. For instance, the operators of Heftig.co, 152 a platform that “copies” content from other websites, announced in May 2014,

149 150 151 152

64

regardless of whether the copies of the works from which the reproductions were taken became available to the natural person concerned lawfully – that is to say: without infringing the copyright of the rights-holders – or does that limitation apply only to reproductions taken from works which have become available to the person concerned without infringement of copyright?”. The Opinion by AG Cruz Villalón in this subject-matter has been released in January 2014. The AG concludes that the private copying exception is to be restricted to copies from legitimate sources (See Opinion of the Advocate General in C-435/12 ACI Adam v Stichting de Thuiskopie of 09.01.2014). The Court essentially followed the AG’s opinion in its judgment of 10 April 2014, see CJEU, C-435/12 ACI Adam v Stichting de Thuiskopie, Judgment of 10.04.2014. See § 53 (1) Urheberrechtsgesetz – UrhG. See Article 16c (1) Auteurswet. The RedTube case in Germany has been outlined in Sandra Schmitz, The RedTube copyright infringement affair in Germany: Shame on who?, International Review of Law, Computers & Technology 2015, Vol. 29 Issue 1, 33–49. As of June 2014, heftig.co was ranked as the 84th most popular website in Germany. See the page ranking by Alexa at http://www.alexa.com/siteinfo/heftig.co (last accessed on 06.06.2014). As of June 2015, the website also had more than 1,700,000 Facebook fans.

A. The Status Quo – or How Did We Get to Where We AreToday?

that they do not consider their service to be illegal. Although they, for more or less obvious reasons, first operated anonymously out of Belize153, they suddenly revealed their identities in order to rebut the allegations that they were infringing copyright by declaring that every user, that creates “viral” content and disseminates this content “intends uncontrollable effects” in order to maximise attention for his creation.154 It is certainly true, that authors are happy to reach a vast audience and receive many clicks on their uploaded files, for instance on YouTube or their own website, but it certainly is questionable whether that also applies to clicks on content that has been copied by heftig.co and been republished on the heftig.co website. Such generalising statements show that the Internet also changes how we perceive traditional legal instruments. The operators of platforms like heftig.co do not lack an understanding of copyright in a strict sense. They rather interpret the act of original online publication as a copyright waiver. d) User-Generated Content and a Participatory Internet In the light of the fast growing market of social media sites and social networks that rely on the creation and upload of online content by end-users (user-generated content)155, specific attention must be given to the fact, that consumers become recipients, users and authors at the same time.156 Web 2.0 applications (inter alia blogs, podcasts, wikis, social media) enable users easily to create and share content, and to play a more active and collaborative role in content creation and knowledge dissemination.157 In this context, it is necessary to distinguish between purely user-created

153 Their domain was also registered anonymously via a service from Panama, see Lars Wienand, Das ist heftig: Die Viralseiten-Macher und ihr Verhältnis zu Urheberrechten, Rhein-Zeitung (27.05.2014). 154 Ibid. 155 User-generated content appears in various formats, including blogs, podcasts, comments, Wikis, mash-ups of music files and videos, voice-overs, etc. 156 Commission of the European Communities, Green Paper, Copyright in the Knowledge Economy (16.07.2008), COM(2008) 466 final, p. 19. 157 For the evolution from web 1.0 to web 2.0 see Andrew Murray, Information Technology Law, The law and society (2nd ed. 2013), pp. 109 et seq.

65

First Chapter: Legal and Technological Background

content158 and existing (copyright protected) content, which is simply uploaded by users or which has been adapted in some way by the user. As regards the latter, Internet users make “use” of copyrighted content, but not in a sense where they themselves exploit the work commercially, they rather use it as a means to express themselves.159 In this context, one may speak of “prosumers” as a merger of producer and consumer.160 On YouTube, for example, movie excerpts with user-made voice-overs are popular as well as video-clips where users mime to pop songs. While this might not be a new phenomenon of persiflage, the dissemination of the material via an online portal adds another quality to this. In the offline world, such a voice-over generally would have been shown only to friends and family in a private setting. An upload onto YouTube, however, means a worldwide dissemination and, especially in relation to YouTube, also adds a commercial context. YouTube as a business entity generates profits from advertisements; each click on their website increases its revenues. This is something that many copyrights-holders will no longer tolerate. Though the issue of user-generated adaptions of works is not the key issue of the current copyright debate, the example highlights two of the main problems of today’s challenges for copyrights-holders: the ease by which content can be copied and disseminated and the fact that third parties generate revenues from infringing content. Copyright laws as they exist are not designed for these scenarios. Although there have been calls for the acceptance of an exception for transformative, user-created content,161 the InfoSoc Directive162 does not currently contain an exception, which would allow the use of existing

158 In a study on user-created content conducted by the OECD, user-created content is defined as “i) content made publicly available over the Internet, ii) which reflects a “certain amount of creative effort”, and iii) which is “created outside of professional routines and practices”. See OECD, Directorate for Science, Technology and Industry, Committee for Information, Computer and Communications Policy, Working Party on the Information Economy, Participative Web: UserCreated Content (12.04.2007), DSTI/ICCP/IE(2006)7/FINAL, p. 4. 159 Ibid. 160 See Deutscher Bundestag, Bundestagsdrucksache 17/7899 (23.11.2011), p. 8. 161 Cf. Commission of the European Communities, Green Paper, Copyright in the Knowledge Economy (16.07.2008), COM(2008) 466 final, p. 19. See also Deutscher Bundestag, Bundestagsdrucksache 17/7899 (23.11.2011), p. 8. 162 Directive 2001/29/EC of the European Parliament and of the Council of 22.05.2001 on the harmonisation of certain aspects of copyright and related rights in the information society, OJ L 167 (22.06.2001), pp. 10–19.

66

A. The Status Quo – or How Did We Get to Where We AreToday?

copyright protected content for creating new or derivative works. In particular the UK Gowers Review recommended the introduction of an exception for “creative, transformative or derivative works within the parameters of the Berne Three Step Test to clearly legitimise the reworking of existing material for a new purpose or to give it a new meaning, and to align the law in the EU with that of the US.163 However, under the existing regimes, the user in the YouTube example would need to acquire a licence, if he wanted to adapt a cinematographic or musical work. Ignorance of the law is no defence, and thus, users may find themselves exposed to a claim for damages or at least the request to delete the content. While legal action is only taken in a limited number of cases, the situation is somehow different when it comes to the dissemination of rather substantial parts of copyrighted films and musical works and not just excerpts thereof.164 Although there is a growing realisation that solutions are needed to make it easier and affordable for amateur users to integrate third-party copyright protected content for non-commercial purposes in their own creations, this issue is being explored further and as of now, users must face infringement proceedings.165

163 Andrew Gowers, Gowers Review of Intellectual Property (December 2006), p. 6, Recommendation 11. For the Berne Convention three-step test see Hector MacQueen/Charlotte Waelde/Graeme Laurie/Abbe Brown, Contemporary Intellectual Property, Law and Policy (2nd ed. 2011), pp. 258 et seq. The Gowers Review however acknowledges that the introduction of such an exception would be contrary to the InfoSoc Directive and hence calls for its amendment. 164 Some uses of short takings may fall under the exceptions of Article 5(23)(d) InfoSoc Directive which allows quotations “for purposes such as criticism or review”. Because the Directive uses the term “such as”, criticism and review are only examples for possible justifications for using small takings. A further justification for quotations can be found in Article 5(3)(k) of the InfoSoc Directive which exempts uses “for the purposes of caricature, parody or pastiche”. 165 European Commission, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A Single Market for intellectual property rights – Boosting creativity and innovation to provide economic growth, high quality jobs and first class products and services in Europe, Com(2011) 287 final, p. 12.

67

First Chapter: Legal and Technological Background

e) Necessity to Reform Copyright Law? As mentioned above, the aim of this work is not to make a proposal for a new copyright law.166 The elaboration of a revised copyright law for the digital age goes beyond the scope of this study. It intends to examine and to analyse current legislative measures in relation to illegal content on the web with a focus on copyright infringements. Irrespective of the scope of this study, a brief introduction into the current debate on copyright in a networked world is necessary in order to outline the problem at its root. This work intends to show, that courts struggle to apply liability regimes, developed in the 20th century, to new Internet phenomena. This results in great uncertainty when it comes to monitoring obligations that may arise, for example, once an infringement has taken place. Notice and take down regimes that apply to host providers fail when users share content in peerto-peer networks; there is no host provider that may be notified. They equally seem to fail when it comes to new forms of content storage like file-hosting and cloud computing; although notification may be feasible, the upload as such, is under most copyright regimes not illegal, whereas the act of making the link to the stored copyrighted work publicly available constitutes an infringement. Monitoring obligations that were more or less feasible with traditional user-generated content sites, such as YouTube or eBay, reach their limits when the upload as such does not constitute an illegal act. This work also shows the deficiencies of recently developed schemes that aim at holding users of file-sharing networks criminally liable. 3. Scope of Online Copyright Infringement In 2013, the European Commission carried out an interactive online consultation on the civil enforcement of intellectual property rights,167 in 166 Legal scholars, politicians and the net community currently discuss a revision of copyright law and new business models for collecting societies, see Deutscher Bundestag, Dritter Zwischenbericht der Enquete-Kommission 'Internet und digitale Gesellschaft', Bundestagsdrucksache 17/7899 (23.11.2011); Thomas Darnstädt, Wem gehören die Gedanken?, Der Spiegel online (21.05.2012). 167 European Commission, Civil enforcement of intellectual property rights: public consultation on the efficiency of proceedings and accessibility of measures, consultation period 30.11.2012 to 30.03.2013.

68

A. The Status Quo – or How Did We Get to Where We AreToday?

which is considered that unpaid license fees cost the audiovisual industry 500 million Euros per year.168 The following sections outline that such estimates must be seen critically, in particular when research on the scale and scope of infringements is conducted on behalf of creative industries. a) Difficulties in Determining the Scope of Online Copyright Infringements Infringements of intellectual property rights at large are a global phenomenon and are causing worldwide concern. A 2009 Organisation for Economic Cooperation and Development (OECD) study estimates that international trade in counterfeit goods has increased from 100 billion USD to 250 billion USD in 2007.169 The statistics published by the European Commission on national customs activities show a continuous upward trend in the number of cases of goods suspected to violate intellectual property rights. The number of cases increased by more than 240% from 2005 (26,704 cases) to 2011 (more than 91,000 cases).170 The figures relating to customs detentions of articles suspected of infringing intellectual property rights are only those of registered cases, meaning, that the overall figure of counterfeited goods imported to or traded within the European Union and its scope can only be estimated. However, in the case of physical goods, figures of physical goods seizures and detected cases by national/European authorities, may serve as a basis to determine the scope of infringements of intellectual property. When it comes to infringements of intellectual property rights on the Internet, in particular copyright infringements, there are no official figures. The reasons for this are twofold. First, most online copyright infringements are enforced in civil law and no state authority screens the Net for infringements in a way customs examines goods at the border. A consumer, who buys counterfeited or even unlicensed physical goods from a 168 European Commission, Synthesis of the responses “Civil enforcement of intellectual property rights: public consultation on the efficiency of proceedings and accessibility of measures” (July 2013), p. 5. 169 OECD, Magnitude of counterfeiting and piracy of tangible products – November 2009 update. 170 For the numbers of registered cases see http://ec.europa.eu/taxation_customs/cust oms/customs_controls/counterfeit _piracy/statistics/index_en.htm (last accessed on 30.04.2014).

69

First Chapter: Legal and Technological Background

foreign country on the Internet, will often be confronted with the seizure of these good. This will not happen to him, if he downloads an unauthorised digital copy from a foreign website, due to a missing screening process. Regarding the civil enforcement of copyrights, many cases are settled outside of court and thus, statistics are non-existent on the actual number of copyright infringements that occur online. Second, as with all illegal activities committed with cyberspace the extent of such activities is uncertain. This uncertainty is inherent to all cybercrime.171 It is unclear how the statistics represent the scope and economic impact of cybercrime.172 This further applies to online copyright infringement: its extent and economic impact, specifically the reliability of information on the degree of losses, are difficult to quantify. Studies in relation to online copyright infringement must rely on estimates, whereby the range of estimates differs significantly. Sales figures show a more coherent picture, measuring a continued decrease in physical music sales (i.e. CD, vinyl) in parallel with rising popularity of Internet. For instance, statistics of 2009 show a decrease in the turnover of record labels within most European countries.173 While it is difficult to obtain data on unpaid media consumption, it is equally difficult to link unpaid media consumption to data on paid music consumption. Even if data on unpaid media consumption was available, the causal effect of unauthorised copying on legal purchases is challenging to prove. While the music industry may be quick in assuming that every second to fifth download equals a non-purchase,174 this ignores

171 International Telecommunication Union, Understanding Cybercrime: A guide for developing countries (April 2009), p. 62. 172 Regarding the related difficulties see: United Nations Conference on Trade and Development, Information Economy Report 2005, UNCTAD/SDTE/ECB/2005/1, p. 229. 173 Bundesverband Musikindustrie, Musikindustrie in Zahlen 2009, p.57. While there has been a decrease in most European countries, Poland, Belgium and the Czech Republic saw an increase in sales from 2007 to 2008. 174 The substitution rate of IP rights infringements against licit sales that is reported by copyright owners varies from sector to sector. In the European Commission’s public consultation on the civil enforcement of intellectual property rights, respondents from the cinema sector reported 20 %, while respondents from the digital music sector have reported substitution rates up to 50 %. Notably book publishers have reported almost a 1:1 ratio. See European Commission, Synthesis of the responses "Civil enforcement of intellectual property rights: public consultation on the efficiency of proceedings and accessibility of measures" (July 2013), p. 5.

70

A. The Status Quo – or How Did We Get to Where We AreToday?

aspects of “try before you buy” and downloading or streaming as a mere substitution for radio consumption.175 Such figures also seem to ignore that many factors other than peer-to-peer file-sharing can influence creative industry revenues176, for example change in demand levels per GDP/ capita of a country,177 growth of alternative consumer goods on which to spend income,178 or a loss of innovation within music and film markets179. Furthermore, some downloads may be of material that was otherwise legally unavailable and thus, they do not replace sales. Recent studies on illegal music downloads further conclude, that illegal music downloads have little or no effect on legal digital sales.180 Moreover, a European Commission research project analysing the clicks on legal purchase websites and illegal downloading websites suggests, that the vast majority of

175 See Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights (2011), p. 16. 176 The term “creative industries” is commonly used in the EU policy debates and primarily refers to the audio-visual industries (film, broadcasting and music), but arguably also includes print publishing. See Monica Horten, The Copyright Enforcement Enigma (2012), p. 28. 177 Cf. European Commission, Synthesis of the responses “Civil enforcement of intellectual property rights: public consultation on the efficiency of proceedings and accessibility of measures” (July 2013), p. 5. 178 Charles Arthur, Are downloads really killing the music industry? Or is it something else?, The Guardian (09.06.2009). 179 Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights (2011), p. 16. 180 Irène Bastard/Marc Bourreau/François Moreau, L'impact du piratage sur l'achat et le telechargement legal: une comparaison de quatre filieres culturelles (2012): The authors of this study use survey data on a sample of 2000 French individuals. They conclude that while piracy has a negative effect on the probability to purchase music in CD format, it has a positive effect on the probability of downloading music legally. Hence legal and illegal music downloading are complements rather than substitutes. Robert G. Hammond, Profit Leak? Pre-release File-sharing and the music industry (2013): the author of this study focuses on pre-release file-sharing, in which file-sharers download music files that are not yet publicly available for sale. Hammond suggests that the causal effect of file-sharing of music titles on their sales is essentially zero. Godefroy Dang Nguyen/Sylvain Dejean/François Moreau, Are streaming and other music consumption modes substitutes or complements? (2012): the authors found that consuming music as streams has no significant effect on CD purchases but is complement to buying music online.

71

First Chapter: Legal and Technological Background

the music that is consumed illegally would not have been legally purchased, if illegal downloading websites were unavailable.181 The information above speaks of a direct link between the usage of illegal copies and a decrease in sales figures, although the extent is not manifestly proven.182 However, from an empirical perspective, one cannot equate an illegal copy with a lost sale. A 2010 Swedish study by Aldermon and Liang183 suggests such a link: it measured Internet traffic before and after the transposition of the Intellectual Property Rights Enforcement Directive 2004/48/EC184 into national law. Within the six months following implementation of the new legal provisions, Internet traffic in Sweden decreased by 18%, whereas there was no such decrease in Norway or Finland within that same time period.185 Due to the fact that physical copies of music increased by 27% and sales of digital music by 48%, Adermon and Liang concluded, that the Swedish decrease in traffic resulted from users refraining from illegal activities.186 Furthermore, a 2010 German study on the usage of digital content in Germany, conducted on behalf of the music industry, suggests a link between unauthorised file-sharing and a decrease in sales. The study concluded that 185 million single music files, 46 million music albums, 6 million audio books, 14 million e-books, 54 million films and 23 million TV

181 Luis Aguiar/Bertin Martens, Digital music consumption on the Internet: Evidence from clickstream data (2013), European Commission JRC Technical Reports, Institute for Prospective Technological Studies. 182 Rolf Schwartmann, Vergleichende Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheberrechtsverletzungen, Studie im Auftrag des Bundesministerium für Wirtschaft und Technologie (Januar 2012), p. 63. 183 Adrian Adermon/Che-Yuan Liang, Piracy, music, and movies: A natural experiment, Uppsala Universitet Working Paper 2010: 18. 184 Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of Intellectual Property Rights, OJ L 157 (30.04.2004), pp. 16–25. The directive is also known as “(IPR) Enforcement Directive” or “IPRED”. 185 Adrian Adermon/Che-Yuan Liang, Piracy, music, and movies: A natural experiment, Uppsala Universitet Working Paper 2010: 18, p. 15. 186 Ibid.

72

A. The Status Quo – or How Did We Get to Where We AreToday?

series had been illegally downloaded.187 In the same year the total sales volume decreased by 4.6%.188 The Hargreaves Report on Intellectual Property and Growth189 of May 2011 noted that “…in the Review’s four months of evidence gathering, we have failed to find a single UK survey that is demonstrably statistically robust. For many surveys, methodology is not available for peer review”.190 The Review team has neither been able to examine the methodology of the surveys nor discover problems with the identified methodology.191 The Hargreaves Report identified additional reasons to the above mentioned, why digital copyright infringement is difficult to measure: for example respondents to survey questions may have an insufficient understanding of the law.192 In addition, free downloads are not necessarily illegal and paid downloads must not necessarily be legitimate.193 Considering that online copyright infringement often takes place across international borders, users may be unaware that what is legal in one country may not be in another country. What is more, peer-to-peer file-sharing or the use of file-hosting services is per se not illegal.194

187 GfK Consumer Panel, Studie zur digitalen Content-Nutzung (DCN-Studie) 2011 (2011). The conductors of the study defined illegal downloads as such downloads that have been undertaken from file-sharing networks, sharehosters, private websites, blogs, fora, ftp servers, or newsgroups. 188 Ibid. 189 Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011). 190 Ibid, para. 8.9. 191 Ibid, para. 8.16. A 2010 report by the US Government Accountability Office also questions the estimates, see United States Government Accountability Office, Observations on Efforts to Quantify the Economic Effects of Counterfeit and Pirated Goods, Report to Congressional Committees (12.04.2010). 192 Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011), para. 8.10. 193 Ibid. 194 See also ibid.

73

First Chapter: Legal and Technological Background

b) The Impact of Illegal Downloads on Sales Figures There are numerous studies195 examining the impact of illegal downloads on the sale of music and/or films. However, as aforementioned the robustness of the collected statistics is questionable.196 Identifying the effects of file-sharing on the economy “is not a straight forward matter”.197 In this regard, it is not the place of this research to adjudicate on the empirical evidence for and against the extent of unauthorised file-sharing and its economic effects. Since the extent of file-sharing is regularly used to justify new legislation, it is important to have a basic understanding of illegal downloads statistics. If one compares the figures on illegal downloads of the BPI Digital Music Nation 2010 report198 with that of MidemNet´s 2010 Global Music Study199, there is significant discrepancy in regard to the percentage of downloads that are illegal: BPI claims that 76% are illegal,200 whereas MidemNet claims that 13% of UK downloads are illegal.201 Taking into 195 For example: Envisional, Technical Report: An estimate of infringing use of the Internet (2011); Norbert Michel, The impact of digital file sharing on the music industry: An empirical analysis, B.E. Journal of Economic Analysis & Policy 2006, Vol. 6 Issue 1; Alejandro Zentner, Measuring the effect of file sharing on music purchases, Journal of Law and Economics 2006, Vol. 49 Issue 1, 63–90; Felix Oberholzer-Gee/Koleman Strumpf, The effect of file sharing on record sales: An empirical analysis, Journal of Political Economy 2007, Vol. 115 Issue 1, 1–42; Martin Peitz/Patrick Waelbroeck, The effect of Internet piracy on music sales: Cross-section evidence, Review of Economic Research on Copyright Issues 2004, Vol. 1 Issue 2, 71–79. 196 See also with regard to the US: United States Government Accountability Office (GAO), Intellectual Property, Observations on Efforts to Quantify the Economic Effects of Counterfeit and Pirated Goods (April 2010). 197 European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 17. 198 The British Record Music Industry (BPI), Digital Music Nation 2010, the UK’s legal and illegal digital music landscape (2010). 199 See the reference in Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011), para. 8.11 to the Music Matters/Synovate/MidemNet, Global Music Study (2010), which consisted of a survey of 8,500 adult users (aged 18+) in 13 countries 200 The British Record Music Industry (BPI), Digital Music Nation 2010, the UK’s legal and illegal digital music landscape (2010), p. 27. 201 As regards the percentage claimed in the Midem Global Music Survey Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011), para. 8.11.

74

A. The Status Quo – or How Did We Get to Where We AreToday?

account a number of studies from the UK and elsewhere, the Hargreaves Report concluded that it is difficult to assess the impact of copyright piracy on growth.202 Using industry estimates, he further attempted to quantify the scale of copyright infringement expressed as a percentage of the economy as a whole. 203 The Hargreaves Report concluded that “copyright infringement appears to account for just under 0.1 per cent of economic activity”. 204 A study by Business Action to Stop Counterfeiting and Piracy estimated the losses from piracy as equivalent to 1.24% of the contribution made by the core copyright industries to the UK economy. 205 According to Hargreaves 1.24% is “at the upper end of probability”.206 Undeniably, the economic value of the creative industry is high and the creative industry constitutes an important business segment of the European economy.207 Furthermore, illegal file-sharing is concurrently causative to a decline of sales of physical copies.208 However, the conclusion that “a CD copied is a CD less sold” appears to be untenable.209 An illegal download does not equal a lost sale and money that is not spent on a legal copy is not lost to the economy.210 Although some businesses suffered dramatically following the rise of digital downloads, the overall music industry has been growing in recent years.211 In Germany, individual businesses that have been affected are

202 203 204 205 206 207

208 209 210 211

Ibid, para. 8.15. Ibid, para. 8.17. Ibid, para. 8.17. Ibid, para. 8.19. Ibid. In Germany for example, the cultural and creative industries’ share of the 2006 German gross national product was 2.6 %. See Bundesministerium für Wirtschaft und Technologie, Gesamtwirtschaftliche Perspektiven der Kultur- und Kreativwirtschaft in Deutschland, Forschungsbericht Nr. 577 (2009). Cf. European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 17. Ibid. Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011), para. 8.15; see also Markus Beckedahl/Falk Lüke, Wie die Musikbranche zum Internetgegner wurde, Der Spiegel Online (23.05.2012). Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011), para. 8.20 with further references}. In Germany for example, the sales of the creative industries increased from 117 to 131 billion Euros in the

75

First Chapter: Legal and Technological Background

primarily small independent labels.212 One also has to take into account that following the introduction of the medium CD sales increased as many consumers purchased records they already owned on vinyl. A decrease in sales at the beginning of the century was also related to the fact that the market launch of CDs led to a peak in sales, which slowly declined.213 Accordingly, figures cited such as those by the German content industry, which claims to have suffered a decrease in sales of 740 million Euros in 2008 alone, must be viewed critically.214 Although illegal downloading has some, truly difficult to measure, effects on the economy, it can also be said, that it has some form of positive influence. One possible positive advantage of file-sharing on the purchase is, that consumers may be introduced to content, artists or genres that they might have otherwise not encountered, and this may create demand; this is known as the sampling effect. 215 A report by the European Parliament lists inter alia the following as positive effects: a complementary demand by increasing demand for concerts and related products, and a network effect, meaning that file-sharing enhances the popularity of products, and thereby boosts demand driven by a lack of purchasing power.216 File-sharing also meets a demand for products that are not available on the market, for example, foreign TV programmes that are not available, neither for free nor for purchase, outside the original broadcasting area. Some research concludes that (illegal) downloaders are clearly buyers, and that they buy more than non-downloaders.217 This is apparently due to the fact that they are more active users and a consequence of the aforementioned sampling effect.218

212 213 214 215 216 217 218

76

years 2003 to 2009, see Bundesministerium für Wirtschaft und Technologie, Gesamtwirtschaftliche Perspektiven der Kultur- und Kreativwirtschaft in Deutschland, Forschungsbericht Nr. 577 (2009), p. 23. Markus Beckedahl/Falk Lüke, Wie die Musikbranche zum Internetgegner wurde, Der Spiegel Online (23.05.2012). Ibid. Rolf Schwartmann, Filesharing, Sharehosting & Co, Funktionsweise und rechtliche Bewertung aktueller Erscheinungsformen von Urheberrechtsverletzungen im Internet, Kommunikation &Recht 2011, Beihefter 2, 3. Cf. European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 17. Ibid. Ibid, p.18. Ibid.

A. The Status Quo – or How Did We Get to Where We AreToday?

The Hargreaves Report concludes that “…many creative businesses are experiencing turbulence, which translates into fears about the further, future impact of copyright infringement on sales, profitability and sources of investment. However, at the level of the whole economy or even at the level of whole creative business sectors, the measured impacts to date are not as stark as is sometimes suggested by the language used to describe them. That said, copyright infringement is a stubborn fact of the digital landscape which might well get worse and which justifies serious government effort in identifying the right mix of measures to address it”.219 The impact of illegal file-sharing on music sales is not questioned, but clearly controversy exists over the extent and economic impact of unauthorised file-sharing, to include other forms of copyright infringement on the Internet.220 This shall be born in mind, when assessing legal solutions and their proportionality. II. The History of File-Sharing: From Peer-to-Peer Technology to Sharehosting and Streaming Digital files can be shared in many ways. Outside of the Internet, digital files can be shared physically for instance by burning music and films to CDs, DVDs or BluRays, or by copying onto a USB stick. Also via the Internet, files can be shared in many ways. Users may share files within a limited circle of recipients by attaching the file to an e-mail. They may also post copyrighted content to a website. The dominant techniques for file-sharing are however peer-to-peer file-sharing, the distribution of files via file-hosting services, USENET-related forms of sharing and streaming. 1. Peer-to-Peer File-sharing Peer-to-peer applications as the basic and literally first mass-scale technology to share data online will at this point explained in more detail. As such

219 Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011), para. 8.23. 220 See also European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 17.

77

First Chapter: Legal and Technological Background

this technology accounts for a large amount of all Internet traffic.221 Though it is in general associated with unauthorised sharing of copyrighted works, the technology as such is perfectly legal. A variety of applications is covered by the broad term of peer-to-peer technology. Peer-to-peer file-sharing, also known as P2P file-sharing, is a means by which data can be shared between computers using a specific peer-to-peer software client.222 Traditionally, a home computer needed to connect to a central web server to download files that the users wanted to access. Because storing large amounts of data on a server is costly for the provider, new means of file-sharing were developed that do not rely on a centralised server and would also not require the provision of large amounts of bandwidth. Peer-to-peer technology that does not require a “major” server emerged in the 1990s and became highly popular with the launch of the file-sharing service Napster in 1999. Napster managed to link users who had specific files with those who requested those files via a central server.223 Basically, instead of accessing a central server, home computers connected to each other to download files from each other. By this, the resources of the computers were pooled and performance could be enhanced.224 Napster was one of the first peer-to-peer networks to become widely known and available, having about 50 million users.225 It marked a profound change in the balance of power between rights-holders and consumers by basically changing the dynamics of distribution and cost.226 While pre-Napster, the record industry had enjoyed an effective monopoly and control over the release and distribution of content, peer-to-peer technology changed this by turning users into distributors.With Napster, users could share music via the Internet on a large scale, so that comprehensive

221 Envisional, Technical Report: An estimate of infringing use of the Internet (2011), p. 47; Andrew Tanenbaum/David Wetherall, Computer networks (5th ed. 2011), p. 748. Such as for example Gnutella or Kazaa. 222 “Peers” are computer systems connected to each other through the Internet. The concrete functioning of peer-to-peer file-sharing will be outlined in Chapter 2. 223 See Andrew Tanenbaum/ David Wetherall, Computer networks (5th ed. 2011), p. 748. 224 Ibid, p. 749. 225 Ibid. 226 Nick Scharf, Napster’s long shadow: copyright and peer-to-peer technology, Journal of Intellectual Property Law & Practice 2011, Vol. 6 No.11, 806, 806.

78

A. The Status Quo – or How Did We Get to Where We AreToday?

digital music collections became available for them. At the same time, the capabilities of home PCs got increasingly better as well as the bandwidth available for home pc users. In a peer-to-peer file-sharing network, numerous computer systems are connected to each other via the Internet. Files can be shared directly between systems on the network without the need for a central server. A distinctive feature of peer-to-peer networks is, that each computer on the network can be a file server as well as a client. The term peers in this context refers to all the computers being used which can alternately act as a client to another peer, fetching its content, and as a server, providing content to other peers.227 Unlike a traditional content delivery network, peer-to-peer systems have no dedicated infrastructure.228 Everyone participates in the distribution of content. In order to join a peer-to-peer file-sharing network, users need an Internet connection and need to install a specific peer-to-peer application software on their computer like for example BitTorrent, μTorrent or eDonkey. Once connected to the Internet, the peer-to-peer software allows a user to search for files on the computers of fellow users. At the same time, other online users may search for files on the given user’s computer.229 While the first generation of file-sharing networks like the original version of Napster, where the operators of the network run a central server which allowed users to search for the desired file and linked them to a distributor,230 in current networks there is no such central server. The reason

227 Andrew S. Tanenbaum/David J. Wetherall, Computer networks (5th ed. 2011), p. 748. 228 Ibid. 229 Mark Taylor/John Haggerty/David Gresty/Tom Berry, Digital evidence from peer-to-peer networks, Computer Law & Security Review 2011, Vol. 27 Issue 6, 647. 230 As regards Napster, central servers would index all of the current users and search their computers for shareable files. When a user searched for a file, the server would find all of the available copies of the requested file and present them to the user. The file would then be transferred between the two private computers. Napster allowed only for music files to be shared. As the downloading occurred via a central server, Napster was held liable of contributory and vicarious copyright infringement and ordered to monitor the activities of its network and to block access to infringing material when notified of that material’s location (17 U.S.C. A&M Records. Inc. v Napster. Inc. 114 F. Supp. 2d 896 (N. D. Cal. 2000), confirmed by A&M Records Inc. v Napster Inc., 239 F.3d 1004 (9th Cir. 2001). As Napster was unable to comply with the judgement it eventually

79

First Chapter: Legal and Technological Background

for this is that US courts found Napster liable for contributory infringement, because its services were designed to enable users to locate and download music files.231 In addition, the 9th Circuit Court also held Napster vicariously liable for its users’ infringing activities, because the central index allowed Napster to monitor its users.232 The original233 Napster eventually shut down in July 2001 as it was not able to prevent copyright infringements taking place.234 This was due to the fact that the central catalogue, which was hosted by Napster, was constantly being modified as users connected and disconnected to the Internet. The second generation of networks235, which was developed to be more robust and avoid legal liability after the US Napster case,236 learnt its lessons from the findings of the US courts. The succeeding generation connected users remotely to each other. With a lot of second generation networks, the amount of the downloaded material and the downloading speed depends on the extent to which the user makes files available himself.237 Thus, users are encouraged to share data. Because of the structure of peer-to-peer sharing, where users generally act both as a client and a server (i.e. uploader as well as downloader), each participant provides resources to the network such as bandwidth, storage space and computing power, thereby increasing capacity as the network grows. The speed by which files can be shared, is one of the why peer-to-peer file-sharing remains popular. The newest (third) generation provides for files being searched and retrieved almost without any form of database being involved. The third generation protocols work decentralised; the so called BitTorrent protocol

231 232 233 234 235 236 237

80

shut down its service in July 2001. It later re-emerged as an online music store. For the history of Napster see also Nick Scharf, Napster’s long shadow: copyright and peer-to-peer technology, Journal of Intellectual Property Law & Practice 2011, Vol. 6 Issue 11, 806–812. A&M Records, Inc. v Napster, Inc., 239 F.3d 1004 (9th Cir. 2001) at 1024. Ibid. Napster later re-emerged as a commercial online music store. Vickie L. Feeman/William S. Coats/Heather D. Rafter/John G. Given, Revenge of the Record Industry Association of America: The rise and fall of Napster, Villanova Sports & Entertainment Law Journal 2002, Vol. 35 Issue 9, 53. Such as for example Grokster or KaZaa. See Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights, p. 16. European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 6.

A. The Status Quo – or How Did We Get to Where We AreToday?

does not download a whole file from one single user but small blocks of data (bits) from different users that together form the desired content. By dividing the files into bits, sharing gains in efficiency and enables the simultaneous sharing of even very large files such as HD movies and video files. How this works in detail will be outlined in the Second Chapter. At this point, it is sufficient to be aware that in contrast to the second generation peer-to-peer file-sharing technologies, there is no single filesharing network where all the files are being shared. Instead a different network (a so called swarm) is created for each and every file to be shared. Users within a swarm share blocks of data with each other that assembled together form the desired content.238 Information on how these blocks need to be assembled, and more importantly information on the blocks of data that are distributed, is contained in the so called torrent file, which – at the start of each sharing process – is created by the torrent client and distributed by the user on certain notorious platforms. As will be outlined in the second Chapter, the utilisation of the BitTorrent protocol means that it has become more difficult for rights-holders to track and identify infringements, especially, when swarms are formed within closed groups. A 2010 study conducted by Envisional for the content industry estimates that BitTorrent usage makes up 14.6% of all Internet bandwidth worldwide.239 It is an extremely efficient way of transferring files, which provides for substantial non-infringing uses. Thus, it is not surprising that collected data strongly suggests that BitTorrent is the most used file-sharing protocol worldwide.240 However, the Envisional analysis of BitTorrent traffic, conducted in 2010, found that more than 99% of all material (excluding pornography) in the top 10,000 swarms was copyright infring-

238 Gaetano Dimita, Six characters in search of infringement: potential liability for creating, downloading, and disseminating .torrent files, Journal of Intellectual Property Law & Practice 2012, Vol. 7 Issue 6, 466, 466. 239 In its study from January 2011, Envisional measured over eight million users simultaneously connected to the bittorent network Envisional, Technical Report: An estimate of infringing use of the Internet (2011), p. 7. In addition the distributor of two of the most-used BitTorrent clients μTorrent and BitTorrent Mainline, claims that the clients have over 100 million unique users worldwide and 20 million daily users, see Business Wire, BitTorrent, Inc. grows to over 100 million active monthly users, Business Wire (03.01.2011). 240 Envisional, Technical Report: An estimate of infringing use of the Internet (2011), p. 7.

81

First Chapter: Legal and Technological Background

ing,241 which gives some impression of what BitTorrent is predominantly used for. In summary, what is important to know is that users that download a file onto their computer, at the same time become a supplier for the given file in the network; they generally act both as a client and a server.242 It seems that most users are not aware of this fact,243 and thus, also do not make use of potentially available deactivation or blocking of the uploading function.244 2. File Hosting Services File-hosting services, also known as one-click hosts or sharehosters, basically offer remote storage space. Users can upload data to the servers of the file-hosting service and then allow third parties to access the data by providing them with the respective link to the stored data. As such, this facilitates the sharing of files that would be too large to be sent as eMail attachments. It also may be used for data back-up, or as a storage place which users – other than data stored on a desktop PC – may access from anywhere. Cloud storage services operate similar, and recently, these kind of services have become an almost essential part of mobile technology. The crux is however, that file-hosters may be used to share copyrighted content without the consent of the rights-holders. As mentioned above, third parties may access the data if they are provided with a specific link that tells the location of the file. These links are usually distributed on link directories or so called indexing websites. A popular German example for such directories is the website serienjunkies.org, where users may search for links leading them to their favourite TV series. As we will see in the third Chapter, most file-hosting services operate a freemium model, by which user are granted basic access for free but will

241 Ibid, p. 10. 242 Rolf Schwartmann, Filesharing, Sharehosting & Co, Funktionsweise und rechtliche Bewertung aktueller Erscheinungsformen von Urheberrechtsverletzungen im Internet, Kommunikation &Recht 2011, Beihefter 2, 9. 243 European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 6. 244 Ibid.

82

A. The Status Quo – or How Did We Get to Where We AreToday?

have to pay for more convenient usage including increased download capacities and advertisement-free services. 3. USENET Outside of the above described environments, there are further ways that music is unlawfully distributed and acquired. One of this is USENET, which actually is also a form of peer-to-peer. In USENET, files are placed into news groups on decentralised servers. These news groups are analogous to a virtual bulletin board where users post messages similar to emails with attachments for reading or download by other news group participants. The term USENET refers to the set of people who exchange articles tagged with one or more universally-recognised labels (called “newsgroups”).245 A newsgroup as such is a discussion forum, in which Internet users can read and post messages and reply to postings from other users. They can be private, or of limited distribution. Newsgroups are organised around common themes and follow a hierarchical structure.246 What makes USENET global in scope is that multiple hosts each carry selected newsgroups, add postings they have received to their own copies of the newsgroup database, and periodically swap updates with other USENET hosts.247 Thus, a posting can be quickly distributed to other news servers which carry the newsgroup in which the posting was made.248 Accordingly, USENET can also be described as a world-wide distributed discussion system without a higher authority than the people who own the servers on which USENET traffic is carried.249

245 There is often some confusion about the precise set of newsgroups that constitute Usenet; one commonly accepted definition is that it consists of newsgroups listed in the periodic “List of Active Newsgroups” postings which appear regularly in news.lists.misc and other newsgroups. A broader definition of Usenet would include the newsgroups listed in the article “Alternative Newsgroups Hierarchies”. An even broader definition includes also newsgroups that are restricted to specific geopgraphic regions or organisations. See Chris Reed, Internet Law, Text and Materials (2nd ed. 2004), p. 29. 246 Chip Salzenberg/Gene Spafford/Mark Moraes, What is Usenet? (1998). 247 Chris Reed, Internet Law, Text and Materials (2nd ed. 2004), p. 28. 248 Ibid, p. 29. 249 Chip Salzenberg/Gene Spafford/Mark Moraes, What is Usenet? (1998).

83

First Chapter: Legal and Technological Background

Fact is, that it is one of the oldest Internet communications technologies around. Although it may be considered a legacy technology, newsgroups are used for the unlawful sharing of copyright content.250 An important difference with the forms of peer-to-peer described earlier is the fact that the user does not need to be active in supplying files. Sticking to downloading exclusively is not only possible, it is the chief form of use.251 An example for a successful surviving USENET service is Newzbin, which will be thoroughly dealt with in the third Chapter. 4. Streaming Unlike downloading, streaming does not require the prior storing of material on the computer's harddrive before it can be used. Instead, the material is delivered in “real time” (as on radio and television), where a “stream” of data is received and converted into sound (and picture). Although conversion usually occurs simultaneously with the reception of data, the data received in a given time span may exceed the volume required. When this happens, such excess data must be temporarily stored in a “buffer” (usually in the random access memory (RAM) of the computer) until it is needed in the streaming process. Therefore, bits of, e.g. a music or film file may be temporarily copied, but no permanent copy of the material is kept unless the receiver chooses (and has the technology) to download the stream. As we will learn in the third Chapter, streaming is increasingly being used by public and private broadcasters to allow consumers to catch up with TV programme that they have missed. Smart TVs and other portable devices thereby allow access to TV programmes from anywhere at any time.

250 See for example Ellison v Robertson, 357 F.3d 1072 (9th Cir. 2004). 251 Cf. European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 6.

84

A. The Status Quo – or How Did We Get to Where We AreToday?

5. File-Sharing as of Today Although the notion of file-sharing is commonly associated with unauthorised downloading and making available of copyrighted works without the consent of the copyright owners, new technologies mean that works are also “shared” by the rights-holders themselves. Streaming, for instance, is nothing else than sharing a file. First of all, none of the file-sharing technologies described above, has disappeared. Peer-to-peer technologies are becoming more and more sophisticated, while file-hosting sees many legitimate users, who use remote storing to synchronise their devices or have access to their data from anywhere, turning to cloud storage providers. USENET has become more of a special interest forum that is not widely being used by average users. At the same time, streaming is seen as the technology of the future considering its role in the net neutrality debate252, where Internet service providers make deals with services like Netflix or Amazon allowing those companies to pay to stream their products to online viewers through a faster “express lane” on the web.253 Obviously the streaming operators fear that they will lose customers if they subscription-based services do not offer better service than piracy streaming platforms. Similar direct download delivery sites like Apple’s iTunes not only have to compete with free streaming portals, but also with persisting “free services” such as BitTorrent, which makes it hard for them to develop their market. To the short history of file-sharing in this section, it needs to be added that commercial platforms, where users can download works, have been very complicated to use in the beginning, while file-sharing platforms turned out to be rather user-friendly.254 Not surprisingly the latter attracted more users. Some users even felt that it is their right to share or download

252 For the background of the net neutrality debate, see Andrew Murray, Information Technology Law, the law and society (2nd ed. 2013), pp. 25 et seq.; Christopher Marsden, Net Neutrality: Towards a co-regulatory solution (2010). 253 As regards the Internet service provider Verizon in the US, see Edward Wyatt, Rebuffing F.C.C. in 'Net Neutrality' Case, court allows streaming deals, The New York Times (14.01.2014); Joseph Schumpeter, Net Neutraliy, More equal than others, The Economist (25.04.2014). 254 Deutscher Bundestag, Dritter Zwischenbericht der Enquete-Kommission 'Internet und digitale Gesellschaft', Bundestagsdrucksache 17/7899 (23.11.2011), p. 11.

85

First Chapter: Legal and Technological Background

copyrighted files as the creative industries did not offer legal alternatives.255 Today, the basic situation has changed, there are now numerous legal online music stores.256 As of June 2015, there are about 60 legal alternatives in Germany.257 An increase in online music sales is intrinsically tied to the launch of Apple’s iPod.258 While Apple started to sell music files in a specific Apple format employing a digital rights management which also only allowed the files to be played whilst using the Apple iTunes software, this changed in 2007: the Digital rights management tool was abandoned and users free to play the music on devices that do not depend on iTunes software.259 This basically constituted a shift away from digital copyright protection. Users were now free to play their music on any device – and at the same time easily make copies of their music collection. Hence, it has also become easy to distribute one’s music collection, because no copyright protection had to be circumvented. On the other hand, this also meant, that iTunes became more accepted by users and has become the major player when it comes to sales of digital media. Convenience and easy-to-use services go in line with acceptance. This can lately be witnessed with the aforementioned online players of broadcaster to allow users to catch up with TV programmes that they have missed or watch live TV streams. Usage increased with modern Internetenabled TVs, and the popularity of tablet PCs which are primarily being used for entertainment, which includes the consumption of streams. The reason why the first wave of connected TVs, called "Web TVs," failed, was because it had been assumed that people would use their TVs as computers, i.e. for browsing the Internet and reading eMail.260 The new gener-

255 Boris Paal/Moritz Hennemann, Schutz von Urheberrechten im Internet, ACTA, Warnhinweismodell und Europarecht, MultiMedia und Recht 2012, 288. 256 For a list of legal online music stores in Europe, Africa and Russia see http://ww w.pro-music.org/Content/GetMusicOnline/stores-europe.php (last accessed 17.05.2014). 257 See country list Germany at http://www.pro-music.org/legal-music-services-euro pe.php (last accessed 07.07.2015). 258 Markus Beckedahl/Falk Lüke, Wie die Musikbranche zum Internetgegner wurde, Der Spiegel Online (23.05.2012). 259 Ibid. 260 See Mark Holzel, The connected TV landscape: Why smart TVs and streaming gadgets are conquering the living room, Business Insider (03.03.2014).

86

A. The Status Quo – or How Did We Get to Where We AreToday?

ation of Internet-enabled TVs has been considered a success story because they enhance the everyday experience of watching TV by offering a better viewing experience, as well as an alternative to TV recorders.261 It needs to be noted, that – having an in-built browser – smart TVs also allow access to streaming websites that offer pirated content, which explains the fight of on-demand streaming services to provide their customers a better service than anyone else by having their digital traffic be treated favourably by Internet access providers. As long as this is not the case, rights-holders which seek revenues for the communication of their works to the public, are now seeking to have piracy websites blocked. Hence, already at this point, there is an indication that peer-to-peer file-sharers are becoming to some degree less interesting targets for rights-holders. III. Existing Model Regimes for Online Intermediary Liability 1. Early Responses to File-Sharing: Legal Action against the Innovators As aforementioned devices that make it possible for end-users to make copies of protected works are not novel. Accordingly, comparable conflict situations between the legitimate interests of authors on the one hand and the users of technical innovations on the other hand have already been addressed by case law in the past. The starting point has always been the same: a medium is made available that in addition to a lawful use can also be used to infringe copyright. The history of attempts to ban unauthorised copying by attempting to ban the device proves that going for the innovators is no solution to stop unauthorised copying. The earliest response to peer-to-peer file-sharing has been one that has been often employed to innovative copying devices in the past: the music industry sued the innovators like they had previously done with e.g. the Sony Betamax

261 Ibid.

87

First Chapter: Legal and Technological Background

recorder262 or twin-deck tape recorders263.264 The US Supreme Court’s decision in the Betamax case (Sony Corp. v Universal City Studios), at its time, created a legal safe haven for non-commercial home use recording of complete television programmes for purposes of time-shifting. While the entertainment industry argued that Sony was manufacturing a device that could be used for copyright infringement, and thus, Sony should be liable for any infringement committed by its purchasers, the Supreme Court held, that time-shifting, i.e. the process of recording television programmes so that they could be consumed at another time, constituted a commercially significant non-infringing use and was fair use. Accordingly, Sony could not be described as “contributing” to copyright infringement. Many of the same points of law that were litigated in the Betamax case were argued in the peer-to-peer lawsuits in the 1990s. Unsurprisingly, also the arguments used by the entertainment industry back in 1984 in the Betamax case are the same that were made against peer-to-peer technology in 1999 (Napster)265 and 2005 (Grokster)266.267 With Napster gaining popularity during the late 1990s, a number of record companies and music publishers brought various claims, including contributory and vicarious liability for copyright infringement under US law. Napster, for its part, argued that its users could avail themselves of the fair use defence under US law, first on the basis of sampling the music before buying, and second, on the basis of space-shifting – that is, using the Napster system to

262 Sony Corp. of America v Universal City Studios, 464 U.S. 417 (1984). 263 In CBS Songs v Amstrad [1988] AC 1013, the House of Lords held that by marketing twin-deck tape recorders Armstrad did not “sanction, approve or countenance an infringing use of [its] model”, it just “conferred on the purchaser the power to copy but did not grant or purport to grant the right to copy” and Amstrad had no “control over the use of [its] models once they [were] sold”.Accordingly, Amstrad did not authorise copyright infringements and was not liable. 264 Lawsuits were filed against Scour, Aimster, AudioGalaxy, Morpheus, Grokster, Kazaa, iMesh, and LimeWire. See Electronic Frontier Foundation, RIAA v the People: Five years later (2008), p. 1. 265 17 U.S.C. A&M Records. Inc. v Napster. Inc. 114 F. Supp. 2d 896 (N. D. Cal. 2000), confirmed by A&M Records, Inc. v Napster, Inc., 239 F.3d 1004 (9th Cir. 2001). 266 Metro-Goldwyn-Mayer Studios, Inc. v Grokster, Ltd. 125 S. Ct. 2764 (U.S.S.C. 2005), 380 F.3d 1154 (9th Cir. 2004), 259 F.Supp.2d 1029 (C.D. Calif. 2003). 267 A comparison of the arguments brought forward against the new technologies can be accessed at http://w2.eff.org/ legal/cases/betamax/.

88

A. The Status Quo – or How Did We Get to Where We AreToday?

make a copy of an audio CD of which they were already the legitimate owner.268 Examining inter alia, the effect of the alleged fair use on the market, the US court in Napster considered a number of reports on the use of Napster and its effect of the sale of recorded music, and concluded that “having digital downloads for free on the Napster system necessarily harms the copyright-holders’ attempts to charge for the same downloads”.269 The court concluded that file-sharing was not protected by the fair use provisions. The US Ninth Circuit Court of Appeals rejected the time-shifting argument that prevailed in the Betamax case. Napster was distinguished on the basis that the defendants operated a system that allowed them to monitor and control the potentially infringing activities of its users. In contrast to the time-shifting function of the Betamax recorder, which was held to be fair use, the crux with Napster was also the fact that while downloading the users made the copyright materials available to other members of the public.270 Having established that there was no fair use and that Napster’s users were directly infringing copyright, the court considered whether Napster could be liable for contributory infringement. Contributory liability required Napster to know, or having reason to know, of the direct infringement. While in the Betamax case, there had neither been evidence of actual knowledge of specific cases of infringement, nor did the Supreme Court assign constructive knowledge to Sony for infringing uses of its Betamax recorders (on the grounds that the equipment could be used for both infringing and ”substantial non-infringing” uses ), the Court of Appeals in Napster found that Napster had “actual knowledge that specific infringing material is available using its system, that it could block access to the system by suppliers of the infringing material, and that it failed to remove the material”.271 Napster’s demise was primarily its centralised architecture, and its consequently alleged ability to both control content and prevent infringement. For subsequent peer network developers, it was hence important to create decentralised networks without a 268 The second argument was also used by Sony in the Betamax case, see Sony Corp. of America v Universal City Studios, 464 U.S. 417 (1984 Sony Corp. of America v Universal City Studios, 464 U.S. 417 (1984). 269 A&M Records, Inc. v Napster, Inc., 239 F.3d 1004 (9th Cir. 2001), 1017. 270 “It is obvious that once a suers lists a copy of music he already owns on the Napster system in order to access the music from another location, the song becomes available to millions of other individuals, not just the original CD owner”. A&M Records, Inc. v Napster, Inc., 239 F.3d 1004 (9th Cir. 2001), 1019. 271 Ibid, 1022.

89

First Chapter: Legal and Technological Background

central entity that may control the content of the files being shared. This assumption was also being relied on by the defendants in Re: Aimster Copyright Litigation who argued that unlike Napster, they designed their technology in such a way that they had no way of monitoring the content of the files that were shared.272 However, they could not escape liability. The US Seventh Circuit Appeals Court concluded that although Aimster could be used for entirely innocuous purposes, the defendants were turning a blind eye to the extent to which its system was being used to infringe copyright.273 As “wilful blindness is knowledge in copyright law”274, the defendants were liable for contributory infringement. In similar terms, the US Supreme Court held in 2005 that Grokster, which also worked decentralised, was liable as “one who distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of third parties”.275 In the circumstances of Grokster, there was ample evidence that there had been both intent to promote, and actual promotion of infringing use sufficient to find Grokster liable for contributory infringement. This conduct went beyond the “equivocal conduct of selling an item with lawful and unlawful uses” in the Sony Betamax case.276 The inducement arguments used in Grokster, enabled in the following more music industry victories in the US.277 Although the most prominent cases derive from the US, the US was not the only jurisdiction in which such cases were being heard. The supernode architecture which was employed by Grokster, was originally developed

272 In Re: Aimster Copyright Litigation 334 F 3d 643 (7th Cir. 2003) the Seventh Circuit addressed copyright infringement claims brought against Aimster, concluding that a preliminary injunction against the file-sharing service was appropriate, because the copyright owners were likely to prevail on their claims of contributory infringement. 273 In fact the only examples given in the explanatory tutorial about Aimster involved the sharing of copyrighted material, see ibid, 650. 274 Ibid, 650. 275 MGM v Grokster, 125 S. Ct. 2764 (2005), 2780. 276 Ibid, 2768. 277 This also in context of non-peer-to-peer technology in the case of Arista Records LLC v Usenet.com Inc (633 F.Supp.2d 124 (S.D.N.Y. 2009), where inducement was one of several grounds on which liability of an actual host provider was found. In a number of cases, the mere threat of court action has also been enough to close down sites. See Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights, p. 22.

90

A. The Status Quo – or How Did We Get to Where We AreToday?

by the Dutch company KaZaa which was subsequently sued for distributing file-sharing software by the Dutch licensing organisation BUMA/ STEMRA in the Netherlands. The Amsterdam Appeal Court found that although individual users might infringe copyright when file-sharing, the distributor of the software, KaZaa, was not liable on the basis that, because there was no central server, there could be no control over the files that were shared once the software had been installed on a user’s computer. As in Grokster, it was also the case that the software could be, and was being, used for legal purposes, including the exchange of both copyright material with the permission of the copyright owner and also non-copyright-material. This reasoning was subsequently upheld by the Dutch Supreme Court in December 2003.278 When the licence to distribute KaZaa was transferred to an Australian company, it was the Australian’s courts time to give its opinion on the subject matter.279 Also in Germany, one of the countries which is in the focus of this research, developers and distributors of peer-to-peer software became subject to lawsuits for secondary liability. In Cybersky280 for example, a German pay-TV provider sued the developers and intended distributor of a new free-of-charge peer-to-peer software called Cybersky TV and demanded that they refrain from offering, disseminating and/or operating the Cybersky TV software as long as this software could be used by endusers to send and/or receive encoded content (i.e. pay-per view and subscription only TV channels) on the Internet from the claimant’s pay-TV programme as part of a peer-to-peer system.281 Although the Court refused to give an opinion on the lawfulness of peer-to-peer software in light of

278 Gerechtshof Amsterdam, Decision of 28.03.2002 – 1370/01SKG (KAZAA B.V.v. BUMA/STEMRA), unauthorised English translation available at http://www.eff.or g/IP/P2P/BUMA_v_KaZaA/20020328_KaZaA_ appeal_judgment.html (last accessed 17.05.2014). 279 Universal Music Australia Pty Ltd v Sharman License Holdings Ltd [2005] FCA 1242 [30]. The Australian Court found that the company was well aware that Kazaa was widely used to infringe copyright and concluded that Sharman was liable for copyright infringement because it had “authorised” Kazaa’s users to infringe the record companies’ copyrights. 280 OLG Hamburg, Decision of 08.02.2006 – 5 U 78/05 (Cybersky), International Review of Intellectual Property and Competition Law 2006, 989 with comment by Hannes Rösler. 281 The Cybersky designers described Cybersky TV as “free pay-TV”. It was claimed that Cybersky TV could be as revolutionary for TV as the original Napster was for the music industry. See Hannes Rösler, Comment to OLG Hamburg,

91

First Chapter: Legal and Technological Background

intellectual property and competition law in general, it concluded that the supplier of a peer-to-peer software has a responsibility to take appropriate protective measures to the benefit of intellectual property rights-holder, in particular if the software developer has, in the product announcement, sales advertising or description of use, offered potential users the opportunity to infringe rights of others.282 This responsibility exists irrespective of any primary or secondary liability for copyright infringements of the defendants. The Court stressed that if an – although possibly only small – percentage of the purchasers use the software for purposes that do not interfere in third-party copyright, a general prohibition on the marketing of the medium may constitute an abuse of the law.283 Nevertheless, the Court issued the requested interlocutory injunction which practically constituted a complete prohibition on sales.284 To avoid a further injunction against distribution, the defendants would have to employ reasonable and suitable mechanisms necessary to prevent future infringements as effectively as possible. Although the court explicitly rejected a reference to the US Grokster case, it accepts the “Janus-faced nature” of peer-to-peer networks with similar standards.285 In France or the UK, on which this study focusses, there have been no major cases taken against the developers and distributors of file-sharing software. However, especially in the UK, there has been some speculation as to whether the courts would follow the approach by the Australian court in the KaZaa case or whether they would use a similar approach as in the twin-deck tape recorders case, in which the House of Lords held that Amstrad’s production of twin-deck tape recorders did not, of itself, indicate that Amstrad authorised copyright infringement, because the devices

282

283 284 285

92

decision of 08.02.2006 – 5 U 78/05 (Cybersky), International Review of Intellectual Property and Competition Law 2006, 994. OLG Hamburg, Decision of 08.02 – 5 U 78/05 (Cybersky), International Review of Intellectual Property and Competition Law 2006, 989, 991. It has to be noted that by the time the German pay-TV provider took the defendants to court, Cybersky TV had not yet been launched. Thus, the claimant sought to obtain an injunction preventing the launch of Cybersky TV in its planned format. Ibid, 992 et seq. For the reasons see ibid, 993 et seq. Hannes Rösler, Comment to OLG Hamburg, decision of 08.02.2006 – 5 U 78/05 (Cybersky), International Review of Intellectual Property and Competition Law 2006, 994, 996.

A. The Status Quo – or How Did We Get to Where We AreToday?

could be used for both infringing and non-infringing purposes.286 In this respect, it has to be noted that the US case law with regard to Napster and Grokster is of limited guidance when discussing the issue of primary infringement by authorisation under UK law. The concept of secondary liability discussed in the US cases does not exist in the majority of civil law countries in Europe.287 This also applies to the Dutch and German cases even if the German court applied similar standards. At all, an analysis of this subject matter would go beyond the scope of this research, but the discussion highlights that courts will struggle to find a developer and provider of file-sharing software liable if he has no control over the individual usage of the software, and if there are substantial non-infringing purposes. Where liability had been established, this always was due to the developer or operator having some kind of control over a central server or inciting the use of the software for infringing purposes. The worldwide case law with regard to early file-sharing technology highlight that although Napster and subsequent file-sharing systems were content-neutral, meaning that they could and in fact were also being used for non-infringing purposes, including sharing of authorised songs, public domain works, the record industry has won most of these lawsuits.288 From an economical point of view, the victories ultimately did not bring the sought after results. Already the lawsuit against Napster showed that this track is not very effective: the attention that Napster got due to the media publicity let to an increase in users, and following its eventual shutdown, new networks with new technologies quickly emerged. The latter responded to the legal developments. While the early peer-to-peer technology was likely to trigger liability (provided that there has been some sort of encouragement or incitement to indulge in illegal file-sharing and the

286 As regards the discussion of whether the providers of file-sharing software authorise copyright infringement see Haflidi Kristjan Larusson, Uncertainty in the scope of copyright: the case of illegal file-sharing in the UK, European Intellectual Property Review 2009, Vol. 31 Issue 3, 124, 128; Simon Stokes, Digital Copyright (2nd ed. Hart Publishing 2005), pp.134–135. 287 Diane Rowland/Uta Kohl/ Andrew Charlesworth, Information Technology Law (4th ed. 2012), p. 340. 288 As regards Napster: 17 U.S.C. A&M Records. Inc. v Napster. Inc. 114 F. Supp. 2d 896 (N. D. Cal. 2000), confirmed by A&M Records, Inc. v Napster, Inc., 239 F.3d 1004 (9th Cir. 2001); as regards Aimster: Re Aimster Copyright Litigation 334 F 3d 643 (7th Cir. 2003); as regards Grokster: Metro-Goldwyn-Mayer Studios, Inc. v Grokster, Ltd. 125 S. Ct. 2764 (U.S.S.C. 2005).

93

First Chapter: Legal and Technological Background

operators failed to prevent or reduce the extent of infringements), the third generation of file-sharing technology makes it difficult to establish liability on part of the developers or providers. BitTorrent software now enables users to download large files in small blocks of data from multiple sources, while the software itself does not provide users with the tools to actually locate files. BitTorrent users act completely autonomous and there is no central chokepoint. This makes it more difficult to actually prove intent on behalf of the providers of BitTorrent software with regard to induce users to breach copyright.289 In fact, many providers are now being more careful and ask users not to use the software for infringing purposes. New variations of peer-to-peer technology may also provide for encryption of the content being shared, so that the legal detection of copyright infringement becomes more difficult.290 Encryption is perfectly legal, and the users sharing files may also have legitimate reasons to hide the content. The road to sue the innovators thus may have reached a dead end, and this seems to be the reason why lately the rights-holders refrained from suing the innovators of peer-to-peer file-sharing software for copyright infringements. However, recently, the popularity of file-hosting services meant that rights-holders turned their attention towards these providers. The case law in this regard will be assessed in the third Chapter, but at this point it shall already be stressed, that file-hosters are unlikely to be held liable for copyright infringements by their users, but may be liable to prevent repeat infringements from taking place via their servers.291 With regard to file-hosters, more or less the same technology is used as regards cloud computing, which is an accepted lawful service. Accordingly, the file-hosting service as such has been declared lawful within several jurisdictions,292 as long as they do not employ a scheme that rewards uploaders based on the number of downloads that they generate and by this make it attractive for users to upload copyrighted works in order to trigger as 289 See Diane Rowland/Uta Kohl/ Andrew Charlesworth, Information Technology Law (4th ed. 2012), p. 339. 290 These systems may not be used by the majority file-sharers for lack of advanced IT literacy. 291 See Chapter 3. 292 For a summary of the German case law, see Rolf Danckwerts, Neues vom Störer: Was ist ein „von der Rechtsordnung gebilligtes Geschäftsmodell“?, GRUR-Prax 2011, 260. The sharehosting models that have been declared legitimate do not use reward systems for uploading content.

94

A. The Status Quo – or How Did We Get to Where We AreToday?

many downloads as possible.293 For example, Megaupload used to reward one million downloads with $ 1,500.294 Such reward schemes may obviously encourage users to upload copyrighted materials and publish the link granting access to the material to the general public. This again can be regarded as an incitement to infringe copyright and trigger liability (civil as well as criminal) for an otherwise content-neutral service. In fact, in the case of Megaupload, this lead to the seizure of Megaupload’s assets, the detention of its operators, and the shutdown of the site on 19 January 2012 by the US Department of Justice.295 Similarly, kino.to296, a streaming portal targeting German consumers was shut down, its assets seized,297 and its operators held criminally liable by a German criminal court for making publicly available copyrighted works.298 In this case, it was again not the technology as such that led to the convictions of the operators, but the fact that they had actual knowledge of every single infringing file that was disseminated via their service as they operated a scheme where every file had to be approved manually.299 Because the operators of kino.to resided within the European Union, they could be arrested and brought before a German court. In contrast, the operators of Megaupload have not been convicted yet, and as they reside in New Zealand enforcement depends on extradition to the US.300

293 Such as for example Megaupload. 294 Tobias Lauinger/Engin Kirda/Pietro Michiardi, Paying for Piracy? An Analysis of One-Click Hosters' Controversial Reward Schemes, in: Davide Balzarotti/ Salvatore J. Stolfo/Marco Cova (eds.), Research in attacks, intrusions, and defenses 2012, Lecture Notes in Computer Science Vol. 7462 (2012), p. 169. 295 See Ben Sisario, 7 Charged as F.B.I. Closes a Top File-Sharing Site, The New York Times (20.01.2012). 296 According to the Internet ranking website Alexa, kiNo.to was accessed up to 4 million times per day, and could be ranked within the 50 most visited websites in Germany until June 2011. See LG Leipzig, Decision of 14.06.2012 – 11 KLs 390 Js 191/11 (kiNo.to), Zeitschrift für Urheber- und Medienrecht 2013, 338, 340. 297 Thorsten Ricke/Fabian Wild, Konten in Sachen „kiNo.to“ beschlagnahmt, MultiMedia und Recht-Aktuell 2011, 319492. 298 LG Leipzig, decision of 14.06.2012 – 11 KLs 390 Js 191/11 (kino.to), Zeitschrift für Urheber- und Medienrecht 2013, 338. 299 Ibid, 340 and 345. 300 David Fisher, Dotcom trial may not occur, The New Zealand Herald (21.04.2012). An extradition hearing was set for June 2015, but has been delayed to September 2015, see Morgan Tait, Dotcom extradition hearing delayed, The New Zealand Herald (01.05.2015).

95

First Chapter: Legal and Technological Background

Although these cases do not directly concern the innovators of new technologies, but moreover those of new business schemes, they highlight additional hurdles that rights-holders may have to face, namely that the innovators/operators reside outside a jurisdiction where they could be held accountable. Additionally, they once more prove that the operators need to play an active role that goes beyond the mere provision of a content-neutral technology so that liability may established.301 Hence, as aforementioned, taking the innovators of new technologies to court, can only be successful under very limited circumstances and is a route that most rights-holders have left. In a bid to constrain unlawful filesharing, the rights-holders have also initiated actions against Internet service providers. Internet service providers are an obvious target for those wishing to gain some recompense for violation of their rights, especially in situations where the actual infringer cannot be identified or is located in another jurisdiction. There are some different approaches to the question of the extent of the liability of service providers depending on whether they are acting merely as a conduit, provide the means of transmission, or are capable of having some control over at least some of the material to which they provide access. Access providers as the natural gatekeepers to the Internet were seen as the most effective actors to control the distribution of illegal and harmful content as they are not only identifiable actors, but also locatable, and in most cases situated in the same jurisdiction.302 However, turning to these gatekeepers also turned out impractical. They effectively lacked practical control: the volume of material and the dynamic nature of it was impossible for them to control.303 They also

301 In this respect, it can also be assumed that the severity of the custodial sentences of the defendants in the Swedish The Pirate Bay case results from the attitude of the defendants to file-sharing and copyright infringement evidenced by their comments on the website – they “had made it clear that they were not going to take any action to put an end to such dissemination, even in cases where there could be no doubt that it was in violation of individual identified rights” (Jerker Edstrom/Henrik Nillson, The Pirate Bay verdict – predictable, and yet…, European Intellectual Property Review 2009, Vol. 31 Issue 9, 483, 487). 302 Diane Rowland/Uta Kohl/ Andrew Charlesworth, Information Technology Law (4th ed. 2012), p. 341. 303 BT Internet estimated in 1999 that just to effectively monitor news-group traffic alone, they would need 1500 employees working 24 hours a day. See Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights, p. 5, citing material from a WIPO Workshop on Service Provider Liability.

96

A. The Status Quo – or How Did We Get to Where We AreToday?

lacked the legal control to monitor all communication of their customers and feared liability for interferences that later would turn out unjustified. While in the advent of the Internet, the distinction between different types of intermediaries was relatively clear cut, this changed in the 1990s in the advent of web 2.0. The distinction between a traditional Internet access provider, who merely provided “fundamental communication services such as success, information storage etc.”304 and an Internet service provider, who provided “some additional service which facilitates a transaction between end users, e.g. identifying one of the parties, providing search facilities etc.”305 became less important with service providers giving access to large amounts of in-house as well as third party produced content.306 The arrival of interactive user-generated content or user-mediated content further meant that host provider liability has become increasingly controversial. Holding host providers as well as access providers and other intermediaries responsible equals “shooting the messenger”. The new millennium started with a number of immunity regimes for copyright infringements such as § 512 of the US Digital Millennium Copyright Act 1998 (DMCA) and the E-Commerce Directive of 2000. These legal instruments introduced liability exemptions for Internet service providers in relation to copyright infringements, of which in particular the provisions for hosting content are of interest, because more than the access provider which is a mere communications carrier, does the host provider have certain control over the content hosted. Both instruments purport to provide Internet service providers with immunity from suit provided that they are not acting as a content provider and have no involvement with the actual information transmitted via their networks. This was necessary in order to not disturb the proper functioning and development of the worldwide net. While it is obvious from the wording of the provisions on access providers that they cannot be held accountable for copyright infringements committed via their service, host providers – as already mentioned – are in a position to have or acquire knowledge of the contents hosted and hence, remove or block access to illegal content. Due to the vast case law on this subject matter, the following sections will address the development of limited liability in the US and Europe in more detail.

304 Chris Reed, Internet Law: Texts and Materials (2nd ed. 2004), p. 89. 305 Ibid. 306 See Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights, p. 4.

97

First Chapter: Legal and Technological Background

2. The Development of Limited Liability Early cases, mainly from the US, that had to deal with liability for hosting, transmitting or publishing material that was illegal, saw traditional concepts applied to news publishers applied to Internet service providers.307 For example, the New York Supreme Court held that the Internet service provider Prodigy was liable as a publisher of the content generated by its users because it exercised editorial control over the messages on its bulletin boards by posting guidelines for users and enforcing these with the help of so called board leaders as well as utilising screening software designed to remove offensive language.308 The decision was widely seen as encouraging Internet service providers not to monitor the content of bulletin boards since they might become subject to the strict liability standard applied to publishers rather than the knowledge standard applicable to distributors. Internet service providers were also not keen to check the legality of content due to sheer amount of material passing through their servers. However, while it may not be possible for them to manually check all content, Yahoo proved to be unsuccessful with its defense that it was also technically impossible for Yahoo US to block access to “all persons from France” to pages on its site selling Nazi Memorablia in a case before a French court in 2000.309 A technical sub-committee reported to the court that Yahoo! had the capacity to identify and thus block access to 90% of French Citizens. While this decision concerned location-based blocking and not content-based blocking, it latter turned out ineffective as the judgement condemning Yahoo to take steps to prevent French Internet users from accessing the sections of the Yahoo auction site containing Nazi memorabilia, could not be enforced in the US, domicile of Yahoo Inc. An US court granted a summary judgement in favour of Yahoo Inc. declaring that the “First Amendment pre-

307 Cf. for example Cubby v CompuServe 766 F Supp 135 (SDNY 1991), Stratton Oakmont, Inc. v Prodigy Services Co., 1995 WL 323710 (NY Sup. Ct. 1995). 308 Stratton Oakmont, Inc. v Prodigy Services Co., 1995 WL 323710 (NY Sup. Ct. 1995). 309 TGI Paris, Decision of 20.11.2000 – RG No. 00/05308 (La Ligue contre le racisme et l’antisémitisme et al. v Yahoo Inc), available at http://www.juriscom.n et/txt/jurisfr/cti/tgiparis20001120.pdf (last accessed 10.05.2011).

98

A. The Status Quo – or How Did We Get to Where We AreToday?

cludes enforcement within the United States of a French order intended to regulate the content of its speech over the Internet”.310 Irrespective of monitoring capacities, Internet service providers also argued that they were mere messengers and not content providers, and thus it would be inequitable to hold them responsible.311 Liability for content generated by third parties would also mean uneconomic burdens and pose a threat to a necessary evolving information infrastructure and emerging businesses.312 Thus, legal frameworks for Internet service provider developed from the mid-1990s onwards. The legal regimes took different approaches: either “horizontal”, dealing with the liability of Internet service providers across all types of content such as for example the German Gesetz über die Nutzung von Telediensten (TDG) of 1997 or the E-Commerce Directive of 2000, or “vertical”, regulating specific domains such as for example § 230 (c) of Title V of the Telecommunications Act of 1996313 or the UK Defamation Act of 1996. The first vertical regulatory models did not address copyright, which came into the focus from 1998 onwards. a) The Leading Model Regimes Relating to Intellectual Property aa) The US Digital Millennium Copyright Act The Digital Millenium Copyright Act constitutes the US implementation of the 1996 WIPO Copyright Treaty.314 The DMCA was “designed to facilitate the robust development and world-wide expansion of electronic commerce, communications, research, development, and education in the

310 Yahoo Inc. v La Ligue contre le racisme et l’antisémitisme and others, 169 F.Supp. 2d 1181 (N.D. Cal. 2001), p. 22. 311 Cf. Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights, p. 6. 312 Ibid. 313 § 230 (c) is commonly known the Communications Decency Act of 1996 and bars immunity from all kinds of liability for third party content except IP. 314 World Intellectual Property Organization Copyright Treaty. The text of the Treaty is available at: http://www.wipo.int/ treaties/en/ip/wct/trtdocs_wo033.htm l; an up-to-date list of the Contracting Parties can be found at: http://www.wipo.i nt/treaties/en/ShowResults.jsp?lang=en&treaty_id=16.

99

First Chapter: Legal and Technological Background

digital age.”315 The relevant provision with regard to immunity of Internet service providers within the Copyright Act is 17 U.S.C. § 512, or the Online Infringement Liability Limitation Act (OCILLA). In order to strike a balance between the respective interests of service providers and copyright owners, the OCILLA seeks to “preserve ... strong incentives for service providers and copyright owners to cooperate to detect and deal with copyright infringements that take place in the digital networked environment”.316 § 512 distinguishes between different functions carried out by intermediaries: “mere conduit”,317 system caching,318 hosting319 and information location tools320. Accordingly, it sets up four conditional liability exemptions with regard to copyright infringement liability, that are commonly referred to as “safe harbours”. A service provider in the sense of § 512 (b) to (d) is defined as “a provider of online services or network access, or the operator of facilities therefor” 321. The latter definition is broader than definitions of service providers in earlier drafted statutes such as § 230 of the Communications Decency Act 1996 (CDA), which is due to the fact that it was drafted in the advent of web 2.0.322 The legislator paid regard to the variety of functionalities of web 2.0 services available at that time and courts thus could apply the provision on typical web 2.0 online merchants such as Amazon.com’s shops323 or eBay324 without any problems.

315 See Senate, Digital Millennium Copyright Act, Report, S. Rep. No. 105–190 (1998), 1 et seq. 316 Ibid, 20; House of Representatives, Digital Millennium Copyright Act of 1998, Report, H.R. Rep. No. 105–551 (1998), Part II, 49. 317 § 512 (a) “Transitory digital network communications”; A service provider in the sense of § 512 (a) is defined as “an entity offering transmission, routing, or providing connections for digital online communications, between or among points specified by a user, of material of the user’s choosing, without modification to the content of the material as sent or received” (§ 512 (k)(1)(A)). 318 § 512 (b) “system caching”. 319 § 512 (c) Information Residing on Systems or Networks at Direction of Users 320 § 512 (d). 321 § 512 (k) (1) (B). 322 Lilian Edwards/Waelde, Charlotte, Online intermediaries and liability for copyright infringement (2005), p.11. 323 Corbis Corp. v Amazon.com. Inc., 351 F. Supp. 2d 1090, 1100 (W.D. Wash. 2004) (“There is no doubt that Amazon fits within the definition.”). 324 Hendrickson v eBay, Inc., 165 F. Supp. 2d 1082, 1088 (C.D. Cal.) (“eBay clearly meets the DMCA’s broad definition of online ‘service provider.’”).

100

A. The Status Quo – or How Did We Get to Where We AreToday?

Each limitation bars monetary damages for direct, vicarious and contributory infringement, and restricts the availability of injunctive relief in various respects. In order to qualify for any of the limitations on liability the service provider must adopt and reasonably implement “a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers”.325 Additionally, the service provider must accommodate and not interfere with “standard technical measures”326, meaning such measures that copyright owners use to identify or protect copyrighted works.327 Systems that interfere with certain anti-piracy devices will not be able to benefit from the liability limitations established by the DMCA. In addition to the two general requirements listed above, all four safe harbour provisions impose additional requirements to benefit from immunity. § 512 (a), which limits the liability of mere passive conduits for the transmission of copyright infringing material, applies if infringing material is being transmitted at the request of a third party to a designated recipient, is handled by an automated process without human intervention, is not modified in any way, and is only temporarily stored on the system.328 The key difference in scope between this section, and § 512 (b) to (d) relates to the location of the material in question. § 512 (b) to (d) refer to infringing material that resides on a system controlled by the service provider. The liability exemption for system caching applies when a service provider engages in caching of online content for purposes of improving

325 Section 512 (i) (1) (A). This policy must also be communicated to the users. Courts have been very liberal with regard to valid communication, holding that it requires nothing more than a warning to users in their terms of use statements of their repeat-infringer policy, see Corbis Corp v Amazon.com, Inc, 351 F. Supp. 2d 1090, 1101 (W.D. Wash. 2004); In re Aimster Copyright litigation, 252 F.Supp.2d 634, 658 (N.D. Ill. 2002). 326 Section 512 (i) (1) (B). 327 The measures must have been developed pursuant to a broad consensus of copyright owners and service providers in an open, fair and voluntary multi-industry process, and must be available to anyone on reasonable nondiscriminatory terms. Further, they must not impose substantial costs or burdens on service providers. See § 512 (i). 328 § 512 (a) (1)–(5).

101

First Chapter: Legal and Technological Background

network performance. The exemption applies under the condition that the cached material is not modified, the service provider complies with industry standard rules regarding the refreshing, reloading, or other updating of the cached material, and the service provider does not interfere with the ability of technology that returns hit count information that would otherwise have been collected had the website not been cached.329 In addition, the service provider must impose the same conditions that the original poster of the material required for access, and he must remove or block access to any material that is posted without the copyright owner’s authorisation, upon being notified that such material has been previously removed from the originating site, or that the copyright owner has obtained a court order for the material to be removed from the originating site or access to the material be disabled.330 § 512 (d) creates a safe harbour for service providers that links users, through a tool such as a web search engine, to an online location that contains infringing material, under the condition that the service provider does not know the material is infrining. Once the service provider becomes aware of facts or circumstances from which infringing activity is apparent, he must expeditiously remove or disable access to the content.331 If the service provider controls the infringing activity, he must not derive any financial benefit through the provision of the link.332 Of specific interest in the context of file-sharing is § 512(c), which limits the liability of service providers for infringing material on websites hosted on their systems. A service provider is only protected from liability if copyrights have been infringed by reason of the storage of material at the direction of a user. Information will not be stored at the direction of a user when “it resides on the system or network operated by or for the service provider through its own acts or decisions”.333 Courts interpreted the notion broadly and in at least one case a service provider was not precluded from the § 512 (c) safe harbour even when his employees engaged in

329 330 331 332 333

102

§ 512 (b) (2) (A)–(C). § 512 (b) (2) (D)–(E). § 512 (d) (1), (3). § 512 (d) (2). House of Representatives, Digital Millenium Copyright Act of 1998, Report, H.R. Rep. No. 105–551 (1998), Part II, 53.

A. The Status Quo – or How Did We Get to Where We AreToday?

some brief review of submitted materials before posting them on the website.334 In order to be eligible for the limitation the service provider must not know of the infringement or act expeditiously to remove or disable access to the material when it has actual knowledge, is aware of facts or circumstances from which infringing activity is apparent or has received DMCAcompliant notice; and additionally does not have the right and ability to control the infringing activity, or – if he does – does not receive a financial benefit directly attributable to the infringing activity. A right and ability to control infrining activities requires some kind of direct supervision by the service provider of the direct infringers.335 If an ability to control content is established then there must be no fincancial benefit deriving from the infringing activity.336 Three types of knowledge of infringement can be identified which can take a service provider out of the safe harbour: (1) the service provider can have actual knowledge of infringement; (2) it can be aware of facts which

334 CoStar Group Inc. v LoopNet, Inc, 164 F.Supp. 2d 688, 701 et seq. (D. Md. 2001), affirmed by 373 F.3d 544 (4th Cir. 2004). In Costar Group, Inc. v LoopNet, Inc., the defendant offered a service that enabled subscribers to upload real estate photos to a folder on the defendant's system. Defendant's employees briefly reviewed the submitted photos and posted to the website only those that met defendant's criteria-that is, any photos that did not depict real estate or which obviously were copyrighted by a third-party would not be posted. The court held that defendant nonetheless satisfied the requirement that material be stored at the direction of a user. 335 See Corbis Corp. v Amazon.com. Inc., 351 F. Supp. 2d 1090, 1109 (W.D. Wash. 2004). Courts have also held that the mere ability to disable access to or remove infringing content (IO Group, Inc. v Veoh Networks, Inc., 586 F. Supp. 2d 1132, 1151 (N.D. Cal. 2008); Perfect 10, Inc. V CCBill LLC, 488 F.3d 1102, 1117 (9th Cir. 200/); Corbis Corp. v Amazon.com. Inc., 351 F. Supp. 2d 1090, 1109 (W.D. Wash. 2004); Hendrickson v eBay, Inc., 165 F. Supp. 2d 1082 (C.D. Cal. 2001)), or enforcing policies that prohibit users from engaging in illegal or unauthorised conduct (IO Group, Inc. v Veoh Networks, Inc., 586 F. Supp. 2d 1132, 1153 et seq. (N.D. Cal. 2008)), do not constitute sufficient prove for the right and ability to control. On the other hand, screening and filtering of content may establish exercising an ability to control content (Corbis Corp. v Amazon.com. Inc., 351 F. Supp. 2d 1090, 1110 (W.D. Wash. 2004)). 336 The House Report instructs that there will be no financial benefit “where the infringer makes the same kind of payment as non-infringing users of the provider’s service”, see House of Representatives, Digital Millenium Copyright Act of 1998, Report, H.R. Rep. No. 105–551 (1998), Part II, 54.

103

First Chapter: Legal and Technological Background

raise a “red flag” that its users are infringing; or (3) the copyright owner can notify the service provider in a manner “substantially” conforming with § 512 (c) (3) that its works are being infringed. A court will first examine whether the service provider had actual knowledge of infringing activity. The dominant means by which knowledge will be established is a notification satisfying the statutory requirements of § 512 (c) (2) (A), (c) (3) (A).337 In addition to the formal requirements described above, the DMCA also provides that a take-down notice must be notified to the alleged infringer, who then has the opportunity to file a counter-notice with the service provider’s designated agent and protest that the material should not be removed.338

337 To be effective the notification of a claimed infringement has to be in writing and fulfil the following requirements: it must include sufficient information to contact the complaining party and a signature (either physical or electronic) of the complaining party, sufficient information to identify the copyrighted work or works claimed to have been infringed, the infringing matter and its Internet location, a statement by the complaining party that it has a good faith belief that there is no legal basis for the use of the materials complained of, and a statement of the accuracy of the notice and, under penalty of perjury, that the complaining party is authorised to act on behalf of the owner of an exclusive right that is allegedly infringed. If a notification fails to comply substantially with the requirements it will not be considered in determining knowledge or awareness of illegal content (§ 512 (c) (3) (B) (i)). However, if the notifier identifies the allegedly infringed work, and the material that is allegedly being infringed and contact information for the comlaining party is provided, then the service provider must contact the copyright owner and request the rest of the notice requirements (§ 512 (c) (3) (B) (ii)). If the service provider fails to contact the copyright owner and does not insist upon receiving a correct notice, then the service provider will be deemed to have received correct notice (Debra Weinstein, Defining expeditious: Uncharted territory of the DMCA safe harbor provision – A survey of what we know and do not know about the expeditiousness of service provider responses to take down notifications, 26 Cardozo Arts & Entertainment Law Journal 2009, Vol. 26, 589, 601). 338 § 512 (g) (3) “counternotification”; A valid counter-notification requires inter alia a “statement under penalty of perjury that the subscriber has a good faith belief that the material was removed or disabled as a result of mistake or misidentification of the material to be removed or disabled”. In case that the alleged infringer protests against the removal, the content in question must be “put back” by the Internet service provider. If the original notifier continues to dispute the legality of the content in question, the argument must be taken to court. Within that period of time – while the dispute is in progress – the Internet service provider is free from liability, even if in the end a court finds the content was illicit. This procedure serves as a safeguard to discourage unfounded take down requests and pre-

104

A. The Status Quo – or How Did We Get to Where We AreToday?

If the notification is insufficient, the notifier may seek to prove under § 512 (c) (1) (A) (ii) that the service provider is aware of “facts or circumstances from which infringing activity is apparent”. The test to establish awareness consists of two elements: the first determining whether the service provider is aware of circumstances of infringement (objective component) and the second determines whether infringing activity would have been apparent to a reasonable person operating under the same or similar circumstances (subjective component).339 Infringing material needs to be removed or disabled access to it expeditiously. The meaning of “expeditious” is to be determined by the US courts. During the legislative process the US Senate argued that because “factual circumstances and technical parameters may vary from case to case, it is not possible to identify a uniform time limit for expeditious action”.340 bb) The E-Commerce Directive 2000/31/EC The E-Commerce Directive 2000/31/EC, via its national transpositions, constitutes the main regulatory framework on liability for Internet services throughout the European Union. The E-Commerce Directive was drafted at a time when only few Member States already had specific E-Commerce provisions in place. The consensus reached in the negotiations on the Directive was that so far the limitations on liability for online content should only deal with the most general and problematic barriers to Internet service providers.341 It is drafted very broadly, and thus its liability regimes does not only apply to the traditional Internet service providers,

vents any overhasty take down of contents. It is not for the Internet service provider to examine whether the content provider has a defence, e.g. fair use, as the Internet service provider also regularly lacks the legal expertise. 339 House of Representatives, Digital Millenium Copyright Act of 1998, Report, H.R. Rep. No. 105 – 551 (1998), Part II, 53; see also Liliana Chang, The red flag test for apparent knowledge under the DMCA § 512 (c) Safe Harbor, Cardozo Arts & Entertainment Law Journal, Vol. 28, 195, 201 et seq. 340 See Senate, Digital Millenium Copyright Act, Report, S. Rep. No. 105-190 (1998), 44. 341 Department of Trade and Industry, Consultation Document on Electronic Commerce Directive: the liability of Hyperlinkers, Location Tool Services and Content Aggregators (June 2005), http://www.berr.gov.uk/files/file13986.pdf, p.10.

105

First Chapter: Legal and Technological Background

but a much wider range of actors including e-commerce merchants, social network sits and even cloud computing services.342 As is the case with EC Directives generally, the provisions of the ECommerce Directive are not directly applicable in the Member States; it requires implementing measures by the Member States and is only binding as to a specific result to be achieved without dictating the means of achieving that result. It thereby leaves a margin of discretion to the Member States. In many Member States the Directive was implemented into national law almost verbatim from the specific language version.343 In order to assess the impact the Directive had on the liability regime in Europe it is necessary to examine the individual national implementation and its application. The underlying question is whether the attempt to harmonise the law regarding the liability of Internet service providers has been successful. The E-Commerce Directive applies to “information society services” which are defined in Article 2 (a) as “any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service”.344 Recital 18 of the Directive states explicitly that services which are free of charge to the recipient do not fall outside the scope of an “information society service” if they broadly form part of an economic activity. Thus, not only the traditional Internet service provider sector but also providers offering online information or search tools are covered under certain conditions.345 Although the CJEU held that the Google’s “Adwords” referencing service falls, under certain conditions, within the scope of a host provider, this does not conclusively settle the matter of whether Google’s cost-free search engine ser-

342 Cf. Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights, p. 8. 343 Cf. Electronic commerce (EC Directive) Regulation 2002 (UK); Loi du 14 août 2000 relative au commerce électronique (Luxembourg). 344 Article 2 (a) E-Commerce Directive refers back to the definition in Article1 (2) of Directive 98/34/EC as amended by Directive 98/48/EC. 345 This has recently been confirmed by the CJEU in Joined cases C-236/08 to C-238/08, Google France, Google Inc. v Louis Vuitton Malletier, Google France v Viaticum Luteciel, Google France v CNRRH Pierre-Alexis Thonet, Bruno Raboin, Tiger, a franchisee of Unicis, Judgment of 23.03.2010, ECR [2010] I-02417 (Google Adwords).

106

A. The Status Quo – or How Did We Get to Where We AreToday?

vice falls within the application of the Directive, as the Directive itself does not contain a provision on linking liability immunity. Articles 12–14 of the E-Commerce Directive sets up liability limitations of Internet service providers for third party content when they act in one of the intermediary roles identified by the Directive, i.e. mere conduit (Article 12), caching (Article 13), and hosting (Article 14). These various activities are addressed separately. Unlike the US, the European Community chose to take a horizontal approach in determining intermediary service provider liability. So rather than focusing on a single area of law, the liability regime deals with all content issues. The rationale behind this seems to be that all intermediaries are carrying out the same technical activities regardless of the content involved.346 Thus, the liability limitations apply to all kinds of illegal material provided by third parties, including inter alia copyright, trademark, defamatory statements, hate speech and pornography. However, certain activities are excluded including the activities of notaries and gambling. The limitations apply to civil as well as criminal liability, but do not prevent the imposition of injunctions upon Internet service providers. The liability limitations set forth by the Directive have been classified as defences347 and as a kind of pre-filter in proceedings where a claim is directed against an intermediary with regard to third-party content.348 An intermediary who falls within the definition of a mere conduit is essentially no more than a telephonic network. Pursuant to Article 12 ECommerce Directive, a mere conduit that does not ‘initiate the transmission’, ‘select the receiver of the transmission’ or ‘select or modify the information’, is absolved from all liability. This service provider is thus not liable for damages or for any criminal sanction as a result of any transmission of information. Caching describes the process by which intermediary service provider store information temporarily in order to allow users the access to web pages more quickly. The service provider retains the material so that sub-

346 Miquel Peguera, The DMCA Safe Harbors and Their European Counterparts: A Comparative Analysis of Some Common Problems, Columbia Journal of Law & the Arts 2009, Vol. 32, 481, 482. 347 Andrew Murray, Information Technology Law (2nd ed. 2013), p. 185. 348 Deutscher Bundestag, Bundestagsdrucksache 13/7385 (09.04.1997), p. 51; BGH, Decision of 23.09. 2003 – VI ZR 335/02, GRUR 2004, 74; Köhler/Arndt/Fezer, Recht des Internet (6th ed. 2008), para. 746.

107

First Chapter: Legal and Technological Background

sequent requests for the same material can be fulfilled by transmitting the retained copy, rather than retrieving the material from the original source on the network. Pursuant to Article 13 E-Commerce Directive, this kind of automatic, temporary storage of information for the sole purpose of making more efficient onward transmission of information does not render a service provider liable for the content of the cached pages. The immunity is lost if the service provider does not act quickly to remove a copy of a page where it has actual knowledge that the initial source has been removed or that a court has ordered its removal. The most relevant and at the same time the most controversial liability regime is the regime governing the act of hosting. Pursuant to Article 14 of the E-Commerce Directive hosting services are services that “consist of the storage of information provided by a recipient of the service”. Furthermore hosting services are “of a mere technical, automatic and passive nature, which implies that the information society service provider has neither knowledge of nor control over the information which is transmitted or stored”.349 Under Article 14 of the E-Commerce Directive a host provider shall not be liable for the information stored at the request of a recipient on the condition that : ”(a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or (b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.”

The last condition imposes a duty of care on the provider. He has to take expeditious action if he obtains knowledge or awareness of the illegality of information. Recital 48 provides that the Directive does not affect the possibility for Member States to require host providers to apply duties of care, which can reasonably be expected from them and which are specified by national law, in order to detect and prevent certain types of illegal activities.350 However,

349 Recital 42 of the E-Commerce Directive. 350 It has been understood that such duties of care mean those imposed by criminal or public law e.g. aid in investigation of crime or security matters, not as extending to duties under private law, such as to help prevent copyright infringement – since that would negate the point of Article 15 as well as that of Article 14 gener-

108

A. The Status Quo – or How Did We Get to Where We AreToday?

Article 15 of the E-Commerce Directive prohibits Member States from imposing a general obligation on information society services to monitor the information which they transmit or store, or to request that providers actively seek out facts or circumstances indicating illegal activity. This does not mean that monitoring is in general prohibited. Moreover, Article 14 (3) clarifies that the prohibition of general monitoring does not affect the possibility for a court or national authority of requiring the service provider to terminate or prevent an infringement, or of establishing procedures governing the removal or disabling of access to information. In practice, Article 14 (3) is increasingly invoked as a way by which prior monitoring or filtering may be imposed on host providers by court order. In that regard the prevention of future infringements is a sensible issue as unlawful content can hardly be avoided without the monitoring of all uploaded information. Even if a host provider receives notice of unlawful content, it can avoid liability under the condition that it takes down or blocks access to that content expeditiously. This imports the US “notice and take down” approach. At the time when the E-Commerce Directive was adopted, the European legislator decided that notice and take down procedures should not be regulated in the Directive itself.351 Member States are merely encouraged to implement “rapid and reliable procedures for removing and disabling access to illegal information”.352 Like the US DMCA, the Directive gives no guidance as to the interpretation of the vague expression of “expeditous”. Also national implementations of the E-Commerce Directive refrained from specifying what “expeditious” means, with some defining it with the equally uncertain notion of “undue delay”.353

ally. See Cf. Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights, p. 10. 351 European Commission, Report from the Commission to the European Parliament, the Council and the European Economic and Social Committee – First Report on the Application of Directive 2000/31/EC of the European Parliament and of the Council of 8.06.2000 on Certain Legal Aspects of Information Society Services, in particular Electronic Commerce, in the Internal Market (Directive on Electronic Commerce) COM/2003/0702, para.4.7. 352 Recital 40 of the E-Commerce Directive. 353 In Germany, the term “expeditious” is defined in § 121 I 1 of the Bürgerliches Gesetzbuch (BGB) as meaning “without undue delay”. Undue delay” is also used in Austria in order to define the notion of “expeditious”. Annotation to § 16 of the Regierungsvorlage 817, available at: www.parlament.gv.at/PG/DE/XXI/I/I_0

109

First Chapter: Legal and Technological Background

cc) The US and EU Regimes: Similarities and Deficits The liability regime by the E-Commerce Directive is very similar to that of the earlier drafted DMCA. Unlike the US, the European Union took a horizontal approach in determining intermediary service provider liability. Under both regimes, mere conduits are not liable for damages or for criminal sanctions as a result of any transmission of information. Also the liability for caching is constructed similar. However, the regimes differ in some aspects when it comes to liability for hosting and information location tools. While the DMCA explicitly introduces a safe harbour provision for information location tools, the E-Conmerce Directive only foresees an examination “for the need for proposals concerning the liability of providers of hyperlinks and location tool services”.354 Although the European legislator was aware that problems may arise with regard to the liability of link providers, he explicitly refrained from regulation without having assessed its necessity in practice. In relation to host provider liability, the E-Commerce Directive does not foresee a statutory “notice and take down" (NTD) procedure as introduced by the DMCA, but simply requires intermediaries to take down or bar access to illegal content or activity upon acquiring knowledge of the content in question. Member States are free to adopt NTD procedures, but there is no uniform proce-

0817/fnameorig_000000.html (last accessed 4.12.2009). The Austrian Supreme Court held that one week did not fulfil the criterion of undue delay (see OGH, Decision of 21.12.2006 – 6 Ob 178/04a. In the UK, legislation dealing with terroristic offences indicates that two working days might fulfil the requirement expeditious. The specialised Electronic Commerce Directive (Terrorism Act 2006) Regulations 2007 – which provides immunities for Internet service providers from offences under the Terrorism Act 2006 – also requires expeditious removal of Internet postings constituting terrorism-related offences. For such postings the Terrorism Act 2006 contains a notice and take down regime applying to website operators which requires them to modify or remove offending material within two working days after having received a notice by a police constable. The period of two working days is fixed in Section 3 subsection 2 (b) of the Terrorism Act 2006. “Working days” is further defined as “any day other than a Saturday or a Sunday, Christmas Day or good Friday or a day which is a bank holiday under the Banking and Financial Dealings Act 1971 (c. 80) in any part of the United Kingdom” (Section 3 subsection 9 of the Terrorism Act 2006). 354 Article 21(2) E-Commerce Directive.

110

A. The Status Quo – or How Did We Get to Where We AreToday?

dure throughout the EU.355 Thus, the indefinite concepts of “actual knowledge” and “awareness of facts and circumstances from which the illegal activity or information is apparent” are crucial for determining provider liability. In this regard, it is necessary to define the preconditions of knowledge or awareness (e.g. positive knowledge or negligent ignorance) and the notion of manifestly illegal content. Specifically in the area of IP law, the infringing nature of content may often not be apparent. An image uploaded on Facebook does regularly not contain any information with regard to the author. Knowledge or awareness will thus usually be acquired by notification. It will then be the provider itself who has to determine whether or not a complaint is legitimate.356 There is a risk that, in the interest of avoiding litigation, service provider would be best served by removing or blocking access to any content hosted by them which was brought to their notice regardless how unfounded or trivial the objection might seem to be. Not having the legal knowledge of a court or legallytrained person, there is a presumption that Internet service providers are likely to delete or block access.357 Although statutory NTD procedures have received criticism for having a potential chilling effect on freedom of speech, and – being a self-regulatory measure – constituting privatized censorship, this criticism is not restricted to statutory NTD procedures.358 Any legal obligation to remove illegal material upon notification, may induce intermediaries to over-comply with take down notices in order to limit their liability and as a result suppress legitimate content.

355 Some Member States introduced statutory NTD procedures, e.g. France (Article 6-I-5° Loi n° 2004-575 de 21 Juin 2004 pour la confiance dans l'économie numérique (LCEN)) and Finland, which has set out copyright-specific NTD procedure (Section 22 Laki tietoyhteiskunnan palvelujen tarjoamisesta (458/2002) of 05.06.2002). 356 Christian Ahlert/Chris Marsden/Chester Yung, How “liberty” disappeared from Cyberspace: The mystery shopper tests Internet content self-regulation, p.7. 357 Ibid. 358 Wendy Seltzer, Free Speech Unmoored in Copyright’s Safe Harbor: Chilling Effects of the DMCA on the First Amendment, Harvard Journal of Law & Technology 2010, Vol. 24 No. 1, 171 et seq.; See also Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights, p. 11.

111

First Chapter: Legal and Technological Background

Research has shown that the incentive to take down or bar access to material is higher than facing a potential lawsuit and its costs.359 Associated with a high compliance-rated with take down requests, is a risk of censorship when perfectly legal material is taken down. A non-representative survey conducted in the field of notice and take down procedures showed that an European Internet service provider took down content although the complaint related to it was unfounded and very little information related to the infringement was given, whereas an Internet service provider in the US requested further information in accordance with the DMCA.360 A Dutch study361 confirmed that Internet service providers prefer to take down content over which they received a complaint rather than investigating the matter. It proved that it only takes a free email-account to take content down. There is some concern over potential abuse of complaints where standardised notice and take down procedure are lacking, when Internet service providers consider default take down on demand as their safest and easiest option.362 The DMCA tries to address these concerns by

359 The thesis that Internet service providers are more likely to remove alleged illegal material than to question complaints has been proven by an empirical research conducted by Oxford researchers in 2004 on Notice and Take down procedures. The researchers investigated how Internet service providers make use of notice and take down by making a complaint by email to several Internet service providers about alleged copyright infringement on a website which they had previously uploaded and which contained perfectly legal material. See: Christian Ahlert/Chris Marsden/Chester Yung, How “liberty” disappeared from Cyberspace: The mystery shopper tests Internet content self-regulation, p.12. See also a similar study from India, which came to the same conclusion: Rishabh Dara, Intermediary Liability in India: Chilling Effects on Free Expression on the Internet (2011), pp. 29 et seq. 360 The outcome of the research project is not representative as only two Internet service providers were tested, one US IPS and one UK Internet service provider; Christian Ahlert/Chris Marsden/Chester Yung, How “liberty” disappeared from Cyberspace: The mystery shopper tests Internet content self-regulation. 361 The research was carried out by Sjoera Nas at Bits of Freedom, a Dutch digital human rights group. Ten Internet service providers were chosen and a text uploaded which clearly stated that the text belongs to the public domain. A fake society was created to act as a copyright-holder, which then sent complaints to the providers from a Hotmail email account. 7 out of the 10 providers removed the text without any further investigation. See Sjoera Nas, The Multatuli Project ISP Notice & take down (27.10.2004). 362 Christian Ahlert/Chris Marsden/Chester Yung, How “liberty” disappeared from Cyberspace: The mystery shopper tests Internet content self-regulation, p. 26.

112

A. The Status Quo – or How Did We Get to Where We AreToday?

introducing safeguards to discourage an abuse of the system. Any take down notice must be notified to the content provider, who then has the opportunity to protest. Where then a dispute arises between the notifier and the content provider, the case will be taken to court. False allegations of infringement are penalised (§ 512 (f)). So, while in the EU no guidelines exist with regard to an appropriate notice and take down procedure, the complex procedure in the US does not leave room for uncertainties and tries to ensure that overblocking is avoided. b) The Necessity to Go Beyond Notice and Take down NTD was and is an effective solution when sites physically host infringing content, but when content is shared via decentraslised peer-to-peer networks, there is no longer a host provider that can be held accountable or that may delete or block access to infringing materials. With centralised peer-to-peer networks like Napster, the service provider could be held liable to direct and contributory infringement if it received reasonable knowledge of specific infringing material, knew or should have known these were available, and failed to prevent its distribution.363 Napster’s downfall was its centralised server system, which technically allowed Napster to monitor the activities of its network and to restrict access to infringing material when informed of that material’s location. While the first generation of peer-to-peer networks operated a centralised database, already the second generation of decentralised sharing made it impossible to hold the providers of the file-sharing software accountable. Providers of second generation peer-to-peer file-sharing software lacked a central server or index function, meaning that they actually could not acquire knowledge of specific files being exchanged, at least at

363 A&M Records, Inc. v Napster, Inc., 239 F.3d 1004 (9th Cir. 2001), at 1027. The case highlights that liability for contributory infringement exists if one engages in personal conduct that encourages or assists copyright infringement. For an analysis of the case see Nick Scharf, Napster’s long shadow: copyright and peer-topeer technology, Journal of Intellectual Property Law & Practice 2011, Vol. 6 Issue 11), 806 et seq.

113

First Chapter: Legal and Technological Background

the moment of exchange itself.364 Conceptually, peer-to-peer clients and torrent sites are also rather “pointing to” infringing material than transmitting it.365 An ongoing issue with respect to online file-sharing is that some users resist attempts to limit their perceived rights of free exchange of information, ideas and content, and have demonstrated such resistance by developing and implementing new methods to mask their activities.366 The third generation of file-sharing networks reflect this: they are decentralised, fast and sometimes anonymised or encrypted. Technological progress posses a challenge for notice and take down. This does not mean that notice and take down became useless as such, it still is a good solution with regard to traditional host providers including providers of user-generated content. But, as mentioned previously, with increased use of information technologies by consumers from the millenium onwards, we could also see an increase in infringing materials being available and a lot of these infringing materials are not shared on YouTube or DailyMotion. While host providers such as YouTube or Dailymotion are originally based around the idea of users sharing their self-generated content with others, new types of host providers such as sharehosters or cloud computing providers have entered the scene; their primary service is hosting and not distributing user-generated content. However, these platforms are also being used to share copyrighted content with some of them being founded with the purpose of facilitating copyright infringements; the operators of the latter are usually at least difficult to identify, may be difficult to locate, and frequently located outside domestic jurisdiction. The German operator’s of kino.to for instance had their servers located in Russia: Because they blocked access to Russian consumers, Russian authorities were reluctant to ban the copyright infringing activities and the rightsholders had no chance to have the service shut-down until the operators

364 Metro-Goldwyn-Mayer Studios Inc. v Grokster, Ltd., 380 F.3d 1154 (2004) (9 th Circuit) 1162; See also Colin Nasir, Taming the beast of file-sharing – Legal and technological solutions to the problem of copyright infringement over the Internet: Part 2, Entertainment Law Review 2005, Vol. 16 Issue 4, 82–88, at 83. 365 See Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights, p. 16. 366 Robert C. Piasentin, Unlawful? Innovative? Unstoppable? A comparative analysis of the potential legal liability facing P2P end-users in the United States, United Kingdom and Canada, International Journal of Law and Information Technology 2006, No. 14, 195, 211.

114

B. The Technological and Legal Challenges of Online Copyright Enforcement

who were still located in the European Union could be arested. In such scenarios, questions arise as to whether special duties should and could be imposed on online intermediaries (in the case of kino.to, on access providers) to block access to these materials. Where the host providers are identifiable, and situated in the same jurisdiction or in a jurisdiction where judicial decisions from another state are recognised and enforceable, such obligations could also include filtering obligations by the hosts providers themselves (sharehosters or providers that provide links to unauthorised copies). In this regard, rights-holders and collecting societies call for European rules on notice and take down, that go beyond the existing limited liability scheme enshrined in the E-Commerce Directive.367 The case law from Germany, France and the UK relating to potential blocking and filtering obligations, which will be outlined in Chapter 3, shows that courts are struggling to apply duties upon online intermediaries that go beyond mere take down of infringing content. B. The Technological and Legal Challenges of Online Copyright Enforcement Copyright enforcement on the Internet compared to the analogue world faces additional challenges. While with hard-copies some form of contact was necessary between infringer and beneficiary, or seller and buyer, this is not the case with digital copies. File-sharing often takes place anonymously, or at least the actors hide behind pseudonyms. Sometimes it can be almost impossible to identify an uploader, or the person who made a work available to the public. Similarly, downloaders are difficult to track. The reasons for this may be manifold, but an important role is definitely played by technology as such.

367 European Commission, Synthesis of Comments on the Commission Report on the Application of Directive 2004/48/EC of the European Parliament and the Council of 29.04.2004 on the Enforcement of Intellectual Property Rights (July 2011), COM(2010) 779 final, p. 11.

115

First Chapter: Legal and Technological Background

I. The Technological Challenges In how far technology allows for the identification of the different actors involved, or for the gathering of evidence, will be briefly discussed at this stage. The particular challenges involved when trying to enforce copyright against end-user or intermediaries will be outlined at the beginning of the respective chapters. 1. Technological Context For the purpose of legal analysis, it may be misleading to speak of “the Internet” without having a clear idea what this collective noun refers to in specific. First of all, there is no “recognisable controller of the Internet, who might ultimately be responsible for it”; secondly, the Internet has no “fixed, definable infrastructure; and thirdly, “the information and services obtainable via the Internet” are not provided by a single entity called “the Internet”.368 Due to this reasons, it is impossible to discuss the law without referring to the functioning of the technology behind the Internet, a brief overview shall help to understand the following discussions. a) The Evolution of the Internet in a Nutshell A basic understanding of how the Internet operates is important for any consideration of copyright enforcement mechanisms and user sanctions. Therefore, this section provides a brief overview of the functioning of the Internet with an emphasis on relevant implications for the identification of users and for how access to materials may be blocked. The basic function performed by the Internet is extremely simple: it transports digital information from one computer to another.369 It is a simple communications infrastructure. The birth of the Internet can be seen with the development of ARPANET, a US defence project funded by the Advanced Research

368 Chris Reed, Internet Law, Text and Materials (2nd ed. 2004), p. 7. 369 See Chris Reed, Internet Law, Text and Materials (2nd ed. 2004), p. 8.

116

B. The Technological and Legal Challenges of Online Copyright Enforcement

Projects Agency (ARPA), in the late 1960s.370 The system would link a number of computers or ‘nodes’, so that messages could be forwarded from one computer to another. Every message would be divided up into a number of segments (packets) that would each be labelled with its intended destination and with information as to its position in the message as a whole.371 Passing from node to node, the packets would be reassembled when they arrived at the intended destination. The next major development was, when during the 1970s, US universities, the US government and high-tech companies, and finally commercial communication providers took leading roles in what began as a military project.372 The evolution of the communication standard Transmission Control Protocol (TCP) and Internet Protocol (IP) paved the way to the global network of today.373 A protocol is, in essence, an algorithm for recognising and dealing with a piece of information.374 The TCP component is responsible for converting messages into streams of packets for transmission and recombines them at the receiving end, whilst the IP is responsible for addressing and routing the packets to their intended destination. All digital devices linked to the Internet are allocated an IP address as a unique identifier. The TCP/IP protocols enable any user to connect to the vast network of communications network – that is the Internet.375 IP addresses in that regard enable the transmission of communications between for instance the user’s web browser and the server hosting the website that he wants to browse. While the early Internet was predominately a tool for academia and the technology literates, more user-friendly navigational tools were introduced

370 For the history and development of ARPANET see Andrew S. Tanenbaum/David J. Wetherall, Computer Networks ( 5th ed. 2011), pp. 55 et seq.; Andrew Murray, Information Technology Law, The law and society (2nd ed. 2013), pp. 16 et seq. 371 Ian J. Lloyd, Information Technology Law (4th ed. 2004), p. 12. 372 Andrew S. Tanenbaum/David J. Wetherall, Computer Networks (5th ed. 2011), p. 456. 373 For a brief outline of how the modern Internet functions, see Andrew Murray, Information Technology Law, the law and society (2nd ed. 2013), pp. 21 et seq. 374 Chris Reed, Internet Law, Text and Materials (2nd ed. 2004), p. 11. To communicate using the Internet system, a host computer must implement the layered set of protocols comprising the Internet protocol site; for more information on the different protocol layers, cf. ibid, pp. 12 et seq. 375 Ian J. Lloyd, Information Technology Law (4th ed. 2004), p. 31. For the functioning of the TCP/IP protocols see Andrew S. Tanenbaum/David J. Wetherall, Computer Networks (5th ed. 2011), pp. 45 et seq.

117

First Chapter: Legal and Technological Background

in the early 1990s.376 The most significant technical innovation at that time was the introduction of the World Wide Web (WWW).377 The WWW is not synonymous with the Internet, but is a higher-level network which uses the Internet as a network or computer networks as its carrier medium.378 It uses the so called hypertext to create links between documents, allowing users to click on a marked link to move to a document. Initially all Internet connections were referred to solely by an IP number. However, as the Internet grew, more memorable means of identification were needed. In 1987 the system of domain names which transcribe into IP addresses came into effect and meant that webpage could be accessed by typing a readable domain name into a web browser such as Internet Explorer or Mozilla Firefox. Today uniform resource locater (URL), also known as web address, serve as references to a resource. The format combines the system of domain names with file path syntax, where slashes are used to separate directory and file names. When a user requests a webpage, he will enter the URL of that page into his browser software. This client software generates a request for the page, which is sent via the Internet to the computer on which the page is stored. Web server software running on this computer responds to the request by sending the streams of data packets that make up the web page to the browser software. The browser then reassembles the information once the packets have arrived and displays the page.379 A user’s client software and the web server software are able to exchange data packets across the Internet because all the computers involved use common protocols (the aforementioned TCP and IP) to define how a packet should dealt with.

376 Ian J. Lloyd, Information Technology Law (4th ed. 2004), p. 13. 377 Ibid. Its invention is usually credited to Sir Tim Berners-Lee, cf. Andrew Murray, Information Technology Law, The law and society (2nd ed. 2013), p. 33. See also Tim Berners-Lee, Weaving the Web: The original design and ultimate destiny of the World Wide Web by its inventor (2000). 378 See Andrew Murray, Information Technology Law, The law and society (2nd ed. 2013), p. 33. 379 See Chris Reed, Internet Law, Text and Materials (2nd ed. 2004), p. 10.

118

B. The Technological and Legal Challenges of Online Copyright Enforcement

b) IP Address Allocation The issuance of IP addresses can be compared with the issuance of a phone number. As mentioned above, every computer linked to the Internet is allocated a unique IP address. This IP address consists of 32 binary digits in length (IPv 4 standard).380 Because the number of computers and other devices connecting to the Internet is outgrowing the IP addresses that are available, a new standard is being introduced.381 The IPv 6 standard brings an increase in number length to 128-bit numbers to provide capacity for some 2128 addresses, more than 7.9×1028 times as many as IPv 4.382 While still the majority of Internet traffic is carried by IPv 4, computers are allocated dynamic IP addresses. This means that each time a computer connects to the Internet, it will be assigned a new IP address by its Internet access provider, who has a limited block of addresses available. When the computer becomes inactive, the IP address will be taken away again and be assigned to another computer that becomes active. Accordingly, while websites will usually have a fixed IP address, users that are not online 24/7 will be allocated a new IP address every time they connect to the Internet. c) Domain Name System Because IP address are hard for people to remember and may change383, readable names were introduced in order to decouple machine names from machine addresses. Typing in the readable address in a web browser initiates a process of trying to match the name with the appropriate IP number. The process of looking up a name and finding an address is called domain

380 Andrew S. Tanenbaum/David J. Wetherall, Computer Networks (5th ed. 2011), p. 439. 381 Ibid, p. 455. 382 See Andrew Murray, Information Technology Law, The law and society (2nd ed. 2013), p. 23. 383 For example if a company’s website that could be accessed under a certain IP number was moved to a different server with a different IP address, everyone needed to be told the new IP address. See Andrew S. Tanenbaum/David J. Wetherall, Computer Networks (5th ed. 2011), p. 611.

119

First Chapter: Legal and Technological Background

name resolution.384 A query about a domain name passes first to a local name server, if it fails to make a match, the query will be passed on to a remote server.385 The definite tables of names and numbers are maintained on so called root servers. There are 13 root DNS servers, of which most are present in multiple geographical locations.386 Domain names can be categorised into two categories – generic (e.g. .com, .info, .org) and country code (e.g. .fr, .de, .uk, .lu). The Internet Corporation for Assigned Numbers and Names (ICANN) delegates the administration of generic top level domains to third party organisations to oversee the domain registry activity. Country code top level domains are administered by national independent registries operating on a country by country basis. When an individual or company purchases a domain name from a registrar they are asked to complete domain contact details including their email and postal addresses. These details are entered into DNS WHOIS, a service provided by the DNS Registry that allows queries to the Domain Name database, such that the ownership of a particular domain can be established. However, this simply gives the information provided by the registrant, which may not necessarily be correct or informative.387 2. The Difficulties to Identify an Infringer That Result from Technology as such Technological progress means that it is becoming more and more difficult to identify infringers. A starting point is usually the collecting of an IP address from which an infringement took place. This information however may only help to identify the subscriber of that IP address of a specific given time. Notorious infringers or users who value privacy may also browse the web anonymously.

384 For a detailed explanation on how domain name resolution works, see ibid, pp. 620 et seq. 385 Ibid, p. 620. 386 Ibid, p. 621. 387 Cf. Richard Clayton et al., A study of Whois privacy and proxy services abuse, National Physical Laboratory (20.09.2013).

120

B. The Technological and Legal Challenges of Online Copyright Enforcement

a) “On the Internet, Nobody Knows You’re a Dog” “On the Internet, nobody knows you’re a dog” is an adage which began as the caption of a cartoon by the American cartoonist Peter Steiner that was published by The New Yorker on 5 July 1993 and became the most reproduced cartoon of The New Yorker.388 The cartoon features two dogs sitting in front of a computer, with one telling the caption to the other. It symbolises an understanding of Internet privacy that stresses the ability of users to send and receive messages in general anonymity. Internet communication lacks clear identification of the communication parties. This does not only apply to two users communicating with each other, but also to users requesting web pages, where the request is made via a communication that identifies only the host through which the user accessed the Internet and does not identify the user that made the request.389 General anonymity in this context means, that Internet protocols do not force users to identify themselves. An identification may only be required at local access points such as universities or libraries, when users log onto the Internet via the university’s or library’s access, but the log on information will then be privately held by the local access point and will not become part of the Internet transaction itself.390 Though it is often possible to identify the device with which the Internet was accessed, the user is not identified. The identification of an IP address thus, in general, only leads to the identification of a specific Internet access point and, without further information, not to the person that used the IP address at a given time. In those cases where only an IP address can be identified, this does not automatically lead to the identification of the actual infringer. b) Dynamic IP Addresses Although it is possible to log an IP address, the fact that most IP addresses that are allocated to end-users are dynamic addresses, make it difficult for rights-holders to identify a subscriber. A prerequisite for identification is that IP data is retained by the Internet service provider. However, under

388 Glenn Fleishman, Cartoon Captures Spirit of the Internet, The New York Times (14.12.2000). 389 Chris Reed, Internet Law, Text and Materials (2nd ed. 2004), p. 141. 390 Cf. Lawrence Lessig, Code: Version 2.0 (2006), p. 35.

121

First Chapter: Legal and Technological Background

the general data protection principles of data reduction and data economy, Internet service providers are obliged to retain as little data as possible. They may thus only retain data as long as necessary. Telecommunication service providers or operators store customers’ personal data for the purposes of transmitting communications, invoices as well as marketing and certain other value-added services. Only in the context of the transmission of communication and invoicing it is necessary to retain communications data, i.e. the “envelope” or “metadata” consisting of information on the identity of the subscriber (e.g. IP address), traffic data (communicationassociated information e.g. logs of connections), and data on the location of the user at the time of the communication.391 However, with flat rate plans becoming the common choice for customers,392 it is no longer necessary to retain data for several weeks as it used to be when Internet access was paid for by the minute or by traffic. Although the latter becomes in some way relevant again in mobile telecommunications, where transfer speed may be reduced after a certain amount of traffic, the providers do not need to store all connection processes for billing their customers. Hence many rights-holders complain that data often are not retained long enough by Internet access providers to allow them to obtain the information they need to enforce their rights.393 At least under European law, there is no obligation to store data (on a temporary basis) for the purpose of disclosing information related to intellectual property rights infringements. In contrast to the perception of many

391 These types of data are also reflected in the Data Retention Directive, see Article 5(1) of the Data Retention Directive i.e. from whom (sub-article a)) and to whom (b) the communication was sent, when it was sent and how long it lasted (c), what sort of communication (d), how the communication was sent i.e. what equipment was used (e) and where the communication was sent (f). For definitions see European Telecommunications Standards Institute, ETSI TS 101 331(2001-08), pp. 6 et seq. 392 In Germany, the proportion of private Internet users with such flat rate plans rose from 18 % in 2005 to 87 % in 2009. See European Commission, Evidence Dossier – Evidence for Necessity of Data Retention in the EU (2013), p.5 Fn. 13, http://ec.europa.eu/dgs/home-affairs/pdf/policies/police_cooperation/evidence_en .pdf 393 European Commission, Synthesis of Comments on the Commission Report on the Application of Directive 2004/48/EC of the European Parliament and the Council of 29.04.2004 on the Enforcement of Intellectual Property Rights (July 2011), COM/2010/779 final, p. 12.

122

B. The Technological and Legal Challenges of Online Copyright Enforcement

lay people, the Data Retention Directive 394 did not contain a legal basis by which Internet service providers are obliged to retain telecommunications data for private law enforcement. The Data Retention Directive, which has recently been declared invalid by the CJEU,395 required telecommunication operators to retain certain categories of data for identifying users and details of phone calls made and emails sent (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism.396 The Directive as well as the Data Protection Directive was quite specific in its balancing of principles and exceptions related to data retention for specific purposes and the use of this data. None of the provisions required data retention for the purposes of enforcing intellectual property rights. Thus, often data can only be obtained by way of a quick request to preserve certain communications data (“quick freeze”) under which operators served with a court order are obliged to retain data relating only to specific circumstances.397

394 Directive 2006/24/EC of the European Parliament and of the Council of 15.03.2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, OJ L 105 (13.04.2006), 54. To date 28 States have notified the Commission about the transposition of the Directive into their national law; of these States however, Germany and Belgium have only transposed the legislation partially. 395 CJEU, Joined cases C-293/12 and C-594/12 Digital Rights Ireland v Minister for Communications, Marine and Natural Resources and Others, and Kärntner Landesregierung and Others, Judgment of 08.04.2014. 396 A number of Member States, in accordance with their legislation, allow the access and use of retained data for purposes going beyond those covered by the Directive, including preventing and combating crime generally and the risk to life and limb. Access to the data is however in all Member States restricted to law enforcement authorities. Cf. European Commission, Report from the Commission to the Council and the European Parliament, Evaluation Report on the Data Retention Directive (Directive 2006/24/EC), Com(2011) 225 final (18.04.2011), pp. 7 et seq. and pp. 10 et seq., http://eur-lex.europa.eu/LexUriServ/LexUriServ.d o?uri=COM:2011:0225:FIN:en:PDF 397 Data preservation is distinct from data retention which requires the retention of all data. Cf. European Commission, Report from the Commission to the Council and the European Parliament, Evaluation Report on the Data Retention Directive (Directive 2006/24/EC), Com(2011) 225 final (18.04.2011), p. 5.

123

First Chapter: Legal and Technological Background

Such “quick freeze” is valuable in many ways, but relies on the need or willingness of the Internet access providers to store these data for their own commercial purposes, and actually log IP addresses where they are dynamically allocated. If the data is logged, the question remains how long they are being retained for the purposes of the access providers. Considering that usually customers will enter into flatrate plans, there is often no need to preserve data for billing purposes for longer periods of time. Rights-holders thus have to be quick to file their requests for disclosure. In Germany, it has been shown that seven days of retention are long enough for rights-holders to exercise their right to information.398 Due to the fundamental right impact of data disclosure, disclosure will only be granted under very strict conditions which will be evaluated in the second Chapter. c) Anonymous Web Browsing It is said that the Internet “interprets censorship as a form of damage and seeks to find ways around it”.399 Although intellectual property rights enforcement has nothing to do with censorship, this assumption also applies in this context. Anonymous web browsing refers to browsing the Internet where the user´s IP address and other personally identifiable information is hidden from the websites that are visited. There are different ways of accomplishing anonymous web browsing such as for instance proxies or programs such as “The Onion Router” (TOR). When a user requests a website, that request identifies the user’s access provider and possibly sharing other computer information including the browser and operating system.400 This information can be used to track the user. Anonymous web surfing services send the request as if it would stem from their own computers but pass on the received web page to the user.401 The service provider will make some temporary records of the

398 See European Commission, Synthesis of Comments on the Commission Report on the Application of Directive 2004/48/EC of the European Parliament and the Council of 29.04.2004 on the Enforcement of Intellectual Property Rights (July 2011), COM(2010) 779 final, p. 13. 399 Ian J. Lloyd, Information Technology Law (4th ed. 2004), p. 23. 400 Chris Reed, Internet Law, Text and Materials (2nd ed. 2004), p. 35. 401 Ibid.

124

B. The Technological and Legal Challenges of Online Copyright Enforcement

user’s originating IP address from which his identity might be discovered, but because there is no substantial delay between requesting a Web page and receiving it, these records need only to be maintained for a very short time.402 Proxy servers or virtual private network servers (VPN servers) work by redirecting the communication through themselves. The user’s IP address is then only shared with the proxy server while the requested website only obtains the proxy server’s information. Because proxies hide the origination of a request, they may also be used to bypass restrictions such as for instance geographical restrictions and visit websites that might be blocked in a specific country. The same may apply to circumvent local restrictions that for example often exist in relation to school networks. The disadvantages of proxy servers are that they often load websites slowly due to the rerouting of the requested information. Also browser add-ons like Flash player or Java plugin may nevertheless reveal the surfer’s IP address. Virtual private networks achieve anonymity also by allowing several users to access the Internet via a single gateway using the same IP address, so that the user cannot be identified as an individual but as belonging to a certain group of people who have access to that network. With programs such as TOR, anonymity can be achieved by sending information through a net of routers to hide the original destination of the web page request. All these variants may be used by users that want to ensure that their browsing session cannot be monitored. Although VPN services may be ordered to disclose information and logs if illegal activities take place, the fact that they regularly do not store such information any longer than necessary, makes them attractive for users. With advances in mobile communication such as more sophisticated smartphones and high-speed data for mobile phones and data terminals403, mobile communication may at some point also become attractive for filesharers. Mobile phone telephony users may use prepaid SIM cards as a means of avoiding identification. In the case of prepaid SIM cards, the identification of the user of such a card depends on whether the number of the card was registered when purchased. Only few EU Member States

402 Ibid. 403 4G LTE as a standard for wireless communication is increasingly becoming available.

125

First Chapter: Legal and Technological Background

have adopted measures requiring the registration of prepaid SIM cards.404 Accordingly, these users may surf the Internet anonymously. 3. The Difficulties to Delete or Block Access The argument that is often brought forward against blocking405 is that it is favourable to delete the infringing content whereby one would not only put an end to the infringement but also prevent its continuation. While this as such may be true, in practice deletion may just not be possible. Sometimes the operator of a website may just not be contactable. The domain registrant’s data may be incomplete or just not correct. Commonly, operators of piracy websites are located in another jurisdiction – for obvious reasons. The operators of the “German” streaming websites kino.to, which inter alia communicated blockbuster movies prior to their release in Germany, run under a Tonga domain and had its servers located in Russia.406 The operators paid attention that no Russian movies or movies with Russian subtitles were available in order to keep a low profile in Russia and not stir any interest of Russian authorities in investigating the matter.407 The deletion of content outside of the EU, may thus also have its limits, where judgments are not recognised and enforceable and national authorities have no reason to pursue the matter any further. As copyright is territorial, content that is illegal in one country may not be so in another. Also different terms of protection may apply. Where content is located outside a jurisdiction, for instance outside the EU where the Brussels I Regulation provides for the mutual recognition

404 As of April 2011, these Member States are Denmark, Spain, Italy, Greece, Slovakia and Bulgaria. See Report from the Commission to the Council and the European Parliament, Evaluation Report on the Data Retention Directive (Directive 2006/24/EC), COM(2011) 225 final, p. 25. 405 The difficulties that may be encountered when trying to block access will be discussed in more detail in the third Chapter. 406 Ole Reißmann, Geschäft mit Raubkopien: Wie kiNo.to Millionen verdiente, Der Spiegel online (14.06.2012). 407 Ibid.

126

B. The Technological and Legal Challenges of Online Copyright Enforcement

and enforcement of judgments in civil matters,408 the enforcement of a deletion request may turn out inoperable. Accordingly, blocking is a feasible alternative as its scope of application is domestic. Also Interpol has set its priority on blocking access to the most severe child sexual abuse materials worldwide to reduce the availability of such material on the web.409 Equally, the COSPOL Internet Related Child Abusive Material Project (CIRCAMP), a European police collaboration project, promotes access blocking to child abuse materials as a crime prevention tool.410 While law enforcement authorities are interested in monitoring usage of the websites in question to identify offenders, they also try to have the content removed. While server providers are willing to cooperate when it comes to child abuse content, the situation may – for the above mentioned reasons – be different when it comes to copyright infringements. Deletion requests may only be successful, where the rightsholders has obtained an injunction and this injunction can be enforced against a content or host provider. Given the difficulties with extra-territorial deletion, the rights-holders increasingly seek to have access blocked to the infringing materials via the domestic Internet access providers. The main disadvantage with access blocking is, that it does not let the infringing content disappear. As will be outlined in Chapter 3, the content remains on the Internet and will continue to be accessible for anybody capable of circumventing filters. Depending on the blocking technique that is being employed, no specific IT literacy is necessary, meaning that an average user is capable of accessing blocked materials.

408 Council Regulation No. 44/2001 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (Brussels I Regulation), OJ L012 (16.01.2001), pp. 1–23. 409 See the website of Interpol at Interpol.com. Interpol operates a “worst of”-list which includes domains that contain the most severe child sexual abuse material according to set criteria. 410 See circamp.eu.

127

First Chapter: Legal and Technological Background

4. The Role of Technology in the Assessment of Interferences with Fundamental Rights The interests of intellectual property rights owners in enforcing their rights often collide with the interests of Internet users and online intermediaries. Insofar as non-absolute rights are concerned, it will be necessary to determine whether interferences with the rights of these third parties are justified. This will ultimately require that a fair balance is struck between the colliding interests. Within the proportionality test, the efficiency of an enforcement mechanism may play an important role: if an enforcement mechanism is not efficient, it may not justify an interference with the fundamental rights of third parties. In other words: if an enforcement mechanism is suitable for securing the attainment of copyright protection, but in fact is inefficient or ineffective, than it will not be proportionate – meaning that efficiency and effectiveness more or less becomes the premise for all enforcement mechanisms. This applies in particular, where enforcement is directed against third parties, that have not committed, aided or abetted the infringement themselves, and are thus no copyright infringers. In online copyright enforcement it is not uncommon that third parties are addressed. The reasons for this are based on the technological challenges outlined above. In some cases, technology makes it difficult to identify the end-user that has committed an infringer. In a technological sense, the IP address does not allow to draw conclusions on the identity of an Internet user. The rights-holders will then usually search for actors that in some way contributed to the infringement and that are in a position to stop the infringement, such as the subscriber of an Internet access service, or an online intermediary. Where rights-holders are able to identify actors that are locatable, and situated within the same jurisdiction, they will seek to take action against them to put an end to infringements. Often the law provides for a cause of action in these scenarios – even though this scenario was not considered when the law was drafted. Thus, it will become necessary to evaluate whether enforcement, just because it is possible, is also justified. When input and control over material, or the subscription of an Internet access become the starting point for liability and subsequent enforcement, it becomes particularly important to assess the contribution of the addressee also from a technological point of view. This can for example mean that the feasibility of monitoring duties needs to be assessed within the propor128

B. The Technological and Legal Challenges of Online Copyright Enforcement

tionality test. The same applies for the aforementioned efficiency of an enforcement tool. Even where the mechanism may be suitable to attain the given objective, it must not put an excessive burden on the individual, in particular when the contribution of that individual to the actual infringement is minimal. Finally, as technology hardly allows for action that solely affects the infringer (for instance over-blocking affects other users, Internet suspension may not only affect infringer), all consequences of a restriction, and not just the consequences for the parties to the case, need to be taken into consideration when applying the proportionality principle. II. The Legal Challenges: The Fundamental Rights at Stake Enforcing rights against third parties means that third parties are identified, deterred or sanctioned for violation of the rights in question. Without specifying any enforcement measures, it is already clear at this stage that copyright enforcement interferes with fundamental rights: the fundamental rights of Internet users and third parties whose cooperation is sought to terminate and prevent copyright infringements. At the same time the fundamental rights of intellectual property rights-holders may be infringed when states do not provide them with effective remedies. It must be born in mind that fundamental rights are positive and negative rights. They require states to avoid engaging in certain conduct, while also requiring states to take positive steps to enable protection of these rights. As in any other situation where fundamental rights of different actors clash, copyright enforcement requires a fair balancing of contravening interests. In this respect, the Preamble to the WIPO Copyright Treaty states that a key element of global copyright policy is to ensure that the balance between the rights of authors and the general public interest is maintained, especially the public interest with respect to education, research and access to information. In the light of the technology outlined above, it becomes clear that rights-holders are confronted with numerous difficulties when enforcing their intellectual property rights. In constellations such as peer-to-peer file-sharing the IP address is the starting point to identify an infringer. But also websites that users visit may track the IP addresses of their visitors. Although the website owner will not know a user’s name through their IP address, the data he may 129

First Chapter: Legal and Technological Background

have logged, may prove helpful for a rights-holder to track down an infringer. However, no matter whether a rights-holder has logged an IP address from where an infringement took place or a website owner tracks IP addresses of visitors, the rights-holder needs to find out to whom the IP address in question was allocated at the time of infringement. Here, it becomes crucial to balance the right of privacy against the right to identify an (anonymous) individual potentially involved in an illegal action in order to defend and enforce intellectual property rights. Once the identity of the subscriber of a certain IP address has been identified, usually sanctions will be imposed. If warnings are send out to the subscriber concerning an infringement, someone must store this data. Depending on who will be involved in the administration of data, different fundamental rights may be concerned, for example, if the aid of an Internet service provider is needed, this may have an impact on his business or more precisely his right to conduct business. Not just where measures are targeted at private individuals, but also where measures aim at the infringing content itself, the rights of Internet service providers and users will be affected. No matter which enforcement measure is considered, they all intervene in some way with fundamental rights. As a number of fundamental rights of different actors including the IP address subscriber, the rights-holder and other third parties, in particular Internet service providers, need to be taken into account, the following section focusses on these aspect of the fundamental rights in question, that are likely to be affected. In this respect, the sources of the rights in question as well as their scope of application will be outlined. 1. Sources of Fundamental Rights Originally, human rights where a matter of national law. A transformation of the substantive norms of fundamental rights law from national to international law was manifested in the promulgation of the Universal Declaration of Human Rights in 1948 (UDHR).411 The UDHR inter alia enumer411 Universal Declaration of Human Rights of 10.12.1948, U.N.G.A. Res. 217 (III 1948). For a history of human rights in general and in Europe, see Mark W. Janis/ Richard S. Kay/Anthony Wilfred Bradley, European Human Rights Law: Text

130

B. The Technological and Legal Challenges of Online Copyright Enforcement

ates traditional human rights norms at the level of international law. The UDHR together with the International Covenant of on Civil and Political Rights of 1966 with its two Optional Protocols and the International Covenant on Economic, Social and Cultural Rights of 1966 forms the socalled International Bill of Human Rights. Because neither Universal Declaration nor the accompanying Covenants provide a legal machinery to enforce human rights against recalcitrant states, it made sense for there to be regional international human rights machineries which – influenced by the UDHR provide enforcement mechanisms for individuals. In Europe, the first instrument of such kind was the Council of Europe's European Convention on Human Rights (ECHR). As regards the European Union, the Treaty on European Union (TEU) and in specific the Charter of Fundamental Rights of the EU (CFR) provide enforcement mechanisms insofar as the respect of fundamental rights in the European Union law is concerned. When in the course of this work, the compatibility of enforcement mechanisms with fundamental rights will be examined, though reference will be made to the International Bill of Human Rights, the focus will be on the more specific ECHR and the Charter and the interpretation of the respective provisions by the ECtHR and the CJEU. Accordingly, when assessing the legality of an enforcement measure by the EU or a Member State in terms of fundamental rights, two major sources will to be consulted: the ECHR and the Charter of Fundamental Rights of the European Union (CFR). a) International Level: The International Bill of Human Rights From 1948, when the UDHR was adopted and proclaimed, until 1976, when the International Covenants on Human Rights entered into force, the Declaration was the only completed portion of the International Bill of Human Rights. The UN Declaration, and at a later stage the Covenants, exercised a profound influence on the thoughts and actions of individuals and the governments of signatory states. The influence of the UDHR and the Covenants will be seen throughout the discussion of fundamental

and Materials (3rd ed. 2008), pp. 4 et seq; Antonio Cassese, International Law (2001), pp. 349 et seq.

131

First Chapter: Legal and Technological Background

rights in the following chapters as in particular the Declaration is fundamental to the European human rights instruments and their very existence. aa) The Universal Declaration of Human Rights The Universal Declaration of Human Rights of 1948 (UDHR), which was signed in Rome on 4 November 1950, and entered into force on 3 September 1953, is recognized as a historic document providing a common definition of human dignity and values. Against the background of diverse political ideological regimes, nations with different economic and political structures as well as religious beliefs, the UDHR provides the lowest common denominator as regards the conception both of the relationship between State and individual, and of basic human rights.412 In formal terms, the UDHR is not legally binding, and thus only provides for a moral and political force.413 The Declaration focusses on civil and political rights rather than economic, social, and cultural rights. Due to its limitation, it can only provide a yardstick by which to measure the degree of respect for, and compliance with, international human rights standards. bb) The International Covenant on Civil and Political Rights and the International Covenant on Economic, Social and Cultural Rights The International Covenant on Civil and Political Rights (ICCPR) as well as the International Covenant on Economic, Social and Cultural Rights (ICESCR) were adopted in 1966 and entered into force in 1976. By the coming into force of the Covenants, States parties accepted a legal as well as a moral obligation to promote and protect fundamental rights and freedoms. The Covenants contain the measures of implementation required to ensure the realisation of the rights and freedoms set out in the Declaration. With regard to this book, it is necessary to mention that while the Covenants intend to cover the whole range of fundamental rights, the right of property is not included – arguably, this was due to the inability of East-

412 See Antonio Cassese, International Law (2001), pp. 357 et seq. 413 Ibid, p. 358.

132

B. The Technological and Legal Challenges of Online Copyright Enforcement

ern and Western states to agree on the issue of compensation in case of expropriation.414 b) European Union Level: The European Convention for the Protection of Human Rights and Fundamental Freedoms, and the Charter of Fundamental Rights of the European Union While the constituent EC Treaty did not initially contain express provisions for the protection of fundamental rights, the CJEU had recognised in its case law that such rights were enshrined in the general principles of Community law protected by it, and granted special significance to the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) as a source of such rights.415 Article 6(3) TEU now states that the European Union shall respect fundamental rights as general principles of Community law; the content of said fundamental rights recognised as general principles in EU law are to

414 Ibid, p. 359. 415 See ECtHR, Bosphorus Hava Yollari Turzm ve Ticaret Anonim Sirketi v Ireland, Judgement of 30.06.2005 – Application No. 45036/98, para. 159. At paras. 155 et seq. the Court found that the legal order of the Union offered satisfactory means to deal with alleged violations of the Convention, that “State action taken in compliance with such legal obligations [i.e. obligations flowing from its membership of an international organisation to which it has transferred part of its sovereignty] is justified as long as the relevant organisation is considered to protect fundamental rights, as regards both the substantive guarantees offered and the mechanisms controlling their observance, in a manner which can be considered at least equivalent to that for which the Convention provides [..]. By ‘equivalent’ the Court means ‘comparable’; any requirement that the organisation’s protection be ‘identical’ could run counter to the interest of international cooperation pursued (...). However, any such finding of equivalence could not be final and would be susceptible to review in the light of any relevant change in fundamental rights protection. If such equivalent protection is considered to be provided by the organisation, the presumption will be that a State has not departed from the requirements of the Convention when it does no more than implement legal obligations flowing from its membership of the organisation. However, any such presumption can be rebutted if, in the circumstances of a particular case, it is considered that the protection of Convention rights was manifestly deficient. In such cases, the interest of international cooperation would be outweighed by the Convention’s role as a ‘constitutional instrument of European public order’ in the field of human rights.”

133

First Chapter: Legal and Technological Background

be derived from ECHR and from the constitutional traditions common to the Member States. 416 Under the CFR, these implicit rights have been codified. aa) The European Convention for the Protection of Human Rights and Fundamental Freedoms The European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) was enacted by the Council of Europe in 1950, not long after the UDHR.417 The Council of Europe was created by the Treaty of London418 with the express purpose of addressing issues of political and human rights concerns and provide for an enforcement mechanism for fundamental rights on a regional level.419 Membership in the Council of Europe depends on signing the ECHR and its protocols. Viceversa, the ECHR is a closed convention that can only be ratified by Council of Europe Member States. Only upon ratification, the ECHR will become binding for the Member States.420

416 The CJEU has repeatedly also noted the significance of relevant international Treaties, see for example “[I]n safeguarding [fundamental] rights, the Court is bound to draw inspiration from constitutional traditions common to the Member States, so that measures which are incompatible with the fundamental rights recognized by the constitutions of those States are unacceptable in the Community; and that, similarly, international treaties for the protection of human rights on which the Member states have collaborated or of which they are signatories, can supply guidelines which should be followed within the framework of Community law” (CJEU, Case C-44/79 Hauer v Land Rheinland-Pfalz, [1979] E.C.R. 3727, para. 15). 417 As regards the negotiations and competing ideologies when drafting the ECHR, see Danny Nicol, Original Intent and the European Convention on Human Rights, Public Law 2005, 152, 170 et seq. 418 Statute of the Council of Europe (“Treaty of London”) of 05.05.1949, signed by the following states: Belgium Denmark, France Ireland, Italy, Luxembourg, the Netherlands, Norway, Sweden and the United Kingdom. 419 See only Jens Meyer-Ladewig, EMRK, Handkommentar (3rd ed. 2011), Introduction, para. 1. 420 Ibid, para. 32. It is up to the Member States to decide upon the means of implementation. In Germany, for instance, the ECHR became law in the rank of a domestic law, meaning that the ECHR is directly applicable and can be enforced in German courts.

134

B. The Technological and Legal Challenges of Online Copyright Enforcement

The ECHR's preamble provides for “the maintenance and further realization of human rights and fundamental freedoms,” which “are the foundation of justice and peace in the world and are best maintained on the one hand by an effective political democracy and on the other by a common understanding and observance of the human rights upon which they depend.” The ECHR deals mainly with civil and political rights (Articles 1–18), but also lists the working mechanisms of the European Court and Commission (Articles 19–51), while Protocol 1, 4, 6, 7, and 12 include additional rights. Each Member State of the Council of Europe may refer to the European Court of Human Rights (ECtHR) in Strasbourg any alleged violation of the Convention and its Protocols by another contracting State (Article 33 ECHR).421 In addition, any individual subject to the jurisdiction of any of the contracting States may address himself to the Court claiming to be the victim of a violation of the Convention or the Protocols (Article 34 ECHR).422 Article 53 ECHR sets forth the relationship between the protection offered by the Convention and that guaranteed by national constitutions or the legal order of the signatory states in general. The so-called subsidiarity clause permits the Convention to be invoked only insofar as it guarantees greater protection than that afforded by national orders.423 The Convention

421 Inter-State cases are very rare, and so far only two have resulted in Judgments of the Court (Ireland v the United Kingdom, Judgment of 18.01.1978 – Application No. 5310/71 and Cyprus v Turkey, Judgment of 10.05.2001 – Application No. 25781/94). 422 According to Article 35(1) ECHR the Court can only examine the merits of applications where the applicant (State or individual applicant) has exhausted all domestic remedies in regards to the complaint. The admissibility criterion emphasises the subsidiary nature of the Court’s system for enforcing the rights and freedoms enshrined in the ECHR. The Court’s Judgments do not produce direct legal effect within the national legal system; they are only binding at the international level (Cf. for example Antonio Cassese, International Law (2001), pp. 366 et seq.). If a State is found responsible for a breach of the Convention or the Protocols and fails to comply with the Court’s Judgment, Article 8 of the Statute of the Council of Europe provides that the State may be suspended from its rights of representation and requested by the Committee of Ministers to withdraw under Article 7. 423 As regards the notion of “subsidiarity clause” see Leonard Besselink, Entrapped by the Maximum Standard: On Fundamental Rights and Subsidiarity in the European Union, Common Market Law Review 1998, Vol. 35, 629–680.

135

First Chapter: Legal and Technological Background

cannot justify a reduction in fundamental rights as that guaranteed by the signatory Member States. It serves as a minimum standard, freely open to derogation in favour of greater protection within national orders.424 Whereas all EU Member States are also parties to the ECHR, the EU itself is currently not a member. This is however going to change in the near future. bb) Charter of Fundamental Rights of the European Union The Charter of Fundamental Rights of the European Union (CFR)425, which became legally binding on the EU institutions and on national governments with the entry into force of the Treaty of Lisbon on 1 December 2009, further strengthens the protection of fundamental rights in the EU.426 Naturally, the ECHR can be seen as one of the primary influences on the Charter.427 The CFR as such encompasses rights protected under the ECHR and further principles that have previously been recognised as fundamental rights in EU law. Article 6(1) TEU now also explicitly states that the rights granted under the Charter have the same legal status as those included in the foundational treaties. The provisions of the CFR are addressed to the institutions and bodies of the EU with due regard for the principle of subsidiarity.428 They are

424 Jens Meyer-Ladewig, EMRK, Handkommentar (3rd ed. 2011), Article 53, para. 2; Marta Cartabia in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 53, p. 338. 425 Charter of Fundamental Rights of the European Union, OJ C 83/389 (30.03.2010). For the history of the Charter see William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Foreword, p. ix et seq. 426 The Charter of Fundamental Rights of the European Union (CFR) was originally proclaimed by the European Parliament, Council and Commission at Nice in December 2000. As amended in December 2007, it became legally binding with the coming into force of the Treaty of Lisbon in December 2009. 427 William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Foreword, p. xvi. 428 With regard to the principle of subsidiarity see for instance Christian Calliess, Die Charta der Grundrechte der Europäischen Union – Fragen der Konzeption,

136

B. The Technological and Legal Challenges of Online Copyright Enforcement

only addressed to the national authorities when they are implementing EU law, meaning that they will also have to apply the Charter when their authorities apply a national law implementing an EU Directive. cc) The Relationship between the Convention and the Charter Even though the EU is founded on the respect for fundamental rights, the observance of which is ensured by the CJEU, the ECHR and its judicial mechanism do not formally apply to EU acts. However, as all EU Member States are parties to the Convention, they have an obligation to respect the ECHR even when they are applying or implementing EU law. In order to rectify this divergence, Article 6(2) of the Lisbon Treaty429 requires the EU to become a party to the ECHR.430 Further Article 59 ECHR as amended by Protocol 14 (“The European Union may accede to this Convention”), which entered into force on 1 June 2010, allows the EU to accede to the ECHR.431 The EU's accession will submit the EU’s legal system to an independent external control by ECtHR, and will provide European citizens with the same protection vis-à-vis acts of the EU as they presently enjoy from Member States.432 As of now, the relationship between different sources of fundamental rights in the EU has only partially been addressed in primary law; Article 6(3) TEU refers to the fundamental rights guaranteed by the ECHR as general principles of EU law. As regards the ECHR and the CFR, Article 52(3) CFR stipulates: “In so far as this Charter contains rights which correspond to rights guaranteed

429 430

431 432

Kompetenz und Verbindlichkeit, Europäische Zeitschrift für Wirtschaftsrecht 2001, 261, 266 et seq. Treaty of Lisbon Amending the Treaty on European Union and the Treaty Establishing the European Community, OJ C306 (13.12.2007), 1. In this regard the current Draft Agreement on the Accession of the European Union to the Convention has been declared incompatible with Article 6(2) TEU or with Protocol (No 8) relating to Article 6(2) TEU by the CJEU on 18.12.2014. See CJEU, Opinion 2/13 of the Court of 18.12.2014. As regards the necessity for EU accession to the ECHR and the proceedings, see Francoise Tulkens, EU Accession to the European Convention on Human Rights (2013). It is further proposed that the EU join as a member of the Council of Europe now it has attained a single legal personality in the Lisbon Treaty.

137

First Chapter: Legal and Technological Background

by the Convention for the Protection of Human Rights and Fundamental Freedoms, the meaning and scope of those rights shall be the same as those laid down by the said Convention. This provision shall not prevent Union law providing more extensive protection.” According to the Explanations Relating to the Charter, Article 52(3) intends “to ensure the necessary consistency between the Charter and the ECHR by establishing the rule that, in so far as the rights in the […] Charter correspond to rights guaranteed by the ECHR, the meaning and scope of those rights, including authorised limitations, are the same as those laid down by the ECHR. This means in particular that the legislator, in laying down limitations to those rights, must comply with the same standards as are fixed by the detailed limitation arrangements laid down in the ECHR, which are thus made applicable for the rights covered by this paragraph, without thereby adversely affecting the autonomy of Union law and of that of the Court of Justice of the European Union”.433 In addition, Article 53 CFR sets forth: “Nothing in this Charter shall be interpreted as restricting or adversely affecting human rights and fundamental freedoms as recognised, in their respective fields of application, by Union law and international law and by international agreements to which the Union, the Community or all the Member States are party, including the European Convention for the Protection of Human Rights and Fundamental Freedoms, and by the Member States' constitutions.” The obvious purpose of Article 53 is to make it absolutely clear that the CFR does not intend to replace the various established forms of protection of fundamental rights, which exist in national, EU, and international legal orders.434 In addition to safeguarding the standard of rights protection offered by the European Union, by national constitutions and international law, it is the ECHR “which constitutes a minimum standard in all cases”.435

433 Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 33. 434 Marta Cartabia in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 53 CFR, p. 336. 435 Bureau of the Convention, Presidency Note, Draft Charter of Fundamental Rights of the European Union, Text of the explanations relating to the complete text of the Charter as set out in CHARTE 4422/00 CONVENT 45 (31.07.2000), CHARTE 4423/00, Convent 46, p. 37. The Council went on to explain that “The level of protection afforded by the Charter may not, in any instance, be lower

138

B. The Technological and Legal Challenges of Online Copyright Enforcement

Article 53 CFR, although similar in wording to the above mentioned Article 53 ECHR (the “subsidiarity clause”), does not consider the Charter rights as a minimum standard. The Charter safeguards the pluralism of fundamental rights protection in Europe, whereas the ECHR acts as a unifying factor around a minimum standard for the signatory states.436 These different roles depend to a great extent on the different fields in which the ECHR and the Charter operate: the ECHR’s field of application coincides with that of the Member States and the ECHR is the criterion for final review for the protection of fundamental rights, once all national judicial remedies have been tried; the CFR has its own field of application, which are the activities of the EU institutions, as well as the acts of Member States when they implement EU law.437 Thus, insofar as copyright enforcement mechanisms are the result of EU law, the conformity with fundamental rights has to be tested against the CFR. The question then arises, whether the CFR will be the exclusive source for fundamental rights. The cases that have been decided so far do not clearly indicate that the EU courts see the CFR merely as their point of departure for a fundamental rights analysis, or whether the CFR has become a (more or less) exclusive source for fundamental rights that eliminates the reference to the general principles of Community law.438 However, there seems to be a general trend to use the CFR less as an exclusive source, but more as either a point of departure for a fundamental rights analysis or as one of several possible sources of law.439 There are cases, in which the CJEU started its analysis of fundamental rights with the rights arising from general principles of law,440 while in

436 437 438

439 440

than that guaranteed by the Convention, with the result that the arrangements for limitations may not fall below the level provided for in the Convention”. Ibid. Ibid. Herwig Hofmann/Bucura Mihaescu, The relation between the Charter's fundamental rights and the unwritten general principles of EU law: good administration as the test case, European Constitutional Law Review 2013, Vol. 9 Issue 1, 73, 74 et seq. Ibid. For example in the AJD Tuna case, the CJEU stated that Article 47 CFR was merely “the reaffirmation of the principle of effective judicial protection, which is a general principle of Community law stemming from the constitutional traditions common to the Member States” instead of using Article 47 as a starting point for its analysis. See C-221/09 AJD Tuna, [2011] ECR I-1655 of 17.03.2011, para. 54 with reference to Case C-432/05 Unibet [2007] ECR I-2271, para. 37,

139

First Chapter: Legal and Technological Background

other cases, the different sources were applied in parallel.441 In the latter, the Court linked the CFR rights to pre-existing case-law and stated that these rights had the character of general principles of law.442 Some scholars share what might be called a “hierarchic” understanding and place the CFR as the primary source of rights in the EU.443 This approach has however been widely criticised for different reasons: it would result in an exclusive application of one or another source of rights which in turn runs counter to an understanding of several overlapping complementary sources applicable in parallel; it has difficulties explaining the presence of rights defined in the CFR only by way of example (“this right includes”). 444 In practice, although some discussion exists as to the relationship of the Charter and the CJEU, the rights encompassed in the CFR are consistent with those under ECHR adopted in the framework of the Council of Europe: when the CFR contains rights that stem from the ECHR, their meaning and scope are the same. In cases where the CFR does not apply, the protection of fundamental rights is guaranteed under the constitutions or constitutional traditions of EU countries and international conventions that the Member States have ratified such as the ECHR.

441 442 443

444

140

and Joined Cases C-402/05 P and C-415/05 P Kadi and Al Barakaat [2008] ECR I-6351, para. 335. Case C-1/11 Interseroh, Judgment of 29.03.2012, para. 43. See as example: ibid. See for example European Convention, Working Group II “Intégration de la Charte/adhésion à la CEDH”, Speaking note of M. le juge Vassilios Skouris (17.09.2002); Christian Calliess, Die neue Europäische Union nach dem Vertrag von Lissabon (2010), p. 322; Sacha Prechal, Competence Creep and General Principles of Law, Review of European Administrative Law 2010, Vol. 3 Issue 1, 5, 21. For an overview of the arguments supporting a non-hierarchical, pluralistic understanding of sources, see Herwig Hofmann/Bucura Mihaescu, The relation between the Charter's fundamental rights and the unwritten general principles of EU law: good administration as the test case, European Constitutional Law Review 2013, Col. 9 Issue 1, 73, 77 et seq.

B. The Technological and Legal Challenges of Online Copyright Enforcement

2. The Fundamental Rights of User at Stake When copyrights are enforced, not only the copyright infringer may feel the consequences, but also third parties such as the user may be affected; in particular the user’s freedom of expression in the form of freedom to seek, receive and impart information, his privacy, and in so far as criminal sanctions are concerned, his procedural rights are at stake. In the following section, the scope and application of these rights will be outlined. a) Freedom of Expression in the Form of Freedom to Seek, Impart and Receive Information Freedom of expression is essential for the creation and effective operation of pluralistic democracies, which are necessary to ensure respect for fundamental human rights.445 Generally speaking, freedom of expression refers to the right to communicate one's opinions and ideas, and includes any act of seeking, receiving and imparting information or ideas, regardless of the medium used. aa) Freedom of Expression in General The right to freedom of expression is recognised as a human right under Article 19 UDHR and recognised in international human rights law in the International Covenant on Civil and Political Rights (ICCPR). Article 19 ICCPR states that “[e]veryone shall have the right to hold opinions without interference” and “everyone shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice”. Article 19 goes on to say that the exercise of these rights carries “special duties and responsibilities” and may “therefore be subject to certain restrictions” when necessary “[f]or respect of the rights or reputation of

445 Monica Macovei, Freedom of Expression, Council of Europe Human Rights Handbooks, No. 2 (2nd ed. 2004), pp. 6 et seq. With regard to the most protected class of freedom of expression, namely political expression see ECtHR, Lingens v Austria, Judgment of 08.07.1986 – Application No. 9815/82.

141

First Chapter: Legal and Technological Background

others” or “[f]or the protection of national security or of public order (order public), or of public health or morals”. On European Union level, the right to freedom of expression is enshrined within Article 10 ECHR and Article 11 CFR.446 According to the Explanations Relating to the Charter the meaning and the scope of Article 11 CFR and Article 10 ECHR are the same.447 The first two sentences of Article 10(1) of the ECHR and Article 11(1) CFR stipulate that everyone has the right to freedom of expression, and that “this right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers”. The third sentence of Article 10(1) ECHR expressly states, that this does “not prevent States from requiring the licensing of boradcasting, television or cinema enterprises”. Article 11(2) CFR goes on to emphasise that “the freedom and pluralism of the media shall respected”. In contrast, Article 10(2) ECHR provides an exhaustive list of legitimate aims that may justify an interference with the right to freedom of expression, i.e. “the interests of national security, territorial integrity or public safety”, “the prevention of disorder or crime”, “the protection of health or morals”, “he protection of the reputation or rights of others”, “preventing the disclosure of information received in confidence”, and “maintaining the authority and impartiality of the judiciary”. According to said Article any interference, in order to be justified, must (1) be prescribed by law, (2) safeguard one or more of the specified legitimate purposes, and (3) be necessary in a democratic society. Both, state acts and omission can restrict freedom of expression.448

446 Regarding freedom of expression and the Internet in general, see e.g. Eric Barendt, Freedom of Speech (2nd ed. 2007); Ronald Deibert/John Palfrey/Rafal Rohozinski/Jonathan Zittrain (eds.), ‘Access Denied’ – The Practice and Policy of Global Internet Filtering (2008); and Rikke Frank Jørgensen (ed.), Human Rights in the Global Information Society (2006). Regarding freedom of expression and intellectual property rights see Dirk Voorhoof, Freedom of expression and the right to information: Implications for copyright, in Christophe Geiger (ed.), Research handbook on human rights and intellectual property (2015), pp. 331 – 353. 447 Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 33. 448 For an example of state acts cf. ECtHR, Groppera Radio AG Others v Switzerland, Judgment of 28.03.1990 – Application No 10890/84, Ser A No 173 (1990); for an example of a state omission cf. ECtHR, Kenedi v Hungary, Judgment of 26.05.2009 – Application No 31475/05, [2009] ECHR 786.

142

B. The Technological and Legal Challenges of Online Copyright Enforcement

The Charter’s drafters considered it appropriate to guarantee freedom of expression and information without expressly defining the limitations of these freedoms as the limitation of the Article 10(2) ECHR will be “applicable under Union law by virtue of the horizontal clause relating to the Convention”.449 It seems that even in absence of an express reference to Article 10(2) ECHR, the case law of the ECtHR provides a framework that can be consulted for the purposes of interpreting Article 11 CFR.450 The most protected class of expression has been political expression. 451 Political expression has been considered essential for the creation and effective operation of pluralistic democracies, which are necessary to ensure respect for fundamental human rights.452 Since its first recognition, political expression has been expanded to encompass, inter alia, media comment on political figures453, criticism of the government and its institutions,454 political advertising,455 and wider matters of political interest such as the freedom of academic opinion456. The scope of protection also expands to artistic expression,457 as well as commercial expression.458

449 Bureau of the Convention, Draft Charter of Fundamental Rights of the European Union, New proposal for Articles 1 to 30 (Civil and political rights and citizens' rights) (05.05.2000), CHARTE 4284, Convent 28, p. 17: “Paragraph 2 has not been included but it is applicable under Union law by virtue of the horizontal clause relating to the Convention. The Court of Justice has endorsed the principle of freedom of expression on several occasions, first and foremost in the ERT Judgment (Judgment of 18.06.1991, Case C-260/89, ECR I-5485)”. 450 Instead of many cf. Filippo Donati in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 11 CFR, p. 75. 451 Instead of many see ECtHR, Lingens v Austria, Judgment of 08.07.1986 – Application No. 9815/82. 452 Ibid. 453 ECtHR, Oberschlick v Austria No. 2, Judgment of 01.07.1997, Application No. 20834/92. 454 ECtHR, Castells v Spain, Judgment of 23.04.1992, Application No. 11798/85. 455 ECtHR, TV Vest AS & Rogaland Pensjonistparti v Norway, Judgment of 11.12.2008, Application No. 21132/05. 456 ECtHR, Boldea v Romania, Judgment of 15.02.2007, Application No. 19997/02. 457 Instead of many see ECtHR, Müller and Others v Switzerland, Judgement of 24.05.1985 – Application No. 10737/84. Artistic expression ranges from paintings (ibid) to poetry (ECtHR, Karatas v Turkey, Judgment of 08.07.1999 – Application No. 23168/94). 458 Instead of many see ECtHR, Markt Intern Verlag GmbH and Klaus Beermann v Germany, Judgment of 20.09.1989 – Application No. 10572/83.

143

First Chapter: Legal and Technological Background

Artistic expression has been an area, where the Court has granted States a wide margin of appreciation to restrict forms of artistic expression that national authorities consider offensive.459 Freedom of expression is guaranteed irrespective of the means of transmission; hence, it also applies to expression on the Internet. If in the Second Chapter, the termination of an Internet connection is discussed as a potential sanction, this needs to be taken into account. The same applies to the blocking of access to certain websites. Both enforcement mechanisms may entail a “violation” of Article 10 ECHR if they do not satisfy the conditions in Article 10(2), i.e. (1) are prescribed by law, (2) safeguard one or more specified legitimate purposes, and (3) are necessary in a democratic society. As regards the “expression” protected, there is no limitation to words, written or spoken. The protection extends to inter alia pictures460 and images461. Equally protected is the form of expression, which includes for instance printed documents,462 radio broadcasts,463 paintings464 or films465. As regards this research, the focus is on the right to free expression on the Internet, and thus deals with the question of freedom to seek, receive and impart information and ideas as such, no matter whether written words or spoken words, videos or texts are concerned. Since freedom of expression protects both information and ideas, also viewpoints and personal assessments, which are not susceptible of proof,

459 As regards obscene expression see ECtHR, Müller and Others. Switzerland, Judgement of 24.05.1985 – Application No. 10737/84. With regard to blasphemous expressions see ECtHR, Otto-Preminger Institut v Austria, Judgment of 20.09.1994 – Application No. 13470/87. 460 ECtHR, Müller and Others v Switzerland, Judgement of 24.05.1985 – Application No. 10737/84. 461 ECtHR, Chorherr v Austria, Judgment of 25.08.1993 – Application No. 13308/87. 462 ECtHR, Handyside v The United Kingdom, Judgment of 07.12.1976 – Application No. 5493/72. 463 ECtHR, Groppera Radio AG and Others v Switzerland, Judgment of 28.03.1990 – Application No. 10890/84. 464 ECtHR, Müller and Others v Switzerland, Judgement of 24.05.1985 – Application No. 10737/84. 465 ECtHR, Otto-Preminger Institut v Austria, Judgment of 20.09.1994 – Application No. 13470/87.

144

B. The Technological and Legal Challenges of Online Copyright Enforcement

are protected.466 The distinction between facts/information and ideas plays no role for this work, and further explanations are thus omitted. The freedom of expression as such is most likely to be affected when the communication of individuals is monitored. Monitoring can have a chilling effect on the expression of information and opinions because the individual concerned may choose to not communicate his opinion if he knows that his expression will be monitored.467 The CJEU only recently stated held in relation to the Data Retention Directive that even where only traffic data and no content of the communication is retained, it is not inconceivable that the retention of data might have an effect on the use of the Internet by Internet users, and consequently on their exercise of the freedom of expression.468 bb) The Right to Receive and Seek Information The right to freedom of expression includes an active aspect (freedom to inform) and a passive aspect (freedom to receive information). The right to receive, seek and impart information is the preliminary right that renders effective the exercise of all the other fundamental rights and freedoms, including the freedom to hold opinions.469 The right to receive information further implies the protection of a plurality of opinions and thereby fosters an active and informed population participating in the society.470 Both aspects are of fundamental importance in a democratic society.471

466 Monica Macovei, Freedom of Expression, Council of Europe Human Rights Handbooks, No. 2 (2nd ed. 2004), pp. 9 et seq. 467 See ECtHR, Telegraaf Media Nederland Landelijke Media B. V. and Others v the Netherlands, Judgment of 22.11.2012 – Application No. 39315/06, para. 88; Yefimenko v Russia, Judgment of 12.02.2013 – Application No. 15204 152/04, paras. 154 et seq. 468 CJEU, Joined cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others, Judgment of 08.04.2014, para. 28. 469 See Filippo Donati in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 11 CFR, p. 72. 470 Ibid. 471 Ibid. Many national constitutions of EU Member States expressly guarantee these two aspects of the right to receive information, for instance Germany (Article 5

145

First Chapter: Legal and Technological Background

In contrast to Article 19 of the ICCPR, Article 10 ECHR does not explicitly mention “the right to freely search for information”; however, the ECtHR accepts that the right to freedom to seek and receive information is implicitly included in Article 10 ECHR.472 With respect to the Charter, it has been assumed, that the drafters most likely agreed with this general opinion and considered it unnecessary to expressly mention the right to search for information in Article 11 CFR.473 As regards the content of information protected by the right to receive (or seek) information, protection “does not extend only to reports of events of public concern, but covers in principle also cultural expressions as well as pure entertainment”.474 As regards the access to a specific means of transmission, the ECtHR held in Mustafa and Tarzibachi v Sweden that although citizens may “obtain some news through … newspapers and radio programmes”, “these sources of information only cover parts of what is available via television broadcasts and cannot in any way be equated with the later”.475 This case was seen as a precedent in order to ensure that citizens of the Member States have access to modern technology.476 Hence, the right to receive information applies not only to the content of information but also to the technical means of transmission or reception.477 In the case Autronic v Switzerland, the court held that an

472 473 474 475 476 477

146

Grundgesetz), Sweden (Chapter II, Article 1 Regeringsformen), Spain (Article 20 Constitución española de 1978). Gerard Cohen-Jonathan in: Louis-Edmond Pettiti/Emmanuel Decaux/Pierre-Henri Imbert (eds.), La Convention Européenne des Droits de l’Homme, Commentaire (1999), Article 10, para.3. Filippo Donati in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 11 CFR, p. 74. ECtHR, Khurshid Mustafa and Tarzibachi v Sweden, Judgment of 16.12.2008 – Application No. 23883/06, para. 44. Ibid, para. 45. Robin Elizabeth Herr, Can Human Rights Law support access to communication technology? A case study under Article 10 of the right to receive information, Information & Communications Technology Law 2013, Vol. 22 Issue 1, 1, 8. In contrast to Article 10 ECHR and Article 11 CFR which are silent with respect to forms of expression, Article 19 UDHR and Article 19 ICCPR explicitly provide for protection of the means by which the expression is communicated (“through any media”/“either orally, in writing or in print, in the form of art, or through any other media of his choice”). See also UN Human Rights Committee, General comment No. 34. Article 19: Freedoms of opinion and expression, CCPR/C/GC/34 (21.07.2011), p 4.

B. The Technological and Legal Challenges of Online Copyright Enforcement

extensive interpretation is necessary “since any restriction imposed on the means necessarily interferes with the right to receive and impart information”.478 Accordingly, means of transmission or reception encompass any technical means.479 Since the case law grants a broad scope of protection under Article 10 ECHR, there is a strong argument that the Internet falls within the ambit of protected technical means of transmission or reception.480 In fact, the above cited case law has shown that new technologies shall not be excluded from the scope of application.481 The ECtHR stated in several cases that Article 10 protects not only the substance of ideas and information expressed but also the form in which they are conveyed.482 Any interference with the transmission means may result in a violation of the freedom to receive information. Protection will be granted to both direct state interferences and to interferences by private entities that are upheld by the State.483 If these principles are applied to potential limitations on Internet access, it is possible that such legislative approaches could entail a violation of the freedom to receive and impart information. It has long been unclear whether a state has a positive obligation to ensure that the right to receive information was protected in relations between individuals.484 With its ruling in the case of Mustafa and Tarz-

478 ECtHR, Autronic AG v Switzerland, Judgment of 22.05.1990 – Application No. 12726/87, Ser A No. 178 (1990), para. 47. 479 Cf. ibid. For an analysis of the applicability to all communication technologies, see Robin Elizabeth Herr, Can Human Rights Law support access to communication technology? A case study under Article 10 of the right to receive information, Information & Communications Technology Law 2013, Vol. 22 Issue 1, 1– 13. 480 Cf. Peter van Dijk/Godefridus J. H. Hoof, Theory and Practice of the European Convention on Human Rights (4th ed. 2006), p. 783. 481 See further also ECtHR, Jersild v Denmark, Judgement of 23.09.1994 – Application No 15890/89. In this case, the ECtHR analysed the role of the press in a democratic society and stated at para. 31 that “although primarily with regard to the print media, these principles doubtless apply also to the audiovisual media”. 482 ECtHR, Oberschlick v Austria, Judgment of 23.05.1991 – Application No 11662/85, para. 57; ECtHR, De Haes and Gijsels v Belgium, Judgment of 24.02.1997 – Application No 19983/92, para. 48. 483 ECtHR, Khurshid Mustafa and Tarzibachi v Sweden, Judgment of 16.12.2008 – Application No. 23883/06, para. 34. 484 Robin Elizabeth Herr, Can Human Rights Law support access to communication technology? A case study under Article 10 of the right to receive information, Information & Communications Technology Law 2013, Vol. 22 Issue 1, 1, 6.

147

First Chapter: Legal and Technological Background

ibachi v Sweden485, the ECtHR reiterated the rule that “the right of freedom to receive information basically prohibits a Government from restricting a person from receiving information that others wish or may be willing to impart to him or her”.486 Thereby, the Court confirmed that there is a positive obligation on the part of a state to protect communication between individuals. While traditionally, the identity and purpose of the speaker is critical in determining the level of scrutiny, this case showed that the right of the individual to have access to any type of information for private purposes, including leisure activities, is recognised by the ECHR. Thus, when access is restricted in some way to a means of communication, this may interfere with his freedom of expression not only in the sense that his possibility to impart information may be affected, but more severely the right to receive information about issues of public interest. cc) The Right to Impart Information The right to impart information and ideas freely is complementary to the right to receive information and ideas. It is the active aspect of freedom of expression. The Court has consistently emphasised that Article 10 guarantees the right to impart information and the right of the public to receive it.487 As stated above, the ECtHR clarified in several cases that Article 10 ECHR protects not only the substance of ideas and information expressed but also the form in which they are conveyed.488 Moreover, with regard to imparting information and ideas via the Internet, the United Nations Human Rights Committee in its General Comment No. 34 on Article 19 ICCPR stated that: “Any restrictions on the operation of websites, blogs or any other Internet-based, electronic or other such information dissemination system, including systems to support such communication, such as Internet service providers or search engines, are only permissible to the 485 ECtHR, Khurshid Mustafa and Tarzibachi v Sweden, Judgment of 16.12.2008 – Application No. 23883/06, para. 44. 486 Ibid, para. 41. 487 See instead of many ECtHR, Observer and Guardian v the United Kingdom, Judgement of 26.11.1991 – Application No. 13585/88. 488 ECtHR, Oberschlick v Austria, Judgment of 23.05.1991 – Application No 11662/85, para. 57; ECtHR, De Haes and Gijsels v Belgium, Judgment of 24.02.1997 – Application No 19983/92, para. 48.

148

B. The Technological and Legal Challenges of Online Copyright Enforcement

extent that they are compatible with paragraph 3. Permissible restrictions generally should be content-specific; generic bans on the operation of certain sites and systems are not compatible with paragraph 3. It is also inconsistent with paragraph 3 to prohibit a site or an information dissemination system from publishing material solely on the basis that it may be critical of the government or the political social system espoused by the government.”489 Thus, even on supra-European level, the Internet as a technical means for expression enjoys protection. dd) The Right to Internet Access Due to the ever-changing nature of society, also fundamental rights face with new challenges. While some challenges can be addressed by a more extensive interpretation of existing rights, some situations may require the evolution of new rights.490 Historically, fundamental rights are situated rights and take shape in certain societies at certain moments of time.491 In consideration of the omnipresent Internet and its increasing relevance in our everyday life, there has recently been some debate on a possible recognition of the use of the Internet as a fundamental right.492 This idea stems from the growing necessity to have access to the Internet, be it for work purposes or private information exchange. The Internet is crucial for today´s knowledge-based economy: it fosters competitiveness as well as innovation. At the same the Internet promotes development and social

489 UN Human Rights Committee, General comment No. 34. Article 19: Freedoms of opinion and expression, CCPR/C/GC/34 (21.07.2011), p. 11. 490 For the future such rights may include for instance the right to genetic privacy. See Roger Brownsword/Morag Goodwin, Law and the technologies of the Twenty-First Century (2012), pp. 225–245. 491 Paul de Hert/Dariusz Kloza, Internet (Access) as a New Fundamental Right. Inflating the Current Rights Framework?, European Journal of Law and Technology 2012, Vol. 3 No. 3. 492 Wolfgang Benedek/Matthias C. Kettemann, Freedom of expression and the Internet (2014), pp. 41 et seq. For a summary of the debate as of 2012 see Paul de Hert/Dariusz Kloza, Internet (Access) as a New Fundamental Right. Inflating the Current Rights Framework?, European Journal of Law and Technology 2012, Vol. 3 No. 3; Stephen Tully, A human right to access the Internet? Problems and Prospects, Human Rights Law Review 2014, Vol. 14, 175–195; BBC World Service, Four in five regard Internet access as a fundamental right: global poll, BBC News (08.03.2010).

149

First Chapter: Legal and Technological Background

inclusion.493 According to the European Parliament “the Internet has become a means of expression of choice for political dissidents, democracy activists, human rights defenders and independent journalists worldwide”.494 Thus, one can also argue that the Internet advances democracy and a plurality of opinions. Especially, if one considers that in contrast to traditional media, users are not only passive recipients of information but become publishers themselves, the World Wide Web boosts freedom of expression. The generation of so-called "digital natives" have increasingly depend on the Internet as a replacement for dictionaries, newspapers, written letters, music collections etc. Therefore the UN Special Rapporteur on the promotion of the right to freedom of opinion and expression, Frank La Rue, asks for as little content restriction as possible and to make the Internet available to all segments of population.495 The importance of Internet access for the freedom of expression becomes obvious when one looks at regimes that suppress certain opinions. Censorship and state control of the Internet is not just a matter of the East with the prominent great firewall of China or Iran's censorship, only recently Turkey blocked certain social media services before national elections.496 However, developments towards control and censorship may not convince everyone to grant human right status to Internet access. From an objective perspective, the Internet is nothing more than a content-neutral technology.497 In the classical human rights perspective, human rights (not to be confused with civic rights conferred upon humans by law) are understood as

493 Paul de Hert/Dariusz Kloza, Internet (Access) as a New Fundamental Right. Inflating the Current Rights Framework?, European Journal of Law and Technology 2012, Vol. 3 No. 3. 494 European Parliament, Freedom of expression on the Internet, resolution, P6_TA(2006)0324 (6.07.2006). 495 UN Human Rights Council, Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, A/HRC/17/27 (06.05.2011), p. 22. 496 See only Kevin Rawlinson, Turkey Steps up Bid to Block Twitter after Users Flout Ban, the Guardian (23.03.2014). 497 See only Paul de Hert/Dariusz Kloza, Internet (Access) as a New Fundamental Right. Inflating the Current Rights Framework?, European Journal of Law and Technology 2012, Vol. 3 No. 3.

150

B. The Technological and Legal Challenges of Online Copyright Enforcement

basic moral guarantees that people have simply because they are people. The Internet as such is not necessary to lead a healthy, meaningful live. Some argue that we currently witness human rights inflation in general, which may lead to a practice of fragmentation. 498 By recognising more and more rights as fundamental rights, the value of existing and core fundamental rights may diminish. Thus, one must ask, what the substantial added value of the protection of a right to Internet access would be and more importantly whether there would be an added value at all. This is difficult to assess, but the discussion of the right to freedom of expression in general and with regard to the freedom to receive, seek and impart information has already shown that these subcategories of freedom to expression can be invoked to protect both content and connectivity of the Internet against unlawful interferences. Against this background, the right to Internet access will not be treated as a separate subcategory of the freedom of expression. Interferences with Internet access and Internet content will be examined within the existing human rights framework, in particular the right to seek, receive and impart information and ideas, which as noted above also safegurads the means by which information is communicated. On a national level, a few jurisdictions already explicitly provide in their constitutional system a positive obligation to ensure connectivity.499 For instance in 2009, the French Constitutional Court declared that the freedom of expression under Article 11 of the Declaration on Human Rights implies freedom to access such services: “in the current state of online means of communication and in the light of the importance that these services have acquired for participation in democratic life and the expression of ideas and opinions, the right to freedom of expression implies the freedom of access to these services”.500 Having established

498 See ibid. 499 According to Paul de Hert/Dariusz Kloza in ibid, Article 5a (2) of the Greek Constitution states since 2001 that “all persons have the right to participate in the Information Society. Facilitation of access to electronically transmitted information, as well as the production, exchange and diffusion thereof, constitutes an obligation of the State, always in observance of the guarantees of articles 9 [privacy], 9A [personal data] and 19 [secrecy of correspondence]”. 500 Conseil constitutionnel, Decision of 10.06.2009 – No. 2009-580 DC, Journal officiel de 13.06.2009, p. 9675, para. 12. An English version of the decision is available at http://www.conseil-constitutionnel.fr/conseil-constitutionnel/root/ban k/ download/2009580DC2009_580dc.pdf (last accessed 17.05.2014).

151

First Chapter: Legal and Technological Background

this “right to access the Internet”, the Court held that any infringement of this right must be strictly limited and is excessive if it comes from an administrative authority and not a judicial power.501 The Court however laid down, that this right is not absolute and must be reconciled with other rights and freedom of the same rank such as author’s rights protected by intellectual property, as laid down in Articles 2 and 17 of the French Declaration on Human Rights.502 However, instead of developing a “new” fundamental right of Internet access, the French Court considers the right to Internet access as a subcategory of the freedom of expression. Thus the scope of application of freedom of expression is rather adjusted to encompass a new form of communication, a process which not necessarily can be equated with the emergence of a new fundamental right. ee) Justification of Interference In the European legal order, freedom of expression is not an absolute right.503 Thus, limitations may be imposed on the freedom of expression as long as the interference is justified. In this respect, Article 11(2) CFR sets forth that “the freedom and pluralism of the media shall respected”, while Article 10(2) ECHR provides an exhaustive list of legitimate aims that may justify an interference with the right to freedom of expression, i.e. “the interests of national security, territorial integrity or public safety”, “the prevention of disorder or crime”, “the protection of health or morals”, “he protection of the reputation or rights of others”, “preventing the disclosure of information received in confidence”, and “maintaining the authority and impartiality of the judiciary”. According to Article 10(2) ECHR any interference, in order to be justified, must (1) be prescribed by law, (2) safeguard one or more of the specified legitimate purposes, and (3) be necessary in a democratic society.504 Given the extensive Article 10

501 See also Laure Marino, Le droit d'accès à Internet, nouveau droit fondamental, Recueil Dalloz 2009, Issue 30, 2045–2046. 502 Conseil constitutionnel, Decision of 10.06.2009 – No. 2009-580 DC, Journal officiel de 13.06.2009, p. 9675, para. 13. 503 Olivier de Schutter, International Human Rights Law (2010), pp. 257 et seq. 504 As regards an analysis of the similar test under Article 19 ICCPR, see UN Human Rights Council, Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, A/HRC/17/27 (06.05.2011).

152

B. The Technological and Legal Challenges of Online Copyright Enforcement

ECHR case-law, the following will outline the justification test under said Article in consideration that this case law can be consulted for the purposes of interpreting Article 11 CFR.505 First of all, the notion of “prescribed by law” covers not only statute but also unwritten law such as common law.506 In order to fulfil the requirement of “prescribed by law”, firstly, the law must be adequately accessible, the citizen must be able to have an indication that is adequate in the circumstances of the legal rules applicable to a given case; secondly, the norm must be formulated with sufficient precision to enable the citizen to regulate his conduct – citizen must be able to foresee the consequences which a given action may entail.507 As regards the requirement of necessary in a democratic society, a balancing test is employed which generally follows the subsequent criteria: (1) the interference must correspond to a pressing social need, (2) it must be proportionate to the legitimate aim pursued, and (3) the reasons for the interference must be relevant and sufficient. According to the type of case at issue, the strictness of the criteria may vary. In addition, the States are given a margin of appreciation. Interferences that are prescribed by law, must further have aims that are legitimate under Article 10(2) ECHR: they must be in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary. Interference must be “necessary in a democratic society”: as regards an interference with the exercise of the rights and freedoms guaranteed in Article 10(1) ECHR, the ECtHR held that the “necessity for restricting them must be convincingly established”.508

505 Instead of many cf. Filippo Donati in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 11 CFR, p. 75. 506 See ECtHR, Sunday Times v the United Kingdom, Judgment of 26.04.1979 – Application No. 6538/74, para. 47. 507 Ibid, para. 49. 508 ECtHR, Autronic AG v Switzerland, Judgment of 22.05.1990 – Application No. 12726/87, Ser A No. 178 (1990), para. 61.

153

First Chapter: Legal and Technological Background

While a restriction on the freedom of expression may comply with the first two of these conditions, the determining issue will always be whether the restriction on the freedom of expression complies with the third condition, i.e. is “necessary in a democratic society”. In that respect, it is important to note that Article 10(2) ECHR leaves to the contracting States a margin of appreciation. Case law indicates that the extent of this margin of appreciation varies with, inter alia, the legitimate purposes of the restriction. The fact that copyright protection is a legitimate interest which is protected by the ECHR itself may increase the States’ margin of appreciation. The margin of appreciation of a national court is in any case subject to the ECtHR’s supervision with regard to the aim of the measure challenged and its “necessity”, and it covers not only domestic legislation but also any decision to apply it.509 It follows from the case law of the ECtHR that a restriction will generally be considered “necessary in a democratic society” for a legitimate aim only if it answers a pressing social need and, in particular, is proportionate to the legitimate aim pursued.510 Generally, the strongest protection is given to the media as providers of issues of public interest, but others who participate in the public debate or otherwise express opinions of public interest also enjoy a wide protection. To answer “a pressing social need”, the restriction must be justified by “relevant and sufficient” reasons.511 Taking into consideration the largescale copyright infringements taking place via the Internet, most of which rights-holders have so far been unable to stop using traditional enforcement measures, one may well argue that for example injunctions against Internet access providers performing mere conduit can generally be justified as answers to “a pressing social need” provided that they are proportionate to the legitimate aim pursued (the protection of copyright). The test of whether interference was necessary in a democratic society cannot be applied in absolute terms.512 Decisive in all case is going to be 509 See for example the ECtHR, Handyside v the United Kingdom, Judgment of 07.12.1976 – Application No. 5493/72, (1976) 1 EHRR 737, para. 49. 510 Instead of many see ECtHR, Observer and Guardian v the United Kingdom, Judgement of 26.11.1991 – Application No. 13585/88, para. 59. 511 Ibid. For the margin of appreciation of States to establish a pressing social need, see Wolfgang Benedek/Matthias C. Kettemann, Freedom of expression and the Internet (2014), pp. 48 et seq. 512 See recently ECtHR, Fredrik Neij and Peter Sunde Kolmisoppi v Sweden, Decision of 19.02.2013 -Application No. 40397/12.

154

B. The Technological and Legal Challenges of Online Copyright Enforcement

the proportionality test. According to the principle of proportionality, any restriction on the freedom of expression must be proportionate to the legitimate aim pursued. The restrictions on the freedom of expression which may follow from an injunction against an Internet access provider or a user will depend largely on the specific circumstances of each case. Hence, the outcome of the proportionality test will also depend largely on the specific circumstances of each individual case. When examining the proportionality of a measure, one needs to take into account the nature of the competing interests involved and the degree to which those interests require protection in the circumstances of the case.513 Respect must also be paid to the nature and severity of the penalties imposed.514 Although there is an extensive amount of case law from the ECtHR with regard to the determination of “necessary in a democratic society”, so far there is only one judgement referring to copyright law and restrictions on the Internet.515 For the first time in a judgment on the merits, the ECtHR clarified in the case of Ashby Donald and others v France that a conviction based on copyright law for illegally reproducing or publicly communicating copyright protected material can be regarded as an interference with the right of freedom of expression and information under Article 10 ECHR. According to the ECtHR in Ashby Donald, it is no longer sufficient to justify a sanction or any other judicial order restricting one’s (in this case: artistic or journalistic) freedom of expression on the basis that a copyright law provision has been infringed. Neither is it sufficient to consider that the unauthorised use, reproduction or public communication of a work cannot rely on one of the narrowly interpreted exceptions in the copyright law itself, including the application of the so-called three-step test516.

513 Ibid. 514 See ECtHR, Cumpǎnǎ and Mazǎre v Romania [GC], Judgment of 17.12.2004 – Application No. 33348/96, para. 111; Skałka v Poland, Judgment of 27.05.2003 – Application No. 43425/98, para. 41. 515 ECtHR, Ashby Donald and others v France, Judgment of 10.01.2013 – Application No. 36769/08. In the prior case of the founders of the Pirate Bay against Sweden challenging their criminal convictions, the Court declared the application inadmissible, see ECtHR, Fredrik Neij and Peter Sunde Kolmisoppi v Sweden, Decision of 19.02.2013 – Application No. 40397/12. 516 The three-step test is central to the regulation of limitations on copyright at an international level and has been encouraged to be applied by the IPR Enforce-

155

First Chapter: Legal and Technological Background

Recent case law also shows that where the speech is “commercial speech”, meaning that it is merely money driven, it does not enjoy the added value of the protection guaranteed by Article 10 ECHR. Accordingly, there is a wider margin of appreciation available when freedom of expression is regulated in relation to speech in commercial matters or advertising.517 This will be important when Internet service provider rely on the right to freely impart expression. However, it is not because a website is part of a commercial company, that the invoked freedom of expression will receive a lower degree of protection from the scope of Article 10 ECHR. What matter is whether the expression contributes to the very broadly defined debate of general interest.518 b) Privacy Rights The notion of privacy is wide. It includes inter alia the right to private and family life. Due to the wide scope of application, the following outline will – following a general introduction – not address every aspect of privacy, but only focus on those aspects that may be affected in copyright enforcement scenarios.

ment Directive. For an outline of the potential implementation of the Three-Step Test in EU law, see Martin Senftleben, The International Three-Step Test, A model provision for EC fair use legislation, JIPITEC 2010, 67–82. 517 ECtHR, Mouvement Raëlien Suisse v Switzerland, Judgment of 13.07.2012 – Application No. 16354/06, para. 61, citing ECtHR, Markt Intern Verlag GmbH and Klaus Beermann v Germany, Judgment of 20.09.1989 – Application No. 10572/83. See also Ashby Donald and others v France, Judgment of 10.01.2013 – Application No. 36769/08. 518 Dirk Vorhoof, Copyright vs Freedom of Expression Judment, ECHR Blog (22.01.2013), with further references.

156

B. The Technological and Legal Challenges of Online Copyright Enforcement

aa) Privacy Rights in General Throughout history, the willingness of individuals to engage in debate on controversial subjects in the public sphere has been linked to being able to do so anonymously.519 The Internet allows individuals to access information and to engage in public debate without having to reveal their real identities; many services can be used without any identification, or verification of identity. As aforementioned, this anonymity may be real anonymity, but in most cases is only perceived as anonymity: the Internet presents tools and mechanisms through which both state as well as private actors have the ability to monitor and collect information about online communication and activities.520 Technological progress means that large volumes of personal data are collected (often automatically) and stored by intermediaries. A right to privacy is guaranteed by Article 12 UDHR and Article 17 ICCPR. The latter provides that “1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation; 2. Everyone has the right to the protection of the law against such interference or attacks.” Although “correspondence” primarily has been interpreted as written letters, this term today covers all forms of communication, including communication via the Internet.521 The right to private correspondence obliges states to ensure that emails and other forms of online communication are actually delivered to the desired recipient without interference or monitoring by state organs or by third parties.522 The right to privacy in international law also encompasses the protection of personal data.523 Article 17(2) ICCPR requires that the gathering and holding of automated personal data, whether by public authorities or

519 See UNHRC, Report of the Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion an Expression, Frank La Rue, UN Doc A/HRC/17/27 (16.05.2011), p. 15. 520 Ibid. 521 Ibid. 522 Manfred Nowak, U.N. Covenant on Civil and Political Rights, CCPR Commentary (2005), Article 17, p. 401. 523 Ibid.

157

First Chapter: Legal and Technological Background

private parties must be regulated by law.524 In order to guarantee effective protection of a person’s private life, every individual should have rights to information as to what personal data is stored and for what purposes, and must have rights to correction and deletion of data.525 However, the right to privacy is not granted without limits and can be subject to proportionate restrictions or limitations under clearly defined, exceptional circumstances for instance state surveillance measures for the purposes of administration of criminal justice or prevention of crime.526 As regards the definition of the right to privacy and the right to the confidentiality of communication under ECHR and EU law, the wording of Article 7 CFR corresponds almost exactly to Article 8 ECHR: Article 7 CFR sets forth that “everyone has the right to respect for his or her private and family life, home and communications”, while Article 8(1) ECHR stipulates that “everyone has the right to respect for his private and family life, his home and his correspondence”. Other than the Charter provision, Article 8 ECHR has a second paragraph which states that “there shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others." According to the Explanations Relating to the Charter the meaning and the scope of Article 7 of the Charter and Article 8 of the ECHR are the same.527 In addition to these articles, Article 8 CFR expressly provides for a right to the protection of personal data.

524 UNHRC, Report of the Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion an Expression, Frank La Rue, UN Doc A/HRC/ 17/27 (16.05.2011), p. 15. 525 Office of the High Commissioner for Human Rights, General Comment No. 16: The Right to Respect of Privacy, Family, Home and Correspondence, and Protection of Honour and Reputation (Article 17), CCPR General Comment No. 16 (08.04.1988), para. 10. 526 UNHRC, Report of the Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion an Expression, Frank La Rue, UN Doc A/HRC/ 17/27 (16.05.2011), p. 15. 527 Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 33.

158

B. The Technological and Legal Challenges of Online Copyright Enforcement

Although it is generally accepted that the right to privacy of the ECHR, the UDHR and the ICCPR encompasses the right to the protection of personal data, the drafters of the Treaty considered it necessary to specifically protect this fundamental right which is more and more threatened in light of the ever-expanding technological progress.528 For the very same reason, this right will subsequently be dealt with separately from the general right to privacy. Guidance as to the interpretation of the right to privacy and protection of personal data can be drawn from the Strasbourg Data Protection Convention of 1981529, which assured to each person in the contracting parties’ territories”the respect of his or her rights and his or her fundamental liberties, and in particular, the right to privacy, in relation to the automatic processing of personal data that concerns him or her”.530 As all Member States have ratified the Convention, these principles can be consulted when taking into account the common traditions of Member States in relation to data protection. bb) Right to Respect for Family and Private Life The right to respect for family and private life as it is provided by Article 8 ECHR and Article 7 CFR is to be understood in a very broad sense.531 When the Charter refers to the right to respect for “communications”

528 Filippo Donati in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 8 CFR, p. 53. 529 Council of Europe, Convention for Protection of Individuals with regard to Automatic Processing of Personal Data, Council of Europe Treaties No. 108 of 28.01.1981. The Strasbourg Convention is an open convention and is accessible to any other non-member state of the Council of Europe that is invited to join the Convention by the Committee of Ministers. The Convention is currently being amended to allow accession by the EU itself. For a list of the parties to the Convention that have accepted the amendments allowing the EU to accede to the Convention, see http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT= 108&CL=ENG (last accessed on 17.05.2014). 530 Article 1 Convention for Protection of Individuals with regard to Automatic Processing of Personal Data. 531 Cf. EU Network of Independent Experts on Fundamental Rights, Commentary of the Charter of Fundamental Rights of the European Union (June 2006), Article 7 CFR, p. 78.

159

First Chapter: Legal and Technological Background

instead of “correspondence”, this intends to take account of developments in technology.532 Various types of situations may involve the right to respect for family and private life, and the case-law of the ECtHR relating to this right and its general expressions of “private and family life” may serve as examples to illustrate the scope of the provision.533 The provision embraces a wide variety of matters including various spheres of life, and covers the physical and psychological integrity of a person.534 It can therefore embrace multiple aspects of an individual’s physical and social identity including the sphere of intimate relationships. Elements of privacy include gender identification, name und sexual orientation and sexual life.535 The protected spheres further range from the social536 and professional sphere to the protection of the environment.537 Beyond a person’s name, his private and family life may include other means of personal identification and of linking to a family.538 In that respect the term “privacy” which is often used interchangeably must be understood as an umbrella term. 539

532 Bureau of the Convention, Note from the Praesidium, Draft Charter of Fundamental Rights of the European Union, Text of the Explanations Relating to the Complete Text of the Charter as set out in CHARTE 4487/00 CONVENT 50 (11.10.2000), CHARTE 4473/00, Convent 49, p. 10. 533 See EU Network of Independent Experts on Fundamental Rights, Commentary of the Charter of Fundamental Rights of the European Union (June 2006), Article 7 CFR, p. 78. 534 See ECtHR, Pretty v the United Kingdom, Judgment of 29.04.2002 – Application No. 2346/02, para. 61; Y. F. v Turkey, Judgment of 22.07.2003 – Application No. 24209/94, para. 33. 535 See for instance ECtHR, Bensaid v the United Kingdom, Judgment of 06.02.2001 – Application No. 44599/98, para. 47 with further references. 536 ECtHR, Botta v Italy, Judgment of 24.02.1998 – Application No. 21439/93, para. 32: the guarantees afforded by Article 8 ECHR intend inter alia “to ensure the development of each individual in his relations with other human beings”. 537 See ECtHR, Guerra and Others v Italy, Judgment of 19.02.1998 – Application No. 14967/89. In this case (at para. 57), the Court considered the direct effect of toxic substances and inflammable gas emissions within the realm of the applicants’ right to respect for their private and family life. 538 ECtHR, S. and Marper v the United Kingdom, Judgment of 04.12.2008 – Application Nos. 30562/04 and 30566/04, para. 66 with further references. 539 EU Network of Independent Experts on Fundamental Rights, Commentary of the Charter of Fundamental Rights of the European Union (June 2006), Article 7 CFR, p. 78.

160

B. The Technological and Legal Challenges of Online Copyright Enforcement

The notion encompasses first of all “the right to be left alone”,540 and can be defined as freedom from unwarranted and arbitrary interference, i.e. contrary to established legal principles – from public authorities or private actors or bodies independent of the state, such as private electronic databases, into activities that society recognizes as belonging to the realm of individual autonomy (the private sphere).541 The right to privacy is however not granted without limitations. Pursuant to the public order provision in Article 8(2) ECHR, interference with the right to privacy can be legitimate and may become necessary in a democratic society (see above). In addition to the general obligation to abstain from interferences, Article 8 ECHR also confers positive obligations on the State Parties to act in compliance with the Convention in protecting the rights of individuals.542 What is protected is not only the physical framework of personal life, but also a person’s inner life as well, for instance his philosophical, religious or moral beliefs.543 The respect for private life thus requires, among other things, the right of individuals to non-interference with their decisions on ways to live their life.544 The right shall also protect individuals from the disclosure or improper discovery by third persons of facts relating to their physical condition, health or personality.545 This aspect may in the following become in so far relevant when warnings are sent to subscriber for alleged infringement of copyright, and the subscriber himself did not commit the infringement, however, the warning contains details about the files allegedly being shared. An extreme, yet likely scenario is that of a wife being informed that her husband allegedly shares hardcore gay pornography, or a politician whose employer is informed that he listens and shares

540 ECtHR, Malone v the United Kingdom, Judgment of 02.08.1984 – Application No. 8691/79, para. 51. See also EU Network of Independent Experts on Fundamental Rights, Commentary of the Charter of Fundamental Rights of the European Union (June 2006), Article 7 CFR, pp. 78 et seq. 541 Ibid, Article 7 CFR, p. 79. 542 ECtHR. Marckx v Belgium, Judgment of 13.06.1979 – Application No. 6833/74, para. 31. 543 EU Network of Independent Experts on Fundamental Rights, Commentary of the Charter of Fundamental Rights of the European Union (June 2006), Article 7 CFR, p. 79. 544 Ibid. 545 See ECtHR, Eur. Comm. H.R., DVO v Belgium, Judgment of 01.03.1979 – Application No. 7654/76.

161

First Chapter: Legal and Technological Background

songs which are deemed homophobe and racist. As regards the sexual private life, the ECtHR acknowledged that sexual life is part and parcel of private life.546 Intrinsically linked with the storing of personal data, which will be dealt with below is the subsequent use of information obtained. In Malone v United Kingdom, the British Post Office and the British Telephone Company collected data about phone numbers that had been dialled from particular telephones, as well as time and duration of these phone calls. In the following, the gathered data was released to the police without the consent of the subscriber. The ECtHR did not accept "that the use of data obtained [...] cannot give rise to an issue under Article 8. The records [...] contain information, in particular the numbers dialled, which is an integral element in the communications made by telephone".547 Accordingly, the release of the information obtained to the police (without the consent of the subscriber) was held to constitute an interference with the right to private life.548 The right to respect for private life also includes the individual’s right to have access to information stored about himself. Personal information held by third parties might be of vital interest for the individuals concerned. Without going into too much detail at this point, different scenarios concerning copyright enforcement mechanisms are likely to affect the individual´s right to respect for his private life and family. These include scenarios where a subscriber is obliged to monitor the usage of his Internet access by family members; or where Internet traffic is monitored in general. Likely scenarios include such where interferences exist with regard to an obligation of abstaining from interferences with the right to private life (for instance the imposition of an obligation upon individuals to monitor the Internet activities of their family members), as well as interferences with regard to positive obligations (for instance the denial of right to access personal data held by a state authority or third parties).

546 ECtHR, Dudgeon v the United Kingdom, Judgment of 22.10.1981 – Application No. 7525/76, para. 52. 547 ECtHR, Malone v the United Kingdom, Judgment of 02.08.1984 – Application No. 8691/79, para. 84. 548 Ibid.

162

B. The Technological and Legal Challenges of Online Copyright Enforcement

cc) Right to the Confidentiality of Communications Article 7 CFR and Article 8 ECHR also encompass the right to the confidentiality of communications. As mentioned above, the drafters of the Charter decided to depart from the notion of respect to privacy of correspondence and substituted the notion of “correspondence” by “communication” to take account of technological progress. However, even the notion “correspondence” is a broad one, and has historically been understood to include communications in writing and by telephone.549 In respect to communication via the telephone, not just the contents of telephone communications but also the telephone numbers dialled, i.e. traffic data, are protected under Article 8 ECHR.550 The same principle applies to E-mail communication.551 Advances in modern technology have rendered certain forms of communication, such as mobile phones and email, particularly susceptible to improper surveillance by state authorities.552 With a lot of communication taking place online, electronic surveillance is becoming more and more sophisticated, and may even allow for surveillance of communication channels where the individual has taken steps to encrypt his communication.553 Comprehensive computerised file systems and electronic data banks as well as communication via the Internet entail many risks for the effective protection of private matters.554 Further, telephone interception and other means of communication surveillance, in particular Internet surveillance, are considered by many states as a legitimate way of control-

549 The ECtHR established in Klass that telephone communications constitutes both “correspondence” and “private life”. ECtHR, Klass and Others v Germany, Judgment of 06.09.1978 – Application No. 5029/71, para. 41. 550 See ECtHR, Malone v the United Kingdom, Judgment of 02.08.1984 – Application No. 8691/79, para. 84. 551 ECtHR, Copland v the United Kingdom, Judgment of 03.04.2007 – Application No. 62617/00, para. 43. 552 EU Network of Independent Experts on Fundamental Rights, Commentary of the Charter of Fundamental Rights of the European Union (June 2006), Article 7 CFR, p. 84. 553 With regard to encryption being cracked by state authorities see James Ball/Julian Borger/Glenn Greenwald, Revealed: How US and UK spy agencies defeat Internet piracy and security, The Guardian (06.09.2013). 554 EU Network of Independent Experts on Fundamental Rights, Commentary of the Charter of Fundamental Rights of the European Union (June 2006), Article 7 CFR, p. 85.

163

First Chapter: Legal and Technological Background

ling modern forms of crime including espionage and terrorism.555 In the light of these developments, Article 7 CFR is also closely connected with the protection of telephone, email and other electronic means of communication from interception.556 Under the right to the confidentiality of communications, states are obliged to take all necessary measures to restrict unlawful obtaining of information by public authorities as well as by other private parties. Obviously, files or data gathered by authorities or third parties, which may well be the case with copyright enforcement schemes that encompass a warning mechanism, affect this right. In this respect, not only the fact that information is collected but also the methods used to gather and collect personal information may interfere with the right to confidentiality of communications.557 In that respect, the fact that often information is gathered by third parties and then collected by state authorities needs to be examined.

555 This has only recently attracted a lot of public attention when it was revealed by Edward Snowden that the UK Government Communications Headquarters (GCHQ) as well as the US National Security Agency (NSA) not only monitor online communication but also have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails. As regards the NSA's PRISM data-collection program see Washington Post, NSA slides explain the PRISM data-collection program, Washington Post (06.06.2013, updated 10.07.2013); as regards the GCHQs activities see James Ball/Julian Borger/Glenn Greenwald, Revealed: How US and UK spy agencies defeat Internet piracy and security, The Guardian (06.09.2013). 556 EU Network of Independent Experts on Fundamental Rights, Commentary of the Charter of Fundamental Rights of the European Union (June 2006), Article 7 CFR, p. 85. Nevertheless, secret surveillance, in particular telecommunications surveillance,can be legitimate according to the criteria in Article 8(2) ECHR, see for example ECtHR, Klass and Others v Germany, Judgment of 06.09.1978 – Application No. 5029/71, and Malone v the United Kingdom, Judgment of 02.08.1984 – Application No. 8691/79. 557 ECtHR, Leander v Sweden, Judgment of 26.03.1987 – Application No. 9248/81, para. 48; S. and Marper v the United Kingdom, Judgment of 04.12.2008 – Application Nos. 30562/04 and 30566/04, para. 67.

164

B. The Technological and Legal Challenges of Online Copyright Enforcement

dd) Right to Protection of Personal Data The right to protection of personal data forms a subset of the right to privacy, and is as such protected by Article 8 ECHR, Article 12 UDHR and Article 17 ICCPR. The EU legislator however considered it necessary to protect the protection of personal data expressly in Article 8 CFR.558 Such necessity was based on the realisation that technological developments in the use of electronic and automated means of information management facilitate the creation of databases and the circulation of such data.559 The use and exchange of personal data have become essential factors in the online economy. Article 8 CFRs sets forth that “1. Everyone has the right to the protection of personal data concerning him or her”. According to paragraph 2 of said article, personal data “must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified”. Further, compliance with these rules shall be subject to control by an independent authority (Article 8(3)). The right to protection of personal data is also expressly recognised in some European constitutions.560 The progressive adoption of data protection legislation in EU Member States began with the Council of Europe Resolution on the Protection of the Privacy of Individuals vis-à-vis Electronic Data Banks in the Private Sector561.

558 Filippo Donati in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 8 CFR, p. 53. Article 8 did not appear in the first drafts of the Charter, and was introduced during a more advanced stage of drafting. 559 Ibid. 560 The Constitution of Portugal for example contains a very detailed provision on the protection of personal data, see Article 35 (Utilização da informática) Constituição da República Portuguesa. 561 Council of Europe, Parl. Ass. Resolution (73) 22 on the Protection of the Privacy of Individuals vis-à-vis Electronic Data Banks in the Private Sector of 26.09.1973. This Resolution and the Resolution (74) 29 in reference to data banks in the public sector were non-binding instruments and as a result, legislation on the protection of privacy and the regulation of databases was not uniform in Europe.

165

First Chapter: Legal and Technological Background

At EU level, the right to protection of personal data is recognised in the Data Protection Directive 562, and Article 16 TFEU, which stipulates that everyone has the right to the protection of personal data.563 In contrast to this non-binding instrument, the Strasbourg Data Protection Convention of 1981564 assured to each person in the contracting parties’ territories ”the respect of his or her rights and his or her fundamental liberties, and in particular, the right to privacy, in relation to the automatic processing of personal data that concerns him or her”.565 The Convention sets forth basic principles for data processing such as that personal data must be obtained correctly and processed fairly and for lawful purposes, and that there exist duties to provide security measures and to allow interested persons access to the data that concern them.566 Moreover than the Convention, the EU Data Protection Directive of 24 October 1995 provides for a rather detailed common framework. The principles that are encompassed in Article 8 CFR have all previously been contained in said Directive. The purpose of the Data Protection Directive

562 Directive 95/46/EC of the European Parliament and the European Council of 24.10.1995 on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of Such Date, OJ L-281 (23.11.1995), 31. 563 Article 16 TFEU further states in its second paragraph that “The European Parliament and the Council, acting in accordance with the ordinary legislative procedure, shall lay down the rules relating to the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies, and by the Member States when carrying out activities which fall within the scope of Union law, and the rules relating to the free movement of such data. Compliance with these rules shall be subject to the control of independent authorities”. The rules adopted on the basis of this Article shall be without prejudice to the specific rules laid down in Article 39 TEU. 564 Council of Europe, Convention for Protection of Individuals with regard to Automatic Processing of Personal Data, Council of Europe Treaties No. 108 of 28.01.1981. The Strasbourg Convention is an open convention and is accessible to any other non-member state of the Council of Europe that is invited to join the Convention by the Committee of Ministers. The Convention is currently being amended to allow accession by the EU itself. For a list of the parties to the Convention that have accepted the amendments allowing the EU to accede to the Convention, see http://conventions.coe.int/Treaty/ Commun/ChercheSig.asp?NT =108&CL=ENG (last accessed 17.05.2014). 565 Article 1 Convention for Protection of Individuals with regard to Automatic Processing of Personal Data. 566 Cf. Articles 4–11 Convention for Protection of Individuals with regard to Automatic Processing of Personal Data.

166

B. The Technological and Legal Challenges of Online Copyright Enforcement

was to require Member States to adopt a uniform protection of individual rights and liberties with regard to data processing in order to eliminate obstacles to the movement of personal data and to permit the full development of the internal market. Accordingly, Articles 6 and 12 of the Data Protection Directive provide that very individual has the right to adequate protection of his personal data. Processing of personal data must be necessary, fair, lawful and proportionate. The data that individuals provide directly or indirectly must not be used for purposes other than those originally intended, nor can such data be passed on indiscriminately to entities that the individual has not chosen to be involved with. These rights apply to everyone, irrespective of nationality or place of residence.567 The importance of the right to protection of personal data was in the following acknowledged by the Treaty of Amsterdam, which introduced a new provision in the area of protection of personal data within the Treaty Establishing the European Community: Article 268(1) EC Treaty provided that Community law on the protection of individuals with regard to the treatment of personal data and the free movement of such data was to be applied to the institutions and all organisations instituted by the Treaty on European Union.568 Further rules have been set up by the E-Privacy Directive of 12 July 2002569. One of the major discrepancies of Article 8 CFR and the Data Protection Directive is that the Charter limits the protection of personal data to physical persons. While the Directive defines the notion of processing of personal data as “any operation or set of operations which is performed

567 For certain categories of personal data, namely data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life, processing is only permitted with explicit consent of the individual, where allowed by national legislation. See Article 8 Data Protection Directive. 568 Article 268 EC Treaty was replaced by Article 16 TFEU in the Treaty of Lisbon. 569 Directive 2002/58/EC of the European Parliament and of the Council of 12.07.2002 Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector (E-Privacy Directive), OJ L-201 (31.07.2002), p. 37. Important regulations concerning data security in connection with the treatment of personal data are to be found in this Directive. The Directive emphasises the right to privacy for instance in its Article 4, which obliges the provider of a public available electronic communication service to take appropriate measures to protect the security of its services. If there is a particular risk of a breach of the security of the network, the provider must inform the subscribers of such a risk.

167

First Chapter: Legal and Technological Background

upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction”570, the Charter goes not that far as providing definitions. The Travaux Préparatoires to the Charter suggest that a rather wide interpretation of “processing” was intended, so as to include any type of operation conducted with or without the aid of telematic means.571 Being much shorter than the very detailed Data Protection Directive, Article 8 CFR only provides for a general yet fundamental framework and leaves room for interpretation. Nevertheless, it is much more detailed than previous fundamental rights instruments. Concerning the many indefinite legal notions encompassed in Article 8 CFR, it is assumed that the Charter’s drafters intended to confer a protection at least equivalent to that protection already afforded by EU law.572 Pursuant to Article 53 CFR, the guarantees recognised by Article 8 are additional to those guarantees already provided by EU law, and in particular by Article 16 TFEU and the Data Protection Directive. ee) Justification of Interference The right to privacy is not granted without limits. While Article 7 CFR remains silent as to the limits of this right, Article 8(2) ECHR set forth that “there shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others." With regard to these limits, a note from the drafting Presidium indicates that the possible limits that can be placed on

570 Article 1(2) (b) Data Protection Directive. 571 See Filippo Donati in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 8 CFR, p. 57. 572 Ibid.

168

B. The Technological and Legal Challenges of Online Copyright Enforcement

the rights protected in Article 7 are the same limits provided for in Article 8 ECHR by virtue of Article 52(3) CFR.573 A literal reading of Article 8(2) ECHR reflects that the objective is to constrain interferences by the public authorities. The limits of any possible interference are based on the law and are measures that fulfil one of the legitimate aims enlisted. In order to be “in accordance with the law” under Article 8(2) ECHR, the impugned measure must have some basis in domestic law. Second, the domestic law must be compatible with the rule of law and accessible to the person concerned. Third, the person affected must be able to foresee the consequences of the domestic law for him.574 The ECtHR applies a wide margin of interpretation to the term “law”. The notion not only enshrines statutory but also unwritten law,575 and enactments of lower rank than statues.576 Foreseeability becomes more important in context with collection and storing of personal data. With regard to data protection, data harvesting often takes place in secrecy. Nevertheless, the criterion of foreseeability is an important factor, as precise formulations may enable the individual to regulate his behaviour and to foresee the consequences which his actions may entail.577 However, especially in the context of secret surveillance, this does not mean “that an individual should be able to foresee when the authorities are likely to intercept his communications so that he can adapt his conduct accordingly”.578

573 Bureau of the Convention, Note from the Presidium, Draft Charter of Fundamental Rights of the European Union, New Proposal for Articles 1 to 12 (now 1 to 16) (08.03.2000), CHARTE 4149/00, Convent 13, Article 12, p. 13: “Paragraph 2 on limitations has not been included but it is applicable under Union law pursuant to Article 6 of the TEU and the clause on limitations in the Charter”. 574 See instead of many other authorities only ECtHR, Rotaru v Romania, Judgment of 04.05.2000 – Application No. 28341/95, para. 59. 575 ECtHR, Sunday Times v the United Kingdom, Judgment of 26.04.1979 – Application No. 6538/74, para. 47. 576 ECtHR, De Wilde, Ooms and Versyp v Belgium, Judgment of 18.06.1971 – Application No. 2832/66, para. 93: Huvig v France, Judgment of 24.04.1990 – Application No. 11105/84, para. 28. 577 See ECtHR, Sunday Times v the United Kingdom, Judgment of 26.04.1979 – Application No. 6538/74, para. 49. 578 ECtHR Weber and Saravia v Germany, Admissibility Decision of 29.06.2006 – Application No. 54934/00, para. 93.

169

First Chapter: Legal and Technological Background

The ECtHR reiterated the minimum safeguards in order to avoid abuses of power related to strategic secret measures of surveillance in Rotaru v Romania stating that “the law must indicate the scope of any such discretion conferred on the competent authorities and the manner of its exercise with sufficient clarity, having regard to the legitimate aim of the measure in question, to give the individual adequate protection against arbitrary interference.”579 The ECtHR has developed minimum safeguards that should be set out in statute law in order to avoid abuses of power, which are however of less relevance for this research as they refer to measures of secret surveillance of States, something that is not specifically foreseen in the field of copyright enforcement.580 There is no final definition of the aims enlisted in Article 8(2) ECHR. The ECtHR acknowledges a wide margin of appreciation to the Member States.581 In the majority of cases, the emphasis within the justification test is put on the question of necessity because the examination of this question permits an exhausted analysis with regard to the conflicting interests. As regards copyright infringements, a legitimate aim could be the economic well-being of the country as adequate protection of intellectual property rights is relevant to the economic well-being of a country since successful participation in the global market is increasingly linked to strong protection of intellectual property rights including copyright and neighbouring rights.582 As infringement of copyright under certain conditions, for instance relating to the scope, often also constitutes a criminal

579 ECtHR, Rotaru v Romania, Judgment of 04.05.2000 – Application No. 28341/95, para. 55 citing Malone v the United Kingdom, Judgment of 02.08.1984 – Application No. 8691/79, para. 67. The same also applies where non-general, but individual monitoring is concerned. See ECtHR, Liberty and Others v the United Kingdom, Judgment of 01.07.2008 – Application No. 58243/00, para. 63. 580 These safeguards that should be set out in statute law are: the nature of the offences which may give rise to an interception order; a definition of the categories of people liable to have their telephones tapped; a limit on the duration of telephone tapping; the procedure to be followed for examining, using and storing the data obtained; the precautions to be taken when communicating the data to other parties; and the circumstances in which recordings may or must be erased or the tapes destroyed. See inter alia ECtHR, Huvig v France, Judgment of 24.04.1990 – Application No. 11105/84, para. 34. 581 Birte Siemen, Datenschutz als Europäisches Grundrecht (2006), p. 151. 582 See Okechukwu Benjamin Vincents, When rights clash online: The tracking of P2P copyright infringements vs. the EC Personal Data Directive, International Journal of Law and Information Technology 2011, Vol.16 No. 3, 270, 288.

170

B. The Technological and Legal Challenges of Online Copyright Enforcement

offence, the prevention of crime may also constitute a legitimate aim. Finally, more than any other, are the rights of others concerned, namely the intellectual property rights of the owners of copyright and related rights. The achievement of the legitimate aim must remain within the scope of what is necessary in a democratic society. Member States enjoy a large margin of appreciation which is given both to the domestic legislator and the judicial bodies that are called upon to interpret and apply the law in force.583 When applying their margin of appreciation to interferences with the right to respect to private life, States have to pay regard to the relationship between the seriousness of the interference, the nature of the rights at stake and the scope accorded to the margin of appreciation, meaning that the more intimate or private the areas of private life affected are, the narrower the scope of the margin of appreciation will be.584 c) Procedural Rights The CFR and the ECHR both provide for procedural rights. Beside a general fair trial guarantee in both civil and criminal litigation, specific guarantees are established for defendants in criminal proceedings. These guarantees may be affected when a user or subscriber is for instance sanctioned without a hearing. aa) Right to a Fair Trial First of all, Article 47 CFR guarantees the right to an effective remedy and to a fair trial.585

583 ECtHR, Handyside v United Kingdom, Judgment of 07.12.1976 – Application No. 5493/72, para. 48. 584 Birte Siemen, Datenschutz als Europäisches Grundrecht (2006), p. 156. 585 In order to strengthen trust in the criminal justice systems of the Member States, the European Parliament and the Council adopted Directive 2012/13/EU on the right to information in criminal proceedings, which codifies a right to information about procedural rights that is inferred from the case-law of the ECtHR. See Directive 2012/13/EU of the European Parliament and of the Council of

171

First Chapter: Legal and Technological Background

The second paragraph of Article 47 CFR sets forth that “everyone is entitled to a fair and public hearing within a reasonable time by an independent and impartial tribunal previously established by law. Everyone shall have the possibility of being advised, defended and represented”.586 The right to a fair hearing is guaranteed in all proceedings of criminal, civil and administrative nature. It provides that all its guarantees are to be respected upon the violation of rights and freedoms conferred by Community law.587 The CJEU has consistently held that respect for the right to a fair hearing in any procedure brought against a person which may lead to an act adversely affecting him, in particular a procedure which may lead to sanctions being imposed, constitutes a fundamental principle of Community law. The right to fair hearing requires public authorities to hear interested parties before adopting a decision which concerns them.588 Accordingly, any person on whom a sanction may be imposed must be given the opportunity to effectively express his view on the matters on the basis of which the sanction is imposed as well as be given the opportunity to produce evidence relevant to his defence.589 Article 47(2) CFR corresponds to Article 6(1) ECHR which provides a fair trial guarantee that applies respectively to both civil and criminal proceedings by stating that “In the determination of his civil rights and obligations or of any criminal charge against him, everyone is entitled to a fair and public hearing within a reasonable time by an independent and impartial tribunal established by law. Judgment shall be pronounced publicly but the press and public may be excluded from all or part of the trial in the

586

587 588 589

172

22.05.2012 on the right to information in criminal proceedings, OJ L 142 (01.06.2012), 1. In EU law, the right to a fair hearing is not confined to disputes relating to civil law rights and obligations, which is one of the consequences of the fact that the European Union is a community based on the rule of law as stated by the CJEU in C-294/83 Les Verts v European Parliament, Judgment of 23.04.1986, [1986] ECR 1339. For the right to a fair hearing to be observed in all proceedings, see CJEU C-85/76 Hoffmann-La Roche v Commission, Judgment of 13.02.1979, [1979] ECR 461. CJEU, C-315/99 P Ismeri Europea v Court of Auditors, Judgment of 10.07.2001, [2001] ECR I-5281, para. 28. CJEU, C-135/92 Fiskano v Commission, Judgment of 26.06.1994, [1994] ECR I-2885; C-142/87 Belgium v Commission, Order of 15.06.1987, [1990] ECR I-959; C-78/01 BGL and Bundesrepublik Deutschland, Judgment of 23.09.2003, [2003] ECR I-9543.

B. The Technological and Legal Challenges of Online Copyright Enforcement

interests of morals, public order or national security in a democratic society, where the interests of juveniles or the protection of the private life of the parties so require, or to the extent strictly necessary in the opinion of the court in special circumstances where publicity would prejudice the interests of justice”. According to the Explanations Relating to the Charter, in all respects other than their scope, the guarantees afforded by the ECHR apply in a similar way to the Union.590 The fair hearing requirement in Article 6(1) ECHR has been interpreted by the ECtHR on numerous occasions591 and includes a series of implicit protective principles, such as the right to a court as well as the principle of effective access to a court,592 the right to participate effectively in proceedings,593 the right to remain silent/privilege against self-incrimination594 and the right to equality of arms595. The latter for instance relates to criminal proceedings being adversarial with due regard to an equality of arms between the prosecution and defence.596 In civil proceedings, the requirements inherent in the concept of “fair hearing” are not necessarily the same in cases concerning the determination of civil rights and obligations as they are in cases concerning the

590 Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 30. 591 In fact, the Court has delivered more judgments concerning this Article than any other right or freedom guaranteed by the Charter. See Alastair Mowbray, Cases, materials and comments on the European Convention on Human Rights (3rd ed. 2012), p. 344. 592 ECtHR, Golder v the United Kingdom, Judgment of 21.02.1975 – Application No. 4451/70. 593 ECtHR, V. v the United Kingdom, Judgment of 16.12.1999 – Application No. 24888/94. 594 ECtHR, John Murray v the United Kingdom, Judgment of 08.02.1996 – Application No. 18731/91. 595 ECtHR, Borgers v Belgium, Judgment of 30.10.1991 – Application No. 12005/86; Rowe and Davis v the United Kingdom, Judgment of 16.02.2000 – Application No. 28901/95. 596 ECtHR, Rowe and Davis v the United Kingdom, Judgment of 16.02.2000 – Application No. 28901/95, para. 60. However, there is no right to have access to all evidence in the hand of prosecution, when there is a general public interest to withhold certain evidence, for instance as regards the identity of anonymous witnesses, see in that regard the commentary to Article 6(1) ECHR in Jens MeyerLadewig, EMRK, Handkommentar, Article 6(1), para. 148.

173

First Chapter: Legal and Technological Background

determination of a criminal charge.597 States are granted a greater latitude when dealing with civil cases concerning civil rights and obligations than they have when dealing with criminal cases.598 As regards litigation involving opposing private interests, for instance the right to intellectual property and the freedom of expression, the right to equality of arms implies that each party must be afforded a reasonable opportunity to present his case – including his evidence – under conditions that do not place him at a substantial disadvantage vis-à-vis his opponent.599 Civil proceedings must be adversarial, meaning that the parties must have the opportunity not only to make known any evidence needed for their claims to succeed, but also to have knowledge of, and comment on, all evidence filed by the opposing party.600 These principles are of relevance in intellectual property proceedings when it comes to the imposition of a sanction upon a user in criminal proceedings as well as in civil proceedings in relation to the alleged infringer being able to have an equal opportunity to submit its evidence.601 The right to fair trial, and in particular the right to remain silent, also plays a role where the subscriber of an Internet access service, that has been used to infringe copyright, is being charged for copyright infringement although it is technologically not possible to identify the user of an Internet access at the time of an infringement. The right to remain silent may in these cases be affected when silence leads to a conviction rather than the authorities having to identify the actual offender. Though not specifically mentioned in Article 6 ECHR, the right to remain silent and the privilege against self-incrimination are encompassed as standards that lie at the heart of the notion of a fair trial. In general, the right not to incriminate oneself presupposes that the authorities seek to prove their case without resorting to evidence obtained through methods

597 ECtHR, Dombo Beheer BV v the Netherlands, Judgment of 27.10.1993 – Application No. 14448/88, para. 32. 598 Ibid. 599 Cf. ibid, para. 33 and ECtHR, Komanicky v Slovakia, Judgment of 04.06.2002 – Application No. 40437/07, para. 45. 600 ECtHR, Komanicky v Slovakia, Judgment of 04.06.2002 – Application No. 40437/07, para. 46. 601 As regards enforcement of intellectual property rights and the right to fair trial see Jonathan Griffiths, Enforcement of intellectual property rights and the right to a fair trial, in Christophe Geiger (ed.), Research handbook on human rights and intellectual property (2015), pp. 438-454.

174

B. The Technological and Legal Challenges of Online Copyright Enforcement

of coercion or oppression in defiance of the will of the person charged.602 As regards the right to remain silent, it is incompatible with the immunities under consideration to base a conviction solely or mainly on the accused’s silence or on a refusal to answer questions or to give evidence himself.603 However, the right to remain silent is not an absolute right; the right does not go that far as to preventing that the accused’s silence, in situations “which clearly call for an explanation from him”, are “taken into account in assessing the persuasiveness of the evidence adduced by the prosecution”.604 Hence, a national court cannot conclude that an accused is guilty merely because he decides to remain silent.605 This may only be the case, where the evidence against the accused “calls” for an explanation and a failure to give that explanation “may as a matter of common sense allow the drawing of an inference that there is no explanation and that the accused is guilty”.606 Whether the drawing of adverse inferences from an accused’s silence infringes Article 6 ECHR is a matter to be determined by taking into account all the circumstance of a case, with a particular regard to the situations where inferences may be drawn, and the weight attached to them by the national courts in their assessment of the evidence.607 bb) Presumption of Innocence and Right of Defence The presumption of innocence as well as the right to defence may be of relevance in respect to criminal prosecutions for intellectual property rights infringements. Defendants must have the opportunity to challenge the validity of underlying rights, as well as to appeal the decision issued. 602 See for instance ECtHR, J.B. v Switzerland, Judgment of 03.05.2001 – Application No. 31827/96, para. 64. Protection against improper compulsion by the authorities serves the purpose of avoidance of miscarriages of justice and secures the aims of Article 6. See inter alia ECtHR, John Murray v the United Kingdom, Judgment of 08.02.1996 – Application No. 18731/91, para. 45; Saunders v the United Kingdom, Judgment of 17.12.1996 – Application No. 19187/91, paras. 68–69; ECtHR, J.B. v Switzerland, Judgment of 03.05.2001 – Application No. 31827/96, paras. 64 et seq. 603 ECtHR, John Murray v the United Kingdom, Judgment of 08.02.1996 – Application No. 18731/91, para. 47. 604 Ibid. 605 Cf. Ibid, para. 51. 606 Ibid. 607 Ibid, para. 47.

175

First Chapter: Legal and Technological Background

Whilst Article 6(1) ECHR provides for a general fair trial guarantee in both civil and criminal litigation, Article 6(2) and (3) establish specific guarantees for defendants in criminal trials.608 Article 48 CFR, which sets forth the presumption of innocence and the right of defence, is the same as Article 6(2) and (3) ECHR.609 In accordance with Article 52(3) CFR, these rights have the same meaning and scope as the rights guaranteed by the ECHR.610 Thus, when determining the scope of the law, the case law of the ECtHR can be consulted. With regard to a criminal offence, Article 6(2) ECHR provides for the presumption of innocence until proved guilty according to law. Accordingly, the burden of proving an offence must rest with the prosecution and any doubt should benefit the defendant.611 In addition, said article has been held to restrict the application of presumptions of fact or law against a defendant in national law; they must be kept “within reasonable limits which take into account the importance of what is at stake and maintain the rights of the defence”.612 Thus, as elsewhere in the ECHR, a reasonable balance has to be held between the public interest and the interests of the individual. A derogation from the presumption of innocence requires justification. In a case concerning trademarks infringements, the House of Lords summarised the approach to take when examining whether a burden of proof imposed upon a defendant exceeds reasonable limits. According to the House of Lords held in R v Johnstone613 a “sound starting point is to remember that if an accused is required to prove a fact on the balance of probability to avoid conviction, this permits a conviction in spite of the fact-finding tribunal having a reasonable doubt as to the guilt of the accused. …This consequence of a reverse burden of proof should colour one’s approach when evaluating the reasons why it is said that, in the absence of a persuasive burden on the accused, the public interest will be

608 Similarly, Article 14(3) of the International Covenant on Civil and Political Rights provides for minimum guarantees, including for instance the right against self-incrimination. 609 See also Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 30. 610 Ibid. 611 ECtHR, Barberà, Messegué and Jabardo v Spain, Judgment of 06.12.1988 – Application No. 10590/83, para. 77. 612 ECtHR, Salabiaku v France, Judgment of 07.10.1988 – Application No. 10519/83, para. 28. 613 House of Lords, R v Johnstone [2003] UKHL 28.

176

B. The Technological and Legal Challenges of Online Copyright Enforcement

prejudiced to an extent which justifies placing a persuasive burden on the accused. The more serious the punishment which may flow from conviction, the more compelling must be the reasons. The extent and nature of the factual matters required to be proved by the accused, and their importance relative to the matters required to be proved by the prosecution, have to be taken into account. So also does the extent to which the burden on the accused relates to facts which, if they exist, are readily provable by him as matters within his own knowledge or to which he has ready access”.614 In addition to the presumption of innocence in Article 6(2) ECHR, Article 6(3) ECHR grants a series of specific minimum entitlements to defendants, including the defendant’s right to be informed of the accusation (Article 6(3)(a)),615 the defendant’s right to adequate time and facilities to prepare his defence (Article 6(3)(b)),616 and the defendant’s right to legal assistance (Article 6(3)(c))617. These minimum entitlements have been interpreted and applied by the ECtHR in ways that seek to ensure practical benefits for individuals.618 As they are of no relevance in this research, further explanations as to their scope are omitted. cc) Principles of Legality and Proportionality of Criminal Offences and Penalties The principles of legality and proportionality of criminal offences and penalties follow the traditional rules of nullum crimen sine lege and nul-

614 Ibid, para. 50. 615 As to the scope of this right see ECtHR, Brozicek v Italy, Judgment of 19.12.1989 – Application No. 10964/84. 616 An example of a breach of this provision was found in ECtHR, Öcalan v Turkey, Judgment of 12.05.2005 – Application No. 46221/99. 617 See for instance ECtHR, Artico v Italy, Judgment of 13.05.1980 – Application No. 6694/74. 618 See Alastair Mowbray, Cases, materials and comments on the European Convention on Human Rights (3rd ed. 2012), p. 344.

177

First Chapter: Legal and Technological Background

lum poena sine lege.619 They forbid the retroactive creation of crimes and retroactive creation or increase of criminal punishments. These principles have been codified in Article 7 ECHR, which states that “1. No one shall be held guilty of any criminal offence on account of any act or omission which did not constitute a criminal offence under national or international law at the time when it was committed. Nor shall a heavier penalty be imposed than the one that was applicable at the time the criminal offence was committed. 2. This Article shall not prejudice the trial and punishment of any person for any act or omission which, at the time when it was committed, was criminal according to the general principles of law recognised by civilised nations”. The first paragraph of Article 49 CFR is almost identical, but adds to the principle of nullum crimen sine lege and nullum poena sine lege, the rule of retroactivity of a more lenient penal law,620 which exists in a number of Member States and which features in Article 15 ICCPR.621 Similar to Article 7(2) ECHR, Article 49(2) CFR provides said Article “shall not prejudice the trial and punishment of any person for any act or omission which, at the time when it was committed, was criminal according to the general principles recognised by the community of nations”. The abstention from referring to “civilised nations” does not change the meaning of this paragraph. In accordance with Article 52(3) CFR, the right guaranteed under Article 49 CFR has the same meaning and scope as the right guaranteed by Article 7 ECHR.622 Paragraph 3 of Article 49 CFR further sets forth that “the severity of penalties must not be disproportionate to the criminal offence”. The ECHR

619 For the concept of legality as a rule of customary international law see Kenneth S. Gallant, Legality as a Rule of Customary International Law: Non-Retroactivity of Crimes and Punishments – research through 2010 (14.06.2011), UALR Bowen School Research Paper No. 11–12. 620 Article 49(1) CFR states : “No one shall be held guilty of any criminal offence on account of any act or omission which did not constitute a criminal offence under national law or international law at the time when it was committed. Nor shall a heavier penalty be imposed than that which was applicable at the time the criminal offence was committed. If, subsequent to the commission of a criminal offence, the law provides for a lighter penalty, that penalty shall be applicable”. 621 Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 30. 622 Ibid, 31.

178

B. The Technological and Legal Challenges of Online Copyright Enforcement

does not contain such a provision.623 The general principle of proportionality between penalties and criminal offences derives from the common constitutional traditions of the EU Member States and the case-law of the CJEU.624 In the context of this research, only the principle of proportionality of penalties will be focussed on. When considering whether a provision of Community law complies with the principle of proportionality, the CJEU will ascertain whether the penalty exceeds what is appropriate and necessary to attain the objective pursued by the rules which have been breached.625 More precisely, it is “necessary to ascertain whether the penalty laid down by the provision in question to achieve the aim in view corresponds with the importance of that aim and whether the disadvantages caused are not disproportionate to the aims pursued”.626 In accordance with the provisions of the Treaties, the CJEU applies the principle of proportionality not only to the exercise of the institutions' penal powers, but also to the legislative power and its control over the application of Community law by the national authorities.

623 In extreme cases, a severe sentence may violate Article 3 of the ECHR, which prohibits torture and inhuman or degrading treatment of punishment, but this is of no relevance for this research. Sentences passed in respect of conduct falling within the scope of a qualified right such as Articles 8 to 11, may rather only be considered as a disproportionate interference with such right in the context of this research. Cf. Jonathan Griffiths, Criminal liability for intellectual property infringement in Europe: the role of fundamental rights, in: Christophe Geiger (ed.), Criminal enforcement of intellectual property (2012), p. 204. 624 As regards the case law of the CJEU in respect to the principle of proportionality between penalites and criminal offences see CJEU, C-356/97 Molkereigenossenschaft Widergeltingen eG v Hauptzollamt Lindau, Judgment of 06.07.2000; C-213/99, José Teodoro de Andrade v Director da Alfandega de Leixoes, intervener: Ministério Público, Judgment of 07.12.2000. 625 CJEU, C-356/97 Molkereigenossenschaft Widergeltingen eG v Hauptzollamt Lindau, Judgment of 06.07.2000, para. 35 with reference to C-118/89 Lingenfelser [1990] ECR I-2637, para. 12; C-319/90 Pressler [1992] ECR I-203, para. 12; and C-354/95 National Farmers' Union and Others [1997] ECR I-4559, para. 49. 626 CJEU, C-356/97 Molkereigenossenschaft Widergeltingen eG v Hauptzollamt Lindau, Judgment of 06.07.2000, para. 35 with reference to C-8/89 Zardi [1990] ECR I-2515, para. 10; Pressler, cited above, para. 12; and Joined Cases C-133/93, C-300/93 and C-362/93 Crispoltoni and Others [1994] ECR I-4863, para. 41.

179

First Chapter: Legal and Technological Background

dd) Ne Bis in Idem Rule The ne bis in idem rule refers to the right not to be tried or punished twice in criminal proceedings for the same criminal offence. This right has been enshrined in Article 4 of Protocol No. 7 to the ECHR, which states that “1. No one shall be liable to be tried or punished again in criminal proceedings under the jurisdiction of the same State for an offence for which he has already been finally acquitted or convicted in accordance with the law and penal procedure of that State”. The second paragraph goes on to clarify that this rule “shall not prevent the reopening of the case in accordance with the law and the penal procedure of the State concerned, if there is evidence of new or newly discovered facts, or if there has been a fundamental defect in the previous proceedings, which could affect the outcome of the case”. The importance of this rule can be seen in paragraph 3 of said Article, which does not even allow for a derogation from said Article in times of emergency. The ne bis in idem rule is also codified in Article 50 CFR, which reads as follows: “No one shall be liable to be tried or punished again in criminal proceedings for an offence for which he or she has already been finally acquitted or convicted within the Union in accordance with the law”.627 The rule does not preclude the imposition of a combination of administrative and criminal penalties.628 However, if the administrative penalty is criminal in nature, the ne bis in idem principle precludes criminal proceedings in respect of the same acts from being brought against the same person.629 The CJEU employs a three criteria test to assess whether administrative penalties are criminal in nature.630 The court will examine the legal classification of the offence under national law, the very nature of the offence as well as the nature and degree of severity of the penalty that the person concerned is liable to incur.631 Thus, as long as an administrative

627 As regards the ne bis in idem rule in EU law in detail, see Bas van Bockel, The Ne Bis In Idem Principle in EU Law (2010). 628 For a combination of tax penalties and criminal penalties for the same acts of non-compliance with declaration obligations in the field of VAT see CJEU, C-617/10 Åklagaren v Hans Åkerberg Fransson, Judgment of 26.02.2013, para. 34. 629 Ibid. 630 Ibid, para. 35. 631 Ibid citing CJEU, C-489/10 Bonda, Judgment of 05.06.2012, para. 37.

180

B. The Technological and Legal Challenges of Online Copyright Enforcement

penalty is not criminal in nature, a national court may impose a criminal sanction successively. 3. The Fundamental Rights of Internet Service Providers at Stake The enforcement mechanisms described and analysed throughout this book often rely on the cooperation of online intermediaries such as access providers: they may be ordered to retain data on repeat infringers, send out warnings to their customers, filter the content hosted or transmitted and block access to infringing materials. Therefore their freedom to conduct business as well as their freedom of expression may be interfered with. a) Freedom to Conduct Business The freedom to conduct business of Access Providers may be concerned when they are obliged to retain data on repeat infringers and send out warnings to their customers. They may also be ordered to block access to infringing content. Host providers or search engine providers may be under an obligation to not only take-down infringing material but also prevent the continuation of the infringements by ensuring that they do not reappear. Under the Charter, the freedom to conduct business is enshrined in Article 16, which provides that “[t]he freedom to conduct a business in accordance with European Union law and national laws and practices is recognised”. It is the first time that the freedom to conduct business is being recognised in a formal sense in European sources.632 It should however be

632 According to Alberto Lucarelli in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 16, p. 99, in the sphere of constitutions in Europem only the Spanish Constitution in its Article 38 expressly recognises the freedom of enterprise in the realm of the market economy, while the Luxembourgish constitution (Article 11(6)) guarantees the freedom of trade and industry, the Irish constitution (Article 45(3)) determines that the state must ensure private entterprise, the Portuguese constitution (Article 86) provides that the state encourages entrepreneurial activity, and the Finnish and Norwegian constitutions (Article 18 and Article 101 respectively) provide for a generic freedom commercial activity.

181

First Chapter: Legal and Technological Background

pointed out, that the freedom to pursue a trade or business belongs to the general principles of European Union law and has been recognised for several years.633 Prior to the Charter, the CJEU and the ECtHR have been inferring from Article 1 of the Protocol No. 1 to the ECHR principles which concern the free exercise of economic activities.634 The protection afforded by Article 16 CFR recognises individual economic freedom and covers the freedom to exercise an economic or commercial activity, 635 the freedom of contract636 and free competition as recognised by Article 119(1) and (3) TFEU637. The freedom of contract includes for instance, the freedom to choose with whom to do business,638 and the freedom to determine the price of a service639. As regards limitations on the freedom, the financial burdens on farmers resulting from an obligation to mark sheep and goats electronically and keep a holding register, was considered to be a limitation of the exercise of the freedom to conduct a business in general.640

633 CJEU, C-280/93 Germany v Council [1994] ECR I-4973, para. 78; Joined Cases C-20/00 and C-64/00 Booker Aquaculture and Hydro Seafood [2003] ECR I-7411, para. 68; Joined Cases C-154/04 and C-155/04 Alliance for Natural Health and Others [2005] ECR I-6451, para. 126; and Joined Cases C-453/03, C-11/04, C-12/04 and C-194/04 ABNA and Others [2005] ECR I-10423, para. 87. See also Andrea Usai, The freedom to conduct a business in the EU, its limitations and its role in the European legal order: A new engine for deeper and stronger economic, social and political integration, German Law Journal 2010, Vol. 14 No. 9, 1867–1888. 634 See Alberto Lucarelli in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 16, p. 99. 635 See CJEU, C-4/73 Nold [1974] ECR 491, para. 14; C-230/78 SpA Eridiana and Others, Judgment of 27.09.1979, [1979] ECR 2749, paras. 20 and 31. 636 Case C-151/78 Sukkerfabriken Nykøbing [1979] ECR 1, para. 19; Case C-240/97 Spain v Commission [1999] ECR I-6571, para. 99. 637 Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 23. 638 CJEU, Joined Cases C‑90/90 and C‑91/90 Neu, Judgment of 10.07.1991, [1991] ECR I‑3617, para. 13. 639 CJEU, C‑437/04 Commission v Belgium, Judgment of 22.03.2997, [2007] ECR I‑2513, para. 51; C‑213/10 F-Tex SIA v Lietuvos-Anglijos UAB "Jadecloud-Vilma", Judgment of 09.04.2012, para. 45. 640 C-101/12 para. 24ff CJEU, C-101/12 Herbert Schaible v Land Baden-Württemberg, Judgment of 17.10.2013, para. 26.

182

B. The Technological and Legal Challenges of Online Copyright Enforcement

Freedom to conduct a business is not absolute; moreover, it must be viewed in relation to its social function.641 The CJEU has identified a series of social objectives, which it defines as “objectives of general interest” and that may limit the exercise of the freedom to conduct business.642 Accordingly, the freedom to conduct a business may be subject to a broad range of interventions on the part of public authorities which may limit the exercise of economic activity in the public interest.643 Being subject to the limitations provided for in Article 52(1) CFR, interferences with the freedom must be provided for by law and respect the essence of those rights and freedoms and, in compliance with the principle of proportionality, must be necessary and actually meet objectives of general interest recognised by the European Union or the need to protect the rights and freedom of others.644 The ECHR does not mention the freedom to conduct a business as a fundamental right. The ECtHR has however used Article 1 of the Protocol No. 1 to the ECHR on the protection of private property as a basis for inferring the principles protecting the right to economic initiative. Interestingly, in the case of Delfi v Estonia, which concerned the liability of an Internet service provider for third part content and general monitoring obligations, the ECtHR did not discuss an interference with the freedom to conduct business although the service provider argued that due to the judgment of a national court, it was forced to alter its business model.645 However, as the judgment did not become final, it remains to be seen

641 CJEU, Joined Cases C‑184/02 and C‑223/02 Spain and Finland v Parliament and Council, Judgment of 09.09.2004, [2004] ECR I‑7789, paras. 51 and 52; C‑544/10 Deutsches Weintor, Judgment of 06.09.2012, para. 54 with further references. See also Alberto Lucarelli in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 16, pp. 101 et seq. 642 See for example CJEU, C-44/09 Hauer v Rheinland-Pfalz, [1979] ECR 3727, para. 17. 643 CJEU, C-283/11 Sky Österreich GmbH v Österreichischer Rundfunk, Judgment of 22.01.2013, para. 46; C-101/12 Herbert Schaible v Land Baden-Württemberg, Judgment of 17.10.2013, para. 28. 644 See CJEU, C-283/11 Sky Österreich GmbH v Österreichischer Rundfunk, Judgment of 22.01.2013, paras. 47–48; C-101/12 Herbert Schaible v Land BadenWürttemberg, Judgment of 17.10.2013, para. 27. 645 Cf. ECtHR, Delfi AS v Estonia, Judgment of 10.10.2013 – Application No. 64569/09. However, this case has not become final because the Court decided to refer the matter to the Grand Chamber which has not yet rendered a decision.

183

First Chapter: Legal and Technological Background

whether the Grand Chamber of the ECtHR will discuss the freedom to conduct a business when measures are imposed upon an Internet service provider that would require him to change his business model completely. b) Freedom of Expression Host providers as well as search engine providers may not only be concerned in their freedom to conduct business but also in their freedom of expression. Their freedom of expression may be concerned in so far as access providers may be ordered to block access to websites that host infringing materials. Article 10 ECHR guarantees freedom of expression to “everyone”, both legal and natural persons.646 No distinction is made according to whether the type of aim pursuit is a commercial activity or not.647 Article 10 does not apply to certain types of information or expression; it also encompasses information of a commercial nature.648 As the protection guaranteed by Article 11 CFR and Article 10 of the ECHR are intended to be the same,649 freedom of expression of Internet service providers can also be invoked under Article 11 CFR. 4. Fundamental Rights of the Intellectual Property Rights Owners Much has been said about fundamental rights of individuals affected by possible sanctions or other enforcement mechanisms. In that respect, it must not be ignored that the intellectual property rights-holders may themselves raise fundamental rights-based arguments when seeking protection of their rights.

646 ECtHR, Autronic AG v Switzerland, Judgment of 22.05.1990 – Application No. 12726/87, para. 47. 647 ECtHR, Sunday Times v the United Kingdom, Judgment of 26.04.1979 – Application No. 6538/74, paras. 42 et seq.; Markt intern Verlag GmbH and Klaus Beermann v Germany, Application No. 10572/83, para.25; Groppera Radio AG and Others v Switzerland, Application No. 10890/84, paras. 53 et seq. 648 See ECtHR, Markt intern Verlag GmbH and Klaus Beermann v Germany, Application No. 10572/83, Ser A No 165 (1989), para.25. 649 Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303, 17 (14.12.2007), 33.

184

B. The Technological and Legal Challenges of Online Copyright Enforcement

a) Right to Intellectual Property First of all, the enjoyment of property and intellectual property rights is itself protected as a fundamental right. It falls within the right to property, which is a fundamental right common to all national constitutions in the EU650 and enshrined in Article 17 UDHR.651 Because some European countries, or more precise their socialist-leaning post-WWII governments, were reluctant to include a right to property in the ECHR, the right to property was placed in an “Optional Protocol” to the Convention and phrased in rather general terms. Today, the right to property is effectively regarded as an integral part of the Convention, and all Member States of the Council of Europe have signed up to the respective Protocol. Article 1 of the Protocol 1 to the ECHR provides that “every natural or legal person is entitled to the peaceful enjoyment of his possessions. No one shall be deprived of his possessions except in the public interest and subject to the conditions provided for by law and by the general principles of international law. The preceding provisions shall not, however, in any way impair the right of a State to enforce such laws as it deems necessary to control the use of property in accordance with the general interest or to secure the payment of taxes or other contributions or penalties”.652 Although there is no explicit mentioning of the right to intellectual property, the ECtHR held the enjoyment of intellectual property rights is a form

650 Ibid, 23. 651 As regards copyright as a human right under UDHR and the ICESCR, see Paul L. C. Torremans, Is copyright a human right?, Michigan State Law Review 2007, 271–291. 652 The jurisprudence on this Article is extensive. In Sporrong and Lönnroth v Sweden (ECtHR, Application No. No. 7151/75; 7152/75 – Judgment of 23.09.1982, para.61), it has been established for the first time that Article 1 of the Protocol 1 to the ECHR encompasses three separate rights: a right against deprivation of possessions, a right against the control of use of possessions and a general residual right against interferences with the peaceful enjoyment of possessions which constitute neither deprivation nor control of use.

185

First Chapter: Legal and Technological Background

of property interests. 653 Intellectual property has thus been recognised under the ECHR to be one aspect of property. Article 17 (1) CFR was based on the aforementioned Article of the ECHR and states that “Everyone has the right to own, use, dispose of and bequeath his or her lawfully acquire possessions. No one may be deprived of his or her possessions, except in the public interest and in the cases and under the conditions provided for by law, subject to fair compensation being paid in good time for their loss. The use of property may be regulated by law in so far as is necessary for the general interest”. Art 17(2) specifically confirms that intellectual property falls within this general guarantee, stating that: “Intellectual property shall be protected”. Although the wording of the two provisions is different, the meaning and scope of Article 17 CFR shall be the same as Article 1 of the Protocol 1 to the ECHR.654 The change in wording results from the consideration that the ECHR provision is no more up-to-date.655 Thus, concern, that has been expressed with regard to the protection of intellectual property seem-

653 See, for example, ECtHR, Anheuser-Busch Inc. v Portugal [GC], Application No. 73049/01, para. 72 (holding that Article 1 of Protocol No. 1 is applicable to intellectual property as well as the application for intellectual property rights if such an application gives rise to proprietary interests); Dima v Romania, Judgment of 16.11.2006 – Application No. 58472/00. For an analysis of the judgments see Laurence R. Helfer, The new innovation frontier? Intellectual property and the European Court of Human Rights, in: Paul L. C. Torremans (ed.), Intellectual Property and Human Rights, Enhanced Edition of Copyright and Human Rights (2008), pp. 25 et seq.; Council of Europe, Internet: case-law of the European Court of Human Rights (2011), pp. 18 et seq. 654 Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 23. See also Jonathan Griffiths, Constitutionalising or harmonising? – the Court of Justice, the right to property and European copyright law, European Law Review 2013, Vol. 38, 65–78, 68. When balancing the right to intellectual property against other rights, the scrutiny exercised by the CJEU and the ECtHR will differ in one significant aspect, namely, as regards the boundaries of intellectual property rights: the ECtHR has to distinguish between national decisions that interfere with an existing property right and those that serve only to define its boundaries; the CJEU however does not have to make this distinction because it usually has competence to determine the right as such and its boundaries (see ibid, 71). 655 Cf. Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 23, which state that “The wording has been updated”.

186

B. The Technological and Legal Challenges of Online Copyright Enforcement

ingly to be granted absolute under Art 17(2),656 is unfounded. It has been intended by the CFR drafters that the limitations in Article 17 CFR may not exceed those provided for in the ECHR.657 Its explicit mentioning only shows that the drafters of the Charter found it necessary to expressly guarantee its protection because of its growing importance and Community secondary legislation.658 In its recent judgment in Scarlet Extended v SABAM,659 which will be discussed in the third Chapter, the Court of Justice accordingly stated that: “The protection of the right to intellectual property is indeed enshrined in Article 17(2) of the Charter…There is, however, nothing whatsoever in the wording of that provision or in the Court’s case-law to suggest that that right is inviolable and must for that reason be absolutely protected.”660

By this statement the CJEU reiterated that the right to intellectual property is not absolute and interferences may be justified. As regards interferences with the right to property as such, the CJEU has consistently held that “[W]hile the right to property forms part of the general principles of EU law, it is not an absolute right and must be viewed in relation to its social function. Consequently, its exercise may be restricted, provided that those restrictions in fact correspond to objectives of general interest pursued by the European Union and do not constitute disproportionate and intolerable interference, impairing the very substance of the rights guaranteed.”661

The use of one’s own intellectual property may thus be regulated by law insofar as it is necessary for the general interest. Accordingly, the CJEU reflects the principles under which interferences with intellectual property under the ECHR may be lawful. The ECHR approach focuses upon the need to establish whether or not a contracting state has struck a “fair balance” between the protected right

656 See Christophe Geiger, Intellectual Property Shall be Protected!? – Article 17(2) of the Charter of Fundamental Rights of the European Union: a Mysterious Provision with an Unclear Scope, [2009] E.I.P.R. 115. 657 Cf. Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 23. 658 Cf. Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 23. 659 CJEU, C-70/10 Scarlet Extended SA v SABAM, Judgment of 16.02.2012, [2011] ECR I-11959. 660 Ibid, para. 43. 661 See CJEU, C-379/08 Raffinerie Mediterranee (ERG) SpA v Ministero dello Sviluppo economico, [2010] ECR I-2007, para. 80 and the case law cited therein.

187

First Chapter: Legal and Technological Background

and the general, public interest. 662 The “fair balance” test is quite similar to the necessity and proportionality tests applied under for example Articles 8 and 10 ECHR set out above. Although the wording of Article 17 CFR is similar to these articles and their corresponding provisions in the Charter (“….use of property may be regulated by law in so far as is necessary for the general interest”), the ECHR and EU approaches in respect of balancing property as a fundamental right with other fundamental rights are as good as the same.663 Hence, “an instrument or measure that in some significant respect tilts the balance of protection manifestly unfairly in favour of one beneficiary of the right, and unfairly against others, or a procedure that fails to allow for the taking into account of the different, competing interests, but rather, stacks all the weight at one end, is incompatible with these fundamental European human rights instruments”.664 With respect to the assessment of proportionality, the ECtHR accords national decision-makers a broader margin of appreciation under Article 1 of the Protocol 1 than it generally permits in the case of other qualified rights under the ECHR.665 This principle has also been reflected by the CJEU, when the Court noted in the case of Kadi, that for inferences with the right to property to be acceptable, there must “exist a reasonable relationship of proportionality between the means employed and the aim sought to be realised. The Court must determine whether a fair balance has been struck between the demands of the public interest and the interest of the individuals concerned. In so doing, the Court recognises that the legislature enjoys a wide margin of appreciation, with regard both to choosing the means of enforcement and to ascertaining whether the consequences of enforcement are justified in the public interest for the purpose of achieving the object of the law in question”.666

662 Any procedure, instrument or measure taken must respect the fair balance required by Article 1 First Protocol and Article 17 CFR. 663 See Douwe Korff/Ian Brown, Opinion on the Compatibility of ACTA with the ECHR and the EU Charter of Fundamental Rights (2011), pp. 22 et seq. 664 Ibid, p. 23. 665 See Jonathan Griffiths, Constitutionalising or harmonising? – the Court of Justice, the right to property and European copyright law, European Law Review 2013, Vol. 38, 65, 68. 666 CJEU, Joined cases C-402/05P and C-415/05P Kadi and Al Barakaat v Council of the European Union and Commission of the European Communities, Judgment of 03.09.2008, [2008] ECR I-6351, para. 360.

188

B. The Technological and Legal Challenges of Online Copyright Enforcement

The case law of the ECtHR on the fair balance test is more extensive than that of the CJEU and will thus be focussed on in the following. The European Court of Human Rights has, for example, held that the concept of “possessions”667 includes rights that arise as a result of legitimate expectations.668 However, this does not include entitlements to property in future.669 The distinction between the aforementioned three forms of right to property plays a role in the context of compensation.670 The ECtHR has established a strong presumption that compensation must be paid in cases of deprivation of property.671 This presumption has been established as a rule in the Charter, when it states that “no one may deprived of his or her possessions, except …, subject to fair compensation being paid in good time for their loss”. No such presumption exists in relation to other forms of interferences that do not amount to total deprivation.672 These principles may also be of relevance in relation to interferences with copyright. It needs to be noted that in many copyright infringement cases not the authors themselves will invoke intellectual property rights, but collecting societies, record labels or other multinational corporations invoke rights. While some criticize that human rights protection also applies to non-individuals, such as these corporate owners of IPR,673 the ECtHR does consid-

667 The concept of possessions which has autonomous Convention meaning and is therefore not restricted by concepts of national property law. See Jonathan Griffiths, Constitutionalising or harmonising? – the Court of Justice, the right to property and European copyright law, European Law Review 2013, Vol. 38, 65, 69. 668 ECtHR Anheuser-Busch Inc. v Portugal [GC], Judgment of 11.01.2007 – Application No. 73049/01, para. 49. 669 The ECHR only protects existing possessions and assets against interference. See, for example, ECtHR Marckx v Belgium, Judgment of 13.06.1979 – Application No. 6833/74, paras. 50 et seq. 670 See Jonathan Griffiths, Constitutionalising or harmonising? – the Court of Justice, the right to property and European copyright law, European Law Review 2013, Vol. 38, 65, 70. 671 Ibid. 672 Ibid. 673 Laurence R. Helfer/Graeme W. Austin, Human rights and intellectual property: Mapping the global interface (2011), pp. 504 et seq. For further references see Peter K. Yu, Intellectual Property and Human Rights in the Nonmultilateral Era, Florida Law Review 2012, Vol. 64, pp. 1045, 1066.

189

First Chapter: Legal and Technological Background

er the term “possessions” in Article 1 of Protocol No.1 to the ECHR to include intellectual property of corporations.674 Finally, beyond the protection of intellectual property rights against infringements, it has been discussed whether the right imposes positive duties upon states to take particular actions to secure intellectual property interests against third party violations.675 In that respect, it needs to be remembered that the property guarantee under the ECHR and the CFR grants a considerable margin of appreciation to states to interfere with the enjoyment of property rights in order to secure conflicting public interests so long as a fair balance is maintained; there is nothing in the law that foresees positive duties to prevent intellectual property rights infringements.676 b) Right to an Effective Remedy Article 47 CFR guarantees the right to an effective remedy and to a fair trial. The first paragraph of Article 47 CFR sets forth that “everyone whose rights and freedoms guaranteed by the law of the Union are violated has the right to an effective remedy before a tribunal in compliance with the conditions laid down in this Article”. This paragraph is based on Article 13 ECHR, which states that “Everyone whose rights and freedoms as set forth in this Convention are violated shall have an effective remedy before a national authority notwithstanding that the violation has been committed by persons acting in an official capacity”. Already from the wording, it becomes clear that in EU law the protection is more extensive since it guarantees the right to an effective remedy before a court.677

674 See in relation to trademarks and trademark applications : ECtHR, AnheuserBusch Inc. v Portugal [GC], Judgment of 11.01.2007 – Application No. 73049/01. 675 Jonathan Griffiths, Criminal liability for intellectual property infringement in Europe: the role of fundamental rights, in: Christophe Geiger (ed.), Criminal enforcement of intellectual property (2012), pp. 197 et seq. 676 Ibid, p. 198. 677 See also Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 29.

190

B. The Technological and Legal Challenges of Online Copyright Enforcement

Prior to the Charter, the CJEU had recognised this right in its judgments in Johnston678, Heylens679 and Borelli680 as a general principle of EU law, which also applies to the Member States when they are implementing EU law. The scope of application under EU law is thus limited to the institutions of the EU and of Member States when they are implementing EU law and applies for all rights guaranteed by EU law.681 In instances where the effective protection of a fundamental right is involved, the individuals concerned must be able to defend that right under the best possible conditions.682 This may also include the possibility to acquire information that is necessary to pursue a claim. As such, the non-existence of an obligation to communicate personal data in the context of civil proceedings to prepare a claim may interfere with the victim’s right to effective judicial protection.683 5. In Brief: The Balancing of Fundamental Rights The outline of the scope of the conflicting rights has already shown that a fair balancing of these rights has a key function in the jurisprudence of the courts. As regards the fundamental rights of the CFR outlined above, all interferences are subject to Article 52(1) CFR, which provides that: “[A]ny limitation on the exercise of the rights and freedoms recognised by this Charter must be provided for by law and respect the essence of those rights and freedoms. Subject to the principle of proportionality, limitations may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.” Where several rights and fundamental freedoms protected by

678 CJEU, C-222/84 Johnston, Judgment of 15.05.1986, [1986] ECR 1651. 679 CJEU, C-222/86 Union nationale des entraineurs et cadres techniques professionnels du football (UNECTEF) v Georges Heylens, Judgment of 15.10.1987, [1987] ECR 4097. 680 CJEU, C-97/91 Borelli, Judgment of 03.12.1992, [1992] ECR I-6313. 681 Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17, 29. 682 CJEU C-222/86 Union nationale des entraineurs et cadres techniques professionnels du football (UNECTEF) v Georges Heylens, Judgement of 15.10.1987, [1987] ECR 4097. 683 Cf. CJEU, C-275/06, Productores de Música de España (Promusicae) v Telefónica de España SAU [2008] ECR I-271.

191

First Chapter: Legal and Technological Background

the European Union legal order are at issue, the assessment of the possible disproportionate nature of a provision of European Union law must be carried out with a view to reconciling the requirements of the protection of those different rights and freedoms and a fair balance between them.684 Limitations on the freedom must be provided for by law and respect the essence of those rights and freedoms and, in compliance with the principle of proportionality, must be necessary and actually meet objectives of general interest recognised by the European Union or the need to protect the rights and freedom of others.685 Thus, when there is a choice between several appropriate measures recourse must be had to the least onerous, and the disadvantages caused must not be disproportionate to the aims pursued.686 Within 60 years of fundamental rights adjudication, the ECtHR has developed the principle of proportionality into an indispensable tool to balance conflicting rights.687 The fundamental rigths granted by the ECHR are often principles that “guide decision-makers, but they rarely provide the sole basis for decision-making that involves, and requires, a significant measure of balancing of interests”.688

When balancing for instance copyright against the right to privacy under Article 7 CFR and the right to the protection of personal data under Article 8 CFR, the CJEU will not only have to analyse whether a justification as prescribed by Article 8 ECHR exists, but also has to take into account that copyrights are “rights of others” within Article 8(2) ECHR/Article 52(1) Charter. Accordingly, these rights must be balanced against each other. Lord Steyn summarised the balancing test with regard to this rights as follows: First of all, neither Article as such has precedence over the other; secondly, where the values under two Articles are in conflict, an intense focus on the comparative importance of the specific rights being claimed in the individual case is necessary; thirdly, the justifications for interfering

684 See, to that effect, CJEU, C‑275/06 Productores de Música de España (Promusicae) v Telefónica de España SAU [2008] ECR I‑271, paras. 65 and 66. 685 In accordance with Article 52(1) CFR. See CJEU, C-283/11 Sky Österreich GmbH v Österreichischer Rundfunk, Judgment of 22.01.2013, paras. 47–48; CJEU, C-101/12 Herbert Schaible v Land Baden-Württemberg, Judgment of 17.10.2013, para. 27. 686 C‑343/09 Afton Chemical, [2010] ECR I‑7027, para. 45; Joined Cases C‑581/10 and C‑629/10 Nelson and Others, Judgment of 23.10.2012, para. 71; C-283/11 Sky Österreich GmbH v Österreichischer Rundfunk, Judgment of 22.01.2013, para. 50. 687 Jonas Christoffersen, Human Rights and balancing: The principle of proportionality, in: Christophe Geiger (ed.), Research Handbook on Human rights and Intellectual Property (2015), p. 19. 688 Ibid, p. 37.

192

B. The Technological and Legal Challenges of Online Copyright Enforcement

with or restricting each right must be taken into account; and finally, the proportionality test in a strict sense, must be applied to each.689

689 House of Lords, Re S, [2004] UKHL 47, [2005] 1 AC 593, para 17.

193

Second Chapter: User-Targeted Responses

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures I. The Idea of Enforcement in Peer-to-Peer File-Sharing Networks The Internet is about sharing information. The technical structure of the Internet does not limit the distribution of content to specific actors but invites everyone to connect and make information available. As outlined in the First Chapter, from the advent of the Internet being widely available, this always included copyrighted content. If information is transferred onto the Internet and hence made available worldwide, users often wrongly believe that its use must be free and unrestricted. They may also just ignore that online contents are subject to the same restriction as its tangible counterparts. The turn of the millennium meant that Napster made peer-to-peer file-sharing popular and almost omnipresent. In Napster’s aftermath, new and more sophisticated peer-to-peer technologies entered the market and remained significant due to increased broadband access and developments in software. They had in common that the participating users not only downloaded content but at the same time made that content available. There is no dispute that the unauthorised making available of substantive parts of copyrighted content constitutes copyright infringement – even if it is done in a non-commercial context. As suing the innovators of improved file-sharing software for copyright infringement is deemed to fail, because the provision of the file-sharing infrastructure and software does not as such imply aiding and abetting an infringement, the next step for the rights-holders wassuing the users. The user is the one that commits the infringement, so it is obvious why a rights-holder would want to turn to the user to enforce his rights. The actual infringer may not only stop his activities but also compensate the rights holders for the infringement. Addressing users may also serve as a deterrent for other users to refrain from illegal file-sharing. This course of action thus has not only a punitive but also a specific and general deterrent role, and this even outside the context of criminal law as the examples of private litigation in this chapter will show. Intellectual property rights are private rights and the

195

Second Chapter: User-Targeted Responses

majority of enforcement procedures are civil: it is for the rights-holder to take action where an infringement has occurred. The aim of such action also goes beyond the deterrent role, educating users that their behaviour is not acceptable.690 In an ideal world, users who no longer infringe copyright will become consumers of media content for which they pay. Addressing users in this context may either refer to suing users, warning, or threatening users with lawsuits. In response to the high percentage of unauthorised downloads, a number of countries such as France,691 the UK,692 Ireland,693 Spain,694 New Zealand,695 South Korea696 or Taiwan697 have implemented, or are drafting, laws to enforce ‘graduated response’ measures where content owners and Internet service providers join forces to fight online copyright infringement. In most cases, users are sent a warning, which informs them about an infringement that has been committed via their Internet connection and asks them to refrain from infringing copyright. Following a certain number of warnings, they may face court action. In some jurisdictions, in particular in Germany698, the warning letter may require the addressee to sign a declaration with a penalty clause that they will refrain from copyright infringements in the future. Repeat-infringers under a graduated response scheme may risk technical sanctions ranging from a proposed bandwidth reduction to temporary account suspension.

690 Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights (2011), p. 26. 691 Loi no 2009-669 du 12 juin 2009 favorisant la diffusion et la protection de la création sur Internet – generally known as Loi Hadopi. 692 Digital Economy Act 2010. 693 Rónán Kennedy, No three strikes for Ireland (yet): EU Copyright Law and individual liability in recent Internet file-sharing litigation, Journal of Internet Law 2011, Vol. 14, 15–28. 694 Ley 2/2011, de 4 de marzo, de Economía Sostenible (Ley Sinde). 695 Jason Rudkin-Binks/Stephanie Melbourne, The new ‘three strikes’ regime for copyright enforcement in New Zealand – requiring ISPs to step up to fight, Entertainment Law Review 2009, Vol. 20, 146–149. 696 Doug Jay Lee/Kim Misung/Jong Won Hong, Annual Report 2009, Korea APAA Copyright Committee. 697 Erik Chen/Mark Brown, Taiwan: Taiwan enacts ISP ‘safe harbour’ amendments to Copyright Act, Computer Law & Security Review 2009, Vol. 25 Issue 4, 389– 390. 698 Germany has not (yet) implemented a graduated response scheme although the introduction of such a system has been discussed recently.

196

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

The graduated response schemes were initially known as “three strikes” laws, based on the baseball rule of “three strikes and you're out”. The batter is permitted two strikes before striked out by the third one. Because “three strikes” was understood to refer to physical assault, the approach is now primarily referred to as “graduated response”. The following chapter will analyse different enforcement schemes that are directed against the user. The analysis is divided into two major parts presenting enforcement schemes that work under criminal law and private litigation schemes. A prerequisite for pursuing action against users under criminal and civil law, is that the user who committed the infringement can be identified. The only possible way of identifying the user is the IP address from which an infringement was committed. Obtaining the IP address already constitutes the first hurdle for the rights-holder. The easiest option is to become a member of a file-sharing network. In traditional file-sharing networks, including those operating BitTorrent technology, the IP address of sharers is visible. However this is not the case with file hosting services, and thus this Chapter solely focusses on enforcement schemes against users that engage in peer-to-peer file-sharing. The second hurdle is, that the rightsholder needs to obtain further information on the subscriber of an IP address, who either may be the infringer himself, hold further information on the infringer, or may be unaware of the situation. Nevertheless, the subscriber operates an Internet connection, for which he may have to be held responsible as it allows the commitment of infringements as shown later in Part B of this chapter. However, compared to the introductory part, this section explores more in detail how peer-to-peer file-sharing works. It shows how file-sharers are typically identified by rights-holders, what evidence can be gathered and how, before in the following part of this chapter, national enforcement mechanisms including legal tools for identification will be presented and analysed. The analysis itself will focus on the compliance of the individual enforcement mechanism with secondary EU law and fundamental rights. II. Peer-to-Peer File-Sharing: Scope, Specific Functioning and Consequences There is a reason why users of peer-to-peer file-sharing networks are interesting targets for rights-holders: infiltration of the networks can be easy 197

Second Chapter: User-Targeted Responses

(depending on the design) and allows the identification of IP addresses of the users involved. The following paragraphs provide – in addition to the outline of peer-to-peer file-sharing in the First Chapter – a brief overview on the functioning of peer-to-peer file-sharing and its technological progress since the early days of Napster. 1. Peer-to-Peer File-Sharing Networks in General Before the advent of peer-to-peer technology, different computers on one network could only communicate through a central server. In simple terms, peer-to-peer software eliminated the need for information being routed through a central server. Peer-to-peer file-sharing provides for data-sharing between computers using a specific peer-to-peer software client.699 Traditionally, a home computer needed to connect to a web server to download files that the users wanted to access. With increasing consumer demand, very large amounts of bandwidth have to be provided. Bandwidth is key to improving performance, but not the only solution when distributing content. Storing large files of data on a server is costly and ensuring that the files required are available on servers depends on a provider running servers that makes the files available. Due to deficits of a centralised system, the peer-to-peer technology which does not require a “major” server has been developed. Unlike a traditional content delivery network, peer-to-peer systems have no dedicated infrastructure. Basically, instead of accessing a central server, home computers connect to each other to download files from each other. By this, the resources of the computers are pooled to enhance performance.700 A distinctive feature of peer-to-peer networks is, that each computer on the network can be a file server as well as a client. The term peers in this context refers to all the computers being used which can alternately act as a client to another peer, fetching its content, and as a server, providing content to other peers.701 Everyone that joins the network for downloading participates in the distribution of content.

699 “Peers” are computer systems connected to each other through the Internet. The functioning has been outlined in the First Chapter, A. The Status Quo – or How Did We Get to Where We Are Today?. 700 Andrew Tanenbaum/David Wetherall, Computer networks (5th ed. 2011), p. 749. 701 Ibid, p. 748.

198

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

As has been outlined in the First Chapter, Peer-to-peer file-sharing emerged in 1999 with the launch of Napster, which managed to link users who had specific files with those who requested these files via a central server.702 With Napster, users could share music via the Internet on a large scale, so that comprehensive digital music collections became available for them. Napster offered software and a service whereby a central server, operated by Napster itself, indexed all files currently available on the computers of its users then connected to the Internet. Users could search this catalogue for specific files and then download them from the computer they were located at. This provided a simple, fast and efficient search facility for users. This centralisation, however, turned out to be the final nail in Napster´s coffin: when A&M Records, a copyright owner in some of the music being downloaded by Napster users sued Napster for contributory and vicarious infringement, this ultimately resulted in the shut-down of the central server and eliminated an entire dissemination mechanism. Due to the centralised structure, US courts had no problems finding Napster liable for contributory and vicarious copyright infringement (see above First Chapter, B.).703 Napster was ordered to take reasonable steps to prevent distribution of works in respect of which it had been notified of copyright ownership, but they did not succeed in complying with this obligation.704 As a consequence of the US Napster ruling, subsequent peer-to-peer network operators sought to decentralise file-sharing networks. Instead of conducting queries via a central server,705 the second generation of net-

702 Cf. Chapter 1, p. 87. For an outline of the functioning of Napster, see also US Court of Appeals for the 9th Circuit, A&M Records Inc. v Napster Inc., 239 F.3d 1004 (9th Cir. 2001). 703 17 US District Court for the Northern District of California, A&M Records. Inc. v Napster Inc., 114 F. Supp. 2d 896 (N. D. Cal. 2000), confirmed by US Court of Appeals for the 9th Circuit, A&M Records Inc. v Napster Inc., 239 F.3d 1004 (9th Cir. 2001). 704 Due to the fact that the centrally hosted catalogue was constantly being modified as users connected and disconnected from the Internet, it was in practice impossible to prevent infringing works from being exchanged. 705 See for example the original version of Napster. As regards Napster, central servers would index all of the current users and search their computers for shareable files. When a user searched for a file, the server would find all of the available copies of the requested file and present them to the user. The file would then be transferred between the two private computers. Napster allowed only for music files to be shared. As the downloading occurred via a central server, Nap-

199

Second Chapter: User-Targeted Responses

works706 connects users remotely to each other with the help of a software application that they need to install on their computers.707 Catalogues of files are no longer kept centrally on the peer-to-peer intermediary’s own website. Instead, each user maintains an index of files stored on his own computer, and each time he connects to the Internet, the software he has installed will search for other users running the same software708; if a user searches for a particular file he will need to send out a request which the peer-to-peer software in question will pass from user to user until it is met with a positive response. Following a positive response, the file download would be negotiated by the software directly between the user who has the file stored on his computer and the user who sent out the request. Some second generation protocols such as the FastTrack protocol used by Grokster, randomly (and unbeknownst to the user) assign computers in the system to operate as centralised connection points that index files and handle search requests, so called supernodes.709 Other second generation protocols such as Gnutella, are fully decentralised and route searches serially through any available user on the network.710 Typically, searches on individual computers are only possible within a particular folder that has been

706 707 708

709 710

200

ster was held liable of contributory and vicarious copyright infringement and ordered to monitor the activities of its network and to block access to infringing material when notified of that material’s location (17 US District Court for the Northern District of California, A&M Records. Inc. v Napster Inc., 114 F. Supp. 2d 896 (N. D. Cal. 2000), confirmed by A&M Records, Inc. v Napster Inc., 239 F. 3d 1004 (9th Cir. 2001)). As Napster was unable to comply with the judgement it eventually shut down its service in July 2001. It later re-emerged as an online music store. For the history of Napster see also Nick Scharf, Napster’s long shadow: copyright and peer-to-peer technology, Journal of Intellectual Property Law & Practice 2011, Vol. 6 Issue 11, 806–812. Such as for example Gnutella or KaZaa. For an outline of the functioning of KaZaa see Chris Reed, Internet Law, Text and Materials (2nd ed. 2004), pp. 98 et seq. The default mode of most peer-to-peer software means that it starts running in the background whenever the computer on which it is installed is started. See expert report cited by Justice Arnold in Dramatico Entertainment Ltd & others v British Sky Broadcasting Ltd & others BitTorrent has emerged as the dominant P2P protocol, see [2012] EWHC 268, para. 19. See US Supreme Court, Metro-Goldwyn-Mayers Studios, Inc. v Grokster Ltd., 545 U.S. 913 (2005), 921. The original Gnutella software application is no longer in circulation.

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

designated by the user to share with others.711 Following a positive response to a search request, the file download is negotiated by the software directly between the user who has the file stored on his computer and the user who sent out the request. The difference between the first and second generation is that with the second generation the file-sharing software creates a new local database for each user every time he connects, which does not require any further involvement of the software provider. Acccordingly, the decentralised models have no central access point and cannot store a search index, identify users, or directly facilitate connections.712 Some software applications, for example Gnutella, further distance themselves from liability, because they are open source protocols, meaning that rights-holders have difficulties to find someone to whom they may address their claims. Shutting down part of the system may also be ineffective because users can adapt copies of the program’s code to keep a sharing network in place. This however means, that rights-holders need to change their approach from suing the provider of the network or software to the individual user. The problem for users with peer-to-peer file-sharing is that each user (= client) that downloads a file onto his computer at the same time supplies the given file to the file-sharing network.713 Most users seem to be unaware of this fact.714 In some cases, the application used to allow the deactivation or blocking of the uploading function.715 Sometimes the amount of the downloaded material and the downloading speed may depend on the extent to which the user makes files available himself.716 Thus, it becomes attractive for users to keep a large number of files in their public folder. Further technological advances mean, that the newest (third) generation of networks provides for files being searched and retrieved almost without

711 Mark Taylor/John Haggerty/David Gresty/Tom Berry, Digital evidence from peer-to-peer networks, Computer Law & Security Review 2011, Vol. 27, 647. 712 Cf. US Supreme Court, Metro-Goldwyn-Mayers Studios, Inc. v Grokster Ltd., 545 U.S. 913 (2005), 920. 713 Rolf Schwartmann, Filesharing, Sharehosting & Co, Funktionsweise und rechtliche Bewertung aktueller Erscheinungsformen von Urheberrechtsverletzungen im Internet, Kommunikation und Recht 2011, Beihefter 2, 9. 714 European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 6. 715 Ibid. 716 Ibid.

201

Second Chapter: User-Targeted Responses

any form of database being involved. Current file-sharing protocols create a new network for every set of files instead of employing one big network of files. 2. The Third Generation of Peer-to-Peer File Sharing Networks File sharing protocols of the newest (third) generation, BitTorrent protocols, also work decentralised but, in contrast to earlier protocols, files are not downloaded as one piece from one single user. As aforementioned, BitTorrent has proven to be very efficient,717 and has thus become the leading file-sharing technology, in which peers cooperate in distributing files or content. 718 Its way of functioning is distinct from previous filesharing applications and thus, needs to be looked at separately. Also, it is a complicated protocol to analyse in legal context due to many actors being involved in the act of sharing.719 First of all, there is the web site which provides the client software; then there is the web site which provides “torrent” files which then aid the user in locating other users who hold all or parts of the file which this user seeks to download. With early versions of the BitTorrent protocol, tracker sites became necessary; they monitored the users contributing to the file transfer in order to pass their data to the client software. Finally there are the users using the BitTorrent protocol, who join in uploading bits of the file sought. A rather allegorical and simplified description of the functioning of BitTorrent, which gives a first idea of the different actors, can be found in the 2010 first instance decision of the Australian case Roadshow Films Pty Ltd v iiNet Ltd: “To use the rather colourful imagery that Internet piracy conjures up in a highly imperfect analogy, the file being shared in the swarm is the treasure, the BitTorrent client is the ship, the .torrent file is the treasure map, The Pirate Bay provides treasure maps free of charge and the tracker is the 717 Diane Rowland/Uta Kohl/Andrew Charlesworth, Information Technology Law (4th ed. 2012), p. 339; Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights (2011), p. 17. 718 Gaetano Dimita, Six characters in search of infringement: potential liability for creating, downloading, and disseminating.torrent files, Journal of Intellectual Property Law & Practice 2012, Vol. 7 Issue 6, 466, 466. 719 See Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights (2011), p. 17.

202

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

wise old man that needs to be consulted to understand the treasure map.”720 Like with other peer-to-peer file-sharing programmes, the user, who is called a seeder (when he provides upload access) or a leecher (when he seeks to download),721 needs to install a BitTorrent client on his computer. In BitTorrent terminology sharing a file is referred to as ‘swarming a file’.722 Users join a so called ‘swarm’ to download and upload from each other simultaneously a single set of files (also called a torrent file), which taken as a whole forms the desired content. This works as follows: Before a file can be shared, the BitTorrent client needs to create the torrent file of the material to be swarmed. The client then has to disseminate the torrent file that describes metadata of the files being distributed to support the BitTorrent protocol, such as information on the blocks of data that are distributed, and how these blocks of data should be put together to form the desired content.723 The torrent file does not itself contain any of the content to which it relates and can, in simple terms, be compared to a hyperlink leading to the desired content. The dissemination of the torrent file usually takes place via a website, where the user uploads the torrent file. BitTorrent does not offer facilities to search files: users need to find the torrent files by other means, and this has increased the popularity of the numerous websites which host, index, or link to them. Websites such as the PirateBay or FastTrack networks, such

720 Federal Court of Australia, Roadshow Films Pty Ltd v iiNet Ltd, [2010] FCA 24, para. 70. The decision was appealed, but the first instance judgement upheld, see [2011] FCAFC 23 (Full Court of the Federal Court of Australia) and [2012] HCA 16 (High Court of Australia). 721 BitTorrent software is designed so that users act as both downloaders and uploaders. The default setting in most cases, enables to do both simultaneously. This becomes important when users argue that they have only downloaded files (the donloading for private non-commercial purposes of a certain number of copies is for example in France a legal exception to copyright). 722 Gaetano Dimita, Six characters in search of infringement: potential liability for creating, downloading, and disseminating torrent files, Journal of Intellectual Property Law & Practice 2012, Vol. 7 Issue 6, 466, 466. 723 Joost Poort/Jorna Leenheer/Jeroen von der Ham/Cosmin Dumitru, Baywatch: Two Approaches to Measure the Effects of Blocking Access to The Pirate Bay (Working Paper, 22.08.2013), p. 2.

203

Second Chapter: User-Targeted Responses

as LimeWire, provide a built-in torrent file search facility.724 In most cases, these websites offer both a file index and a tracker. The latter are used to bootstrap and accelerate BitTorrent swarms so that they can provide a new peer with information on other peers participating in the swarm.725 Hence, the tracker helps users to identify computers that are already downloading or uploading a requested file.726 Accordingly, much of the communication still takes place with the aid of a central server, i.e. the tracker. The first versions of BitTorrent required such a central point to perform searches and aggregate torrent files, because during the sharing process, the identity of peers which can provide blocks of data that make up the file contents change regularly as other users acquire the content and make it available to others, so it became necessary for to keep track of the peers.727 In simple terms, the tracker coordinates communication between peers attempting to download the payload of the torrents. Tracker also record data on each file they track including the “hash” of that file (a unique code that identifies that file alone and no other)728 as well as the number of seeds (users holding an entire copy of the file), leechers (users in the act of downloading, that do not yet possess a full copy), and (in most cases) total completed downloads. While the initial version of the BitTorrent protocol used trackers to locate and torrent files to describe content, newer versions have recently added another layer of distribution by storing the torrent files in a so called

724 Gaetano Dimita, Six characters in search of infringement: potential liability for creating, downloading, and disseminating .torrent files, Journal of Intellectual Property Law & Practice 2012, Vol. 7 Issue 6, 466, 466. 725 Joost Poort/Jorna Leenheer/Jeroen von der Ham/Cosmin Dumitru, Baywatch: Two Approaches to Measure the Effects of Blocking Access to The Pirate Bay (Working Paper, 22.08.2013), p. 2. 726 See expert report cited in High Court, Dramatico Entertainment Ltd & others v British Sky Broadcasting Ltd & others, [2012] EWHC 268, para. 19. 727 Ibid. 728 A “hash” is a unique alpha-numeric sequence used to identify files (movies, music, documents, etc) on bittorrent. On the bittorrent network, the hash is generated by an algorithm (e.g. the SHA1 algorithm) which creates a small identifier from a large file (such as for example a movie). Even trivial modifications to the original file result in a completely different hash. See Envisional, Technical Report: An estimate of infringing use of the Internet (2011), p. 8. See also Second Chapter, III. 3. a) The Copyright Infringement.

204

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

Distributed Hash Table (DHT) storage network created by all global peers.729 A so-called magnet link730 can then be used to address content in this DHT network, which provides the contents of a torrent file, and its participating peers.731 If a user wants to obtain a file, he connects to the user with the BitTorrent file and opens it with his BitTorrent client. The torrent file then tells the user how to connect to the peer users swarming that file. As already mentioned above, the desired content is divided into blocks of data (bits), which are downloaded from different peers. As each peer receives a new piece of the file he becomes a source for that segment for other peers. In this way, the original source will be relieved from sending out the requested piece as a whole to every user wishing a copy.732 The segments will finally be reassembled into the correct order by the BitTorrent client.733 In contrast to the second generation peer-to-peer file-sharing technologies, there is no single file-sharing network where all the files are being shared. As mentioned above, a different network is created as soon as the first user obtains and launches a torrent file. 734 When everyone involved in a swarm has acquired a full copy, the network collapses. Like with earlier file-sharing protocols, much of the BitTorrent protocol operates invisibly to the user – after downloading a file, subsequent uploading takes place automatically if the user fails to close the programme. It is important to understand that torrent files do not include any part, not even insubstantial parts, of the protected materials they have been cre-

729 Joost Poort/Jorna Leenheer/Jeroen von der Ham/Cosmin Dumitru, Baywatch: Two Approaches to Measure the Effects of Blocking Access to The Pirate Bay (Working Paper, 22.08.2013), p.2. 730 A provider of lists of magnet links is for example The Pirate Bay. 731 Joost Poort/Jorna Leenheer/Jeroen von der Ham/Cosmin Dumitru, Baywatch: Two Approaches to Measure the Effects of Blocking Access to The Pirate Bay (Working Paper, 22.08.2013), p2. 732 Decentralised file-sharing permits a reduction in the original distributor’s hardware and bandwidth resources. 733 See Rolf Schwartmann, Filesharing, Sharehosting & Co, Funktionsweise und rechtliche Bewertung aktueller Erscheinungsformen von Urheberrechtsverletzungen im Internet, Kommunikation und Recht 2011, Beihefter 2, 9 with further references. 734 Gaetano Dimita, Six characters in search of infringement: potential liability for creating, downloading, and disseminating torrent files, Journal of Intellectual Property Law & Practice 2012, Vol. 7 Issue 6, 466, 466.

205

Second Chapter: User-Targeted Responses

ated to disseminate.735 No actual transmission of materials takes place before the actual swarm starts. The only way to determine whether a copyright infringement takes place is to join the swarm of the file.736 3. Peer-to-Peer File-Sharing in Numbers The difficulties in measuring the scope and economic impact of file-sharing has already been outlined in the previous Chapter. However, at this point the numbers shall briefly be recalled, because all specifically implemented enforcement schemes were based on the assumption that the scope of copyright infringements in peer-to-peer networks requires specific legislation. Peer-to-peer applications have long been considered to take up large amounts of the overall Internet traffic.737 Traffic analysis in this regard suggest that BitTorrent is the most used file-sharing protocol worldwide, making up 14.6% of all Internet bandwidth worldwide in 2010.738 Estimates for the future predict less traffic taken up by peer-to-peer file-sharing, but considering that the overall traffic is also increasing, even 2% of all worldwide traffic would mean that millions of users are using peer-topeer networks.739 In 2011, the distributor of two of the most-used bittorent clients μTorrent and BitTorrent Mainline, claims that the clients have over 100 million unique users worldwide and 20 million daily users.740

735 Ibid. 736 Ibid. 737 Envisional, Technical Report: An estimate of infringing use of the Internet (2011), p. 47. See also Nick Scharf, Napster’s long shadow: copyright and peerto-peer technology, Journal of Intellectual Property Law & Practice 2011, Vol. 6 Issue 11, 806–812. 738 Envisional, Technical Report: An estimate of infringing use of the Internet (2011), p. 7. Envisional measured over eight million users simultaneously connected to the bitTorent network. 739 Cisco Systems Inc. predicts that in 2017 peer-to-peer file-sharing will take up 2% of the worldwide Internet traffic while other file transfer such as streaming will take up 27%. See Cisco Systems Inc., Cisco Visual Networking Index: Forecast and Methodology, 2012-2017 (2013), p.11. 740 BitTorrent Inc., BitTorrent, inc. grows to over 100 million active monthly users (03.01.2011), Business Wire.

206

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

In 2010, it has been found that more than 99% of all material (with the exception of pornographic materials) in the top 10,000 file-sharing swarms was actually infringing copyrights.741 Also in 2012 and according to the British Record Music Industry, BitTorrent and other peer-to-peer applications remained the most popular methods of obtaining copyrighted material on the Internet.742 Around four million users in the UK connected to peer-to-peer networks each month, accounting to 345 million unauthorised downloads via BitTorrent in the first half of 2012.743 In contrast to the 345 million illegal copies, iTunes, Amazon and other authorised music distributors sold 91.7 million tracks and 14.7 million albums in the UK.744 As this numbers have been released by the music industry, they have to be critically assessed, but clearly indicate that peer-to-peer file-sharing is a mass-scale phenomenon and nothing that is conducted by only small groups of the population. 4. The Copyright-Infringing Act As outlined above, peer-to-peer file-sharing allows large amounts of data to be shared because users both download and upload the data. Users download files but necessarily also supply the files to the network as a start. It is the user that provides the opportunity to download. Irrespective of the intentional supply of files, users are often not aware of the fact, that by downloading, they also automatically supply the requested file.745 The strength of peer-to-peer file-sharing is at the same time its biggest weakness: although users may only want to download a file, they regularly also become a contributor and thereby make the requested file available for third parties. By making it available, rights-holders or their agents, who

741 Envisional, Technical Report: An estimate of infringing use of the Internet (2011), p. 10. 742 British Record Music Industry (BPI), Digital Music Nation 2013, the UK’s legal and illegal digital music landscape (2013), p. 26. 743 Ibid. 744 Ibid. 745 This explains the fact that a 2009 study analysing the web traffic of 21,766 hosts of a German Internet service provider showed that BitTorrent had nearly a balanced incoming and outgoing traffic (the upload was in fact 76% of the download traffic), see Amir Alsbih/Thomas Janson/Christian Schindelhauer, Analysis of peer-to-peer traffic and user behaviour (2009), p. 4.

207

Second Chapter: User-Targeted Responses

have infiltrated the network by way of joining a swarm can log the IP address of the users. a) Uploading Regularly Goes Along with Downloading In simple terms, typical peer-to-peer applications require the user to designate directories in his hard drive as part of the peer-to-peer network and thereby making this content available for downloading throughout the network. Once a users starts downloading files, the bits and pieces that he has already obtained are automatically made available to his peers. This however, infringes the right of copyright owners to prevent others from making copies of their work without authorisation, which is the most basic right under copyright law. Copyright owners have the exclusice rights to authorise reproduction and communication of works.746 The right of reproduction may already be infringed when the user that initially plants a file by copying it in the designated directories for distribution via peer-to-peer technology.747 When the files are then dissemintated through peer-to-peer networks, this infringes the right of communication to the public.748 Only a few peer-to-peer clients have the option of deactivating or blocking the uploading function.749 The availability of this function is rare and usually discouraged amongst BitTorrent users because it goes against the basic principles of BitTorrent: the protocol depends on sharing and if no one uploaded content, then it would be useless. Therefore some peerto-peer software keeps track of how much a user downloads compared to

746 See Article 2 of the InfoSoc Directive, whereby “Member states shall provide for the exclusive right to authorise or prohibit direct or indirect, temporary or permanent reproduction by any means and in any form, in whole or in part: (a) for authors of their work; for performers, of fixations of their performances; for phonogram producers, of their phonograms; for the producers of the first fixations of films, in respect of the original and copies of their films; for broadcasting organisations, of fixations of their broadcasts, whether those broadcasts are transmitted by wire or over the air, including by cable or satellite”. 747 Cf. the wording of Article 2 of the InfoSoc Directive, which refers to the direct or indirect reproduction by any means and in any form. 748 Cf. Article 3(1) of the InfoSoc Directive. 749 Cf. European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 6.

208

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

the quantity of his shared materials with the consequence that those who download more than they upload will have their download rate decreased or choked.750 BitTorrent for instance encourages users to upload data using incentives: users, who only download data (so called leeches) are punished by a reduced download rate.751 The incentive principle means that a user will be able to download a requested file faster if he also contributes upload bandwidth. As most users have asynchronous connections to the Internet, meaning that their download speed is significantly faster than their upload speed, uploading data to a peer-to-peer network can take some time. Thus, users often stay connected in order to even their upload – download ratio, which in turn means that the rights-holders have sufficient time to detect and log the data. b) Parts of a Protected Work Enjoy Protection Often users do not succeed in downloading a whole file; and obtain only parts or fragments of a copyrighted work.752 There are different kinds of fragmented files, not all of them may be of use for the downloader. Most peer-to-peer file-sharing software mark fragmented data for instance by adding “part” to the file.753 As a consequence media players cannot open the file.754 Without going into detail, at this point, it shall only be noted,

750 Ibid. So called tit-for-tat incentive strategy. 751 This applies to the original BitTorrent protocol. Several newer clients deviate from the original protocol and may allow more downloads than uploads (e.g. BitTyrant) or even “free-riding” (e.g. BitThief). See Amir Alsbih/Thomas Janson/ Christian Schindelhauer, Analysis of peer-to-peer traffic and user behaviour (2009), p. 2. See also Zhengye Liu/Prithula Dhungel/Di Wu/Chao Zhang/Keith W. Ross, Understanding and improving incentives in private P2P communities (year n.a.). 752 Considering that especially with large files or rare files it may take hours or even days until the download is completed it may happen that the source is suddenly no longer available. See Christian Solmecke/Jan Bärenfänger, Urheberrechtliche Schutzfähigkeit von Dateifragmenten – Nutzlos = Schutzlos, MultiMedia und Recht 2011, 567, 568. 753 Ibid. 754 Ibid.

209

Second Chapter: User-Targeted Responses

that most music formats allow listening to fragments.755 The same applies to most currently utilised video formats. As far as pictures are concerned, the files can regularly be opened once a certain file size has been reached, lacking file fragments will be left black.756 Software and archive file, for instance .zip and .rar files are useless in fragments.757 Relevant in practice are so-called “charts-container”, i.e. files containing for instance the TOP 100 charts.758 These charts-container are either distributed as open containers, or via an archive file. Open containers allow the download of individual files of the container whereas individual songs contained in a .zip or .rar archive cannot be downloaded separately and can only be played once the whole archive file is complete and the content has been unzipped.759 The question that arises in relation to fragmented files is whether the down- or upload of parts of a protected work constitutes a copyright infringement itself. First of all, this discussion can be limited to such files where the file fragments can be opened and used although the file is not complete.760 The download of such file fragments constitutes an unauthorised reproduction and thus a copyright infringement.761 Article 2(a) of the InfoSoc Directive provides that authors have the exclusive right to authorise or prohibit reproduction, in whole or in part, of their works. As regards parts of a work, these parts are not treated any differently from the work as a whole.762 It follows that they are protected by copyright, if they share the originality of the whole work. Thus protection under Article 2(a) of the Directive is granted, provided that the parts contain elements which

755 For this, the fragmented file has to be renamed into .mp3 and must be open directly in the context menue, see ibid. 756 Ibid. 757 Ibid. 758 Ibid. 759 Ibid. 760 Ibid, 569. 761 See only ibid, 569. 762 See for instance CJEU, C-5/08 Infopaq International v Danske Dagblades Forening, para. 38. In this case the Court concluded that it may not be ruled out that certain isolated sentences, or even parts of sentences in the text in question, may be suitable for conveying to the reader the originality of a publication such as a newspaper or article, by communicating to that reader an element which is, in itself, the expression of the intellectual creation of the author of that article.

210

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

are the expression of the intellectual creation of the author of the work.763 Insofar as the file fragment is of no use, i.e. cannot be consumed, it does not enjoy protection under this provision and copyright law in general, because it carries no expression of the intellectual creation of the author.764 However, the situation becomes more complicated, when national law as for instance section 16(3)(a) of the Copyright, Designs and Patents Act 1988 in the UK requires that the infringing act relates to the work as a whole or any substantial part of it.765 It has also been argued, that even if the bits that are shared are too small to enjoy protection under copyright law,766 there nevertheless is an infringing act. This shall be due to the fact, that already the making available to the public of the aggregate parts requires the copyright holder’s permission.767 Hence the relevance of this discussion remains limited.768 By uploading a file, or more precisely and insofar as Bittorrent networks are concerned fragments thereof, during the download process, the

763 Ibid, para. 39. In Germany for instance parts of a work enjoy protection when they themselve constitute an original personal creation. Instead of many see Winfried Bullinger in: Artur-Axel Wandtke/Winfried Bullinger, Praxiskommentar zum Urheberrecht: UrhR (3rd ed. 2009), § 2 UrhG para. 42; Gernot Schulze in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4th ed. 2013), § 2 UrhG paras. 76 et seq. 764 Christian Solmecke/Jan Bärenfänger, Urheberrechtliche Schutzfähigkeit von Dateifragmenten – Nutzlos = Schutzlos, MultiMedia und Recht 2011, 567, 569. 765 See as regards the difficulties in the UK of determining the “taking of a substantial part” in file-sharing cases: James G.H. Griffin, The effect of the Digital Economy Act 2010 upon ‘Semiotic Democracy’, International Review of Law, Computers & Technology 2010, Vol. 24 No. 3, 251, 258. 766 Nico van Eijk outlined in his report on file-sharing for the European Parliament the position that since no substantial part of a protected work can be recognised in the small bits that are exchanged via a BitTorrent network, there shall be no restricted act as an infringement shall usually require that the whole or substantial part of the protected work has been made available (Cf. European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p.9. This conclusion was based on the assumption that national legislation as for example section 16 (3)(a) of the Copyright, Designs and Patents Act 1988 in the UK requires that the work as a whole or a substantial part of it has been made available. 767 Ibid. 768 Ibid.

211

Second Chapter: User-Targeted Responses

user makes the fragments publicly available.769 The making available right is enshrined in Article 3 of the InfoSoc Directive. Again, where fragments are concerned that as such can be consumed, they enjoy protection and their upload infringes copyright.770 For fragments that cannot be consumed independently, this does not apply. An infringement can only then be considered, when the user possesses the complete file.771 In this case, the mere possibility that the file could be uploaded may amount to an infringement as “making publicly available” shall not require an actual upload.772 In this context, it has been discussed whether the specific structure of peer-to-peer file-sharing networks requires a different assessment.773 Although the individual fragments are as such of no use, for those users within a swarm, they are useful because they can obtain the missing fragments from multiple sources and complete the file.774 However, as all members of the file-sharing network act independently, the making available of non-protected fragments by others cannot be mutually attributed in terms of law.775 The attribution of acts of third parties regularly requires intent to commit the infringing act together and intent to commit the infringement at all. File-sharing networks are commonly anonymous, participating users commonly do not know each other. Many users are also not aware that downloading a file implies that they make it available to others. Thus, it will in all cases be necessary to actual look at the file fragments in order to identify whether they enjoy protec-

769 As regards the notion of “making publicly available” cf. De Wolf & Partners, Study on the Application of Directive 2001/29/EC on Copyright and Related Rights in the Information Society (The “InfoSoc Directive”) (2013), pp. 25 et seq. Recently, a first instance court in Germany discussed this particular subject matter with regard to fragments and concluded that the making available of “bits” of a protected work constitutes a copyright infringement, see see also AG München, Decision of 03.04.2012 – 161 C 19021/11, MultiMedia und Recht 2014, 197. 770 See Christian Solmecke/Jan Bärenfänger, Urheberrechtliche Schutzfähigkeit von Dateifragmenten – Nutzlos = Schutzlos, MultiMedia und Recht 2011, 567, 570. 771 Ibid. 772 This is at least the case in Germany, see Thomas Dreier in: Thomas Dreier/ Gernot Schulze, Urheberrechtsgesetz (3rd ed. 2008), § 19a, para. 6. 773 See Christian Solmecke/Jan Bärenfänger, Urheberrechtliche Schutzfähigkeit von Dateifragmenten – Nutzlos = Schutzlos, MultiMedia und Recht 2011, 567, 570 et seq. 774 Ibid, 571. 775 Ibid, 572.

212

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

tion before legal steps can be taken. As regards unprotected fragments, the claimant will have to prove that either a file has been downloaded completely or offered for download as a whole.776 Evidence that only proves that a down- and upload has taken place at some point for a limited time, will regularly not suffice. A further copyright-infringing act could be seen in the creation of a .torrent file.777 The .torrent file as such does not contain any part of the related file that the user wants to share,778 and therefore its creation arguably does not infringe reproduction rights.779 One might however argue that using the title of a protected work to name the .torrent file infringes copyright,780 because even isolated sentences, or parts of sentences may be suitable for conveying to users the originality of a publication.781 As regards the dissemination of a .torrent file by for instance posting the .torrent file on a website, this does not automatically imply that the related file is publicly available, as the .torrent file may be inactive or “dead”.782 Hence, the dissemination of a .torrent file does not necessarily involve the making available of protected material.783 The .torrent file always has to be assessed in connection with the related file. Similarly, someone who downloads a .torrent file only

776 Ibid. 777 See Gaetano Dimita, Six characters in search of infringement: potential liability for creating, downloading, and disseminating .torrent files, Journal of Intellectual Property Law & Practice 2012, Vol. 7 Issue 6, 466–472. 778 Crossreference to functioning of peer-to-peer A. II. 3. 779 Gaetano Dimita, Six characters in search of infringement: potential liability for creating, downloading, and disseminating .torrent files, Journal of Intellectual Property Law & Practice 2012, Vol. 7 Issue 6, 466, 468. 780 Ibid, stating that even the protectability of a single word is not totally excluded by copyright law. This argument is supported by Court of Appeal, Exxon Corp. v Exxon Insurance Consultants [1981] 3 All E.R. 241; CJEU, C-5/08, Infopaq International A/S v Danske Dagblades Forening, [2009] ECDR 16; Court of Appeal, Newspaper Licensing Agency Ltd v Meltwater Holding BV [2011] EWCA Civ 890 (High Court, [2010] EWHC 3099 (Ch)). 781 See only CJEU, C-5/08, Infopaq International A/S v Danske Dagblades Forening, [2009] ECDR 16. 782 Gaetano Dimita, Six characters in search of infringement: potential liability for creating, downloading, and disseminating .torrent files, Journal of Intellectual Property Law & Practice 2012, Vol. 7 Issue 6, 466, 469. A .torrent file becomes “dead” or inactive when all members of a swarm have completed the download of the requested file and disconnect, see ibid, 466. 783 Ibid, 469.

213

Second Chapter: User-Targeted Responses

infringes copyright when he subsequently also starts the download process of the related file. The mere download of the .torrent file does not suffice for infringing reproduction rights.784 c) Non-Applicability of the Private Copying Exception Although a copyright infringement has been established, a user might escape liability if he could rely on the private copying defence. The concept of the “private copying exception” has already been outlined in the first Chapter in the context of lack of understanding by users of copyright law.785 This concept, or defence, exists in most Member States, though in different variations.786 Exception or limitation for private copying is enshrined in Article 5(2)(b) of the InfoSoc Directive, which foresees that “Member States may provide for exceptions or limitations to the reproduction right provided for in Article 2 in the following cases: ...(b) in respect of reproductions on any medium made by a natural person for private use and for ends that are neither directly nor indirectly commercial, on condition that the rightholders receive fair compensation which takes account of the application or non-application of technological measures referred to in Article 6 to the work or subject-matter concerned”. First of all, a private copying exception requires that the copy is made for private use. While

784 Ibid. 785 See above First Chapter, I. 2. c) Lack of Understanding Intellectual Property Rights. 786 Notably, copyright law in the UK does currently not foresee a private copying exception. However, the UK government intends to introduce a narrow private copying exception which will allow individuals to copy content under the condition that they own the content, and have acquired the content lawfully. Under these circumstances, they will be allowed to copy the content to another medium or device for their own personal use. See HM Government, Modernising Copyright: A modern, robust and flexible framework, Government Response to Consultation on Copyright Exceptions and Clarifying Copyright Law (December 2012), p. 25. The House of Lords proposed to insert the following new clause into section 28 of the Copyright Designs and Patents Act 1988: “(5) Any provisions of this Chapter relating to an exception for private copying shall not apply where further copies of copyright works are commercially available, under the terms of the acquisition of the copy of the copyright work concerned, by or with the authority of the copyright owner.” See Intellectual Property Bill [HL], Session 2012–14, 17.07.2013.

214

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

downloading materials from the Internet may be conducted for private use, the downloading from peer-to-peer networks, in particular BitTorrent networks, cannot be considered as copying for private use exclusively since the content is also distributed. In the context of private copying, it is also being discussed whether it is of relevance that the copy has been made from an illegal source.787 The question whether a law which allows copying from illegal sources for private use is compliant with EU copyright law has only recently been subject before the CJEU in Case C-435/12 ACI Adam. In its judgment the CJEU essentially followed the Opinion of the Advocate General788 and held that the private copying exception may only apply to copies from legitimate sources.789 Some national laws, for instance German law, required in this regard that the source has not been evidently illegal, which meant in practice that the exception could also apply to downloads from peer-to-peer networks, because the source could be a private copy from a lawfully obtained copy and thus not be evidently illegal.790 In order to eliminate this loophole, the German Copyright Act now requires that the copying for private use is not permitted when the copy constitutes an evidently illegal reproduction or has been made available evidently illegally.791 While there is less discussion about what constitutes an illegal source (either the content copied is distributed without the rights-holder’s permission or the file from which the content is downloaded has been created without the rights-holder’s consent), the question is to determine when the illegality is evident. 792 The evidential illegality of a source has to be determined from the perspective of an objective bystander.793 As an example for an unlawful copy that stems from an evidently illegal source, the Ger-

787 See above First Chapter, I. 2. c) Lack of Understanding Intellectual Property Rights. 788 See Opinion of the Advocate General in C-435/12 ACI Adam v Stichting de Thuiskopie of 09.01.2014. 789 CJEU, C-435/12 ACI Adam v Stichting de Thuiskopie, Judgment of 10.04.2014. 790 See version of § 53 I UrhG that was in force from 13.09.2003 to 31.12.2007. 791 As regards the intention of the legislator to amend the relevant provision see Deutscher Bundestag, Bundestagsdrucksache 16/1828, p. 18. 792 See for example Thomas Dreier in Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4th ed. 2013), paras. 12 et seq. with further references. 793 At least this is the case in Germany, see Tobias Reinbacher, Strafbarkeit der Privatkopie von offensichtlich rechtswidrig hergestellten oder öffentlich zugänglich

215

Second Chapter: User-Targeted Responses

man Federal Ministry of Justice stated that a download of a film or music file from an “illegal file-sharing network” would fall within that category.794 Though the wording used by the Ministry of Justice is strictly speaking not correct in a legal sense as file-sharing networks are not per se illegal, the idea is well-founded. With regard to peer-to-peer file-sharing networks, the illegality of the source is commonly evident, because rightsholders will regularly not distribute their songs via file-sharing networks but use commercial on-demand services where users will have to pay.795 Even if for instance a band wants to release a title for free, then they will regularly use their own website or that of a cooperating partner/sponsor/ advertiser to do so. As a more in depth analysis of this subject matter would go beyond the scope of this work, at this point, it shall be born in mind that only in a limited number of cases, the private copy exception may apply. 5. Explaining the Demand for Enforcement Schemes Focussing on Peerto-Peer Networks As mentioned above, peer-to-peer file-sharing is a mass scale phenomenon. While the estimates about how much of the traffic is taken up by infringing materials vary, the sheer scope of it leads to the assumption that a lot of copyright infringements take place. The aforementioned functioning of peer-to-peer networks where each member of a swarm of file-sharers commonly also aids in distributing the copyrighted materials explains why they have an interesting playing field for enforcement. First generation networks relied on a central authority to be addressed.796 The newer protocols managed to make copyright enforcement more difficult on the one hand, but also made it more interesting for the rights-holders to go after the individual users that engage in peer-topeer file-sharing. gemachten Vorlagen, Gewerblicher Rechtsschutz und Urheberrecht 2008, 394, 397 with further references. 794 As the press release of 05.07.2007 is no longer available on the website of the Federal Ministry of Justice, see ibid. 795 See also ibid, 400 et seq. 796 As regards the liability of the operator of the central server see the Napster case outlined in the First Chapter, A. III. 1. Early Responses to File-Sharing: Legal Action against the Innovators.

216

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

Rights-holders are generally more interested in enforcing their rights against uploaders than mere downloaders. This has to do with a simple cost-benefit calculation: much time, cost and effort is required to identify infringers, thus, claims are rather brought against uploaders due to the scope of damage they have committed in comparison to a mere downloader. The maximum damage a mere downloader has produced is significantly less than the damage produced by an uploader. By joining a swarm of peer-to-peer file-sharing, the rights-holders can obtain information about who makes a file available. However, as this each swarm is only occupied with sharing one specific file, the acquisition of evidence of an infringement and the subsequent information requests on the identity of a user still involves a lot of time, costs and work. Thus, rights-holders have been lobbying for means to ease enforcement that is less costly for them but also fights copyright infringements effectively.797 III. Technological Challenges in Detecting and Identifying File-Sharers In order to identify infringers, evidence needs to be gathered from a peerto-peer network. As already mentioned, this is usually done by specialist companies and their forensic computer analysts. Due to the anonymity involved in the exchange of data, the data they may accumulate is not sufficient to identify an infringer. They will need to apply for a disclosure order798 or (in the case of graduated response schemes) address themselves to a third party, i.e. the Internet access provider either directly or through an intermediary, that may then provide details of the identity of a

797 For an excellent, but also very critical analysis of the lobbying conducted by the creative industries to strengthen their position when it comes to enforcement issues, see Monica Horten, The Copyright Enforcement Enigma, Internet Politics and the ‘Telecoms Package’ (2012), and Monica Horten, A Copyright Masquerade: How Corporate Lobbying Threatens Online Freedoms (2013). 798 Regularly, obtaining information on the identity of the subscriber of an IP address requires a court order. Surprisingly, 15,5 % of the respondent to a question on the involvement of intermediaries to identify (alleged) infringers in a EU consultation stated that it had been possible for them to obtain such information directly from an intermediary without a court order, European Commission, DG Internal Market and Services, Civil enforcement of intellectual property rights: Public Consultation of the efficiency of proceedings and accessibility of measures, synthesis of the responses (July 2013), p.12.

217

Second Chapter: User-Targeted Responses

potential infringer, or issue a warning to a potential infringer. In case of a disclosure order, the order forces the Internet access subscriber to match the IP address gathered by the rights-holder with the personal details of the Internet subscription holder. 1. In General: Collecting Digital Evidence Commonly, online perpetrators are not easy to identify. Their identification and the identification of their unlawful activities usually requires realtime collection of traffic data and interception of content data. Many cases also require the search and confiscation of stored computer data similar to the search and seizure of tangible objects.799 Such measures for evidencegathering have an intrusive character, and interfere with the right to privacy and the freedom of communication. However, they are necessary because otherwise the prosecution of Internet crimes and other unlawful acts on the Internet could not be sanctioned. With regard to criminal procedure law, three principles have been identified by national legislators that need to be observed when law enforcement clashes with fundamental rights. These principles are: (1) to distinguish between serious and less serious crimes in order to respect the intrusive character of the above mentioned measures; intrusive measures are restricted to the serious crimes; (2) if the intrusive measures are lawful, their application must abide by the principle of proportionality, meaning that they shall be applied only to the minimum necessary extent; (3) the intrusive measures must follow strict procedural rules, that function as safeguards of fundamental rights, such as intrusive measures being subject to permission by judicial authorities or public prosecutors, and the measures being restricted in terms of time.800 However, in most copyright enforcement cases and in particular within the copyright enforcement schemes that will be discussed in the following, the evidence of an infringement is collected by the rights-holder himself or professionalised agents acting on his behalf. Within peer-to-peer file-sharing networks, they can track the IP address of a perpetrator like everyone else that is a member of that network and thus, do not need to employ

799 See as regards criminal proceedings, Articles 19–21 of the Council of Europe Convention on Cybercrime. 800 Cf. Dimitris Kioupis, Criminal liability on the Internet, in: Irini Stamatoudi (ed.), Copyright enforcement on the Internet (2010), p. 249.

218

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

secret surveillance techniques. In some cases, where the rights-holder also wants to press criminal charges, it is up for the respective law enforcement body to decide whether they need further evidence and apply for a search warrant. The initiation of criminal investigations used to be the only means for rights-holders to obtain information about the identity of the subscriber behind an IP address that they had identified. Establishing a connection between IP addresses and identities of real persons is only possible with the help of access providers. Although in the following it will be outlined that EU law does not “require Member States to lay down,…, an obligation to communicate personal data in order to ensure effective protection of copyright in the context of civil proceedings”801, Member States may allow the release of data in their national law; if they do so, this must be in compliance with fundamental rights. When national law allows the identification of the subscriber of a dynamic IP address, the effective application of any such information right presupposes that the Internet service provider is still in the possession of the data that connects the respective IP address to an individual subscriber. As has been mentioned previously, it is unlikely that private single connection subscribers have static IP addresses. They will commonly be allocated dynamic IP addresses. The identification of a subscriber consequently depends on two conditions, namely that the national law allows for the aforementioned disclosure of data by the Internet service provider, and that the Internet service provider retains the traffic data, so that when a request for disclosure is made, the matching of an IP address to a specific subscriber is made possible. Due to data protection laws, the retention of the relevant data is only allowed for billing purposes and must be deleted when payment can no longer be legally pursued. 802 With flatrate plans being the common subscription rate, access providers are not much interested in keeping the relevant records and are in general also not allowed to retain them. Although the Data Retention Directive in the EU requires the relevant records to be retained for a certain period of time (“no less than six months and no more than two years from the date of the communica-

801 CJEU, C-275/06, Productores de Música de España (Promusicae) v Telefónica de España SAU [2008] ECR 271. 802 Pursuant to Article 6(2) of the E-Privacy Directive, the retention is allowed for billing purposes but only as long as the statute of limitations allows the payment to be lawfully pursued.

219

Second Chapter: User-Targeted Responses

tion”803), this does not mean that private parties can request the disclosure of this data. The purpose of data retention under said Directive is “to ensure that the data are available for the purpose of the investigation, detection and prosecution of serious crime”.804 Copyright infringements are not necessarily serious crimes, even if they are committed on a commercial scale. The use of the concept of commercial scale as a demarcation line between criminal and non-criminal copyright infringements is not without problems.805 In general understanding, acts carried out on a commercial scale are intrinsically linked to some economic or commercial advantage, which would normally exclude acts carried out by end-consumers that may even act in good faith.806 However, as the discussion in relation to commercial scale of file-sharing in Germany shows, end-consumers are often unsuccessful with their claim that they their sharing of files in peer-to-peer networks was not on a commercial scale. Although users make not a profit, they enjoy some commercial benefit because they download a file for free.807 They certainly also cause financial damage to copyright owners because within peer-to-peer networks the downloader becomes at the same time a distributor of the requested file.808 Accordingly, the concept of commercial scale alone does not suffice to distinguish a serious crime from other crimes. As there is no legal obligation under EU law for Member State to provide for the retention of communications data for the purpose of pursuing private claims,809 the disclosure of the identity of a subscriber depends on

803 See Article 6 of the Data Retention Directive. 804 Article 1(1) of the Data Retention Directive. 805 Cf. Dimitris Kioupis, Criminal liability on the Internet, in: Irini Stamatoudi (ed.), Copyright enforcement on the Internet (2010), p. 252. 806 Cf. Recital 14 to the IPR Enforcement Directive. 807 Dimitris Kioupis, Criminal liability on the Internet, in: Irini Stamatoudi (ed.), Copyright enforcement on the Internet (2010), p. 252. 808 See above, A. II. 4. a) Uploading Regularly Comes Along with Downloading. 809 See in this regard: European Observatory on Counterfeiting and Piracy, Evidence and right of information in Intellectual Property Rights, pp. 4 et seq., which outlines the example of Spain, in which, following the judgement of the CJEU in the Promusicae case (C-275/06 Productores de Música de España (Promusicae) v Telefónica de España SAU [2008] ECR 271), the domestic court “confirmed that Spanish data protection rules prevent Internet service providers from disclosing the identity of individual account holders to right holders for the purpose of civil proceedings, depriving right holders of a remedy altogether”. Similarly the report states that in Austria, “in the case of on-line peer-to-peer infringements (‘file

220

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

how long access providers store the data for their own business purposes. Because access providers have to respect the general data protection principles of data avoidance and data economy, which requires them to store data no longer than necessary, rights-holders have to be quick in filing their disclosure requests. In practice, many rights-holders will ask for a so-called “quick freeze”, i.e. either the rights-holder or a court will inform the provider about a detected infringement and ask him to refrain from deleting the data. Whether this is possible is a matter of national law, the “freezing” of data would need to be prescribed by law.810 Usually, there is no obligation of access providers to comply with a quick freeze request, at least not with a request by a rights-holder.811 However, most providers comply with such requests and freeze the relevant data until the rights-holder has obtained a court order requiring the disclosure of the information. In practice, most access providers store the relevant data for seven days for internal purposes.812 This period of time will be prolonged if a disclosure request is filed with a court and the court has asked the provider to preserve the relevant data until the disclosure request has been dealt with. Once the disclosure is ordered, the data will be forwarded to the applicant, and subsequently deleted by the access provider. The latter poses a problem for the subscriber when he wants to prepare his defence: He will not be able to obtain log files from the provider. In that respect, subscribers are advised to activate the logging of IP addresses function of their router to keep a protocol of IP addresses that have been allocated to them as this will allow them to

sharing’), the provisions relating to the right of information are in practice not enforceable where information is requested from access providers, due to a decision of the Austrian Supreme Court restricting the retention and processing of dynamic IP addresses”. It also has to be noted that the CJEU, in its judgment in the joined cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others, Judgment of 08.04.2014, has declared the Data Retention Directive, which provided for the retention of data for the purpose of the prevention, investigation, detection and preosecution of serious crime, to be invalid. 810 Data protection law prescribes that data pocessing and storing needs to be prescribed by law. 811 As regards Germany see LG München I, Decision of 20.08.2011 – 21 O 7841/11. 812 This has been confirmed by the Deutsche Telekom in Germany, see Holger Bleich/Joerg Heidrich/Thomas Stadler, Schwierige Gegenwehr – Was tun bei unberechtigten Filesharing-Abmahnungen?, c´t 19/2010.

221

Second Chapter: User-Targeted Responses

identify mistimed logs by the rights-holder or simple transposed digits in IP addresses, i.e. wrongly forwarded IP addresses.813 2. The Necessary Evidence All enforcement measures, irrespective whether criminal or private enforcement, require the identification of a copyright infringement. Relevant data in that context are not only the identification of the infringement as such but also the identification of the infringer or at least the IP address from which the infringement was committed. Whether the identification of the subscriber of that IP address suffices or the actual infringer needs to be identified varies from state to state. Who needs to be identified depends on the substance of the applicable law, i.e. whether it is the actual offender that is to be sanctioned for the copyright infringement or whether a norm exists that sanctions the subscriber for letting the infringement happen from his Internet access. Thus it will be necessary to clearly specify the alleged criminal activity. In addition to the IP address, it will also be necessary to log the access time at which the infringement was committed. Also, information as regards the way the file-sharing has been conducted may be required, such as for example the client used. 3. The Identifiable In order to have a claim, a copyright infringement needs to be identified as well as the infringer or the information leading to the identification of the infringer. As concerns the latter, a file sharer in a peer-to-peer network can only be identified by his IP address. The problems connected with this will be outlined in the following. As regards the identification of an infringer, a public consultation by the European Commission on the civil enforcement of intellectual property rights showed, that many rights-holders have faced problems.814

813 Ibid. 814 Among the 146 respondents who answered questions relating to potential problems in the identification of infringers/alleged infringers of their IPR, 68 % declared having faced problems, European Commission, DG Internal Market and Services, Civil Enforcement of Intellectual Property Rights: Public Consultation

222

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

a) The Copyright Infringement First of all, the copyright holder or someone acting on his behalf must identify an alleged copyright infringement. File-sharing normally can be qualified as an act of communication to the public, because copyright protected works are made available to the public. Some unauthorised files are easy to detect, because the file name carries the title of a song, album, film, or TV series. However, simply from the name of a file it cannot be instantly concluded that the file contains the content it is named after.815 Therefore, someone will actually have to listen to the file in order to identify it as copyright infringing.816 Alternatively, identical files can be identified by their hash value.817 The term hash value refers to a piece of data that is given as the answer to a hash function. By a hash function, a computer creates a short reference code comprising a string of letters and numbers which represents a large piece of data. Every downloaded file has a unique hash value and can be identified on this basis. This hash value is being compared to a digital fingerprint for it is as unique as a human fingerprint.818 In peer-to-peer file-sharing networks, the hash value is for example used to identify each piece of the content to be shared. This enables the tracker to recognise pieces of the content file as they are shared and is intended to ensure that the content files are correctly downloaded and unmodified.819 Similar to the tracker within the file-sharing network, the rights-holder is able to identify a distributed file as infringing by the hash value. With almost certainty a matching hash value represents

815

816 817

818 819

of the Efficiency of Proceedings and Accessibility of Measures, Synthesis of the Responses (July 2013), p.12. See for example Dennis Heinemeyer/Matthias Kreitlow/Arne Nordmeyer/André Sabellek: Kampf gegen Filesharing als Modell verfehlter Mehrfachkompensation? – Fragen zur Schadenshöhe, zu Gesamtschuldnern und Beweisen bei Tauschbörsen, MultiMedia und Recht 2012, 279. Sara Weber, Der Piraten-Jäger, UniSpiegel 2012, Issue 3, 14–16. Cf. in this regard Christian Solmecke/Jan Bärenfänger, Urheberrechtliche Schutzfähigkeit von Dateifragmenten – Nutzlos = Schutzlos, MultiMedia und Recht 2011, 567, 568; Holger Morgenstern, Zuverlässigkeit von IP-AdressenErmittlungssoftware, Zur Sicherheit der eingesetzten Programme und Verfahren zur Verletzungsdokumentation, Computer und Recht 2011, 203, 207. Ibid. See expert report cited by the High Court in Dramatico Entertainment Ltd & others v British Sky Broadcasting Ltd & others, [2012] EWHC 268, para. 19.

223

Second Chapter: User-Targeted Responses

identical files.820 However, even small alterations, for example cutting a music recording by one second, leads to a change in the hash value so that the hash value of the original file and the copy do not match anymore. As aforementioned, in these cases, it will be necessary for the rights-holder to actually verify the work by downloading it and watching/listening to it. This is also necessary with respect to one enforcement measure by the rights-holders themselves: namely, the so-called “poisoning” of peer-topeer networks. The fact that protected works are commonly shared in different versions, e.g. radio edit, remix version, high quality, low quality, and thus, have different hash values was taken as their advantage by rights-holders: they started planting corrupt or invalid versions of their works in the networks.821 These versions may for example contain white noise, advertisements, or warnings about the illegality of file-sharing.822

820 Christian Solmecke/Jan Bärenfänger, Urheberrechtliche Schutzfähigkeit von Dateifragmenten – Nutzlos = Schutzlos, MultiMedia und Recht 2011, 567, 568. Only few instances – under specific conditions – are known where the same hash value represented two different files. Technological progress also means that his is becoming less likely, See Dennis Heinemeyer/Matthias Kreitlow/Arne Nordmeyer/André Sabellek: Kampf gegen Filesharing als Modell verfehlter Mehrfachkompensation? – Fragen zur Schadenshöhe, zu Gesamtschuldnern und Beweisen bei Tauschbörsen, MultiMedia und Recht 2012, 279. File-sharing networks like BitTorrent no longer use the so-called MD5 functions, in which collisions could not be outruled and now uses SHA-1 instead, see http://www.bittorrent.org/beps/ bep_0003.html (last accessed 17.05.2014) For the risks of collisions in MD5 see Xiaoyun Wang/Hongbo Yu, How to Break MD5 and Other Hash Functions, in: Ronald Cramer (ed.), Advances in Cryptology – EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques (2005), Proceedings, Vol. 3494 of LNCS, pp. 19–35. This also makes BitTorrent very resistant against content poisoning. Content poisoning refers to the act by which copyright owners set up decoy peers that respond to download requests with corrupted or falsified files. The rationale behind such a deterring technique is that if users keep downloading falsified files, they will become frustrated and stop downloading from peer-to-peer networks, see Xiaosong Lou/Kai Hwang, Adaptive content poisoning to prevent illegal file distribution in P2P networks (2006). 821 See M. Eric Johnson/Dan McGuire/Nicholas D. Willey, The evolution of the peer-to-peer file sharing industry and the security risks for users, Proceedings of the 41st Hawaii International Conference on System Sciences 2008, p. 4. 822 See ibid, which also refers to Madonna having employed such tactics in the wake of releasing her album “An American Life”. Users that downloaded songs from the album, or at least they thought so, ended up with a file in which Madonna herself questions the user about what he is doing. See also Gil Kaufman, Madon-

224

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

The idea behind this is clear: to frustrate users, who will spend as much time on downloading a corrupted file as they will spend on downloading a good file, and encourage them to switch to legitimate download offers.823 Although advanced and sophisticated networks have developed strategies against polluted content and block results and requests from IP addresses that have been polluting,824 this fact must not be ignored. As regards the upload and download of parts of a protected work, it has already been outlined above, that these parts enjoy protection as long as they are “useful” and contain elements which are the expression of the intellectual creation of the author of the work.825 Insofar as unprotected fragments are concerned, the claimant will have to prove that either a file has been downloaded completely or offered for download as a whole. Evidence that only proves that a down- and upload has taken place at some point for a limited time, will regularly constitute no sufficient evidence. b) The IP Address Due to the technological functioning of peer-to-peer file-sharing, it is not possible to identify a potential infringer straight away. What can be identified is the IP address from which an alleged infringement has taken place. This IP address then needs to be matched against the subscriber to whom it was allocated at the time of the infringement. The problem is that the IP address is connected to a piece of hardware, i.e. router, not to an individual human being. So what can be identified from an IP address is the Internet connection subscriber behind an IP address at a given time. Time logging in that respect is particular important, as many Internet service providers (in IPv 4) allocate a pool of IP addresses as needed, rather than

na to pirates: 'What the F--- do you think you're doing?', Singer lashes out at file traders on P2P networks, MTV news (16.04.2003). 823 Apparently 50 % of popular songs on the FastTrack network were polluted in this way. Cf. Ibid. 824 See Michael Piatek/Tadayoshi Kohno/Arvind Krishnamurthy, Challenges and directions for monitoring P2P file sharing networks – or – Why my printer received a DMCA takedown notice, University of Washington Technical Report 2008, UW-CS, p. 4. 825 See above A. II. 4. b) Parts of a Protected Work Enjoy Protection.

225

Second Chapter: User-Targeted Responses

assigning each computer a never-changing static IP address.826 Whether the issue of correct time logging will still persist in IPv 6, where it will be possible to attribute a static IP address to each subscription remains to be seen. With the IP address, the rights-holder will only be able to determine the Internet access provider that has allocated the IP address to a user.827 In this regard, it is important to recall that dynamic IP addresses are not userbound but provider-bound. Because public records are held in relation to which blocks of IP address have been assigned to particular access providers, a consultation of these public databases will tell the rights-holder the access provider to whom he needs to address his request.828 Having identified the Internet access provider, the rights-holder is only one step away from identifying the subscriber with whom the access provider contracted. However, it is evident that the person who pays for Internet access at a given location is not necessarily the same individual who allegedly downloaded a protected work from that access. An IP address provides only the location at which one of any number of computer devices may be deployed, much like a telephone number can be used for several telephones. A US District Court Judge summarised the problem, that the rightsholders are confronted with, in a 2012 case as follows: “An IP address provides only the location at which one of any number of computer devices may be deployed, much like a telephone number can be used for any number of telephones….Thus, it is no more likely that the subscriber to an IP address carried out a particular computer function – here the purported illegal downloading of a single pornographic film – than to say an individual who pays the telephone bill made a specific telephone call”.829 Like the US District Judge correctly summarised, the identification of an IP address in connection with an infringement is no proof that the subscriber of that particular IP address committed the infringement himself.

826 See above First Chapter, B. I. 1. b) IP Address Allocation. 827 For the functioning of IP address allocation, see Richard Clayton, Online traceability: Who did that?, Technical expert report on collecting robust evidence of copyright infringement through peer-to-peer filesharing (2012), pp. 14 et seq. 828 A simple whois search on the Internet allows everyone to find out which access provider allocates a specific IP address. 829 US District Court, Eastern District of New York, K-Beech, Inc. v John Does 1-37, CV 11-3995 (DRH)(GRB).

226

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

The IP address does not allow the identification of the individual user of a connection at the time of an infringement. If a router is used to share an Internet connection, the routers gets the IP address issued straight from the Internet service provider. It then creates and manages a subnet for all the computers connected to that router. It is common that connections are shared between several users, for example between members of a household. Also, subscribers may grant guests or neighbours access to their flatrate plan. For someone from outside of a household or a community sharing a connection, it is impossible to know who committed the infringement. This becomes even more difficult when business entities offer complementary and free Wi-Fi within their premises. It has for example become common standard for hotels to offer free Wi-Fi to their guests. Also coffee bars try to attract customers by complementary Wi-Fi. Neither the criminal standard of proof, i.e. “beyond reasonable doubt”, nor the civil standard of proof, i.e. “on the balance of probabilities”, are likely to be met in terms of identifying an infringer when several users have access to a secured connection. That the criminal or civil standard of proof is met, becomes even more unlikely where the subscriber has not secured his Internet connection. In determining liability, it will be necessary to consider the level of security mechanisms that have been implemented to protect a Wi-Fi network.830 Irrespective of the required security standard, many subscriber still do not realise or know how to secure their network. Even if they do, a likely, though rare scenario, is that Wi-Fi-networks are hacked by third parties.831 With improved security standards,

830 Wireless routers have gained popularity in recent years (Wi-Fi penetration of households in 2011: UK 73.3 %, Germany 71.7 %, France 71.6 %. See Business Wire, Strategy analytics: A quarter of households worldwide now have wireless home networks, Business Wire (04.04.2012). Many Internet service providers provide a complimentary wireless router as part of their Internet access service. While wireless networks may be more convenient in terms that one does not have to run cables through the house to interconnect different computers to the router, it also means that the connection may be more vulnerable. 831 This issue was also raised by the Joint Committee on Human Rights in the UK when discussing the Digital Economy Bill, see House of Lords, House of Commons, Joint Committee on Human Rights, Legislative Scrutiny: Digital Economy Bill, Fifth Report of Session 2009-10, HL Paper 44 = HC 327 (05.02.2010), p. 87.

227

Second Chapter: User-Targeted Responses

these incidents are declining in number, but cannot be ruled out as hackers may decrypt network keys.832 4. The Identifier If a copyright infringement is suspected, the rights-holder needs to gather evidence of that alleged infringement. The process of identifying an infringement and the IP address from which an infringement took place is usually outsourced to private investigation companies that have specialised in this form of information gathering. They use various proprietary technologies, of which some will be discussed in the following. The details of the process are vital to prove an infringement in court. Advances in technologies mean that techniques for identification also progress, hence, the following will only briefly relate to a few recent detection and evidence gathering processes in order to give a basic idea of their functioning. a) How Data Is Harvested The collecting, or “harvesting” of IP addresses is usually conducted by a company specialised in the detection of online copyright infringements.833 The right holders usually employ a third party company, for instance Logistep and Pro Media834 in Germany, DtecNet in Ireland or Trident Media Guard835 in France. These companies have specialised in the detection of file-sharing of copyrighted works and monitor peer-to-peer networks for incidents of illegal file-sharing by using special software. Usually a forensic computer analyst will install a peer-to-per client on his com-

832 In September 2013, German police arrested a man that hacked the Wi-Fi-networks of his neighbours to download child pornography. See Spiegel Online, 22Jähriger festgenommen: Ermittler entdecken riesige Kinderporno-Sammlung in Köln, Der Spiegel online (19.09.2013). 833 A detailed account on how data is harvested is given by Morgenstern in Holger Morgenstern, Zuverlässigkeit von IP-Adressen-Ermittlungssoftware, Zur Sicherheit der eingesetzten Programme und Verfahren zur Verletzungsdokumentation, Computer und Recht 2011, 203, 205. 834 Sara Weber, Der Piraten-Jäger, UniSpiegel 2012, Issue 3, 14–16. 835 http://www.tmg.eu/.

228

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

puter and will join a “swarm” of file-sharers.836 He monitors the swarm and records the IP addresses of those connections that share the file. As most people under IPv 4 do not have static (i.e. unchanging) but dynamic IP addresses837, the IP addresses only create a temporary reference point. Thus, it is important for the right holder that further data is collected to be able to identify a potential infringer and preserve evidence of an infringement. What information and how this information is being collected will be outlined by two examples, one from Germany and one from Ireland.838 The restriction to two examples is based on the assumption that basically all harvesting takes place in a similar way and no detailed understanding of the software in use is necessary. The examples try to provide a general overview in a non-technical language. Logistep in Germany for instance uses a self-developed monitoring software that collects information from various peer-to-peer networks. In particular, Logistep searches for copyright-protected works of their clients and logs – following a successful “test download” – the IP addresses of the participating users, as well as further information such as the actual time, the hash value of the file, the user's pseudonym within the sharing software, the name and version of the software.839 Similarly, DtecNet, which is employed by EMI in Ireland, searches peer-to-peer networks for files being uploaded which are subject to copyright.840 DtecNet does what any user of a peer-to-peer network does in order to obtain a file that is

836 For a general description of how a monitoring software will proceed to use a peer-to-peer system to download a copy of a file after it has obtained a torrent file, see Richard Clayton, Online traceability: Who did that?, Technical expert report on collecting robust evidence of copyright infringement through peer-topeer filesharing (2012), pp. 8 et seq. 837 Dynamic means that the user’s router will usually be given an IP address only for a certain period of time by the Internet service provider. Thus, the address will change from time to time, see above in the First Chapter, B. I. 2. b) Dynamic IP Addresses. 838 Although no Irish enforcement scheme will be analysed, the way data is harvested will be presented as the Irish High Court in EMI v UPC (Irish High Court, decision of 11.10.2010, [2009] no 5472 P) outlined in detail how the system deployed by “DtecNet” operated. 839 Cf. Felix Buchmann/Sebastian Brüggemann, Der Preis des “Filesharing” – Streitwert, Schadensersatz und Kostendeckelung nach § 97 a Abs. 2 UrhG, Kommunikation und Recht 2011, 368–373. 840 Irish High Court, EMI v UPC, Decision of 11.10.2010, [2009] no 5472 P, para. 34.

229

Second Chapter: User-Targeted Responses

being shared: DtecNet searches peer-to-peer networks for copyrighted files being uploaded. If it finds such a file, it will request the file, which is subsequently transmitted to, and copied, by DtecNet’s computer. Integral for this process is to obtain basic information about the uploader from whom the work is being transmitted: the user’s pseudonym and the IP address of the user, the relevant time, data and identification of the copyright material.841 If the IP address is registered to an Irish service provider, Dtecnet will identify how many copyrighted files were being made available “by that user on peer-to-peer software”.842 A list of these files will then be captured in the form of a log containing the name, size and hash value of user’s shared files.843 As regards the fact that with BitTorrent files are split into small blocks of data, the Irish High Court held in EMI v UPC that “Although a music file may be split up in several hundred pieces, each of them carries a sufficient identification through the file # for it to be fitted into an appropriate order of sense and sufficient to clearly identify that it is a portion of a work which is subject to copyright. In all of the examples of which the Court was provided evidence, there is nothing to suggest that if only a tiny portion of the work was being uploaded that that would be insufficient to identify it. Rather, what peer-to-peer involves is obtaining the entire music recording that is desired. The file # identifier ensures that it is put into a correct format and order. The process of DtecNet is automatic, in the sense that the handshake between the computers, in peer-to-peer terminology, is fully automated.”844

As these “harvesting” techniques all require that the agent of the rightsholder infiltrates the network, friends-to-friends network, where the users know and/or trust each other, carry a natural barrier against detection. The software always needs to somehow obtain access to a swarm of file-sharers. Regularly rumours occur, that rights-holders or third parties on their behalf plant so-called “honeypots” into file-sharing networks.845 In file-

841 842 843 844 845

230

Ibid. Ibid. Ibid. Ibid. Cf. reports on notorious torrent sites such as extratorrent.cc which reported in March 2011 that “Portugal created honeypot to fight piracy” (see http://extratorr ent.cc/article/1167/portugal+created+honeypot+to+fight+piracy.html [last accessed on 17.05.2014]). Apparently, the music industry in Portugal agreed to

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

sharing circles the term honeypot is used for websites and swarms specifically created in order to lure users into downloading copyrighted content. The honeypots serve as traps designed to gather the IP addresses of those who try downloading the content. As the user who joins the swarm is not in the position to acquire information whether the file was planted on purpose (and thus, authorised), or not, he may end up being charged for downloading from a lawful source without having a realistic chance to prove this. Similar to the response to corrupted files, sophisticated networks may avoid systematic monitoring of peers by operating IP blacklists. 846 They will block the IP addresses of suspected monitoring agents, and thereby protect against direct monitoring techniques that involve actual data exchange between monitoring agents and peer-to-peer clients. It is however expected that rights-holders, or more precisely their enforcement agents will shift to more conclusive methods of identifying users.847 b) Reliability of Data Harvesting/Evidence The question that follows from the employment of software to harvest data is the reliability of IP address evidence.848 While cases that attract media attention are regularly those where a grandmother without a computer is accused of downloading indecent content,849 from Germany instances are known where a court denied disclosure orders because it believed that an

846

847 848

849

grant Portuguese authorities the right to upload copyrighted files to file-sharing networks. Michael Piatek/Tadayoshi Kohno/Arvind Krishnamurthy, Challenges and directions for monitoring P2P file sharing networks – or – Why my printer received a DMCA takedown notice, University of Washington Technical Report 2008, UWCS, p. 4. Ibid. Holger Morgenstern, Zuverlässigkeit von IP-Adressen-Ermittlungssoftware, Zur Sicherheit der eingesetzten Programme und Verfahren zur Verletzungsdokumentation, Computer und Recht 2011, 203 – 208. For recommendations as to the standards that should be set in relation to monitoring systems to ensure that the collection of IP address of uploaders of copyright infringing materials on peer-topeer networks is robust and error-free, see Richard Clayton, Online traceability: Who did that?, Technical expert report on collecting robust evidence of copyright infringement through peer-to-peer filesharing (2012). Andrew Murray, Information Technology Law (2nd ed. 2013), p. 288.

231

Second Chapter: User-Targeted Responses

error has occurred in the logging or transmission of IP addresses.850 For instance, a court in Cologne refused a disclosure order where the request for disclosure contained numerous identical IP addresses. As the Internet service provider concerned allocates a new dynamic IP address every 24 hours to its users, and considering the amount of available IP addresses, the Court could not be convinced that a number of IP addresses were regularly involved in copyright infringements.851 In 2008, the same court had previously denied access to criminal files to rights-holders arguing that the reliability of the harvested data had not been proven. Criminal investigations into alleged online copyright infringements had shown that more than 50% of the data harvested could not be allocated. In other cases, the error rate was more than 90%, assumingly due to mistimed logs.852 Questions of validity of gathered evidence have also been raised in connection with recent copyright enforcement legislation.853 Potential sources of error will be briefly outlined in the following. No claim is made that this list is complete. aa) Manipulation of File-Sharing Clients A 2008 study by researchers at the University of Washington revealed that DMCA takedown notices in the US are also sent based on inconclusive evidence—and sometimes even to printers and other devices that do not download music or movies at all.854 Although the study did not examine a

850 OLG Köln, Decision of 10.02.2011 – 6 W 5/11, MultiMedia und Recht 2011, 322. 851 Ibid, 323. 852 See LG Köln, Order of 25.09.2008 – 109-1/08. For a comment on the case see Holger Bleich/Joerg Heidrich/Thomas Stadler, Schwierige Gegenwehr – Was tun bei unberechtigten Filesharing-Abmahnungen?, c´t 19/2010. 853 Cf. for instance House of Lords, House of Commons, Joint Committee on Human Rights, Legislative Scrutiny: Digital Economy Bill, Fifth Report of Session 2009-10, HL Paper 44 = HC 327 (05.02.2010), p. 87. 854 Michael Piatek/Tadayoshi Kohno/Arvind Krishnamurthy, Challenges and directions for monitoring P2P file sharing networks – or – Why my printer received a DMCA takedown notice, University of Washington Technical Report 2008, UWCS. See also Richard Clayton, Expert Opinion in case R (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, paras. 49 et seq.

232

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

software that is specifically being used in Europe to detect infringements, the findings give insight into the weaknesses of the process of detection. They identified a main weakness in current methods of detecting copyright infringement in BitTorrent, namely the treatment of indirect reports as conclusive evidence of participation.855 The research revealed that some rights-holders or companies acting on their behalf relied on information from the search phase of the protocol, and did not try to download a file and identify where it came from. The researchers run specialist BitTorrent programmes that looked as if they were doing file-sharing, but instead they were just recording statistics about the speed and effectiveness of the system. In the following, the researchers received cease and desist letters in which they were accused of copyright infringement. The tracker of the copyright holders had registered their interest in a particular file, which let to the rights-holder conclusion that the researchers were actually transferring the file. While other users whose IP addresses were present in the tracker file were actively file-sharing, the researchers were not. By default, BitTorrent trackers record the source IP address from the request as the actual address of the peer to be delivered to other peers, and from this the rights-holders had drawn their conclusion. In the following, it could be proved that entries in the torrent files could be forged by providing IP addresses that were not involved in file-sharing at all. This has to do with some BitTorrent tracker implementations supporting “an optional extension to the peer request message that allows requesting clients to specify a different IP address that the tracker should record in its list of peers instead”.856 Accordingly, the researchers could frame arbitrary IP addresses for infringements (“IP spoofing”).857 Of 281 DMCA complaints, that they received, only 18 were for IP addresses that they attempted to implicate.858 The majority of complaints targeted the IP addresses from which they launched their spoofed requests. Without going into too much detail, the experiment succeeded in proving that there are

855 Michael Piatek/Tadayoshi Kohno/Arvind Krishnamurthy, Challenges and directions for monitoring P2P file sharing networks – or – Why my printer received a DMCA takedown notice, University of Washington Technical Report 2008, UWCS. 856 Ibid, p.3. 857 Ibid. 858 Ibid

233

Second Chapter: User-Targeted Responses

BitTorrent trackers that do not record the IP source address and are open to IP spoofing. Malicious users may further trigger misreporting, since the torrent meta data files that specify trackers are user-generated. A coordinating BitTorrent tracker can be manipulated so that he may falsely implicate an IP address in a swarm of file-sharers by simply returning that IP address as a peer regardless of participation.859 bb) Mistimed and Mismatched Logs However, it is not necessary for false implications that malicious users are involved. Incorrect evidence may also be gathered in rather simpler ways.860 Reports of logs can be mistimed.861 Because IP addresses are allocated dynamically, the logging of the correct time is essential to identify an alleged infringer. Even an error in seconds may lead to the wrong subscriber being accused – depending on how fast the IP addresses are newly allocated. Similar to mistimed logs, timestamps may be incorrectly translated: attention needs to be paid to the correct translation of time-zones.862 In this regard, human error is the most likely pitfall.863 859 Ibid. 860 As regards the frequency of mistimed and inaccurate logs,see Holger Bleich/ Joerg Heidrich/Thomas Stadler, Schwierige Gegenwehr – Was tun bei unberechtigten Filesharing-Abmahnungen?, c´t 19/2010. 861 For different scenarios how this can happen see Michael Piatek/Tadayoshi Kohno/Arvind Krishnamurthy, Challenges and directions for monitoring P2P file sharing networks – or – Why my printer received a DMCA takedown notice, University of Washington Technical Report 2008, UW-CS. 862 Richard Clayton reports from a case where he was employed by the Crown Prosecution Service after flaws in the Internet traceability evidence were encountered during cross-examination of a witness in a 2009 UK murder trial. The Internet service provider in that case was asked to identify eight IP addresses, of which it initially could only match four due to incorrectly translated times in Pacific Daylight Saving Time (PDT) into Greenwich Mean Time (GMT). In addition, one event was incorrectly reported by the police to have occurred at 18:50 GMT, when it had in reality occurred one hour previous at 18:50 British Summer Time (BST). Richard Clayton, Online traceability: Who did that?, Technical expert report on collecting robust evidence of copyright infringement through peer-topeer filesharing (2012), p. 28. 863 Cf. ibid.

234

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

cc) Misreporting by Trackers Misreporting by trackers is the most straightforward way to falsely implicate an IP address in an infringement.864 Misreporting takes place when the coordinating tracker in a BitTorrent network returns an IP address as a peer although that IP address is not participating in the swarm. This can happen through manipulation of the user-generated tracker by malicious users.865 dd) Problems Belonging to the Sphere of the Subscriber: Unsecured Computers and Wi-Fi Connections Wi-Fi insecurity is fertile ground for cybercriminals.866 A substantial percentage of users does not understand how to change the security settings on their Wi-Fi networks.867 Many users are unsure whether their network is secure.868 Innocent users may also be implicated for copyright infringement, if malware (malicious software) is running on their computer that downloads or hosts copyrighted content.869 Malware can install itself if a computer does not run an anti-malware software. Also, their home network may have an open, or at least not appropriately secured Wi-Fi access point, which a non-authorised third party may use to share copyrighted content. In this regard, it will be for the courts to decide – if at all – which security standards are required when running a Wi-Fi access point.

864 Ibid. 865 Ibid. 866 Neil MacEwan, A tricky situation: deception in cyberspace, Journal of Criminal Law 2013, Vol. 77 Issue 5, 417, 422. 867 Ibid with further references. 868 Ibid. 869 Richard Clayton, Online traceability: Who did that?, Technical expert report on collecting robust evidence of copyright infringement through peer-to-peer filesharing (2012), p. 28.

235

Second Chapter: User-Targeted Responses

c) Evasion of Detection: Migration to (More) Secure Peer-to-Peer Networks Almost as easy as IP addresses can be identified in peer-to-peer networks, users, that have some IT-literacy can evade detection. The logging of an IP address in Peer-to-Peer networks only works as long as the communication takes place “in public”. Many variations of BitTorrent technology have evolved, which may avoid legal detection of copyright infringement by wither encrypting the content shared, or hide the IP addresses of the users sharing files. In addition, files may be changed in friend-to-friend networks, where users know and trust each other. aa) Anonymous Peer-to-Peer Networks Users that desire anonymity because they do not wish to be identified as copyright infringer may use anonymous or pseudonymous peer-to-peer technology. 870 The level of anonymity is different to that of conventional peer-to-peer networks, which is rather a perceived anonymity as long as the subscriber details of a certain IP address are not revealed. Faced with increased enforcement actions against peer-to-peer fileshares, anonymous peer-to-peer communication systems provide an environment that is much more difficult for rights-holders to infiltrate and can also be more efficient for users. It is beyond the scope of this work to enter into detailed explanation of the technology that enables anonymous file-sharing over the Internet, hence it is only briefly outlined to acknowledge its existence. Interest in such peer-to-peer system has increased for many reasons, ranging from the desire to legally share files without revealing one’s network identity (IP address) due to concerns over mass surveillance and data retentions, to a desire to stay anonymous because one share copyright protected works and fears a lawsuit. Anonymity/pseudonymity is achieved by special routing overlay networks that hide the physical location of each node/participant from other participants. In this context pseudonymous communication refers to the fact that instead of being identified by their IP

870 For the development of anonymous peer-to-peer file-sharing see Jessica A. Wood, The Darknet: A digital copyright revolution, Richmond Journal of Law & Technology 2010, Vol. 16 Issue 4, pp. 1 et seq.

236

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

address, users are identified by pseudonyms such as cryptographic keys. Cryptographic keys can either be used to identify specific nodes (meaning that the participant will stay anonymous e.g. in the MUTE network), or to identify specific pieces of data (e.g. in Freenet).871 Both types of networks are referred to as anonymous, because it is impossible – or at least difficult – to determine whether a node that sends a message originated the message or is simply forwarding it on behalf of another node. For Freenet872 this means that clients retrieve files from other Freenet user’s computers (= nodes), while a server relays requests and files for other Freenet clients on the network.873 Files are retrieved and transmitted from node to node. The unique feature is that each node is only aware of nodes with which it can directly communicate. Hence, each user’s computer may thus only know the IP address of the last node in the network of nodes that it had contact with. For a receiving node it is not possible to know whether that last node originated the file, or just passed on a copy from an earlier node.874 In addition, unlike most peer-to-peer systems, Freenet users who wish to share a file do not simply make that file available, but create a “key” for the Freenet file, and insert the file into their node. As finally all communication between nodes is encrypted, it is impossible (or at least really difficult) for third parties to monitor the content of file requests.875 Anonymous peer-to-peer networks may also be truly anonymous, i.e. that the network nodes do not carry any identifiers, or pseudonymous, meaning that the nodes are identified by pseudonyms such as cryptographic keys. Like with Freenet, every node then acts as a universal sender and receiver, and forwards information for others on the network to prevent the determination of origin of a message. Anonymous peer-to-peer networks can either exist in the opennet or in the darknet/friend-to-friend network type. In opennet network, peer nodes are discovered automatically and there is little control available to the user which nodes become his peers. The majority of anonymous peer-to-peer systems are darknet/ 871 As regards Freenet see ibid, pp. 19 et seq. 872 Freenet was founded in 2000 as a decentralised peer-to-peer system. 873 For the detailed functioning of Freenet, see Ryan Roemer, The digital evolution: Freenet and the future of copyright in the Internet, UCLA Journal of Law & Technology 2002, Vol. 6 Issue 2, 1, 5. 874 Ibid. 875 Ian Clarke/ Scott G. Miller/Theodore W. Hong/Oskar Sandberg/Brandon Wiley, Protecting free expression online with Freenet , Ieee Internet Computing 2011, Vol. 6 Issue 1, 40, 45.

237

Second Chapter: User-Targeted Responses

friend-to-friend networks, where users manually establish connections with nodes that belong to users they actually know and trust.876 These networks typically need more effort to set up because a node only has trusted nodes as peers.877 Darknet networks often also support indirect anonymous communication between users who do not know or trust each other: Users in these networks cannot find out who else is participating beyond their own circle of friends, but communication with remote nodes is possibly by sending messages across the overlay network without compromising anonymity. 878 While it was already predicted in 2004 that Darknet is “[t]he collection of networks and other technologies that enable people to illegally share copyrighted digital files with little or no fear of detection”,879 in the wake of the latest US copyright enforcement initiatives,880 increases in the usage of darknet/friend-to-friend networks have been reported.881 Where a user engages in anonymous peer-to-peer networks, it will be almost impossible to identify the origin of a file or part thereof and/or the identity of a participant in the network. bb) Friends-to-Friends Networks In addition, users may also opt to migrate to such file-sharing technologies that only allow the exchange of files between friends (friend-to-friend networks), or at least trusted members. The infiltration of such, rather “pri-

876 See Michael Rogers/Saleem Bhatti, How to disappear completely: A survey of private peer-to-peer networks (2007), available at http://www.cs.st-andrews.ac.u k/~saleem/papers/2007/space2007/space2007-rb2007.pdf. (last accessed 17.05.2014) 877 Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights (2011), p. 19. 878 Tom Chothia/Konstantinos Chatzikokolakis, A survey of anonymous peer-to-peer file-sharing, pp.1 et seq. 879 Fred von Lohmann, Measuring the Digital Millennium Copyright Act against the Darknet: Implications for the regulation of Technological Protection Measures, Loyola of Los Angeles Entertainment Law Review 2004, Vol. 24, 635, 637. 880 Like SOPA, PIPA and ACTA. 881 Ernesto, Anonymous, decentralized and uncensored file-sharing is booming, TorrentFreak (03.03.2012) See also Nate Anderson, Darknets and the future of P2P investigators, Ars Technica (05.03.2009).

238

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

vate” peer-to-peer groups is much more difficult than public peer-to-peer networks.882 cc) VPN Clients, Proxies and TOR Instead of Freenet or darknet/friend-to-friend networks, users may also use virtual private networks (VPN) to hide their identity. Simply speaking, VPNs create an encrypted tunnel between the user’s computer and the host server, meaning that the user’s Internet service provider will only see that he has connected to a VPN server, but will not be able to obtain information on the user’s activites. Prominent examples of VPN networks are university networks. The VPN servers of a university network will however regularly log data when users connect. However, there are also providers of VPN, which are truly anonymous and do not keep logs.883 In contrast to VPN clients, proxy servers are computers that act as intermediaries between the user’s computer and the Internet. All traffic is diverted through a proxy server and will appear to come from the proxy server’s IP address. Thus, identification of the IP address will only help to identify the proxy.884 Commercial anonymisation services are usually proxy-based. As a further anonymisation mechanism, a user may also simply use TOR885 to hide his original IP address. The advantage of TOR in comparison to an anonymising proxy or VPN client is that the user does not need to trust a single third party. Instead, in the TOR network, each client selects three proxies from a large number of available proxies. These encrypt the content transmitted and each proxy can only remove one layer

882 Cf. Electronic Frontier Foundation, RIAA v The People; Five Years Later, Electronic Frontier Foundation (30.09.2008). 883 See for example Enigmax, Which are the best anonymous VPN providers, TorrentFreak (07.10.2011). 884 In the UK, one of the difficulties with proxies alone is the costs involved to identify the “end-user”. It has been argued that it can be “prohibitively expensive” to obtain orders against file-sharers who have used “proxy servers” to conceal their identities, because orders will be required from a number of Internet service providers and because the copyright owner is liable to meet the defendant’s costs as well as his own. See Andrew Tibber, Know your enemy, Magazine of the Society for Computers and Law 2008, Vol. 19 Issue 4, 1, 3. 885 TOR = The Onion Router, see tor.org.

239

Second Chapter: User-Targeted Responses

of encryption.886 The first proxy (the “entry node”) can only remove the first layer of encryption which will give information about the second proxy (the “middle node”). The middle node will be able to remove the second encryption layer, which will give information about the final proxy (the “exit node”). Providers of TOR services do not retain traffic data, so that the originating IP address cannot be identified. Even if the providers would be obliged to retain this data, TOR could always evade the retention of identifying data by using TOR servers in third countries.887 d) The Burden of Proof Though usually the rights-holder will have to provide all evidence to support his claim, national law may foresee a shift of the burden of proof for some elements. As an analysis of this field would go beyond the scope of this research, the following will outline a few issues that have arisen in Germany with regard to the burden of proof. The rights-holder is in a position to prove that an infringement has been committed from a particular IP address at a given time. He will however have difficulties to prove that the subscriber of that IP address has committed the infringement. In civil procedure law, the claimant usually carries the burden of proof for all circumstances that are necessary to establish a claim. Hence, he will not only have to prove that an infringement has been committed but he will commonly also have to identify the infringer. Sometimes the subscriber will admit that he committed the infringement, or it may be established that he was the only person using a secured connection (i.e. a connection that was protected against intruders from outside); but usually, without further information regarding the identity of the infringer, it is almost impossible to prove that the subscriber is the actual infringer. Thus, national legislation will be necessary that provides for establishing liability without the need to identify the infringer. In the second part of this Chapter, we will see that for instance the national legislator in France recognised this issue and introduced a provision under which the subscriber will be liable for infringements that have been committed via his

886 Cf. Lukas Feiler, Tor als Prüfstein der Data Retention Richtlinie (2005). 887 Ibid.

240

A. The Peer-to-Peer File-Sharer as the Addressee of Enforcement Measures

connection. Although he will not be liable for infringing copyright as such, liability will arise for failure to prevent an infringement by securing his Internet connection and/or instructing third parties that are authorised to use his Internet access to refrain from copyright infringements. Another approach to establish liability would be to shift the burden of proof in the sense that the subscriber would have to prove that he is innocent. However, rather than introducing a shift of the burden of proof the German Federal Court of Justice introduced an alleviation of the standard of proof: when a protected work has been made publicly available from a certain IP address, which has been allocated to a specific subscriber at the time of the infringement, there shall be an actual presumption that the subscriber is responsible for the infringement. In order to rebut this presumption, the subscriber will have to provide plausible arguments that another cause of action is possible.888 This requirement will regularly be fulfilled, when the defendant can show that someone else - commonly family or other household members - used the connection.889 This approach also seems to be taken by the UK when the DEA 2010 requires a subscriber who wants to appeal a warning to prove that “the act constituting the apparent infringement to which the report relates was not done by the subscriber, and the subscriber took reasonable steps to prevent other persons infringing copyright by means of the Internet access service”890. Also the French approach is rather similar when it comes to rebutting the presumption of failure to comply with the obligation to secure one’s Internet access: in that respect the subscriber will have to prove that he has taken reasonable steps to secure his Internet access, and instructed third parties,

888 The subscriber will not have to provide evidence but convince the court that someone else has committed the infringement. See Christian Solmecke/Felix Rüther/Thomas Herkens, Uneinheitliche Darlegungs- und Beweislast in Filesharing-Verfahren – Abweichen von zivilprozessualen Grundsätzen zu Gunsten der Rechteinhaber?, MultiMedia und Recht 2013, 217, 218; Christian Solmecke, Darlegungs- und Beweislast in Filesharing-Verfahren – Eine Auswertung der Aktuellen Rechtsprechung, in: Jürgen Taeger (ed.), Law as a Service (LaaS) – Recht im Internet- und Cloud-Zeitalter (2013), Band 1, pp. 447–459. See also BGH, Decisions of 11.06.2015 – I ZR 75/14; I ZR 7/14 and I ZR 19/14 (Tauschbörse I – III). 889 See ibid and OLG Köln, Decision of 16.05.2012 – 6 U 239/1, MultiMedia und Recht 2012, 549; LG Köln, Decision of 11.09.2012 – 33 O 353/11, Zeitschrift für Urheber- und Medienrecht 2013, 66. 890 See section 13(6) DEA 2010.

241

Second Chapter: User-Targeted Responses

whom he allowed to use the connection, to refrain from copyright infringements. IV. Resume Peer-to-peer file-sharing is not just one of the most popular file-sharing mechanisms, but also a mechanisms were infringements can be detected without too much effort. However, detecting an infringement does not mean, that the rights-holder can enforce his rights by either pursuing a claim or sending out a warning. He will regularly only be able to obtain the IP address from where an infringement has been committed. Internet access providers possess the information necessary to become active against an infringer. How this information can be obtained from the access provider will be discussed in the context of national enforcement schemes as under certain schemes, the rights-holder will not be provided with information about the identity of a subscriber unless a certain number of infringements has been committed via his connection. The identification of a subscriber however does also not necessarily imply the identification of the actual infringer. Similar to phone numbers an IP address only allows the identification of the subscriber but not the identification of someone who did a specific call/committed an infringement. As regards the logging of the IP address in connection with an infringement and further data, that may serve as evidence for the existence of a copyright infringement, much depends on accuracy of logged traffic and reliability of the logging software. Minor defaults as for example incorrect logging of times may lead to the wrong subscriber in case of dynamic IP addresses. Particular attention also needs to be paid with regard to evidence of the copyright infringement as such. In the most popular form of peer-to-peer file-sharing, BitTorrent, the requested file is divided into small parts, which are then distributed. Although parts of a protected work also enjoy protection, the parts have to be useful, in the sense that they must be consumable. This can mean that a certain percentage of a works needs to be downloaded to establish an infringement. Also, the fact that the title of a file does not necessarily corresponds to its content, requires that the infringement is actually manually verified. Advances in technology also mean that sophisticated networks block suspected agents of rights-holders or render communication truly anonymous. As the latter still requires a certain degree of IT-literacy or at least some understanding of the functioning of peer-to242

B. National Enforcement Measures Against Users

peer file-sharing, there are still huge numbers of users engaged in “normal” peer-to-peer networks, so that this field of action remains an interesting target for rights-holders. B. National Enforcement Measures Against Users Copyright enforcement against users can take different formats. Users may be addressed under criminal law, or may be sued under civil law. The following parts of this Chapter will first ouline the legal framework for seeking enforcement against individual users under European Union Law before enforcement on a national level is addressed. As regards the latter, a particular focus will be on statutory graduated response schemes that foresee as a final step a penal sanction. Because these schemes are met with controversy, the final section of this Chapter will also look at alternative enforcement means that exist under civil law such as cease and desist letters. I. Legal Framework under European Union Law Measures that target end-users by either sanctioning them under criminal law, or requesting compensation for damages from them, need to be in conformity with European law. European law sets up a common framework for all Member States, and needs to be obeyed by the Member States not only when setting up copyright enforcement provisions, but also when applying the law. In response to the increased number of copyright infringements and in order to achieve equal protection and enforcement mechanisms in a harmonised market, a number of measures updated over recent years now exist at EU level that deal with infringements of intellectual property rights. In the following the regulations and directives which set up the legal framework for any user-targeted enforcements mechanisms in relation to peer-to-peer file-sharing will be briefly outlined. In addition, to the following directives and regulations, the fundamental rights of the actors involved are of course of fundamental importance. When applying the framework, every measure needs to be weighed against the fundamental rights outlined in the first Chapter.

243

Second Chapter: User-Targeted Responses

As Directives set forth objectives that need to be achieved by the Member States when transposing the Directive into national law, while leaving them the choice as to the forms and methods of implementation, some of the wording used in the Directives is relatively broad, and they contain a number of indefinite legal terms. They require interpretation by the CJEU, which will in this regard necessarily consider “not only its wording, but also the context in which it occurs and the objectives pursued by the rules of which it is part”.891 Hence, the outline of the legal framework will be complemented by some case law dealing with the interpretation of the legal objectives of the Directives. The case-law will be limited to landmark cases in respect to copyright enforcement. 1. Copyright Law Providing for Remedies against and Sanctions of Individual End-Users At a European level, two fields of laws are important in the context of remedies against and sanctions of end-users, namely copyright law and data protection law. As regards copyright law, in particular the IPR Enforcement Directive provides for enforcement mechanisms against endusers, while the InfoSoc Directive specifies the notion of infringement in an online context. None of the Directives requires Member States to implement a specific mechanism for online copyright enforcement as long as enforcement of IP rights is ensured. The idea of graduated response schemes was however brought up during the legislative process of the Telecoms Package and resulted in the so-called Internet freedom provision which will also be outlined in the following.

891 CJEU, C-306/05 Sociedad General de Autores y Editores de España v Rafael Hoteles SA [2006] ECR I-11519, para. 34. See also C-156/98 Germany v Commission [2000] ECR I-6857, para. 50, and C-53/05 Commission v Portugal [2006] ECR I-6215, para. 20. In applying this basic rule of interpretation the CJEU routinely refers to the recitals of a measure as well as its operative provisions. In addition, the CJEU may – and frequently does so – refer to pre-legislative materials such as the Explanatory Memoranda which accompany the Commission’s legislative proposals.

244

B. National Enforcement Measures Against Users

a) IPR Enforcement Directive 2004/48/EC The IPR Enforcement Directive892 contains minimum rules for the enforcement of intellectual property rights by providing for measures, procedures and remedies necessary to ensure the enforcement of such rights.893 In that regard, the IPR Enforcement Directive requires Member States to make certain measures available to rights-holders, including information rights, the ability to apply for an (interlocutory or permanent) injunction intended to prevent an imminent infringement, or to forbid the continuation of the alleged infringement. These measures, like other procedures and remedies necessary to ensure the enforcement of the intellectual property rights covered by the IPR Enforcement Directive, “shall be fair and equitable and shall not be unnecessarily complicated or costly, or entail unreasonable time-limits or unwarranted delays” (Article 3(1) of the Directive). Pursuant to Article 3(2), they “shall also be effective, proportionate and dissuasive and shall be applied in such a manner as to avoid the creation of barriers to legitimate trade and to provide for safeguards against their abuse”.894 The application of the Directive is not limited to infringements committed for commercial purposes or causing significant harm to rights-holders.895 This is also clarified by Recital 14 of the Directive which states that although the measures provided for in Articles 6(2), 8(1) and 9(2) need to be applied only in respect of acts carried out on a commercial scale, this is without prejudice to the possibility for Member States to apply those measures also in respect of other acts. In that context, “acts carried out on a commercial scale” are defined as “those carried out for direct or indirect

892 Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of Intellectual Property Rights, OJ L 157 (30.04.2004), 16–25. The directive is also known as “(IPR) Enforcement Directive” or “IPRED”. 893 See Article 1 Enforcement Directive. 894 Article 3 (1) and (2) of the Directive are very similar to Article 41 of TRIPS, and Article 8(1) and (2) of the InfoSoc Directive. 895 The original proposal for the Directive by the European Commission limited the scope of application to such infringements. See European Commission, Proposal for a Directive of the European Parliament and of the Council on measures and procedures to ensure the enforcement of intellectual property rights, COM (2003) 46 final (20.01.2003).

245

Second Chapter: User-Targeted Responses

economic or commercial advantage; this would normally exclude acts carried out by end consumers acting in good faith”. The most important provision in terms of enforcing rights against endusers is the right to information enshrined in Article 8(1) of the Directive,896 from which follows that Member States have to “ensure that in the context of proceedings concerning an infringement of an intellectual property right and in response to a justified and proportionate request of the claimant, the competent judicial authorities may order that information on the origin and distribution networks of the goods or services which infringe an intellectual property right be provided by the infringer and/or any other person”. The right of information directed against other persons is a self-standing substantive right.897 The other persons that are subject to the right of information, are those who: (a) were “found in possession of the infringing goods on a commercial scale”; (b) were “found to be using the infringing services on a commercial scale”; (c) were “found to be providing on a commercial scale services used in infringing activities”; and (d) were “indicated by the person referred to in point (a), (b) or (c) as being involved in the production, manufacture or distribution of the goods or the provision of the services”.898 Alternative (c) was the most controversial provision during the negotiations on the Directive, as it relates to information to be provided by Internet service providers.899 Article 8 of the Directive goes much further than Article 47 TRIPS which only provides for a right of information but does not oblige contracting parties to introduce such a right, which is in addition also limited vis-à-vis the infringer. The information to be provided for is described in Article 8(2) and includes “the names and addresses of the producers, manufacturers, distributors, suppliers and other previous holders of the goods or services, as well as the intended wholesalers and retailers”, as well as information on

896 This provision is not only the most important provision in that regard – it has also been one of the most controversial provisions of the Directive during negotiations. See Jörg Reinbothe, The EU Enforcement Directive 2004/48/EC as a tool for copyright enforcement, in: Irini Stamatoudi (ed.), Copyright enforcement and the Internet (2010), p. 15. 897 Ibid, p. 16 898 Article 8(1) of the Directive. 899 See Jörg Reinbothe, The EU Enforcement Directive 2004/48/EC as a tool for copyright enforcement, in: Irini Stamatoudi (ed.), Copyright enforcement and the Internet (2010), p. 16.

246

B. National Enforcement Measures Against Users

the quantities produced, manufactured, delivered, received or ordered, as well as the price obtained for the goods or services in question”. Article 8(3)(a) confirms that the Directive provides for minimum standards with respect to the right of information and that national law may grant the rights-holders rights to receive additional information. The right of information shall further “apply without prejudice to other statutory provisions” which “(b) govern the use in civil or criminal proceedings of the information communicated pursuant to this Article; (c) govern responsibility for misuse of the right of information; or (d) afford an opportunity for refusing to provide information which would force the person referred to in paragraph 1 to admit to his/her own participation or that of his/her close relatives in an infringement of an intellectual property right; or (e) govern the protection of confidentiality of information sources or the processing of personal data”. The right of information is thus subject to a number of conditions, and Member States are granted a certain degree of flexibility in implementing information rights into national law. Such rights of information are crucial for rights-holders because information about the identity enables them to determine who is responsible for infringing conduct (or at least who “facilitated” the infringement)900 and to determine the scope of an infringement. With this information they may then take legal steps against individuals. Relevant in the context of copyright infringements online is in particular the identification of the subscriber of an IP address at the time of an infringement. The only possible source for information on the identity of a potential infringer is the Internet service provider. It is decisive that there is a legal basis on which this information can be obtained from intermediaries who are not necessarily responsible for the infringement, but are likely to hold information about the identity of an infringer. The right of information is restricted by data retention and data protection laws, meaning the ability of rights-holders to apply for an order against Internet service providers to disclose the identity of an account holder through which infringing material has been made available is restricted. A further problem in relation to the information right which is however no problem arising from the right of such but relates to its scope in prac-

900 Facilitation in this context refers to the subscription of an Internet access service that was used to commit the infringement.

247

Second Chapter: User-Targeted Responses

tice, is the fact that Internet access providers are not retaining data for longer than a few days due to domestic laws on data retention.901 As regards, the ability to apply for an (interlocutory or permanent) injunction intended to prevent an imminent infringement, the overriding purpose of injunctive relief is to ensure that IPR infringements cease as soon as possible. Article 9 requires Member States to ensure that rightsholders are able to apply for interlocutory injunctions intended to prevent imminent infringements of their intellectual property rights, or to order the cessation of effective infringements, on a provisional basis, subject, where appropriate, to recurring fines under national law for their continuation, or to make any such continuation subject to the depositing of a guarantee intended to ensure the compensation of the rights-holder. Similarly Article 11 provides for a permanent injunction. According to Article 2(1) of the Directive, Member States may provide for sanctions and remedies that are more favourable to rights-holders. b) Information Society Directive 2001/29/EC The Information Society Directive902, also known as InfoSoc or Copyright Directive, is an essential building block for the digital age.903 Its objective 901 See in this regard: European Observatory on Counterfeiting and Piracy, Evidence and right of information in intellectual property rights, pp. 4 et seq., which outlines the example of Spain, in which, following the judgement of the CJEU in the Promusicae case (C-275/06 Productores de Música de España (Promusicae) v Telefónica de España SAU [2008] ECR 271), the domestic court “confirmed that Spanish data protection rules prevent Internet service providers from disclosing the identity of individual account holders to right holders for the purpose of civil proceedings, depriving right holders of a remedy altogether”. Similarly the report states that in Austria, “in the case of on-line peer-to-peer infringements (‘file sharing’), the provisions relating to the right of information are in practice not enforceable where information is requested from access providers, due to a decision of the Austrian Supreme Court restricting the retention and processing of dynamic IP addresses”. 902 Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, OJ L 167 (22.06.2001), pp. 10–19. 903 The EU committed itself to the establishment of an “Information Society” based on three interrelated prospects: (1) Continued improvements of ICT technology, that lead to (2) the establishment of a global knowledge and information based economy, which would (3) amount to widespread structural changes of the econ-

248

B. National Enforcement Measures Against Users

is to adapt legislation on copyright and related rights to reflect technological progress. In particular the Directive aims at resolving the legal uncertainty that existed with regard to on-demand transmission of copyrightprotected works. With the InfoSoc Directive the EC transposed into Community law the main international obligations arising from the ratification of the 1996 WIPO Treaties (the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty)904. The InfoSoc Directive as such does not provide any enforcement mechanisms.However, the Directive contains definitions of the exclusive rights granted to under copyright and related rights, distinguishing between the “reproduction right” (Article 2), the right of “communication to the public” and “making available to the public” (Article 3). The latter is specifically intended to cover publication and transmission on the Internet, and becomes relevant when determining under which circumstances a work is made available to the public in a peer-to-peer network. Article 3(1) sets forth that “Member States shall provide authors with the exclusive right to authorise or prohibit any communication to the public of their works, by wire or wireless means, including the making available to the public of their works in such a way that members of the public may access them from a place and at a time individually chosen by them”. In addition, under Article 3(2) “Member States shall provide for the exclusive right to authorise or prohibit the making available to the public, by wire or wireless means, in such a way that members of the public may access them from a place and at a time individually chosen by them: (a) for performers, of fixations of their performances; (b) for phonogram producers, of their phonograms; (c) for the producers of the first fixations of films, of the original and copies of their films; (d) for broadcasting organisations, of fixations of their broadcasts, whether these broadcasts are transmitted by wire or over the air, including by cable or satellite”. Pursuant to Article 3(3), these rights shall not be exhausted by any act of omy affecting society at large. In this context, it is considered necessary to establish and maintain an adequate regulatory framework to generate competition. 904 The Treaties supplement the Berne Convention. The WIPO Copyright Treaty followed TRIPS in many respects, but while TRIPS was driven by concern about international trade, the WIPO Copyright Treaty aims at responding to the problems created by the rise of the Internet. Accordingly, the WIPO Copyright Treaty adds rights to deal with distribution and public commuinication of works and to support the use of technological measures in the protection from unauthorised use of digitally recorded works, see Articles 6, 8, 11, 12 WIPO Copyright Treaty.

249

Second Chapter: User-Targeted Responses

communication to the public or making available to the public as set out in Article 3. Central to online copyright infringements is the notion of “making available to the public”.905 The making available right is protected as a species of the right of communication to the public.906 It has to be distinguished from the broadcasting right (see Recital 25), where the sender controls the transmission of the work. Making available means in contrast that the user can choose when and where to access the works at his individual demand.907 The right also has to be distinguished from the distribution right in Article 4 of the InfoSoc Directive, which is restricted to tangible originals or copies of works or other subject matter.908 The making available right offers protection against the exploitation of works via computer networks. The “public” to which the work must be made available is not defined in the Directive but is to be understood as not being present at the place where the act of making available originates.909 By including the notion of public, merely private communications are excluded from the scope of application.910 With regard to infringement of this right committed by users, Article 8 of the Directive provides for sanctions and remedies. This article provides as follows: “1. Member States shall provide appropriate sanctions and remedies in respect of infringements of the rights and obligations set out in this Directive and shall take all the measures necessary to ensure that those sanc-

905 For an excellent overview on the scope and limits of “making available to the public” see De Wolf & Partners, Study on the Application of Directive 2001/29/EC on Copyright and Related Rights in the Information Society (The “InfoSoc Directive”) (2013), pp. 25 et seq. 906 In contrast, this is not necessarily the case for the making available right in the WIPO Treaties, see Brigitte Lindner, The WIPO Treaties, in: Brigitte Lindner/Ted Shapiro, Copyright in the Information Society (2011), p. 18. 907 De Wolf & Partners, Study on the Application of Directive 2001/29/EC on Copyright and Related Rights in the Information Society (The “InfoSoc Directive”) (2013), p. 27. 908 See Recital 27 of the InfoSoc Directive. 909 See Recital 24 of the InfoSoc Directive. 910 De Wolf & Partners, Study on the Application of Directive 2001/29/EC on Copyright and Related Rights in the Information Society (The “InfoSoc Directive”) (2013), p. 39.

250

B. National Enforcement Measures Against Users

tions and remedies are applied. The sanctions thus provided for shall be effective, proportionate and dissuasive. 2. Each Member State shall take the measures necessary to ensure that rightholders whose interests are affected by an infringing activity carried out on its territory can bring an action for damages and/or apply for an injunction and, where appropriate, for the seizure of infringing material as well as of devices, products or components referred to in Article 6(2). 3. Member States shall ensure that rightholders are in a position to apply for an injunction against intermediaries whose services are used by a third party to infringe a copyright or related right.”

Relevant in the context of enforcement of intellectual property rights are in particular recitals (2)–(4), (7)–(16) and (58)–(60). The recitals outline inter alia why a high level of protection of intellectual property rights is necessary from an economic as well as a cultural standpoint.911 For present purposes, it is sufficient to refer to recital (58), which basically summarises Article 8 of the Directive by stipulating that “Member States should provide for effective sanctions and remedies for infringements of rights and obligations as set out in this Directive. They should take all the measures necessary to ensure that those sanctions and remedies are applied. The sanctions thus provided for should be effective, proportionate and dissuasive and should include the possibility of seeking damages and/or injunctive relief and, where appropriate, of applying for seizure of infringing material”. c) EU Telecoms Reform Package In December 2009, the European Parliament approved the so called Telecoms Reform Package. The Telecoms Reform Package sets out a substantial reform of the regulatory framework for electronic communications.

911 Recitals (2)–(4) emphasise the importance of protection of intellectual property rights as an incentive for innovation and economic growth, while (7)–(9) stresses that a high level of protection is crucial to intellectual creation. Adequate legal protection of intellectual property rights is moreover necessary in order to guarantee the availability of appropriate reward for authors, performers and producers (see Recital (10)). The recitals further refer to copyright as one way of ensuring that European cultural creativity and production receive the necessary resources (Recital (11)).

251

Second Chapter: User-Targeted Responses

The package consists of a regulation (Regulation 1211/2009/EC)912 and two directives (Directive 2009/136/EC913 and Directive 2009/140/EC914). As regards online copyright enforcement, the European Commission favoured in its 2007 draft version a graduated response scheme and asked EU Member States to make their broadband providers liable for applying sanctions to alleged copyright infringers. This initial attempt has been widely criticised as an attempt to enable copyright enforcement on the Internet by amending telecoms law.915 A draft version by the European Commission of 13 November 2007 foresaw two amendments that favoured a graduated response scheme and asked Member States to mandate their broadband providers to co-operate with rights-holders.916 These two provisions sparked a lot of controversy after they became public during the first reading at the European Parliament. In the following, amendment 138 was drafted to hinder the legitimisation of graduated response schemes aiming at restricting end-users’ access to the Internet under EU legislation. The amendment deliberately sought

912 Regulation (EC) No 1211/2009 of the European Parliament and of the Council of 25 November 2009 establishing the Body of European Regulators for Electronic Communications (BEREC) and the Office, OJ L 337/1 (18.12.2009). 913 Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (Universal Services and Users Rights Directive), OJ L 337/11 (18.12.2009). 914 Directive 2009/140/EC of the European Parliament and of the Council of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic communications networks and associated facilities, and 2002/20/EC on the authorisation of electronic communications networks and services, OJ L 337/37 (18.12.2009). 915 Instead of many see Monica Horten, The Copyright Enforcement Enigma, Internet Politics and the ‘Telecoms Package’ (2012), p. 1. 916 Annex 1, point 19 of the Directive 2009/140/EC and Amendment 20.6 to the Universal Services and Users Rights Directive. See Monica Horten, The Copyright Enforcement Enigma, Internet Politics and the ‘Telecoms Package’ (2012), p. 124.

252

B. National Enforcement Measures Against Users

to prevent the implementation of such measures by EU Member State governments by tightening the safeguards for Internet users.917 The text of amendment 138 required that “no restriction may be imposed on the fundamental rights and freedoms of end-users, without a prior ruling by the judicial authorities, notably in accordance with Article 11 of the Charter of Fundamental Rights of the European Union on freedom of expression and information, save when public security is threatened in which case the ruling may be subsequent.” Thus, prior to any restriction on Internet access, a prior ruling by a court is necessary. Accordingly, private or voluntary agreements between Internet service providers and rights-holders are banned. On 24 September 2008, amendment 138 was adopted by the European Parliament in the first reading plenary vote. It was also voted for again in the second reading. This caused some stir between the Parliament on the one hand, and the Commission and the Council of Ministers on the other.918 The third reading let to a compromise provision that was finally agreed by all three EU institutions on 4 November 2009; Article 1(3)(a) of the Framework Directive now sets forth: “Measures taken by Member States regarding end-users access’ to, or use of, services and applications through electronic communications networks shall respect the fundamental rights and freedoms of natural persons, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law. Any of these measures regarding end-users’ access to, or use of services and applications through electronic communications networks liable to restrict those fundamental rights or freedoms, may only be imposed if they are appropriate, proportionate and necessary within a democratic society, and their implementation shall be subject to adequate procedural safeguards in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms and with general principles of Community law, including effective judicial protection and due process. Accordingly, these measures may only be taken with due respect for the principle of the presumption of innocence and the right to privacy. A prior, fair and impartial procedure shall be guaranteed, including the right to be heard of the person or persons concerned, subject to the need for appropriate conditions and procedural arrangements in duly substantiated cases of urgency in conformity with the European Convention for

917 See Monica Horten, The Copyright Enforcement Enigma, Internet Politics and the ‘Telecoms Package’ (2012), p. 203. 918 Ibid, p. 202.

253

Second Chapter: User-Targeted Responses

the Protection of Human Rights and Fundamental Freedoms. The right to effective and timely judicial review shall be guaranteed.”919

Article 1(3)a of the Framework Directive is often also referred to as “Internet freedom provision” as it reinforces the presumption of innocence, the right to privacy, and the right to judicial review under any Internet sanctions.920 However, it still allows “graduated response” laws and even Internet disconnections.921 Pursuant to the provision disconnection orders may “only by imposed if they are appropriate, proportionate, and necessary within a democratic society” and shall be subject to judicial review. In that respect, the Parliament was primarily concerned to defend the right to due process, so that the right to a court hearing basically became the essence of Article 1(3)(a) of the Framework Directive.922 d) Rome II Regulation Article 8 I of the Rome II Regulation sets forth that “the law applicable to a non-contractual obligation arising from an infringement of an intellectual property right shall be the law of the country for which protection is claimed”. By Article 8 the EU opted for the so called Schutzlandprinzip.923

919 Article 1 (b) of Directive 2009/140/EC of the European Parliament and of the Council of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic communications networks and associated facilities, and 2002/20/EC on the authorisation of electronic communications networks and services, which inserts Article 3a into the Framework Directive (Directive 2002/21/EC). 920 When the Telecoms Reform Package was passed, the CFR was not yet legally binding. 921 The Directives forming the Telecoms Reform Package had to become national law in each member state by May 2011. 922 See Monica Horten, The Copyright Enforcement Enigma, Internet Politics and the ‘Telecoms Package’ (2012), p. 203. 923 Marcus von Welser, in: Artur-Axel Wandtke/Winfried Bullinger, Praxiskommentar zum Urheberrecht: UrhR (3rd ed. 2009), before §§ 120 UrhG et seq., para. 3.

254

B. National Enforcement Measures Against Users

2. Data Protection Law and Information Rights Data protection law plays an important role when it comes to information about the rights of rights-holders and the processing of data, in particular data relating to a specific IP address. The rights guaranteed in Articles 7 and 8 of CFR and Article 8 ECHR are concretised, at the Union level, in the Data Protection Directive. With the increasing use and advance of electronic data processing, the Data Protection Directive has been complemented by the E-Privacy Directive which has recently been amended by the Data Retention Directive. These data protection rules organise and control the way personal data are processed and thus are of relevance when information is processed about suspected infringers. They become inter alia relevant insofar as rights-holders may file requests to have the identity of a subscriber of a specific IP address disclosed, or where lists of repeat infringers are kept. a) Data Protection Directive 95/46/EC The Data Protection Directive924 constitutes the fundamental legal framework for the processing of personal data in the EU. It was adopted to harmonise the legislation of the Member States with the twofold objective of protecting fundamental rights, namely the right to personal data protection, and ensuring the free flow of personal data between Member States within the context of the Internal Market. According to the Data Protection Directive, personal data must be processed fairly and lawfully, collected for specified, explicit and legitimate purposes (data minimisation principle) and not further processed in a way incompatible with those purposes (principle of finality). It sets up minimum standards of data protection that have to be implemented into the national laws of the Member States. The Directive sets forth, that “in accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data” (Article 1 Data Protection Directive).

924 Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (InfoSoc Directive), OJ L 281 (23.11.1995), 31.

255

Second Chapter: User-Targeted Responses

Personal data are defined in Article 2(a) as “any information relating to an identified or identifiable natural person (“data subject”); an person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”. Data are thus personal data when someone is able to link the information to a person, even if the person holding the data cannot make this link. This becomes of particular importance with regard to IP addresses, namely whether the IP address as such constitutes personal data.925 If rights-holders seek the release of names and addresses of users or subscribers from Internet service providers, they clearly seek information relating to identified or identifiable natural persons, in accordance with the definition in Article 2(a) of the Directive.926 Pursuant to Article 2(b) of the Directive, the notion of processing refers to “any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction”. In context of data processing, Article 2(d) of the Directive defines “controller” as a“natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law”. Thus, the Directive has a wide scope of applicability, but does expressly not apply to the processing of personal data by a natural person in the course of a purely personal or household activity.927 The Directive provides for the right of individuals to be given information on the purposes of the processing, how and by whom their data are processed and the rights to access, rectify and delete personal data (principle of transparency).928 Service providers that qualify as data controllers

925 This will be discussed below within the section on Questions of Applicability of Data Protection Law: IP Address as Personal Data. 926 Cf. CJEU, C‑101/01 Lindqvist [2003] ECR I‑12971, para. 24. 927 Article 3(2) of the Data Protection Directive. 928 Articles 10 and 11 of the Data Protection Directive.

256

B. National Enforcement Measures Against Users

have to provide users with clear, easily understandable and affordable privacy notices in line with the requirements of the Directive.929 Data may be processed only under clearly defined circumstances, namely when the data subject has given his consent, when the processing is necessary for the performance of or the entering into a contract, when processing is necessary for compliance with a legal obligation, when processing is necessary in order to protect the vital interests of the data subject, when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed, and when processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject.930 Personal data can only be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes (Article 6(b)). Member States are directed to provide that personal data should not be processed at all, except when certain conditions are met, which fall into three categories: transparency, legitimate purpose, and proportionality. Personal data may only be processed insofar as the processing is adequate, relevant and not excessive in relation to the purposes for which they are collected and processed (purpose limitation principle). In that regard Article 7 of the Directive requires Member States to ensure that personal data may be processed only in certain specified circumstances, for instance such circumstances where “processing is necessary for compliance with a legal obligation to which the controller is subject” (Article 7(c)), where “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed” (Article 7(e)), or 929 There is no express referral to the privacy notice or privacy policy in the Directive, but informing users has its grounds in Article 6(1)(a), which requires that the personal data be processed “fairly and lawfully”, Article 10, which contains minimum information that must be provided to the data subject in cases where data is collected directly from him, Article 11, which contains minimum information that must be provided to the data subject in cases where data is collected from third parties and Article 14, which contains a requirement to inform the data subject before personal data is disclosed to third parties. 930 Article 7 of the Data Protection Directive.

257

Second Chapter: User-Targeted Responses

in relation to “processing that is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection under Article 1(1)” (Article 7(f)). Considering that copyright infringement claims may also be brought in relation to pornographic materials, and such materials may reveal sexual preferences of an Internet user, also Article 8(1) of the Directive may be of relevance. Article 8 erects a further hurdle in the case of special categories of data, in that it directs Member States to “prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.” Article 8(2) provides a number of exceptions to that prohibition, which include at Article 8(2)(e) where “the processing relates to data which are manifestly made public by the data subject or is necessary for the establishment, exercise or defence of legal claims”. Article 8(4) allows Member States, “subject to the provision of suitable safeguards”, and “for reasons of substantial public interest”, to lay down exemptions in addition to those laid down in Article 8(2), and provided that such derogations are notified to the Commission in accordance with Article 8(6). Further Article 13 is of particular importance for this research. Article 13 specifies the situations where Member States may adopt legislative measures to restrict the scope of the obligations laid down in the Directive: pursuant to Article 13(1)(g), restrictions are allowed which constitute necessary measures to safeguard “the protection of the data subject or of the rights and freedoms of others”. b) E-Privacy Directive 2002/58/EC The most significant instrument for E-Commerce and other online services is Directive 2002/58 on Privacy and Electronic Communications931 as

931 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (E-Privacy Directive), OJ L 201/37 (31.07.2002).

258

B. National Enforcement Measures Against Users

amended by Directive 2009/136/EC932, otherwise known as E-Privacy Directive, which complements the Data Protection Directive. The E-Privacy Directive addresses the requirements of new digital technologies and aims at easing the advance of electronic communication services. Subject of the Directive is the “right to privacy in the electronic communication sector” as well as free movement of data, communication equipment and services. The E-Privacy Directive applies to all matters which are not specifically covered by the Data Protection Directive and intends inter alia to give citizens control over which information is stored on or retrieved from their terminal equipment, including computers, smartphones or other devices connected to the Internet. The idea behind this is that users should be able to know and control who uses their information, and especially how this information is being used. The Directive does not apply to issues concerning public security and defence, state security and criminal law. The interception of data is covered by the EU Data Retention Directive, the purpose of which is to amend the E-Privacy Directive. The Directive has been amended by Directive 2009/136, which introduced several changes, especially in what concerns cookies, but this is of no relevance for this work. Pursuant to Article 5(1) of E-Privacy Directive, Member States must ensure the confidentiality of communications by means of a public communications network and publicly available electronic communications services, of its related traffic data, and they also must inter alia prohibit, in principle, the storage of that data by persons other than users, without the consent of the users concerned. With regard to data retention in relation to traffic data by providers, the Directive sets forth that providers of services are obliged to erase or anonymise the traffic data processed when no longer needed (Article 6(1)). Retention is allowed for billing purposes but only as long as the statute of limitations allows the payment to be lawfully pursued (Article

932 Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws, OJ L 337/11 (18.12.2009).

259

Second Chapter: User-Targeted Responses

6(2)). Data may be retained upon a user’s consent for marketing and value-added services under the condition the data subject is informed why and for how long the data is being processed (Article 6(3)). Important for this research is Article 15 of the E-Privacy Directive, which sets forth the situations in which Members States may adopt legislative measures to restrict the scope of the rights and obligations provided in the Directive. Article 15 must be read in conjunction with Article 13 of the Data Protection Directive, and allows Member States to restrict the scope of obligations provided in certain articles of the E-Privacy Directive, when this is necessary to safeguard the rights and freedoms of others, including the right to intellectual property in civil proceedings.933 c) Data Retention Directive 2006/24/EC The Data Retention Directive 2006/24/EC934 amends the E-Privacy Directive. The Directive introduces an obligation for providers of publicly available electronic communications services935 (i.e. access provider936), or of public communications networks (i.e. persons who provide the network

933 See also CJEU, C-275/06 Productores de Música de España (Promusicae) v Telefónica de España SAU [2008] ECR 271. 934 Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (Data Retention Directive), OJ L105/54. 935 As regards the definition of “providers of publicly available electronic communications services” and providers of “public communications networks”, Article 2(1) of the Directive refers to the definitions provided by the Framework Directive 2002/21/EC (Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services). 936 Art 2(c) Framework Directive 2002/21/EC defines the term “electronic communications service” as “a service normally provided for remuneration which consists wholly or mainly in the conveyance of signals on electronic communications networks”. “[S]ervices providing, or exercising editorial control over, content transmitted using electronic communications networks and services” are explicitly excluded. In the context of the Directive, the most important question is whether only Internet access providers or also other providers (like mail service providers) provide an “electronic communications service”. Art 2(c) Framework Directive 2002/21/EC requires that the service wholly or mainly consists “in the

260

B. National Enforcement Measures Against Users

infrastructure that permits the conveyance of signals) to retain traffic and location data for a period of six months up to two years for the purpose of the investigation, detection and prosecution of serious crime. The main objective of the Directive is to harmonise Member States’ provisions concerning the retention of certain data which are generated or processed by providers of publicly available electronic communications services or of public communications networks. aa) The Scope of Application of the Data Retention Directive Article 3(1) determines the type of data that must be retained as data that the providers “generated or processed”. “Processing” in that respect has to be construed according to Article 2(b) Data Protection Directive, which defines processing of data as “any operation or set of operations which is performed upon personal data, whether or not by automatic means”. All data transmitted by a provider therefore is processed. Article 5(2) provides that “no data revealing the content of the communication may be retained pursuant to this Directive”. Article 5(1) enumerates six categories of data to be retained: (a) data necessary to trace and identify the source of a communication; (b) data necessary to identify the destination of a communication; (c) data necessary to identify the date, time and duration of a communication; (d) data necessary to identify the type of communication; (e) data necessary to identify users’ communication equipment or what purports to be their equipment and (f) data necessary to identify the location of mobile communication equipment. This traffic data is only to be retained in relation to fixed network telephony, mobile telephony, Internet access, Internet Email and Internet telephony. In relation to online file-sharing, this means that in accordance with Article 5(1)(c) the Internet access provider has to retain the following data: the allocated IP address, user ID(s)937, the calling telephone number

conveyance of signals on electronic communications networks”. With respect to the Internet this definition only matches Internet access providers. 937 Article 2(2)(d) defines a user ID as a unique identifier allocated to persons when they subscribe to or register with the service in question. This could be a username when using a dial-up Internet connection.

261

Second Chapter: User-Targeted Responses

in case of dial-up access938, the name and address of the person to whom the IP address was allocated939, the date and time of the log-in and logoff940, and the DSL or other end point of the originator of the communication, i.e. the user941. In order to identify the type of communication, information about the Internet service uses must be retained. With regard to dynamic IP addresses, it is important that the access provider identifies the date, time and duration of the communication correctly. Article 6 of the Directive gives the Member States considerable flexibility in determining the retention period (“for periods of not less than six months and not more than two years of the date of the communication”). Although, it might come handy for rights-holders who seek disclosure of information, that data must be retained for at least six months, they are unlikely to gain access to this data. Article 4 of the Directive states that traffic data retained in accordance with the Directive shall be “provided only to the competent national authorities in specific cases and in accordance with national law”. By means of an argumentum e contrario, Article 4 accordingly provides that the retained data must not be provided to private entities. As the Directive itself does not state the conditions under which access may be granted to the retained data, the issue arose whether the data retention in itself constitutes an interference with the right to privacy.942 The necessity to release data only in limited cases is also provided for in the Preamble to the Directive; Recital 25 states that “under Article 8 of the ECHR, as interpreted by the European Court of Human Rights, interference by public authorities with privacy rights must meet the requirements of necessity and proportionality and must therefore serve specified,

938 939 940 941

See Article 5(1)(e)(3)(i) which explicitly mentions “dial-up access”. Article 5(1)(a)(2)(iii). Article 5(1)(c)(2)(i). Article 5(1)(e)(3)(ii) uses the phrase “end point of the originator of the communication” and hence applies to Internet access, Internet E-mail and Internet telephony. 942 With regard to the extensive protection granted by Article 8 ECHR and Articles 7 and 8 of the CFR, the retention of traffic data itself constitutes an interference with the right to privacy. According to Article 8 (2) ECHR any interference with the exercise of the right conferred by Article 8 (1) ECHR is only permissible if it is in accordance with the law and necessary in a democratic society for a legitimate purpose.

262

B. National Enforcement Measures Against Users

explicit and legitimate purposes and be exercised in a manner that is adequate, relevant and not excessive in relation to the purpose of the interference”. The exceptional character of disclosure of retained data, taking into account conflicting fundamental rights, leads to the conclusion that disclosure of data that has been retained by access providers to fulfil their obligations under the Data Retention Directive is only legitimate in relation to serious crimes. This classification as serious crime, is principally a matter of national law and must not be confused with concept of “commercial scale” in other legal instruments of the EU. 943 Not all copyright infringements are crimes under national law, notwithstanding serious crimes. The issue of commercial scale is not directly relevant to determine what a serious crime is or should be.944 bb) The Declaration of the Invalidity of the Data Retention Directive: Joined cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others Due to the concerns about the legitimacy of the Directive, Ireland brought an action for annulment under Article 230 EC requesting the CJEU to annul the Directive on the ground that it was not adopted on an appropriate legal basis.945 Ireland’s action did not relate to any possible infringement of fundamental rights arising from interference with the exercise of the right to privacy contained in the Directive. Ireland submitted that Article 95 EC, on which the Directive was based, nor any other provision of the EC Treaty is capable of providing an appropriate legal basis for the Directive. The CJEU did not follow Ireland’s subsmission. The Court dismissed the action for annulment, based on the fact that the Directive regulates operations which are independent of the implementation of any police and judicial cooperation in criminal matter. Moreover, the substantive content of the Directive was held to be directed essentially at the

943 See in this regard Dimitris Kioupis, Criminal liability on the Internet, in: Irini Stamatoudi, Copyright enforcement on the Internet, pp. 251 et seq. The use of the concept of commercial scale as a demarcation line between criminal and noncriminal copyright infringements is not without problems. 944 See ibid. 945 See CJEU, C-301/06, Ireland v European Parliament and Council of the European Union, Judgement of 10.02.2009, ECR 2009 I-00593.

263

Second Chapter: User-Targeted Responses

activities of service providers in the relevant sector of the internal market, and thus was held as to predominantly relate to the functioning of the internal market. With for instance the German Constitutional criticising the German transposition of the Data Retention Directive, stating that the retention of data has the potential to generate a perception of surveillance which could impair the free exercise of fundamental rights,946 it did not take long until the validity of the Directive was challenged again. In course of a preliminary ruling procedure, the Irish High Court and the Austrian Constitutional Court asked the CJEU to examine the validity of the Directive, in particular in the light of two fundamental rights under the CFR, namely the fundamental right to respect for private life and the fundamental right to the protection of personal data.947 On 8 April 2014, the CJEU declared the Data Retention Directive to be invalid as it entails a wide-ranging and particularly serious interference with the rights to respect for private life and to the protection of personal data, without that interference being limited to what is strictly necessary.948 The Court observed first of all that the data to be retained make it possible, in particular, to know the identity of the person with whom a subscriber or registered user has communicated and by what means, to identify the time of the communication as well as the place from which that communication took place, and to know the frequency of the communications of a person with certain persons during a given period. Those data, may allow the determination of personal profiles as they may provide very

946 See for example the decision of the German Constitutional Court on the constitutionality of the German transposition of the Data Retention Directive, BVerfG 1 BvR 256/08. 947 The Irish High Court had to reseolve a dispute between the Irish company Digital Rights Ireland and the Irish authorities regarding the legality of national measures concerning the retention of data relating to electronic communications. The Austrian Vergfassungsgerichtshof had to decide on several constitutional action brought by the government of Kärnten and by Mr. Seitlinger and 11129 other applicants.The applicants sought the annulment of the national provision which transposes the Directive into Austrian law. 948 CJEU, Joined cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others, Judgment of 08.04.2014. Given that the Court has not limited the temporal effect of its judgment, the declaration of invalidity takes effect from the date on which the Directive entered into force.

264

B. National Enforcement Measures Against Users

precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented. The Court held that the retention of the data and access of competent national authorities to that data, constitutes a particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data. Given the risk that the retention and subsequent use of the data without informing the person concerned is likely to generate in the persons concerned a feeling that their private lives are the subject of constant surveillance. Although Directive does not permit the acquisition of knowledge of the content of the communications as such and provides that service or network providers must respect certain principles of data protection and data security, and that the retention satisfies a general interest (fight against serious crime and public security), the Court concluded that the principle of proportionality was not respected. In that context, the Court observes that, in view of the important role played by the protection of personal data in the light of the fundamental right to respect for private life and the extent and seriousness of the interference with that right caused by the directive, the EU legislature’s discretion is reduced, with the result that review of that discretion should be strict.949 Although the objective pursued was legitimate, the wide-ranging and serious interference with the aforementioned fundamental rights was held to be not sufficiently circumscribed as to ensure that interferences with the rights are limited to what is strictly necessary. This finding was based on the fact that the Directive covered, in a generalised manner, all individuals, all means of communication and all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime.950 Further, the Directive did not contain objective criteria which would ensure that the competent national authorities have access to the data only for the purposes of prevention, detection or criminal prosecutions concerning offences

949 Ibid, para. 48. 950 Ibid, paras. 56 et seq.

265

Second Chapter: User-Targeted Responses

that may be considered to be sufficiently serious to justify such an interference woth the aforementioned rights. In addition, the Directive fails to lay down substantive and procedural conditions under which national authorities may have access to the data and subsequently use them. In particular, the access to the data does not require prior review by a court or by an independent administrative body.951 Further, the Directive was held to fail to make any distinction between the categories of data or usefulness of data in relation to the objective pursued. The Court also found that the Directive does not provide for sufficient safeguards to ensure effective protection of the data against the risk of abuse and against any unlawful access and use of the data.952 Accordingly, the legislature had exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) CFR. 3. Liability Exemption for Access Providers under the E-Commerce Directive 2000/31 “Information society services” such as Internet service providers are exempted from liability under the E-Commerce Directive when they are involved in the business of mere conduit of data.953 Mere conduits such as

951 Ibid, para. 62. 952 The Court noted, inter alia, that the directive permits service providers to have regard to economic considerations when determining the level of security which they apply (particularly as regards the costs of implementing security measures) and that it does not ensure the irreversible destruction of the data at the end of their retention period, see ibid, paras. 66 et seq. Further, there was no requirement for the data to be retained within the EU which does not ensure the compliance with the requirements of protection of individuals as regards the processing of personal data, see ibid, para. 68. 953 This immunity is parallel to the immunity commonly granted to traditional carriers such as telephone companies or the postal service. As regards the history of liability exemptions for Internet access providers and Article 12 of the E-Commerce Directive in specific cf. Uta Kohl, The rise and rise of online intermediaries in the governance of the Internet and beyond – Connectivity intermediaries, International Review of Law, Computers & Technology 2012, Vol. 26 Nos. 2–3 , 185–210.

266

B. National Enforcement Measures Against Users

access providers are naturally seen as attractive regulatory targets as they are an indispensable gateway to the Internet and relatively few in number.954 One of the reasons why Article 12 of the E-Commerce Directive shields them from criminal955 and civil liability is the fact that they have no control over the data flowing through their network. They have no influence on the information transmitted as their service is completely content-neutral. If they however got involved in the information transmitted, they would no longer account as mere conduits. Article 12 of the E-Commerce Directive provides for two types of “mere conduit” activities. The first type consists of “the transmission in a communication network of information provided by a recipient of their service”. The second type of mere conduit activity is the “provision of access to a communication network”. Immunity from liability in civil or criminal law is granted for the information transmitted as long as the Internet service provider neither initiates the transmission nor selects the receiver of the transmission, or selects or modifies the information contained in the transmission.956 Hence, as long as the provider acts as mere carrier and does not get involved in the information transmitted, he incurs no liability. This also applies if the transmission or the provision of access requires the “automatic, intermediate and transient storage of the information transmitted”, in so far as it takes place for the sole purpose of carrying out the transmission in the communication network, and provided that the information is not stored for any period longer than is reasonably necessary for the transmission.957 The activities of mere conduits are further described in recitals 43 to 45 of the Directive: recital 43 provides that an Internet service provider can benefit from the exemptions for a mere conduit “when he is in no way involved with the information transmitted”. In contrast, the liability exemptions has its limits where an Internet service

954 Ibid, 191. 955 As reagrds, criminal liability, such liability will hardly arise where the immunities apply because of its dependance on a mens rea. 956 See Article 12(1) E-Commerce Directive. 957 See Article 12(2) E-Commerce Directive. This provision hence refers to the process of packet switching transmission, which allows Internet service providers to store information for a brief period of time in small pieces. The packet switching transmission process allows Internet service providers to provide mere conduit activities by making copies of the information to be transmitted for the sole purpose of carrying out the transmission of the information, without making the information available to subsequent users.

267

Second Chapter: User-Targeted Responses

provider deliberately collaborates with one of the recipients of his service in order to undertake illegal acts (recital 44). Recital 45 further specifies that the limitations of the liability established in the directive “do not affect the possibility of injunctions of different kinds; such injunctions can in particular consist of orders by courts or administrative authorities requiring the termination or prevention of any infringement”. 4. Relevant Jurisprudence of the CJEU a) Disclosure of Traffic Data: C-275/06 Promusicae In Productores de Música de España (Promusicae) v Telefónica de España SAU,958 the CJEU had to deal with the question of whether Articles 15(2) and 18 of the E-Commerce Directive, Articles 8(1) and (2) of the Data Protection Directive, and Article 8 of the IPR Enforcement Directive permit Member States to limit the duty of operators of electronic communications networks and services to retain and make available connection and traffic information generated during the supply of their service for criminal investigations or the need to protect public safety and national defence, thus excluding civil proceedings. Basically, the referring Spanish court

958 CJEU, C-275/06, Productores de Música de España (Promusicae) v Telefónica de España SAU [2008] ECR I-271; [2008] 2 C.M.L.R. 17. For comments on the judgement see inter alia Henning Kahlert, Urheberrecht kontra Datenschutz: EuGH bremst Forderungen nach einem zivilrechtlichen Auskunftsanspruch gegen Internet-Provider über die Identität von Tauschbörsen-Benutzern, European Law Reporter 2008, 78–82; Laurent Szuskin/Maxime De Guillenschmidt, L'arrêt « Promusicae » beaucoup de bruit pour rien?, Droit de l'immatériel : informatique, médias, communication 2008, nº 37, 6–8; Emmanuel Derieux, Le droit communautaire n'impose pas que les législations nationales prévoient l'obligation de communiquer des données à caractère personnel dans le cadre d'une procédure civile, La Semaine Juridique – édition générale 2008, II 10099, 40–42; Gerald Spindler, „Die Tür ist auf“ – Europarechtliche Zulässigkeit von Auskunftsansprüchen gegenüber Providern, Gewerblicher Rechtsschutz und Urheberrecht 2008, 574–577; Christopher Kuner, Data Protection and Rights Protection on the Internet: The Promusicae Judgment of the European Court of Justice, European Intellectual Property Review 2008, 199–202; Christian Czychowski/Jan Bernd Nordemann, Vorratsdaten und Urheberrecht – Zulässige Nutzung gespeicherter Daten, Neue Juristische Wochenschrift 2008, 3095–3099; Irini Stamatoudi, Ethics, reality and the Law – The example of Promusicae v Telefonica & LSG v Tele 2, Revue Hellénique de droit international 2010, 921–948.

268

B. National Enforcement Measures Against Users

wanted to know whether Member States were allowed under Community law to exclude the possibility of disclosing traffic data relating to copyright infringers in civil cases, while requiring such disclosure in criminal cases. The underlying facts of the case giving rise for the reference for a preliminary ruling under Article 267 TFEU were as follows: Promusicae, a Spanish non-profit-making music rights-holder association made a request to Telefónica, Spain’s leading Internet service provider, for personal data about its subscribers using particular dynamic IP addresses which Promusicae alleged were engaged in file-sharing. Telefónica argued that under the domestic law, the communication of the data sought by Promusicae was only authorised in a criminal investigation. Promusicae however argued that the national provisions must be interpreted in accordance with the E-Commerce Directive, the IPR Enforcement Directive, the InfoSoc Directive and with Articles 17(2) and 47 of the CFREU. As mentioned above, Article 8(1) of the IPR Enforcement Directive in particular requires Member states to ensure that, in the context of proceedings concerning an IPR infringement and in response to a justified and proportionate request of the claimant, the competent judicial authorities may order the disclosure of information in relation to the infringement. As previously outlined, neither the IPR Enforcment Directive, nor Articles 15(2) and 18 of the ECommerce Directive or Article 8(1) and (2) of the InfoSoc Directive require Member States to lay down an obligation to communicate personal data in the context of civil proceedings.959 The CJEU stated that European Union law does not require Member States to impose an obligation on Internet service providers to disclose their subscribers’ personal data in a civil copyright case.960 When implementing the aforementioned Directives, Member States must strike a fair balance between the various fundamental rights protected by community law.961 Hence, each Member State had to reconcile the requirements of the 959 CJEU, C-275/06, Productores de Música de España (Promusicae) v Telefónica de España SAU [2008] ECR I-271, paras. 58 et seq. In addition, Articles 41, 42 and 47 of the TRIPs Agreement, relied on by Promusicae, do not provide for such an obligation, see ibid, para. 60. 960 Ibid, para. 70. The Court concluded that the Directives in question “do not require the Member States to lay down, in a situation such as that in the main proceedings, an obligation to communicate personal data in order to ensure effective protection of copyright in the context of civil proceedings”. 961 Ibid.

269

Second Chapter: User-Targeted Responses

protection of different fundamental rights, namely the right to respect for private life on the one hand and the right to protection of property (which includes intellectual property rights)962 and to an effective remedy on the other963. In this regard, the E-Privacy Directive inter alia provides for rules which determine in what circumstances and to what extent the processing of personal data is lawful and sets forth the safeguards that must be provided for.964 The Court stressed not only when implementing the measures transposing the Directives in question, but also the application of the measures must be consistent with the Directives: The authorities and courts of the Member States must not only interpret their national law in a manner consistent with the directives but must also make sure that they do not rely on an interpretation which would be in conflict with those fundamental rights or with the other general principles of Community law, such as the principle of proportionality.965 From the CJEU’s reasoning in the Promusicae case, it has in the following been concluded that the CJEU left the door open for the development of graduated response schemes in the form of mechanisms that respect data protection rights, while providing for effective enforcement of property rights.966 b) Disclosure of Traffic Data to Third Parties: C-557/07 LSGGesellschaft zur Wahrnehmung von Leistungsschutzrechten In LSG-Gesellschaft zur Wahrnehmung von Leistungsschutzrechten GmbH v Tele 2 Telecommunication GmbH (Tele2),967 the CJEU considered the

962 See Case C‑479/04 Laserdisken [2006] ECR I‑8089, para. 65. 963 See Joined Cases C‑154/04 and C‑155/04 Alliance for Natural Health and Others [2005] ECR I‑6451, para. 126 with further references, and Case C‑432/05 Unibet [2007] ECR I‑2271, para. 37 with further references. 964 CJEU, C-275/06, Productores de Música de España (Promusicae) v Telefónica de España SAU [2008] ECR I-271, para. 66. 965 Ibid, para. 68. 966 Cf. Christoph Kuner, Data protection and rights protection on the Internet: The Promusicae Judgment of the European Court of Justice, European Intellectual Property Review 2008, Issue 5, 199, 200 967 CJEU, C-557/07 LSG-Gesellschaft zur Wahrnehmung von Leistungsschutzrechten GmbH v Tele 2 Telecommunication GmbH (Tele2), Judgment of 19.02.2009, [2009] ECR I-01227. For comments on the case see Jan Bernd Nordemann/ Martin Schaefer, Vermittlereigenschaft eines Access-Providers, Gewerblicher Rechtsschutz und Urheberrecht 2009, 583–584; Lionel Costes, Peer to Peer et

270

B. National Enforcement Measures Against Users

issue of whether Article 8(3) of the IPR Enforcement Directive and Articles 6 and 15 of the E-Privacy Directive should be interpreted as not permitting the disclosure of personal traffic data to private third parties for the purposes of civil proceedings for alleged copyright infringements. LSG (a collecting society) applied for an order requiring Tele2 to disclose the names and addresses of the persons to whom it had provided an Internet access service and whose IP addresses, together with the day and time of the connection, were known. Tele2 believed that it was entitled to refuse the request. The CJEU considered the issue of whether Article8(3) of the IPR Enforcement Directive and arts 6 and 15 of the E-Privacy Directive should be interpreted as not permitting the disclosure of the data to private third parties for the purposes of civil proceedings. The court held that Community law – in particular, Article 8(3) of the IPR Enforcement Directive, read in conjunction with Article 15(1) of the E-Privacy Directive – does not preclude Member States from imposing an obligation to disclose to private third parties personal data relating to Internet traffic in order to enable them to bring civil proceedings for copyright infringement, but nor does it require those Member States to lay down such an obligation. 968 In Promusicae, the Court did not rule out the possibility that Member States may place Internet access providers under a duty of disclosure. Considering that under Article 8(3) of the InfoSoc Directive, Member States are to ensure that rights-holders are in a position to apply for an injunction against intermediaries whose services are used by a third party to infringe a copyright or related right, and that access providers provide such services that enable users to infringe copyright, the protection sought by the InfoSoc Directive would “substantially diminished” if access providers would not be considered as intermediaries in the sence of the InfoSoc Directive.969 Repeating its response in Promusicae, the Court held that Community law requires Member States to ensure that, when transposing into national law the E-Commerce Directive, the InfoSoc Directive, the E-Privacy Directive and the IPR Enforcement Directive, they strike a fair balance between the various fundamental rights involved. Moreover,

recherche des contrefacteurs: les précisions de la CJCE, Droit de l'immatériel : informatique, médias, communication 2009, nº 48, 22–23. 968 CJEU, C-557/07 LSG-Gesellschaft zur Wahrnehmung von Leistungsschutzrechten GmbH v Tele 2 Telecommunication GmbH (Tele2), Judgment of 19.02.2009, [2009] ECR I-01227, para. 41. 969 Ibid, paras. 42 et seq.

271

Second Chapter: User-Targeted Responses

the authorities and courts of Member States must not only interpret their national laws in a manner consistent with those directives but must also make sure that they do not rely on an interpretation of them which would conflict with those fundamental rights or with the other general principles of Community law such as the principle of proportionality.970 c) Legitimacy of National Disclosure Legislation : C-461/10 Bonnier Audio v Perfect Communication Sweden In Bonnier Audio AB v Perfect Communication Sweden AB971, the CJEU held that the Data Retention Directive does not preclude Member States from enacting laws that allow an Internet service provider to be ordered to supply information about subscribers whose IP addresses have allegedly been used for intellectual property infringing purposes. Bonnier and the other claimants were all publishing companies, which held, inter alia, exclusive rights to the reproduction, publication and distribution to the public of 27 works in the form of audio books. They claimed that their exclusive rights were infringed by the unauthorised public distribution of these works by means of a FTP972 server. The server facilitated online file-sharing and data transfer between users via ePhone, an Internet service provider. In order to prepare their claims for compensation, Bonnier and others applied for disclosure of data for the purpose of communicating the name and address of the person using the IP address from which it was assumed that the files in question had been sent. EPhone refused to forward the requested data, since it considered such an order contrary to the Data Retention Directive. The court of first instance granted disclosure

970 Cf. ibid, operative part of the judgement. 971 CJEU, C-461/10, Bonnier Audio AB and Others v Perfect Communication Sweden AB, Judgment of 19.04.2012. For comments on the case see inter alia Doris Möller, Urheber-/Datenschutzrecht: Herausgabe gespeicherter Verkehrsdaten zur zivilrechtlichen Verfolgung von Urheberrechtsverletzungen, Europäische Zeitschrift für Wirtschaftsrecht 2012, 519–520; Zuzana Hečko, Data retention by Internet service providers for IP rights protection: Bonnier Audio (C-461/10), Journal of Intellectual Property Law and Practice 2012, 449–456; Sandra Schmitz, Die Verfolgung von Urheberrechtsverletzungen im Internet – Neues vom EUGH, in: Jürgen Taeger (ed.), IT und Internet – Mit Recht gestalten (2012), pp. 227–243. 972 FTP = File transfer protocol.

272

B. National Enforcement Measures Against Users

of the data. EPhone appealed to the Stockholm Court of Appeal which held that the Data Retention Directive does not prevent a party to a civil dispute being ordered to disclose subscriber data to someone other than a public authority. As Bonnier and others however had not produced clear evidence that there had been an IP infringement, the order was set aside. Bonnier and others then appealed to the Högsta domstolen, which referred two question for a preliminary ruling to the CJEU,973 asking inter alia whether the Data Retention Directive precludes the application of a national provision based on Article 8 of the IPR Enforcement Directive which, “in order to identify a particular subscriber, permits an Internet service provider in civil proceedings to be ordered to give a copyright holder or its representative information on the subscriber to whom the Internet service provider provided an IP address which was allegedly used in the infringement”.974 The CJEU held that the Data Retention Directive “…must be interpreted as not precluding the application of national legislation based on Article 8 of Directive 2004/48 ... which, in order to identify an Internet subscriber or user, permits an Internet service provider in civil proceedings to be ordered to give a copyright holder or its representative information on the subscriber to whom the Internet service provider provided an IP address which was allegedly used in an infringement, since that legislation does not fall within the material scope of Directive 2006/24”.975 It does not fall within the material scope, because the Data Retention Directive deals exclusively with the retention and handling of data generated or processed by Internet service providers for the purpose of the investigation,

973 The wording of the first question which is relevant for this research was as follows: “Does [Directive 2006/24], and in particular Articles 3 [to] 5 and 11 thereof, preclude the application of a national provision which is based on Article 8 [of Directive 2004/48, the IPR Enforcement Directive, which requires appropriate and proportionate disclosure orders to enable rights to be enforced] and which permits an Internet service provider in civil proceedings, in order to identify a particular subscriber, to be ordered to give a copyright holder or its representative information on the subscriber to whom the Internet service provider provided a specific IP address, which address, it is claimed, was used in the infringement? The question is based on the assumption that the applicant has adduced clear evidence of the infringement of a particular copyright and that the measure is proportionate”. 974 CJEU, C-461/10, Bonnier Audio AB and Others v Perfect Communication Sweden AB, Judgment of 19.04.2012, para. 36. 975 Ibid, Operative part of the judgement.

273

Second Chapter: User-Targeted Responses

detection and prosecution of serious crime, and does not cover the retention of data for civil proceedings.976 Accordingly, it was irrelevant for the main proceedings that Sweden had not yet transposed the Data Retention Directive beside the period for transposition having expired.977 The CJEU held that instead of the Data Retention Directive, the disclosure request constitutes personal data processing within the meaning of Article 2 of the E-Privacy Directive, and thus falls within the scope of the latter.978 Citing its decisions in Promusicae and in LSG – Gesellschaft zur Wahrnehmung von Leistungsschutzrechten, the Court recalled that the EPrivacy Directive and the IPR Enforcement Directive must be interpreted as not precluding national legislation that imposes an obligation to disclose to private persons personal data in order to enable them to bring civil proceedings for copyright infringements.979 The CJEU emphasised that the “national legislation in question requires, inter alia, that, for an order for disclosure of the data in question to be made, there be clear evidence of an infringement of an intellectual property right, that the information can be regarded as facilitating the investigation into an infringement of copyright or impairment of such a right and that the reasons for the measure outweigh the nuisance or other harm which the measure may entail for the person affected by it or for some other conflicting interest”.980 Accordingly, the national legislation must enable “the national court seised of an application for an order for disclosure of personal data, made by a person who is entitled to act, to weigh the conflicting interests involved, on the basis of the facts of each case and taking due account of the requirements of the principle of proportionality”.981 The national court must strike a fair balance between the contravening interests, i.e. the pro-

976 Ibid, paras. 41 et seq. The Court explained that the Data Retention Directive constitutes a special and restricted set of rules, derogating from and replacing the EPrivacy Directive general in scope and, in particular Article 15(1) thereof. 977 Ibid, para. 46. 978 Ibid, para. 52. 979 Ibid, para. 55. 980 Ibid, para. 58. 981 Ibid, para. 59.

274

B. National Enforcement Measures Against Users

tection of intellectual property rights of the copyright-holders and the protection of personal data enjoyed by the Internet subscriber or users.982 In the light of Case C‑275/06 Promusicae this was a predictable decision. d) Prohibition of General Monitoring Duty: C-70/10 Scarlet Extended v SABAM Relevant at this point is only one aspect of the preliminary ruling decision in Scarlet Extended v SABAM (which will be dealt with in detail in the Third Chapter): namely, the need for effective protection of intellectual property rights in the Member States. 983 In the context of a requested deletion and blocking of infringing content, the Court declared a general filtering obligation impermissible while at the same time stressing the need for effective protection of intellectual property as part of the right to property.984 This will become relevant when balancing the rights concerned, where an emphasis needs to be put on the effectiveness of the measure. It also seems obvious from the findings in the Sabam case that providers are obliged to cooperate to enforce the rights of the rights-holders.985 The Court ultimately concluded that the installation of a “complicated, costly, permanent computer system” to monitor data at the expense of the service provider contravened Article 3(1) of the IPR Enforcement Directive (no measures that are unnecessarily complicated or costly), anddid not strike a fair balance between the interests of the service provider and copyright holders involved.986

982 Ibid, para. 60. 983 Ibid, para. 30. 984 Case C-70/10 Scarlet Extended v SABAM, Judgment of 14.11.2011, para. 43; Article 17 (2) CFR. 985 Rolf Schwartmann, Vergleichende Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheberrechtsverletzungen, Studie im Auftrag des Bundesministerium für Wirtschaft und Technologie (Januar 2012), p. 280. 986 CJEU, C-70/10 Scarlet Extended v SABAM, Judgment of 14.11.2011, paras. 48 et seq.

275

Second Chapter: User-Targeted Responses

e) Practical Impact of the Decisions The decisions of the CJEU confirm that there is no direct conflict as such between data protection and online copyright enforcement in the European legal framework. While the European legal framework does not preclude Member States from imposing an obligation to disclose to private third parties personal data relating to Internet traffic in order to provide them with the necessary information to pursue civil actions for copyright infringement, the Community law also does not require Member States to lay down an obligation to disclose personal data in order to ensure effective protection of copyright in the context of civil proceedings. The CJEU considers the law to be neutral in this respect. The most important point for the Court is that a fair balance is achieved between the fundamental rights of the parties involved. It is important that not only the national implementation, but also the interpretation of the national implementation is consistent with the directives and not in conflict with fundamental rights or other principles of Community law. The Court only provided little guidance in the Bonnier Audio case on how to strike a fair balance between the fundamental rights in question, namely that national legislation that foresees the disclosure of data must require that “there be clear evidence of an infringement of an intellectual property right, that the information can be regarded as facilitating the investigation into an infringement of copyright or impairment of such a right and that the reasons for the measure outweigh the nuisance or other harm which the measure may entail for the person affected by it or for some other conflicting interest”.987 The court seised must weigh the conflicting interests involved on the basis of the facts of each case presented and must strike a fair and proportionate balance between the interests involved. The judgement in Bonnier Audio does not constitute a carte blanche as regards the usage of retained data. It only clarified that national legislation that foresees the disclosure of data to pursue civil claims does not contravene the Data Retention Directive or other Community law. Such information rights are subject to national law which as aforementioned may or may not provide for these rights.

987 CJEU, C-461/10, Bonnier Audio AB and Others v Perfect Communication Sweden AB, Judgment of 19.04.2012, para. 58.

276

B. National Enforcement Measures Against Users

II. Copyright Enforcement in Member States through Criminal Sanctions: Graduated Response Schemes One means of enforcing copyright is through criminal law. IP infringements are crimes in most jurisdictions, but also torts and thereby subjecting criminals to civil liability. A reason for supplementing civil liability with criminal sanctions is the necessity of deterrence as civil liability punishment can render certain crimes profitable.988 As a rule, making available protected works through file-sharing is covered by specific criminal provisions in the national copyright code or in the general criminal code. Graduated response schemes, also referred to as “Three Strikes law”, are one form of copyright enforcement against end-users that have recently attracted a lot of attention. This form of enforcement requires Internet service providers to play an active role in regulating the behaviour of their users by sending out warnings about infringements that have been committed, and ultimately applying sanctions to users that are alleged to have infringed copyright.989 These sanctions are regularly criminal sanctions, at least under the schemes that will be analysed in the following. Although, it has been argued that those warning schemes, where an administrative authority is concerned with issuing warnings against users, this is rather a 988 Andrea Wechsler, Criminal enforcement of intellectual property law: an economic approach, in: Christophe Geiger (ed.), Criminal enforcement of intellectual property (2012), p. 129, at p.136. 989 The European Data Protection Supervisor summarised the functioning of graduated response schemes as follows: “In a nutshell, under three strikes Internet disconnection policies copyright holders using automated technical means, possibly provided by third parties, would identify alleged copyright infringement by engaging in monitoring of Internet users’ activities, for example, via the surveillance of forums, blogs or by posing as file sharers in peer-to-peer networks to identify file sharers who allegedly exchange copyright material. After identifying Internet users alleged to be engaged in copyright violation by collecting their Internet Protocol addresses (IP addresses), copyright holders would send the IP addresses of those users to the relevant Internet service provider(s) who would warn the subscriber to whom the IP address belongs about his potential engagement in copyright infringement. Being warned by the Internet service provider a certain number of times would automatically result in the Internet service provider's termination or suspension of the subscriber’s Internet connection.” See Opinion of the European Data Protection Supervisor on the current negotiations by the European Union of an Anti-Counterfeiting Trade Agreement (ACTA), OJ 2010 C-147/01, 3 et seq.

277

Second Chapter: User-Targeted Responses

matter of administrative law,990 this section is under the heading of enforcement through criminal sanctions as ultimately the subscriber of an Internet access service, or an identified infringer, will face a sanction under criminal law. In this regard, the determination of the prerequisites for warnings to be sent out, or the circumstances under which a user can be sanctioned under criminal law, requires a legal basis. The necessary legal framework for employing such schemes have recently been implemented for instance in France and the UK. The core of the (initial) proposals includes the introduction of measures against individual users who do not take sufficient precautions to prevent infringements via their Internet connection, or who are themselves involved in copyright infringements. The graduated response schemes that are discussed in this chapter, are no voluntary schemes where Internet service providers have entered into arrangements with rights-holder to enforce copyright against their customers,991 because – as already mentioned – these schemes carry as an ultimate sanction a sanction under criminal law. Criminal enforcement requires statutory regulation, and more importantly the criminalisation of the behaviour that is subject to the sanction.992 Irrespective of the scheme employed, the analysis will show that they face the same challenges, in particular in relation to the identification of the actual infringer and the legal problems arising from this. Subsequent to the outline of the schemes in France and the UK, the compliance of the enforcement schemes and secondary EU law will be focussed on, before the compatibility of the schemes with the fundamental rights of Internet users and Internet access providers will be analysed.

990 European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 12. 991 Such as the Irish Eircom graduated response protocol: Under the system adopted by the Irish Internet service provider Eircom in 2010, customers suspected of sharing copyrighted material online are sent warning letters threatening disconnection from their broadband service. After a third warning letter, customers are disconnected for 12 months. See Eircom, Eircom statement on illegal file sharing, press release (2010). 992 For an overview on criminal sanctioning of intellectual property rigths infringements, see David Lefranc, Historical perspective on criminal enforcement, in: Christophe Geiger (ed), Criminal enforcement of intellectual property (2012), pp. 101–127.

278

B. National Enforcement Measures Against Users

1. France: the Graduated Response Scheme of the HADOPI Laws France has been the first European country to pass anti-piracy legislation specifically combatting illegal downloads through peer-to-peer networks. Its warning scheme thus plays a leading role in the EU and has attracted a lot of attention even from outside France. The scheme goes beyond a mere warning mechanism insofar as the warning shall also educate users about intellectual property and its value for and benefits to society. At the end of a three-step warning system, more stringent measures can be imposed including the suspension of Internet access. The French graduated response scheme relies on new legislative measures, and on an administrative body, that has specifically been founded for the enforcement of copyright and will be in charge of the warning system including the cooperation with Internet service providers. In the following, the legal changes that paved the way of the graduated response scheme will be outlined before the different actors and the different warning steps will be focussed on. Finally, the conformity of the warning scheme with fundamental rights, and the way how it responds to technological challenges will be analysed. a) Copyright Enforcement in France in General aa) The Origin of Copyright in France Intellectual property is protected by the right to property in the French constitution. The individual´s right to property appears in the list of the Rights of Man enshrined in Article 2 of the Déclaration des Droits de l’Homme et du Citoyen of 26 August 1789993. Article 17 of the Declaration of 1789 foresees the individual´s right to property: “Since the right to property is inviolable and sacred, no one shall be deprived thereof, unless public necessity, legally ascertained, obviously requires it, and on condition that fair and prior compensation is given”. The Declaration of 1789 has been amended by the preamble of the French Constitution and as such benefits from the same standard of protection as the Constitution.994

993 In the following referred to as Declaration of 1789. 994 See: Preamble to the French Constitution of 4 October 1958: “The French people solemnly proclaim their attachment to the Rights of Man and the principles of

279

Second Chapter: User-Targeted Responses

Although neither Article 2 nor Article 17 of the Declaration of 1789 specifically mentions intellectual property rights, according to the French Constitutional Court, the Conseil Constitutionnel, intellectual property, especially copyright and related rights, are encompassed in the right to property of the Declaration of 1789. In a 2006 decision the Court recognised that “the purposes and conditions for exercising the right to property have since 1789 undergone changes in the form of an extension of the scope thereof to new fields; among the latter are to be found intellectual property rights and related rights in the information society”.995 Also in its decision on the constitutionality of the Act furthering the diffusion and protection of creation on the Internet (Loi HADOPI I996), the Court stressed once more that “property is one of the rights of man enshrined in Articles 2 and 17 of the Declaration of 1789. The purposes and conditions of exercising the right to property have since 1789 undergone substantial changes characterized by the extension of the scope of this right to new fields. Among the latter exits the right, for copyright holders and holders of related rights to enjoy their intellectual property rights and protect the same within a framework set out by statute and in compliance with the international undertakings entered into by France”.997 On a non-constitutional level, intellectual property has first gained protection by the Loi n°57-298 du 11 mars 1957 sur la propriété littéraire et artistique, which stated in its Article 1 that the author of an intellectual

national sovereignty as defined by the Declaration of 1789, confirmed and complemented by the Preamble to the Constitution of 1946, and to the rights and duties as defined in the Charter for the Environment of 2004.” The English version of the French constitution is available at http://www.conseil-constitutionnel.f r/conseil-constitutionnel/english/constitution/constitution-of-4-october-1958.257 42.html (last accessed 17.05.2014). 995 Conseil Constitutionnel, Decision of 27.07.2006 – No. 2006-540 DC, Journal officiel de la République Française of 03.08.2006, 11541, para. 15. An English version of the decision is available at http://www.conseil-constitutionnel.fr/consei l-constitutionnel/root/bank/download/2006540DCen2006_540dc.pdf (last accessed 17.05.2014). 996 Loi no. 2009-669 du 12 juin 2009, Journal officiel de la République Française of 13.06.2009, 9666. 997 Conseil Constitutionnel, Decision of 10.06.2009 – No. 2009-580 DC, Journal officiel de la République Française of 13.06.2009, 9675, para. 13. An English version of the decision is available at http://www.conseil-constitutionnel.fr/consei l-constitutionnel/root/bank/download/2009580DC2009_580dc.pdf (last accessed 17.05.2014).

280

B. National Enforcement Measures Against Users

work enjoys, as regards his work, an exclusive immaterial property right; This right encompasses the intellectual and moral as well as the financial exploitation of the work. In recognition of the importance of intellectual property, in 1992, the French legislator united all laws and regulations regarding the protection of intellectual property in one single code of law, the Code de la propriété intellectuelle (CPI).998 According to Article L. 112-1 of the CPI all intellectual creations are protected irrespective of their genre, their form of expression, their value or their purpose.999 A non-exhaustive list of subjects of protection can be found in Article L. 112-2 CPI. bb) The Private Copying Exception Article L. 122-5 CPI provides for an exception to the intellectual property rights by granting individuals a right to private copies. According to para. 2 of Article L. 122-5 CPI an individual may make copies of a protected work even without the consent of the rights-holder. A private copy is for personal use only. The applicability of the exception for private copying has been questioned when protected works were downloaded from the Internet: Does unauthorised downloading in itself constitute an unlawful act or not?1000 There was some controversy as to whether the French private copy exception requires that a copy is made from a lawful source.1001 Technically, answering this question with regard to peer-to-peer file-sharing is irrelevant, as with peer-to-peer technology the person who down-

998 Loi no. 92-597 du 1er juillet 1992. 999 « Toutes les oeuvres de l’esprit, quels qu’en soient le genre, la forme d’expression, le mérite ou la destination »1000 Christophe Geiger, Counterfeiting and the music industry: towards a criminalization of end users? The French ‘HADOPI’ example, in: Christophe Geiger (ed), Criminal enforcement of intellectual property (2012), p. 391. 1001 The lawfulness of the source shall be irrelevant: Séverine Dussollier, L’utilisation légitime de l’œuvre: un noveau sesame pour le benefice des exceptions en droit d’auteur?, Communication commerce électronique November 2005, 19 ; Carine Bernault/Audrey Lebois, Peer-to-peer filesharing and literary and artistic property, a feasibility study regarding a syste of compensation for the exchange of works via the Internet (2006), p. 20; Christophe Geiger, Les exceptions au droit d’auteur en France, in: Christophe Geiger/Michele BouyssiRuch/Reto M. Hilty (eds.), Perspectives d’harmonisation du droit d’auteur en Europe, p. 356.

281

Second Chapter: User-Targeted Responses

loads a file at the same time makes the work available. The Cour d’Appel Montpellier held that the exception for private copying is applicable; On the basis of Arts. L. 122-3, L. 122-4 and L. 122-5 CPI the Court recalled that once a work has been made public, its author may not prohibit copying or reproduction that is strictly for the personal use of the person making the copy.1002 As the public prosecutor as well as the rights owners and video publishing organisations appealed the decision, the Cour de Cassation had to decide on the matter. The Court found that the Cour d’Appel had not replied to their argument that the unlawful nature of the source of the copies, namely the download from the Internet, excluded the applicability of the private copy exception.1003 Thus, the decision was overturned and referred to another appeal court.1004 The Cour d’Appel Aix-enProvence held that the private copy exception is not applicable where a protected work is downloaded from the Internet or where the protected work was borrowed from friends.1005 Finally, the French legislator clarified in 2011 that reproductions made from an unlawful source are excluded from the scope of the private copy exception.1006

1002 The Court rejected the prosecution for counterfeiting of a defendant who had made copies of 488 films on CD-ROMs (one third of them had been downloaded from peer-to-peer networks while two thirds were copied from other CDROMs given to him by friends). Cour d’Appel de Montpellier, Decision of 10.03.2005, Buena Vista Home Entertainment et al. v D.A.C., Legipresse of 22.06.2005, 120 with annotation by Isabelle Wekstein. 1003 Cour de Cassation, Decision of 30.05.2006 – RG No. 05-83335 (chambre criminelle). 1004 Article 593 of the Code of Criminal Procedure sets forth that “any judgment or order must include the reasons justifying the decision and answer the peremptory points contained in the parties’ submissions. Insufficient or contradictory reasons are equivalent to their absence”. 1005 Cour d’Appel d’Aix-en-Provence, Decision of 05.09.2007 – No. 2007/501, Gazette du Palais (10.05.2008), No. 131, 54 with annotation by Julien GuinotDelery/Charles-Edouard Renault. 1006 Loi no. 2011-1898 du 20 décembre 2011 relative à la rémunération pour copie privée.

282

B. National Enforcement Measures Against Users

cc) Enforcement of Intellectual Property Rights upon Initiative of the Rights-Holder In the context of private enforcement of IP rights it is important to know that French law does not provide for a right to information for rights-holders that seek to obtain information upon the identity of an infringer. There is also no obligation for access providers to store IP addresses for civil enforcement by rights-holders.1007 The only possibility for French rightsholders to obtain such data was to press criminal charges against the notyet identified infringer. Access providers are obliged to reveal the identity of subscriber to the judicial authorities in the course of the criminal proceedings, insofar as he still holds that information.1008 In the course of criminal proceedings, the rights-holder then is entitled to have a copy of the files of the inquiry. Damages may also be awarded in criminal proceedings; hence, it will not be necessary for the rights-holder to sue the infringer in a civil court as long as charges are pressed against him. Due to new legislation being passed on an EU level which needed to be implemented on domestic level, French copyright law has lately seen a number of updates specifically in relation to the digital age. Law reforms in particular tried to strengthen the enforcement of copyright on the Internet, going further than required by the Enforcement Directive. Key to the law reforms is the graduated response scheme introduced by the Loi HADOPI.

1007 See Christoper Kuner/Cédric Burton/Jörg Hladjk/Oliver Proust, Study on online copyright enforcement and data protection in selected Member States (November 2009), p. 27. 1008 Until 14 June 2009, Article L.34-1 of the Code des postes et des communications électroniques, foresaw that traffic data must be deleted or anonymized by operators of electronic communications and may only be stored exceptionally for a period of up to one year for the purpose of investigating, detecting and prosecuting criminal offences , and with the sole purpose of making information available, as appropriate, to the judicial Authorities, or invoicing and payment of electronic communications services.

283

Second Chapter: User-Targeted Responses

b) Setting the Framework for a Graduated Response Scheme In response to an online copyright enforcement regime, that was perceived as weak, the French legislator aimed at finding a legislative solution to the problem of online file-sharing. Central to the law reforms was the determination of conditions in which certain offences provided for in the code de la propriéte intellectuelle could be ascertained, prosecuted and tried in the event of set offences being committed via a public online communication service. They opted for a so-called graduated response scheme, which introduces a supplementary penalty of suspension of Internet access. The French legislation concerning illegal file-sharing was constructed in two subsequent stages: DADVSI and HADOPI.1009 The initiatives leading to the current graduated response scheme governed by the Loi HADOPI are based on the assumption (1) that the Internet user himself may not be familiar with copyright law and needs to be educated about the consequences of his behaviour before he is faced with sanction and (2) that there are not sufficient established legal alternatives to access content online. Prior to the Loi Hadopi, French Internet users were faced with almost no sanctions for online copyright infringements. The reason for this was the fact that only the police and the Gendarmerie1010 were entitled to investigate to whom an IP address was assigned to. The French law did not grant holders of copyright or related rights a separate information right. The enforcement of copyright infringements was therefore dependent on criminal investigations by the investigative authorities. In practice, investigations in relation to online copyright infringements were not within the priorities of the investigative authorities which rather

1009 Although it involved three laws and a multitude of implementation decrees, the two HADOPI laws will be considered as one stage as they are so closely linked. See also Christophe Geiger, Honourable attempt but (ultimately) disproportionately offensive against peer-to-peer on the internet (HADOPI) – a critical analysis of the recent anti-file-sharing legislation in France, International Review of Intellectual Property and Competition Law 2011, Vol. 42, 457, 459. 1010 See Rolf Schwartmann, Vergleichende Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheberrechtsverletzungen, Studie im Auftrag des Bundesministerium für Wirtschaft und Technologie (January 2012), p. 85.

284

B. National Enforcement Measures Against Users

focussed on child pornography.1011 Thus, owners of copyright or related rights were left with a blunt instrument. aa) Loi Relative au Droit d’Auteur et aux Droits Voisins dans la Société de l’Information – Loi DADVSI Parliamentary discussions on the regulation of file-sharing only started in the implementation proceedings of the InfoSoc Directive.1012 The French legislature decided to integrate in the bill the question of file-sharing through peer-to-peer networks although this question was not directly addressed in the Directive.1013 By the Loi relative au droit dáuteur et aux droits voisins dans la société de l’information1014 of 1 August 2006 France transposed the InfoSoc Directive into national law. During the legislative process there was some discussion as to the role of misuse of peer-to-peer networks on the Internet.1015 Due to the scope of illegal use of peer-to-peer technology, it was suggested to legalise file-sharing via peer-to-peer networks by a natural person for private use and introduce a flat-rate remuneration.1016 Downloading would have been the subject of a kind of compulsory license by

1011 Ibid. 1012 Christophe Geiger, Honourable attempt but (ultimately) disproportionately offensive against peer-to-peer on the internet (HADOPI) – a critical analysis of the recent anti-file-sharing legislation in France, International Review of Intellectual Property and Competition Law 2011, Vol. 42, 457, 459. 1013 Ibid. 1014 Loi no. 2006-961 du 1 août 2006 relative au droit dáuteur et aux droits voisins dans la société de l’information (DADVSI). 1015 Rolf Schwartmann, Vergleichende Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheberrechtsverletzungen, Studie im Auftrag des Bundesministerium für Wirtschaft und Technologie (Januar 2012), p. 80. 1016 Lionel Thoumyre, La licence globale optionelle: un pare-feu contre le bugs de la repression, Revue Lamy Droit de l'Immateriél 2006, 80–84. The text of the amendment adopted on 21.12.2005 which was later reversed: “Similarly, the author cannot forbid reproductions made on all media on the basis of an online communication service by a physical person for his private use for purposes that are not directly or indirectly commercial, with the exception of copies of software other than a backup copy, provided that such reproductions are the subject of a remuneration as laid down in Article L. 311-4” (translation by Christophe Geiger, Counterfeiting and the music industry: towards a criminalization of end

285

Second Chapter: User-Targeted Responses

analogy with the private copy exception, while the upload of a file to the system would probably have been subjected to a system of mandatory collective management.1017 This system, which in the end was not adopted, was also referred to as a system of ‘global licence’1018. Instead, Article 24 of the Loi DADVSI made the unauthorised reproduction for personal use as well as the online communication to the public for non-commercial purposes of protected works via peer-to-peer networks a summary offence (“contravention”) rather than a felony (“délit”).1019 Hence, an illegal downloader using peer-to-peer networks faced a ‘reduced’ penalty for copyright infringements.1020 The law also imposed on Internet access holders an obligation to monitor their access. Article 25 of the Loi DADVSI required Internet access holders to make sure, if requested to do so, that their Internet access is not used for the exchange of copyrighted material without the rights-holders’ consent or authorisation.1021 However, since a breach of that obligation did not trigger any sanctions, this obligation did not affect the Internet access holders in practice.1022

1017

1018 1019

1020

1021 1022

286

users? The French ‘HADOPI’ example, in: Christophe Geiger (ed), Criminal enforcement of intellectual property (2012), p. 388. The members of parliament did not decide on the latter. See Christophe Geiger, Counterfeiting and the music industry: towards a criminalization of end users? The French ‘HADOPI’ example, in: Christophe Geiger (ed), Criminal enforcement of intellectual property (2012), p. 389. Lionel Thoumyre, La licence globale optionelle: un pare-feu contre le bugs de la repression, Revue Lamy Droit de l'Immateriél 2006, 80–84. Amélie Blocman, Adoption of the Act on Copyright and Neighbouring Rights in the Information Society (2006). Under Article 111-1 of the Code Pénal, offences are classified according to their seriousness as crimes, délits and contraventions. A contravention is punishable solely by a fine. The Penal Code differentiates between five types of contraventions, with varying fines up to a maximum of EUR 1,500. A délit is punishable by a prison sentence of up to ten years, or by a fine of at least EUR 3,750. A crime carries a longer prison sentence (from 15 years to life). Christophe Geiger, Honourable attempt but (ultimately) disproportionately offensive against peer-to-peer on the internet (HADOPI) – a critical analysis of the recent anti-file-sharing legislation in France, International Review of Intellectual Property and Competition Law 2011, Vol. 42, 457, 462. Article 25 inserted Article L. 335-12 into the CPI. This Article has however been abolished by the Loi HADOPI I and the obligation is now incorporated in Article L. 336-3 CPI. Christophe Geiger, Honourable attempt but (ultimately) disproportionately offensive against peer-to-peer on the internet (HADOPI) – a critical analysis of

B. National Enforcement Measures Against Users

Following a referral to the Conseil Constitutionnel for review of the constitutionality of the proposed Loi DADVSI, some adaptions were necessary. The Conseil Constitutionnel inter alia set aside the provision, which set forth less severe sanctions for users that made unauthorised copies of protected works via peer-to-peer networks for their personal use.1023 The Court held that it was not possible to differentiate between piracy using eMail, blogs, or any other means of online communication and piracy carried out via peer-to-peer networks.1024 The particularities of peer-to-peer networks cannot justify the difference in treatment that had been introduced by Article 24 of the Loi DADVSI. The contested provision was consideredcontrary to the principle of equality prescribed by Article 6 of the Declaration of 1789 and thus held to be unconstitutional.1025 Accordingly, unauthorised file-sharing via peer-to-peer networks remains a criminal offence, punishable with a fine of up to EUR 300,000 and three years imprisonment.1026 With the monitoring obligation not being linked to any sanctions, the legislation combatting illegal file-sharing remained somehow incomplete. For this reason, the public authorities commissioned a report, which subsequently formed the basis for the HADOPI laws. bb) Loi Favorisant la Diffusion et la Protection de la Création sur Internet – Loi HADOPI I In September 2007, the French Minister of Culture and Communication, Christine Albanel, asked the former CEO of the major French entertainment retailer FNAC, Denis Olivennes, to lead a task force of four experts to investigate the economical, legal and technological requirements of a

1023

1024 1025 1026

the recent anti-file-sharing legislation in France, International Review of Intellectual Property and Competition Law 2011, Vol. 42, 457, 464. Conseil Constitutionnel, Decision of 27.07.2006 – No. 2006-540 DC, Journal officiel de la République Française of 03.08.2006, 11541. An English translation of the decision is available at http://www.conseil-constitutionnel.fr/conseil-const itutionnel/root/bank/download/2006540DCen2006_540dc.pdf (last accessed 17.05.2014). Ibid, para. 64 et seq. Ibid, para. 65. See Article L.335-4 CPI.

287

Second Chapter: User-Targeted Responses

graduated response scheme in France.1027 Following a consultation of representatives of the entertainment industry, Internet service providers and consumer associations, the Olivennes committee submitted its report, entitled “Le developpement et la protection des oeuvres culturelles sur les nouveaux reseaux”, in November 2007.1028 The Olivennes Report found that copyright protection measures in music files (DRM) hinder interoperability and should be abandoned.1029 Legally purchased music must be readable more easily on all types of devices. The report also found that users want faster access to audiovisual works on digital networks and respective solutions should be provided.1030 The report further suggested the establishment of a single agency in the form of an independent admininstrative authority that takes action against online piracy in its entirety and promotes legal offers of online distribution of content.1031 Also, Internet service providers shall commit themselves to developing and operating – in cooperation with rights-holders – identification systems to detect legal offers (e.g. digital fingerprints). Most notably, the report proposes the introduction of a graduated response scheme with an Internet suspension as final sanction..1032 The report was signed by more than 40 entities from the film, music, TV and Internet service provider sector at the Elysée palace and presented as the “Olivennes Agreement”.1033 The Agreement has been historic: it was the first of its kind where the creative industries agreed on solutions to fight online piracy and where a consensus in that respect was reached with Internet access providers.1034 The signatories of the Agreement committed themselves to contribute to finding a solution against online piracy and to

1027 Further members of the task force were Olivier Bomsel (Professor in Economics, Centre d’économie industrielle de l’Ecole des Mines), Pascal Faure (Privy councillor, general delegate and president of the Conseil d’orientation du Forum des droits sur l’Internet) and Isabelle Falque-Pierrotin (Vice president of the Conseil Général des Technologies de l’Information). 1028 The full report is available online at http://www.culture.gouv.fr/culture/actualite s/conferen/albanel/rapportolivennes 231107.pdf (last accessed 17.05.2014). 1029 Ibid, p. 25. 1030 Ibid. 1031 Ibid. 1032 Ibid. 1033 It has later been renamed to “Elysée agreement”. 1034 See Sénat, Explanatory Memorandum, Projet de loi favorisant la diffusion et la protection de la création sur Internet, Annexe au procès-verbal de la séance du 18.06.2008.

288

B. National Enforcement Measures Against Users

promote ways to use the Internet as a legal distribution channel for content. The conclusions drawn in the Olivennes Report led to a new law project in 2008. The French senate recognised that although sanctions exist for illegal file-sharing on the basis of copyright infringements, the existing regime was unsuitable to respond to the mass phenomenon of online piracy.1035 The Senate also accepted as fact that Internet users are often unaware of the wrongfulness of their actions.1036 At that time Article L. 335-12 of the CPI, which was introduced by Loi DADVSI and obliged Internet access holders to ensure that their access is not used for intellectual property rights infringements, did not provide any sanction for a breach of that obligation.1037 In order to meet the goals set forth in the Elysée Agreement, the law project aimed to introduce a system of graduated response. Therefore, it proposed to widen the competences of the Autorité de regulation des mesure techniques, which had been established by the Senate in 2006 and which was responsible for the interoperability and implementation of technical protections measures. The Autorité de regulation des mesure techniques was renamed Haute Autorité pour la diffusion des œuvres et la protection des droits sur Internet (HADOPI)1038 to reflect the new scope of its powers.1039 Under its new mission the independent HADOPI’s function is to discourage Internet users from unauthorised copying via the Internet by a gradual intervention: HADOPI will send out warning notices on behalf of rights-holders to users. These warnings are known as “recommendation” and precede possible sanctions. Following two warnings HADOPI was foreseen to adopt, subject to judicial review, a sanction in the form of temporary suspension of an Internet acccess from three months to one year combined with a prohibition to re-subscribe for another Internet access service for that period. The Senate

1035 1036 1037 1038

See Ibid. Ibid. Ibid. “High Authority for the diffusion of works and protection of copyright on the Internet”, in the following referred to as HADOPI. 1039 See Section 2 of the Projet de loi favorisant la diffusion et la protection de la création sur Internet, Annexe au procès-verbal de la séance du 18.06.2008.

289

Second Chapter: User-Targeted Responses

assessed the future of a scheme of graduated response as a success story based on several industry-led studies.1040 As a first step, Article L.335-12 CPIwas to be amended to provide for a sanction for breaching the obligation to monitor one´s Internet connection. 1041 According to the new Article L.336-3 CPI, no penalty should be imposed on an Internet access subscriber if he had installed effective means to secure his connection. For this purpose HADOPI set up a list of security means which it would consider effective to prevent a breach of the monitoring duty. The law project saw numerous amendments, in particular concerning the system of graduated response1042 before it was finally adopted by the Assemblée nationale on 12 May 2009 and by the Sénat on 13 May 2009. Being controversial from the start,1043 it took less than a week after the final vote of the assembly until the law was legally challenged.1044 At least 60 members of the national assembly referred the Loi HADOPI I to the Conseil constitutionnel for review, claiming that several parts of the

1040 Sénat, Explanatory Memorandum, Projet de loi favorisant la diffusion et la protection de la création sur Internet, Annexe au procès-verbal de la séance du 18.06.2008. The Senate quoted several studies that allegedly confirm the future success of graduate response schemes: a US study allegedly found that in US digital networks where a similar solution had been implemented 70% of Internet users refrained from further downloads upon a first warning , 85 to 90% upon a second warning and 97% upon receiving a third warning. According to the Senat an IPSOS (www.ipsos.fr) poll conducted in France in May 2008 showed that a warning system could have a comparable effect in France with 90% of the interviewees responding that they would refrain from illegal downloads following a second warning. Further the Senate relied on a study conducted by Entertainment Media Research which alleged that 70% of users that received a first warning and 90% of users that received a second warning would refrain from futher infringements. 1041 Ibid, Article 4 of Projet de loi favorisant la diffusion et la protection de la création sur Internet. 1042 See http://www.assemblee-nationale.fr/13/dossiers/Internet.asp (last accessed 17.05.2014). 1043 In the Assemblée nationale 296 members voted in favour of the law and 233 against it. 1044 According to Article 61 para. 2 of the French Constitution, the Conseil constitutionnel can exercise a priori and abstract control over the constitutionality of laws before they enter into force.

290

B. National Enforcement Measures Against Users

statute were unconstitutional.1045 In particular, they contended unconstitutionality of Articles 5, 10 and 11 of the law. One of the key claims was that the sanctions on copyright infringers were disproportionate, and that the imposition of a suspension order should be left to judicial authorities rather than to HADOPI.1046 On 10 June 2009, the Conseil constitutionnel declared several provisions encompassed in Article 5 and 11 of the Loi HADOPI I unconstitutional: They were not in compliance with procedural safeguards in case of

1045 Saisine du Conseil constitutionnel en date du 19 mai 2009 présentée par au moins soixante députés, en application de l’article 61, alinéa 2, de la Constitution, et visée dans la décision no 2009-580 DC, Journal officiel de la République Française of 13.06.2009, texte 4 sur 148. 1046 Conseil constitutionnel, Decision of 10.06.2009 – No. 2009-580 DC, Journal officiel de la République Française of 13.06.2009, 9675, paras. 2 et seq. An English version of the decision is available at http://www.conseil-constitutionne l.fr/conseil-constitutionnel/root/bank/download/2009580DC2009_580dc.pdf (last accessed 17.05.2014). For an analysis of the decision see also William Benassiano, L'inconstitutionnalité, sanction de l'identification d'un pouvoir de répression pénale dévalué. Décision no 2009-580 DC du 10 juin 2009, Revue française de droit constitutionnel 2010, no 81, 168–174; Aurélie BinetGrosclaude, La décision du Conseil constitutionnel du 10 juin 2009 relative à la loi favorisant la diffusion et la protection de la création sur internet : un coup d'arrêt au pouvoir de sanction des AAI ?, Droit Pénal 2009, no 11, 11–17; Iliana Boubekeur, De la « loi HADOPI » à la « loi HADOPI 2 ». Analyse de la décision du Conseil constitutionnel 2009-580 DC et de ses conséquences, Revue Lamy Droit de l'Immatériel 2009, no 51, 107–113; Jacques Francillon, Téléchargement illégal. Heur et malheur de la loi Création et Internet : la loi HADOPI censurée par le Conseil constitutionnel, Revue de science criminelle et de droit pénal comparé 2009, no 3, 609–622; Gautron, Allan, La « réponse graduée » (à nouveau) épinglée par le Conseil constitutionnel. Ou la délicate adéquation des moyens aux fins, Revue Lamy Droit de l'Immatériel 2009,no 51, 63–73; Laure Marino, Le droit d'accès à internet, nouveau droit fondamental, Recueil Dalloz 2009, 2045–2046; Thierry Revet, Droit de propriété sur droit de propriété ne vaut, Revue trimestrielle de droit civil 2009, no 4, 754–756; Thierry Revet, La consécration de la liberté d'accéder aux services de communication au public en ligne, protection comme res de la position contractuelle permettant l'accès au réseau internet ?, Revue trimestrielle de droit civil 2009, no 4, 756–757; Dominique Rousseau, Hado-pirate la Constitution : le Conseil sanctionne !, Revue Lamy Droit de l'Immatériel 2009, no 51, 103–105; Charles Simon, Les adresses IP sont des données personnelles selon le Conseil constitutionnel, Revue Lamy Droit de l'Immatériel 2009, no 51, 114–115.

291

Second Chapter: User-Targeted Responses

sanctions, and most notably, were held to infringe freedom of expression. 1047 Article 5 of the HADOPI I Law which was referred for review inserted into the CPI the section regulating the HADOPI. HADOPI was supposed to be composed of a board and a committee for the protection of copyright. While the board should be responsible for promoting and furthering the lawful offer of intellectual property, the task of the Committee for the protection of copyright is to trigger the new warning mechanisms and administrative penalties incurred by Internet access holders who failed to monitor their connection.1048 The provisions on the warning scheme were to be incorporated in Article L.331-27 of the CPI, which was supposed to set forth the following: “When it has been ascertained that the subscriber has failed to comply with the duty defined in Article L 336-3 in the year following receipt of a recommendation addressed by the Committee for the protection of copyright accompanied by a signed acknowledgment of receipt or any other means likely to prove the date of the sending of said recommendation and its receipt by the subscriber, the Committee may, after a full hearing of all parties, impose one of the following penalties depending on the seriousness of the failure to comply and the use of Internet access: 1° Suspension of access to the Internet for a period of between two months and one year accompanied by the impossibility for the subscriber to enter into any other contract with any other operator for access to online public communication services 2° An injunction to take, within a period determined by the Committee, measures designed to prevent any repetition of the breach of duty ascertained, in particular by installing a security device from among those listed in paragraph 2 of Article L 331-32, and to account for the same to the High Authority on pain, if need be, of payment of a financial penalty.”1049 It was foreseen that under Article L.331-28, HADOPI’s Committee for the protection of copyright may, before initiating penalty proceedings, propose an amicable arrangement whereby the subscriber concerned has his connection suspended for a period of one to three months, or is put under a duty to prevent the re-occurrence of said breach of duty. In addition Arti-

1047 Conseil constitutionnel, Decision of 10.06.2009 – No. 2009-580 DC, Journal officiel de la République Française of 13.06.2009, 9675. 1048 Ibid, para. 4. 1049 Ibid, para. 9.

292

B. National Enforcement Measures Against Users

cle L.331-29 was supposed to authorise the Committee to impose the penalties provided for in Article L.331-27 in the event of non-compliance with the amicable agreement.1050 In addition, Article L.331-30 specified the contractual consequences of a suspension order, while Article L. 331-32 determined the manner for drawing up the list of devices to be installed in order to exonerate the access holder from all penalties; Arts. L. 331-33 and L.331-34 set up a national register of names of persons whose access has been suspended. The Committee for the protection of copyright was supposed to retain the technical data supplied to it until an Internet access has been completely suspended (Article L.331-36). These provisions have all been declared unconstitutional by the Conseil constitutionnel. In analysing the provisions, the Court paid regard to the importance of access to the Internet in a networked world for the participation in democracy and the expression of ideas and opinions and concluded that Article 11 of the Declaration of 1789 implies the freedom to access online communication services.1051 Article 11 of the Declaration of 1789 proclaims: “The free communication of ideas and opinions is one of the most precious rights of man. Every citizen may thus speak, write and publish freely, except when such freedom is misused in cases determined by Law”. Having regard to the nature of the freedom guaranteed by Article 11 of the Declaration of 1789, the Court held that the legislature could not entrust the Committee for the protection of copyright, an administrative authority, with such powers to impose penalties created by the challenged provisions of Articles 5 and 11 of the Loi HADOPI I.1052 Considering that the powers to suspense access were not limited to a specific category of persons but extended to the entire French population, the powers of the Committee have the potential to restrict the right of any person to exercise his right to free expression and communication, in particular from his own home.1053 As freedom of expression and communication are considered as the cornerstones of a democratic society and a prerequisite for other rights and freedoms, any restriction placed on these freedoms has to be proportionate in achieving its goal.1054 The Court concluded that the principle of

1050 1051 1052 1053 1054

Ibid, para. 10. Ibid, para. 12. Ibid, para. 16. Ibid, para. 16. Ibid, para. 15.

293

Second Chapter: User-Targeted Responses

proportionality had not been respected, although the goal of the challenged provisions was legitimate, namely the protection of copyrights and related rights enshrined in Arts. 2 and 17 of the Declaration of 1789.1055 Considering that, pursuant to Article 9 of the Declaration of 1789 every man is presumed innocent until proven guilty, the introduction of a reversal of the burden of proof by presuming guilt on the part of an Internet access holder was also held unconstitutional.1056 As regards the right to privacy enshrined in Article 2 of the Declaration of 1789, the Court stressed that the Constitution requires the right to privacy and other constitutional rights such as the right to property to be balanced.1057 In that regard, allowing private entities to collect data that allows the identification of Internet access subscribers was held to be a disproportionate infringement of the right to privacy.1058 However, the Court did not agree with the referring parties that “the possibility of blocking, by measures and injunctions, the functioning of telecommunications infrastructures … might deprive many Internet users of the right to receive information”.1059 In summary, the Court did not criticise the sanction of Internet access suspension as such. However, the Court concluded that authorising an administrative authority to order said suspension infringes Article 11 of the Declaration of 1789. A sanction which may have such a severe impact on the fundamental rights and freedoms of an individual requires a decision by a judge. cc) Loi Relative à la Protection Pénale de la Propriété Littéraire et Artistique sur Internet – Loi HADOPI II Following the decision of the Conseil constitutionnel and the removal of the penal aspects from the law, the Loi HADOPI II was drafted. The Loi no. 2009-1311 du 28 octobre 2009 relative à la protection pénale de la

1055 1056 1057 1058

Ibid, para. 13. Ibid, para. 18. Ibid, paras. 22 et seq. Ibid, para. 27. It must be noted, that the Court did not declare the provisions on the gathering of data by private entities (acting on behalf of the rightholders) to identify Internet access subscribers unconstitutional. 1059 Ibid, para. 37.

294

B. National Enforcement Measures Against Users

propriété littéraire et artistique sur Internet – Loi HADOPI II1060 was designed to complete the then incomplete Loi HADOPI I. In essence, it lays down the competences of the different actors involved in the execution of the warning procedures as well as the role of courts in this system. Most importantly, Article 2 introduces Article L. 335-7 into the CPI, which foresees a sanction for gross negligent non-compliance with the aforementioned obligation to secure an Internet access.1061 The mere abstention from securing a connection does not in itself constitute the offence: Gross negligence will only be established where an Internet connection is actually used for the purposes of copyright infringement within one year following a second warning by HADOPI1062 and when it appears that without justification the Internet subscriber has failed to implement security mechanisms. At procedural level, it was foreseen that the public prosecutor would be in charge to bring an action before a criminal court for alleged infringements.1063 HADOPI II also introduced two further offences: an infringement of the prohibition on the Internet user to sign up with another access provider during the suspension period,1064 and the failure of the access provider to suspend access after notification by HADOPI.1065 Essemtially, the Loi HADOPI II reinforces the repressive nature of the law: this is not so much because a judge may impose a EUR 1,500 fine combined with a maximum one month Internet access suspension, when an Internet access subscriber fails to comply with his obligation to monitor his connection. It is rather the cumulation of penalties, namely that an infringer faces a fine, suspension of Internet access combined with the

1060 Available online at http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JOR FTEXT000021208046&dateTexte=& categorieLien=id (last accessed 17.05.2014). 1061 The term used in Article L. 335-7-1 is “négligence caractérisée”. Christophe Geiger uses the translation “blatant negligence”, see Christophe Geiger, Honourable attempt but (ultimately) disproportionately offensive against peer-topeer on the internet (HADOPI) – a critical analysis of the recent anti-file-sharing legislation in France, International Review of Intellectual Property and Competition Law 2011, Vol. 42, 457, 468, Fn. 49. 1062 It was foreseen that the first warning was sent by email, while the second warning would have to be sent by registered letter against signature. 1063 Article 398 of the Code de Procédure Pénale (CPP). 1064 Article L. 335-7-1 of the CPI. 1065 Article L. 335-7 of the CPI.

295

Second Chapter: User-Targeted Responses

prohibition to sign up for another contract and the obligation to pay the subscription fee, that gave rise to concern.1066 However, such a cumulation is nothing special in law, considering that speeding in a car may also be sanctioned with a fine and a driving ban. At all, it came to no surprise when members of the National Assembly addressed the Conseil Constitutionnel contending that Articles 1, 6 to 8 and 11 Loi HADOPI II were unconstitutional.1067 The Conseil constitutionnel held the challenged provisions essentially to be constitutional with the exception of Article 6 II Loi HADOPI II.1068 Article 6 of the Loi HADOPI II introduced a specific procedure applicable to copyright infringements committed via Internet. The second paragraph of Article 6 set forth that requests for damages will be decided upon by a single judge in the course of a summary order. Details of the proceedings such as for instance the effects of possible objections by the defendant would have been subject to future regulations, which in particular was held to be unconstitutional.1069 Although this did not have any impact on the revised graduated response scheme, it was nevertheless quickly addressed by the legislator.

1066 Cf. Christophe Geiger, Counterfeiting and the music industry: towards a criminalization of end users? The French ‘HADOPI’ example, in: Christophe Geiger (ed), Criminal enforcement of intellectual property (2012), pp. 397 et seq. 1067 Conseil constitutionnel, Decision of 22.10.2009 – no. 2009-590 DC, Journal officiel de la République Française of 29.10.2009, 18292. An English version of the decision is available at http://www.conseil-constitutionnel.fr/conseil-constitu tionnel/root/bank/ download/2009590DCen2009_590dc.pdf (last accessed 17.05.2014). For an analysis of this decision, see William Benassiano, Décision no 2009-590 Dc du 22 octobre 2009, La sanction de l'incompétence négative, Revue française de droit constitutionnel 2010, 390–396; Florence Chaltiel, La loi HADOPI II de nouveau censurée, Petites affiches 2009, no 235 (25.11.2009), 7–13; Emmanuel Derieux, Validation par le Conseil constitutionnel de l'essentiel des dispositions de la loi 'HADOPI 2', Revue Lamy Droit de l'Immatériel 2009, no 54, 6–8; Dominique Rousseau, Après HADOPI 1et HADOPI 2, HADOPI 3? La décision du Conseil constitutionnel du 22 octobre 2009, Légipresse 2009, no 267, 173–174; Michel Verpeaux, Loi Hadopi 2, contrôle à double détente : 1. A propos de la décision du Conseil constitutionnel du 22 octobre 2009, La Semaine Juridique, Édition générale 2009, no 46, 15–17. 1068 Art. 6 II Loi HADOPI II would have amended Article 495-6-1 Code de procedure pénale. 1069 The offence may be tried before a criminal court (tribunal correctionnel) sitting with a single judge or under the summary procedure of a criminal order.

296

B. National Enforcement Measures Against Users

dd) Summary The graduated response scheme, that results from the Loi HADOPI II and that will be analysed in the following, has not been the first French legislative effort to find a legal solution to the problem of unauthorised filesharing via peer-to-peer networks. It rather constitutes the preliminary end to a struggle to find a solution that aims at respecting not only the interests of the rights owners but also the fundamental rights of the users. The foundation for Loi HADOPI I and II was laid by the Loi DADVSI which imposed upon Internet access subscribers an obligation to monitor their access, when it laid down that Internet access subscribers must ensure that their access is not used for the purpose of reproducing or presenting intellectual works without the rights-holders’ authorisation. The need for the HADOPI laws arose from the fact that the monitoring obligation somehow was a blunt instrument, because it was not associated with any sanctions and enforcement mechanisms. A system intended to combat unauthorised file-sharing was left incomplete, until the HADOPI I and II laws were passed aiming to close that gap. While the HADOPI I and II laws were passed under the pretence to prefer an “educational and preventive approach” to a repressive solution, they centre around a system that beside education clearly focusses on sanctioning potential infringers. This regime that provides for a system based on the failure to comply with an obligation to monitor, is no substitution for criminal prosecution but amends them.1070 c) Outline and Functioning of the Current Graduated Response Scheme The warning model foreseen by the Loi HADOPI II has both a preventive and educational character, as well as a repressive character. The model where warnings precede a sanction intends to hinder further infringements by teaching the Internet access holders about the legal situation. The Inter-

1070 The absence of a rule to prevent the cumulation of penalties has been criticised by scholars. See Alain Strowel, La loi création et Internet : de la confirmation d’un ‘droit d’accès’ en droit d’auteur à l’analyse de la proportionalité de la réponse graduée, in : Institut de Recherche en Propriété Intellectuelle (ed.), Contrefaçon sur Internet : Les enjeux du droit d'auteur sur le Web 2.0 (2009), p. 119.

297

Second Chapter: User-Targeted Responses

net user or more precisely the Internet access subscriber that potentially does not know that unauthorised file-sharing contravenes the law, will be exempted from legal consequences for a first and even a second infringement. Due to the central role of HADOPI (= the High Authority) the following analysis will first outline the role and composition of the Authority before focussing on the details of the graduated response scheme. aa) The Missions and Powers of HADOPI Article L. 331-13 CPI vests three missions to Haute Autorité pour la diffusion des oeuvres et la protection des droits sur Internet (HADOPI): (i) to promote the development of legal content services, and monitor the legal and illegal use of works that are subject to a copyright or neighbouring right on digital communications networks used to provide public online communications services, (2) to protect these works against infringements of these rights committed on electronic communications networks, and (iii) to regulate and monitor in the field of technical measures to protect and identify copyright-protected works and objects. HADOPI has been given extensive competences to prevent online copyright infringements, to prosecute and sanction them. Essential in this system is the education and warning of Internet users. HADOPI has the status of a so-called “Autorité publique indépendante”. As such, HADOPI carries out public tasks without being under the auspices of a French ministry. The Authority is composed by a board and the so called Rights Protection Commission,1071 with the latter being in charge of executing the measures laid down by the HADOPI law.1072 The execution of these measures means that the Rights Protection Commission oversees the graduated response procedure set forth in Article L. 331-25 CPI that will be initiated if the Commission has evidence proving a failure of an Internet subscriber to meet his obligation to ensure that his Internet access is not used to commit copyright infringements. In that respect, the Commission has powers to receive claims, and as regards the gathering of evidence, the Rights Protection Commission is also vested with police 1071 L. 331-15 CPI. 1072 For the organisational structure of HADOPI see HADOPI, 2010 Activity Report (2011), p. 20.

298

B. National Enforcement Measures Against Users

powers.1073 Accordingly, the Commission may conduct investigations, question the accused and gather further information in relation to the offence. Pursuant to Articles 431 and 537 Code de procédure pénale (CPP), the reports of the Rights Protection Commission serve as evidence until the contrary is proven. In executing its mandate under the HADOPI laws, the Rights Protection Commission is not bound by the terms and conditions of Article 40 CPP, meaning that when in possession of material evidence of an infringement and information about the subscriber, the Rights Protection Commission is not obliged to forward the information to the public prosecutor. An obligation as under Article 40 CPP, namely the obligation to inform public prosecution upon acquiring knowledge of an offence while carrying out public tasks, would render the graduated response procedure ineffective.1074 As regards the sending out of warnings under the graduated response scheme, the Rights Protection Commission is free to decide whether it sends a warning or not. HADOPI is also free to forward a case to the public prosecutor, even where it has previously sent out two warnings.1075 bb) How the Graduated Response Scheme Works In the following, the different steps of the graduated response procedure and the consequences at the end of the procedure are outlined. (1) Gathering of Information of Infringements Prior to the HADOPI laws, the collection and processing of IP addresses of users suspected of committing online infringements were solely cov-

1073 This constitutes a major change to the previous legal regime: It is no longer the police and the gendarmerie that are vested with these powers and are solely in charge of the preliminary investigations, see Articles 15 and 28 CPP. 1074 HADOPI, 2010 Activity Report (2011), p. 31. 1075 Cf. Article 331-25 CPI, which does not state at any point that HADOPI is obliged to send a warning or forward a report to the public prosecuor’s office. This power departs from the provisions in Article 40 CPP, but only for offences regulated by the HADOPI laws, i.e. Articles L. 335-2, L. 335-3, L. 335-4 and R. 335-5 CPI.

299

Second Chapter: User-Targeted Responses

ered by the Loi informatique et libertés de 1978.1076 Article 9 of said law expressly allows some legal entities representing the right owner (in particular collecting societies) to collect and process the data that is necessary to enforce copyright infringement. The LOI HADOPI I now provides that online copyright infringements may be reported to HADOPI by the public prosecution or sworn agents of rights-holders (including collecting societies) that have been accredited by the Ministry of Culture.1077 Pursuant to Article 9(4) of the Loi informatique et libertés, these sworn agents acting by virtue of the rights they administer, or on behalf of victims of copyright infringements, and for the purposes of ensuring the enforcement of these rights, may process personal data relating to offences under the condition that this data processing activity is authorised by the CNIL1078 as requires by Article 35 the Loi informatique et libertés. In practice, the rights-holders have instructed the private company Trident Media Guard1079 to search peer-to-peer networks for copyrighted material and retrieve IP addresses of potential copyright infringers. Although the HADOPI laws do not limit the scope of the graduated response scheme to a specific uploading or downloading technique, the decree on the automated processing of personal data1080, that has to be obeyed by the Rights Protection Commission when administering the warning letters, only refers to illegal acts of uploading and downloading committed on peer-to-peer networks, and thereby narrows the scope of application.1081 Trident Media Guard has a catalogue of works for which it monitors peer-to-peer networks.1082 Once Trident Media Guard has detected that an Internet access has been used to disseminate copyrighted works, they will save a file containing an extract of the infringing work (so-called ‘chunk’)

1076 Loi n° 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés. 1077 L. 331-24 and L.331-2 of the CPI. 1078 The Commission Nationale de l'Informatique et des Libertés (CNIL) is the French data protection authority. 1079 www.tmg.eu. 1080 Décret no 2010-236 du 5 mars 2010 relatif au traitement automatisé de données à caractère personnel autorisé par l'article L. 331-29 du CPI dénommé « Système de gestion des mesures pour la protection des œuvres sur Internet ». 1081 HADOPI, 2010 Activity Report (2011), p. 34. 1082 Ibid.

300

B. National Enforcement Measures Against Users

that they may then refer to the Rights Protection Commission.1083 It is important for them to provide HADOPI with as much evidence as possible, because HADOPI decides – based on the notification – whether it will initiate the graduated response procedure. The rights-holder may also choose to address the criminal justice system directly on grounds of infringement – a way that the rights-holders could also pursue prior to the passing of the HADOPI laws.1084 In that respect, they would have to prove that they have identified the actual infringer, which is far more difficult than entering the warning procedure, due to the limited information that can be retrieved from a peer-to-peer network. The warning procedure only requires evidence with respect to an infringement that has happened online and has been committed from a specific IP address, which can be provided to HADOPI.1085 In particular, in addition to the extract from the infringing work, the Rights Protection Commission needs to be presented with the following evidence: (i) proof of the information relating to the sworn agent who signed the claim; (ii) proof of the information relating to the acts observed: the acts must have occurred within the previous six months,1086 the date and time of the observation, the peer-to-peer protocol used, information on the copyright-protected works and the file name; (iii) proof of the information regarding the identity of the infringer: the IP address retrieved on the date and at the time of the infringement, the Internet service provider used, and the pseudonyms used on the peer-to-peer network by the infringer; (iv) proof of the presence of a sworn statement certifying that the person filing the claim is authorised to act on behalf of the copyright holder.1087

1083 Mireille Imbert-Quaretta/Jean-Yves Monfort/Jean-Baptiste Carpentier, La contravention de négligence caractérisée à la lumière de la mise en œuvre de la procédure de réponse graduée, La Semaine Juridique–Édition Générale 2012, no 19, 966, 969. 1084 HADOPI, 2010 Activity Report (2011), p. 30. 1085 A prerequisite to be charged with the failure to secure an Internet access is that the subscriber has been notified about infringements taking place via his connection. 1086 Article 331-24 CPI. 1087 HADOPI, 2010 Activity Report (2011), p. 35. As regards the data processed see also the annex to Décret no 2010-236 du 5 mars 2010 relatif au traitement automatisé de données à caractère personnel autorisé par l'article L. 331-29 du CPI dénommé « Système de gestion des mesures pour la protection des œuvres sur Internet ».

301

Second Chapter: User-Targeted Responses

Only following the submission of the required evidence of the alleged infringement by the rights-holder, or a prosecutor, HADOPI will initiate its warning procedure.1088 If HADOPI opens a dossier, they are entitled to obtain all documents relevant for the case from electronic communication operators and service providers mentioned in Article 6-1 and 2 of the Loi de 21 juin 2004 pour la confiance dans l’économie numérique (LCEN). In particular, HADOPI has an information right as regards the identity of a subscriber behind a certain IP address at a given time. The Rights Protection Commission will send disclosure requests to the respective Internet service providers who are obliged to provide the following information on the subscriber within eight days: full name, telephone number, address where the subscriber’s telephone line is installed, postal and email addresses.1089 The email address is the one that the Internet service provider himself uses to contact the subscriber. It can either be an address created for the subscriber when he signed up for the subscription plan, or an address that was given to the service provider by the subscriber when the subscription started.1090 Only HADOPI will have access to the transmitted data.1091 In order to ensure that the required data is available from access providers, Article L.34-1 Code des postes et des communications électroniques provides that access providers are obliged to store traffic data for a period of up to one year for the purpose of investigating, detecting and prosecuting criminal offences as well as copyright infringements, and with the sole purpose of making information available, as appropriate, to the judicial authorities and to the Hadopi (in compliance with Article L.331-12 CPI). Rights-holders and their representatives cannot cooperate directly with access providers to

1088 Article L. 331-24, 331-25 CPI. 1089 The obligation arises from R. 331-37 and R. 331-38 of the CPI. Internet service providers who do not disclose the identity of an Internet access subscriber face a fine under Article L. 331-38. In order to ease communication with the five largest Internet access providers in France, an electronic information network has been established by HADOPI with the respective providers, see HADOPI, 2010 Activity Report (2011), p. 42. 1090 Ibid, p. 35. 1091 Article 4 of Décret no 2010-236 du 5 mars 2010 relatif au traitement automatisé de données à caractère personnel autorisé par l'article L. 331-29 du CPI dénommé «Système de gestion des mesures pour la protection des œuvres sur Internet».

302

B. National Enforcement Measures Against Users

obtain from them data identifying a subscriber for the purpose of copyright enforcement. If HADOPI has doubts that an alleged infringement has taken place, the Authority may conduct a hearing of the applying rights-holder and the Internet subscriber concerned at any stage.1092 If the Authority concludes that an infringement has taken place, its Rights Protection Commission may forward the case to the competent prosecutor. There is no obligation to forward the case, but HADOPI has discretion to do so.1093 Usually, if there is sufficient evidence that an infringement has taken place, HADOPI will issue a warning. (2) The Warning Procedure As aforementioned, the French warning scheme is a three strikes model, in which an alleged infringer of copyright may be sanctioned following three alleged infringements. Basis for all warnings is the amendment in the CPI that an Internet access subscriber must ensure that his connection is not used for copyright infringements.1094 If an infringement is detected in the manner mentioned above, it will be assumed that the Internet connection subscriber has not sufficiently secured his connection. He will receive a warning by HADOPI. The warning has to be sent within two months fol-

1092 Christophe Geiger, Honourable attempt but (ultimately) disproportionately offensive against peer-to-peer on the internet (HADOPI) – a critical analysis of the recent anti-file-sharing legislation in France, International Review of Intellectual Property and Competition Law 2011, Vol. 42, 457, 466. 1093 Mireille Imbert-Quaretta/Jean-Yves Monfort/Jean-Baptiste Carpentier, La contravention de négligence caractérisée à la lumière de la mise en œuvre de la procédure de réponse graduée, La Semaine Juridique – Édition Générale (2012), no 19, 966, 971. 1094 Cf. The wording of the first paragraph of Article L.336-3 CPI: “A person who has subscribed to Internet access to online public communication services is under a duty to ensure that said access is not used for reproducing, showing, making available or communicating to the public works or property protected by copyright or a related right without the authorization of the copyright holders provided for in Books I and II when such authorization is required”. The English translation is taken from the official English translation of the Decision of the Conseil Constitutionnel (Decision of 10.06.2009 – No. 2009-580), available at http://www.conseil-constitutionnel.fr/conseil-constitutionnel/root/bank_mm/a nglais/2009_580dc.pdf (last accessed 17.05.2014).

303

Second Chapter: User-Targeted Responses

lowing the notification of an infringement to HADOPI.1095 The warning does not contain any information about the file that has been shared,1096 or any pseudonyms used by the file-sharer,1097 but indicates the date and time of the allegedly infringing acts, as well as the contact details of HADOPI, so that the subscriber can request further information.1098 Originally, it did also not mention the peer-to-peer protocol,1099 but this has subsequently been changed to allow the subscriber to understand the origin of the facts with which he is confronted.1100 The warning further contains information about the subscriber’s obligation to secure and monitor his Internet access and information about how an Internet connection can be secured.1101 He will also be informed about the legal consequences for non-compliance. In addition, the warning also informs about existing legal download alternatives on the Internet and the negative effects for the cultural sector and creative industries, when intellectual property rights are not respected.1102 By the latter, the French warning system intends to give priority to an educational and preventive approach.1103 It is not required that the person that

1095 Article 2 of the Decrét no 2010-236 du 5 mars 2010 sets forth that the data contained in any claim submitted to the Rights Protection Commission must be deleted from the Commission’s information system two months after receipt if the Commission has not sent a warning to the subscriber within that time. 1096 Article L. 331-25 CPI expressly stipulates that the warnings “do not disclose the content of the copyright-protected works” in question. Thereby, the legislator wanted to pay regard to the fact that the actual infringer does not necessarily have to be the subscriber. The privacy of the infringer was intended to be kept confidential, cf. HADOPI, 2010 Activity Report (2011), p. 37. 1097 Ibid, p. 38. 1098 Alain Stowel, The “Graduated Response” in France, in: Irini Stamatoudi, Copyright enforcement and the Internet, p. 147, 149. 1099 HADOPI, 2010 Activity Report (2011), p. 38. 1100 HADOPI, Rapport Annuel 2012/2013 (2013), p.9. 1101 Article L. 331-25 para. 1 CPI. As regards the protection of an Internet connection, the HADOPI has the competence to establish a list of adequate security measures, see Article L.331-26 para. 2 CPI. 1102 Ibid. By 2013, the first warning provides the subscriber with a link to a video by HADOPI, by which the Authority tries to raise awareness of intellectual property rights and educate the recipients about such rights. See HADOPI, Rapport Annuel 2012/2013 (2013), p.9. 1103 Christophe Geiger, Honourable attempt but (ultimately) disproportionately offensive against peer-to-peer on the internet (HADOPI) – a critical analysis of the recent anti-file-sharing legislation in France, International Review of Intellectual Property and Competition Law 2011, Vol. 42, 457.

304

B. National Enforcement Measures Against Users

carried out the infringement is identified. The first warning is sent by email via the access provider to the Internet access subscriber.1104 As mentioned above, the email address is the one used by the Internet access provider in its communication with the subscriber.1105 Once the first warning is sent, the graduated response scheme becomes adversarial because now the subscriber can obtain information on the infringement and request a hearing by the Rights Protection Commission.1106 If a particular Internet access subscriber’s IP address is detected again for alleged copyright infringement within a period of six months following the first warning, a second warning will be sent.1107 In contrast to the first warning, the second warning will be sent by registered mail with confirmation of receipt.1108 However, the content will be the same as in the first warning. The second warning is one of the constitutive elements of the offence of gross negligent failure to implement security measures with regard to an Internet access. If within one year of the receipt of the second warning, a further infringement is established from that very Internet access, the subscriber will be informed about possible criminal sanctions by a registered letter delivered against signature (so-called délibération).1109 In detail, the letter informs him about the evidence collected that may lead to a sanction under the gross negligence offence, and that the file can be forwarded to the public prosecutor so that he may take legal action. The subscriber is granted a 15 day period to deliver his comments or request a hearing.1110 At the same time he is requested to specify his financial resources.1111 Because HADOPI will assess and review the facts, and has discretion

1104 According to Décret no 2010–1202 du 12 octobre 2010 modifiant l'article R. 331-37 du CPI, the Internet access subscribers are obliged to forward the warning to their subscribers within 24 hours. 1105 This may either be an email adress specifically created by the Internet service provider for the subscriber when he signed up for the subscription plan, or an address that the service provider was informed of by the subscriber when the subscription plan started. HADOPI, 2010 Activity Report (2011). 1106 Ibid, p. 36. 1107 Article L.331-25 para. 2 CPI. 1108 Ibid. 1109 Article L.335-7 para. 1 and R.335-5 II para. 2 CPI. 1110 Article R.335-40 CPI. 1111 Ibid.

305

Second Chapter: User-Targeted Responses

whether it forwards a case to the prosecutor’s office; accordingly, a third time detection does not necessarily mean that the case is forwarded to the public prosecutor.1112 The processing of personal data by HADOPI is regulated by a decree, which inter alia sets forth that only HADOPI has access to its database of potential infringers, and also stipulates the time frame after which personal data has to be deleted.1113 In general, all personal data must be deleted, when no further measures can be taken by HADOPI against the person to whom the data refers.1114 (3) Consequences: Referral to the Prosecutor’s Office and Criminal Proceedings Originally, the HADOPI law foresaw that HADOPI itself had punitive powers and could order the suspension of an Internet access, but this provision has been declared unconstitutional by the Conseil Constitutionnel.1115 The Loi HADOPI II now provides that HADOPI can hand a sum-

1112 If HADOPI decides to hear the subscriber concerned (who is also entitled to request a hearing), an official report of the hearing will be sent to the subscriber. See Alain Stowel, The “Graduated Response” in France, in: Irini Stamatoudi, Copyright enforcement and the Internet, pp. 147, 150. 1113 Décret no 2010-236 du 5 mars 2010 relatif au traitement automatisé de données à caractère personnel autorisé par l'article L. 331-29 du CPI dénommé« Système de gestion des mesures pour la protection des œuvres sur Internet ». 1114 See ibid, Article 3. The Décret also stipulates that only HADOPI has access to the stored data. For instance, personal data must be deleted: in cases where no warning was issued following a first time notification, the personal data (= evidence provided to HADOPI, as well as full name, telephone number, address where the subscriber’s telephone line is installed, postal and email addresses) has to be deleted within two months; in cases where a first warning was issued, but there has been no second detection of that particular subscriber, the data has to be deleted within 14 months; in cases where two warnings have been issued, but no report was forwarded to the public prosecutor’s office, the data has to be deleted within 21 months; in case a report has been issued to the public prosecutor’s office and the prosecutor did not bring charges, the data has to be deleted one year following the issue of the report. 1115 Conseil Constitutionnel, Decision of 10.06.2009 – No. 2009-580 DC, Journal officiel de la République Française of 13.6.2009, 9675. The unconstitutional parts of the Loi HADOPI I have been replaced by Loi n°2009-1311 du

306

B. National Enforcement Measures Against Users

mary report to the public prosecutor’s office of the competent district court,1116 which will then have to decide whether criminal proceedings will be initiated.1117 The public prosecutor may also pursue further investigations in order to establish whether the concerned subscriber has himself infringed copyright (for example by searching for infringing copies on his computer). The public prosecutor also decides whether he brings charges for wilful copyright infringement against the subscriber, or whether he charges the subscriber over the gross negligent failure to implement security measures with regard to his Internet access. The latter is punishable by a fine of up to EUR 1,500,1118 while wilful copyright infringement via the Internet is punishable by up to three years’ imprisonment, a fine of up to EUR 300,000 and the suspension of the infringer Internet access of up to one year.1119 Until 10 July 2013, the gross negligent failure to implement

1116 1117 1118

1119

28.10.2009 relative à la protection pénale de la propriété littéraire et artistique sur Internet (Loi HADOPI II). Article R.331-43 CPI. Article 398 CPP. Article L.335-7-1 CPI states that “For offences in class 5 provided for by this code,…, the supplementary penalty defined in Article L. 355-7 may be imposed in the same manner, in the event of gross negligence, on the holder of a right of access to a public online communication service to whom the Committee for the Protection of Copyright, pursuant to Article L.331-25, has previously sent by registered letter delivered in person and duly signed for or by any other method ensuring proof of the date of receipt thereof, a recommendation asking said holder of access to implement security tools for its Internet access. Gross negligence shall be assessed on the basis of acts committed no later than one year from receipt by the holder of the recommendation referred to in the foregoing paragraph. In such cases, the maximum period of suspension shall be of one month. Failure by any person who has been the object of the supplementary penalty provided for herein to comply with the prohibition on entering into another contract for access to a public online communication service during the period of suspension shall render said person liable to a maximum fine of EUR 3,750.” English translation of Article L.335-7-1 CPI taken from Conseil constitutionnel, Decision of 22.10.2009 – no. 2009-590 DC, http://www.conseilconstitutionnel.fr/conseil-constitutionnel/root/bank/download/2009590DCen200 9_590dc.pdf. Article 335-7 CPI. Article L. 335-7 of the CPI introduces a supplementary penalty for copyright infringements committed via the Internet and consists of suspending access to the Internet for a maximum period of one year, together with a prohibition on entering into another access contract with any other Internet access provider. In detail said article states:

307

Second Chapter: User-Targeted Responses

security measures was also punishable by the suspension of Internet access of up to one month.1120 The offence of gross negligence was created by Loi HADOPI I which introduced Article R. 335-5 into the CPI. Article R. 335-5 states that gross negligence is provided where an Internet access holder has not implemented means to secure his access or has lacked diligence in implementing the security means. According to para. 2 of Article R. 335-5, this article is only applicable if the following conditions are met: (1) the subscriber concerned has received a second warning by HADOPI via registered mail against signature to implement security means to prevent further infringements of copyright or related rights, and (2) in the year following the receipt of this warning, his access has been used again for an infringe-

“When the offence has been committed by the use of a public online communication service, persons guilty of the offences provided for in Articles L. 335-2, L. 335-3 and L. 335-4 may also be liable to imposition of a supplementary penalty of suspension of access to a public online communication service for a maximum period of one year, together with a prohibition on taking out any other contract of a similar nature with another online access provider for the same period. When such a service is purchased as part of a commercial package including other types of service such as telephone or television connections, the decision to suspend online access shall not affect subscriptions to these other services. Suspension of access shall not, per se, affect the payment of the subscription fee to the service provider. Article L. 121-84 of the Consumer Code shall not apply during the suspension period.The costs of any termination of subscription during the suspension period shall be borne by the subscriber. When the decision is executory, the High Authority for the Diffusion of Works and Protection of Copyright on the Internet shall be informed of the supplementary penalty provided for herein and shall in turn notify the provider of access to public online communication services of the same in order for the latter to proceed to suspend access of the subscriber involved no later than 15 days of said notice. Failure by any provider of access to public online communication services to implement the notified order to suspend access shall carry a maximum fine of EUR 5,000. 3° of Article 777 of the Code of Criminal Procedure shall not apply to the supplementary penalty provided herein”. English translation of Article L. 335-7 of the CPI taken from Conseil constitutionnel, Decision of 22.10.2009 – no. 2009-590 DC, http://www.conseil-constitutionnel.fr/conseil-co nstitutionnel/ root/bank/download/2009590DCen2009_590dc.pdf. 1120 See Article R. 335-5 CPI in the version that was in force from 27.06.2010 to 10.07.2013.

308

B. National Enforcement Measures Against Users

ment.1121 Thus, charges under this offence can only be brought, where the rights-holder decided to initiate the graduated response scheme instead of addressing his claims directly to the public prosecutor. The new offence has its legal basis in Article L. 336-3, which imposes an obligation upon Internet access subscribers to ensure that their access is not being used for infringements of copyright or related rights. Committing the offence does not require mens rea: A “contravention” requires neither an intention to violate the law, nor an act of imprudence or negligence on behalf of the infringer.1122 However, the subjective element of the offence is narrower than mere negligence and is comparable to a breach of due diligence in tort law.1123 Only when the subscriber has been informed about his obligation to secure his Internet access by HADOPI, he may breach a known duty of law and be held liable.1124 It will then be his persistence to omit the implementation of security measures that is eventually punished under the condition that a further infringement is committed. The required security means are not defined from a technical point of view.1125 According to the wording of Article R. 335-5 of the CPI, the failure can take two forms: the total failure to secure an Internet connection, and the lack of diligence in installing a security mechanism. According to HADOPI, the latter covers those cases, where the security solution is ineffective, because, for instance, it had not been activated.1126 The law

1121 The offence can only be committed by accumulating three different infringements while the Internet access holder has not sufficiently secured his connection. 1122 HADOPI, 2010 Activity Report (2011), p. 33. Mireille Imbert-Quaretta/JeanYves Monfort/Jean-Baptiste Carpentier, La contravention de négligence caractérisée à la lumière de la mise en œuvre de la procédure de réponse graduée, La Semaine Juridique –Édition Générale (2012), no 19, 966, 969. The committing of the actus reus is sufficient to fulfil the requirements of an “contravention”. 1123 Ibid. 1124 Mireille Imbert-Quaretta/Jean-Yves Monfort/Jean-Baptiste Carpentier, La contravention de négligence caractérisée à la lumière de la mise en œuvre de la procédure de réponse graduée, La Semaine Juridique – Édition Générale (2012), no 19, 966, 969. 1125 HADOPI, 2010 Activity Report (2011), p. 33. Mireille Imbert-Quaretta/JeanYves Monfort/Jean-Baptiste Carpentier, La contravention de négligence caractérisée à la lumière de la mise en œuvre de la procédure de réponse graduée, La Semaine Juridique – Édition Générale (2012), no 19, 966, 969. 1126 HADOPI, 2010 Activity Report (2011), p. 33.

309

Second Chapter: User-Targeted Responses

itself does not impose the installation of a specific security means upon Internet access subscribers. Although HADOPI specifies security means in its warning letters, the law does not require the implementation of a security means approved by HADOPI. It is up to the Internet access holder to decide which method is appropriate to secure his connection.1127 In this regard, HADOPI concludes that a subscriber that decides to lock down his computer to stop people in his household from committing copyright infringements, implements an appropriate security means.1128 However, this can only be an appropriate means if the subscriber does not run an unsecured Wi-Fi router to which third parties may connect. It has been suggested that where a subscriber allows a third party to use his access, he will have to change the password following misuse by the third party in order to comply with the obligation to have his access secured.1129 If the public prosecutor decides to bring charges against a subscriber, he can decide whether the case will be dealt with in simplified proceedings before a single judge or in standard criminal proceedings.1130 Article 335-7-2 CPI sets forth that when considering the suspension of an Internet access, the court must take into account the circumstances and seriousness of the violation, the personality of the infringer including his professional and social activites and his economic situation.1131 The duration of the imposed suspension has to reflect a balancing of the fundamental rights

1127 Mireille Imbert-Quaretta/Jean-Yves Monfort/Jean-Baptiste Carpentier, La contravention de négligence caractérisée à la lumière de la mise en œuvre de la procédure de réponse graduée, La Semaine Juridique – Édition Générale (2012), no 19, 966, 969. 1128 HADOPI, 2010 Activity Report (2011), p. 33. A further not very helpful suggestion by the Rights Protection Commission was the statement that the only effective security means for someone that has committed a first infringement is to stop downloading. See Mireille Imbert-Quaretta/Jean-Yves Monfort/Jean-Baptiste Carpentier, La contravention de négligence caractérisée à la lumière de la mise en œuvre de la procédure de réponse graduée, La Semaine Juridique – Édition Générale (2012), no 19, 966, 969. 1129 Mireille Imbert-Quaretta/Jean-Yves Monfort/Jean-Baptiste Carpentier, La contravention de négligence caractérisée à la lumière de la mise en œuvre de la procédure de réponse graduée, La Semaine Juridique – Édition Générale (2012), no 19, 966, 969. 1130 Article 495 para. II No. 12 CPP. Alain Stowel, The “Graduated Response” in France, in: Irini Stamatoudi, Copyright enforcement and the Internet, p. 147, 150. 1131 Article L.335-7-2 CPI.

310

B. National Enforcement Measures Against Users

concerned, notably the protection of the respective intellectual property rights and the right of the subscriber to freedom of expression and communication, in particular in his home.1132 The HADOPI laws do not distinguish between natural and legal persons.1133 Accordingly, not only natural persons face a disconnection of their Internet connection but also legal persons. However, as regards the latter a suspension would, in most cases, disproportionately affect their business, and is thus, unlikely to be imposed. If the court imposes the suspension of an Internet access, the convicted subscriber will be prohibited from entering into a contract with another Internet access provider for the stipulated period.1134 The Internet access suspension does not affect the subscriber’s obligation to pay his subscription fees.1135 If he has a “multiple play” subscription, meaning bundled TV, Internet and phone access, the suspension sanction only applies to the Internet access.1136 If the public prosecutor has seized the standard criminal court, this court will also be competent to rule on damages that the copyright holder may claim.1137 Within the criminal proceedings and irrespective whether the subscriber is charged with direct infringement or failure to secure his Internet access, it needs to be established whether an infringement has been committed from the subscriber’s Internet access. The existence of material facts of illegal downloading does not necessarily imply an infringement. The Internet access holder may invoke force majeure or authorisation by law as justification.1138 Thus, the subscriber may claim that he had a legitimate reason to breach his monitoring duty and shall be exempted from criminal

1132 Ibid. 1133 However, Article 131-38 Code Penal foresees that fines are five times higher for legal persons. Accordingly, the maximum fine for legal persons in case of the negligence offence will be EUR 7,500. 1134 Article L. 335-7-1 CPI sets forth that entering into a contract with another Internet access provider constitutes an offense.The subscriber faces a fine of up to EUR 3,750. 1135 Article 335-7 CPI. 1136 Alain Stowel, The “Graduated Response” in France, in: Irini Stamatoudi, Copyright enforcement and the Internet, p. 147, 151. 1137 Ibid. 1138 Mireille Imbert-Quaretta/Jean-Yves Monfort/Jean-Baptiste Carpentier, La contravention de négligence caractérisée à la lumière de la mise en œuvre de la procédure de réponse graduée, La Semaine Juridique – Édition Générale (2012), no 19, 966, 970.

311

Second Chapter: User-Targeted Responses

liability.1139 If the subscriber is only accused for non-compliance with his obligation to monitor and secure his Internet access, it does not make a difference whether he can prove that he himself did not commit the offence, because liability results solely from the failure to secure his Internet access. An accusation for the gross negligence offence does at no point suggest that the subscriber has committed a copyright infringement himself. Hence, he will have to prove that he had legitimate reason for not implementing security mechanisms. The procedure, as it stands, means that before any decision will be rendered by a court, the case will be assessed two times outside of the court: once, when the Rights Protection Commission makes its decision whether to forward a dossier to the public prosecutor; once more, when the public prosecutor decides whether to bring charges against a subscriber. If a subscriber is convicted, he will also have a right to appeal the decision.1140 d) The Status quo The graduated response scheme was expected to lead to a significant reduction in unauthorised file-sharing by its two-fold approach of education and sanctions following two warnings. In the following section, an analysis of HADOPI’s statistics on the graduated response scheme will show that at least the mere existence of the graduated response scheme does not lead to a reduction in the numbers of first time infringers. Also, what can be seen is that the actual risk of being taken to court is rather low. In the subsequent section the cost-benefit relation of HADOPI as well as the public perception of the graduated response scheme will be briefly discussed before we look at the future of the HADOPI laws. aa) The Graduated Response Scheme in Numbers The graduated response scheme entered into force in 2010, and in August 2010, HADOPI received the first actionable claims from rights-hold-

1139 Ibid. 1140 See Alain Stowel, The “Graduated Response” in France, in: Irini Stamatoudi, Copyright enforcement and the Internet, pp. 147, 151.

312

B. National Enforcement Measures Against Users

ers.1141 In September 2010, the first requests for identification were sent to an Internet access provider.1142 In October 2010, for the first time, warnings were sent to Internet subscribers by email.1143 It took a further four months until in February 2011 the second stage of warnings was initiated for the first time.1144 While the first court decisions were expected to be rendered in 2011, it took much longer than anticipated for the first case to be brought before court: in September 2012, the first subscriber was convicted on the basis of the HADOPI laws.1145 The first suspension of an Internet access was ordered by a court in Seine-Saint-Denis in May 2013 for the failure to secure an Internet access.1146 In addition to an Internet suspension of 15 days, the subscriber was fined EUR 600. The Court refrained however from imposing a total Internet ban on the subscriber and ordered instead that – irrespective of the sanction – the subscriber shall be granted access to email, messenger and VoIP services.1147 That the first judgements were rendered relatively late came as a surprise, considering that until the end of 2011 alone more than 824,000 first warnings and more than 68,000 second warnings had been sent out.1148 In 114 cases, a délibération had been issued.1149 If one looks at the recent statistics by HADOPI, there is even an upward trend as regards the warnings: In 2013, in average 84,000 first warnings and more than 11,000 sec-

1141 1142 1143 1144 1145

1146

1147 1148 1149

HADOPI, 2010 Activity Report (2011), p. 11. Ibid. Ibid. Ibid. AFP, HADOPI : Première condamnation d’un internaute, Libération (13.09.2012). The subscriber argued that he did not possess the required technological knowledge to download files from the Internet. Although his living-in partner confessed the unauthorised download of two Rihanna songs, the subscriber was fined EUR 150. The basis for his conviction, was the failure to secure his Internet connection. Pascal Lainé, Belfortain poursuivi pour téléchargement illégal : EUR 150 d'amende, Le Pays (13/09/2012). Marc Rees, Hadopi : EUR 600 d’amende et quinze jours de suspension pour un abonné, PC Inpact (12.06.2013). This suspension was also the one and only suspension imposed upon a subscriber for the offence of gross negligence, see below. As reported by the PC magazine PC Inpact, see ibid. The statistics are updated by HADOPI on a monthly basis and can be accessed via http://www.hadopi.fr/actualites/reponse-graduee/chiffres-cles. Ibid.

313

Second Chapter: User-Targeted Responses

ond warnings were issued per month.1150 October 2013 topped all previous months with 138,000 first warnings, and two years on, in June 2015 an alltime high was reached with 231,000 first warnings been sent out.1151 In total, until July 2015, almost 4.9 million first warnings have been sent out.1152 In the light of these numbers, one might expect an increase in cases being filed to court, but the increase in warnings is not reflected in the reports forwarded to the public prosecutor’s office. According to HADOPI’s annual report 2013, only 51 dossiers have been transferred to public prosecution, although 663 délibérations had been issued.1153 Thus, in almost 9 out of 10 cases, the Rights Protection Commission decided against forwarding the case.1154 These decisions were not just influenced by the submissions by the subscribers, and the efforts they took to prevent that further infringements are committed via their connection during the whole warning procedure.1155 Often, the motivation for referring only such a small number of cases to the public prosecution was the absence of further infringements following the délibération.1156 In practice, the Commission only forwards a report to the public prosecutor when a new infringement took place within one year following the délibération. Hence, one may speak of a “fourth phase” within the three strikes procedure that has recently developed in practice.1157 One can assume that the Rights Protection Commission only forwarded such cases where they were convinced that the subscriber would be convicted. All eleven court decisions that have been rendered until June 2013, resulted in a guilty verdict.1158 The decisions were of a diverse nature, but all concerned the gross negligence

1150 HADOPI, Réponse graduée – Les chiffres clés (06.11.2013). Monthly updated statistics are available at http://www.hadopi.fr/actualites/reponse-graduee/chiffr es-cles. 1151 HADOPI, Réponse graduée – Les chiffres clés (30.05.2015). Monthly updated statistics are available at http://www.hadopi.fr/actualites/reponse-graduee/chiffr es-cles. 1152 Ibid. 1153 HADOPI, Rapport Annuel 2012/2013 (2013), p.9. The Report was published in October 2013. 1154 Ibid. 1155 Ibid. 1156 Ibid. 1157 Ibid. One reason for this are the findings of the Lescure Rapport which will discussed below. 1158 HADOPI, Rapport Annuel 2012/2013 (2013), p. 9.

314

B. National Enforcement Measures Against Users

offence, i.e. a breach of the obligation to secure one´s Internet access.1159 The sanctions imposed varied from a warning to a fine of between EUR 50 and EUR 600, and in one case an Internet access suspension of 15 days was imposed. 1160 Until now, no case has become public in which – following the initiation of the graduated response procedure – a subscriber was accused of wilful copyright infringement by the public prosecutor upon receipt of a dossier from HADOPI. Both, the Rights Protection Commission and the public prosecutors took advantage of the wide margin of appreciation granted to them, and only pursued few carefully selected cases. bb) The Unsatisfying Results of HADOPI The first court decision in application of the HADOPI laws was eagerly anticipated by the public, even outside France.1161 As mentioned above, it took much longer than expected until the first decisions were rendered. In fact, in 2012, only three decisions were rendered by criminal courts.1162 In the first case, a fine was imposed upon a subscriber, in the second case a warning was issued by the criminal court, and in the third 2012 case the alleged infringer was pronounced not guilty.1163 No subscriber has yet been faced with the threat of having his Internet connection suspended for up to one year as prescribed by Article 335-7 CPI. It is rather likely that the public prosecutor will bring charges for gross negligence, i.e. failure to implement adequate security measures.

1159 Ibid. 1160 Ibid, p. 10. 1161 Sébastien Thévenet, Hadopi: Un Premier Internaute Condamné, Le Figaro (13.09.2012); AFP, Hadopi: Première Condamnation d'un Internaute, Libération (13.09.2012); Thomas Pany, Beginnt jetzt die Sanktionsphase von Hadopi?, heise.de blogs (05.07.2011); Henning Steier, Ersten Piraten Drohen Netzsperren, Neue Züricher Zeitung (07.10.2011); Valéry Marchive, Three years and millions of euros later, Hadopi has its first conviction. Now what?, ZDnet (30.10.2012); Kimber Streams, France's Controversial Hadopi Piracy Law Nets its First Conviction, a Man Who Says He Didn't Do It, The Verge (14.09.2012). 1162 Assemblée Nationale, Réponse à la Question écrite No. 3096, Journal Officiel de la Republique Francaise of 25.12.2012, 7918. 1163 Ibid.

315

Second Chapter: User-Targeted Responses

The reason for this is obvious: the evidence collected by HADOPI only suffices to prove that an infringement has been committed via a particular Internet access. The reason for this has been outlined in the introduction, namely, that with per-to-peer file-sharing, the identifiable is regularly only the IP address. As has been outlined in the first Chapter, an IP address does not provide evidence about the identity of the actual infringer. Although further investigations may be conducted as to the identity of an infringer, these do not necessarily provide further information, when for instance computers are shared within a household, or no device with the files in question can be obtained. The offence of gross negligent failure to implement security measures is far easier to be fullfilled. This legal concept, which has been introduced by the HADOPI laws, establishes liability irrespective of the identity of the actual copyright infringer. In any case will the subscriber at least have received a registered letter informing him about infringements taking place from his access; the offence is committed if nevertheless another infringement takes place in the consecutive year. In that context the failure to secure a connection does not only apply to technical measures but also the mere prevention of copyright infringement committed by third parties, which are authorised by the subscriber to use the connection. Whereas the HADOPI has sent more than two million messages to Internet users carrying out illegal downloading since October 2010, the sanction of Internet access suspension has only been applied once: on 3 June 2013, the magistrates court in Montreuil convicted a subscriber for failing to secure access to an on-line communication service without legitimate reason (covered and punished by Articles R. 335-5, L. 335-7-1(2), L. 331-25, and L. 335-7-1(1) and (3) of the CPI).1164 In absence, the subscriber was fined EUR 600 as the principal penalty, while his Internet access was suspended for 15 days as an additional penalty. With few convictions and few cases pending, one might assume that the French graduate response scheme is a success story. This assumption is supported by the director of HADOPI, who argues that the small number

1164 TP Montreuil, Decision of 03.06.2013, parquet no12053081381, accessible via http://www.alain-bensoussan.com/ hadopi-condamnation-pour-absence-securisation-acces/2013/06/26/.

316

B. National Enforcement Measures Against Users

of convictions proves the success of the scheme.1165 Figures presented by HADOPI in its first full report in 2012 suggest that illegal downloading is significantly on the decline in France.1166 The sources cited by HADOPI found a decline in audiences of websites offering links to peer-to-peer files and applications by 17%, as well as a 29% drop in audience to the ecosystems developed around certain peer-to-peer clients in 2011.1167 Furthermore, figures suggest an overall drop of at least 43% in illegal file-sharing via peer-to-peer technology in 2011.1168 A study cited by HADOPI reported a decrease of approximately 66% in the illegal sharing of films on peerto-peer networks.1169 In addition, HADOPI found that there was no evidence that users transferred to streaming and direct download services.1170 However, at the same time, sales figures in the music industry are still on decline. The first quarter results for 2013 by the Syndicat National de l’édition Phonographique (SNEP), an industry anti-piracy group, show no halt to the slide in music sales. In the first quarter of 2013, the wholesale market for recorded music in France was worth 107.9 million euros in France, down 6.7% on the same period last year. 1171 Overall in 2012, sales fell by 4.4%.1172 This trend has been continuing in 2013 with physical sales (CDs etc.) going down by 7.3% and for the first time also digital sales (iTunes etc.) were affected (-5.2%).1173

1165 Guénaël Pépin, La Hadopi défend le bilan de la réponse graduée, Le Monde (05.09.2012). 1166 HADOPI, HADOPI – 1 ½ year after the launch (March 2012), p.4. 1167 Ibid. 1168 Ibid, p. 5. 1169 Ibid, p. 6. 1170 Ibid, p. 7. 1171 Syndicat National de l’édition Phonographique (SNEP), Presentation des Resultats du 1er semestre 2013 (18.09.2013). 1172 Syndicat National de l'Edition Phonographique, Bilan Economique 2012 (2013), p. 2. 1173 Syndicat National de l’édition Phonographique (SNEP), Presentation des Resultats du 1er semestre 2013 (18.09.2013). Previously, an Event Study suggested that the HADOPI laws have positively influenced the sales figures of iTunes in France. See Brett Danaher/Michael D. Smith/Rahul Telang/Siwen Chen, The effect of graduated response anti-piracy laws on music sales: Evidence from an Event Study in France (2012).

317

Second Chapter: User-Targeted Responses

Considering that the annual costs for administering HADOPI are 12 million Euros,1174 the new French Minister of Culture and Communication, Aurélie Filippetti stated that “12 million Euros are too much for sending out 1 million emails”.1175 According to the newly elected French government, HADOPI has also failed its primary and key mission, namely the promotion of services that respect intellectual property rights as well as the responsible use of intellectual property. Hence, in August 2012, Fillippetti announced as a preliminary measure a budget cut for HADOPI.1176 Fillippetti also repeatedly declared that she does not support the graduated response scheme because she considers the sanction of Internet suspension to be disproportionate and a threat to the freedom of communication. Also based on her initiative, a review of the Loi HADOPI II was launched under the auspices of Pierre Lescure1177. The aim of this initiative has been obvious: an abolishment of HADOPI and potentially the abrogation of the graduated response scheme. An abrogation of the latter had already been promised by President François Hollande during his election campaign.1178 It came thus as no surprise when Hollande declared in July 2012, that the outcome of the consultation on the Loi HADOPI II should be a new legal framework in the first half of 2013.1179 In May 2013, the final report of the consultation, the so-called Lescure Rapport was published.1180 The report affirms previous expectations1181: HADOPI will be abolished. However, this does not imply the end of the graduated response scheme, only the end of the High Authority has been sealed.

1174 Lemonde.fr, Le budget de la Hadopi passe à 8 millions d'euros, Le Monde (03.10.2012). 1175 Boris Manenti, Aurélie Filippetti : « Je vais réduire les crédits de l'Hadopi », Le nouvel Observateur (01.08.2012). 1176 Ibid. 1177 Pierre Lescure is the former president of the French TV channel Canal+. 1178 Boris Manenti, L'abrogation de l'Hadopi est en marche, Le nouvel Observateur (03.07.2012). 1179 Ibid. 1180 Pierre Lescure, Culture-acte 2, Mission « Acte II de l’exception culturelle », Contribution aux politiques culturelles à l’ére numérique (May 2013). 1181 See for instance Leparisien.fr, Téléchargement illégal: Fleur Pellerin confirme qu’HADOPI va disparaître, Le Parisien (24.05.2013).

318

B. National Enforcement Measures Against Users

e) A Sustainable Model Regime? The Order of 8 July 2013 and the Lescure Rapport As mentioned above, the Lescure Rapport recommended the liquidation of HADOPI. The tasks of HADOPI will in the future be executed by the regulatory body for audiovisual services, the Conseil supérieur de l’audiovisuel (CSA).1182 As Lescure considers the deterrent and educational effect of the warning scheme as proven, he explicitly recommends the adherence of the graduated response scheme.1183 However, Lescure recommended several changes not only in the administration of the warning scheme but also the scheme as such. First of all, he demands the abolition of the Internet suspension sanction for the gross negligence offence. This means, that while the Internet suspension order of June 2013 imposed by the Montreuil court has been the first suspension order for the gross negligence offence, it has also been the last. Less than two months following the publication of the Lescure Rapport, a Decree implements Lescure’s recommendation: Article 2 of the Decree of 8 July 20131184 repeals the provision of the Code de la propriété intellectuelle that allows a court to temporary suspend a person’s Internet access for up to one month where such person had failed to secure his Internet access adequately. Accordingly, it is now only possible to issue a fine in the fifth category (EUR 1,500) in the event of an Internet user showing gross negligence by failing to secure his Internet access.1185 The Decree of 8 July 2013 does however not affect a court’s power to order an Internet suspension for up to one year as a complementary penalty for the actual infringer. Thus, the sanction remains available if a person is con-

1182 Pierre Lescure, Culture-acte 2, Mission « Acte II de l’exception culturelle », Contribution aux politiques culturelles à l’ére numérique (May 2013), p. 381. 1183 Ibid, pp. 32 et seq. and pp. 379 et seq. 1184 Décret no 2013-596 du 08.07.2013 supprimant la peine contraventionnelle complémentaire de suspension de l’accès à un service de communication au public en ligne et relatif aux modalités de transmission des informations prévue à l’article L. 331-21 du code de la propriété intellectuelle. 1185 A sanction of one year’s suspension may nevertheless still be imposed, as an additional penalty, on anyone prosecuted for infringing copyright, punishable by three years’ imprisonment and a fine of up to EUR 300,000 under Article L. 335-7 of the CPI. The continuing existence of the sanction will have practically no effect, as it is not forseeable that courts will – due to lacking evidence – convict subscribers for having committed the copyright infringement themselves.

319

Second Chapter: User-Targeted Responses

victed under the traditional copyright infringement provision (Article L 335-7 CPI). The Decree of 9 July 2013 as such is already part of much wider reforms that may possibly include a future incorporation of HADOPI into the CSA.1186 The CSA then may also be assigned further tasks such as combatting “commercial sites carrying out illegal downloading and providing the public with access to files which may or may not be protected by copyright”.1187 The first legislative measure taken in relation to the graduated response scheme as such, does not go as far as requested by Lescure. Lescure does not only recommend the abrogation of the sanction of Internet suspension but also demands a decriminalisation of the gross negligence offence. Instead of criminally sanctioning the failure to secure an Internet connection, and the lack of diligence in installing a security mechanism, the repeated use of a certain Internet access for copyright infringements shall constitute an administrative offence.1188 Accordingly, a third warning shall not result in charges being brought against the offender, but allow the imposition of an administrative fine of EUR 60.1189 The amount of EUR 60 was assumed to correspond to an annual subscription fee for an online music streaming service or 12 movies on a video-on-demand service.1190 It remains to be seen whether a fine of EUR 60 will have a dissuasive effect at all. One may argue that potential file-shares may be tempted to do a simple cost-benefit calculation in ignorance that a conviction for copyright infringement still carries higher sanctions and a possible Internet suspension. Lescure obviously departs from penalising subscriber

1186 Cf. Amélie Blocman, Illegal Downloading: Penalty of Refusing Internet Access Abolished, IRIS 2013-8:1/16. However, in February 2015 the French culture minister announced that an incorporation of HADOPI into the CSA has no priority in French anti-piracy politics, see Guillaume Champeau, Le transfert HADOPI > CSA n’est “plus l’axe prioritaire”, Numerama.com (19.02.2015). 1187 Amélie Blocman, Illegal Downloading: Penalty of Refusing Internet Access Abolished, IRIS 2013-8:1/16 quoting Aurélie Filippetti. 1188 Pierre Lescure, Culture-acte 2, Mission « Acte II de l’exception culturelle », Contribution aux politiques culturelles à l’ére numérique (May 2013), pp. 380 et seq. The report emphasises that under the condition that the behaviour only constitutes an administrative offence, the subscriber will not face being entered into criminal records. 1189 Ibid, p. 381. 1190 Ibid.

320

B. National Enforcement Measures Against Users

that cannot be convicted for copyright infringements and relies on the persuasive effect of warnings. Only in case of repeat infringements following the third warning, the fine of EUR 60 may be increased.1191 This also constitutes a fundamental change in comparison to the existing system: under the latter, the warning mechanisms would start from a new following a conviction. Further the CSA shall be competent to adapt the number of warnings to the number of downloads and the good faith (”bonne foi”) of the subscriber, meaning that a third warning will not necessarily imply a sanction.1192 During the administrative-fine proceedings the subscriber shall be heard and he will be able to recourse to the administrative courts.1193 Within the CSA there shall be a strict segregation between the department in charge of the warnings and the department in charge of the fines. For transparency reasons all imposed sanction will be published in an anonymised manner.1194 A press release by the French Ministry of Culture and Communication complementing the Decree of 8 July 2013 confirms, that the future fight against online copyright infringement will focus on the fight against commercial online piracy.1195 This will also encompass further measures educating the public and enhancing people’s awareness towards copyright law and the consequences of infringements as foreseen in the Lescure Rapport. In the light of research conducted by or on behalf of HADOPI, Lescure concluded that still a large number of Internet users is not able to determine whether an online content is legal or illegal.1196 For instance, in a HADOPI study, 52% of Internet users stated that they assume, that creative content for which they need to pay is in any case legal.1197 Ignorance of the existence and scope of intellectual property rights still is a

1191 1192 1193 1194 1195

Ibid. Ibid. Ibid. Ibid. Ministère de la Culture et de la Communication, Publication du décret supprimant la peine complémentaire de la suspension d’accès á Internet, Press release (09.07.2013). 1196 Pierre Lescure, Culture-acte 2, Mission « Acte II de l’exception culturelle », Contribution aux politiques culturelles à l’ére numérique (May 2013), p. 383. 1197 HADOPI, Biens culturels et usages d’Internet : pratiques et perceptions des internautes français (January 2013), p. 17.

321

Second Chapter: User-Targeted Responses

widespread phenomenon, and requires equally widespread educational measures.1198 In order to curtail commercial online piracy, the Lescure Rapport asks for cooperation by the intermediaries. As a first step, providers of search engines and social networks shall adapt code of conducts, and obligate themselves therein to delist copyright infringing content from their search results.1199 Furthermore, payment service providers shall adapt a code of conduct, by which they obligate themselves to include the fight against intellectual property rights infringements into their terms and conditions, and implement measures that are suitable to take action against violations of their terms and conditions.1200 Although the adaption of these codes of conducts shall be entirely voluntarily, the suggestion of these shows a change in attitude from sanctioning consumers to seeking cooperation of intermediaries to fight those benefiting financially from copyright infringements. However, the Lescure’s suggestions do not stop here. Lescure clearly states in his report that he also considers the blocking of content as an effective remedy to put an end to copyright infringements.1201 In how far such blocking requires law reforms and how much it already takes place in France will be dealt with in the third Chapter. Following the Lescure Rapport it seemed that the days of the previously outlined graduated response scheme are numbered. However, latest statistics of June 2015 show that there has even been an increase in warning letters being sent out, with a record breaking number of first warnings in June 2015 (i.e. 231,000 first warnings per June).1202 In the same month, 21,400 second warnings and 104 delibérations were issued.1203 Surprisingly, the number of court cases remains low, only sporadically cases become public. It seems that recently right-holders are making increased use of HADOPI and the graduated response system to strengthen their position as to the necessity of a strong enforcement tool in view of upcom-

1198 1199 1200 1201

Ibid, p. 383. Ibid, p. 411. Ibid, p. 417. Ibid, pp. 419 et seq. He also suggests a tax on smartphones, tablets and other Internet-linked devices to help fund the production of French art, films and music. 1202 HADOPI, Réponse graduée – Les chiffres clés (30.05.2015). Monthly updated statistics are available at http://www.hadopi.fr/actualites/reponse-graduee/chiffr es-cles. 1203 Ibid.

322

B. National Enforcement Measures Against Users

ing law reforms in summer 2015. In the light of the number of warnings and their limited impact on file-sharing activities of the public, action in terms of legislative reforms are certain while the future of the graduate response system is questionable. 2. UK: The Graduated Response Scheme of the DEA 2010 The Digital Economy Act 2010 imposes new obligations on Internet service providers to cooperate in an attempt to reduce copyright infringements and send out notifications to their subscribers following receipt of reports of copyright infringements from copyright holders. They must also record the number of reports made against their subscribers and provide copyright holders on request with an anonymised list which enables the rights-holders to see which of the reports it has made are linked to the same subscriber. The DEA 2010 is the result of the Digital Britain report of 20091204 and entered into force in June 2010. However, disputes regarding the implementation of the obligations under the Act mean that the actual employment of the warning procedure has not taken place yet. Already during the legislative proceedings, the Act was highly disputed.1205 Although, practically, the warning scheme of the DEA 2010 is not being employed yet, it is of particular interest to see how one could administer a warning scheme without relying on a central authority like in France. Hence, the following will go into detail where the schemes depart from each other and only briefly address common features.

1204 Department for Culture, Media and Sport and Department for Business, Innovation and Skills, Digital Britain Report (2009), p. 111. 1205 Siehe Dinusha Mendis, Digital Economy Act 2010: fighting a losing battle? Why the ‘three strikes’ law is not the answer to copyright law’s latest challenge, International Review of Law, Computers & Technology 2013, 60 with further references; Struan Robertson, The Legislative Farce of the Digital Economy Bill, out-law.com (07.04.2010).

323

Second Chapter: User-Targeted Responses

a) Copyright Enforcement in the UK in General aa) The Origins of Copyright in the UK Copyright is primarily a statutory right, there is no copyright at common law in published works.1206 The first formal legal recognition of copyright of authors can be found in the Copyright Act of 1709, also referred to as Statute or Act of Anne.1207 The Act created a single regime for application in both Scotland and England and gave the “sole right and liberty of printing books” to the authors of the books and not the printers. The Act also enabled authors to transfer his rights to third parties (“assigns”), typically printers. Since the 18th century, copyright primarily developed by statute with further acts being passed that extended protection in terms of inter alia time and scope of artistic works. The UK implemented the Berne Convention in the Copyright Act 1911 which also replaced previous copyright statutes as well as the common law copyright in unpublished works. Following the Copyright Act 1956, intellectual property is now protected by the Copyright, Designs and Patents Act 1988 (CDPA 1988). The CDPA 1988 removed the previous distinction between “works” (literary, dramatic, musical or artistic works) and “subject matter” (sound recordings films, broadcasts, cable programmes and typographical arrangements). It now forms the basis of contemporary copyright law and has been amended several times, mostly by European Directives. The Directives were generally implemented by way of regulations.

1206 The court of Session (Hinton v Donaldson, 1772 Mor 8307) and the House of Lords (Donaldson v Beckett [1774] 2 Bro PC 129) held that no copyright exists under common law in works which had been published and enjoyed copyright under the Copyright Act of 1709. Copyright at common law however existed with regard to unpublished works and remained significant until the beginning of the 20th century. 1207 After Queen Anne, who reigned from 1702 to 1714, the Act entered into force in 1710.

324

B. National Enforcement Measures Against Users

bb) The Fair Dealing Exception Chapter III of the CDPA 1988 detail several exceptions to copyright infringement.1208 These exceptions are typically non-commercial and notfor-profit in nature, although they are possibly carried out by commercial entities. 1209 There is no private copying exemption as foreseen in the French Code de la propriété intellectuelle.1210 Of the various permitted acts of Chapter III of the CDPA 1988, the most well-known is the fair dealing defence.1211 In that respect, the fair dealing defence most likely to be invoked by users, is the copying for the purposes of research or private study of section 29(1). Private research or study does not require an academic context.1212 However, the defence applies only where the dealing takes place with literary, dramatic, musical, and artistic works, as well as to the typographical formats of published works.1213 It does not apply to broadcasts, cable programme, sound recordings, or film.1214 Hence, even for private research or study the reproduction of films or sound recordings would not be permissible. cc) Enforcement of IP Rights upon Initiative of the Rights-Holder The legislative regime that existed prior to the DEA 2010 provided (and still provides) civil and criminal penalties for copyright infringements.

1208 These exceptions have recently been described as striking a balance between the rights of copyright owners and the benefits of wider use of intellectual property. See Proudman J in High Court, Newspaper Licensing Agency and Others v Meltwater BV and Others (2010) EWHC 3099 (Ch), para. 115. 1209 Cf. Antony W. Dnes, Should the UK Move to a Fair-Use Copyright Exception, International Review of Intellectual Property and Competition Law 2013, 418, 424. 1210 As regards the controversy on private copying in the UK, see Ian J. Lloyd, Information Technology Law (6th ed. 2011), pp. 380 et seq. 1211 The fair dealing defences can be found in sections 29 and 30 of the CDPA: research and private study excluding broadcasts and sound recordings (Section 29(1)), criticism and review and news reporting (Section 30(1)) and news reporting of current affairs (Section 30(2)). 1212 Lionel Bentley/Brad Sherman, Intellectual Property Law (2001), p. 199. 1213 See ibid. As regards the requirement that the dealing must be fair, see pp. 195 and 200. 1214 See High Court, Pro Sieben Media v Carlton UK Television [1997] EMLR 509.

325

Second Chapter: User-Targeted Responses

However, there were no particular provisions targeting file-sharing as such, or addressing the prevention of copyright infringements on the Internet. Under existing law, a user who downloads a file from a peer-to-peer platform performs the infringing act of copying by electronic means under section 16(1)(a) of the CDPA 1988.1215 A user who uploads a file performs the restricting act of “communicating the work to the public” under section 16(1)(d) CDPA 1988, because communication to the public includes making the work available by electronic transmission under section 20(2) (b) of the Act. In that respect, Collins J held in Polydor v Brown that “connecting a computer to the Internet, where the computer is running P2P software, and in which music files containing copies of the claimant's copyright works are placed in a shared directory falls within the infringing act [under s.16(1)(d)]”.1216 If rights-holders want to pursue civil claims, they can either press criminal charges1217 in order to obtain information about the identity of the subscriber of an Internet access that could be connected to copyright infringements, or they can seek information as to the identity of an alleged infringer by way of a Norwich Pharmacal Order.1218 Identification of an alleged infringer is necessary prior to civil proceedings because UK common law requires there to be an identifiable defendant to a claim. Under UK common law, possessors of information are under a duty to assist a wronged party by disclosing the identity of anonymous actors in certain circumstances.1219 In relation to costs, the court will usually order the

1215 Section 17(2) of the CDPA states that copying includes storing the work in any medium and that includes by “electronic means”. 1216 High Court, Polydor Ltd v Brown, [2005] EWHC 3191 (Ch), (2006) 29(3) IPD 29021, para. 7. 1217 As regards the criminal liability for copyright infringements, see Hector MacQueen/Charlotte Waelde/Graeme Laurie/Abbe Brown, Contemporary intellectual property, Law and policy (2nd ed. 2011), p. 253. 1218 The power to make a Norwich Pharmacal order is preserved by Civil Procedures Rules 31.18. This instrument will be discussed in detail below within the analysis of enforcement through private litigation. 1219 Website operators and Internet service providers do not usually voluntarily disclose user details due to contractual confidentiality obligations or due to the fact that such disclosure may be in breach of statutory obligations under UK data protection legislation not to disclose personal data without the consent of the data subject or an order of the court. In Norwich Pharmacal v Excise Commissioners (House of Lords, [1974] AC 133, at 175), it was held that even where an

326

B. National Enforcement Measures Against Users

applicant to pay the costs of the party making the disclosure- including the costs of complying with the order, where the respondent was not involved in the unlawful act. The applicant then has to recover those costs in the main proceedings against the wrong-doer.1220 Hence, even prior legislative action to strengthen copyright enforcement on the Internet, the law provided mechanisms for rights-holders to seek redress even if they had no more information than the data logged in connection with an infringement. However, these tools, in particular the Norwich Pharmacal Order to obtain data, was apparently considered as not efficient enough, so that further enforcement mechanisms were sought after. The Secretary of State for Business, Innovation and Skills stated in that regard, that the fact that rights-holders have to rely on obtaining a Norwich Pharmacal order will require an Internet service provider to reveal the physical address behind an IP address, provided them with no means of identifying the most serious and persistent infringers.1221 As it cannot be ignored that online copyright infringements are a mass phenomenon, the basic idea of Digital Economy Act becomes obvious: sanctioning notorious and mass infringers instead of spending time and money obtaining orders to identify the subscriber of each and every IP address logged in connection with an infringement. b) Paving the Way for a Future Graduated Response Scheme UK copyright law has lately seen a number of updates specifically in relation to the digitalisation of copyright materials. Key to the law reforms is obviously the DEA 2010, and in specific the graduated response scheme that is still awaiting application and which will be outlined in the follow-

“involved” third party incurred no personal liability for the tortious acts of others, it nonetheless had a duty to assist a wronged party by disclosing information that it possesses in order to enable the claimant to identify a wrongdoer, where otherwise he would not have been able to do so. 1220 See Patents Court, Smith Kline and French Laboratories Ltd v R.D. Harbottle (Mercantile) Ltd [1980] RPC 363. 1221 See House of Lords and House of Commons, Joint Committee on Human Rights, Legislative Scrutiny: Digital Economy Bill, 5th Report of session 2009-10, HL Paper 44 = HC 327, p. 32.

327

Second Chapter: User-Targeted Responses

ing. In contrast to France, the foreseen UK graduated response scheme does not require a change in copyright law as such.1222 aa) Digital Britain Report In June 2009, the Government published the Digital Britain Report on the future of the digital and communications industries.1223 The Report followed a number of policy developments related to online copyright enforcement including the Gowers Review of the UK Intellectual Property Framework of 20061224 and the industry-led Memorandum of Understanding process to trial subscriber notifications of 20081225. The Digital Britain Report recommended several reforms relating to copyright, such as for example licensing the use of orphan works or extending public lending rights to non-traditional book formats, such as ebooks. The Report also addressed the issue of online copyright infringements and made proposals for reducing these.1226 It estimated that an Act 1222 In France, the graduated response scheme required that the non- or not sufficient securisation of an Internet access is punishable in order to establish responsibility of the subscriber. 1223 Department for Culture, Media and Sport and Department of Business, Innovation and Skills, Digital Britain, Final Report (June 2009). 1224 In 2006, the current state of intellectual property law framework was reviewed. In commissioning the Review in 2005, the government wanted to know whether the current system was fit for purpose in an era of globalisation, digitisation and increasing economic specialisation. Against the background of growing importance of IP and of the challenges brought by the changing economic environment, the Gowers Review supported the development of a Best Common Practice document that encouraged cooperation between Internet service providers and rights-holders to change public attitudes and behaviours. However, the Review also noted that if this approach had not proved successful by the end of 2007, the government should consider whether to pass new legislation that provides for an effective and dissuasive system of damages for civil IP cases. Such an effective and dissuasive system would for instance require the matching of penalties in the physical and digital world for IP infringement, which was – as of then – not the case. See Andrew Gowers, Gowers Review of Intellectual Property (December 2006), in particular pp. 102 et seq. 1225 Cf. Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012). 1226 Department for Culture, Media and Sport and Department of Business, Innovation and Skills, Digital Britain, Final Report (June 2009), pp. 111 et seq.

328

B. National Enforcement Measures Against Users

implementing the proposals might lead to a reduction of unlawful filesharing in the UK by 70 to 80%.1227 One of the proposals was the passing of legislation to reduce online piracy. The Government was thus consulting on a proposal to legislate to give Ofcom a duty to take steps aimed at reducing copyright infringement. In order to fulfil that duty, it suggests that Ofcom places obligations on Internet service providers to require them to notify alleged infringers of copyright (subject to reasonable levels of proof from rights-holders) that their conduct is unlawful. In addition, Internet service providers shall be obliged to collect anonymised information on serious repeat infringers (derived from their notification activities), to be made available to rights-holders together with personal details on receipt of a court order.1228 This shall then allow the identification of the minority of serious repeat infringers to allow targeted court action against those responsible for the most damaging breaches of copyright.1229 The Report called upon rights-holders and Internet service providers in particular to provide input to a code of practice that would underpin these obligations. The Government held the view that such a notification procedure should significantly reduce file-sharing. However, it also recognises, that if the notification procedure proves to go not far enough, then further action will need to be taken. In that respect, the Report suggests to give Ofcom “the power to specify, by Statutory Instrument, other conditions to be imposed on Internet service providers aimed at preventing, deterring or reducing online copyright infringement, such as ... port blocking, bandwidth capping (capping the speed of a subscriber's Internet connection and/or capping the volume of data traffic which a subscriber can access); bandwidth shaping (limiting the speed of a subscriber's access to selected protocols/services and/or capping the volume of data to selected protocols/ services)”.1230 bb) Digital Economy Act The government’s answer to the Digital Britain Report was the controversial Digital Economy Bill, which sought to implement many aspects of the

1227 1228 1229 1230

Ibid, p.110. Ibid, pp. 111 et seq. Ibid, p. 111. Ibid, p. 113.

329

Second Chapter: User-Targeted Responses

Digital Britain Report.1231 The subsequent Digital Economy Act was passed by the House of Commons on 7 April 2010 as part of the parliamentary “wash-up” procedure with only 6% of MPs attending the debate that let to its passing. 1232 It then received Royal Assent on the following day. The provisions of the DEA 2010 cover a wide range of areas including public service broadcasting, network infrastructure and digital safety. The DEA 2010 in particular inserts amendments to the Communications Act 2003 (CA 2003). Controversial were primarily the provisions relating to online copyright infringement and more specifically measures targeting illegal peer-to-peer file-sharing. These measures form part of a multi-pronged approach by the Government aimed at reducing online copyright infringement through a complementary mix of enforcement, consumer education and encouragement to industry, to develop and promote online services offering lawful access to copyright works.1233 Key to the DEA 2010 in the context of responses to online copyright infringements are sections 3 to 18 relating to the “online infringement of copyright” and in particular the mass notification system of sections 3 to 81234. Unauthorised file-sharing will be dealt with in a two-stage process:

1231 On the controversy surrounding the Digital Economy Act see the Memorandums submitted to the Joint Committee on Human Rights in House of Lords, House of Commons, Joint Committee on Human Rights, Legislative Scrutiny: Digital Economy Bill, Fifth Report of Session 2009-10, HL Paper 44 = HC 327 (05.02.2010), pp. 30 et seq. 1232 The wash-up period refers to the last few days while a Parliament continues to sit after the Prime Minister has announced the date when Parliament will be dissolved so a general election can be held but before Parliament has been formally adjourned, prorogued or dissolved. During this period, the Government attempts to pass unfinished business. Traditionally, Parliamentary bills cannot be carried forward from one session of Parliament to another after a general election. Hence, if a Bill does not receive Royal Assent before Parliament rises, it will be lost, although a new Bill could be reintroduced after the general election. Out of 643 MPs only 40 MPs were present during the Second Reading of the DEA Bill. When the Bill was passed 227 MPs were present, of which 189 voted in favour of the Bill. See Parliament, Hansard (House of Commons), Column 1142 (07.04.2010). 1233 See Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012). 1234 Sections 3 to 8 DEA 2010 insert ss. 124A to 124F into the CA 2003.

330

B. National Enforcement Measures Against Users

first, access providers will issue notifications to their customers which are suspected to have infringed copyrights; and second, copyright holders will be able to obtain lists of users that have been issued several notifications against whom they can then pursue ordinary civil proceedings. Section 9 DEA 2010 also foresees that in the future technical sanctions may be imposed on repeat infringers. Unlike the French HADOPI laws, the DEA 2010 only provides a framework for the copyright infringement provisions, while the operational details are subject to and specified by a series of regulatory codes produced or to be produced by Ofcom. This means in practice, that while the majority of the DEA 2010 is in force, the copyright enforcement provisions will not have any impact until the regulatory codes are finalised. Section 3 of the DEA 2010 (new section 124A CA 2003) for example provides that a copyright owner “may make a copyright infringement report to the Internet service provider who provided the Internet access service if a code in force under section 124C or 124D (an “initial obligations code”) allows the owner to do so”. Equally, the number of reports that a subscriber will have to have reached until he will face any consequences, is left to the Code. Crucial for the start of sending out notifications are the Initial Obligations Code and the Sharing of Costs Order, whereas the Technical Obligations Code does not have a direct effect on the applicability of the copyright enforcement provisions at this stage. One of the main reasons for the delay in passing the codes is that access providers have fought vigorously against the new enforcement system. The Internet service providers BT and Talk Talk instigated a judicial review of the Act relating to the compatibility of the online copyright infringement provisions of the DEA 2010 and the draft Copyright (Initial Obligations) (Sharing of Costs) Order with EU law.1235 The applicants argued that the DEA 2010 infringes users’

1235 The service providers inter alia asked the Court whether the contested provisions were incompatible with the eCommerce Directive 2000/31, the Data Protection Directive 95/46, the E-Privacy Directive 2002/58 and/or the Authorisation Directive 2002/20. See High Court, R. (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, 2011] EWHC 1021 (Admin), [2011] 3 C.M.L.R. 5, and the appeal Court of Appeal, R. (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, [2012] EWCA Civ 232. For an analysis of the High Court decision see also Monica Horten, The Digital Economy Act in the Dock: A Proportionate Ruling? Journal of Intellectual Property, Infor-

331

Second Chapter: User-Targeted Responses

rights and freedoms and that the statute was rushed through parliament without sufficient scrutiny.1236 The challenged parts of the Act inserted new sections into the Communications Act 2003 that imposed “initial obligations” on Internet service providers based on the premise that an “initial obligations code” was in force. These “initial obligations” encompass the obligation of Internet service providers to notify their subscribers of copyright infringement reports received from copyright owners and to provide anonymous records of copyright infringement to copyright owners. Rights-holders, upon obtaining a court order, would then be able to sue those subscribers for copyright infringements. The contested parts of the Act made provision for the approval or making of an initial obligations code and as to the content of such a code, and empowered the secretary of state to specify provisions that had to be included in the code about the costs incurred. The notification procedure survived the challenge of judicial review with Mr. Justice Kenneth Parker holding that “from the point of view of both copyright owner and subscriber, the DEA represents a more efficient,

mation Technology and Electronic Commerce Law 2012, 81–87; Julia Hörnle, Premature or Stillborn? – The Recent Challenge to the Digital Economy Act, Computer Law & Security Review 2012, Vol. 28, 83 – 89; Robin Mansell/W. Edward Steinmueller, Copyright Infringement Online: The Case of the Digital Economy Act Judicial Review in the United Kingdom, New Media & Society 2013, Vol. 15, 1312 – 1328. 1236 Specifically, the challenged the Act on five grounds: (1) that the provisions of the DEA 2010 constituted a technical regulation, which according to the Technical Standards Directive 98/34/EC, as amended by Directive 98/48/EC should have been notified to the European Commission and were therefore unenforceable; (2) that the DEA 2010 was infringing Articles 3 (country-of-origin principle), 12 (liability exemption for mere conduits) and 15 (no general obligation to monitor) of the E-Commerce Directive; (3) that the processing of personal data under the DEA 2010 was in breach of the Data Protection Directive and that the processing did not comply with Articles 6 and 15 of the E-Privacy Directive; (4) that the provisions of the DEA 2010 were contrary to the Authorisations Directive 2009/140 and in particular Article 12 thereof (which relates to administrative costs); and (5) that the DEA 2010 infringes free movement of services under Articles 56, 61 and 52 TEU, freedom of expression (in particular the right to receive and impart information) and the right to privacy under Articles 7 and 8 CFR and Articles 8 and 10 ECHR.

332

B. National Enforcement Measures Against Users

focused and fair system than the current arrangements”.1237 The applicants however appealed the decision on the basis that the DEA 2010 was not consistent with the Technical Standards Directive1238, the Authorisations Directive1239, the E-Commerce Directive and the E-Privacy Directive. They dropped the challenge on proportionality of the graduated response scheme, as the High Court held that the DEA 2010 could not be considered a disproportionate response to file-sharing prior to the publication of Ofcom’s code of practice. The Court of Appeal finally confirmed in March 2012 that the contested provisions were compatible with European law; only the provisions of the Draft Costs Order were held to breach Article 12 of the Authorisations Directive in respect of “qualifying costs”, namely the costs incurred by Ofcom or the appeals body in carrying out assigned tasks under the copyright infringement provisions. These costs could not be imposed on Internet service providers, as they were administrative charges. That being clarified, the legislator could finalise amended drafts for the regulatory codes. cc) The Regulatory Codes that Accompany the Digital Economy Act The Digital Economy Act only provides a general framework and depends on more detailed regulatory codes, which have not been passed yet. (1) Online Infringement of Copyright Initial Obligations Code The DEA 2010 inserted amendments to the Communications Act to create two new obligations for Internet service providers, which are referred to as the “initial obligations” and must be set out in a regulatory code. These initial obligations include the notification of subscribers whose IP address has been reported by copyright-holders as being used to infringe copy-

1237 High Court, R. (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, [2011] EWHC 1021 (Admin), [2011] 3 C.M.L.R. 5, para. 228. 1238 Technical Standards Directive 98/34/EC as amended by Directive 98/48/EC, OJ 1998 L204 and OJ 1998 L217. 1239 Authorisations Directive 2002/20/EC as amended by Directive 2009/140, OJ 2002 L108 and OJ 2009 L337.

333

Second Chapter: User-Targeted Responses

right, and the obligation to keep track of the number of reports about each subscriber, by compiling a list of those subscribers who have been reported on above a threshold to be set out in the Initial Obligations Code. The Online Infringement of Copyright Initial Obligations Code (Initial Obligations Code) thus plays a vital role for enforcing the provisions of the DEA. The Explanatory Notes to the DEA 2010 explain that the Initial Obligations Code will either be an industry code or will be made by Ofcom. In the absence of an approved code set up and agreed by industry, it fell to Ofcom to draw up a code in accordance with the requirements of the DEA 2010 provisions.1240 While the DEA 2010 is very precise on how Ofcom should implement many elements of the measures, there is also discretion left in some parts. In order to pay utmost respect to the interests of citizens and consumers, Ofcom opened up a consultation on a first draft published in May 2010.1241 The draft Code has been subject to extensive criticism.1242 The publication of a statement summarising the results of the consultation and a slightly revised draft code has subsequently been delayed due to a number of factors, including the judicial review of the DEA, and the revision by the Government of secondary legislation in relation to the cost sharing arrangements as a result of the judicial review. Finally, the new draft Initial Obligations Code has been published on 26 June 2012.1243 The key proposals of the original draft remain unchanged. However, the changes that have been made reflect stakeholder responses to the 2010 consultation and instructions given by Government in accordance with the approvals process set out in the DEA.1244

1240 Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 2. 1241 Ofcom Consultation Report, Online Infringement of Copyright and the Digital Economy Act 2010: Draft Initial Obligations Code (28.05.2010). 1242 See Sam de Silva/Faye Weedon, The Digital Economy Act 2010: Past, present and a future “in limbo”, Computer and Telecommuncations Law Review 2011, 17(3), 55, 57. 1243 Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), Annex 3. 1244 Ibid, p. 3.

334

B. National Enforcement Measures Against Users

The draft Code now sets forth that mass notification obligations only apply to fixed-line Internet service providers with over 400,000 broadband-enabled lines.1245 Internet access providers, who do not meet this criterion, for example mobile network operators and providers of Wi-Fi services, are outside the scope of the Code.1246 Accordingly, only the seven largest Internet service providers (BT, Orange, O2, the Post Office, Sky, Talk Talk and Virgin Media) would be concerned. Internet service providers cannot avoid being considered a qualifying Internet service provider by making changes to their corporate structure; groups of Internet service providers as defined in section 1261 of the Companies Act 2006 that provide Internet access services to more than 400,000 subscribers will each be a qualifying Internet service provider.1247 The sole reason for excluding smaller Internet service providers is ”that costs of participation would be disproportionately high compared to the expected low reduction in overall levels of online copyright infringement that participation would bring”.1248 If an Internet service provider falls below the qualification threshold, it will remain subject to the initial obligations for the duration of the notification period1249 to ensure that copyright holders, who have invested in copyright infringement reports can benefit from their investment.1250 Further details of the draft Initial Obligations Code will be referred to when appropriate in the following.1251 The subsequent outset of the func-

1245 The 400,000+ line threshold covers 93.5% of the retail broadband market and covers every Internet service provider with significant scale. See ibid, p. 36. 1246 Ibid, p. 3. 1247 See section 2(1)(b) Initial Obligations Code (June 2012). 1248 Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 3. 1249 See section 2(6) Initial Obligations Code (June 2012). 1250 Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 4. 1251 The Draft Code sets forth the precise circumstances when and how a notification must be issued and the information which it may contain. In addition, it also outlines the appeal procedures.

335

Second Chapter: User-Targeted Responses

tioning of the graduated response scheme under the DEA 2010 relies on the Initial Obligations Code as published on 26 June 2012.1252 (2) Online Infringement of Copyright (Initial Obligations) (Sharing of Costs) Order The Online Infringement of Copyright (Initial Obligations) (Sharing of Costs) Order 2011 has been published in February 2011 and was subject to the legal review. In order to come into force, the draft order needs approval by resolution of each House of Parliament, and must be notified to the European Commission. The Sharing of Costs Order specifies provisions that must be included in the Initial Obligations Code about payment by copyright owners and Internet service providers of contributions towards costs incurred under the copyright infringement provisions that will be inserted into the CA 2003 by the DEA 2010. The latest development with regard to secondary legislation to the DEA 2010 has been the withdrawal of the Sharing of Costs Order in February 2013, by the Government, in response to the need to make “technical changes”.1253 Since then, no new draft code has been published, leading to a further delay in implementing the graduated response scheme. (3) Technical Obligations Code If the Initial Obligations are not as effective as expected, the next stage foreseen in section 10 DEA 2010 allows the Secretary of State, to impose technical obligations on Internet service providers, by order, to take certain actions against subscribers who have received a prescribed number of notifications. Technical obligations have the purpose of preventing or reducing online copyright infringements. The measures to be taken are enlisted in section 9 DEA 2010 and encompass the limitation of speed or other capacity of the service provided, the prevention, or limitation of use,

1252 See Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), Annex 3. 1253 See BBC News, UK Piracy Warning Letters Delayed until 2015, BBC News (06.06.2013).

336

B. National Enforcement Measures Against Users

of the service to gain access to particular material such as for instance particular sites, the suspension of Internet service, or other limitations on the service provided.1254 They will be introduced, when regulators and Parliament feel that the notification system does not have the desired impact. No Technical Obligations Code can be made until the Initial Obligations Code has been in force for at least 12 months. Hence, as of now, it is too early to predict how exactly a future Technical Obligations Code will implement these obligations. dd) Summary While the DEA 2010 has been passed in 2010, the actual application of the graduated response scheme is still in the waiting. The first delay was due to the fierce resistance by Internet access providers who feared that a disproportionate burden was placed upon them. Their challenge of the Act has however only been the starting point for further delays. With none of the accompanying codes yet in force, the future of the DEA 2010 at this stage is more than vague. c) Outline and Functioning of the Graduated Response Scheme Similar to the French model, the DEA 2010 foresees a sanction against a subscriber whose Internet access was used three times to commit copyright infringements. Though the basic idea is the same, the two models work fundamentally different. In contrast to the French scheme, there is no central authority administering the notifications of infringements and issues warnings to the users. Instead the Internet access providers play an important role. Consequently, sensitive data, i.e. data in relation to infringements committed by their customers, is stored and processed by private entities. As this will be in the focus on the subsequent legal analysis, the description of the functioning of the UK scheme will only go into detail where the scheme departs from the French scheme.

1254 See Section 9 DEA 2010, that inserts section 124G into the CA 2003.

337

Second Chapter: User-Targeted Responses

aa) The Role of the Ofcom Although new responsibilities have been imposed upon the Office of Communications (Ofcom) by the DEA 2010, Ofcom does not play a central role in the execution and administration of the warning scheme.1255 Ofcom’s role is primarily of a supervisory character and also involves the approving and adopting of codes of practice for the procedure and enforcement of new Internet service provider obligations. In that regard, Ofcom is for instance responsible for passing of an Initial Obligations Code that details the graduated response scheme. Ofcom also may take steps to prepare a proposed Technical Obligations Code.1256 Under the DEA 2010 Ofcom is further tasked with reporting on various communications matters;1257 for instance new section 124F CA 20031258 imposes a duty on Ofcom to prepare reports on the extent of infringement of copyright by Internet users. bb) How the Graduated Response Scheme (should) Work The DEA 2010 requires Internet Service Providers to notify subscribers of their alleged illegal file-sharing based on evidence collected by investigatory agents’ monitoring software, and to retain Copyright Infringement Lists (CIL) of alleged repeat infringers. While copyright owners can already seek court orders against online infringers, the DEA2010 is designed to enable them to target legal action against the most persistent alleged infringers. As no Initial Obligations Code has entered into force yet, reference will be made to the draft Initial Obligations Code of June 2012.

1255 Although Ofcom’s role has been described as key (see for instance Rachel Burnett, The Role of Ofcom, ITNOW 2010, Vol. 52 Issue 6, 24), this view is slightly exagerated if one compares the role to that of HADOPI. 1256 See section 9 DEA 2010. 1257 Sections 1 and 2 DEA 2010. 1258 As inserted by section 8 DEA 2010.

338

B. National Enforcement Measures Against Users

(1) Gathering of Information of Infringements Copyright holders gather data relating to IP addresses that they believe have infringed their rights by connecting to peer-to-peer file-sharing networks and downloading their work. Copyright holders are required to submit their evidence gathering procedures for approval to Ofcom before they can send any reports of apparent copyright infringements to Internet service providers.1259 Ofcom expects that copyright-holders will be well placed to secure approval from Ofcom if they adopt evidence-gathering procedures that comply with a publicly available specification, which Ofcom is prepared to sponsor.1260 Provided that the rights-holder wants to pursue the matter, he will have to provide the relevant access provider with a so called copyright infringement report (CIR) within a month of becoming aware of the alleged infringement.1261 The draft Initial Obligations Code clarifies the standard for obtaining evidence of copyright infringements: a copyright-holder may only file a CIR to an access provider if he has gathered evidence in accordance with his approved evidence-gathering procedures “which gives reasonable grounds to believe that (a) a subscriber to an Internet access service has infringed the owner’s copyright by means of the service; or (b) has allowed another person to use that service and that person has infringed the owner’s copyright by means of that service”.1262 As regards the latter, it has been speculated that this section could apply, for example, to businesses that provide Wi-Fi as a service, as well as to domestic unsecured Wi-Fi networks, and organisations such as for instance universities, hotels or pubs, that provide access to the Internet to their customers.1263 The CIR must contain evidence about the infringement that has occurred, and must state the name and address of the copyright owner (or

1259 Section 6 Initial Obligations Code (June 2012). 1260 Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 4. 1261 Section 3(1)(a)-(b) DEA 2010 and section 4(4)(a)-(b) Initial Obligations Code. The requirement that the CIR must be filed within a month is regulated in section 4(5) Initial Obligations Code. 1262 Section 4(4) Initial Obligations Code (June 2012). See also new section 124A(2) CA 2003 inserted by section 3 DEA 2010. 1263 Diane Rowland/Uta Kohl/Andrew Charlesworth, Information Technology Law (4th ed. 2012), p. 347.

339

Second Chapter: User-Targeted Responses

respectively the name and address of the person on whose behalf the copyright owner is authorised to act and evidence of authorisation), an identification of the copyright work,1264 a statement that there appears to have been a copyright infringement in the respective work, a description of the apparent infringement and the evidence gathered of that apparent infringement,1265 a statement that the copyright owner has not given consent to the act giving rise to the apparent infringement, the start time, end time and date of the online session during which the evidence was gathered,1266 the day on which the infringement is believed to have taken place, the IP address associated with the infringement, the relevant port numbers used to commit the infringement as well as the website protocol, application, online location, Internet-based service or system through which the apparent infringement occurred. 1267 Further, the CIR must contain a unique numerical identifier allocated to the CIR by the copyright owner as well as the date and time of issue of the CIR. 1268 Upon receipt of a CIR, the access provider must identify the subscriber to which the IP address related at the time of the alleged infringement.1269 Access providers are not required to have their internal subscriber identification processes approved by Ofcom, though failure to comply with the requirement for accurate address matching may constitute a material breach of the Initial Obligations Code that triggers a sanction.1270 Match1264 This must include the title of the work and a description of the nature of the work (see section 5(c) Initial Obligations Code (June 2012)). 1265 The information about the infringement must provide sufficient information to enable the subscriber to identify the means used to obtain evidence of the copyright infringement, cf. section 5(e) Initial Obligations Code (June 2012). 1266 As regards the time, the Code requires the use of Coordinated Universal Time, see section 5(g) Initial Obligations Code (June 2012). 1267 Section 5 Initial Obligations Code (June 2012). 1268 Ibid. 1269 Section 8(1) Initial Obligations Code (June 2012). Exceptions to this rule exist where for instance the CIR is not complete, the IP address was not allocated to the Internet service provider in question, the Internet service provider does not hold a postal address for a subscriber, or the rights-holder has not paid the Internet service provider notification fees in full for the relevant notification period (cf. section 18 of the draft Code). 1270 Ofcom also argues that it is in their own interest for Internet service providers to ensure that their processes are robust in order to avoid reputational damage. See Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 4.

340

B. National Enforcement Measures Against Users

ing an IP address to a subscriber is possible for a period of 12 months, since section 5 of the Data Retention (EC Directive) Regulations 2009 sets forth that communications data has to be retained for 12 months. Pursuant to section 7 of the Regulations, access to retained data may be obtained only “(a) in specific cases, and (b) in circumstances in which disclosure of the data is permitted or required by law”. Since the DEA 2010 foresees the identification of subscribers, it indirectly contains such permission for disclosure of retained data. (2) The Warnings: Applicant, Content and Proceedings Once the subscriber has been identified, the access provider must send a written notification to the subscriber provided that it does not hold another current CIR.1271 Pursuant to section 11(2) and (16) of the draft Initial Obligations Code (June 2012) and new section 124A(6) CA 20131272, the notification must contain inter alia a statement that the IP address allocated to the subscriber has been identified in relation to an apparent copyright infringement which needs to be described, that the statement is sent in response to a CIR, information about the CIR as well as the number of CIRs relating to the subscriber which the Internet service provider holds prior to sending the notification.1273 In addition, the subscriber must be informed about the possibility and conditions of an appeal procedure.1274 Similar to a notification under the HADOPI laws, the notification shall educate the subscriber about copyright and its purpose including the ability of a rights-holder to bring legal action for damages.1275 Also, advice shall be given on how to

1271 Section 11(1)(b) Initial Obligations Code (June 2012). 1272 This section is to be inserted by section 3 DEA 2010. 1273 Information about the number of CIRs held is intended to provide more complete information to the subscriber about allegations of infringement that have been made to their Internet service provider and help them assess whether to seek copies of these additional CIRs. See Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 5. Section 11(1)(b) Initial Obligations Code (June 2012). 1274 Section 16(1)(d) Initial Obligations Code (June 2012).The subscriber appeals procedure is set out in Part 8 of the Code. 1275 Section 16(1)(f) Initial Obligations Code (June 2012).

341

Second Chapter: User-Targeted Responses

lawfully obtain access to copyright works, and inform the subscriber about steps that he can take to protect his Internet access service from unauthorised use.1276 Furthermore, the subscriber will be informed that the access provider will store information in relation to the CIR no longer than necessary, i.e. twelve months.1277 Finally, the subscriber will be made aware that further CIRs may lead to the sending of further notifications, and may give rise to a claim before a court by the rights owners.1278 It should be noted, that until the rights-holder has paid the fees due to the Internet access provider in full, the access provider is not required to send notifications to its subscribers in relation to a CIR. In contrast, a failure to pay the fees owed to Ofcom does not hinder the processing of CIRs, but as a consequence Ofcom may initiate enforcement action against the rights-holder for recovery of the amount owed.1279 All notifications must be submitted in writing and be posted using first class mail.1280 If a subscriber has been identified again in connection with an infringement within a twelve-month period following the first notification, he will be sent a second notification (so-called “intermediate notification”).1281 If a third apparent infringement is been committed within the 12-month period triggered by the first infringement, a third notification (so-called infringement list notification) will be sent.1282 A second and third notification will only be send if the previous notification was sent 1276 1277 1278 1279

Section 16(1)(g)-(h) Initial Obligations Code (June 2012). Section 16(1)(j) Initial Obligations Code (June 2012). Section 11(2)(b)-(c) Initial Obligations Code (June 2012). In an earlier consultation of May 2010, Ofcom had suggested that a copyright owner could only participate in the notification scheme if it had paid the fees due to Internet service providers and Ofcom. The draft Initial Obligations Code of June 2012 no longer requires an advance payment for the ability to send CIRs to an Internet service provider. 1280 Section 15 Initial Obligations Code (June 2012). In an early draft version of the Initial Obligations Code, it was foreseen that the first and second notifications could be emailed by the access provider to the subscribers, and that only the third notification should be posted by recorded delivery. The new framework now addresses concerns, that access providers may not always have the relevant email address of their customers. Cf. Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 5. 1281 As regards the details see section 12 Initial Obligations Code (June 2012). 1282 For details see section 13(1) Initial Obligations Code (June 2012). The Initial Obligations Code does not outrule the sending of further notifications, see section 14.

342

B. National Enforcement Measures Against Users

more than a month ago.1283 It seems that this shall allow users to change their behaviour. In addition to the information contained in any first notification, the second warning will also inform the subscriber that if further notifications have to be sent, a CIL, which sets out the CIRs made, by a copyright owner in relation to the subscriber may be provided to that copyright owner by the Internet service provider on request.1284 The third notification will then state that the subscriber is put on the CIL of repeat infringers. He will remain on the list until 12 months after the date on which the last notification is received.1285 CILs are records of the CIR linked to each subscriber along with a record of which copyright owner sent the report.1286 These lists intend to help the rights-holders to identify notorious and persistent infringers and target litigation against them.1287 CILs are administered by the relevant Internet access providers. A CIL will never reveal the identity of the relevant subscribers to the copyright owner, instead an anonymised list will be provided upon request to comply with data protection legislation.1288 CILs can be requested on a monthly basis1289, but must be limited to a maximum period of twelve months.1290 The access provider will only submit those parts of the CIL to a copyright owner, that relate to that specific rights-holder. Hence, the material provided upon request does not include CIRs relating to other copyright

1283 Sections 12(1)(b) and 13(1)(b) Initial Obligations Code (June 2012). 1284 Section 4(1)(a) and (3)DEA 2010 , Section 12(2)(c) Initial Obligations Code (June 2012). 1285 See also Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 65. 1286 Section 4(2)(a) DEA 2010 . 1287 Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 62. 1288 Section 4(2)(b) DEA 2010 which inserts new section 124B CA 2003. See also Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 62. 1289 Section 19(5) Initial Obligations Code (June 2012). 1290 Section 19(4) Initial Obligations Code (June 2012).

343

Second Chapter: User-Targeted Responses

owners.1291 Accordingly, although a subscriber has received multiple notifications, the copyright owner will only be informed about such infringements that relate to his rights. The threshold however to be put on the list is three notifications in total irrespective of the injured party. It remains to be seen whether a third party acting on behalf of a number of copyright owners will be treated as a single copyright owner or several.1292 From the Notice of Ofcom’s proposal for an initial obligations code, it seems that a third party must file a request for each copyright owner on which behalf he becomes active. As mentioned previously, an appeals process will be available to subscribers. Appeals are available at a relatively early stage compared to the French graduated response scheme: namely, appeals can already be brought regarding CIRs.1293 In that respect, an independent body will be set up to hear these appeals.1294 An appeal may be made where the alleged apparent infringement is not an infringement, the infringement does not relate to the subscriber’s IP address at the specified time, and/or the copyright holder and/or the Internet service provider failed to comply with the regulatory codes.1295 The most relevant ground for appeal is likely to be

1291 Cf. Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), pp. 66 et sq. 1292 Several stakeholders, including BT and Internet service providerA, raised concerns regarding who precisely could request a copyright infringement list in such a case. See ibid. 1293 Section 124K(3) CA 2003 as inserted by section 13(3) DEA 2010. In section 6(1) Online Infringement of Copyright (Initial Obligations) (Sharing of Costs) Order 2011 (Draft Costs Order), it was foreseen as a formal requirement that the subscriber pays a GBP 20 fee to have his appeal admitted. However, following the withdrawal of the Draft Costs Order in February 2013 and no new draft being published, it is doubtful whether this provision will survive. The consumer rights organisation Consumer Focus has already filed a submission to the Lords Committee in which it expressed its concern that “a GBP 20 appeals fee will prevent low income consumers, be they benefit recipients or minimumwage workers, from bringing legitimate appeals against notifications that copyright owners suspect that their Internet connection has been used for copyright infringement.” See Consumer Focus, Consumer Focus Submission to the Secondary Legislation Scrutiny Committee on the Digital Economy Cost Sharing Order (July 2012). 1294 Section 13(2)(c) DEA 2010 . 1295 Section 124K(3) and (4) CA 2003 as inserted by section 13 DEA 2010 .

344

B. National Enforcement Measures Against Users

that the subscriber has not committed the infringement himself.1296 The subscriber must then prove during the procedure that the act constituting the “apparent infringement” was not committed by him, and that he took “reasonable steps” to prevent other persons infringing copyright by means of the Internet access service.1297 The draft Initial Obligations Code simply states with regard to the requirement of “reasonable steps” that the appeals body may require “any information it considers necessary” from copyright owners. According to Ofcom, it is for the appeals body to assess the evidence presented by subscribers and to determine the basis on which it will assess the reasonableness of any steps that the subscriber may have taken to secure its Internet access service.1298 Because the appeals body should be able to impose an objective standard of reasonableness, Ofcom removed from its earlier draft of the Initial Obligations Code the requirement that it should take into account the technical ability and knowledge of the subscriber in making its determination.1299 Once a Technical Obligations Code has been passed, and technical measures are being applied, the subscriber will be able to appeal any such measure. In contrast to appeals made against CIR, an appeal against a technical measure will be made to a first-tier tribunal.1300 (3) Consequences It is intended that the notification process will itself deter copyright infringements.1301 However, as new sections 124F-J CA 2003 suggest, the 1296 The burden of proof for a copyright infringement claim and for the accuracy of the IP address falls on the copyright holder and the Internet service provider. See Sam de Silva/Faye Weedon, The Digital Economy Act 2010: Past, Present and a Future “in Limbo”, Computer and Telecommuncations Law Review 2011, Vol. 17 Issue 3, 55, 57. 1297 Section 13(6) DEA 2010. 1298 Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 75. 1299 Ibid. 1300 Section 124K(10) CA 2003 as inserted by section 13 DEA 2010 . 1301 Diane Rowland/Uta Kohl/Andrew Charlesworth, Information Technology Law (4th ed. 2012), p. 347. See also High Court, R. (on the application of British Telecommunications Plc.) v Secretary of State for Business, Innovation and

345

Second Chapter: User-Targeted Responses

legislator has well recognised the possibility that notifications alone may be not efficient enough to prevent future infringements. Thus, said sections make provision for subsequent action in the event that the notifications are not enough deterrents.1302 If infringements persist, the Secretary of State may direct Ofcom to assess whether technical obligations should be imposed on Internet service providers and prepare for the obligations.1303 The DEA 2010 does not set out which technical obligations should be introduced. A “technical obligation” in relation to an Internet service provider is merely defined as “an obligation for the provider to take a technical measure against some or all relevant subscribers to its service for the purpose of preventing or reducing infringement of copyright by means of the Internet”.1304 Pursuant to Article 9 DEA 2010, a technical measure is a measure that limits the speed or other capacity of the service provided to a subscriber, prevents a subscriber from using the service to gain access to particular material, or limits such use, suspends the service provided to a subscriber, or limits the service in another way. The list is thus merely indicative. 1305 The Secretary of State may by order impose a technical obligation on Internet service providers depending on the results of the assessment by Ofcom, on whether such technical obligations should be imposed.1306 As of now, it is difficult to predict the conditions for taking a technical measure against an infringer beside the fact that he must have received at least three notifications within a 12-month period. The DEA 2010 only provides a very general framework containing a number of uncertain legal terms. The Act requires the provisions of a Technical Obligations Code in relation to technical measure to be “objectively justifiable in relation to the

1302 1303 1304 1305 1306

346

Skills [2011] EWHC 1021 (Admin), [2011] CMLR 5, para. 254.Cf. in addtion the Explanatory Note to the DEA 2010 at para. 62, which states that the Initial Obligations are expected to “significantly reduce online copyright infringement”. Diane Rowland/Uta Kohl/Andrew Charlesworth, Information Technology Law (4th ed. 2012), p. 347. New Section 124G(1) CA 2003 as inserted by section 9 DEA 2010 . New Section 124G(2) CA 2003 as inserted by section 9 DEA 2010 . See Julia Hörnle, Premature or Stillborn? – The Recent Challenge to the Digital Economy Act, Computer Law & Security Review 2012, Vol 28, 83, 84. New Sections 124G and 124H CA 2003 as inserted by sections 9 and 10 DEA 2010. The Secretary of State must lay a draft of the order before Parliament. It must be approved by a resolution of each House.

B. National Enforcement Measures Against Users

matters to which it relates”, “not…to discriminate unduly against particular persons or against a particular description of persons”, to be “proportionate to what they are intended to achieve”, and to be transparent “in relation to what those provisions are intended to achieve”.1307 In simple words, this means nothing more as that they have to be legitimate. While it is a long way to go until technical measures may be taken against repeat infringers, copyright owners are free to take the traditional path of private litigation. Copyright owners may use the information contained in a CIL to apply to a court for a Norwich Pharmacal order1308 requiring the Internet service provider to reveal the subscriber’s personal detail. This option however does not even require that the user has been put on the CIL for receiving three or more notifications. A disclosure request may already be filed once evidence is collected with regard to an infringement and an IP address has been identified in connection with that infringement. d) The Status Quo As of 2014, the graduated response scheme is far from being employed. Little progress has been made since 2010. When the DEA 2010 was rushed through Parliament in 2010, it was expected that it would not take long until the first warning letters were sent out. Already in August 2011, the first warnings were expected to be delayed until the second half of 2012 – more than a year later than originally planned.1309 As of June 2012, Ofcom announced that the first warning letters would probably be sent out in March 2014.1310 This delay was partly due to the judicial review of the

1307 New Section 124J CA 2003 as inserted by section 12 DEA 2010. 1308 A Norwich Pharmacal order requires a respondent to disclose information to the applicant so that the applicant can pursue proceedings against an infringer. The respondent must be a party who is involved or mixed up in alleged wrongdoing, whether innocently or not, but who is not likely to be party to the proceedings. The prerequisites for obtaining a Norwich Pharmacal Order are outlined in this Chapter under III. 2.a). 1309 See Jeremy Philips, Digital Opportunity Knocks..., IPkat (03.08.2011. 1310 See Ofcom, New Measures to Protect Online Copyright and Inform Consumers (26.06.2012).

347

Second Chapter: User-Targeted Responses

DEA 2010, which took until March 2012.1311 The copyright enforcement legislation had been the focal point of a two-year battle between rightsholders and Internet service providers, who argued that they should not pay the costs for enforcing the private and exclusive rights of the copyright owners.1312 In that context, Ofcom’s first draft of the Initial Obligations Code published in May 20101313 was revised with a final draft published in June 20121314. Contrary to expectations, this draft was not passed through Parliament by the end of 2012.1315 Even if that timeframe had been respected, given the logistics involved in establishing an appeals body and other elements necessary to police the Initial Obligations Code, Internet users would not have received letters before 1 March 2014.1316 While the Initial Obligations Code was awaiting full approval, the Government withdrew the Initial Obligations Sharing of Costs Order in February 2013, citing the need to make “technical changes”.1317 On current plans and subject to parliamentary approval, the first customer notification letters are expected in late 2015 or even later.1318 Thus, from passing the DEA 2010 to sending out warnings to subscribers more than five years will have gone by. By that time, the DEA 2010 will have produced significant costs without having any effects. Up until March 2011, the DEA 2010 has already produced several millions of costs, for instance over GBP 2

1311 High Court, R. (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, [2011] EWHC 1021 (Admin), [2011] 3 C.M.L.R. 5; Court of Appeal, R (on the application of British Telecommunications plc. and another) v Secretary of State for Culture, Olympics, Media and Sport [2012] EWCA Civ 232. 1312 See Mark Sweney, Ofcom outlines new anti-piracy rules, The Guardian (26.06.2012). 1313 Ofcom Consultation Report, Online Infringement of Copyright and the Digital Economy Act 2010: Draft Initial Obligations Code (28.05.2010). 1314 Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), Annex 3. 1315 According to news reports, the draft code was expected to pass through Parliament following a consultation period by the end of that year, i.e. 2012. See Mark Sweney, Ofcom outlines new anti-piracy rules, The Guardian (26.06.2012). 1316 Ibid. 1317 See BBC News, UK Piracy Warning Letters Delayed until 2015, BBC News (06.06.2013). 1318 House of Commons, Digital Economy Act: Copyright, Standard Note: SN/HA/ 5515 (28 June 2013)

348

B. National Enforcement Measures Against Users

million in consultation fees.1319 Ofcom estimated in 2012 that the costs for setting up and running the DEA 2010’s copyright enforcement regime would be up to GBP 10.5m between 2010 and 2015.1320 As mentioned before, the delay in implementing the graduated response scheme can primarily be based on the concerns as regards the costs to be covered by Internet service providers. The initial draft Sharing of Costs Order required rights-holders to carry 75% of the costs involved to set up and run the new system.1321 The costs that Internet service providers were to carry were set at 25% of the costs involved.1322 According to Ofcom, if 70,000 CIRs are sent by rights-holders to the biggest Internet service providers1323 each month, the total costs to rights-holders would be GBP 14.4m, with each letter costing GBP 17.1324 It has been estimated that the costs for individual letters will drop, if more CIRs are filed.1325 However, this would still leave a significant amount of costs on the access providers. In that context, it has been suggested that the reason for the withdrawal of the Sharing of Costs Order have been concerns by the Treasury that requiring Internet service providers to bear their share of costs in complying with the regime would amount to levying a tax on the providers. This is however something the Treasury said it would need to sanction.1326

1319 See HC Debate of 21 March 2011, vol. 525, col 765W. 1320 Mark Sweney, Ofcom outlines new anti-piracy rules, The Guardian (26.06.2012). 1321 Article 3 sections 1 (6)(b), 3(3) and 4(2) of the draft Online Infringement of Copyright (Initial Obligations)(Sharing of Costs) Order 2011. 1322 Ibid. Non-compliance of Internet service providers with their obligations under the Act, would lead to penalty fees. 1323 This would be BT, Virgin, TalkTalk and BskyB. 1324 See Mark Sweney, Ofcom outlines new anti-piracy rules, The Guardian (26.06.2012). 1325 “The forecast is for it to become more cost effective for the rights holders to foot the bill for significantly more copyright infringement reports to go out to Internet service providers each month – 175,000 will cost them GBP 15.2m, however the cost-per-letter drops to GBP 7.20.” See Mark Sweney, Ofcom outlines new anti-piracy rules, The Guardian (26.06.2012). 1326 Cf. Pinsent Masons, Ofcom anti-piracy code delayed until 2015, out-law.com (10.06.2013).

349

Second Chapter: User-Targeted Responses

On the other hand, the graduated response scheme may be beneficial for Internet service providers considering that file-sharers take up large volumes of bandwidth and “congest[ing] the network”.1327 Irrespective of whether the Sharing of Costs Order would impose a tax levy upon providers, it is obvious that any additional costs, that access providers would have to carry (in administering the CIRs and CILs, and sending out the notifications), will be transferred upon subscribers. Thus, in the end, for the subscribers the situation will not be too much different from France, where the taxpayer carries the costs of the administrative authority occupied with administering and sending out the notifications – with the exception that only Internet access subscriber will be paying. However, considering the household penetration of broadband Internet access, almost every household will contribute its share for rights-holders being able to protect and enforce their own exclusive rights. Not surprisingly, it has been argued that systems such as the one that will be imposed by the DEA 2010 “mutualize[s] the costs of the fight against piracy within the whole society”.1328 As for now, it remains to be seen, what kind of “technical changes” will be made to the Initial Obligations Sharing of Costs Order and what effect this will have on access providers. Considering the delay of the copyright enforcement scheme, the delay clearly shows that the Act was passed without sufficient scrutiny and that too much was left for secondary legislation. This secondary legislation seems to be a never-ending story: bearing in mind, that any Technical Obligations Code requires the Initial Obligations Code to be in force for 12 months, and requires an assessment of the impact of the warning scheme prior to drafting a Technical Obligations Code, it seems rather unlikely that such a Code will ever come into force. It will be no earlier than 2016, until such a Code may be drafted. The benefit of course, will be that the Code adapts to technological progress. On the other hand, by 2016 or 2017, considering previous delays, may have brought changes in user behaviour with new models of unauthorised downloads. The DEA 2010, as well as the HADOPI, relies however on peer-to-peer file-sharing models of 2010.

1327 See Peter Yu, The Graduated Response, Florida Law Review 2010, Vol 62, 1373, 1385. 1328 See Valérie-Laure Benabou, The French Insight into the 'Three Strikes' System', in: Irini A. Stamatoudi (ed.), Copyright enforcement and the Internet (2010), 180.

350

B. National Enforcement Measures Against Users

Finally, sanctions such as the suspension of an Internet access, or any limitations on such access, are highly controversial and may interfere with fundamental rights (as will be discussed in the following). While in the UK, these sanctions are formally still on the agenda, France has already abolished such sanctions for peer-to-peer file-sharing scenarios if no actual infringer can be identified. Without technical sanctions, the copyright enforcement scheme against subscribers leaves the copyright-holders with a rather blunt instrument: the identity of infringers will only be revealed upon them, once they have obtained a disclosure order before a court. This is however nothing new, but an existing instrument under common law. The graduated response scheme will only allow them to filter out the most persistent infringers, while having to pay a significant amount of money to do this. The benefit for rights-holders may only be that these notorious infringers are also those, were legal action promises to be successful. In that regard, what is lacking is the court-proof identification of the actual infringer. Hence, unless the notifications are deterrent enough, the graduated response scheme without a real graduated response is theoretically only beneficial for infringers as they will know that they are only likely to be sued once they have been detected at least three times within a 12 month period. Of course, without a system of notifications, claims are likely to be made against a subscriber who has not himself committed an infringement and has not secured his Wi-Fi adequately or allowed third parties to use his connection. Thus, “innocent” subscribers will not have the chance to review their security settings or educate others using their connection to not infringe copyright. The question then however is, if rights-holders should have to pay to make subscribers aware of their very own negligence. Without a system of notifications, fewer subscribers will be made aware of infringements committed from their access, because disclosure orders are more costly than notifications under the DEA. So in fact, as the DEA 2010 stands today, the copyright enforcement provisions against users are rather an educational tool than a real enforcement mechanism. e) The DEA’s Future in Limbo The DEA’s future is uncertain. The costs involved as well as potentially disproportionate sanctions are not the only controversy about the copyright enforcement scheme of the DEA 2010. As such, the DEA 2010 was 351

Second Chapter: User-Targeted Responses

perceived as being not as forward-looking as the Digital Britain Report, for example in terms of creating an infrastructure for super-fast broadband access.1329 In terms of fast developing technology, it is questionable whether the DEA 2010 is able to keep up with the challenges of the digital age. It has been criticised for not providing future-proofing against current and future technological developments, allowing infringers to simply use other methods for illegally obtaining copyrighted material, for example use of sharehosters, proxy servers and data encryption to avoid detection of an IP address.1330 It remains to be seen whether the system will not just only benefit large copyright holders who have the financial means to support the costs involved.1331 It also remains to be seen how open Wi-Fi services will be addressed, such as coffee shops, libraries or universities. It is uncertain whether in the end they may not become liable as subscribers.1332 In its proposal for an Initial Obligations Code, Ofcom only addressed the issue whether the providers of Wi-Fi hotspots would fall into the category of Internet service providers (although they would not fall within the required category of broadband providers).1333 In this regard, Ofcom distinguished providers of commercial hotspots such as BT and his Openzone service, from commercial entities that offer Internet access in addition to their primary business, such as hotels or cafés that allow their customers to use their Wi-Fi network. With regard to his Openzone service, British provider BT had stated that the “vast majority” of Openzone users purchase on a pay-as-you-go

1329 Sam de Silva/Faye Weedon, The Digital Economy Act 2010: Past, present and a future “in limbo”, Computer and Telecommuncations Law Review 2011, Vol. 17 Issue 3, 55. 1330 Ibid, 60. 1331 Cf. ibid. 1332 In this regard, the preliminary ruling decision of the CJEU in C-484/14 (Tobias McFadden v Sony Music Entertainment Germany GmbH) is eagerly awaited. The request for a preliminary ruling by a German court seeks clarification as to whether the provider of an open Wi-Fi network, i.e. a free non-password-protected Wi-Fi, may be liable for third-party copyright infringements or whether said provider may be shielded from liability on the basis that he falls within the category of “mere conduit” provider under Art. 12 of the E-Commerce Directive. 1333 Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), pp. 29 et seq.

352

B. National Enforcement Measures Against Users

basis, rather than via subscription, and1334 Ofcom recognised that where providers offer Wi-Fi in this way, in many instances the subscriber address data collected for pay-as-you-go consumers will be neither reliable nor easily verifiable.1335 Therefore Wi-Fi providers are excluded from the Scope of the Code on the basis that inclusion “is likely to lead to them incurring substantial costs to achieve a minimal reduction in overall levels of online copyright infringements”.1336 According to Ofcom, also commercial enterprises that offer Wi-Fi services to their customers like hotels or cafés, as well as public bodies like libraries or universities, fall within the definition of an Internet service provider, but are exempted from any obligations under the DEA. This is due to the fact that they do not fall within the category of qualifying Internet service provider, meaning broadband providers with more than 40,000 customers.1337 One of the most controversial issues of the graduated response scheme has been the fact that notifications may also be send to subscribers for allowing “another person to use that service and that person has infringed the owner’s copyright by means of that service”1338. As regards the notion of “allowing”, it has been argued, that “it is unjustifiable for an Internet subscriber to be held vicariously liable for the actions of others”.1339 It was feared that entities that offer free Internet access without further regis-

1334 1335 1336 1337

Ibid. Ibid. Ibid, p. 30. Ibid, p. 99. If a pay-as-you go broadband provider suddenly has more customers than the initial threshold set by the Initial Obligations Code, he will nevertheless not be required to collect contact details of existing customers once it becomes a qualifying Internet service provider. Ofcom departs in this regard from its previous opinion (from its 2010 consultation), that operators that do not hold information necessary for notifying subscribers, must, at such a time as they become a qualifying Internet service provider, ensure that they do collect this data so as to be able to comply with the obligations in the DEA 2010 and the Initial Obligations Code (see p. 95). 1338 Section 4(4) Initial Obligations Code (June 2012). See also new section 124A(2) CA 2003 inserted by section 3 DEA. 1339 Cf. for instance Sam de Silva/Faye Weedon, The Digital Economy Act 2010: Past, present and a future “in limbo”, Computer and Telecommuncations Law Review 2011, Vol. 17 Issue 3, 55, 60.

353

Second Chapter: User-Targeted Responses

tration to their customers, would be held liable for infringements committed by their customers.1340 However, the fact, that warnings may be send to subscribers for allowing third parties to use their service does not in itself carry a sanction. The warning has primarily a deterring function, and only secondly a preparatory function for future legal action. If the subscriber is taken to court, the court will have to examine whether he has either committed the infringement himself or authorised a third party to do so. The CDPA 1988 does not speak of “allowing a third party” but instead uses the notion of “authorisation”. There is a distinctive difference between the two concepts. “Allowing” cannot be equalled with the legal concept of “authorising”.1341 Another issue that may give rise to concern is whether it still makes sense to apply provisions of the DEA 2010 only to the big broadband providers. While it is understandable, that the business models of small providers may be put on risk if they face huge costs for implementing and enforcing the graduated response scheme, it is questionable whether it makes sense to limit the application of the copyright enforcement scheme on big broadband providers. In 2014, the LTE1342 wireless communication standard of high-speed data for mobile phones and data terminals will mean that peer-to-peer file-sharing becomes also possible via mobile communication.1343 Although, data transfer rates of up to 300 Mbit/s will not be available everywhere, the improvements indicate the future developments in mobile communication. With more and more users using mobile surfsticks to go online wherever they are, a huge number of end-users are

1340 Lilian Edwards, Mandy and Me: Some Thoughts on the Digital Economy Bill, ScriptED 2009, Vol. 6 Issue 3, 535, 536. 1341 In that respect, HJ Birss QC already pointed out in Media CAT v Adams that allowing a third party to use an Internet connection does not alone equate authorising an infringement by that person (Patents County Court, Media C.A.T. v Adams [2011] EWPCC 6, [2011] FSR 8, para. 30). UK courts have not yet decided whether the act of authorising use of an Internet connection turn the person doing the authorising into a person authorising the infringement within section 16(2) CDPA 1988. 1342 LTE is an initialism of Long Term Evolution and is marketed as 4G LTE. In Germany, LTE was first introduced in 2010 in selected areas and since then has been expanding. See Alexander Spier, Darf’s ein bisschen schneller sein? Wie sich LTE im mobilen Alltag schlägt, c't 22/2012, 84. 1343 The transfer volume will be increased up to 300MBit per second. See heise.de, LTE-A-Modems liefern bald bis zu 300 MBit/s, Heise (11.09.2013).

354

B. National Enforcement Measures Against Users

not covered by the DEA, i.e. subscribers of small Internet service providers or wireless data communication technology. A solution must be found that provides for adequate legislative intervention, but also recognises legitimate interests of parties other than the copyright-holders. Considering the delay, it is rather unlikely that subscribers in the UK must fear technical measures based on the DEA 2010 in the future. The new Government has indicated that it does not propose to bring into effect provisions relating to limiting or excluding a particular subscriber’s access to the Internet.1344 Further, it seems that by further delays stakeholders will rather lose interest in the graduated response enforcement procedure before the first notification is sent out. Realistically, they have to ask themselves, what the DEA 2010 has given them so far: Internet access providers challenged the act unsuccessfully and were left with the costs for this; the same access providers have to work out internal systems for handling CIRs and CILs that respect the relevant data protection law; in addition, public consultations have already cost more than 2 million pounds. As of now, only costs have been involved. In contrast to France, these costs are not exclusively born by the state. As outlined above, rightsholders have to bear 75% of the costs involved in the warning scheme. Thus, it comes to no surprise that rights-holders are not really pushing the implementation of the warning scheme forward. Moreover, rights-holders are seeking alternative ways to enforce their rights and reduce unauthorised copying: they send out their own warnings in the form of letters before claim threatening subscribers to sue them;1345 but primarily, they are starting to target enforcement against websites that facilitate piracy and have successfully obtained blocking orders against notorious websites.1346

1344 See Ian J. Lloyd, Information Technology Law (6th ed. 2011), p. 385. 1345 See below B. III. 2. UK: Out of Court Settlement by Pre-Litigation Letters: A fundamently Different Approach?. 1346 For content- and intermediary-targeted responses see below in the Third Chapter.

355

Second Chapter: User-Targeted Responses

3. Graduated Response Schemes: Concerns Relating to Technology and Fundamental Rights The graduated response scheme foreseen by the DEA 2010 in the UK has been criticised for similar reasons as the graduated response scheme under the HADOPI laws. Both schemes have been challenged before national courts, but those decisions left many questions unanswered. There has been no thorough analysis of the law: in France, the law was tested against the French Constitution and important issues such as for instance the fundamental rights of the subscribers and his household members have been touched in no more than a few sentences. The UK review of the DEA 2010 also only discussed some issues on a very general level due to the details of the schemes being left for secondary legislation. The following analysis aims at closing the gaps, and will discuss whether and how a graduated response scheme that duly respects the fundamental rights of all parties involved, may be structured by pointing at the most controversial points of the French and UK example. In the following, it will be examined whether and how the graduated response scheme interfere with fundamental rights of the subscribers, their families and household members, and the rights of access providers under the CFR and ECHR. Considering the scope of this research, some points may only be touched briefly, while others will be completely ignored, to leave room for the most important issues such as for instance interferences with the right to receive and impart information, privacy and data protection in general. In doing so, also questions that are not obvious at first need to be addressed, such as for example the question whether IP addresses constitute personal data, so that the data protection provisions of the CFR and ECHR are applicable. The analysis will also look at how technology as such and in particular technological concerns are addressed, for instance in how far subscribers have to secure their WiFi connection. a) Dealing with Technological Matters In the following, it will be addressed how the graduated response schemes respond to the technological issues that have been outlined in the First Chapter.

356

B. National Enforcement Measures Against Users

aa) The Identifiable As regards the question of what can be identified, the question of determination of a copyright infringement as well as the problem that the subscriber is not necessarily the infringer will be addressed. (1) Determination of a Copyright Infringement In the introductory section1347, it has been outlined that the detection of a file being exchanged that carries the name of a protected work cannot be sufficient evidence for an infringement. In France, Rights Protection Commission within HADOPI is occupied with determining whether an infringement has taken place. The rights-holders are therefore advised to provide a file containing an extract of the infringing work to the Commission in order to prove that their intellectual property has been infringed.1348 Although law does not prescribe this, rights-holders are well-advised to present only evident infringements to HADOPI. Only when HADOPI is satisfied that an infringement has taken place, it will initiate a warning. Though a presentation of chunks of the file in question suffices, it seems to be accepted that they need to be useful chunks, i.e. they must actually contain a useful part of the work in question.1349 If HADOPI has doubts that an alleged infringement has taken place, the Authority may conduct a hearing of the applying rights-holder and the Internet subscriber concerned at any stage.1350 In addition to evidence of the infringement, the authority needs to be presented inter alia with proof of the information relating to the acts observed, such as the date and time of the observation, the peer-to-peer protocol used, information on the copyright-protected works and the file name, and proof of the information

1347 See above, A. III. 3. a) The Copyright Infringement. 1348 Mireille Imbert-Quaretta/Jean-Yves Monfort/Jean-Baptiste Carpentier, La contravention de négligence caractérisée à la lumière de la mise en œuvre de la procédure de réponse graduée, La Semaine Juridique – Édition Générale 2012, no 19, 966, 969. 1349 See above A. II. 4. 1350 Christophe Geiger, Honourable attempt but (ultimately) disproportionately offensive against peer-to-peer on the internet (HADOPI) – a critical analysis of the recent anti-file-sharing legislation in France, International Review of Intellectual Property and Competition Law 2011, Vol. 42, 457, 466.

357

Second Chapter: User-Targeted Responses

regarding the identity of the infringer such as the IP address retrieved on the date and at the time of the infringement, the Internet service provider used, and the pseudonyms used on the peer-to-peer network by the infringer.1351 It is also necessary for any agent acting on behalf of the rights-holder to prove that he has been officially authorised by the rightsholder to pursue his intellectual property rights. Thus, professional copyright enforcement companies must also provide documents in relation to their mandate to HADOPI. While the French graduated response scheme requires a review of the evidence at an early stage, namely prior to the submission of a warning, the UK regime does not foresee the establishment of an infringement before a public authority. Instead, rights-holders have to provide evidence to the relevant access provider, who will then issue a warning without a third party overlooking the matter. In that respect, the draft Initial Obligations Code prescribes the standard for obtaining evidence of copyright infringements, but it does not foresee that the access provider examines the facts and in particular, whether the facts provided suffice to establish a copyright infringement. Moreover the law only requires a CIR to contain a statement that there “appears” to have been a copyright infringement in the respective work, as well as a description of the apparent infringement and the evidence gathered of that apparent infringement.1352 A test, whether the accused act constitutes a copyright infringement will only be conducted upon appeal by the subscriber, or when the rights-holder decides to file a claim before a civil court. (2) Fact that IP Address Identification Does Not Necessarily Identify the Actual Infringer Matching an IP address to a subscriber only provides the name of the subscriber of the Internet access service, and not the name of the person who 1351 HADOPI, 2010 Activity Report (2011), p. 35. As regards the data processed see also the annex to Décret n° 2010-236 du 5 mars 2010 relatif au traitement automatisé de données à caractère personnel autorisé par l'article L. 331-29 du CPI dénommé «Système de gestion des mesures pour la protection des œuvres sur Internet». 1352 The information about the infringement must provide sufficient information to enable the subscriber to identify the means used to obtain evidence of the copyright infringement, cf. section 5(e) Initial Obligations Code (June 2012).

358

B. National Enforcement Measures Against Users

was engaged in the wrongful conduct at issue. A criminal charge as well as a plausible claim in civil law, requires the presentation of factual allegations establishing that the particular person identified was, in fact, the individual who engaged in wrongful conduct. The French graduated response scheme addressed this issue by introducing a new criminal offence in the national copyright code: Article L. 336-3 CPI now requires subscribers to an Internet access to ensure, that their Internet access is not used for infringements of copyrighted materials.1353 A subscriber is thus obliged to secure and monitor his Internet access. A violation of this obligation constitutes a “contravention”, which neither requires an intention to violate the law, nor an act of imprudence or negligence on behalf of the infringer. As outlined previously, the subjective element of the offence is narrower than mere negligence and is comparable to a breach of due diligence in tort law.1354 Only when the subscriber has been informed about his obligation to secure his Internet access by HADOPI, he may breach a known duty of law and be held liable. It will then be his persistence to omit the implementation of security measures that is eventually punished under the condition that a further infringement can be established. Thus, subscribers who have not secured and/or monitored their access adequately will not be directly liable for the copyright infringement. There is no known peer-to-peer file-sharing case where a subscriber was actually prosecuted for committing the copyright infringement himself. The prosecutor’s office will regularly only pursue proceedings for this negligence offence as it seems that they are very well aware of the fact that it is impossible without further information than the IP address to prosecute a subscriber. Accordingly, the French regime makes it obsolete to identify the actual infringer by sanctioning subscribers for their reluctance to control their Internet access following three notifications. In contrast, the UK system as it stands today does not address the problem of identifying the actual infringer. Although the DEA 2010 provides the legal basis for sending out notifications to subscribers in relation to infringements that have been committed via their access, the regime does not provide for a final sanction of the subscriber. As long as no Technical Obligations Code has been passed, the subscriber may be faced with pri1353 See B. II. 1. B). 1354 See above, B. II. 1. c) bb) (3) Consequences: Referral to the Prosecutor’s Office and Criminal Proceedings.

359

Second Chapter: User-Targeted Responses

vate legal action by the copright-holders. In civil proceedings, they will however be required to provide evidence that the subscriber is liable for the copyright infringement. Liability will be established, if the subscriber has himself committed the copyright infringement or has authorised an infringement by another person. In that respect, HJ Birss QC already pointed out in Media CAT v Adams, that allowing a third party to use an Internet connection does not alone equate authorising an infringement by that person.1355 UK courts have not yet decided whether the act of authorising use of an Internet connection turn the person doing the authorising into a person authorising the infringement within section 16(2) CDPA 1988. As mentioned previously, the notification procedure under the DEA 2010 is a rather blunt instrument, unless a Technical Obligations Code is being passed. How such a Code will address the issue that the subscriber is not necessarily identical with the actual infringer remains to be seen. The DEA 2010 alone does not provide a solution to this problem, when it foresees that technical measures may be imposed upon subscribers that have received at least three warnings. Considering that a subscriber may appeal a CIR with inter alia the argument that the alleged apparent infringement is not an infringement or the infringement does not relate to the subscriber’s IP address at the specified time and that the will succeed with his appeal when he shows that “the act constituting the apparent infringement to which the report relates was not done by the subscriber, and the subscriber took reasonable steps to prevent other persons infringing copyright by means of the Internet access service”1356, the basic principle is the same as in France: a sanction may only be imposed where the subscriber has not adequately secured his access. While the French legislator introduced a statutory criminal offence in the CPI for failure to comply with the obligation to secure and monitor an Internet access, the UK legislator refrained from introducing such an obligation from the start. However, the UK legislator may introduce this obligation indirectly through the backdoor left by the power to pass a Technical Obligations Code. Both regimes leave it to the courts and appeal bodies to determine the conditions for reasonable steps to prevent other persons from infringing copyright by means of an Internet access service, and the reasonable steps to take to technologically secure an access as such. 1355 Patents County Court, Media C.A.T. v Adams [2011] EWPCC 6, [2011] FSR 8, para. 30. 1356 Section 124K(3), (4) and (6) CA 2003 as inserted by section 13 DEA 2010.

360

B. National Enforcement Measures Against Users

bb) The Identifier As regards the identifier, the concerns in relation to the reliability of data harvesting and data as such as well as potential responses to evasion of detection will be looked at. (1) Concerns in Relation to Reliability of Data Both regimes provide for judicial oversight of sanctions. While in France, the warnings as such cannot be appealed, the UK system foresees appeals at an early stage. At these levels, the subscribers can challenge the reliability of the data that has been collected in relation to the respective alleged infringement. How a subscriber may succeed to prove a misconfiguration of logs remains to be seen, but it is likely that he will only succeed if he can rebut the allegation that he himself has committed the infringement, or any party whom he allowed to use his Internet access service, and his connection has been adequately secured. In order to limit risks posed by harvesting software, copyright-holders in the UK are required to submit their evidence gathering procedures for approval to Ofcom before they can send any reports of apparent copyright infringements to access providers.1357 Ofcom also advises copyright-holders to secure approval from Ofcom if they adopt evidence-gathering procedures; further, Ofcom is prepared to sponsor specifications for such procedures.1358 However, as the outline of the concerns in relation to reliability of data show, there are more sources of error than unreliable software. Whether data is unreliable, is solely left for the subscriber to prove. In this regard, probably witness statements by technical experts are necessary. Also, courts need to be made aware that the matching of an IP address to a subscriber in connection with an infringement may not be accurate.

1357 Section 6 Initial Obligations Code (June 2012). 1358 Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 4.

361

Second Chapter: User-Targeted Responses

(2) Responses to Evasion of Detection With respect to users that try to evade detection, no measures are taken. It seems to be generally accepted that it is impossible to hinder copyright infringements as such. One may also argue that there is a battle of arms between persistent infringers and rights-holders: migration to more secure networks also means that specialised copyright enforcement companies are searching for ways to infiltrate these networks. However, as long as many users stick to conventional peer-to-peer file-sharing, there is still much work to handle. Recent numbers published by HADOPI have shown that there is no decline in copyright infringement notifications to HADOPI. While in 2013, in average 84,000 first warnings were issued per month,1359 in October 2013 138,000 first warnings were issued.1360 Thus, it is doubtful, whether rights-holder will invest many resources to go after sophisticated infringers as long as there is such a vast number of easily detectable infringers. cc) Enforcement of Internet Suspension or Restriction The legislators have said little regarding the practical enforcement of a sanction that suspends or limits access to the Internet. While the French system foresaw that Internet access providers, that offered Internet access service to someone who has been convicted to an Internet suspension, could be fined, no reference could be found as regards the other individuals allowing the offender to use their connection. This may be due to the fact, that the usage of another private connection by the offender will hardly be detected. The question becomes however interesting, when someone else who lives in the household of the offender will order a new Internet access service for the household. Then the Internet suspension or restriction will have no effect. The new subscriber does not fall within the category of an Internet access service provider and will thus not be obliged to refrain from granting access to the offender. In turn, the Internet access service provider who provides the new service will not know who

1359 HADOPI, Réponse graduée – Les chiffres clés (06.11.2013), Monthly updated statistics are available at http://www.hadopi.fr/actualites/reponse-graduee/chiffr es-cles. 1360 Ibid.

362

B. National Enforcement Measures Against Users

else than the subscriber will use the connection. In order to have at least some effect, the suspension or restriction order would have to extent to everyone living under the offender’s address. This however would have an even more severe impact on potentially innocent third parties than the sanction extending to the subscriber alone. It can only be speculated, that the legislators considered that no one upon whom that sanction has been imposed would ask a third party to order a new Internet access service as those are usually connected to a minimum subscription time. However, it seems more likely that they rather ignore the alternatives for an offender to obtain access to the Internet. Also, the court that imposed the first Internet suspension order did not discuss this matter any further. Similarly – though in a case concerning blackmailing -, a German court ordered a 21year-old to refrain from using social media including Facebook, WhatsApp and Instagram for six months.1361 He will have to delete his respective social media accounts. It is highly questionable how such an order can be legitimately enforced without monitoring the online behaviour of the person in question. Whether such interference with the privacy rights of the person concerned can be justified is rather unlikely. dd) No Prescribed Standard for Securing Internet Access One aspect that gives rise to concern and that has already been referred to when discussing that an IP address only relates to a subscriber and not necessarily an individual user, is the required security means to protect a Wi-Fi network. These means are not defined from a technical point of view. According to the wording of Article R. 335-5 CPI, the failure can take two forms: the total failure to secure an Internet connection, and the lack of due diligence in installing a security mechanism. According to HADOPI, the latter covers those cases, where the security solution is ineffective, because, for instance, it had not been activated. The law itself does not impose the installation of a specific security means upon Internet access subscribers. Although HADOPI specifies security means in its warning letters, the law does not require the implementation of a security means approved by HADOPI.

1361 See Der Spiegel, Erpressung im Internet: 21-jähriger Münchner zu FacebookVerbot verurteilt, Der Spiegel online (25.03.2014).

363

Second Chapter: User-Targeted Responses

As of now, also in the UK no specific standard for securing an Internet access against intruders from outside is prescribed by law or has been established by case law. b) Compliance of the Graduated Response Schemes With Secondary EU Law The focus of this research is primarily on the impact on fundamental rights of users and access providers while observing the fundamental rights of copyright-holders. However, as a starting point, the graduated responses are briefly analysed in terms of their compliance with EU secondary legislation as described above. Within this analysis the most controversial issues are focussed on while trying to outline under which conditions graduated response schemes are in compliance with secondary EU law. aa) Compliance of Graduated Response Schemes with Secondary EU Law in General First of all, it has to be recalled that the graduated response schemes that have been discussed above do not alter existing enforcement mechanisms, but provide for an alternative measure to enable the minority of serious repeat infringers to be identified. The graduated response schemes intend to warn and educate subscribers and users prior to sanctioning persistent infringers. Instead of requiring rights-holders to initiate criminal proceedings or address themselves to a civil court for obtaining a disclosure order, an public administrative authority or a third party (i.e. in the UK the access providers) sends warning to first, second or third-time infringers without revealing the identity of the potential infringer to the rights-holder. There is no obligation in secondary EU law to introduce alternative enforcement mechanisms such as graduated response schemes in addition to existing copyright enforcement law that respects the minimum standards set forth in the IPR Enforcement Directive.1362 If alternative enforcement measures are introduced, they nevertheless have to be in accordance with framework provided for in said Directive. Article 3 of the IPR 1362 With regard to copyright enforcement, the IPR Enforcement Directive has been implemented by all Member States.

364

B. National Enforcement Measures Against Users

Enforcement Directive contains rather general provisions on sanctions and remedies for intellectual property rights infringements. According to Article 2(1) of the Directive, Member States may provide for sanctions and remedies that are more favourable to rights-holders. However for all enforcement measures it is necessary that Member States ensure that the enforcement of the intellectual property rights covered by the Directive, are “fair and equitable” and not “unnecessarily complicated or costly, or entail unreasonable time-limits or unwarranted delays”, are “effective, proportionate and dissuasive” as well as “applied in such a manner as to avoid the creation of barriers to legitimate trade and to provide for safeguards against their abuse”.1363 Already when it comes to the notion of “fair and equitable”, it is questionable whether the warning and subsequent sanctioning of subscribers is fair. The fact that in most cases, it will only be possible to identify the subscriber of an Internet access service and not the actual infringer is however no specific problem of graduated response schemes. The graduated response scheme in fact targets in particular the issue that innocent parties shall not be prosecuted or at least not be confronted with prosecutions.1364 To achieve this aim, the schemes requires a subscriber to be warned prior to sanctions in order to allow him to stop infringing copyright or prevent others from using his Internet access to infringe copyright. Without prior warnings, a subscriber may be faced with criminal charges or civil proceedings following a first incident. As this would be the common practice under existing law, the graduated enforcement scheme is rather beneficial for subscribers. As regards the requirement of “unnecessarily complicated or costly”, the initial obligation in the UK to hold access providers partly accountable for the costs of sending out warnings and administering the CILs gives rise to concerns. However, as the initially foreseen sharing of costs, were access providers were held to carry 25% of the costs involved, was recently recalled, it remains to be seen whether future Sharing of Costs Orders comply with Article 2(1). In terms of cost, one may also argue that the

1363 Article 3 of the IPR Enforcement Directive. 1364 In France, civil legal proceedings against alleged infringers had “appalling effects” for rights-holders, so that they decided to refrain from this option of enforcing their rights. See Valérie-Laure Benabou, The Chase: The French Insight into the ‘Three Strikes’ System, in: Irini Stamatoudi (ed.), Copyright enforcement and the Internet (2010), p. 164.

365

Second Chapter: User-Targeted Responses

storing of traffic data for the purpose of identifying infringers may come costly for the access providers. However, the graduated response schemes discussed above do not impose further data retention duties upon access providers. Instead for instance the DEA 2010 foresees that for these purposes the data retained in accordance with the Data Retention Directive can be accessed. For rights-holders the advantage of graduated response schemes in relation to costs is the fact, that instead of addressing themselves to a court to obtain information about the identity of an infringer, or right away press criminal charges against a subscriber, they forward the collected evidence about an infringement to a third party which will then deal with the matter. Although the initiation of criminal investigations comes at no costs for the rights-holder, considering the scale of infringements, it is in practice rather unlikely that the police or public prosecutor will investigate the matters any further than identifying the subscriber. Regularly, they will then have to drop charges because they do not succeed in identifying the actual infringer. Although the graduated response schemes are costly as such, they are not “unnecessarily costly”. There are also no unreasonable time-limits or unwarranted delays. In terms of effectiveness one may argue that the effectiveness of the schemes is limited. This may be based on the continuing high number of first warnings being sent out in France.1365 On the other hand, HADOPI argues that the scheme is being effective in that peer-to-peer file-sharing is on the decline.1366 However, as already the scope and impact of online file-sharing as such is difficult to measure and there are hardly any robust statistics on this subject-matter, the effect is equally difficult to measure. From an ex-ante perspective, graduated response schemes seem however be promising given the lack of understanding about copyright and the lack of understanding towards security settings of Wi-Fi routers, it cannot be ignored that many infringements happen out of ignorance.1367 Given the educational part of

1365 Cf. current statistics with monthly updates see http://www.hadopi.fr/actualites/re ponse-graduee/chiffres-cles. For the highest number of warnings in October 2013 see HADOPI, Réponse graduée – Les chiffres clés (06.11.2013), http://ww w.hadopi.fr/sites/default/files/Chiffres_reponsegraduee_Octobre2013.pdf. 1366 A study cited by HADOPI reported a decrease of approximately 66 % in the illegal sharing of films on peer-to-peer networks, see HADOPI, HADOPI – 1 ½ year after the launch (March 2012), p. 6 1367 Cf. as regards the lack of understanding what is legal: Pierre Lescure, Cultureacte 2, Mission « Acte II de l’exception culturelle», Contribution aux politiques culturelles à l’ére numérique (May 2013), p. 383.

366

B. National Enforcement Measures Against Users

the warnings they may well have a persuasive effect. Also, warnings may have a dissuasive effect as subscribers are made aware of the legal consequences of their behaviour or reluctance. Considering that in relation to the principle of effectiveness1368, rules of national law must be designed in such a way that the objective pursued by the directive may be achieved,1369 and the objective pursued by the IPR Enforcement Directive is that the Member States should ensure effective protection of intellectual property in an online environment,1370 it is not necessary that the measures in question put an end to all infringements. Rather national measures amount to effective measures, when they contribute to the protection of intellectual property on the Internet. The system to be implemented in the UK raises doubts in terms of its potential capacity to reduce online piracy. During the first stage of implementation (i.e. without a Technical Obligations Code), the instrument is a rather blunt instrument, because subscriber face warnings but no sanctions connected with these.1371 However, although they face no sanctions resulting from the DEA 2010, the scheme serves as a preparatory element for civil proceedings by identifying persistent infringers. It thus servers as some kind of filtering mechanism to make it possible for rights-holders to initiate legal proceedings against the most promising potential infringers: it may be easier to establish claims against subscriber listed on the CILs. This presumption however ignores the fact that subscribers are not necessarily infringers, and that it is doubtful that a court will find that allowing a third party to use an Internet access service can be equalled with authorising a third party to commit a copyright infringement.1372 In that respect, one also needs to consider that

1368 As regards the principle of effectiveness which sets forth that the measures must not render virtually impossible or excessively difficult the exercise of rights conferred by Community law, see CJEU, Joined Cases C‑430/93 and C‑431/93 Van Schijndel and van Veen [1995] ECR I-4705, para. 17; Joined Cases C‑222/05 to C‑225/05 van der Weerd and Others [2007] ECR I-4233, para. 28, and Joined Cases C‑145/08 and C‑149/08 Club Hotel Loutraki and Others [2010] ECR I‑0000, para. 74. 1369 Cf. CJEU, C-324/09 L’Oréal v eBay [2011] ECR I-06011, para. 136. 1370 Cf. also ibid, para. 131. 1371 See above, B. II. 2. e) The DEA’s Future in Limbo. 1372 Ibid.

367

Second Chapter: User-Targeted Responses

even the threat with civil proceedings or the initiation of criminal proceedings has some effect on those exposed to such threats.1373 As regards the proportionality of measures, this will be discussed in detail within balancing of fundamental rights below. At this point, it shall only be noted, that the warning system prior to sanctioning follows a legitimate aim, which is the effective protection of intellectual property, is suitable to achieve the aim, and provides a less onerous way than conventional enforcement measures. Whether the sanctioning of subscribers is reasonable in consideration of the contravening interests, is a matter of how far such sanctioning pays regard to a fair balancing of fundamental rights. When analysing whether a Member State’s measure related to a consumer’s access to or use of services constitutes an interference with fundamental rights of users, Artice 1(3a) of the Framework Directive further requires that restrictions on the fundamental rights or freedoms of users can only be imposed if appropriate, proportionate and necessary within a democratic society.1374 In addition, the general obligations on national measures in Article 3 of the IPR Enforcement Directive require the measures to be “applied in such a manner as to avoid the creation of barriers to legitimate trade and to provide for safeguards against their abuse”. There are no claims that graduated response schemes may create barriers to legitimate trade as long as access providers are not unnecessarily and disproportionately burdened. Both schemes that have been presented also provide for safeguards against their abuse: the UK system by introducing appeals already at the stage of warnings, and the French system by requiring HADOPI to assess whether there is sufficient evidence for an infringement before sending out a warning. At the sanctioning stage, it is further required that sanctions can only be imposed by a court. Thus, subscribers are protected against unjustified claims.

1373 In Germany, where instead of warnings cease and desist letters in connection with a claim for compensatory damages are send out by rights-holders, a substantive number of subscribers pay the amount asked for because they fear court proceedings. 1374 Cf. also EU Commission, Code of EU online rights (2012), p. 5.

368

B. National Enforcement Measures Against Users

bb) Compliance of the Data Processing with Secondary EU Law Irrespective of whether a central authority administers the claims or the access providers are administering these, both alternatives require the processing of personal data. At a first stage, data is collected by rights-holders to prove that an infringement has been committed from a certain IP address at a given time. At a second stage, this data is forwarded to either an administrative authority (France) or the relevant Internet access provider (UK) in order to issue a warning. The administrative authority, as well as the access providers, further process the data in order to identify repeat infringers. It is now to determine to what extent the processing of personal data is lawful and what safeguards must be provided for. As to the applicable Directives as such, their provisions are relatively general, since they have to be applied to a large number of different situations which may arise in any of the Member States. Consequently, they include rules, which leave the Member States with discretion to define transposition measures, which then may be adapted to the various situations that may arise.1375 (1) Questions of Applicability of Data Protection Law: IP Address as Personal Data At the heart of the data protection-related discussion towards criminal enforcement of copyright infringements lays the question whether an IP addresses are data relating to an identifiable person. As an IP address does not directly allow the identification of a subscriber because it refers to an account only, there has – and to some degree still is – vivid discussion whether it nevertheless qualifies as personal data.1376 The answer to this

1375 See to that effect CJEU, C-101/01 Lindqvist, Judgment of 06.11.2008, para. 84. 1376 A detailed discussion would go beyond the scope of this work. For an excellent overview on this subject matter, see Eneken Tikk, IP Addresses Subject to Personal Data Regulation, in: Eneken Tikk/Anna-Maria Talihärm (eds.), International Cyber Security Legal & Policy Proceedings (2010), pp. 24–39. See also Okechukwu Benjamin Vincents, When rights clash online: The tracking of P2P copyright infringements vs. the EC Personal Data Directive, International Journal of Law and Information Technology 2011, Vol.16, No.3, 270, 285 et seq. and Rolf Schwartmann, Vergleichende Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheber-

369

Second Chapter: User-Targeted Responses

question is essential because the classification determines the applicable law. Fact is, that Internet access providers and managers of local area networks have the means and capacity to identify subscribers to whom they have attributed IP addresses as they normally systematically “log” in a file the date, time, duration and dynamic IP address given to the Internet user.1377 The same applies to Internet service providers that keep logbooks on their HTTP servers.1378 Hence, since the subscriber can be identified through a dynamic IP address, he can also be identified as the person who has at least “facilitated” the infringement if he has not committed the infringement himself.1379 Information relevant from a data protection point of view is only that information that refers to an identified or identifiable person. This requires that the information refers to a natural person and has the capacity to identify this person. Article 2(a) of Data Protection Directive 95/46/EC defines “personal data” to mean: “any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.”

The definition of personal data in Article 2 of the Directive is complemented by Recital 26 which states that “whereas the principles of protec-

rechtsverletzungen, Studie im Auftrag des Bundesministerium für Wirtschaft und Technologie (Januar 2012), pp. 295 et seq. For a more detailed discussion on this issue from a German perspective see for example Per Meyerdierks, Sind IPAdressen personenbezogene Daten, MultiMedia und Recht 2009, 8; Sven Venzke, Die Personenbezogenheit der IP-Adresse, Zeitschrift für Datenschutz 2011, 114; Stefan Krüger/Svenja-Ariane Maucher, IP-Adresse wirklich ein personenbezogenes Datum? – Ein falscher Trend mit großen Auswirkungen auf die Praxis, MultiMedia und Recht 2011, 433. For a comparative overview on the treatment of IP addresses as personal data, see Christoper Kuner/Cédric Burton/Jörg Hladjk/Oliver Proust, Study on Online Copyright Enforcement and Data Protection in Selected Member States (November 2009). 1377 For more details see Article 29 Data Protection Working Party, WP 37: Privacy on the Internet – An integrated EU Approach to Online Data Protection, adopted on 21.11.2000. 1378 Ibid. 1379 “Facilitation” in this context shall refer to either allowing third parties to use the Internet access service in question or running an unsecure wifi network.

370

B. National Enforcement Measures Against Users

tion must apply to any information concerning an identified or identifiable person; whereas, to determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the said person; whereas the principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable; ...” During the discussion on ACTA, the European Data Protection Supervisor has taken the view that in the context of graduated response schemes IP addresses should be considered as personal data. 1380 His explanation for this conclusion was as follows: “IP addresses are identifiers which look like a string of numbers separated by dots, such as 122.41.123.45. A subscription to an Internet access provider will give the subscriber access to the Internet. Every time the subscriber wishes to go onto the Internet, he will be attributed an IP address through the device he is using to access the Internet (a computer, for example). If a user engages in a given activity, for example, uploads material onto the Internet, the user may be identified by third parties through the IP address he/she used. For example, the user holding IP address 122.41.123.45 uploaded allegedly copyright infringing material onto a P2P service at 3 p.m. on 1 January 2010. The Internet service provider will then be able to connect such IP address to the name of the subscriber to whom it assigned this address and thus ascertain his/her identity. If one considers the definition of personal data provided in Article 2 of Directive 95/46/EC, ‘any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number’, it is only possible to conclude that IP addresses and the information about the activities linked to such addresses constitutes personal data in all cases relevant here. Indeed, an IP address serves as an identification number, which allows finding out the name of the subscriber to whom such IP address has been assigned. Furthermore, the information collected about the subscriber who holds such IP address (‘he/she uploaded certain material onto the Web site ZS at 3 p.m. on 1 January 2010’) relates to, i.e. is clearly about the activities of an identifiable

1380 European Data Protection Supervisor, Opinion of the European Data Protection Supervisor on the current negotiations by the European Union of an Anti-Counterfeiting Trade Agreement (ACTA), OJ C 147 (05.06.2010), 1 para. 25.

371

Second Chapter: User-Targeted Responses

individual (the holder of the IP address), and thus must also be considered personal data.”1381 The European Data Protection Supervisor further continues that for the purposes of ACTA: “Traffic data such as IP addresses may only be collected and stored for reasons directly related to the communication itself, including billing, traffic management and fraud prevention purposes. Afterwards, the data must be erased. This is without prejudice to the obligations under the Data Retention Directive which, as discussed, requires the conservation of traffic data and its release to police and prosecutors to aid in the investigation of a serious crime only. This means that, when contacted by copyright holders, unless such contact occurred within the limited period outlined above, Internet service providers should not have the log files linking the IP addresses to the relevant subscribers. Retaining the log files beyond such period should only be done for justified reasons within the scope of the purposes provided by law.”1382

Also, the Article 29 Data Protection Working Party1383 has repeatedly advised that IP addresses should be considered personal data and in this regard shares the opinion of the European Data Protection Supervisor. According to the Working Party a natural person can be considered identifiable “when, within a group of persons, (s)he can be distinguished from others and consequently be treated differently”.1384 In explicit reference to cases where the processing of IP addresses is carried out with the purpose of identifying the users of an Internet access by copyright holders in order to prosecute them for violation of intellectual property rights, the Working Party stated “that the ‘means likely reasonably to be used’ to identify the persons will be available e.g. through the courts appealed to (otherwise the collection of the information makes no sense), and therefore the information should be considered as personal data”.1385 The Working Party also recognises that in some circumstances IP addresses may not relate to an

1381 Ibid, paras. 25–27. 1382 Ibid, paras. 57–59. 1383 The Article 29 Data Protection Working Party, which is set up under Article 29 Data Protection Directive, is an independent European advisory body on data protection and privacy; Its tasks are set out in Article 30 Data Protection Directive and Article 15 E-Privacy Directive. 1384 Cf. only Article 29 Data Protection Working Party, Statement of the Working Party on Current Discussions Regarding the Data Protection Reform Package (27.02.2013). 1385 Article 29 Data Protection Working Party, Opinion 4/2007 on the Concept of Personal Data, 01248/07/EN WP 136 of 20.06.2007, p. 17.

372

B. National Enforcement Measures Against Users

identifiable person: for instance in the case of Internet cafés, where no identification of the customers is requested, an IP address does not relate to an identifiable person. However, as the Internet access provider is not in a position to know that the person can hardly be identified, he needs to treat the IP address as personal data. In specific, the Working Party stated that “unless the Internet service provider is in a position to distinguish with absolute certainty that the data corresponds to users that cannot be identified, it will have to treat all IP information as personal data, to be on the safe side”.1386 Thus, an IP address is not per se considered as personal data, but rather in general with exceptional circumstances where it is seen necessary to depart from this general rule. In its subsequent opinion on search engines, the Working Party observed that though IP addresses are in most cases not directly identifiable by search engines, identification can be achieved by a third party, meaning that law enforcement and national security authorities can gain access to such data as well (under some national laws) private parties through civil litigation.1387 The Party then concluded that in most cases – including cases with dynamic IP address allocation – the necessary data would be available to identify the user(s) of the IP address.1388 Accordingly, the presumption that an IP address is to be considered as personal data has been reinforced. This view, in particular the view that IP addresses are personal data where the processing of an IP address is carried out with the purpose of identifying the data subject, has not been shared by all Member States. 1389

1386 Ibid. The Working Party also noted that in the Internet café example “It could be argued that the data collected on the use of computer X during a certain timeframe does not allow identification of the user with reasonable means, and therefore it is not personal data. However, it should be noted that the Internet Service Providers will most probably not know either whether the IP address in question is one allowing identification or not, and that they will process the data associated with that IP in the same way as they treat information associated with IP addresses of users that are duly registered and are identifiable”. 1387 See Article 29 Data Protection Working Party, Opinion 01/2008 on Data Protection Issues related to Search Engines, 00737/EN, WP 148 of 04.04.2008, p. 8. 1388 Ibid. 1389 For example in Ireland the High Court ruled with regard to disclosure orders in relation to online copyright infringements that IP addresses are not personal data, see EMI Records (Ireland) Ltd., Sony B. G. Music Entertainment (Ireland) Ltd., Universal Music Ireland Ltd. and Warner Music Ireland Ltd. v Eircom Ltd. , Charleton J., 16.04.2010, [2010] IEHC 108, paras. 18 et seq. For an

373

Second Chapter: User-Targeted Responses

A harmonised interpretation of the concept of personal data in relation to IP addresses may however be achieved by the CJEU’s judgment in Scarlet Extended v SABAM.1390 In this case, the CJEU took the view that IP addresses are personal data as defined by the Data Protection Directive 95/46/EC when the Court considered that the filtering system in question, whereby an access provider would have to monitor its customers, may infringe the fundamental rights of said customers. According to the CJEU, IP addresses are protected personal data “because they allow the users to be precisely identified”.1391 The CJEU did not discuss if it makes a difference whether the IP address that the access provider has attributed to the individual is static (i.e. always the same for every time the customer surfs the web), or dynamic (i.e. a different IP address is allocated each time the customers connects to the Internet).1392 It seems that the fact, that the access provider can connect the IP address to the subscriber’s account to whom it has assigned the IP address is sufficient to satisfy the criteria for personal data. However, while the discussion above focussed on Internet access providers, the situation is somewhat different when it comes to other

overview on how and whether IP addresses are considered personal data in Austria, Belgium, France, Germany, Spain and Sweden, see European Commission, DG Internal Market, Study on Online Copyright Enforcement and Data Protection in Selected Member States (November 2009). 1390 CJEU, C-70/10 Scarlet Extended v SABAM, Judgment of 24.11.2011. 1391 Ibid. Para. 51 of the judgement reads as follows: “It is common ground, first, that the injunction requiring installation of the contested filtering system would involve a systematic analysis of all content and the collection and identification of users’ IP addresses from which unlawful content on the network is sent. Those addresses are protected personal data because they allow those users to be precisely identified.” In Belgium, from where the case was referred to the CJEU for a preliminary ruling, the judgment will not change the existing practice because Belgian courts treat IP addresses already as personal data and thereby have confirmed the view taken by the domestic Data Protection Authority (Commissie voor de bescherming van de persoonlijke levenssfeer / Commission de la protection de la vie privée). 1392 As regards the necessity to distinguish between dynamic and static IP addresses in relation to the logging of IP addresses by website providers, see Per Meyerdierks, Personenbeziehbarkeit Statischer IP-Adressen – Datenschutzrechtliche Einordnung der Verarbeitung durch Betreiber von Webseiten, MultiMedia und Recht 2013, 705–708.

374

B. National Enforcement Measures Against Users

online intermediaries.1393 If other online intermediaries do not use IP addresses to distinguish an individual, they could successfully argue that they do not process personal data.1394 Like the Article 29 Data Protection Working Party has mentioned above, the classification of an IP address as personal data depends on the service provider’s ability to connect the IP address with a certain account. Similarly the Advocate General noted in Scarlet Extended v SABAM that “The question is,…, to determine not so much the legal status of IP addresses as the circumstances in which and the purposes for which they may be collected, the circumstances in which the resulting personal data may be resolved and processed, or even the conditions under which their collection and resolution may be requested”.1395 Accordingly, while it is possible for an access provider to tie an IP address to a specific subscriber, the operator of a website may not so easily identify the subscriber of an IP address.1396 The latter depends on third parties to resolve an IP address to an account, and may only be successful with a request where laws exist that would give them information rights as to the identity of a subscriber. Thus, it is doubtful whether for them the IP address constitutes personal data. Referring back to the Working Party´s wording in its Opinion on the Concept of Personal Data, such connection can only be made where “the ‘means likely reasonably to be used’ to identify the persons will be available e.g. through the courts appealed

1393 See also Stefan Kulk/Frederik Zuiderveen Borgesius, Filtering for Copyright Enforcement in Europe after the SABAM cases, European Intellectual Property Review 2012, 54, 56. 1394 Article 29 Data Protection Working Party, Opinion 4/2007 on the Concept of Personal Data, 01248/07/EN WP 136 of 20.06.2007, p. 17. 1395 Opinion of Advocate General Cruz Villalón delivered on 14.04.2011 in Case C-70/10 Scarlet Extended v SABAM, para. 79. 1396 For a more detailed discussion on this subject matter see Rolf Schwartmann, Vergleichende Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheberrechtsverletzungen, Studie im Auftrag des Bundesministerium für Wirtschaft und Technologie (Januar 2012), p. 299, with further references as to the situation in Germany. That an IP address is no personal data for website operators, cf. Stefan Krüger/Svenja-Ariane Maucher, IP-Adresse wirklich ein personenbezogenes Datum? – Ein falscher Trend mit großen Auswirkungen auf die Praxis, MultiMedia und Recht 2011, 433, 433 et seq.; Per Meyerdierks, Sind IP-Adressen personenbezogene Daten, MultiMedia und Recht 2009, 8, 9 et seq.; Flemming Moos, Die Entwicklung des Datenschutzrechts im Jahr 2007, Kommunikation und Recht 2008, 137, 139.

375

Second Chapter: User-Targeted Responses

to…”.1397 A strict application of this conclusion would mean that even for the rights-holders the IP addresses they collect in peer-to-peer networks would constitute personal data. Accordingly, the French legislator, in the course of the HADOPI laws, and albeit the lack of an explicit classification in France1398, chose to pass a statutory clause that expressly enables the agents of the rights-holders to collect personal data in relation to an infringement including the IP address of the user.1399 Previously, the French Data Protection Authority had repeatedly declared that IP addresses are personal data, and some courts followed that proposition.1400 In contrast, in Germany, the majority view seems to be that “harvesting” of data in relation to copyright infringements, i.e. the logging of dynamic IP addresses in peer-to-peer networks by rights-holders does not constitute the collecting of personal data.1401 This view pays regard to the fact that the (dynamic) IP address as such without any further elements or steps taken for identification, does not allow parties other than access providers

1397 Article 29 Data Protection Working Party, Opinion 4/2007 on the Concept of Personal Data, 01248/07/EN WP 136 of 20.06.2007, p. 17. 1398 Cf. Yves Détraigne/Anne-Marie Escoffier, Rapport d’information fait au nom de la Commission des lois constitutionnelles, de législation, du suffrage universel, du Règlement et d’administration générale, par le groupe de travail relatif au respect de la vie privée à l’heure des mémoires numériques (27.05.2009). 1399 In that regard, the Décret no 2010-236 du 5 mars 2010 relatif au traitement automatisé de données à caractère personnel autorisé par l'article L. 331-29 du code de la propriété intellectuelle dénommé «Système de gestion des mesures pour la protection des œuvres sur Internet» expressly refers to the IP address as a personal data. The Annex to said Decret enumerates what is considered as personal data and this includes the IP address. 1400 See Christoper Kuner/Cédric Burton/Jörg Hladjk/Oliver Proust, Study on online copyright enforcement and data protection in selected Member States (November 2009), pp. 23 et seq. The authors cite a decision by the TGI Paris from 24 June 2009, in which the TGI stated that an IP address is personal data since “it corresponds to a number provided by an Internet service provider which identifies a computer connected to the network (...). With regard to the existing technology, this address appears to be the only means enabling to track a natural person who has posted content online”. 1401 Instead of many, see Rolf Schwartmann, Vergleichende Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheberrechtsverletzungen, Studie im Auftrag des Bundesministerium für Wirtschaft und Technologie (Januar 2012), p. 300.

376

B. National Enforcement Measures Against Users

to identify an access subscriber.1402 Thus, the determination of IP addresses as personal data depends on the perspective: while for access providers IP addresses are personal data, for rights-holder they are no personal data but may become so once a court order for disclosure against the access provider is obtained. However, also in Germany, this view is contested with some scholars and data protection commissioners arguing that IP addresses are in general personal data.1403 The UK approach shows that it is difficult to view the IP address separate from the information about the infringing content that has been identified. During the judicial review of the Digital Economy Act in the UK, the High Court proceeded on the assumption that dynamic IP addresses are personal data citing inter alia the Opinion of the Article 29 Working Party.1404 This conclusion was further based on the fact that the data collected to prepare a notification of an infringement also identifies the nature of the digital material that has been unlawfully copied; the nature of this material however may reveal special categories of personal data that may inter alia relate to racial, or ethnic origin, political opinions, or sex life of an individual. An identified or identifiable person (the subscriber) will thus be “inevitably linked, through the dynamic IP address, to material that might, for example, tend to show unusual sexual proclivities”.1405 While an isolated IP address may not carry any such information, in the context of copyright enforcement, they always need to be processed together with the materials that have been upor downloaded through that address. Hence, in connection with the fact that there are means available to identify the subscriber of that address, who will at least have “facilitated” the infringement, there is a strong argument to treat IP addresses as personal data.

1402 Peter Schmitz, Datenschutz im Internet, Part. 16.2, paras. 80 and 83, in: Thomas Hoeren/Ulrich Sieber/Bernd Holznagel, Handbuch Multimedia-Recht (36th ed. 2013). 1403 Instead of many cf. Peter Schaar, Datenschutz im Internet (2002), para. 174 and Alexander Dix, Vorratsdatenspeicherung von IP-Adressen?, Datenschutz und Datensicherheit 2003, 234–235. 1404 High Court, R. (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, [2011] EWHC 1021 (Admin), [2011] 3 C.M.L.R. 5, paras. 152–157. 1405 Ibid, para. 156.

377

Second Chapter: User-Targeted Responses

This conclusion can be supported on an EU law level by reference to the Data Retention Directive1406. For the purposes of the Data Retention Directive, data means traffic data, location data and the related data necessary to identify the subscriber or the users.1407 A starting point to trace and identify a particular user or at least the subscriber will be the IP address used.1408 IP addresses and further data to trace the origin of a communication shall be retained “to the extent that those data are generated or processed by providers of publicly available electronic communications services or of a public communications network within their jurisdiction in the process of supplying the communications services concerned”.1409 If one again takes into account the Opinion of the Article 29 Working Party as regards the determination of IP addresses as personal data, namely, that IP address are personal data when information about the subscriber is available to national authorities upon request, IP addresses are personal data at least for the stipulated retention time foreseen in the national transposition of the Data Retention Directive.1410 However, considering that the Data Retention Directive only requires the disclosure of data to national authorities in relation to serious crime, the awkward result would be that for national authorities, IP addresses would only fall within the scope of personal data when they relate to serious crime, because only then, it would be possible for the national authorities to identify a subscriber. For access providers, the data however constitutes personal data from the allocation of an IP address and the retention of this data onwards. This shows that for different stakeholders IP addresses have a different quality.1411

1406 Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, OJ 2006 L 105, p. 54. 1407 See Article 2(a) of the Data Retention Directive. 1408 See Article 5(1)(a)(2)(iii) of the Data Retention Directive; Eneken Tikk, IP Addresses Subject to Personal Data Regulation, in: Eneken Tikk/Anna-Maria Talihärm (eds.), International Cyber Security Legal & Policy Proceedings (2010), 35. 1409 Article 3(1) of the Data Retention Directive. 1410 See in this regard also Eneken Tikk, IP Addresses Subject to Personal Data Regulation, in: Eneken Tikk/Anna-Maria Talihärm (eds.), International Cyber Security Legal & Policy Proceedings (2010), 35. 1411 Cf. Rolf Schwartmann, Vergleichende Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheber-

378

B. National Enforcement Measures Against Users

In the following, it is thus proceeded on the basis that IP addresses, including dynamic IP addresses, are personal data as long as there are means likely reasonably to be used to identify the persons including through court orders or the initiation of criminal investigations – meaning that as long as a rights-holder or website operator has the possibility to obtain a disclosure order, an IP address constitutes personal data. Once a court denies a disclosure order or a disclosure is not possible because the service provider has already deleted the data required to match the address to a subscriber, an IP address will no longer constitute personal data. (2) Processing of Data The graduated response schemes that have been presented both require access providers to process “personal data” within the meaning of Articles 2(a) and (b) of the Data Protection Directive: the access providers must link the IP address provided by the copyright owner (or in the case of France: HADOPI), and either notify them about the infringement or provide an authority with the identity of a subscriber. In the UK, the access provider will further be under a legal obligation to complete copyright infringement lists. Considering that the information processed constitutes “personal data” as the processing of IP addresses is carried out with the purpose of identifying the subscriber,1412 the procedures have to be in conformity with the Data Protection Directive. This applies in particular as the reports on copyright infringements, be it the French dossiers that are forwarded to HADOPI or the UK CIRs that are forwarded to the access providers, identify the nature of the material that has been unlawfully copied by a subscriber or someone else using his connection. Even if the IP address may only help to identify the subscriber, the data nonetheless relates to an identified or identifiable person because the subscriber who can be identified is “inevitably linked to the data”1413 as the person, who

rechtsverletzungen, Studie im Auftrag des Bundesministerium für Wirtschaft und Technologie (Januar 2012), pp. 299 et seq. 1412 See the above discussion of IP address as personal data. 1413 Cf. High Court, R. (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, [2011] EWHC 1021 (Admin), [2011] 3 C.M.L.R. 5, para. 156.

379

Second Chapter: User-Targeted Responses

has “facilitated” the infringement, even if he is not the infringer and could incur no legal liability for the infringement. The question is whether already the collection of evidence by rightsholders or their agents as well as the assessment of notifications by HADOPI prior to matching the information to subscribers with the help of access providers amounts to the processing of personal data. In contrast to the access providers, neither the rights-holders nor HADOPI at an early stage have the capacity to link an identifiable person to the dynamic IP addresses. However, as stated in the introduction, dynamic IP addresses are personal data as long as there are means likely reasonably to be used to identify the persons including through court orders or the initiation of criminal investigations – meaning that as long as a rights-holder or website operator has the possibility to legally obtain information on the identity of a source of communication, an IP address constitutes personal data. Once a court denies a disclosure order or a disclosure is not possible because the service provider has already deleted the data required to match the address to a subscriber, the address will no longer constitute personal data. Even if IP addresses are considered to be solely traffic data, they may only be processed in a limited number of circumstances and for specific purposes (such as billing, invoicing, compliance with a legal obligation, or the legitimate interests pursued by the controller or a third party to whom the data are disclosed).1414 The processing for other purposes (such as online copyright enforcement) generally requires consent.1415 The traffic data in question is originally being processed by access providers for the purposes of Article 2 E-Privacy Directive, namely, “for the purpose of the conveyance of a communication on an electronic communications network or for the billing thereof”. The processing of traffic data by both rights-holders, the administrative authority and access providers under the graduated response schemes at a first sight contravenes the obligation on Member States under Article 5 of the E-.Privacy Directive to “ensure the confidentiality of communications and the related traffic data”. Pursuant to Article 5(1) of E-Privacy Directive, Member States must ensure the confidentiality of communications by means of a public communications network and publicly available elec1414 See Article 7 of the Data Protection Directive. 1415 Cf. European Commission, DG Internal Market, Study on Online Copyright Enforcement and Data Protection in Selected Member States (November 2009).

380

B. National Enforcement Measures Against Users

tronic communications services, and of the related traffic data, and must inter alia prohibit, in principle, the storage of that data by persons other than users, without the consent of the users concerned. There are only two exceptions to that rule, namely the exceptions related to persons lawfully authorised in accordance with Article 15(1) of the Directive and the technical storage necessary for conveyance of a communication. In addition, as regards traffic data, Article 6(1) of E-Privacy Directive provides that stored traffic data must be deleted or rendered anonymous when it is no longer needed for the purpose of the transmission of a communication. As regards Article 6(2), (3) and (5), which concern the processing of traffic data for billing and marketing purposes as well as the provision of value-added services, these provisions do not concern the communication of the respective data to third parties. They thus can only relate to disputes between service providers and users concerning the grounds for data storage.1416 However, Article 15(1) E-Privacy Directive contains exceptions to Articles 5 and 6 of the E-Privacy Directive and allows Member States to adopt legislative measures restricting the confidentiality obligations with regard to users' communications and related traffic data. Thus, the compatibility of the collecting and processing activities with the E-Privacy Directive depend on whether these activities come within the scope of one of the derogations set forth in Article 15(1). Article 15(1) stipulates that “Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5, Article 6, Article 8(1), (2), (3) and (4), and Article 9 of this Directive when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system, as referred to in Article 13(1) of the Data Protection Directive. To this end, Member States may, inter alia, adopt legislative measures providing for the retention of data for a limited period justified on the grounds laid down in this paragraph. All the measures referred to in this paragraph shall be in accordance with the general principles of Community law, including those referred to in Article 6(1) and (2) of the Treaty on Euro-

1416 See CJEU, C-275/06, Productores de Música de España (Promusicae) v Telefónica de España SAU [2008] ECR I-271, para. 48.

381

Second Chapter: User-Targeted Responses

pean Union”.1417 Although the protection of (intellectual) property is not explicitly referred to in Article 15, it may be included by Article 15(1) ending the list of exceptions with an express reference to Article 13(1) of the Data Protection Directive. Said paragraph sets forth further purposes for which Member States may restrict the right to privacy in respect for the processing of personal data, including where the restriction is necessary for “(g) the protection of the data subject or of the rights and freedoms of others”. In the Promusicae case, the CJEU held that Article 13(1) of the Data Protection Directive is incorporated by said reference into the E-Privacy Directive.1418 Accordingly, Article 15(1) E-Privacy Directive has to be interpreted as expressing the Community legislature’s intention not to exclude from its scope of protection the right to (intellectual) property or situations in which authors seek to obtain that protection in civil proceedings.1419 As a consequence, Article 15(1) of the E-Privacy Directive allows the restriction of the obligations under the Directive not only in the circumstances explicitly mentioned in Article 15(1), but also in situations “that may give rise to civil proceedings”.1420 Therefore the question referred to the Court in Promusicae was answered as follows: although EU law does not require Member States to implement in their national laws an obligation to disclose personal data in the context of civil proceedings in order to ensure the effective protection of copyright, it does not preclude this either.1421 EU law requires however, that Member States transposing the relevant Directives interpret them in a way that “allows a fair balance to be struck between the various fundamental rights protected by the Community legal order”; also when applying their national law, this has to interpreted in such a way as to not be in conflict with EU law.1422

1417 Article 15(1a) further provides that “Paragraph 1 shall not apply to data specifically required by Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks to be retained for the purposes referred to in Article 1(1) of that Directive”. 1418 CJEU, C-275/06, Productores de Música de España (Promusicae) v Telefónica de España SAU [2008] ECR I-271, para. 52. 1419 Ibid, para. 53. 1420 Ibid. 1421 Ibid. 1422 Ibid, paras. 68 et seq.

382

B. National Enforcement Measures Against Users

Applying this guidance the CJEU, the collecting and processing of personal data in the context of graduated response schemes must protect the right to intellectual property or be in situations in which authors seek to obtain that protection in civil proceedings. None of the graduated response schemes solely focusses on situations in which authors seek to obtain protection of intellectual property rights in civil proceedings. Although, the UK systems intends to identify repeat infringers to allow rights-holders targeted actions against persistent infringers, it does not require rightsholders to seek protection in civil proceedings. The main intention is rather to warn and inform users. Therefore the scheme does not foresee any further information rights of rights-holder than the anonymised CIL, instead further information rights are subject to common law. In France, the whole scheme is outside the context of civil proceedings, as its purpose is to sanction repeat infringers under criminal law. Thus, neither rights-holders collect nor HADOPI or access providers (in the case of UK) process data to obtain protection of copyright in civil proceedings. Because the collecting and processing of personal data takes place outside of civil proceedings, the present situation is different from the issues raised in the Promusicae case. In particular, the disclosure of information in relation to IP addresses by the access providers to HADOPI requires no judicial oversight. In that respect, one has to consider that enforcement by public authorities means that there is potentially more respect to privacy than enforcement by private parties. Moreover, in her opinion in the Promusicae case, the Advocate General concluded that enforcement by public authorities necessarily results in greater respect for fundamental rights than does enforcement by private parties.1423 Thus, there are less concerns involved when public authorities process personal data. The CJEU however, did not discuss this contention, and thus seems to place enforcement by private entities on the same level as enforcement by public authorities.1424 One may argue that the court thereby indirectly recognised that law enforcement authorities in practice do not have the capacities to deal with online copyright infringements by end-users.1425 While this may be

1423 Opinion of Advocate General Kokott in Case C-275/06, Productores de Musica de España (Promusicae) v Telefonica de España SAU, para. 114. 1424 Cf. Christoph Kuner, Data Protection and Rights Protection on the Internet: The Promusicae Judgment of the European Court of Justice, European Intellectual Property Review 2008, Issue 5, 199, 201. 1425 See ibid.

383

Second Chapter: User-Targeted Responses

the case considering the large number of warnings being send out each month by HADOPI, one should at this point not confuse the administration of warnings by a public authority and law enforcement by the police and public prosecutor. The fact, that the CJEU did not discuss the Advocate General´s contention should rather be considered as there being no need to discuss this subject-matter. With respect to the collecting and processing of personal data outside of civil proceedings, one must pay consideration to the fact, that the CJEU in Promusicae also set forth that such processing is permitted for the protection of the right to property within the scope of the “protection of the rights and freedoms of others” under Article 15(1).1426 The CJEU's ruling went beyond protection in the context of civil proceedings. The graduated response schemes and the data processing connected with them are intended to promote the protection of copyright and thus are covered by the exceptions provided for in Article 15(1) E-Privacy Directive read in conjunction with Article 13(1) Data Protection Directive.1427 This does not mean that the graduated response schemes are in compliance with EU law. According to the principle of proportionality in EU law, a balance needs to be struck between the means used and the intended aim of their actions. Neither data protection nor protection of IP rights is given precedence over the other.1428 The CJEU considers the law to be neutral in this respect. The most important point for the Court is that a fair balance is achieved between the fundamental rights of the parties involved. It is important that not only the national implementation, but also the interpretation of the national implementation is consistent with the directives and not in conflict with fundamental rights or other principles of Community law.

1426 CJEU, C-275/06, Productores de Música de España (Promusicae) v Telefónica de España SAU [2008] ECR I-271, para. 53. 1427 The same conclusion was reached by the High Court in R (on the Application of British Telecommunications Plc and Others) v The Secretary of State for Business, Innovation and Skills [2011] EWHC 1021 (Admin), Judgment of 20.04.2011. See also Anne Barron, 'Graduated Response' à l'Anglaise: Online Copyright Infringement and the Digital Economy Act 2010, Journal of Media Law 2011, Vol. 3 Issue 2, 305, 332. 1428 See instead of many Case C-275/06 Productores de Musica de España (Promusicae) v Telefonica de España SAU, [2008] ECR I-271, paras. 61 et seq.

384

B. National Enforcement Measures Against Users

(3) Disclosure of Personal Data As regards the disclosure of personal data to rights-holders, the CJEU only provided little guidance in the Bonnier Audio case on how to strike a fair balance between the fundamental rights in question, namely that national legislation that foresees the disclosure of data must require that “there be clear evidence of an infringement of an intellectual property right, that the information can be regarded as facilitating the investigation into an infringement of copyright or impairment of such a right and that the reasons for the measure outweigh the nuisance or other harm which the measure may entail for the person affected by it or for some other conflicting interest”.1429 The court seised must weigh the conflicting interests involved on the basis of the facts of each case presented and must strike a fair and proportionate balance between the interests involved. The same applies to the disclosure of personal data by access providers to HADOPI. The judgement in Bonnier Audio does not constitute a carte blanche as regards the usage of retained data. It only clarifies that national legislation, that foresees the disclosure of data to pursue civil claims, does not contravene the Data Retention Directive or other Community law. Such information rights are subject to national law, which as aforementioned may or may not provide for these rights. The French data protection law provides that HADOPI may request the disclosure of personal data, that access provider have to retain for the prosecution of serious crimes. Similarly, access providers in the UK have to use the data retained for these purposes to send out warnings. These statutory changes were necessary to guarantee that warnings could be send out in first place because Internet access providers were not retaining data for longer than a few days due to existing domestic laws on data retention.1430

1429 Ibid, para. 58. 1430 See in this regard: European Observatory on Counterfeiting and Piracy, Evidence and Right of Information in Intellectual Property Rights (2010), pp. 4 et seq., which outlines the example of Spain, in which, following the judgement of the CJEU in the Promusicae case, the domestic court “confirmed that Spanish data protection rules prevent Internet service providers from disclosing the identity of individual account holders to right holders for the purpose of civil proceedings, depriving right holders of a remedy altogether”. Similarly the report states that in Austria, “in the case of on-line peer-to-peer infringements (‘file sharing’), the provisions relating to the right of information are in practice not enforceable where information is requested from access providers, due to a deci-

385

Second Chapter: User-Targeted Responses

Following the CJEU’s ruling in Bonnier Audio, it has been clarified that Member States are free to introduce obligations upon Internet service providers to forward information under the condition that this is in compliance with data protection law. From what has been said above, EU data protection law does not preclude such processing that is intended to protect copyright. (4) Processing of Sensitive Data The data that is processed in connection with a copyright infringement also contains information about the materials that have been shared. Depending on the materials this data may constitute sensitive data. Sensitive data is defined as personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or relates to health or sex life.1431 The material collected in relation to the subscriber may also reveal such special categories of personal data, relating in particular to the sex life of an individual insofar as pornographic materials are concerned.1432 For instance, a subscriber may be linked to unusual sexual proclivities. The processing of such sensitive personal data must be justified. As regards the processing of special categories of personal data within Article 8 of the Data Protection Directive, Article 8(2)(e) provides a justification for the processing if the processing is necessary for “the establishment, exercise or defence of legal claims”. The graduated response schemes presented have precisely this purpose, namely putting the copyright owner in a position to establish that there has been an infringement of copyright, and identify the person responsible for the infringement. The initiation of a warning procedure does not exclude future civil legal proceedings. The information gathered however allows the preparation of such proceedings. Article 8(2)(e) also does not require that the copyright

sion of the Austrian Supreme Court restricting the retention and processing of dynamic IP addresses”. 1431 See Article 8(1) of the Data Protection Directive. 1432 See the above discussion on IP addresses as personal data.

386

B. National Enforcement Measures Against Users

owner will in the end commence legal proceedings.1433 At the time, the rights-holder gathers the data, he can never be a hundred percent sure that he will at a later stage take legal action. Whether a claim is pursued can regularly only be decided once the identity of a subscriber is revealed; following pre-litigation correspondence, the rights-holder will be able to estimate his chances of a successful claim.1434 Successful in that respect not only relates to a successful claim, but also to enforceability (the defendant for example may be bankrupt). The circumstances described in Article 8(2)(e) Data Protection Directive also fall within Article 7(f) of the Directive as “processing…necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are controlled”.1435 The justification applies to all categories of personal data, i.e. sensitive and non-sensitive data because otherwise the scope of protection for sensitive data would be narrower than the one for non-sensitive personal data.1436 cc) Compliance of Internet Suspension or Restriction Orders with Secondary EU Law As of now, none of the graduated response schemes foresees the imposition of sanctions that may interfere with the user’s possibility to access the Internet. The initial version of the French system however foresaw the

1433 Cf. also High Court, R. (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, [2011] EWHC 1021 (Admin), [2011] 3 C.M.L.R. 5, para. 160. 1434 In ibid, para. 161, it has similarly been argued that “The data controller might not know at an early stage in processing the relevant data whether he intended at the end of the process to commence legal proceedings, and the processing could be rendered impermissible if in the event he did not commence such proceedings; and it might be only after the relevant data processing that he could sensibly decide whether it was appropriate to commence proceedings. The data controller might change his mind during the course of processing, and the legal position would be obscure”. 1435 See ibid. The Court also stated that if there were any doubts about the application of Article 8(2)(e) to the relevant processing, the UK legislator could, before the Code came into legal effect, lay down an exemption under Article 8(4), based upon a “substantial public interest”, namely, the better protection of the rights of copyright owners. 1436 Cf. ibid.

387

Second Chapter: User-Targeted Responses

suspension of an Internet access as the ultimate sanction, and also the UK legislator foresees the passing of a Code providing for such sanctions. It is obvious, that these kind of sanctions interfere with fundamental rights. This has also been recognised by the EU legislators during the negotiations of the Telecoms Reform Package. Article 1(3) of the Universal Service Directive now provides that measures taken by Member States regarding end-users’ access to, or use of, the Internet “shall respect the fundamental rights and freedoms of natural persons, including in relation to privacy and due process.” In addition, Article 1(3)(a) of the Framework Directive further stipulates that where fundamental rights are engaged by such measures, the latter can only be imposed if appropriate, proportionate, necessary within a democratic society, and subject to adequate procedural safeguards including effective judicial protection and due process. Thus, in general, the new provisions inserted by the Telecoms Reforms Package do not preclude the introduction of sanctions that ultimately limit end-users’ access to the Internet. Any such sanction is however, subject to the conditions set forth in Article 1(3)(a) of the Framework Directive. Accordingly, such intrusive measures may only be taken with due respect for the fundamental rights of users including the principle of the presumption of innocence and the right to privacy. A prior, fair and impartial procedure must be guaranteed, including the right of the person concerned to be heard.1437 Also the right to effective and timely judicial review must be guaranteed. EU law thus recognises that interferences with an end-user’s Internet access may be legitimated. The European Parliament took the position that it is not impossible to justify restrictions on Internet access as long as due respect is paid to the fundamental rights of the end-users concerned by such a measure.1438 Whether and under which circumstances the fundamental rights and freedoms of end-users are respected will be discussed in the following section on the impact of such measures on fundamental rights. As regards other restrictions of Internet access, ony may also refer to Article 12(3) of the E-Commerce Directive, which provides that mere con-

1437 See also Anne Barron, 'Graduated Response' à l'Anglaise: Online Copyright Infringement and the Digital Economy Act 2010, Journal of Media Law 2011, Vol. 3 issue 2, 305, 321. 1438 This view is also shared by the French Constitutional Court in its decision on the HADOPI I law, see Conseil constitutionnel, Decision of 10 June 2009 – No. 2009-580 DC, Journal officiel 13.06.2009, 9675.

388

B. National Enforcement Measures Against Users

duits, that is Internet access providers, may come under an obligation to terminate or prevent an infringement by using its technical facilities to end or prevent an infringement committed by a third party or to facilitate a copyright owner in pursuing his rights against an infringing party. Thus, the E-Commerce itself foresees the cooperation of access providers to not only terminate infringements but also to hinder users to commit further infringements as long as such restriction is imposed by a court or administrative authority. dd) Compliance of Cost-Sharing with Secondary EU Law One of the reasons why the implementation of a graduated response scheme in the UK has been delayed was the strong opposition by access providers. They in particular fought the obligation to bear 25% of the implementation costs and the costs of appeals as well as their own costs in implementing the system.1439 They further challenged the provision under which they could be exposed to financial penalties in the event of failure to comply the Codes.1440 An obligation to bear costs in order to allow third parties to enforce their private rights as well as the threat of penalties could potentially be equalled with rendering the access providers “liable for the information transmitted”. In that regard, Article 12 of the E-Commerce Directive provides that mere conduits are not liable for any of the information transmitted. As long as access providers only act as mere carriers and neither initiate the transmission, nor select the receiver of the transmission or select or modify the information contained in the transmission,1441 and within the service concerned do not store information longer than is necessary for transmission,1442 the providers fall (as concerns the

1439 R. (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, [2011] EWHC 1021 (Admin), [2011] 3 C.M.L.R. 5, para. 107. 1440 Cf. new Section 124L of the CA 2003. 1441 As regards these requirements see Article 12(1) E-Commerce Directive 1442 As regards these requirements see Article 12(2) E-Commerce Directive. Article 12(2) E-Commerce Directiverefers to the process of packet switching transmission, which allows Internet service providers to store information for a brief period of time in small pieces. The packet switching transmission process allows Internet service providers to provide mere conduit activities by making copies of the information to be transmitted for the sole purpose of carrying out

389

Second Chapter: User-Targeted Responses

provision of Internet access service) within the category of mere conduits.1443 The liability exemption of Article 12 E-Commerce Directive shields mere conduits from liability such as criminal liability but also from regulatory fines or damages and other compensation payable to the copyright owner when their rights have been infringed via the connectivity service.1444 It is thus necessary to determine whether the obligations on access providers impose liability for the information transmitted by the providers. The penalties foreseen for non-compliance with the specific scheme established by the DEA 2010 do not constitute any liability “for the information transmitted”, i.e. for the underlying copyright infringement.1445 The penalties derive from an infringement of obligations under the DEA 2010. As long as the penalties do not arise because there has been an infringement of copyright for which the access providers will be held liable, provisions that foresee the imposition of penalities are in compliance with the ECommerce Directive. The same applies to the costs involved in implementing and administering the DEA 2010 scheme. They do not constitute liability for information transmitted but are part of the DEA 2010 scheme. The natural meaning of the wording “liable for the information transmitted” cannot be extended to also cover an economic burden imposed on an access provider for transmitting copyright-infringing information.1446 As already stated in the introduction to this section, the (partial) imposition of the costs for the scheme upon access providers could infringe Aricle 3(1) of the IPR Enforcement Directive. Said provision foresees that procedures and remedies necessary to ensure the enforcement of the intel-

1443 1444

1445

1446

390

the transmission of the information, without making the information available to subsequent users. See also recitals 43 to 45 of the E-Commerce Directive. See Julia Hörnle, Premature or stillborn? – The recent challenge to the Digital Economy Act, Computer Law & Security Review 2012, Vol. 28, 83, 85 with reference to R. (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, [2011] EWHC 1021 (Admin), [2011] 3 C.M.L.R. 5, para. 102. See R. (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, [2011] EWHC 1021 (Admin), [2011] 3 C.M.L.R. 5, para. 107 confirmed by [2012] EWCA Civ 232. The Court noted that “the legal test is not whether a liability has arisen because there was an initial infringement of copyright; the liability must arise in respect of that underlying infringement, so that the liability is for the information transmitted”. Cf. ibid, at 108.

B. National Enforcement Measures Against Users

lectual property rights covered by the IPR Enforcement Directive, “shall be fair and equitable and shall not be unnecessarily complicated or costly, or entail unreasonable time-limits or unwarranted delays”. Pursuant to Article 3(2), they “shall also be effective, proportionate and dissuasive and shall be applied in such a manner as to avoid the creation of barriers to legitimate trade and to provide for safeguards against their abuse”. If one takes the robust data from France in relation to the number of infringements being send out, the access providers will look at costs of hundreds of thousands GBP, which makes the scheme costly for them. Considering that access providers are completely neutral providers and do not interfere with the content transmitted, the bearance of such a high sum seems unnecessarily costly – at least if its proportionality cannot be established.1447 c) Conformity with the Fundamental Rights of Internet Users The above analysis shows that as such graduated response schemes do not contravene secondary EU law, even if they foresee as an ultimate sanction the suspension of a subscriber’s Internet access service. This however applies under the condition that there is a fair balancing of fundamental rights. In this regard not only the legislation as such but also their application must not be in conflict with fundamental rights or other principles of Community law. First of all, the impact on the fundamental rights of Internet users will be in the focus as they are those against whom copyright will be enforced. aa) Sanctions Interfering with a User’s Right to Freedom to Expression in the Form of Freedom to Seek, Impart and Receive Information The most controversial aspect of graduated response schemes has been the suspension or restriction of Internet access as an ultimate sanction. Although the suspension of an Internet access service has been abolished in France for the offence of gross negligence and in the UK such a technical measure is far from becoming a statutory sanction, the impact on 1447 Cf. the CJEU’s findings in C-70/10 Scarlet Extended v SABAM, Judgment of 14.11.2011, paras. 48 et seq.

391

Second Chapter: User-Targeted Responses

the freedom to receive and impart information needs to discussed briefly, in particular with regard to the fact that the UK foresees as a possible alternative reductions in bandwidth, or limited access to the Internet. It must also be noted that all these sanctions assume that the subscriber is the only person involved. This is however not true in most scenarios. Commonly, private single connections are shared, either between family members, third parties within a communal household or flatshare. The situation becomes more complicated where parties open up their Wi-Fi to the general public, for instance in the course of their business, such as hotels, coffee bars or pubs. Also, libraries and universities usually provide Internet facilities, however often under the condition that users register, which would allow identification of an infringer if logging data is retained for a certain time. At this point, the discussion will focus on private single connections. Practice has shown that it is possible for third parties to take control of a network from the outside without the owner’s knowledge.1448 This may be achieved by installing malware or hacking into the Wi-Fi network. Often access to Wi-Fi networks is not difficult for people with some IT-literacy. Where insecure wireless connections are operated, access is even simpler. Since the advent of private Wi-Fi networks, it was popular with certain IT-literate people to drive through neighbourhoods and search for unsecured Wi-Fi networks using a portable computer (so-called “wardriving”1449). With smartphone or other Internet usable devices such as tablets on the rise, this activity may raise to popularity again, especially since software for searching for networks is freely available on the Internet.1450 Accordingly, sanctions against a subscriber will not only hinder illegitimate users, but also legitimate users.1451 Legitimate users in this context

1448 Cf. for example House of Lords, House of Commons, Joint Committee on Human Rights, Legislative Scrutiny: Digital Economy Bill, Fifth Report of Session 2009–10, HL Paper 44 = HC 327 (05.02.2010), p. 87. 1449 See Benjamin D. Kern, Whacking, joyriding and war-driving: Roaming use of Wi-Fi and the Law, CIPerati – a Cyberspace and I.P. law newsletter 2005, Vol. 2 Issue 4. 1450 Such as for example NetStumbler for Windows, SWScanner for Linux or Wi-FiWhere for iPhones. 1451 House of Lords, House of Commons, Joint Committee on Human Rights, Legislative Scrutiny: Digital Economy Bill, Fifth Report of Session 2009-10, HL Paper 44 = HC 327 (05.02.2010), p. 87.

392

B. National Enforcement Measures Against Users

encompass all those parties that the subscriber has allowed to use his Internet access service. The following paragraphs will outline the interference of the poposed severe penal sanctions with freedom of expression and discuss a potential justification. In this regard, the preamble to the Declaration of the Committee of Ministers on human rights and the rule of law in the Information Society recognises that “limited or no access to information and communication technologies can deprive individuals of the ability to exercise fully their human rights”.1452 The first chapter of the Declaration, entitled “Human rights in the Information Society” further provides that “1. […] Freedom of expression, information and communication should be respected in a digital as well as in a non-digital environment, and should not be subject to restrictions other than those provided for in Article 10 of the ECHR, simply because communication is carried in digital form”. This statement seems to indicate that a comparison must be drawn between sanctions for infringments committed in the “offline” and “online” world. Thus, one may conclude that no additional sanction should be imposed on offenders simply because they use new technologies to commit the offence. Sanctions that interfere with a user’s right to freedom to expression, that only exist because the offence has been committed online, thus seem to be unjustifiable if no such sanction would exist for the same offence being committed offline, for instance by making unauthorised copies of a CD and distributing those. Irrespective of similar sanctions existing for online and offline behaviour, the main concern is the seriousness of the interference and a justification being available. These questions will be addressed in the following. (1) Interference The right to freedom of expression enshrined in Article 10 ECHR and Article 11 CFR includes an active aspect (the freedom to inform) and a

1452 Council of Europe, Declaration of the Committee of Ministers on human rights and the rule of law in the information society (13.05.2005), CM(2005)56 final.

393

Second Chapter: User-Targeted Responses

passive aspect (freedom to receive information). The right imposes on the State a negative duty not to interfere with the freedom to seek, receive and impart information. When sanctions are imposed upon Internet access subscribers that suspend or in some other way restrict the subscriber’s access to the Internet, this interferes with his right to freedom of expression in the form of freedom to seek, impart and receive information. Access to the Internet ios important in the sense to have access to mass media and to be able to consume and exchange ideas and information. The suspension of an Internet access service may cause substantial harm to the legitimate interests of all users of the Internet connection in question. One only needs to imagine that the Internet connection is used for professional purposes. As outlined in the first Chapter, freedom to expression is not limited to certain kinds of expressions but encompasses cultural expressions as well as pure entertainment.1453 Thus, even when access is limited to certain services or bandwidth is restricted so that the user may no longer be able to engage in peer-to-peer networks, watch movie streams or use other services that take up large bandwidth, this interferes with his freedom of expression. One may argue, that the user may use alternative means of communication instead. However, as outlined in the first Chapter, the right to freedom of expression also covers access to specific technical means of transmission since any restriction imposed on the latter necessarily interferes with the right to receive and impart information.1454 Freedom of expression does not only guarantee the right to impart information but also the right of the public to receive it.1455 As regards the access to a specific means of transmission, the ECtHR held in that although citizens may “obtain some news through … newspapers and radio programmes”, “these sources of information only cover parts of what is available via television broadcasts and cannot in any way be equated with the later”.1456 Consider-

1453 See ECtHR, Khurshid Mustafa and Tarzibachi v Sweden, Application No. 23883/06, para. 45. 1454 ECtHR, Autronic AG v Switzerland, Judgment of 22.05.1990 – Application No. 12726/87, Ser A No. 178 (1990), para. 47. 1455 See instead of many ECtHR, Observer and Guardian v the United Kingdom, Judgement of 26.11.1991 – Application no. 13585/88, para. 59. 1456 ECtHR, Khurshid Mustafa and Tarzibachi v Sweden, Application No. 23883/06, para. 45.

394

B. National Enforcement Measures Against Users

ing the nature and scope of information that is available on the Internet, the Internet as a source of information as well as an audience for own expressions, the same must apply to the Internet. The findings in Mustafa and Tarzibachi v Sweden must be interpreted in the light of the presentday conditions.1457 The dissemination factor of the Internet is unreachable for traditional media and traditional sources only cover parts of what is available via the Internet. Even mere bandwidth restrictions would thus interfere with Article 10 ECHR – and with Article 11 CFR, if the sanction was based on EU legislation.1458 (2) Justification of Interference Interferences with the right to freedom of expression can be justified if they are in accordance with the law, have aims that are legitimate under Article 10(2) ECHR and are necessary in a democratic society. Thus, first of all, domestic law must prescribe the interference. The restrictions on Internet access that existed in France and are discussed in the UK constitute penal sanctions, and were/will be prescribed by statute. Secondly, the interference must have aims that are legitimate under Article 10(2) ECHR. The criminal sanctions concerned pursue the legitimate aim of protection of the rights of others. The rights of others include legal rights, such as proprietary rights.1459 Further, as the sanctions may have a dissuasive effect on the individual concerned and on the general

1457 Cf. See Council of Europe, Internet: Case-Law of the European Court of Human Rights (June 2011). 1458 The latter is not the case in the described scenarios, which relate to enforcement schemes that have been implemented under national legislation. One may also argue that the duty to pay the subscription fees for the duration of a suspension is a disproportionate penalty. However, the obligation to pay the subscription fees is no penalty as such as the obligation to pay the subscription fee in the absence of a termination of a contract is an obligation under civil law. It is not a measure of a punitive nature. The obligation rather stems from a breach of contract attributable to the subscriber. See in that regard also Conseil constitutionnel, Decision of 22 October 2009 – no. 2009-590 DC, Journal officiel 29.10.2009, 18292, para. 17. 1459 Alastair Mowbray, Cases, Materials, and Commentary on the European Convention on Human Rigths (2nd ed. 2007), p. 726. See also the recent case of ECtHR, Ashby Donald and others v France, Judgement of 10.01.2013 – Application No. 36769/08 with further references, and ECtHR, Fredrik Neij and

395

Second Chapter: User-Targeted Responses

public to infringe copyright, the sanctions also pursue the legitimate aim of prevention of crime.1460 Restrictions on or suspension of Internet access are theoretically capable to put an end to infringements. Most importantly, the interference must be necessary in a democratic society. The Court’s judgments relating to Article 10 – starting with Handyside1461 – enounce the following major principles. Freedom of expression constitutes one of the essential foundations of a democratic society, exceptions to free expression must thus be narrowly interpreted and the necessity for any restrictions must be convincingly established. The notion “necessary” is not synonymous with “indispensable”.1462 “Necessary”, within the meaning of Article 10(2) implies the existence of a “pressing social need”.1463 The Contracting States have a certain margin of appreciation in assessing whether a pressing social need exists. Such a need could well be the combat against copyright infringements on the Internet as such. Nevertheless, it is necessary to weigh the interests of Internet users to have unrestricted access to the Internet and the interests of intellectual property rights-holder to have their rights protected. It has to be noted at this point that intellectual property is protected by Article 1 of Protocol No. 1 to the ECHR1464 and Article 17 CFR. The genuine, effective exercise of property rights does not depend merely on the State’s duty not to interfere, but may require positive measures of protection.1465 Thus, it is necessary to balance the two competing interests of which both enjoy fundamental rights protection. Within the balancing test, it is necessary to consider the type of expression and information that is interfered with. In the present case, a suspension would prevent access to all differ-

1460 1461 1462 1463 1464 1465

396

Peter Sunde Kolmisoppi v Sweden, Decision of 19.02.2013 – Application No. 40397/12. Cf. also ECtHR, Fredrik Neij and Peter Sunde Kolmisoppi v Sweden, Decision of 19.02.2013 – Application No. 40397/12. ECtHR, Handyside v the United Kingdom, Judgment of 07.12.1976 – Application no. 5493/72. ECtHR, Handyside v the United Kingdom, Judgment of 07.12.1976 – Application no. 5493/72, para. 48. Instead of many see ECtHR, Observer and Guardian v the United Kingdom, Judgment of 26.11.1991 – Application no. 13585/88, para. 59. See for example, ECtHR, Anheuser-Busch Inc. v Portugal [GC], Application no. 73049/01, § 72, ECHR 2007‑I. See for example ECtHR, Öneryıldız v Turkey [GC], Application no. 48939/99, para. 134.

B. National Enforcement Measures Against Users

ent kinds of speech including the access to various mass media which in turn is fundamental to develop own opinions. In light of its accessibility and its capacity to store and communicate vast amounts of information, the Internet plays an important role in enhancing the public’s access to news and facilitating the dissemination of information generally.1466 The impact on freedom of expression may not be as severe where only restrictions on access exist. As regards restrictions to Internet access, the ECtHR held in Yildirim v Turkey that even though effects of a restriction may be limited, this “does not diminish its significance, especially since the Internet has now become one of the principal means by which individuals exercise their right to freedom of expression and information, providing as it does essential tools for participation in activities and discussions concerning political issues and issues of general interest”.1467 Thus, restrictions on access are still interferences with freedom of expression and information. Further, it needs to assess who will be affected by the sanction. Neither the French nor the UK graduated response scheme determines what needs to be done when the subscriber shares an Internet access with third parties. The fact that third parties may be affected by a suspension or restriction order is just being ignored. Moreover, the legitimate interests of third parties need also to be taken into consideration when assessing whether an interference with the freedom of expression is proportionate. Considering that also the subscriber must not necessarily be the infringer, and may just have recklessly not secured his Internet access sufficiently or may be wrongly accused of copyright infringement.1468 Also, the criminal offence for which the sanction is imposed is of a minor nature considering that the download (and necessary upload) of three songs from a peer-to-peer network will be enough to reach the sanctioning stage of the graduated response schemes in question. Although the court imposing the sanction will regularly take into account whether the subscriber has taken any action to prevent further infringements from being committed via his Internet access, a strict application of the law does not make such an assessement a necessity. Even if one assumes that against persistent

1466 ECtHR, Times Newspapers Ltd v the United Kingdom (nos. 1 and 2), Application nos. 3002/03 and 23676/03, para. 27. 1467 ECtHR, Yildirim v Turkey, Judgment of 18.12.2012 – Application no. 3111/10, para. 54. 1468 See above A. III. 4. The Identifier.

397

Second Chapter: User-Targeted Responses

infringers that wilfully infringe copyright, an Internet restriction order may outweigh his right to freedom of seek, receive and impart information and ideas, this may only be the case as long as innocent third parties are not affected. To guarantee that only in these cases restrictions may apply, it will be necessary to draft provisions that foresee the application of the Internet restriction sanction under certain further conditions including the wilfull infringement of copyright for which the subscriber himself is liable. In France such a provision existed with Article 335-7-2 of the Code de la proriété intellectuelle, which set forth that when considering the suspension of an Internet access, the court must take into account the circumstances and seriousness of the violation, the personality of the infringer including his professional and social activites and his economic situation. Nevertheless, the law foresaw the suspension of an Internet access even where the subscriber was not the infringer and still encompassed a multiplicity of cases where a sanction could be imposed. In that regard and considering the severity of the interference, it cannot be enough to merely allow third parties to use an Internet access, especially if the third party may be instructed not to interfere with intellectual property rights. In light of the importance of Internet in a networked world, the only conclusion that can be drawn that the sanctions as they stood/stand interfere with the rights of the subscriber and moreover third parties in a nonjustifiable way. They may restrict a broad circle of users’ access to impart or receive information. The rights of the intellectual property rights-holders can further be protected by less intrusive means including fines. This result corresponds with the findings of the Special Rapporteur for the UN’s Human Rights Council Frank La Rue’s findings in his Report on Freedom of Expression. La Rue considered cutting off users from Internet access, regardless of the justification provided, including the intellectual property rights of the copyright owners, to be disproportionate and thus a violation Article 19(3) of the ICCPR.1469

1469 See UNHRC, Report of the Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion an Expression, Frank La Rue (16.05.2011), UN Doc A/HRC/17/27, paras. 78–79. The Special Rapporteur also called upon States to ensure that Internet access is maintained at all times, including during times of political unrest. States should repeal or amend existing intellectual property laws and refrain from adopting laws which forsee the disconnection of users from Internet access.

398

B. National Enforcement Measures Against Users

bb) Collecting and Processing of Communications and Personal Data Interfering with Privacy Rights The privacy rights enshrined in Article 8 ECHR and Articles 7 and 8 CFR are obviously implicated in the enforcement schemes. First of all, privacy rights may be concerned when rights-holders monitor peer-to-peer networks for online infringements and harvest IP addresses. Secondly, they may be concerned when rights- holders seek to unmask the person behind the harvested IP address. While these are obvious scenarios where privacy rights may be concerned, there are further aspects that are not so obvious that may give rise to concern. One of these will be discussed in the following, which is the information concerning the infringement that is forwarded to the subscriber who must not necessarily have committed the infringement himself. (1) Interference with the Right to Respect for Family and Private Life The most likely aspect to be concerned with regard to the right to respect for family and private life under Article 8 ECHR and Article 7 CFR, is the private life of the alleged infringer.1470 As mentioned above, where information is disclosed to the subscriber as regards the infringing work in question, from which he may draw conclusions in relation to the sexual preferences (see above) or radical views of another person that uses his Internet access, this clearly interferes with the right to respect for private life of that person. Although within none of the graduated response scheme such information will be contained in the warning, at least under the DEA 2010 scheme, the subscriber may ask for further information. But not only where information is disclosed to the subscriber as regards the content that has been shared, the private life of an Internet user will be affected. When access providers in the UK are obliged to keep records, the so-called copyright infringement lists, or HADOPI collects data relating to infringements, the private life of subscribers is interfered with. It is his private life and potentially his intimate sphere that will be affected when

1470 With regard to the scope of protection see above, First Chapter, B. II. 2. b) bb) Right to Respect for Family and Private Life.

399

Second Chapter: User-Targeted Responses

public authorities or private actors hold electronic databases with the respective (sensitive) data.1471 The UK legislator has recognised this risk and therefore the DEA 2010 foresees that data held by the access provider is being anonymised. In France all data is processed and retained by HADOPI, with only HADOPI having access to the data that is retained. As regards public authorities, domestic laws usually foresee transparency and supervision as to data processing, whereas with private actors there is less supervision, which may be one of the reasons why HADOPI is not required to keep anonymised lists.1472 Both schemes foresee the deletion of data within a certain time frame and thereby aim to respect the principle of proportionality. Whether the interference can be justified will be examined following an outline of further aspects of privacy that may be affected. Not to be neglected in the context of respect for family and private life is the provision in the DEA 2010, whereby a subscriber may be sanctioned for “allowing” another person to use the service and infringe copyright. 1473 The notion of “allowing” cannot be equalled with “authorising”. In that respect, HJ Birss QC pointed out in Media CAT v Adams that allowing a third party to use an Internet connection does not alone equate authorising an infringement by that person.1474 UK courts have not yet decided whether the act of authorising use of an Internet connection turn the person doing the authorising into a person authorising the infringement within section 16(2) CDPA 1988. So, if the DEA 2010 introduces a new liability provision, the question is: what is meant by “allowing”? Should the subscriber be obliged to monitor the activities of his family members

1471 Cf. EU Network of Independent Experts on Fundamental Rights, Commentary of the Charter of Fundamental Rights of the European Union (June 2006), Article 7 CFR, p. 79. 1472 In her opinion in the Promusicae case, the Advocate General concluded that enforcement by public authorities necessarily results in greater respect for fundamental rights than does enforcement by private parties, see Opinion of the Advocate General Kokott in Case C-275/06 Productores de Musica de España (Promusicae) v Telefonica de España SAU. 1473 See Section 4(4) Initial Obligations Code (June 2012). See also new section 124A(2) CA 2003 inserted by section 3 DEA 2010. 1474 Patents County Court, Media C.A.T. v Adams [2011] EWPCC 6, [2011] FSR 8, para. 30.

400

B. National Enforcement Measures Against Users

or flatmates? This would clearly interfere with the guarantee to private life of the persons concerned.1475 (2) Interference with the Right to the Confidentiality of Communications If Internet service providers are under an obligation to link IP addresses listed in CIRs or notifications by HADOPI to the subscriber’s personal details and in the case of CILs pass this information on, these acts of data processing could interfere with data protection principles such as the confidentiality of communications guaranteed under Article 7 CFR and Article 8 ECHR. Article 7 CFR and Article 8 ECHR do not only protect the contents of communication but also traffic data.1476 Under the right to confidentiality of communications, states are obliged to take all necessary measures to restrict unlawful obtaining of information by public authorities and private parties.1477 In that respect not just the contents of communications is protected, but also traffic data.1478 Already the collecting of data that by rights-holders or their agents thus affects the confidentiality of communications by subscribers and other Internet users. However, the question is, whether the gathering of information is unlawful. In that regard, it is also necessary to look at the methods used to gather and collect personal information.1479 No specific method is addressed in the laws, in particular does none of the graduated response schemes foresee the monitoring of detected infringers. The information is not obtained through secret surveillance, but by crawling peer-to-peer networks. The right-holders do nothing else than taking the role of a user and join a swarm of peerto-peer file-sharers. One may argue, that at this stage, they do not interfere with the confidentiality of communications when they colllect data necessary to trace and identify the source of a communication and its destina-

1475 See Lilian Edwards, Mandy and me: Some thoughts on the Digital Economy Bill, Scripted 2009, Vol. 6 Issue 3, 535, 536. 1476 See ECtHR, Malone v The United Kingdom, Judgement of 02.08.1984 – Application No. 8692/79, para. 84. 1477 See above First Chapter, B. II. 2. b) aa) Privacy Rights in General. 1478 See above First Chapter, B. II. 2. b) cc) Right to the Confidentiality of Communications. 1479 Cf. ECtHR, Leander v Sweden, Judgment of 26.03.1987 – Application no. 9248/81, para. 48; S. and Marper v United Kingdom, Judgment of 04.12.2008 – Application nos. 30562/04 and 30566/04, para. 67.

401

Second Chapter: User-Targeted Responses

tion, i.e. the date, time, duration and type of communication. However, considering that they may – in addition to the graduated response scheme – have information rights under civil law (as for instance in the UK1480), the IP addresses lead to an identifiable person (=the subscriber) and thus, fall within the category of personal data. The collecting of IP address thus already constitutes collecting of personal data. Once rights-holders have logged IP addresses and further information relating to an infringement and forward this information to the access provider (UK) or HADOPI, this data is processed. Both, access providers and HADOPI are empowered to match the IP address to a subscriber. When access providers are obliged to disclose information about their customers in relation to a user’s communication to a public authority, the confidentiality of communication will be affected. In consideration of the recent decision of the CJEU in relation to the Data Retention Directive,1481 it also becomes necessary to analyse which kind of data access providers may be obliged to disclose. This question also relates to the context and purpose for which the requested data has been retained. In the UK, access providers will for instance be required to disclose data that they have retained in order to comply with the national transposition of the Data Retention Directive. This provision has not become invalid simply because the Data Retention Directive has been declared invalid by the CJEU. The national transposition will in itself have to be analysed as regards its compliance with EU law. As this would go beyond the scope of this research, it shall only be noted that the collecting and retention of data derogates from the system of protection of the right to privacy established by Data Protection and E-Privacy Directive, which provide for the confidentiality of communications. To establish the existence of an interference with the fundamental right to privacy, it does not matter whether the information on the private lives concerned is sensitive

1480 See below B. III. 2. A) aa) The Service of Disclosure Orders in the UK – Right to Information and Norwich Pharmacal Orders. 1481 CJEU, Joined cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others, Judgment of 08.04.2014. Given that the Court has not limited the temporal effect of its judgment, the declaration of invalidity takes effect from the date on which the Directive entered into force.

402

B. National Enforcement Measures Against Users

or whether the persons concerned have been inconvenienced in any way.1482 If one compares the general framework with the findings of the CJEU in the case challenging the validity of the Data Retention Directive, one may draw the conclusion that, the obligation imposed by the domestic law on access providers to retain, for a certain period, data relating to a person’s private life and his communications, constitutes an interference with the right to privacy under Article 7 CFR (and Article 8 ECHR).1483 The CJEU also noted in that case that the fact that data are retained and subsequently used without the subscriber being informed is likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance.1484 With regard to this point the graduated response schemes can be distinguished as the data is used with the intention to inform the subscriber concerned. As regards the retention of data, attention needs to be paid within the balancing of contravening interests whether there was a reason for the collecting and retention of data. Where the individual concerned gave reason to have his data collected, for instance because he has committed an offence, an interference will be considered less severe than where he has not given reason for the data collecting.1485 (3) Interference with the Right to the Protection of Personal Data As mentioned above, the collecting of traffic data by the rights-holders also amounts to the processing of personal data, because it is conducted with the purpose of identifying a copyright infringer – at least for the public authorities or the access providers. Further, the processing of data by the access providers (UK) and the disclosure of data towards HADOPI

1482 CJEU, Joined cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others, Judgment of 08.04.2014, para. 33 refering to CJEU C-465/00, C-138/01 Österreichischer Rundfunk and Others, ECR I-4989, para. 75. 1483 Cf. CJEU, Joined cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others, Judgment of 08.04.2014, para. 34. 1484 Ibid, para. 35. 1485 Cf. for example the judgment of the German constitutional court in relation to the scanning of number plates of all drivers. BVerfG, Judgment of 11.03.2008 – 1 BvR 2074/05, 1 BvR 1254/07 (Automatisierte Erfassung von Autokennzeichen), Neue Juristische Wochenschrift 2008, 1505.

403

Second Chapter: User-Targeted Responses

interferes with the right to protection of personal data under Article 8 ECHR and Article 8 CFR, because the identity of an individual and his contact details are revealed by the data controller to a third party. Although this is prescribed by national law and conducted in accordance with the Data Protection Directive and E-Privacy Directive (see above) for the protection of the rights of others, it needs to be examined whether such disclosure is proportionate. According to the principle of proportionality in EU law, a balance needs to be struck between the means used and the intended aim of their actions. (4) Justification Under Article 8(2) ECHR framework, an interference may be justified, when it had a legal basis in domestic law, and the interference “is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others”.1486 This test is quite similar to the test under EU law, which requires compliance with EU law and a balancing of the interests concerned. With regard to any limitations on Articles 7 and 8 CFR, a note from the drafting Presidium indicates that the possible limitation that can be placed on the rights protected in Article 7 CFR are the same limits provided for in Article 8 ECHR by virtue of Article 52(3) CFR.1487 The graduated response schemes must however only comply with CFR standards insofar as EU law is concerned, meaning inter alia that states will have to respect the rights guaranteed by the Charter when their authorities apply a national law that implements an EU Directive. As the data protection aspects with which national copyright enforcement

1486 Article 8(2) ECHR. These limits can also be placed on the rights protected in Article 7 CFR, see above First Chapter, B. II. 2. b) ee) Justification of Interference. 1487 With regard to Article 7 CFR see Bureau of the Convention, Note from the Presidium, Draft Charter of Fundamental Rights of the European Union, New Proposal for Articles 1 to 12 (now 1 to 16) (08.03.2000), CHARTE 4149/00, Convent 13, Article 12, p. 13: “Paragraph 2 on limitations has not been included but it is applicable under Union law pursuant to Article 6 of the TEU and the clause on limitations in the Charter”.

404

B. National Enforcement Measures Against Users

schemes interefer have been regulated by EU Directives, the guarantees provided for in the Charter need to be observed. Irrespective of whether the copyright enforcement procedures serve the economic well-being of a state, and the fact that the schemes aim at the prevention of crime, the only focus in the following analysis will be the balancing of the intellectual property rights of the copright owners and the privacy rights of the subscriber of an Internet access service and further users of that access. Within the balancing of rights, specific regard will be paid to the necessity of a limitation on the right to privacy. First of all the required retention of data with regard to the content and name of the copyrighted work in question interferes with the right to respect for family life in two aspects: a public authority (France) or the Internet access provider (UK) will keep a record of the infringements and thus may be able to draw conclusions as to the private and even intimate life of a subscriber from that records; and a subscriber may obtain information as to the personal preferences of other persons that use his connection. However, without information regarding the copyrighted work, it would be impossible in future criminal proceedings to obtain a judgment, or for the copyright owner to bring a successful claim before a civil court due to missing evidence. The success of criminal or civil proceedings depends on sufficient information being available as to the copyright infringement as such and the coprighted work in question. Without retention of data regarding the work in question, the aim of copyright enforcement would be rendered ad absurdum. At a first glance, it thus seems as if the copyright owner’s interest in protecting their intellectual property rights would definitely prevail. This conclusion is deceiving. One needs to take into consideration that in particular the access providers under the DEA 2010 will have to keep records which may relate to numerous works which in turn may allow to draw information on the personality of the subscriber. Other than the data that is automatically processed when providing Internet access, the provider will have to administer detailed lists relating to content that the subscriber is interested in. In contrast to the French system, an access provider may be under an obligation to keep more extensive lists than HADOPI, as a third warning does not trigger a sanction. Moreover a third warning will only mean that the subscriber will be entered on a Copyright Infringement List (CIL), of which an anonymised

405

Second Chapter: User-Targeted Responses

version can be obtained by rights-holders on a monthly basis.1488 A CIL may thus contain more than three infringement reports and allow to draw a more precise personal profile than would be possible from only three warnings. Considering that the processing of sensitive data can be justified under the Data Protection Directive as necessary for the establishment, exercise or defence of legal claims (Article 8(2)(e)) and for the purpose of legitimate interests by a third party (Article 7(f)), the data protection framework of the EU hints that even the processing of sensitive data can be legitimate for the enforcement of intellectual property rights. Considering that the DEA 2010 foresees relatively short timeframes for the retention of that data and thereby hinders the development of large profiles and foresees the notification of subscribers with every new “entry” on its records as well as the possibility of subscribers to appeal a CIR, the DEA 2010 provides for a fair balance between the right to respect for private life and the interests of the copyright owners insofar as the records kept by the access providers are concerned. Further the retention is necessary to provide the copyright-holders with an effective remedy. The same applies to the records kept by HADOPI, which instead of an appeal procedure foresees hearings following a first warning. As regards the scenario where not the subscriber himself has committed an infringement and he may obtain information about the work that has been shared, it needs to be stressed that in France a warning will not contain any information as to the work that has been shared,1489 or any pseudonyms used by the file-sharer.1490 As is understood from the HADOPI laws, such information will only be disclosed when the prosecutor decides to pursue criminal charges. Hence, a subscriber will not know which files third parties that use his connections have been sharing. In order to understand the origin of the copyright infringement, he will only be informed of the file-sharing client that has been used. In contrast a

1488 Section 4(2)(b) DEA 2010 which inserts new section 124B CA 2003. See also Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 62. 1489 Article L. 331-25 CPI expressly stipulates that the warnings “do not disclose the content of the copyright-protected works” in question. Thereby, the legislator wanted to pay regard to the fact that the actual infringer does not necessarily have to be the subscriber. The privacy of the infringer was intended to be kept confidential, cf. HADOPI, 2010 Activity Report (2011), p. 37. 1490 HADOPI, 2010 Activity Report (2011), p. 38.

406

B. National Enforcement Measures Against Users

warning under the DEA 2010 will also contain information on the copyright-protected work in question. This information is necessary in order to allow the subscriber to appeal a warning at an early stage. Hence, while the French provision protects third parties directly, the UK provision protects third parties indirectly by allowing them at an early stage to contest false allegations. Given that the third parties might have downloaded for instance hardcore pornography that reveals certain proclivities and the subscriber is informed about this, they seem to deserve less protection if they have actually (mis-)used a third party’s connection. Moreover, less weight must be attributed to their rights, because if they have used a third party’s Internet access, they must have been aware that a warning will be addressed to the subscriber. They are in a position where they may foresee the consequences of their behaviour, which then also satisfies the criterion of foreseeability under Article 8(2) ECHR. Hence, although there may be an interference with the interests of third parties to have sensitive information about them protected, their interest does not prevail over the interests of the intellectual property rights owners. Both approaches are careful in providing for safeguards against intrusive measures. Secondly, the sanctioning of “allowing” third parties to use an Internet access and commit an infringement, would as a consequence lead to an obligation to monitor third parties. Although the scope of the provision is not clear and an instruction of fellow users as to the legal use of information technology may suffice, it shall be noted at this point, that the provision does not respect the principle of foreseeability. Less intrusive measures such as instructing fellow users when there is reason to believe that they may infringe copyright would rather be justifiable and allow a fair balance between privacy rights and copyright. Thirdly, the matching of IP addresses listed to the subscriber’s personal details by the access provider, and the disclosure of that data to HADOPI or to the rights-holders in the UK, interferes with the confidentiality of communications guaranteed under Article 7 CFR and Article 8 ECHR. Again, this interference is a direct result of copyright enforcement. Due to the prevalence of dynamic IP addresses, the identification of an alleged infringer is not possible other than by the matching of an IP address by an access provider. Some guidance was given as to the disclosure of personal

407

Second Chapter: User-Targeted Responses

data in these scenarios in the Bonnier Audio case1491 before the CJEU. The CJEU held that national legislation that foresees the disclosure of data must require that “there be clear evidence of an infringement of an intellectual property right, that the information can be regarded as facilitating the investigation into an infringement of copyright or impairment of such a right and that the reasons for the measure outweigh the nuisance or other harm which the measure may entail for the person affected by it or for some other conflicting interest”.1492 French law foresees that HADOPI examines the evidence provided by the rights-holder, and only if it is satisfied that an infringement has taken place, HADOPI will ask for the disclosure of subscriber data and forward the case without informing the rightsholder of the identity of a subscriber. In the UK, the situation is fundamentally different: there is no independent public authority that assesses the allegations and the evidence presented. While the law foresees that the infringement must be apparent, there is no oversight whether the evidence presented suffices. The access provider only forwards the claims, but does not assess the matter. In order to provide a remedy to subscribers for unfounded allegations, the DEA 2010 foresees a subscriber appeals procedure.1493 At this point no data will have been disclosed to the rights-holder. In fact, the DEA 2010 foresees at no stage the disclosure of personal data to the rights-holder. Rather the rights-holder will have to apply for a Norwich Pharmacal Order to have the identity of a subscriber revealed and be able to initiate criminal or civil proceedings. A civil court will hence assess whether the criteria set forth by the CJEU are fulfilled. Both schemes try to withhold personal data from the copyright owner as long as possible without rendering the enforcement of copyright inoperable. They rather protect alleged infringers from long and costly court proceedings while at the same time trying to ensure that repeat infringers are prosecuted (France), or ensure that repeat infringers can be sued or prosecuted (UK). The UK system may even achieve to filter out falsely accused subscribers by an appeal procedure at an early stage and disclosure of personal data will only be granted under Norwich Pharmacal orders, meaning

1491 CJEU, C-461/10, Bonnier Audio AB and Others v Perfect Communication Sweden AB, Judgment of 19.04.2012. 1492 Ibid, para. 58. 1493 As previously outlined after paying a GBP 20 fee, the subscriber can rely on four grounds to appeal each warning letter and each CIR included in the warning letter; and the appeals body resolves the appeal.

408

B. National Enforcement Measures Against Users

that a court will have to order a disclosure. In France, disclosure of personal data of alleged infringer does not take place at all, although in due course of criminal proceedings, the copyright owner may ultimately acquire information on the identity of an alleged infringer. Against this background both schemes have achieved a fair balance of the contravening interests. (5) In Specific: Data Retention Requirements for Access Providers The French data protection law provides that HADOPI may request the disclosure of personal data, that access provider must retain for the prosecution of serious crimes. Similarly, access provider in the UK have to use the data retained for these purposes to send out warnings. Since the Data Retention Directive has been declared invalid by the CJEU, it is clear, that the retention of all communications data derogates from the system of protection of the right to privacy established by the Data Protection Directive and E-Privacy Directive.1494 In particular the UK provision on data retention and access to that data seems to be too wide. Pursuant to section 7 of the Data Retention (EC Directive) Regulations 2009, access to retained data may be obtained “(a) in specific cases, and (b) in circumstances in which disclosure of the data is permitted or required by law”. The Regulations do not make any reference as to the objective of the data retention or disclosure being limited to cases of serious crime. Since, this data can be used to sent out warnings, it can actually be used for minor offences, for instance single instances of copyright infringement. Considering that the CJEU declared the retention of data for the fight against serious crime as disproportionate, there can be no fair balance between the nature and seriousness of the interference of privacy rights in relation to the data retention and the object pursued by the interference in cases of copyright infringement. Although the data retention may be appropriate for attaining the objective of fighting criminal offences including copyright infringements, an objective of general interest does not in itself justify a retention measure to be necessary for the purpose of that fight.1495 It is doubtful that

1494 Cf. CJEU, Joined cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others, Judgment of 08.04.2014, para. 32. 1495 Cf. Ibid, para. 49. Cf. also ECtHR, S. and Marper v the United Kindgom, Judgment of 04.12.2008 – Application nos. 30562/04 and 30566/04.

409

Second Chapter: User-Targeted Responses

the Data Retention Regulations in question lay down sufficiently clear and precise rules governing the retention. 1496 Considering that the required retention encompasses all traffic data concerning all means of electronic communication and all users, it entails an interference with the fundamental rights of all people in the UK. Retention is not to be ordered following an assessment on a case by case basis, but the obligation applies in general.1497 There is no differentiation, limitation or exception being made in the light of the objective of fighting against crime. Every user becomes a suspect without giving a reason for his monitoring. Data is to be retained even where there is no evidence capable of suggesting that the individual concerned can be linked with crime. Similar to the Data Retention Directive, the Data Retention Regulations do not provide for exceptions with the result that it seems to apply even to persons whose communications are subject to the obligation of professional secrecy. 1498 Also similar to the Data Retention Directive, the Data Retention Regulations does not distinguish between different kinds of data and possible distinct retention periods. Considering that the Regulations are not more precise than the Directive and provide for interferences with the rights of users in a too generalised manner, the intereferences cannot be justified. cc) Interferences with Procedural Rights The graduated response schemes as outlined above could infringe several procedural rights that are guaranteed under the ECHR and the CFR, including the fair trial right (Article 47 CFR and Article 6(1) ECHR), presumption of innocence (Article 48 CFR and Article 6(2) ECHR) and the

1496 As regards the Data Retention Directive, cf., CJEU, Joined cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and Others, Judgment of 08.04.2014, para. 54 wit further references to the jurisprudence of the ECtHR such as inter alia Liberty and Others v the United Kingdom, Judgment of 01.07.2008 – Application no. 58243/00, paras. 62 and 63. 1497 As regards the incompatibility of such a general obligation with the rights of the subscribers and registered users, see also Stafan Maaßen, Urheberrechtlicher Auskunftsanspruch und Vorratsdatenspeicherung, MultiMedia und Recht 2009, 511, 514. 1498 As regards the Data Retention Directive, cf. ibid, para. 58.

410

B. National Enforcement Measures Against Users

principle of proportionality of sanctions (Article 49(3) CFR).1499 Given that the criminal enforcement of copyright infringements is not (yet) provided for on an EU basis, the following procedural rights will only be examined under the ECHR framework. The potential interferences discussed are only such that derive from the graduated response schemes as such. Thus, the discussion will not go as far as exposing in general the conditions for a fair trial. (1) Right to a Fair Trial The fair trial principle could in particular be infringed with regard to the the admissibility of evidence and the right to remain silent. As regards the right to fair trial in general, the French legislator leaves it to a non-judicial authority to initiate proceedings against a potential infringer. While this is not an issue per se, the fact that judicial authorities are able to intervene only at a late stage in the procedure, may affect the the right to a fair trial of the subscriber concerned. Other than the DEA 2010, it is not possible under the French scheme to formally appeal a single warning; law only forsees a hearing. Irrepsective of the fact that the identification of a subscriber does not necessarily mean that the actual infringer has been identified, it will be the subscriber that receives the warnings and against whom criminal charges may be brought. It is understandable that the warning needs to be send to “someone”, considering that there are no means to identify the actual user that connected to the peer-to-peer file-sharing network at the given time. However, three warnings may lead to the subscriber being charged before a court (France), or to have CILs forwarded to copyright owners, so that they are in a position to target “any litigation” against repeat infringers.1500 The subscriber may however find it difficult to defend his case, if he has not himself commit-

1499 For an in-depth analysis of the subscriber’s appeal process in the UK and its conformity with Article 6 ECHR see Felipe Romero Moreno, Incompatibility of the Digital Economy Act 2010 subscriber appeal process provisions with Article 6 of the ECHR, International Review of Law, Computers & Technology 2014, 1–17. Romero Moreno considers that also the principle of equality of arms is infringed with regard to the DEA 2010 procedures. 1500 See Ofcom, Online Infringement of Copyright and the Digital Economy Act 2010 – Notice of Ofcom’s Proposal to Make by Order a Code for Regulating the Initial Obligations, p. 62.

411

Second Chapter: User-Targeted Responses

ted the infringement. The French warnings, for instance, will not give him any further information as to the work that has been shared, so that he could investigate the matter at his home. Article 6(1) ECHR provides a fair trial guarantee that applies respectively to both civil and criminal proceedings by stating that “In the determination of his civil rights and obligations or of any criminal charge against him, everyone is entitled to a fair and public hearing within a reasonable time by an independent and impartial tribunal established by law”. While the UK system foresees appeals against each warning before an independent appeals body, the French system does not.1501 However, as none of the warnings brings with it criminal charges, but is a “warning”, it only needs to be examined whether the case will be heard before a court at the sanctioning stage. This is the case. The right to fair trial, and in particular the aspect of the right to remain silent, also plays a role where the subscriber of an Internet access service, that has been used to infringe copyright, is being charged for copyright infringement, although it is technologically not possible to identify the user of an Internet access at the time of an infringement. The right to remain silent may in these cases be affected when silence leads to conviction rather than requiring the authorities to identify the actual offender. Though not specifically mentioned in Article 6 ECHR, the right to remain silent and the privilege against self-incrimination are encompassed as standards that lie at the heart of the notion of a fair trial. In general, the right not to incriminate oneself presupposes that the authorities seek to prove their case without resorting to evidence obtained through methods of coercion or oppression in defiance of the will of the person charged.1502 It is incompatible with the right to remain silent to base a conviction solely or mainly on the accused’s silence or on a refusal to answer questions or to

1501 If HADOPI foresees that the subscriber may be heard following a warning, this is not an appeals procedure in a formal sense. 1502 See for instance ECtHR, J.B. v Switzerland, Judgment of 03.05.2001 – Application no. 31827/96, para. 64. Protection against improper compulsion by the authorities serves the purpose of avoidance of miscarriages of justice and secures the aims of Article 6. See inter alia ECtHR, John Murray v the United Kingdom, Judgment of 08.02.1996 – Application no. 18731/91, para. 45; Saunders v the United Kingdom, Judgment of 17.12.1996 – Application no. 19187/91, paras. 68–69; ECtHR, J.B. v Switzerland, Judgment of 03.05.2001 – Application no. 31827/96, paras. 64 et seq.

412

B. National Enforcement Measures Against Users

give evidence himself.1503 However, the right to remain silent is not an absolute right; the right does not go that far as to preventing that the accused’s silence, in situations “which clearly call for an explanation from him”, are “taken into account in assessing the persuasiveness of the evidence adduced by the prosecution”.1504 Hence, a national court cannot conclude that an accused is guilty merely because he decides to remain silent.1505 This may only be the case, where the evidence against the accused “calls” for an explanation and a failure to give that explanation “may as a matter of common sense allow the drawing of an inference that there is no explanation and that the accused is guilty”.1506 Whether the drawing of adverse inferences from an accused’s silence infringes Article 6 ECHR is a matter to be determined by taking into account all the circumstance of a case, with a particular regard to the situations where inferences may be drawn, and the weight attached to them by the national courts in their assessment of the evidence. The right exists where criminal charges are brought against the subscriber, and does not already apply at the stage of the warnings, which individually have no direct legal consequences. Taking the example of France, silence will obviously lead to a conviction of the subscriber. A conviction will however never be based on the mere fact that the defendant remains silent as to the accusations. Due to the lacking possibility to identify the actual infringer, subscribers will usually be charged with the gross negligence offence, meaning the failure to secure their Internet access. The evidence collected in online copyright infringement cases calls for an explanation of the defendant. Only he will be in the position to tell whether he has instructed third parties not to misuse his access, whether his Wi-Fi was protected at the time of the infringement, or whether his computer was for instance password protected. Of course, the prosecution may also try to obtain further evidence establishing the defendant’s guilt by seizing the accused’s computer, but considering the time that has passed since the first infringement took place, the data may not exist anymore. Even if the data that has initially not been collected by law enforcement agencies but by the rigths-holder is errorprone, the fact that only following at least three warnings charges are

1503 ECtHR, John Murray v the United Kingdom, Judgment of 08.02.1996 – Application no. 18731/91, para. 47. 1504 Ibid. 1505 Cf. Ibid, para. 51. 1506 Ibid.

413

Second Chapter: User-Targeted Responses

brought should ensure that at least an infringement has taken place. Hence, there is no infringement with the right to remain silent. (2) Presumption of Innocence Also the privilege against self‐incrimination as an aspect of the presumption of innocence under Article 6(2) ECHR might be infringed, if a subscriber was not presumed innocent until proven guilty according to law. As remains to be seen how exactly the UK courts will deal with the sanctioning stage, at this point the focus will again be on the French system.1507 For a start, the burden of proof in relation to an offence must rest with the prosecution and any doubt should benefit the defendant.1508 This is respected by the French system, because subscriber will be charged with the gross negligence offence that has been introduced in order to provide for conviction where there is doubt as to the wilful commitment of an infringing act. The accused may escape a conviction for gross negligence, if he succeeds in proving that no one else used his access to commit copyright infringements and his access was adequately secured. Similarly in the UK, subscribers could see themselves exposed to warnings or CILs, unless they can demonstrate that they have taken “reasonable measures” to prevent copyright infringements.1509 Principally, the burden of proof could legitimately shift to the accused.1510 For reverse onus of proof provisions to be compatible with Article 6(2) ECHR, Member States must remain within reasonable limits. There is nothing in France that would suggest that the French legislator overstepped this mark. Taking into acoount the importance of what is at stake, the more serious the punishment which

1507 For a discussion of the principle of presumption of innocence in relation to the DEA 2010 see Felipe Romero Moreno, Incompatibility of the Digital Economy Act 2010 subscriber appeal process provisions with Article 6 of the ECHR, International Review of Law, Computers & Technology 2014, 1, 8 et sq. 1508 ECtHR, Barberà, Messegué and Jabardo v Spain, Judgment of 06.12.1988 – Application no. 10590/83, para. 77. 1509 Cf. High Court, R (on the application of BT PLC and Talk Talk PLC) v Secretary of State for Business Innovation and Skills and others [2011] EWHC 1021 (Admin), para. 238. It has to born in mind, that this is pre-trial stage. 1510 See ECtHR, Salabiaku v France, Judgment of 07.10.1988 – Application no. 1951/83, para. 28.

414

B. National Enforcement Measures Against Users

may flow from conviction, the more compelling the reasons must be. With the abolition of the Internet suspension sanction, the subscriber faces a fine.1511 The fines imposed by courts so far, have been considerably low. There is thus no severe punishment. If one further takes into account the extent to which the burden on the accused relates to facts, which, if they exist, are readily provable by him as matters within his own knowledge or to which he has ready access,1512 no violation of the presumption of innocence can be established.1513 (3) Principles of Legality and Proportionality of Criminal Offences and Penalties The suspension or other interferences with an Internet access service may amount to disproportionate penalties, which would contravene the principle of proportionality of criminal offences and penalties. Article 49(3) CFR sets forth that “the severity of penalties must not be disproportionate to the criminal offence”. However, there is no provision in EU law that foresees the imposition of disconnection orders, nor where the sanctions based on any Community legislation. Therefore the severity of the sanctions can only have an impact when assessing the proportionality of interferences with other rights.

1511 With respect to the suspension of an Internet access, also the Article 1(b) European Framework Directive emphasises that “measures regarding end-users' access to...electronic communications networks...may only be imposed if...taken with due respect for the principle of the presumption of innocence”. 1512 Cf. House of Lords, R v Johnstone [2003] UKHL 28, para. 50. 1513 Another conclusion with regard to the UK graduated response scheme has been reached by Felipe Romero Moreno, Incompatibility of the Digital Economy Act 2010 subscriber appeal process provisions with Article 6 of the ECHR, International Review of Law, Computers & Technology 2014, 1, 8 et seq. This result is questionable, as the author reaches this conclusion by examining the fact that subscribers may be exposed to CIRs or CILs. At this stage one may however not yet speak of “criminal proceedings”.Although Article 6(2) ECHR also applies prior to charges being brought against an alleged offender, the warning scheme in the UK as it stands now, is merely preparatory for “any litigation” targeted by copyright owners against alleged infringers. Neither the sending out of CIRs nor CILS involves state or moreover law enforcement authorities.

415

Second Chapter: User-Targeted Responses

d) Conformity with the Fundamental Rights of Internet Service Providers With regard to the fundamental rights of Internet service providers, two rights may be affected: their freedom to conduct business and their right to impart information. The following analysis will however limit itself to the freedom to conduct business as the interference with the right to impart information is only of a minor nature as not the nucleus of the service to impart of information, but the circumstances under which this service can be provided is affected. The more controversial aspect is the interference with the provision of the service as such in terms of the freedom to conduct business. The analysis will not be restricted to access providers alone, but will also look at the impact of graduated response schemes on commercial Wi-Fi providers and entities that provide in addition to their primary business Internet access to their customers. Because only the UK scheme requires active cooperation of access providers, requiring them to administer and send out the warning letters, the following analysis will solely look at the conformity of the foreseen UK scheme with the fundamental rights of the service providers. aa) Freedom to Conduct Business of Traditional Access Providers It is obvious, that by the proposed Initial Obligations (Sharing of Costs) Order the State interferes with the acess providers’s freedom to conduct business because the access providers will need to bear substantial financial burdens. This has already briefly been addressed above when the compliance of the scheme with Article 3(1) of the IPR Enforcement Directive was outlined. The question to be answered is now, whether the financial burden is not a disproportionate burden and can thus be justified under Arrticle 1 of the Protocol No. 1 to the ECHR and – since the IPR Enforcement Directive is applicable – Article 16 CFR. In that respect, it needs to be recalled that access providers are completely neutral providers and do not interfere with the content transmitted. Similar to the financial burdens on farmers resulting from an obligation to mark sheep and goats electronically and keep a holding register, the obligation to administer the warning scheme and bear substantial costs of

416

B. National Enforcement Measures Against Users

the scheme is a limitation of the exercise of the freedom to conduct a business in general.1514 Neither under the ECHR nor under the Charter, freedom to conduct a business enjoys absolute protection; moreover, it must be viewed in relation to its social function.1515 The CJEU has identified a series of social objectives, which it defines as “objectives of general interest” and that may limit the exercise of the freedom to conduct business.1516 Accordingly, the freedom to conduct a business may be subject to a broad range of interventions on the part of public authorities, which may limit the exercise of economic activity in the public interest.1517 Being subject to the limitations provided for in Article 52(1) CFR, interferences with the freedom must be provided for by law and respect the essence of those rights and freedoms and, in compliance with the principle of proportionality, must be necessary and actually meet objectives of general interest (recognised by the European Union) or the need to protect the rights and freedom of others.1518 Other than the aforementioned sheep holding register which had the aim to allow for appropriate responses in case of the outbreak of a disease and was thus necessary and in the general interest, the administration of the warnings and the records of repeat infringers does not serve such a general interest of public concern. Although one may argue that the economic well-being of a country is affected when intellectual property rights are not guaranteed adequate protection, it needs to be recalled that the graduated response scheme is only an additional measure to conventional enforcement mechanisms provided for by UK law. The

1514 Cf. CJEU, C-101/12 Herbert Schaible v Land Baden-Württemberg, Judgment of 17.10.2013, paras. 24ff. 1515 CJEU, Joined Cases C‑184/02 and C‑223/02 Spain and Finland v Parliament and Council, Judgment of 09.09.2004, [2004] ECR I‑7789, paras. 51 and 52; C‑544/10 Deutsches Weintor, Judgment of 06.09.2012, para. 54 with further references. See also Alberto Lucarelli in: William B. T. Mock/Gianmario Demuro, Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010), Article 16, pp. 101 et seq. 1516 See for example CJEU, C-44/09 Hauer v Rheinland-Pfalz, [1979] ECR 3727, para. 17. 1517 CJEU, C-283/11 Sky Österreich GmbH v Österreichischer Rundfunk, Judgment of 22.01.2013, para. 46; C-101/12 para. 24ff CJEU, C-101/12 Herbert Schaible v Land Baden-Württemberg, Judgment of 17.10.2013, para. 28. 1518 See CJEU, C-283/11 Sky Österreich GmbH v Österreichischer Rundfunk, Judgment of 22.01.2013, paras. 47–48; CJEU, C-101/12 Herbert Schaible v Land Baden-Württemberg, Judgment of 17.10.2013, para. 27.

417

Second Chapter: User-Targeted Responses

purpose of the scheme can hence be achieved otherwise. Also at this stage, the graduated response scheme does not result in any sanctioning of alleged infringers, but rather allows copyright owners to filter out the potentially most notorious infringers. The scheme is thus only beneficial to rights-holders, which under UK law, would otherwise also face costly procedures against first time infringers, or infringers where the chances of winning in civil litigation are not promising. Even evidence is pre-filtered in some way by providing for an appeals procedure in which subscriber may present evidence as to their innocence. This all is conducted at the cost of the access provider, which by law has to bear a substantial share of the costs. Further the imposition of costs upon the providers is not necessary to achieve adequate copyright protection or to employ a graduate response scheme. As private parties aim at protecting their private rights, they could also be asked to cover the costs for this. Under the purpose of economic well-being of a state, one may also think of the state covering a share of the costs rather than access providers. The obligations imposed upon access providers do not allow a fair balance to be struck between the interests of the access providers and the interests of copyright owners, and thus constitute a violation of the access providers’ freedom to conduct business. In addition, it is also questionable whether the system can be fair, when only providers with more than 40.000 customers have to issue warnings. By restricting the application of said obligations to only large providers, the legislator himself recognises the severity of the financial burdens that the administration of the scheme brings with it. bb) Freedom to Conduct Business of Providers of Free Wi-Fi Services The graduated response schemes may also have a chilling effect on providers of free Wi-Fi such as libraries, cafés, hotels, etc, which offer free Internet access to their customers. As the subscriber of the Internet access will be the recipient of any warning, these providers may opt not to allow free access or restrict access in some way (e.g. bandwidth restriction). In this case the freedom of expression of their customers would be concerned as well as their freedom to conduct business. It has to be noted that not the core of their business would be affected; they could still pursue their main business, such as running a hotel or café. What would rather cause concerns their position on the market. Customers nowadays 418

B. National Enforcement Measures Against Users

expect to have free Wi-Fi in hotels or even pubs and cafés and they may make this a requirement when searching for a respective establishment. Though all businesses are under the same risk, some may cancel free WiFi for their guests in order not to be faced with warnings or sanctions.1519 How France will deal with these situations remains rather unclear. Ofcom however took these scenarios into consideration when making its proposal for a code for regulationg the intitial obligations under the DEA 2010. 1520 Commercial entities that provide Internet access as a supplement for their primary business, as well as public bodies like libraries or universities would not fall within the definition of a qualifying Internet service provider. This means that they would be exempted from any obligations under the DEA 2010, because they are no broadband providers with more than 40,000 customers.1521 Only to the latter the DEA 2010 provisions apply. A chilling effect on the providers of free Wi-Fi is thus avoided. With regard to such complementary Wi-Fi services and private initiatives to provide free Wi-Fi to the public, the decision of the CJEU in Tobias McFadden v Sony Music Entertainment Germany GmbH is eagerly awaited.1522

1519 The High Court also elaborated that subscribers, and this may include the provider of open or free Wi-Fi access, to take preventive measures that exceed what was necessary to exonerate them from liability, see R (on the application of BT PLC and Talk Talk PLC) v Secretary of State for Business Innovation and Skills and others [2011] EWHC 1021 (Admin), para. 235. 1520 Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), pp. 29 et seq. 1521 Ibid, p. 99. If a pay-as-you go broadband provider suddenly has more customers than the initial threshold set by the Initial Obligations Code, he will nevertheless not be required to collect contact details of existing customers once it becomes a qualifying Internet service provider. Ofcom departs in this regard from its previous opinion (from its 2010 consultation), that operators that do not hold information necessary for notifying subscribers, must, at such a time as they become a qualifying Internet service provider, ensure that they do collect this data so as to be able to comply with the obligations in the DEA 2010 and the Initial Obligations Code (see p. 95). 1522 CJEU, C-484/14, request for a preliminar ruling from the Landgericht München I (Germany) of 03.11.2014 (Tobias McFadden v Sony Music Entertainment Germany GmbH). The request for a preliminary ruling to the CJEU seeks clarification as to whether the provider of an open Wi-Fi network, i.e. a free non-password-protected Wi-Fi, may be liable for third-party copyright infringements or whether said provider may be shielded from liability on the basis that he falls

419

Second Chapter: User-Targeted Responses

cc) Freedom to Conduct Business of Commercial Wi-Fi Operators Also operators of commercial hotspots such as BT and its Openzone service would not be affected in their freedom to conduct business if Ofcom’s proposal becomes law. Wi-Fi providers would be excluded from the Scope of the Code on the basis that inclusion “is likely to lead to them incurring substantial costs to achieve a minimal reduction in overall levels of online copyright infringements”.1523 The reason for this is that, as BT stated, the “vast majority” of Openzone users purchase on a pay-as-you-go basis, rather than via subscription. Ofcom recognised that where providers offer Wi-Fi in this way, in many instances the subscriber address data collected for pay-as-you-go consumers will be neither reliable nor easily verifiable.1524 Again, the legislator recognised that the implementation of the graduated response scheme may affect certain providers disproportionally, in this case by requiring an overly complicated and costly system. dd) The UK Graduated Response Scheme Violates the Rights of Access Providers The consequence being drawn from the exception for commercial Wi-Fi operators is that yet another exception is added for certain type of providers. With each exception, the system is however somehow turned ab adsurdum because it presents more and more loopholes for wilful infrigners to escape detection, while at the other hand affecting the market position of large providers. Although, it is rather unlikely that substantial amounts of users will change to small providers (considering the number of these, some of them will reach the threshold of 40,000 customers), notorious infringers are considerably likely to take advantage of the “loopholes” to avoid being exposed to warnings. Considering the obligations imposed on qualifying access providers (i.e. more than 40,000 customers), these violate the freedom of access

within the category of “mere conduit” provider under Art. 12 of the E-Commerce Directive. 1523 Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), p. 30. 1524 Ibid.

420

B. National Enforcement Measures Against Users

providers to pursue business. Even though they do not affect the core of the provision of Internet access service, the financial burdens that they impose upon providers are not justifiable, in particular in light of the aim that is pursued. It is not proportionate to confer the costs for enforcing private rights upon “innocent” third parties. Other than host providers, access providers cannot legitimately interfere with the information that is transmitted via their service. e) Achieving a Fair Balance of the Contravening Interests Following the above analysis, the main conclusion to be drawn is, that neither secondary EU law nor fundamental rights rule out the construction of a regulatory scheme, where warning letters are sent out to alleged infringers and repeat infringers are sanctioned. The Joint Committee on Human Rights in the UK parliament held in that regard, that: “Articles 8 and 10 are qualified rights and it is acceptable under the Convention to interfere with these rights if it is in accordance with the law and it is necessary in a democratic society…the receipt of a notification does not impede the subscriber’s access to the Internet in any way. Article 1 Protocol 1 is also a qualified right and it is acceptable under the Convention to interfere with this right in the public interest and subject to the conditions provided for by law. Article 1 provides that the right of the State to enforce such laws as it deems necessary to control the use of property is not impaired in any way. The sending of notifications is in the public interest. Copyright holders should be able to protect their copyright and enforce their rights. In the case of online copyright infringement, the involvement of Internet service providers is needed for them to do so”.1525

While it is true that the interferences with privacy rights and the freedom of expression can be justified, the initial graduated response schemes that forsaw/foresee the suspension of an Internet access service or other technical measures with regard to that service, violate the freedom of expression. The importance of Internet access in today’s society had been ignored or at least incorrectly weighted by the legislator. The Internet is no more pure entertainment. In today’s society, Internet access is essential for work,

1525 House of Lords, House of Commons, Joint Committee on Human Rights, Legislative Scrutiny: Digital Economy Bill, Fifth Report of Session 2009-10, HL Paper 44 = HC 327 (05.02.2010), p. 10.

421

Second Chapter: User-Targeted Responses

education, keeping informed of the news, keeping in touch with friends and family. In E-Commerce not only large business but also small businesses that are run from a family’s home, depend on the Internet access. A number of banks, so called direct banks, do no longer maintain branches but rely solely on online banking. Consequently, the Internet has become a relied upon service, that cannot be compared to the telephone, fax or other media. Accordingly, disconnection can only be justified in very narrow circumstances, for example for prison inmates. The disconnection as a sanction for misusing the service would even where a due trial has taken place violate freedom of expression of the subscriber of the Internet access.1526 It has to be recalled, that the identification of a subscriber does not necessarily lead to the identification of the actual copyright infringer. But even where the infringer would be identified, copyright infringements cannot justify such a severe interference with his freedom to seek, receive and impart information. When assessing the proportionality of a measure, the damage that has been caused needs also to be taken into consideration. In this respect, the damages awarded in civil proceedings for copyright infringement are not set as high as they are in the US and are usually calculated based on licence analogy. When the law foresees disconnection orders or technical measures already following the infringement of three separate works, this can hardly be proportionate in terms of the damage caused. Ultimately, there is no justification for interfering with the alleged infringer’s freedom of expression. When the Joint Committee on Human Rights argues that he sending of warnings is in the public interest, and copyright holders should be able to protect their copyright and enforce their rights with the help of Internet service providers, this conclusion is not followed. As has been outlined above, the cooperation of Internet access providers, in particular their financial contribution violates their freedom to conduct business. Neither the right to property of the copyright owners nor the general interest in protecting the economic well-being of the state or the prevention of crime may justify that access providers have to share 25 % of the costs of copyright enforcement under the graduate response scheme in the UK. The above analysis has shown that the UK graduate response scheme is beneficial to copyright owners as it allows for the fil1526 According to the UK Joint Committee on Human Rights, a disconnection may be justified under the condition that there must be a fair trial for those involved before any action can be taken against them. See ibid, p. 86.

422

B. National Enforcement Measures Against Users

tering of infringers in order to identify the most notorious ones against which civil and criminal litigation will be successful. It is not proportionate to impose the costs for this benefit on the neutral transmitter of information. With regard to privacy, one may conclude that although limitations of privacy rights exist, there are sufficient safeguards foreseen in the laws to justify interferences. Both schemes foresee that already at the stage of warnings, the recipients of a warning may be heard although a warning as such has no direct legal consequences. At no point will personal data be disclosed to the rights-holders in addition to possible information rights that already exist under domestic law. Finally, the effictiveness of the schemes presented is questionable. During the first phase of the DEA 2010 scheme in the UK, warnings will not be followed by a sanction. Instead copyright owners may ask for the anonymised CILs to be handed over. This is intended to allow them to identify the most notorious infringers. They may then apply for a Norwich Pharmacal Order for disclosure of the identity of a subscriber on the list. Although it may be beneficial for the rights-holder to have potential targets of litigation pre-selected, the question is whether in practice this will lead to fewer costs for them to enforce copyright. They will have to pay the majority of costs for the administration of warnings. Only if a subscriber’s access has been identified several times within a certain time, he will be put on the CIL. Although rights-holder may be tempted to send a warning where they otherwise would not apply for a Norwich Pharmacal order or press criminal charges under the existing law (simply because it is does not carry “much” costs), the costs for warnings may quickly sum up. We are then in a situation where the rights-holders in addition to the costs connected with the detection of an infringement, have to invest money to notify potential infringers of their alleged wrongdoing for which they will not be able to claim compensation (because only few disclosure orders will ultimately be applied for). The question then is, whether the costs for such a complicated system of educationary measures, shall be solely left to the rights-holder and not be covered by the State as in France. Where in the second phase of implementation of the UK system, sanctions may be imposed upon subscribers also in cases in which they have allowed other persons to use their access and those have infringed copyright, this is in stark contrast to existing UK copyright law, where liability

423

Second Chapter: User-Targeted Responses

would only exist when the subscriber has “authorised” the infringement.1527 There is no case law that suggests under which circumstances an allowance of Internet access usage would amount to “authorisation” of an infringement. Will it be sufficient for a subscriber to escape liability if he can prove that he instructed fellow users not to commit copyright infringements? Will the inadequate securisation of a Wi-Fi network amount to allowing infringements? The practical effect of the sanctioning provision remains unclear.In France, the gross negligence offence, which provides for sanctions against subscribers for inadequate securisation of their Internet access, constitutes a fundamental different approach. Here, the subscriber will not be held liable for the infringement as such but for not preventing that infringements are committed via his access. Although questions also arise as to what security measures have to be implemented to escape liability, the provision is far more precise as the UK provision for sanctions. Looking at the experiences of France with the graduate response scheme, one may argue that a system of warnings prior to the imposition of sanctions is not effective. An ineffective system however would not allow interferences with fundamental rights to be justified. An academic study indicated that the HADOPI laws have had a positive effect on iTunes sales in France, suggesting they are significantly higher than they would have been without the legislation.1528 This however does not pay the necessary regard to the fact that Apple devices saw a massive increase in sale in the same timeframe and consequently the number of iTunes users rose. At the beginning of 2012, Apple announced that its net profit increases 94% year over year.1529 Thus, there is also an alternative explanation for higher iTunes sales in France. Also, the number of warnings that is still being send out per month, does not suggest that the warning scheme is effective in reaching its aim of less copyright infringements. Statitistics presented by HADOPI in turn assume that most users will refrain from sharing files via peer-to-peer networks following at least the second warning. This explains why only few cases have reached trial

1527 See section 16 of the CDPA 1988. 1528 Brett Danaher/Michael D. Smith/Rahul Telang/Siwen Chen, The effect of graduated response anti-piracy Laws on music sales: Evidence from an Event Study in France (2012), p. 18. 1529 Apple, Apple reports second quarter results, net profit increases 94 % yearover-year, Press release (24.04.2012).

424

B. National Enforcement Measures Against Users

stage. Considering that the goal of any graduated response system can never be to eliminate online copyright infringement once and for all,1530 the French warning scheme seems in general to be successful. With the abolition of the Internet suspension sanction, it now also pays regard to the fundamental rights of users. In contrast, the UK DEA 2010 scheme has far too many pitfalls that lacks respect for the fundamental rights of subscribers/Internet users and access providers. Generally speaking, it must be concluded that a warning scheme that either foresees the suspension of an alleged infringer’s Internet access, or in another way interferes with Internet access service cannot be justified under the CFR and the ECHR. In contrast, a graduated response scheme may comply with the CFR and ECHR, if third parties, such as access providers, do not have to invest substantial amounts of money to implement and administer the scheme. A fair balance can only be achieved when access providers do not have to bear substantial costs in in connection with the enforcement of private rights of others. III. Copyright Enforcement in Member States Through Private Litigation Intellectual property rights are private rights and the majority of enforcement procedures are civil: it is for the rights-holder to take action where an infringement has occurred. While criminal cases require knowledge on behalf of the infringer, this is not the case in civil cases and considering that criminal cases may not carry the same remedies as those available in civil proceedings, a lot more cases are dealt with in civil litigation. In civil law, specific regulations for instance under copyright law itself and general regulations of a civil or procedural nature are used for enforcement purposes and as such also mentioned in the IPR Enforcement Directive. These instruments include injunctive relief and damages, as well as information rights regarding the identity of potential infringers. Different approach taken which does not foresee a warning before an infringer is taken to court, but relies on pre-litigation settlement.

1530 Cf. Peter Yu, The Graduated Response, Florida Law Review 2010, Vol. 62, 1373, 1382.

425

Second Chapter: User-Targeted Responses

While the graduated response schemes involve a third actor responsible for sending out the warnings and thus, the rights-holder does not directly contact the alleged infringer, private litigation models foresee direct litigation between the rights-holder and the alleged infringer. When most people think of copyright enforcement through private litigation, what comes to their mind is the massive amount of lawsuits that have been launched against individual file sharers in the US.1531 While RIAA mass John Doe lawsuits1532 and volume pre-litigation letters1533 gained worldwide attention, it is often ignored that in Germany, peer-topeer file-sharing is almost exclusively dealt with in private litigation.1534

1531 From 2003 until 2008, about 35,000 people have been sued for illegal file-sharing in the US. In 2008, RIAA announced that it would end volume litigation. See Sarah McBride/Ethan Smith, Music Industry to Abandon Mass Suits (19.12.2008), Wall Street Journal. For an in-depth legal account of the RIAA lawsuits in the US, see Art Neill, Does a new wave of filesharing lawsuits represent a new business model for copyright owners?, Journal of Internet Law 2011, Vol. 14, No.12, 1–17. 1532 In these lawsuits, the lawyers of members of the RIAA (Recording Industry Association of America) sued unidentified “John Doe” uploaders that their specialised investigators had traced to an IP address. After filing the lawsuit, the record labels would ask the court to authorise subpoenas against the Internet access providers. After delivering these subpoenas and obtaining the real name of the subscriber behind the logged IP address, the lawyers of the record labels would then either send a letter demanding a settlement or amend their lawsuit to name the identified individual. From 2003 to October 2007, record labels have brought legal action against about 30,000 people (see Jeff Leeds, Labels win suit against song sharer, New York Times (05.10.2007). Most lawsuit targets settle their cases for amounts ranging between USD 3,000 and USD 11,000 (see Electronic Frontier Foundation, RIAA v the People: Five years later (2008), p. 5. 1533 Instead of initiating lawsuits, the RIAA sent out hundreds of pre-litigation letters each month to various universities in the US with the request to forward these letters to unidentified students (see Thomas Mennecke, RIAA announces new campus lawsuit strategy, Slyck News (28.02.2007). The letters identify the IP address of the alleged infringer and threaten future legal action with damages upwards of USD 750 per song. They also offer a reduced settlement if the student agrees to pay a non-negotiable amount (around USD 3000) within a certain time after receiving the letter (Ken Fisher, Students largely ignore RIAA instant settlement offers, Ars technica [26.03.2007]). According to news reports, the RIAA had sent over 5,400 letters to 160 different schools within one year (Eric Bangemann, Pass or fail? RIAA's college litigation campaign turns one, Ars Technica (28.02.2008)). 1534 For example in European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), p. 11,

426

B. National Enforcement Measures Against Users

Usually, a rights-holder will send a letter before claim to an Internet subscriber stating that the connection of the recipient was used in an infringement of copyright. In the letter the rights-holder will not only ask the recipient to sign an undertaking that he will abstain from infringing copyright in the future, but also claim compensation for the costs occurred in pursuing the claim and damages for the infringement. The contact details of the Internet subscribers will have been obtained by means of a disclosure order against their access provider. The following paragraphs will focus on the German enforcement instrument of Abmahnungen, a private pre-settlement litigation tool, and how it has been employed in relation to copyright infringements in peer-to-peer networks. In this regard, a critical approach is taken, which will also analyse the deficits of the system. It is then worth to study the UK model of letters before claim, which is very similar to the German enforcement instrument of Abmahnung to see how courts in the UK address the deficits identified beforehand. 1. Germany: Abmahnungen Although the introduction of graduated response schemes has been widely discussed in Germany,1535 including a research study on the feasibility of such a system conducted on behalf of the German Federal Ministry for Economic Affairs 1536, Germany has until now refrained from introducing a graduated response scheme. One reason for this reluctance is the fact, that online copyright infringements are on a large scale dealt with in private litigation: German private law provides sufficient means to compensate rights-holders but also serves as a deterrent that prevents users from committing a certain infringement again. The system at hand for rights-holders consists of cease-and-desist letters, so called Abmahnungen. These letters are sent out by lawyers on it has been stated that the deployment of civil law enforcement instruments against individual users is not common practice in Europe. 1535 Cf. for example Thomas Hoeren, Kurzgutachten zur BMWi-Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheberrechtsverletzungen (2012). 1536 Rolf Schwartmann, Vergleichende Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheberrechtsverletzungen, Bundesministerium für Wirtschaft und Technologie (2012).

427

Second Chapter: User-Targeted Responses

behalf of the rights-holders and inform the recipient that an infringement has been committed from his Internet access. The letter also contains a request to compensate the sender for the work involved to issue the warning (which according to the German law is beneficial to him) and regularly asserts a claim for damages. Furthermore, it is usually linked with a desist request which sets up penalty for further similar infringements. If the recipient signs the request he will have to pay the penalty for breaching his cease and desist promise. At a first glance, this system seems to be fair and just. However, since a whole business has evolved with specialised law firms sending out dozens of cease and desist letters each day1537 and advertising this business with the promise to “turn piracy into profit”.1538 In the following the legal framework for the pre-litigation letters will be outlined before the system will be analysed in detail. In this context, the legal framework for information requests will be outlined and it will be evaluated how information requests are dealt with.

1537 In 2010, activists against Abmahnungen as a business modell suggested that 575,000 letters had been sent out to users. See Annual statistic 2010 of Verein zur Hilfe und Unterstützung gegen den Abmahnwahn e.V., available at http://ww w.verein-gegen-den-abmahnwahn.de/zentrale/download/statistiken/2010/jahresb ilanz_2010.html (last accessed 16.06.2011). This estimate stems from an association that lobbies against the instrument Abmahnung; therefore the number should be viewed critically. However, considering that according to the German association of the Internet industry eco information on subscribers of 300,.000 IP addresses are disclosed via court order per month, the estimated number of warning letters even seems to be too low. See eco press release „300.000 Adressen pro Monat: erfolgreicher Kampf gegen illegale Downloads” of 31.05.2011 h t t p : / / w w w . e c o . d e / v e r b a n d / 2 0 2 _ 9 1 3 7 . h t m (last accessed 16.06.2011). 1538 See Sandra Schmitz/Thorsten Ries, Three songs and you are disconnected from Cyberspace? Not in Germany where the industry may “turn Piracy into Profit”, European Journal of Law and Technology 2012, Vol. 3 No. 1. For a discourse on a similar business modell in the US see Art Neill, Does a new wave of filesharing lawsuits represent a new business model for copyright owners?, Journal of Internet Law 2011, Vol. 14, No. 12, 1–17.

428

B. National Enforcement Measures Against Users

a) Legal Framework for Private Copyright Enforcement in Germany German copyright law protects rights-holders under both civil and criminal law. In copyright infringement matters, especially with regard to illegal file-sharing, a civil action is the far more common way to proceed as criminal charges may not be pursued by the prosecutor if there has been no mass-scale infringement. aa) Liability for Copyright Infringements Under German civil law, any infringement of an exclusive right of an author, an author's moral right, or a neighbouring right protected under the Gesetz über Urheberrecht und verwandte Schutzrechte – UrhG (“Act on Copyright and Neighbouring Rights”) could lead to a claim for removal of derogation or for injunctive relief1539, damages1540, unjust enrichment1541 as well as destruction, recall or restitution of infringing goods1542. Copy1539 § 97 I UrhG: “The infringed party may assert a claim against any person who unlawfully infringes a copyright or another right protected by this Act for removal of the derogation or, in case of risk of recurrence, for injunctive relief. A claim for injunctive relief shall also exist where an infringement impends for the first time.” (Translation by Alexander Klett/Matthias Sonntag/Stephan Wilske, Intellectual Property Law in Germany (2008), p. 340). 1540 § 97 II UrhG: “Any party who undertakes such action intentionally or negligently shall be liable for compensation to the infringed party for the damage suffered. When assessing damages, the profit made by the infringing party as a result of the infringement may also be taken into account. The claim for damages may also be calculated on the basis of the amount payable by the infringing party as appropriate remuneration had it obtained permission to use the infringed right. Authors, authors of scientific editions (§ 70), photographers (§ 72) and performing artists (§ 73) may also demand compensation in money for non-pecuniary losses if and to the extent that this is equitable.” (Translation by Alexander Klett/Matthias Sonntag/Stephan Wilske, Intellectual Property Law in Germany (2008), p. 340). 1541 It is generally accepted in German law that the provisions in the German Civil Code on unjust enrichment also apply in the intellectual property area. Consequently, the infringer will have to surrender the value of what he gained due to the infringement according to the provisions on unjust enrichment. See also Alexander Klett/Matthias Sonntag/Stephan Wilske, Intellectual Property Law in Germany (2008), p.71. 1542 § 98 UrhG: “(1) Any person who unlawfully infringes a copyright or another right protected by this Act may be required by the infringed party to destroy all

429

Second Chapter: User-Targeted Responses

right infringement also constitutes a criminal offence punishable with up to three years of imprisonment or a fine.1543 While infringers and those that contribute culpably to an infringement are fully liable, German law also recognises limited liability where a third party otherwise contributes or facilitates an infringement. The latter, which is also known as Störerhaftung, is of particular relevance in the context of file-sharing. Therefore direct and vicarious liability will only be dealt with in brief, whereas the concept of “Störerhaftung” will be outlined in detail. (1) Direct, Contributory and Vicarious Liability German law distinguishes between direct infringements, and contributory and vicarious liability. Direct infringers are those, who commit the infringement themselves, and will be directly liable. Besides those that are aiding and abetting the infringement, this also includes those that contribute to an infringement in a legally relevant way. In that regard, legally relevant are material contributions to the act or enabling the infringing act with knowledge of the act being a key element. Individuals involved in an

unlawfully produced and distributed copies or copies intended for unlawful distribution held or owned by the infringing party. Sentence 1 shall apply mutatis mutandis to the devices owned by the infringing party that mainly served to produce such copies. (2) Any person who unlawfully infringes a copyright or another right protected by this Act, may be required by the infringed party to recall unlawfully produced and distributed copies or copies intended for unlawful distribution or to remove these permanently from the distribution channels. (3) Instead of the measures provided for in subsection 1, the infringed party may demand that the copies owned by the infringing party be handed over to it in return for payment of appropriate remuneration which may not exceed the costs of production. (4) The claims arising from sections 1 to 3 shall be excluded if the measure is disproportionate in the individual case. The legitimate interests of third parties shall also be taken into consideration when assessing proportionality. (5) Buildings and separable parts of copies and devices of which production and distribution is not unlawful shall not be subject to the measures provided for in sections 1 to 3.” (Translation by Alexander Klett/Matthias Sonntag/ Stephan Wilske, Intellectual Property Law in Germany (2008), p.341). 1543 See § 106 UrhG. For infringements committed on a commercial scale the maximum sentence is five years imprisonment (§ 108a UrhG). Criminal investigations in copyright matters are only successful where the infringement is of some severity.

430

B. National Enforcement Measures Against Users

infringement may hence be liable if they induced the infringement and act culpably.1544 This can apply, for example, to somebody who knowingly rents out a venue for an infringing show,1545 organises an infringing show1546 or to the publisher or the printer of an infringing book. The decisive criterion for liability in this context is that the individual in question has contributed significantly to the infringement in an organisational or financial way.1547 In contrast, liability will be excluded when the infringing acts take place outside his sphere of influence.1548 Contributory liability has its limits where the contribution to the infringement is nothing more than the provision of mere help1549 or technical infrastructure.1550 In addition to direct and contributory liability, German copyright law also recognises vicarious liability. Vicarious liability is related to contributory liability and applies where someone provides a non-infringing device to a third party while knowing that the third party will use the device to commit an infringement.1551 The notion of infringer in that context is interpreted relatively wide and includes for instance copy shop owners

1544 Cf. Gerald Spindler, in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 97 UrhG paras. 16 et seq.; Jörg-Alexander Paul, in: Thomas Hoeren/Ulrich Sieber/Bernd Holznagel, Multimedia-Recht (36th supplementary sheets 2013), Part 7.4, paras. 167 et seq. 1545 OLG München, Decision of 21.09.1978 – 6 U 4941/77 (Transvestiten-Show), Gewerblicher Rechtsschutz und Urheberrecht 1979, 152. 1546 BGH, Decision of 16.06.1971 – I ZR 120/69 (Konzertveranstalter), Gewerblicher Rechtsschutz und Urheberrecht 1972, 141, 142; BGH, Decision of 18.03.1960 – I ZR 75/58 (Eisrevue II), Gewerblicher Rechtsschutz und Urheberrecht 1960, 606, 607. 1547 Gerald Spindler, in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 97 UrhG para. 16. 1548 BGH, Decision of 16.06.1971 – I ZR 120/69 (Konzertveranstalter), Gewerblicher Rechtsschutz und Urheberrecht 1972, 141, 142. 1549 For instance the person that merely sells tickets to an unauthorised movie screening, or the paper boy that delivers a newspaper with infringing content will not be liable for the infringements. See also KG, Gewerblicher Rechtsschutz und Urheberrecht 1959, 150 (Musikboxaufsteller). 1550 See Jörg-Alexander Paul in: Thomas Hoeren/Ulrich Sieber/Bernd Holznagel, Multimedia-Recht (36th supplementary sheets 2013), Part 7.4, paras. 168 with further references. 1551 Gerald Spindler, in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 97 UrhG para. 17.

431

Second Chapter: User-Targeted Responses

who do not take reasonable measures in order to prevent illegal copying by their customers.1552 Vicarious liability also applies where an employee or authorised person within a company has unlawfully infringed a right protected under copyright law. In this case, the owner of the company will be liable for claims arising from §§ 97 I and 98 UrhG.1553 (2) Störerhaftung: Liability as a Disturber In addition to contributory and vicarious liability, German law also foresees liability, where there has been a lesser degree of involvement of a third party. This concept of liability is called Störerhaftung and may be literally translated as “liability as a disturber”. 1554 It is in some way also a form of contributory liability, but instead of being fully liable as it is the case under vicarious liability, the disturber (Störer) will only be liable to cease and desist. Störerhaftung is rooted in the tort theory of liability for dangerous property and holds the third party liable based on the third party’s relationship with the infringement. The concept must not be confused with the US concept of contributory liability as outlined by the court in Gershwin Publishing Corp. v Columbia Artists as “one who, with knowledge of the infringing activity, induces, causes, or materially contributes”1555. This definition would be too wide for the German Störer concept. Störerhaftung is of particular relevance in the context of copyright infringements on the Internet because in most constellations a third party either provides the infrastructure or other technical means to commit

1552 A clearly visible sign indicating that copyrights have to be observed may constitute such a measure. BGH, Decision of 09.06.1983 – I ZR 70/81 (Kopierläden), Gewerblicher Rechtsschutz und Urheberrecht 1984, 54. 1553 See § 99 UrhG : “If an employee or authorized person within a company has unlawfully infringed a right protected under this Act, the infringed party shall also be entitled to the claims arising from § 97(1) and § 98 against the owner of the company”. (Translation by Alexander Klett/Matthias Sonntag/Stephan Wilske, Intellectual Property Law in Germany (2008), p.341). 1554 For an outline of the concept and a comparison with other secondary liability schemes in Europe see Matthias Leistner, Structural aspects of secondary (provider) liability in Europe, Journal of Intellectual Property and Practice 2014, Vol. 9 No. 1, 75, 78 et seq. 1555 Gershwin Publishing Corp. v Columbia Artists, 443 F. 2d 1159 (2d Cir. 1971).

432

B. National Enforcement Measures Against Users

an infringement. For instance host providers facilitate infringements by hosting third party content, while access providers provide the infrastructure to infringe protected rights. Especially, where the actual infringer cannot be identified and vicarious liability does not apply, Störerhaftung provides a means by which the rights-holder can at least achieve that the infringing content is removed or blocked. As the Störer will be obliged to cease and desist, the relevance in peer-to-peer file-sharing cases becomes obvious: if one cannot establish direct liability of a subscriber but liability as a Störer, the subscriber might be obliged to prevent similar infringements in the future. In how far, this applies and under which circumstances liability as a Störer can be established will be discussed in the following. As previously mentioned, the liability concept derives from the tortious liability for dangerous property. Under Störerhaftung, liability will be established if the third party knowingly contributes to the infringement of a protected right.1556 This liability concept originally applied to cases where a person had constructive control over dangerous property and was therefore held liable under public law – irrespective of intentional or negligent behaviour – for any foreseeable harm arising from such source of danger. Under private law, the notion of Störer characterizes a person who is liable under § 1004 Bürgerliches Gesetzbuch (BGB) to cease any interference with the property of another that is not caused by removal or retention of the possession.1557 The Störer does not himself interfere with the rights of a third party, but in another way contributes deliberately and adequately causal to the infringement of a protected right without being

1556 BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668 et seq. with a case comment by Thomas Hoeren; concerning the specific requirements in detail: Markus Köhler/Hans-Wolfgang Arndt/Thomas Fetzer Recht des Internet (6th ed. 2008), para.774 et seq.; Gerald Spindler/Katharina Anton in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 1004 BGB para. 8 et seq. with further references, as well as Gerald Spindler in ibid, § 97 UrhG paras. 16–33. 1557 § 1004 BGB: “(1) If the ownership is interfered with by means other than removal or retention of possession, the owner may require the disturber to remove the interference. If further interferences are to be feared, the owner may seek a prohibitory injunction. (2) The claim is excluded if the owner is obliged to tolerate the interference”. Translation provided by the Langenscheidt Translation Service on the homepage of the Ministry of Justice, www.gesetzeiminternet.de (last accessed on 21.03.2011).

433

Second Chapter: User-Targeted Responses

the perpetrator or an accessory.1558 In addition, the Strörer must be someone who has the legal and effective means to cease the infringement and prevent future infringements of the same kind.1559 The concept has been applied by analogy also to interferences with intellectual property rights. This analogy also encompassed interferences on the Internet. In an Internet context, the Störerhaftung has been discussed by the Federal Court of Justice at first in relation to Internet auction platforms.1560 Providers of Internet auction platforms were held liable as Störer for trademark infringements committed by third party sellers on their platforms based on the conclusion that their service constitutes a source of danger, which facilitates the commitment of infringements of intellectual property rights.1561 Although the platform providers neither committed the infringements themselves nor aided or abetted the infringement or were vicarious liable, they were held to otherwise contribute deliberately and adequately causal to the infringements by the provision of their ser-

1558 Cf. in the context of Störer liability on the Internet BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668 et seq. with a case comment by Thomas Hoeren. 1559 In an Internet context, see BGH, Decision of 17.05.2001 – I ZR 251/99 (ambiente.de), MultiMedia und Recht 2001, 671; BGH, Decision of 01.04.2004 – I ZR 317/01 (Schöner Wetten), Gewerblicher Rechtsschutz und Urheberrecht 2004, 693; BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668. 1560 BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668 et seq. with a case comment by Thomas Hoeren; concerning the specific requirements in detail: Markus Köhler/Hans-Wolfgang Arndt/Thomas Fetzer, Recht des Internet (6th ed. 2008), paras.774 et seq.; Gerald Spindler/Katharina Anton in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 1004 BGB paras. 8 et seq. with further references; Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4th ed. 2013), § 97 para .33 with further references. For a detailed discussion of Störerhaftung in relation to Internet auction platforms see Gerald Spindler in: Gerald Spindler/Andreas Wiebe, Internet-Auktionen und elektronische Marktplätze (2nd ed. 2005), pp. 231 et seq. The liability of host providers will further be discussed in the Third Chapter. 1561 See only BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668. For an evaluation of the concept in English and its applicability on Auctioning websites see Andreas Rühmkorf, The Liability of online auction portals: Towards a Uniform Approach?, Journal of Internet Law 2010, Vol. 14 Issue 4, 3–10.

434

B. National Enforcement Measures Against Users

vice. 1562 The same conclusion was drawn as regards subscribers of Internet connections. The operation of an Internet access was equalled to operating a source of danger. Liability is not extended without limits upon third parties: Considering that a Störer will be liable to cease and desist,1563 Störer liability requires that the Störer has breached a reasonable duty to examine when he had reason to believe that he is actually supporting an infringing act. Generally speaking, liability requires a breach of due diligence or monitoring duties and is also restricted by the principle of proportionality. (3) Application of the Liability Concepts to the Subscriber of an IP Address Regularly, the rights-holder will address the subscriber of an Internet access as the direct infringer. The rights-holder bears the burden of proof that the subscriber has actually committed the infringement. There is a presumption of proof concerning the perpetration of a copyright infringement committed online, namely that the subscriber of the IP address from which the work has been made available has committed the infringement.1564 This assumption is based on the concept of prima facie evidence: it is assumed that it is in the first place the subscriber who uses his Internet access and in relation to others using the connection, he is in the position to control to whom he grants access. The assumption of the subscriber being the infringer can however be rebutted when there are reasons to believe that someone else may have committed an infringement.1565 It will be sufficient for the subscriber to proof that he shares his Internet connec-

1562 See only BGH, Decision of 11 March 2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668 with a case comment by Thomas Hoeren; concerning the specific requirements in detail: Markus Köhler/ Hans-Wolfgang Arndt/Thomas Fetzer, Recht des Internet (6th ed. 2008), para. 774 et seq.; Gerald Spindler/Katharina Anton in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 1004 BGB paras. 8 et seq. with further references. 1563 As previously mentioned, the Störer will not be liable for damages, he will only be liable to cease and desist. 1564 BGH, Decision of 12.05.2010 – I ZR 121/08 (Sommer unseres Lebens), Neue Juristische Wochenschrift 2010, 2061. 1565 Ibid.

435

Second Chapter: User-Targeted Responses

tion. He is not required to investigate who else has actually committed the infringement.1566 The subscriber only bears the burden of proof that someone else has committed the infringement.1567 In order to satisfy this burden of proof, he will have to provide evidence that he was not the only one that used the connection. As most connections are being shared, the subscriber will regularly succeed to absolve himself from liability. However, this only applies to his liability as the actual perpetrator and does not extend to his liability as a Störer. Moreover, there are only view constellations, where a subscriber will also be exempted from liability as Störer. Considering that liability as a Störer requires that the Störer has breached a reasonable duty of care, the subscriber of an Internet access has to take duly diligent efforts to prevent misuse of that access. 1568 His efforts has to be reasonable, and amount to what can be reasonably expected from an average person.1569 A subscriber may thus be a Störer when he has breached a monitoring duty. Monitoring duties exist not per se, but may arise, if a Störer allows third parties to use his Internet connection. The existence and scope of potential monitoring duties have been subject to a number of lawsuits where the subscriber allowed family or household members to use his connection.1570 The jurisprudence on this subject-matter has long been inconsistent and only recently the Federal Court of Justice clarified some issues. In early

1566 See OLG Hamm, Zeitschrift für Urheber- und Medienrecht 2012, 254. 1567 BGH, Decision of 12.05.2010 – I ZR 121/08 (Sommer unseres Lebens), Neue Juristische Wochenschrift 2010, 2061. 1568 Ibid. In this case the Federal Court of Justice had to decide whether someone who was evidently not at home at the time when the alleged infringement took place, is liable for the copyright infringement committed via his WiFi Internet access. 1569 In relation to online marketplaces, it was held that the provider of such a marketplace has to make sure that sellers of adult material employ a functioning age verification system, BGH, Decision of 12.07.2007 – I ZR 18/04 (Jugendgefährdende Medien bei eBay), Zeitschrift für Urheber- und Medienrecht 2007, 846, 852. A marketplace provider will however not be required to determine which goods are not to be sold to minors, ibid. This would be beyond reasonableness and cannot be expected from the online marketplace provider. 1570 For instance LG Hamburg, Decision of 19.04. 2006– 308 O 92/06, Zeitschrift für Urheber- und Medienrecht 2006, 661; OLG Düsseldorf, Decision of 27.12.2007 – I-20 W 157/07, Zeitschrift für Urheber- und Medienrecht-RD 2008, 170; LG Köln, Decision of 27.01.2010 – 28 O 241/09, Zeitschrift für Urheber- und Medienrecht-RD 2010, 277.

436

B. National Enforcement Measures Against Users

cases, some courts have established liability of the subscriber based on the fact that he did not use available technical measures as for example a firewall or tools restricting the installation or use of peer-to-peer software in order to prevent copyright infringements by other authorised users of his computer.1571 As regards the notion of “authorised” users, these are users to whom the subscriber grants access to his Internet connection. In this regard, the jurisprudence distinguishes between family members and other third parties using a connection. As regards the latter, initial instruction and monitoring duties are easier established because their behaviour is not as foreseeable as that of family members that live in the same household.1572 However, the manner and scope of such instruction and monitoring in relation to non-family members has not yet been established by the courts. The German Constitutional Court stressed in its file-sharing decision in 2012 that the question of instruction and monitoring duties towards nonfamily members is of fundamental importance.1573 Irrespective of the Constitutional Court’s appeal, guidance only exists in relation to family members. While the jurisprudence on this subject matter has been quite diverse on the lower court level, the Federal Court of Justice has recently clarified some issues. With regard to children, there is consensus, that children should be instructed by their parents before they were allowed to access the Internet. In November 2012, the Federal Court of Justice held in the Morpheus case, that parents have to instruct their underage children, that they are not allowed to use file-sharing networks. 1574 This shall be sufficient to comply with due diligence.1575 However, the Court also curtailed this liability

1571 OLG Hamburg, Decision of 11.10.2006 – 5 W 152/06, BeckRS 2008, 14864; LG Köln, Decision of 28.02.2007 – 28 O 10/07, Zeitschrift für Urheber- und Medienrecht-RD 2008, 93, 95; LG Frankfurt/M., Decision of 12.04.2007 – 2/03 O 824/06, MultiMedia und Recht 2007, 804, 805. 1572 OLG Frankfurt/M., MultiMedia und Recht 2008, 169, 179. 1573 BVerfG, Zeitschrift für Urheber- und Medienrecht 2012, 471 (Unerlaubtes Filesharing im Internet). 1574 BGH, Decision of 15.11.2012 – I ZR 74/12 (Morpheus), Gewerblicher Rechtsschutz und Urheberrecht 2013, 511. The decision has recently been confirmed by BGH, Decision of 11.06.2015 – I ZR 7/14 (Tauschbörse III). 1575 As parents will be required in court to provide evidence for the initial instruction on the prohibition of file-sharing, lawyers advise their clients to let the children sign a written declaration that stipulates the modalities of their Internet use.

437

Second Chapter: User-Targeted Responses

exemption in so far as this should only apply to a normally developed child that generally obeys his parents’ orders. Only in this case, it is not required that the parents further monitor the online activities of minors by for example installing software on their computer. If the parents have concrete reasons to believe that their child will not obey their order, the parents are under an obligation to implement measure that hinder file-sharing.1576 The requirements for instruction and monitoring have to be determined on a case-by-case basis and depend on the age of the child and the child’s capacity to understand the wrongfulness of file-sharing.1577 Previous to the decision of the Federal Court of Justice in Morpheus, lower courts held that parents have to monitor the surfing habits of even an adult child on a random basis when the child uses his parents’ Internet connection.1578 Some courts even considered that instruction or monitoring duties exist in relation to the subscriber’s spouse.1579 In relation to

1576

1577 1578 1579

438

See for instance WBS Law, Nach dem BGH Filesharing Urteil (Morpheus) – Wie geht es nun weiter? (16.11.2012). This had also previously been held by OLG Frankfurt/M., Gewerblicher Rechtsschutz und Urheberrecht, Rechtsprechungs-Report 2008, 73, 74; LG Mannheim, MultiMedia und Recht 2007, 267, 268; Zeitschrift für Urheber- und Medienrecht-RD 2007, 252, 254 et seq.; MultiMedia und Recht 2007, 459, 460; see also Lambert Grosskopf, Anmerkung zum Urteil des LG Hamburg: Störerhaftung des Internanschlussinhabers für Urheberrechtsverletzungen, Computer und Recht 2007, 122–124; Markus Peter, Störer im Internet – Haften Eltern für ihre Kinder?, Kommunikation und Recht 2007, 371, 373; Matthias Leistner/Felix Stang, Die Neuerung der wettbewerbsrechtlichen Verkehrspflichten – Ein Siegeszug der Prüfungspflichten?, Wettbewerb in Recht und Praxis 2008, 533, 549; Sven Mühlberger, Die Haftung des Internetanschlussinhabers bei Filesharing-Konstellationen nach den Grundsätzen der Störerhaftung, Gewerblicher Rechtsschutz und Urheberrecht 2009, 1022, 1025 et seq.; Gerald Spindler, in: Georg Bamberger/Herbert Roth, BeckOK-BGB (updated: 01.08.2012), § 832 para. 31 a. BGH, Decision of 15.11.2012 – I ZR 74/12 (Morpheus), Gewerblicher Rechtsschutz und Urheberrecht 2013, 511, 513. OLG Hamburg, Decision of 11.10.2006 – 5 W 152/06, BeckRS 2008, 14864; LG Düsseldorf, Decision of 27.05.2009 – 12 O 134/09, MultiMedia und Recht 2009, 780. The Higher Regional Court of Cologne for instance expressed doubts whether a subscriber has instruction or monitoring duties with regard to his/her spouse, and thus, set aside a prior decision that denied legal aid to the defendants based on the assumption that a subscriber must monitor the online activities of her spouse, see OLG Köln, Decision of 24.03.2011 – 6 W 427/11, Neue Juristische Online Zeitschrift 2011, 1239, 1240.

B. National Enforcement Measures Against Users

adult children, monitoring and instruction duties were also controversially discussed.1580 The majority of courts held that protective measures only have to be employed when there are indications that an infringement has already happened: an on-going supervision without cause for action is unreasonable.1581 In January 2014, the Federal Court of Justice finally provided some guidance as regards the emergence of monitoring duties in relation to adult family members.1582 According to the Court, a subscriber’s decision to allow family members to use his Internet access is based on family ties. Considering that adults are fully responsible for their own acts and considering that within families there is usually a climate of trust, the Court held that subscribers have no duty to instruct or monitor adult family members when they use a shared Internet connection. Only when there is concrete reason to believe that an adult family member will use the Internet access to commit copyright infringements, the subscriber will be obliged to implement the necessary measures to hinder the commitment of infringements. The Court stressed that such “concrete reason to believe” can be acquired by notification of the rights-holder.1583 Further scenarios of shared connections where a subscriber may be held liable as a Störer are those of employers in relation to their employees, or providers of open Wi-Fis, for instance in hotel or restaurants, in relation to their users. There is almost no case law dealing with the liability of employers for illegal file-sharing by their employees. So far the Regional Court of Munich held, that employers are not liable as Störer for illegal file-sharing

1580 Some courts assumed that children may well be more advanced in the use of information technologies and therefore specifically adult children do not have to be instructed or monitored by their parents when surfing the Internet, see LG Mannheim, Decision of 29.09.2006 – 7 O 76/06, MultiMedia und Recht 2007, 267. No need to instruct adult family member: see also AG Frankfurt am Main, Decision of 12.02.2010 – 32 C 1634/09-72, Zeitschrift für Urheber- und Medienrecht-RD 2011, 116. 1581 OLG Frankfurt/M., Decision of 20.12.2007 – 11 W 58/07, MultiMedia und Recht 2008, 169. 1582 BGH, Decision of 08.01.2014 – I ZR 169/12 (BearShare), Zeitschrift für Urheber- und Medienrecht 2014, 707. 1583 Such notification usually takes the form of a cease and desist letter before claim, which will be outlined in this chapter in the following.

439

Second Chapter: User-Targeted Responses

committed by their employees, when they had no reason to foresee the illegal activities.1584 As regards the Störer liability of providers of Wi-Fi access points in course of the commercial activity, for instance the aforementioned hotel or restaurant owner, there is only limited guidance to the necessary duty of care. This may also be due to the fact, that there have been only two cases that have been published so far. In one case the owner of an Internet café was held liable as a Störer because he did not implement protective measures to prevent copyright infringements in his café.1585 In another case, the owner of a hotel was exempted from liability as a disturber because he instructed his guests to respect the laws before granting access to the hotel’s secured Wi-Fi network.1586 In these scenarios there is other than in a family no relationship of trust between the subscriber and the third parties that are allowed to use the Internet connection. The conclusion one may draw from these two cases is, that it is necessary to instruct the users before granting access to the Internet. To be distinguished from these scenarios, where the subscriber expressly or implicitly allows third parties to use his Internet access, is the unauthorised use by third parties. As most subscribers have wireless routers, there is always a risk that non-authorised third parties acquire access to the network. The subscriber has to take efforts to control who has access to his connection and uses it.1587 First of all, the prevention of misuse requires the implementation of standard security measures for Wi-Fi networks. His duty exists per se and does not only arise where the subscriber has reason to believe that infringements are taking place via his connection.1588 If the subscriber runs a Wi-Fi router, he will be expected to have

1584 LG München I, MultiMedia und Recht 2008, 422, 423. 1585 LG Hamburg, Decision of 25.11.2010 – 310 O 433/10, BeckRS 2011, 03015. 1586 LG Frankfurt am Main, Zeitschrift für Urheber- und Medienrecht-RD 2011, 371. 1587 See Georg Borges, Pflichten und Haftung beim Betrieb privater WLAN, Neue Juristische Wochenschrift 2010, 2624. 1588 BGH, Decision of 12.05.2010 – I ZR 121/08 (Sommer unseres Lebens), Neue Juristische Wochenschrift 2010, 2061. See also Patrick Breyer, Die Haftung für Mitbenutzer von Telekommunikationsanschlüssen, Neue Juristische Online Zeitschrift 2010, 1085 et seq.; Georg Borges, Pflichten und Haftung beim Betrieb privater WLAN, Neue Juristische Wochenschrift 2010, 2624 et seq.; Gerald Spindler in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 97 UrhG, para. 20.

440

B. National Enforcement Measures Against Users

it adequately secured so that no unauthorised third party can access his connection.1589 This means in the first place that he has a sufficiently secure password. According to the Federal Court of Justice a sufficiently secure password is such a password that is distinct and sufficiently long, and fulfils the general security standards at the time of purchase of the router.1590 There is no need to update the security settings to keep track with technological developments. By its findings, the Court took into account that private users who have a Wi-Fi router at home are not necessarily IT-literate and can therefore not be reasonably expected to inform themselves about current security standards. In practice, this may lead to unfair results, when those who run an old router with out-dated security mechanisms are less likely to be held liable for infringements committed via their connection – assuming that it is relatively easy for a third party to connect to the network. Other than with the graduated response schemes discussed previously, there is no centrally administered list of infringers/Störer. As a consequence, unless the respective rights-holders’ rights have been previously infringed, Störer liability will hardly be established in those scenarios where a duty of care in the shape of a monitoring duty only emerges following a first time infringement (or concrete reason to believe that an infringement has taken place) although an infringement might already have been committed via the subscriber’s Internet access. bb) Remedies for Copyright Infringement As mentioned above, the rights-holder is entitled to a claim for removal of derogation or for injunctive relief in case of risk of recurrence (“cease and desist”), damages, unjust enrichment as well as destruction, recall or resti-

1589 BGH, Decision of 12.05.2010 – I ZR 121/08 (Sommer unseres Lebens), Neue Juristische Wochenschrift 2010, 2061. 1590 Ibid. Accordingly, WPA2 is likely to be considered as the current standard for private users. WPA2 (Wi-Fi Protected Access 2) is an implementation of an IEEE ("The Institute of Electrical and Electronics Engineers, Incorporated“, a New York not-for-profit corporation) security standard for Wi-Fi networks and the most used Wi-Fi protection nowadays in both, home and professional networks. Based on the Advanced Encryption Standard (AES), the current standard specification for the encryption of data, WPA2 provides strong security and vulnerabilities are currently only known in regard to weak passphrases.

441

Second Chapter: User-Targeted Responses

tution of infringing goods. In case of online copyright infringements, the remedies sought after are the removal of the infringing content from the Internet and a desist declaration by the potential infringer to refrain from infringements in the future. In addition, rights-holders seek compensation for the damage suffered. (1) Damages In relation to the actual infringer, i.e. in a case of direct, contributory or vicarious liability, the rights-holder regularly seeks to have his actual damages compensated. If the infringer acts intentionally or negligently he will be liable for the actual damages suffered by the rights-holder (§ 97 II UrhG). In German law, there are three different ways of calculating damages in copyright infringement matters. The rights-holder may claim compensation for his profits lost due to the infringement, reasonable royalties in relation to the infringement (by the way of license analogy), or to have the actual profits generated by the infringer conveyed to him.1591 Although under German law only actual damages can be compensated, meaning that there are no punitive damages, in certain limited circumstances “immaterial damages” may also be compensated.1592 The UrhG provides for a compensation of non-pecuniary losses by authors, editors of scientific editions, photographers and performing artists if and to the extent that this is equitable (§ 97 II UrhG). The intention behind this provision is to compensate

1591 For the calculation of damages see: Bodo von Wolff, in: Artur-Axel Wandtke/ Winfried Bullinger, Praxiskommentar zum Urheberrecht: UrhR (3rd ed. 2009), § 97 UrhG paras. 58–83; Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (3rd ed. 2008), § 97 paras. 58–70; P. Meier-Beck, Herausgabe des Verletzergewinns – Strafschadensersatz nach deutschem Recht, Gewerblicher Rechtsschutz und Urheberrecht 2005, 617–623; R. Kraßer, Schadensersatz für Verletzungen von gewerblichen Schutzrechten und Urheberrechten nach deutschem Recht, Gewerblicher Rechtsschutz und Urheberrecht, Internationaler Teil 1980, 259–272, all with further references. In copyright infringement matters via peer-to-peer networks, the license analogy is the most commonly used way to calculate damages. 1592 Cf. Bodo von Wolff, in: Artur-Axel Wandtke/Winfried Bullinger, Praxiskommentar zum Urheberrecht: UrhR (3rd ed. 2009), § 97 UrhG paras. 58–83; Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (3rd ed. 2008), § 97 paras. 84–90.

442

B. National Enforcement Measures Against Users

particularly for the infringement of moral rights.1593 If damages claims cannot be brought,1594 the rights-holder may base his claims on the unjust enrichment provisions in §§ 812 et seqq. BGB. Under unjust enrichment, the infringer will be liable for restitution of the value of what he gained due to the infringement. In order to be able to calculate damages, rights-holders are also attributed claims for information regarding the origin and distribution channels of the infringing products and rendering of accounts.1595 Pursuant to § 98 UrhG, the rights-holder may also demand destruction, recall or restitution of infringing copies and equipment. (2) Cease and Desist As outlined above, in most peer-to-peer file-sharing cases direct, contributory or vicarious liability will be hardly established. While the actual infringer will be liable for damages and cease the interference, the Störer will only be liable to cease and desist.

1593 Cf. ibid. 1594 One reason may be for example that the infringer has not acted at least negligently. However, as in copyright matters regularly at least negligence on part of the infringer is established, claims for unjust enrichment are primarily relevant with respect to compensation claims against owners of businesses in which an infringement occurred. See Alexander Klett/Matthias Sonntag/Stephan Wilske, Intellectual Property Law in Germany (2008), p. 71. 1595 Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (3rd ed. 2008), § 97 para. 78. The implementation of the Enforcement Directive into national law introduced further information rights into the UrhG: Information on the origin and distribution of the infringing copies can now also be claimed from a third party which – on a commercial scale – was found (1) in possession of infringing goods, (2) to be using infringing services, (3) to be providing services used in infringing activities, or (4) was indicated by the person referred to in point 1, 2 or 3 as being involved in the production, manufacture, or distribution of the copies, other goods or services (§ 101 II UrhG, which transposes Article 8 of the Enforcement Directive into national law). There is no statutory definition of the notion of “commercial scale” beside Recital 14 of the Enforcement Directive referring to acts on a commercial scale as those that are carried out for direct or indirect economic or commercial advantage, which would normally exclude acts carried out by end-consumers acting in good faith.

443

Second Chapter: User-Targeted Responses

Both, Störer and actual infringers are obliged to cease the interference once liability is established. They also will be requested to prevent identical infringements in the future. Usually, the rights-holder will ask the infringer or Störer to sign a predrafted cease and desist letter, in which the recipient declares that he will cease and desist from the declared infringement, meaning that he will not only cease the infringement but also refrain from committing the infringement in question in the future. The declaration will usually contain a penalty clause as an additional enforcement mechanism. The scope of the obligation to refrain from committing the infringement in question in the future has been subject to numerous lawsuits.1596 Although this is of more relevance when host providers are asked to prevent the re-appearance of infringing content, this issue shall already be briefly addressed at this point. The discussion usually focusses on the question what kind of infringement is to be omitted in the future: is it the infringement of rights in relation to all works of the rights-holder in question? Is it the infringement of rights in relation to one particular work? Is it the infringement of rights of the rights-holder committed by the subscriber/one particular user? Is it the infringement of rights of the rights-holder committed by specific means e.g. in peer-to-peer networks?1597 In file-sharing cases, the rights-holder will only be entitled to ask for a discontinuation of infringements of works of which he is the rights-holder

1596 For a summary of the latest copyright infringement cases, that reached the Federal Court of Justice, see Markus Bölling, Unterlassungsantrag und Streitgegenstand im Falle der Störerhaftung, Gewerblicher Rechtsschutz und Urheberrecht 2013, 1092–1099. 1597 These questions have been first addressed by the Federal Court of Justice in its various Internet auction decisions (BGH, Decision of 11.03.2004 – I ZR 304/01 [Internet auction I], MultiMedia und Recht 2004, 668; BGH, Decision of 19.04.2007 – I ZR 35/04 [Internet Auction II], MultiMedia und Recht 2007, 507; BGH, Decision of 30.04.2008 – I ZR 73/05 [Internet auction III]; BGH, Decision of 22.07.2010 – I ZR 139/08 [Kinderhochstühle im Internet], Gewerblicher Rechtsschutz und Urheberrecht 2011, 152): Insofar as auctions of counterfeited goods are concerned, the provider of an Internet auction platform must not only disable access to an infringing offer without undue delay, but must also take reasonable precautions to prevent “identical” infringements in the future, see only BGH, Decision of 11.03.2004 – I ZR 304/01 (Internet auction I), MultiMedia und Recht 2004, 668, 671.

444

B. National Enforcement Measures Against Users

of, and of which he can prove that they have already been shared via the subscriber’s Internet access.1598 If the subscriber refrains to sign a cease and desist declaration, rightsholders regularly seek to obtain an injunction against the subscriber.1599 cc) Information Rights It has previously been addressed numerous times, that in most cases where the infringement has been committed online, the evidence collected about an infringement will only identify the IP address from which an alleged infringement has taken place. This IP address then needs to be matched against the subscriber to whom it was allocated at the time of the infringement. Similar to the Norwich Pharmacal orders, the UrhG forsees that rights-holders can seek disclosure of information on communications traffic data to identify a subscriber from Internet access providers by way of a judicial disclosure order.1600 Pursuant to § 101 II, IX UrhG, a disclosure order against a third party will be granted, if an obvious infringement has been committed, and the third party from whom disclosure is sought provided the services used to commit an infringement on a commercial

1598 Urs Verweyen, Grenzen der Störerhaftung in Peer to Peer-Netzwerken, MultiMedia und Recht 2009, 590–594 with further references to case-law. 1599 An interim injunction may be granted if interim legal protection is sought before an actual decision in the main proceedings, whereas injunctive relief may also be granted permanently in normal proceedings. 1600 The information in question relates to communications traffic data (§ 3 No. 3 Telekommunikationsgesetz – TKG), which requires a judicial order on the permissibility of its use. The data that can legitimately retained by communication service providers is enumerated in § 96 I TKG: “(1) the number or other identification of the lines in question or of the terminal, personal authorisation codes, additionally the card number when customer cards are used, additionally the location data when mobile handsets are used; (2) the beginning and end of the connection, indicated by date and time and, where relevant to the charges, the volume of data transmitted; (3) the telecommunications service used by the user; (4) the termination points of fixed connections, the beginning and end of their use, indicated by date and time and, where relevant to the charges, the volume of data transmitted; (5) any other traffic data required for setup and maintenance of the telecommunications connection and for billing purposes” (Translation by Bundesbeauftragter für den Datenschutz und die Informationsfreiheit, available at http://www.bfdi.bund.de/cae/servlet/contentblob/411286/publicatio nFile/25386/TelecommunicationsAct-TKG.pdf (last accessed on 16.06.2011)).

445

Second Chapter: User-Targeted Responses

scale.1601 § 101 IV UrhG requires the court to respect the principle of proportionality, when assessing whether to grant a disclosure order. Accordingly, information can be acquired from an Internet access provider with regard to the identity of an Internet access service subscriber. dd) The Abmahnung As already mentioned, the author of a work, the right-holder of neighbouring rights, and the owner of exclusive rights of use with respect to an infringed work may sue for copyright infringement.1602 Before bringing a case to court, rights-holders are advised to send an Abmahnung to the infringer asking him to cease and desist from the infringement and sign an undertaking that he will subject himself to a cease and desist obligation with an appropriate penalty clause.1603 Although the issue of a Abmahnung is not a prerequisite for subsequent court proceedings, § 97a I UrhG

1601 The “commercial scale” requirement stems from Article 8 of the IPR Enforcement Directive. With its introduction, the European legislator intended to regulate the proceedings for disclosure of information in the sense that information rights are restricted to acts carried out for direct or indirect economic or commercial advantage (Recital 14 of the IPR Enforcement Directive). Prior to the decision of the Federal Court of Justice regarding a song by German singer and songwriter Xavier Naidoo in 2012 (BGH, Decision of 19.04.2012 – 1 ZB 80/11, Neue Juristische Wochenschrift 2012, 2958), it has long been assumed that the infringement itself must have been committed on a commercial scale. This condition had been interpreted by German courts very broadly, with the upload of one music album or one film satisfying this condition (Cf. Sandra Schmitz/ Thorsten Ries, Three songs and you are disconnected from cyberspace? Not in Germany where the industry may “turn piracy into profit”, European Journal of Law and Technology 2012, Vol. 3 No. 1). However, in the Xavier Naidoo case, the Federal Court of Justice once and for all clarified that not the infringement must have been committed on a commercial scale. Instead the notion of commercial scale refers to the service provided by the third party from whom disclosure is sought. 1602 The owners of non-exclusive rights of use, however, do not have standing to sue for copyright infringement unless the right holder agreed (either separately for purposes of the infringement action or in the license agreement) that the licensee should be entitled to sue on behalf of the right holder. 1603 The penalty clause serves as a means to express the seriousness of the cease and desist promise.

446

B. National Enforcement Measures Against Users

provides that the infringed party should send a cease and desist letter to the infringing party prior to the instigation of court proceedings to give him an opportunity to settle the dispute without court action. In addition, § 93 ZPO1604 provides that the claimant has to bear the defendant's costs if the defendant acknowledges the claim straight away in litigation and the claimant had not sent a cease and desist letter prior to filing his claim. Thus, it is advisable to send an Abmahnung; the initiation of court action right away should only be pursued where the matter is extremely urgent and a preliminary injunction is needed immediately or where the claimant is certain that the defendant will defend himself against the claims and would not sign a cease and desist declaration out of court. The Abmahnung as a letter before claim, is usually sent by a lawyer (Rechtsanwalt) on behalf of the infringed party.1605 The recipient of an Abmahnung has to compensate the rights-holders for the costs involved, if the claim is justified.1606 Pursuant to § 97a III UrhG, the recoverable costs are limited to the necessary expenses.1607 The necessary expenses regularly include the lawyer’s fees and the costs for identifying the infringement and the infringer.1608 The lawyer’s fees depend on the value of the claim.1609 In addition to the costs for the Abmahnung, the rights-holders usually also claim damages in the same letter.

1604 Zivilprozessordnung – ZPO (“Civil Procedure Code”). 1605 The lawyer’s fees can be claimed from the infringer if the claim is justified. 1606 Nikolaus Reber, in: Hartwig Ahlberg/Horst-Peter Götting, Beck’scher OnlineKommentar (4th ed. 09.10.2013), § 97a para. 18. 1607 If an Abmahnung is justified, it avoids a costly court litigation and thus, it is assumed that it is a necessary means for settlement and in the interest of the infringing party. 1608 The latter may include costs for private investigators, travelling expensis, costs for technical assistance etc. See Nikolaus Reber, in: Hartwig Ahlberg/HorstPeter Götting, Beck’scher Online-Kommentar (4th ed. 09.10.2013), § 97a para. 23. 1609 Lawyers' fees for litigation work in civil law are regulated in the Attorneys Remuneration Act (Gesetz über die Vergütung von Rechtsanwältinnen und Rechtsanwälten – RVG) which details schedules of the statutory fees payable on a claim-value basis and payable in stages for the proceedings and court hearings. See § 11 of the Attorneys Remuneration Act and its Appendix. Court costs in civil matters rise on a scale depending on the value of the claim which is not uniformly proportional. They are determined by reference to the statutory scales, primarily the Court Fees Act.

447

Second Chapter: User-Targeted Responses

Since 2008, the § 97a II UrhG forsaw that no more than EUR 100 may be claimed as the “necessary expenses” for “non-complex cases with only an immaterial infringement of rights outside of commercial transactions”. This provision has been replaced on 01 October 2013 by a more detailed provision aiming to ban unfounded claims and claims that are solely made to generate profit.1610 b) Outline and Functioning of Pre-Litigation Settlement The pre-litigation settlement requires several steps to be taken: first of all, the rights-holder must obtain evidence on an infringement, which he will then present to a court in order to obtain a disclosure order against an Internet access provider; once the identity of a subscriber is revealed, he will send a cease and desist letter, the Abmahnung, to the alleged infringer. If the alleged infringer does not sign the cease and desist declaration, the rights-holder may seek injunctive relief before a court. aa) Gathering of Information on Infringements Similar to the previously discussed graduated response schemes, most rights-holder will entrust specialised companies with the identification of infringements and the collecting of evidence.1611 These companies monitor peer-to-peer networks for incidents of illegal file-sharing by using software such as, for example, Filewatch which is/was used by Media Protector.1612 Filewatch connects to a peer-to-peer server and requests a copyrighted file. As every downloaded file has a unique hash value and can be identified on this basis, a search will be conducted for identical files with the same hash value. The software records all the IP addresses that offer the file and starts a download. For every hit, the actual time, the hash value of the file, the user's pseudonym within the sharing software, a hash value that identifies the software client within the network, the name and

1610 The new wording will discussed at the end of this section. 1611 There are several companies that are active in Germany. 1612 See http://stop-p2p-piracy.com/site/filewatch-merkmale for more information (last accessed on 16.03.2013). The following procedure that is being described is that of Media Protector, which uses or at least used Filewatch.

448

B. National Enforcement Measures Against Users

version of the software, the number of packets which the client has already downloaded and most importantly the IP address of the client's Internet connection as well as the name of the corresponding Internet service provider at the time of the incident, are logged. Procedures may vary depending on the software being used and the networks that are crawled. bb) Disclosure Orders Pursuant to § 101 II, IX UrhG, a disclosure order against a third party will be granted, if an obvious infringement has been committed, and the third party from whom disclosure is sought provided the services used to commit an infringement on a commercial scale.1613 The condition of an “obvious” infringement is fulfilled when the infringement is so clear, that an unjustified burden upon the access provider is almost impossible.1614 Although § 101 IV UrhG requires the court to respect the principle of proportionality, the courts will in fact hardly conduct a balancing test considering the workload they are faced with. In addition, the Federal Court of Justice held that the requirement for disclosure, namely an obvious

1613 The “commercial scale” requirement stems from Article 8 of the IPR Enforcement Directive. With its introduction, the European legislator intended to regulate the proceedings for disclosure of information in the sense that information rights are restricted to acts carried out for direct or indirect economic or commercial advantage (Recital 14 of the IPR Enforcement Directive). Prior to the decision of the Federal Court of Justice regarding a song by German singer and songwriter Xavier Naidoo in 2012 (BGH, Decision of 19.04.2012 – 1 ZB 80/11, Neue Juristische Wochenschrift 2012, 2958), it has long been assumed that the infringement itself must have been committed on a commercial scale. This condition had been interpreted by German courts very broadly, with the upload of one music album or one film satisfying this condition (Cf. Sandra Schmitz/ Thorsten Ries, Three songs and you are disconnected from cyberspace? Not in Germany where the industry may “turn piracy into profit”, European Journal of Law and Technology 2012, Vol. 3 No. 1). However, in the Xavier Naidoo case, the Federal Court of Justice once and for all clarified that not the infringement must have been committed on a commercial scale. Instead the notion of commercial scale refers to the service provided by the third party from whom disclosure is sought. 1614 Cf. Deutscher Bundestag, Bundestagsdrucksache 11/4792, p. 32; Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4th ed. 2013), § 101, para. 28 with further references.

449

Second Chapter: User-Targeted Responses

infringement suffices to guarantee a fair balance of the fundamental rights involved and to prevent unfounded claims.1615 In addition, it is not required that the infringement is proven. Moreover, in proceedings for interim measures, it is only necessary for the applicant to credibly show that an obvious infringement has taken place via a certain IP address.1616 As regards the reliability of the logging software, it is sufficient that the applicant issues a statutory declaration that the software is reliable.1617 Once disclosure is ordered, the Internet access provider will have to match the IP address in question against the subscriber data that he holds and reveal the identity of the subscriber of the IP address in question at the given time. As data in relation to the allocation of IP address to customers is only held for a limited time for billing purposes, the rights-holders will usually inform the provider about their foreseen disclosure request so that the traffic data in question can be frozen.1618 However, a legal obligation for data preservation in the sense of “expedited preservation of stored data or ‘quick freeze’” does not exist in Germany.1619 German law provides no legal basis for rights-holders to obligate the preservation of data by access providers.1620 § 101 II No. 3 and IX only attribute information rights to the rights-holders but do not oblige access providers to preserve data upon receipt of a copyright infringement report

1615 BGH, Decision of 19.04.2012 – 1 ZB 80/11, Neue Juristische Wochenschrift 2012, 2958 with annotation by Karl-Heinz Ladeur. 1616 So-called Glaubhaftmachung, which suffices in proceedings for interim measures under § 101 VII UrhG. 1617 See Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4th ed. 2013), § 101 UrhG, para. 28. 1618 Access provider usually store IP address data for a short period time based on §§ 96 TKG for their own purposes. This period of time in general varies from three to seven days (See Stefan Maaßen, Annotation to OLG Frankfurt/Main, Decision of 12.11.2009 – 11 W 41/09, MultiMedia und Recht 2010, 62, 63.). 1619 OLG Hamm, Decision of 02.11.2010 – 4 W 119/10, Gewerblicher Rechtsschutz und Urheberrecht, Rechtsprechungs-Report 2011, 90; OLG Frankfurt/Main, Decision of 12.11.2009 – 11 W 41/09, MultiMedia und Recht 2010, 62; OLG Düsseldorf, Decision of 15.03.2011 – I-20 U 136/10, MultiMedia und Recht 2011, 546. An expedited preservation of data has been favoured by the German Data Protection Commissioner as an alternative to data retention under the Data Retention Directive, but is not enshrined in German law. 1620 Ibid.

450

B. National Enforcement Measures Against Users

by a rights-holder.1621 Only once a court has ordered the disclosure of the requested data, the access provider is obliged to preserve this data.1622 If he nevertheless deletes the data, the rights-holder will be entitled to damages under §§ 280 I, 281 BGB in connection with § 101 II UrhG.1623 The rights-holders may apply for interim measures which forbid the deletion of the IP address data concerned until a decision is taken in relation to their – usually in parallel – filed request for disclosure of this data pursuant to § 101 IX UrhG.1624 Once the proceedings under § 101 UrhG are completed and the court has granted information rights to the rightsholders, the access provider will have to disclose the identity of those subscribers behind the IP addresses concerned. No disclosure can be ordered with regard to information that is retained by an access provider to comply with his obligations of the national transposition of the Data Retention Directive.1625 Data that has been retained to comply with an obligation stemming from the Data Retention Directive, cannot be obtained by private parties.1626 cc) Pre-Litigation Correspondence: Request to Cease and Desist and Claim for Damages Once the rights-holder has obtained information about the identity of the subscriber of an Internet access service from which an infringement has been committed, he will send a cease and desist letter to the subscriber.

1621 See also Bundesrat, Bundesratsdrucksache 798/1/07 and Bundestag, Bundestagsdrucksache 16/5048. 1622 Cf. for example OLG Frankfurt/Main, Decision of 12.11.2009 – 11 W 41/09, MultiMedia und Recht 2010, 62, 63. 1623 Cf. OLG Frankfurt/Main, Decision of 12.05.2009 – 11 W 21/09, MultiMedia und Recht 2009, 542. 1624 Ibid. 1625 If an access provider stores IP address data not for his own purposes but to fulfil his obligations under § 113a TKG which transposes the storing obligations of the Data Retention Directive into national law, the rights-holders’ request for disclosure will consequently have no success. 1626 Under these circumstances, rights-holders may only obtain access to the data by pressing criminal charges and then requesting access to the investigation files via their lawyer, see Stefan Maaßen, Annotation to OLG Frankfurt/Main, Decision of 12.11.2009 – 11 W 41/09, MultiMedia und Recht 2010, 62, 63.

451

Second Chapter: User-Targeted Responses

The reasons, why it is advisable for the rights-holder to send this letter before claim instead of filing a claim have already been addressed: First of all the rights-holder shall give the alleged infringer or Störer an opportunity to settle the dispute without court action;1627 secondly, it prevents that the rights-holder has to pay the court fees if the alleged infringer admits the infringement after a claim has been filed.1628 It is common practice that Abmahnungen are sent by an attorney on behalf of the infringed rights-holder. Similar to companies that have specialised in the detection of online copyright infringements, law firms exist that have specialised in pursuing these claims of copyright infringements. They work closely together with the aforementioned companies. Together, they have optimised the procedures: the companies collect thousands of IP addresses, for which bundled disclosure requests are applied for. As aforementioned, the cease and desist letter will inform the recipient of the alleged infringement and provide details on the infringement such as date and time, the software client used, the work that has been infringed, and the access provider. The letter will also provide details on how information of identity of the subscriber was obtained by stating the file number and the court that has ordered the disclosure. The lawyer will also detail the position of the rights-holder with regard to the infringement and the assumed legal obligations deriving from this. Accordingly, the letter will ask the recipient to sign a pre-drafted cease and desist declaration, which regularly contains a penalty clause. The cease and desist promise will relate to the work, that has been infringed, but subscribers are advised to check whether the cease and desist promise is not drafted too wide. They will only be obliged to refrain from infringing again the work that he has previously infringed, and not for instance all songs performed by the artist in question.1629 The penalty clause shall express the seriousness of the declaration. Regularly, the subscriber is addressed as the actual infringer, which means that the rights-holder will also claim damages for the infringement of his exclusive rights.

1627 See § 97 UrhG. 1628 According to § 93 ZPO, the claimant has to pay the defendant’s costs if the defendant acknowledges the claim straight away in litigation and the claimant had not sent a cease and desist letter prior to filing the action. 1629 Markus Bölling, Unterlassungsantrag und Streitgegenstand im Falle der Störerhaftung, Gewerblicher Rechtsschutz und Urheberrecht 2013, 1092 et seq.

452

B. National Enforcement Measures Against Users

The rights-holder will also fix a time-limit within which the recipient of the letter will have to comply with the requested acts. If an Abmahnung has been sent via a lawyer, the lawyer’s invoice will be attached. The recipient of an Abmahnung has to compensate the rights-holders for the costs involved, if the claim is justified.1630 Pursuant to § 97a III UrhG, the recoverable costs are limited to the necessary expenses.1631 The necessary expenses regularly include the lawyer’s fees and the costs for identifying the infringement and the infringer.1632 The lawyer’s fees depend on the value of the claim.1633 In cases involving peer-to-peer sharing of music files, the value of the claim was regularly set at EUR 10,000 per file by the rights-holders.1634 Case law however shows that although courts may confirm this value for a single claim,1635 in cases where more than one music title is involved, they regularly reduce the total value of the claim. For instance, in a case where several music files had been exchanged without authorisation of the rights-holder, the value for the first title was set at EUR 10,000 and at EUR 5,000 for any subsequent

1630 Nikolaus Reber, in: Hartwig Ahlberg/Horst-Peter Götting, Beck’scher OnlineKommentar (4th ed. 09.10.2013), § 97a para. 18. 1631 If an Abmahnung is justified, it avoids a costly court litigation and thus, it is assumed that it is a necessary means for settlement and in the interest of the infringing party. 1632 The latter may include costs for private investigators, travelling expensis, costs for technical assistance etc. See Nikolaus Reber, in: Hartwig Ahlberg/HorstPeter Götting, Beck’scher Online-Kommentar (4th ed. 09.10.2013), § 97a para. 23. 1633 Lawyers' fees for litigation work in civil law are regulated in the Attorneys Remuneration Act (Gesetz über die Vergütung von Rechtsanwältinnen und Rechtsanwälten – RVG) which details schedules of the statutory fees payable on a claim-value basis and payable in stages for the proceedings and court hearings. See § 11 of the Attorneys Remuneration Act and its Appendix. Court costs in civil matters rise on a scale depending on the value of the claim which is not uniformly proportional. They are determined by reference to the statutory scales, primarily the Court Fees Act. 1634 See Frank Tyra, Ausgewählte Probleme aus der Abmahnpraxis bei Privatnutzungen in Musiktauschsystemen, Zeitschrift für Urheber- und Medienrecht 2009, 934, 940; Christian Solmecke, LG Köln: Erstattung von Anwaltskosten einer (Massen-) Abmahnung wegen P2P-Urheberrechtsverletzung, MultiMedia und Recht 2008, 129–130. 1635 The courts are free to set a lower value. The OLG Frankfurt tends to set the value at EUR 2,500 see only OLG Frankfurt, decision of 21.12.2010 – 11 O 52/07.

453

Second Chapter: User-Targeted Responses

titles.1636 The Regional Court of Cologne set the claim value for 964 shared music files at EUR 50,000.1637 Further, courts tend to distinguish whether the actual infringer could be identified or whether the Internet access service subscriber is sued for an infringement that he has not himself committed.1638 As regards damages that are claimed by the rights-holder, these damages are usually calculated by way of licence analogy.1639 Insofar a damages are concernced, it must be recalled that the subscriber will regularly only have to pay the costs of the cease and desist letter if no more than Störer liability can be established. Although there is an actual presumption, that when a work has been made publicly available from a certain IP address, the subscriber of that IP address is liable for the infringement,1640 recent case-law of the Federal Court of Justice has determined conditions under which this presumption can be rebutted. Accordingly, Störer liability will no longer easily be established with regard to underaged children, when no monitoring duty exists towards their online behaviour, and the subscriber succeeds in proving that the child has committed the infringe-

1636 See LG Hamburg, Decision of 21.04.2006 – 308 O 139/06, published in parts in Zeitschrift für Urheber- und Medienrecht 2006, 661. 1637 OLG Köln, Decision of 23.12. 2009 – 6 U 101/09, MultiMedia und Recht 2010, 281. In this case the four claimants argued that the value of the claim was EUR 400,000 (four claimants, each EUR 100,000) and demanded to be reimbursed for attorney's fees of EUR 5,832.40 altogether. The court however held – inter alia taking into account that the shared music files were not current releases and therefore it was unlikely that they were downloaded by many people – a claim-value of EUR 50,000 each adequate. 1638 Frank Tyra, Ausgewählte Probleme aus der Abmahnpraxis bei Privatnutzungen in Musiktauschsystemen, Zeitschrift für Urheber- und Medienrecht 2009, 934, 940 with further references. 1639 To name a few examples: The licence costs for a song were set at EUR 150 (AG Frankfurt/M, Decision of 29.01.2010 – 31 C 1078/09 – 78, MultiMedia und Recht 2010, 262; Decision of 16.04.2010 – 30 C 562/07 – 47; Decision of 04.02.2009 – 29 C 549/08 – 81, MultiMedia und Recht 2009, 724) or EUR 200 (BGH, Decisions of 11.06.2015 – I ZR 75/14; I ZR 7/14 and I ZR 19/14 (Tauschbörse I – III); for a porn movie at EUR 100 (plus EUR 75 for investigation, AG Halle, Decision of 14.11.2009 – 95 C 3258/09); for the Brockhaus encyclopedia at EUR 3,000 (AG Magdeburg, Decision of 12.05.2010 – 140 C 2323/09). 1640 BGH, Decision of 12.05.2010 – case.no. I ZR 121/08 (Sommer unsers Lebens), Neue Juristische Wochenschrift 2010, 2061.

454

B. National Enforcement Measures Against Users

ment.1641 Though there still is an alleviation of the burden of proof, the subscriber may succeed in escaping Störer liability if he can prove that he has obeyed a required duty of care such as the instruction of minor family members, and the securisation of his Wi-Fi network, and can thus prove that an alternative cause of action is plausible.1642 c) The Status Quo: How Abmahungen (almost) Became a Profitable Tool for Rights-holders No legal instrument in Germany has in the rise of the World Wide Web encountered as many criticisms as the Abmahnung. The reasons for this are magnifold, but are primarily based on the fact that some rights-holder “abuse” the system. The public perception of the system is impaired by the volume of cease and desist letters being sent out by only a few lawyers, and the amount of compensation that is claimed. Subscribers often feel intimidated by the language used and faced with a very short time-limit to comply with the cease and desist and compensation demand, they are rather tempted to comply. Considering that they may actually have committed a wrong, this does not explain why the use of Abmahnungen is perceived as abusive. Thus, the following paragraphs will examine the deficits of the system that laid the basis for the negative perception of the instrument by the general public. The Abmahnung is nothing new, but a legal instrument that has existed in German law long before. However, only recently has the usage of this instrument increased significantly and while up to the mid-90s such letters were primarily targeted at business entities, it is now the private computer user, or more specifically the subscriber of an Internet access service, who is the focus of cease and desist requests. The reason for this shift of focus is that modern technologies – as has been explained in the first Chapter –

1641 BGH, Decision of 15.11.2012 – I ZR 74/12 (Morpheus), Gewerblicher Rechtsschutz und Urheberrecht 2013, 511. See also BGH, Decisions of 11.06.2015 – I ZR 75/14; I ZR 7/14 and I ZR 19/14 (Tauschbörse I – III), which confirm the findings in Morpheus. 1642 See in that regard also Christian Solmecke, Darlegungs- und Beweislast in Filesharing-Verfahren – Eine Auswertung der aktuellen Rechtsprechung, in: Jürgen Taeger (ed.), Law as a Service (LaaS) – Recht im Internet- und Cloud-Zeitalter (2013), Band 1, p. 447–459.

455

Second Chapter: User-Targeted Responses

allow users to engage in potential illicit behaviour on a scale never encountered before. aa) Information Requests Are not Thoroughly Assessed First of all, the key idea of the Abmahnung has to be recalled: the sender makes the recipient aware of an illegal behaviour. The aim is to settle a potential lawsuit out of court and not to burden courts with unnecessary work. Likewise, the potential infringer shall be able to avoid the legal costs of court proceedings. The time and effort for the rights-holder to issue a warning letter is minimal. Thus, at a first glance, the system provides advantages for both sides. However, the more the procedure is optimised and if many warning letters are sent out, they might become a separate profitable business model. Although it was not the intention of the legislator to turn the Abmahnung into a source of income, he has cleared the way for it. Each warning letter requires that the infringement and the infringer are identified. With the introduction of information rights in 2008,1643 the first step was taken to ease proceedings. Prior to the possibility of a disclosure order, rights-holders had to press criminal charges against the unknown subscriber of an IP address. In the course of criminal investigations, the rights-holder could then be granted access to the records and thereby obtain information about the identity of the subscriber of the IP address in question. Obviously, police and public prosecution were not happy with this situation as they would have to spend time on seeking information on the IP address subscriber, but would regularly not pursue the matter any further due to the minor wrong that had been committed and the fact that a subscriber is not necessarily the infringer. The new civil information right, enshrined in § 101 UrhG, requires that an obvious infringement has been committed.

1643 The Gesetz zur Verbesserung der Durchsetzung von Rechten des geistigen Eigentums (Act to Improve Enforcement of Intellectual Property Rights) came into force on 1 September 2008 and introduced information rights by which rightholders and their lawyers may now request a judicial order against an access provider to disclose information on communications traffic data to identify the infringer.

456

B. National Enforcement Measures Against Users

Although § 101 IV UrhG requires the court to respect the principle of proportionality, in practice, the courts do not thoroughly balance the contravening interests. On the one hand, the Federal Court of Justice held that the establishment of an obvious infringement suffices to guarantee a fair balance of the fundamental rights,1644 on the other hand, the courts are faced with so many requests that they can hardly examine each case any further. Whether this conclusion satisfies the CJEU’s criterion that national legislation must enable “the national court seised of an application for an order for disclosure of personal data, made by a person who is entitled to act, to weigh the conflicting interests involved, on the basis of the facts of each case and taking due account of the requirements of the principle of proportionality”, remains to be seen.1645 As regards the number of disclosure requests, incidents have been reported where one request relates to up to 3,500 IP addresses.1646 Within 9 months in 2009, 2824 disclosure orders were sought after in Cologne alone, each relating to several hundreds of IP addresses.1647 The German access provider Deutsche Telekom reported that it had to disclose the identity of subscribers behind 2.4 million IP addresses in 2010 alone.1648 The number of applications for disclosure of information leads to thousands of subscriber identities being disclosed; according to estimates, in

1644 BGH, Decision of 19.04.2012 – 1 ZB 80/11, Neue Juristische Wochenschrift 2012, 2958 with annotation by Karl-Heinz Ladeur. 1645 Case C-461/10, Bonnier Audio AB and Others v Perfect Communication Sweden AB, ECR 2012 p.000. For comments on the case see inter alia Doris Möller, Urheber-/Datenschutzrecht: Herausgabe gespeicherter Verkehrsdaten zur zivilrechtlichen Verfolgung von Urheberrechtsverletzungen, Europäische Zeitschrift für Wirtschaftsrecht 2012, 519-520; Zuzana Hečko, Data retention by Internet service providers for IP rights protection: Bonnier Audio (C-461/10), Journal of Intellectual Property Law and Practice 2012, 449–456; Sandra Schmitz, Die Verfolgung von Urheberrechtsverletzungen im Internet – Neues vom EUGH, in: Jürgen Taeger (ed.), IT und Internet – Mit Recht gestalten (2012), pp. 227–243. 1646 Holger Bleich, Die Abmahn-Industrie – Wie mit dem Missbrauch des Urheberrechts Kasse gemacht wird, c´t 2010, No. 1, 154, 155. In October 2009, the Regional Court of Cologne ordered the disclosure of the identity behind 11,000 IP-adresses from major provider Telekom. Thus, one single application regarding the sharing of one music title led to potentially 11,000 Abmahnungen being sent out. 1647 Ibid. 1648 These numbers relate to copyright infringement cases alone. See Thomas Darnstädt, Urheberrecht: Wem gehören die Gedanken?, 2. Teil: Die Jagd auf IPDaten Verdächtiger geht weiter, Der Spiegel online (21.05.2012).

457

Second Chapter: User-Targeted Responses

2010 more than half a million Abmahnungen had been issued.1649 Obviously not much time can be spent on examining the facts of these cases.1650 This assumption has lately been proven right by the Redtube.com incident.1651 Redtube.com is a streaming website for pornographic movies and clips. In December 2013, ten-thousands of Redtube users received cease and desist letters in which they were accused of copyright infringements by “using” specified movie streams.1652 The recipients were asked to sign a cease and desist declaration and pay EUR 250 in compensation.1653 It is unknown, how the law firm managed to log the IP addresses of the subscribers concerned.1654 Other than the actual logging of the IP addresses, it is known, where the rights-holders got the subscriber details from: the Landgericht Köln ordered the Internet service provider Deutsche Telekom to disclose the identity of the subscribers of hundreds of logged IP address at a given time.1655 Considering that each of the 62 successful applications

1649 Ibid. 1650 Solmecke states in that context, that the courts “wave” the requests “through”. See Christian Solmecke, Wenn sich die Abmahnindustrie verzockt – Rechtsprobleme bei Massenabmahnungen im Internet, in: Jürgen Taeger (ed.), Digitale Evolution – Herausforderungen für das Informations- und Medienrecht (2010), p. 627. 1651 For a detailed outline of the facts of the case and its legal implications, see Sandra Schmitz, The RedTube copyright infringement affair in Germany: Shame on who?, International Review of Law, Computers & Technology 2015, Vol. 29 Issue 1, 33 et seq. 1652 The following films are subject to the claims: Miriam’s Adventures, Hot Stories, Amanda’s Secrets, Dream Trip and Glamour Show Girls. See Christian Solmecke, Redtube: Wave of Streaming Letters hits Germany (12.12.2013). 1653 This amount is comprised of EUR 149.50 lawyers’ fees, EUR 20 standard fee for postage and telecommunication, EUR 15.50 damages and EUR 65 expenses for investigating the alleged copyright infringements. The claim value, from which the lawyrs’ fees are calculated, is set at EUR 1,000 1654 See Sandra Schmitz, The RedTube copyright infringement affair in Germany: Shame on who?, International Review of Law, Computers & Technology 2015, Vol. 29 Issue 1, 33, 38. 1655 The law firm filed 89 applications, of which each contained disclosure requests in relation to 400 to 1,000 IP addresses. Sixteen different chambers of the Landgericht Köln had to deal with the applications. Out of the filed 89 applications, 62 were sucessful. See Carl Christian Müller, Abmahnwelle gegen Redtube-Nutzer, Vom Leerlaufen des Richtervorbehalts, Legal Tribune Online (12.12.2013).

458

B. National Enforcement Measures Against Users

referred to up to 1,000 IP addresses, a maximum of 62,000 subscribers could be faced with cease and desist letters; even if one assumes an average of 700 IP addresses, this still leads to a five digit number of potential recipients.1656 What the court ignored was the fact that already the commitment of an obvious infringement was less than clear. Whether the consumption of a stream constitutes a copyright infringement has not yet been decided by a court. § 53 UrhG provides for a right to make private copies of copyright-protected material under the condition that the source has not been disseminated in an evidently illegal manner, meaning that the source is neither an evidently illegal reproduction or has been made available evidently illegally.1657 In the case of Redtube evident illegality of the source cannot be established, because onstreaming sites for pornography, the rightsholders themselves commonly make available clips or low resolution versions of their repertoire to incite user to buy the full copy or full stream.1658 This makes it particularly difficult for users to distinguish whether a clip has been uploaded by the rights-holder or with his authorisation, or is infringing copyright. Thus, also an objective bystander may not succeed in establishing that a clip has been disseminated in evidently illegal manner, and therefore the illegality is not obvious. Moreover, even if one assumes that the consumption of a stream constitutes “copying”, the consumer would be able to rely on the private copying defence. Further, any copy generated during streaming on the user’s hardware is no illegal reproduction. These kind of copies may fall within the permitted temporary acts of reproduction under § 44a UrhG.1659 Against this background,

1656 Ibid. 1657 The question whether a law which allows copying from illegal sources for private use is compliant with EU copyright law has only recently been decided by the CJEU in Case ACI Adam v Stichting de Thuiskopie, Judgment of 10.04.2014. The Advocate General stated in his opinion that the private copying exception only applies to copies from legitimate sources (See Opinion of the Advocate General in Case C-435/12 ACI Adam v Stichting de Thuiskopie of 09.01.2014). The CJEU essentially followed the Opinion of the AG. 1658 See Sandra Schmitz, The RedTube copyright infringement affair in Germany: Shame on who?, International Review of Law, Computers & Technology 2015, Vol. 29 Issue 1, 33. 1659 Ronny Hauck/Sebastian Heim, Schwerpunktbereich Urheberrecht: Die rechtliche Bewertung von “Filesharing“- und “Streaming”- Sachverhalten, JUS 2014, 303, 306.

459

Second Chapter: User-Targeted Responses

it becomes evident, that the court did not assess whether there was an obvious infringement and just waved the disclosure requests through. bb) A Narrow Interpretation of “Non-Complex” Cases Since 2008, § 97a II UrhG foresaw that no more than EUR 100 could be claimed as “necessary expenses” for “non-complex cases with only an immaterial infringement of rights outside of commercial transactions”. The impact of this provision has however been limited, an analysis of the case-law so far shows that courts interpret the limitation clause restrictively and consider file-sharing cases as complex cases.1660 According to the German legislator, the making publicly available of excerpts from a city map on a website, or the making publicy available of a songtext, or the infringing use of an image on an Internet auction platform will constitute non-complex cases.1661 In recognition of the limited effect of the provision, it has been replaced in October 2013.1662 cc) Optimisation of Pre-Litigation Correspondence With many disclosed identities at hand, pre-litigation correspondence has been optimised by a few law firms that have specialised in Abmahnungen in the context of copyright infringements. Recently, the German Pirate Party leaked a secret agreement between one of the law firms involved in the aforementioned Redtube incident and another rights-holder that suggests that they were operating a business model to turn piracy into profit.1663 The parties basically agreed on a no

1660 See Nikolaus Reber, in: Hartwig Ahlberg/Horst-Peter Götting, Beck’scher Online-Kommentar (4th ed. 09.10.2013), § 97a para. 27–28; Sandra Schmitz/ Thorsten Ries, Three songs and you are disconnected from cyberspace? Not in Germany where the industry may “turn piracy into profit”, European Journal of Law and Technology 2012, Vol. 3 No. 1. 1661 Deutscher Bundestag, Bundestag-Drs. 16/5048, p. 50. 1662 The new wording and scope of § 97a UrhG will be discussed at the end of this section. 1663 Legal Tribune online, Entwicklungen in Sachen Redtube – Gegenwind für Abmahnanwälte, Neues zu IP-Ermittlung (13.12.2013). The slogan “turn piracy into profit” was formerly used by the company DigiProtect, Gesellschaft zum

460

B. National Enforcement Measures Against Users

win no fee arrangement for pursuing the copyright infringement claims.1664 Law firms and rights-holders may secretly create “joint ventures” with no risks of costs for the rights-holder.1665 This however infringes § 49b II BRAO1666. If in such cases the rights-holder asks for compensation of the costs incurred in issuing the Abmahnung, this may even constitute fraud because compensation can only be claimed for costs that have actually occured.1667 Irrespective of the existence of such an agreement, it becomes clear, that some rights-holders do not just consider the Abmahnung as an instrument to stop copyright infringements and to prevent the continuation of infringements, but primarily as a source of income.1668 The following shows an example for recoverable costs of a cease and desist request only: cost of third party investigating the infringement EUR 50 plus costs of Internet service provider EUR 2.33 and if value of claim set at EUR 2,500 and lawyer claims average fees, then these are EUR 232.45 (including EUR 20 communication flat fee and EUR 3.15 costs for disclosure order) – in total EUR 284.78.1669

1664

1665 1666 1667 1668

1669

Schutze digitaler Medien mbH. The advertising brochure containing this slogan is not accessible on their website www.digiprotect.org anymore, but is available via the following link: http://pdfcast.org/pdf/digiprotect-turn-piracy-into-profitpraesentation (last accessed 16.06.2011). Such information had also already been leaked in 2010 in relation to another joint venture, where the law firm kept 37.5 % of the amount paid by the alleged infringers and the remaining 62.5 % went to the rights-holder. See Christian Solmecke, Wenn sich die Abmahnindustrie verzockt – Rechtsprobleme bei Massenabmahnungen im Internet, in: Jürgen Taeger (ed.), Digitale Evolution – Herausforderungen für das Informations- und Medienrecht (2010), p. 629. Ibid. Bundesrechtsanwaltsordnung (BRAO – Federal Regulation of Attorneys). Legal Tribune online, Entwicklungen in Sachen Redtube – Gegenwind für Abmahnanwälte, Neues zu IP-Ermittlung (13.12.2013). Cf. Christian Solmecke, Wenn sich die Abmahnindustrie verzockt – Rechtsprobleme bei Massenabmahnungen im Internet, in: Jürgen Taeger (ed.), Digitale Evolution – Herausforderungen für das Informations- und Medienrecht (2010), pp. 626 et seq.; Sandra Schmitz/Thorsten Ries, Three songs and you are disconnected from cyberspace? Not in Germany where the industry may “turn piracy into profit”, European Journal of Law and Technology 2012, Vol. 3 No. 1. See AG Düsseldorf, Decision of 05.04.2011 – 57 C 15740/09, BeckRS 2011, 14473.

461

Second Chapter: User-Targeted Responses

Although in most cases sums between EUR 800 and EUR 2,500 (incl. damages) are claimed,1670 a rather low sum can turn out more profitable. It may prevent recipients of an Abmahnung to consult a lawyer. A consultation of a lawyer to have the claim assessed will usually cost approx. EUR 170.1671 The difference to the amount claimed is small. Recipients of Abmahnungen often pay the costs without consulting a lawyer or negotiate a settlement themselves where they will then pay an agreed amount of money. The incentives for paying even if they claim to be unaware of having committed an infringement are high: the letter usually informs them that in case of non-compliance they will be taken to court and that this will involve further costs. Even if the recipient has not committed the infringement himself, he may be tempted to pay because he fears that he cannot prove his innocence and may have to pay his lawyer’s costs in addition. Hence, even if smaller sums are claimed, the sheer volume of letters being sent out, and the optimisation in handling the cases by specialised law forms, means that Abmahnungen provide an income for lawyers and companies that detect infringements, while at the same time compensating the infringed rights-holders. Activists against the system of Abmahnungen claim that a large amount of cease and desist letters is being sent out in relation to copyright infringements of hardcore porn movies.1672 The reason for this obvious, the subject of hardcore porn movies may promise a higher “success rate”, meaning that many recipients of an Abmahnung may rather pay the requested compensation than challenge the claim. The recipients of the cease and desist letter may rather pay to avoid embarrassing discussions with their family members. They may also feel too embarrassed to consult a lawyer.

1670 Alexander Klett/Matthias Sonntag/Stephan Wilske, Intellectual Property Law in Germany (2008), pp. 74 et seq. 1671 Based on the value of the claim and a EUR 20 flat fee for postage and communication. 1672 See for instance Verein zur Hilfe und Unterstützung gegen den Abmahnwahn e.V., Die Große Jahresstatistik 2010, available at http://www.verein-gegen-den-a bmahnwahn.de/zentrale/download/statistiken/2010/jahresbilanz_2010.html (last accessed 16.06.2011).

462

B. National Enforcement Measures Against Users

dd) False Allegations – The Redtube.com Case As already outlined above, the Redtube.com case concerned the streaming of porn clips on Redtube. To date, it has not become clear, how the rightsholder, the Swiss company the Archive AG, managed to log the IP addresses of the stream consumer. Redtube itself denies the allegations that it has forwarded any data.1673 According to the disclosure orders, the IP addressed had been harvested by a software name GLADII 1.1.3 by the company IPGuards, which claims that it allows the monitoring of download platforms. A technical expert statement as regards the reliability of GLADII 1.1.3 had been leaked but did not provide any details as regards the functioning of the software, in particular references regarding the monitoring of Redtube were omitted.1674 Redtube's Vice-President considers it unlikely that the monitoring software managed to log IP addresses. This would only be possible in peer-to-peer file-sharing networks and not with streaming sites.1675 To obtain the information in question, it would thus have been necessary to have monitoring software installed by the streaming provider on its servers or on the computers of its users – something the streaming provider denies.1676 Research by the online news portal heise.de, which specialises in IT-related news suggests that users were redirected to the copyrighted clips without noticing that they were redirected.1677 Users reported that prior to accessing Redtube.com, they were connected to trafficholder.com, which redirected them via retdube.net to Redtube.com.1678 According to heise.de, trafficholder sells redirection of traffic.1679 Further investigations conducted by heise.de suggests that in fact the rights-hold-

1673 Mathhias Kremp, Streaming-Portal: Redtube will für Recht auf Porno kämpfen, Spiegel online (20.12.2013). 1674 The expert statement can be accessed via http://abmahnung-medienrecht.de/wpcontent/uploads/2014/01/ Gutachten_ zur_ Software_ GLADII_1_1_3.pdf 1675 Mathhias Kremp, Streaming-Portal: Redtube will für Recht auf Porno kämpfen, Spiegel online (20.12.2013).1676 Ibid. 1677 heise.de, Porno-Abmahnungen: Indizienkette zur IP-Adressen-Ermittlung verdichtet sich (13.12.2013). 1678 Ibid. 1679 Ibid.

463

Second Chapter: User-Targeted Responses

ers used fake domains as honeypots, which logged the IP addresses while at the same time presenting the video stream on Redtube to the user.1680 If this allegations turn out to be true, then the Abmahnungen, that have been sent out will amount to fraud. In January 2014, the prosecutor’s office in Cologne initiated criminal investigations. d) Steps Taken to Prevent that “Piracy Turns into Profit” In 2012, the German Constitutional Court announced as an obiter dictum, that it is questionable whether an Abmahnung constitutes a useful service of a lawyer and should be compensated.1681 Thereby the Court indirectly expressed criticism on the mass scale sending out of cease and desist letters. Against the deficits described above, the criticism is in many instances justified. Especially since reports had previously emerged that a company that specialised in the detection of copyright infringement in file-sharing networks, advertised its business model as generating more income for rights-holders than online music sales: whereas a legal download generates an income of EUR 0.60, illegal downloads may generate EUR 90.1682 Accordingly, the enforcement of copyrights via warning letters has a distinctive economic value in itself, which is even higher than the legal download market. In 2010, approximately half a million Abmahnungen have been issued, leading to approximately claims of 400 million Euros in total.1683 In particular the Redtube case highlights that the Abmahnung, which has been designed as an easy, fast and claimant- and defendant-friendly tool for out-of-court settlement, is prone to misuse. Although theoretically

1680 Holger Bleich, Briefkasten-Ermittlungen, c't 2014, Issue 5, 28. 1681 The Court questioned whether the Abmahnung constitutes “überhaupt eine grundsätzlich brauchbare anwaltliche Dienstleistung darstellt und insoweit ersatzfähige Rechtsverfolgungskosten auslöst”, BVerfG, Order of 21.03.2012 – 1 BvR 2365/11 (Unerlaubtes Filesharing im Internet), Zeitschrift für Urheberund Medienrecht 2012, 471, 474. 1682 Holger Bleich, Die Abmahn-Industrie – Wie mit dem Missbrauch des Urheberrechts Kasse gemacht wird, c´t 2010, No. 1, 154, 155; Christian Solmecke, Wenn sich die Abmahnindustrie verzockt – Rechtsprobleme bei Massenabmahnungen im Internet, in: Jürgen Taeger (ed.), Digitale Evolution – Herausforderungen für das Informations- und Medienrecht (2010), p. 629. 1683 Ibid.

464

B. National Enforcement Measures Against Users

the system is fair and just, its application does not fulfil these expectations. The basic idea is to avoid court litigation and settle disputes out of court. This shall not only safe time but also costs. It is the right of the infringed party to inform the infringer of his misconduct and to be compensated for the costs involved for this informing which is also in the interest of the infringed party. The latter may not be aware of his infringing behaviour, and following the Abmahnung may be able to cease and desist from the infringing conduct. However, as long as allegedly infringed parties are successful with dubious claims the public perception of the instrument is negative. But it is not just the wilful abusers of the systems that must to be blamed for this negative perception; it is also the jurisprudence of the courts issuing the disclosure orders. In addition, the restrictive interpretation of § 97a II UrhG, which until October 2013 limited the recoverable necessary expenses to EUR 100 for “non-complex cases with only an immaterial infringement of rights outside of commercial transactions” added to the misapprehension regards the Abmahnung. Undeniably, there are (mis-) and (ab-)users of the system that try to turn piracy into profit. Undeniably, there are also rights-holders that need quick, effective and inexpensive instruments to enforce their rights. That is why the legislator and the courts need to close the loopholes that facilitate the abuse of the system. A first step into the right direction has been taken in 2013, when the Gesetz gegen unseriöse Geschäftspraktiken1684 was passed, and subsequently took effect in October 2013. The Law requires transparency, meaning that every Abmahnung that is issued in relation to copyright infringements, must be transparent: it must list all costs and damages claimed separately and not as one lump sum.1685 Further the law sets the value of a claim for a first Abmahnung against a consumer at EUR 1,000 maximum, which would limit the lawyer's fees that must be compensated in addition to damages, to EUR 130.1686 However,

1684 This can be translated as “Law against dubious business practices”. 1685 See Article 8 of the Gesetz gegen unseriöse Geschäftspraktiken, which inserts § 97a UrhG into the German copyright code. 1686 Ibid. There is no limitation on damages in the law, so the rights-holders may still claim hypothetic licence costs. Prior to the enactment of the law, it had been assumed that if the bill becomes law, rights-holders would concentrate on damages and their calculation, see Konrad Lischka, Anti-Abzock-Gesetz: Das Märchen von der Abmahn-Deckelung (30.01.2013).

465

Second Chapter: User-Targeted Responses

this limitation shall not apply when the limitation would be unreasonable in light of the specific circumstances of the case in question. The previous limitation in § 97a UrhG, that existed from 2008 to October 2013, did not succeed in curtailing the perceived abuse of the system due to a considerably strict interpretation of “non-complex” cases. No file-sharing case has been reported, where a court held a file-sharing case to be “non-complex”. A “non-complex” case is no longer a condidtion for the limitation, and now, a lot depends on the determination of what could be considered unreasonable in light of the specific circumstance of the case. Scholars doubt that the new law will lead to any changes and predict that the notion of “specific circumstances of the individual case” will be read by judges as “do whatever you want”.1687 However, with the first cases emerging recently, it seems that courts are willing to interpret the provision wide, and are likely to accept the limitation in peer-to-peer file-sharing scenarios. The law also foresees that in case of unfounded claims, the recipient of an Abmahnung may claim compensation for his lawyer's costs.1688 Also, the law introduces a new jurisdiction rule, establishing exclusive competence of the court at the place of residence of the alleged infringer.1689 As a consequence, all courts will be confronted with claims, which will no longer be concentrated in Munich and Hamburg as it is the case today.1690 This will probably lead to a less uniform jurisprudence. Although the law contains some welcomed changes, it still leaves enough room for abuse. Especially, since the courts obviously lack expertise when it comes to Internet disputes. If the Landgericht Köln judges had paid attention to the fact that there are many different ways to download, upload, share or streams protected works on the Internet, they might have questioned the obviousness of infringements in the disclosure requests. Their attitude towards handling the disclosure requests is in clear disrespect of the law, even if they only need to examine the obviousness in summary proceedings. What is needed in that respect are specialised

1687 See ibid. 1688 Ibid. 1689 See Article 8 of the Gesetz gegen unseriöse Geschäftspraktiken, which inserts § 104a UrhG into the German copyright code. 1690 The courts in Munich and Hamburg are alleged to be particularly claimant (=rights-holder)-friendly.

466

B. National Enforcement Measures Against Users

“cyber”chambers that deal with nothing else than these requests.1691 It needs to be guaranteed that the law which foresees a balancing of interests, is also applied in that way, especially since the disclosure of personal data interferes with the privacy and data protection rights of the subscriber. It may also be helpful for consumer to regulate the content of an Abmahnung, for instance making it obligatory to inform the recipient that only the actual infringer is obliged to pay damages. Although many forums and websites discuss the issue of who is obliged to pay damages, the majority of recipients is unaware of this fact. That the Gesetz gegen unseriöse Geschäftspraktiken is no more than a good start for shaping a framework for online infringements of copyright has been proven by the Redtube case: at the time the Abmahnungen were sent out, the Law was already in force and could not prevent the shameful consequences. Although the mass-scale sending of cease and desist letters is unlikely to end, the rights-holders and their aides will be required to spend more time on assessing their claim and draft the letters more precisely. At least the time where hundreds of Euros could be claimed just for sending the letter (excluding damages) has reached its end. Recent caselaw suggests that courts no longer accept claim values of more than EUR 1,000 in file-sharing cases. As a consequence, it has become more difficult to pursue Abmahnungen as a tool that turns piracy into money. A lower claim value, however, also means that the recipient of an Abmahnung may be less likely to consult a lawyer, because the costs for consultation, and the compensation that is claimed are almost equal. But then one must ask, whether someone that has not committed a wrongful act is likely to comply with the request or challenge it. If users understood the concept of Störerhaftung, this would help to change the public perception of Abmahnungen as a money-making instrument. As most of the subscribers that share a connection, will escape liability for damages, what will be left of the Abmahnung is a warning and the cease and desist request. For this act, which is in the interest of the subscriber as it will inform him, that either his Internet access is not adequately secured or someone else is

1691 It must be noted that almost all German states have passed regulations (based on § 105 UrhG) that grant jurisdiction in copyright infringement cases to specific courts. However this does not mean that the judges at these courts have received specific training with regard to digital evidence or the functioning of the Internet as such.

467

Second Chapter: User-Targeted Responses

using his connection to commit infringement, it is reasonable to claim compensation from the subscriber instead of having the taxpayer (French gradutated response), or the rights-holder and access provider (UK graduated response) pay. One may only ask if the EUR 1,000 limitation on the claim value is not still too high. What remains to be solved, are claims against non-consumers like hotels or pubs that offer free Wi-Fi to their customers. These cases do not fall under the new limitation within § 97a UrhG. 2. UK: Out of Court Settlement by Pre-Litigation Letters: A fundamentally Different Approach? While Abmahnungen have been sent out to alleged file-sharers in Germany for several years, reports of such letters being sent to UK customers only evolved after German antipiracy company became active in the UK in 2007.1692 They tried to import their time-tested businell model to the UK. First cases of cease and desist letters similar to the German Abmahnung have been reported as early as 2007, but have in 2012 raised attention when the scheme was subject to a case before the High Court. However, the letters never became such a successful – in terms of generating revenues for the rights-holders – tool as in Germany. The following paragraphs will outline the practice of letters before claim in the UK, analyse their legal basis and look into similarities to the Abmahnungen in Germany. Although jurisprudence recognises the legitimate right of companies to seek redress for copyright infringement, the courts require that the legitimate interests of consumers must be properly safeguarded. This has been highlighted in the case of Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening,1693 where the High Court expressed its concern about a business model that often has been referred to as “speculative invoicing”. Like in Germany, it seems that abuses exceed the schemes’ potential as a viable solution to enforcing copyright out of court.

1692 Andrew Murray, Information Technology Law, The law and society (2nd ed. 2013), p. 287. 1693 Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch).

468

B. National Enforcement Measures Against Users

Due to the minor relevance of the pre-litigation letters in the UK, the following paragraphs will not go into depth when it comes to the basic framework for copyright infringements and remedies, and only address these briefly. The focus will be clearly on how the High Court dealt with the deficits of the system that have been outlined in the analysis of the German system of Abmahnungen. a) In Brief: Legal Framework for Private Copyright Enforcement in the UK Other than in Germany, the UK does not have a statutory information right against third parties in relation to copyright infringements. This does however not mean, that there are no information rights. Rights-holders in the UK will have to apply for a so called Norwich Pharmacal order, that has already been addressed in the context of the DEA 2010 graduated response scheme and will at this point be outlined in detail. aa) The Service of Disclosure Orders in the UK – Right to Information and Norwich Pharmacal orders A copyright owner contemplating legal action against a copyright infringer in the UK also faces the aforementioned hurdles in relation to bringing his claim. In order to be able to call an identifiable party to account, the UK common law system places possessors of information under a duty to assist a wronged party by disclosing the identity of anonymous actors in certain circumstances. Website operators and Internet service providers do not usually voluntarily disclose user details due to contractual confidentiality obligations or due to the fact that such disclosure may be in breach of statutory obligations under UK data protection legislation not to disclose personal data without the consent of the data subject or an order of the court. While in Germany, the copyright code contains an explicit provision on third party disclosure orders,1694 the Copyright, Designs and Patents Act 1988 remains silent as to such a statutory right. When Article 8(1)(c) IPR

1694 § 101 II, IX UrhG.

469

Second Chapter: User-Targeted Responses

Enforcement Directive1695 however requires Member States to ensure that, in the context of proceedings concerning IPR infringements and in response to a justified and proportionate request of a claimant, judicial authorities may order the disclosure of information leading to the origin of the infringement, this does not mean that the Member State has to introduce a separate provision on third party disclosure in proceedings concerning IPR infringements. The Enforcement Directive only requires Member States to “ensure” that the possibility for third party disclosure exists. In the UK such a remedy exists in the form of an application for a Norwich Pharmacal order. In Norwich Pharmacal v Excise Commissioners1696, it had been judicially determined that even where an “involved” third party incurred no personal liability for the tortious acts of others, it nonetheless had a duty to assist a wronged party by disclosing information that it possesses enabling the claimant to identify a wrongdoer where otherwise he would not be able to do so.1697 Jurisdiction of a court to order disclosure under the Norwich Pharmacal principles against third parties is only to be exercised if the third party is the only practicable source of the information sought and thus is a remedy of last resort.1698 In subsequent

1695 Article 8 of the IPR Enforcement Directive reads as follows: “1. Member States shall ensure that, in the context of proceedings concerning an infringement of an intellectual property right and in response to a justified and proportionate request of the claimant, the competent judicial authorities may order that information on the origin and distribution networks of the goods or services which infringe an intellectual property right be provided by the infringer and/or any other person who: […] (c) was found to be providing on a commercial scale services used in infringing activities”. 1696 Norwich Pharmacal Co. and others v Customs and Excise Commissioners [1974] AC 133. 1697 Norwich Pharmacal Co. and others v Customs and Excise Commissioners [1974] AC 133, at 175. Lord Reid described the principle as follows: “...if through no fault of his own a person gets mixed up in the tortious acts of others so as to facilitate their wrong-doing he may incur no personal liability but he comes under a duty to assist the person who has been wronged by giving him full information and disclosing the identity of the wrongdoers. I do not think that it matters whether he became so mixed up by voluntary action on his part or because it was his duty to do what he did. It may be that if this causes him expense the person seeking the information ought to reimburse him. But justice requires that he should co-operate in righting the wrong if he unwittingly facilitated its perpetration.” 1698 Mitsui & Co Ltd v Nexen Petroleum UK Ltd [2005] EWHC 625 (Ch), [2005] 3 All E.R. 511, at 24.

470

B. National Enforcement Measures Against Users

cases, the courts have extended the application of the principle,1699 which as a common law instrument is a flexible remedy, capable of adaption to new circumstances.1700 In Mitsui & Co Ltd v Nexen Petroleum UK Ltd the High Court summarised the conditions that have to be satisfied for the court to exercise the power to order Norwich Pharmacal Relief: “i) a wrong must have been carried out, or arguably carried out, by an ultimate wrongdoer; ii) there must be the need for an order to enable action to be brought against the ultimate wrongdoer; and iii) the person against whom the order is sought must: (a) be mixed up in so as to have facilitated the wrongdoing; and (b) be able or likely to be able to provide the information necessary to enable the ultimate wrongdoer to be sued.”1701

As regards the first requirement, a Norwich Pharmacal applicant will have to provide evidence that an infringement has taken place. In peer-to-peer file-sharing cases, applicants may submit statements by IT scientist outlining the operation of software used to monitor peer-to-peer file-sharing1702

1699 E.g. the jurisdiction is not confined anymore to circumstances where there has been tortious wrongdoing and is now also available where there has been contractual wrongdoing, see P v T Limited [1997] 1 WLR 1309; Carlton Film Distributors Ltd v VCI Plc [2003] FSR 47. In addition, jurisdiction is no more limited to cases where the identity of the wrongdoer is unknown but extends to cases where the identity of the wrongdoer is known, but where the claimant requires disclosure of crucial information in order to able to bring his claim, see Axa Equity & Law Life Assurance Society Plc v National Westminster Bank (CA) [1998] CLC, 1177, Aoot Kalmneft v Denton Wilde Sapte [2002] 1 Lloyds Rep 417, Carlton Film Distributors Ltd v VCI Plc [2003] FSR 47. Also, the third party from whom information is sought does not need to be an innocent party anymore, he may as well be a wrongdoer himself, see CHC Software Care v Hopkins and Wood [1993] FSR 241. 1700 Ashworth Hospital Authority v MGN Ltd [2002] 1 WLR 2033, per Lord Woolf CJ at 2049F. 1701 Mitsui & Co Ltd v Nexen Petroleum UK Ltd [2005] EWHC 625 (Ch), [2005] 3 All E.R. 511, at 21. 1702 They described the test carried out to verify that the computer application that had been in use, was “able to identify the source of a file transmitted over the Internet through certain P2P networks, namely transmissions involving the eDonkey network and the BitTorrent protocol, correctly identified the IP addresses and dates and times of uploading of a number of test files which he had uploaded. Mr Vogler [the expert] explains he did not have Xtrack installed on his computer, and did not concern himself with how it worked, but treated it as a “black box”. He simply presented it with inputs, namely his test files, and

471

Second Chapter: User-Targeted Responses

as evidence provided by experts in the sense of CPR r.35.2(1)1703, which is admissible under section 3 of the Civil Evidence Act 1972. The necessity of a disclosure order is often immanent in the medium Internet where anonymous or pseudonymous communication is usually the case. Thus Norwich Pharmacal orders were granted in cases of anonymous online communication in relation to defamation cases1704 and online privacy violations1705. Accordingly, host providers were ordered to disclose information leading to the identification of their users to enable the applicants to sue them.

examined the outputs to see if they corresponded to his inputs. He was satisfied that they did correspond… In section 6 of his report, Mr Vogler explains that an IP address identifies a device, which may be a computer or a router. Although Internet service providers often assign IP addresses dynamically, they retain records which enable the customer to whom the IP address had been assigned to be identified. He goes on to say that the actual user of the computer at the relevant time may or may not be the customer registered with the Internet service provider. He also acknowledges two possible circumstances in which Xtrack might wrongly identify someone as the source of an upload, the more straightforward of which is where the victim's computer has been taken over by a trojan which enables a third party to control the computer.” (Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 26–27). 1703 CPR r. 35.2(1), that is to say, “a person who has been instructed to give or prepare expert evidence for the purpose of proceedings”. Although CPR Part 35 does not define “expert evidence” as such. it is generally accepted that expert evidence is evidence the giving of which requires particular expertise in the field in question by virtue of study and/or experience (see Evans-Lombe J held in Barings plc v Coopers & Lybrand [2001] PNLR 22 at [45]). 1704 See e.g. Court of Appeal, Totalise plc v Motley Fool Ltd [2001] EWCA Civ 1897, [2002] 1 WLR 1233; High Court, Sheffield Wednesday Football Club Ltd v Hargreaves [2007] EWHC 2375 (QB); Jane Clift v Martin Clark [2011] EWHC 1164 (QB). 1705 High Court, G and G v Wikimedia Foundation Inc [2009] EWHC 3148 (QB). In this case the applicants, a mother and her child, sought an anonymous user’s details from the Wikimedia Foundation so as to identify an individual who had anonymously posted private and confidential information about them on the Wikipedia website. See also High Court, Applause Store Productions Ltd v Grant Raphael [2008] EWHC 1781, which concerned a fake profile on Facebook and an order seeking to have the identity of the person who set up the profile revealed.

472

B. National Enforcement Measures Against Users

From a data protection point of view, the court will have to consider whether the disclosure is warranted having regard to the rights and freedoms or the legitimate interests of the data subject.1706 Thus, in addition to being necessary, the order must be proportionate.1707 A disclosure order regularly invades the right to privacy of an individual (as enshrined in section 6 of the Human Rights Act 1998, Article 8(1) of the ECHR and Arts. 7 of the CFR) as well as the right to the protection of personal data under Article 8 of the CFR and in the light of those provisions, the Data Protection Directive and section 35 of the Data Protection Act 1998 – especially when that individual is in the nature of things not before the court.1708 Therefore, the court must ensure that the invasion is justified.1709 Anonymity is not merely a mask for wrongdoers but has social values in its own right. In this regard, Article 10 ECHR and the Charter also protect the anonymous individual.1710 Thus, there must be an infringement of some severity so that a disclosure would not disproportionate. In copyright law, section 16(3)(a) of the CDPA 1988 requires that the sharing related to the work as a whole or any substantial part of it. The rights-holder will have to demonstrate that if a work had been shared, a substantial part of it was been made available.1711 It remains to be seen whether the sharing of only parts of a work as it is common in bittorrent networks will qualify as substantial parts of a work, and subsequently be able to outweigh the rights of the not-yet identified defendant. Defamation case law suggests that minor infringements are not capable of outweighing the interests of the anonymous defendant. In a defamation case, a judge concluded that it would be “disproportionate and unjustifiable intrusive” to make an order for the disclosure of the identities of users who had posted messages which were barely defam-

1706 Court of Appeal, Totalise plc v Motley Fool Ltd [2001] EWCA Civ 1897, [2002] 1 WLR 1233, para. 24. 1707 Court of Appeal, Rugby Union v Viagogo Ltd [2011] EWCA Civ 1585, para. 27 et seq. 1708 See Court of Appeal, Totalise plc v Motley Fool Ltd [2001] EWCA Civ 1897, [2002] 1 WLR 1233, para. 24 and Rugby Union v Viagogo Ltd [2011] EWCA Civ 1585, para. 27. 1709 Court of Appeal, Totalise plc v Motley Fool Ltd [2001] EWCA Civ 1897, [2002] 1 WLR 1233, para. 25. 1710 Cf. ibid. 1711 This will be difficult to prove if a bittorrent file-sharing programme was used, where usually a number of peers will each share a small portion of the file.

473

Second Chapter: User-Targeted Responses

atory or little more than abusive or likely to be understood as jokes.1712 Only in the case of those comments that could reasonably be understood “to allege greed, selfishness, untrustworthiness and dishonest behaviour on the part of the claimants”1713, the rights of the defamed could outweigh the right of the authors to protect their anonymity. However, in some cases, necessity and proportionality may go hand in hand, meaning that once an arguable wrongdoing by an unidentified individual is established and there is no realistic way of discovering the identity of the individual other than a Norwich Pharmacal order, it will usually be proportionate to make such an order.1714 Hence, where a whole work has been made available to the public, it is unlikely that the rights of the not yet identified defendant will outweigh the interests of the rightholders. As outlined above in the section on Germany, it is evident that disclosure orders may not be as effective in revealing usable information as they initially appear, for example when they lead to an Internet café or unsecured Wi-Fi networks. Also, any application for a Norwich Pharmacal order has to be made swiftly because access providers do not preserve relevant data for a long period. The claimant will have to argue that the subscriber of an Internet connection identified was making a copyright protected work available contrary to section 20 CDPA 1988 and authorising within the meaning of section 16 CDPA 1988 the downloading of films which involved the making of infringing copies or substantial parts thereof, and/or acting as joint tortfeasor with the downloaders. bb) Remedies for Copyright Infringement in the UK Similar to the remedies available in Germany, the remedies available to a successful claimant in a private civil infringement action include inter alia relief by way of damages, injunctions, or accounts.1715

1712 High Court, Sheffield Wednesday Football Club Ltd v Hargreaves [2007] EWHC 2375 (QB), para. 17. 1713 Ibid, para. 18. 1714 Court of Appeal, Rugby Union v Viagogo Ltd [2011] EWCA Civ 1585, para. 28 et seq. 1715 See Section 96(2) CDPA 1988.

474

B. National Enforcement Measures Against Users

The rights-owner is entitled to deprive the infringer of the unjust enrichment that has accrued to him as a result of his unlawful activites. In the context of intellectual property rights infringements, the claimant may claim damages, or alternatively an account of profits. As regards the account of profits, the claimant will be entitled to the profits made by the defendant as a result of his infringement.1716 As regards a claim for damages, the claimant will be entitled to be compensated for the invasion of his rights. This compensatory remedy will put the claimant in the position he would have been in if there had been no infringement. Additional statutory damagaes can be awarded under section 97(2) CDPA 1988, where ordinary damages would not be sufficient to compensate.1717 In file-sharing case, the rights-holder will usually claim damages because the infringer commonly does not make any profits from infringing copyright. In relation to the calculation of damages a distinction is made between a rights-holder who himself exploits the intellectual property rights and a rights-holder who does not. The latter will only be able to claim a licence fee as damages. The licence fee is the fee that would have been paid by the infringer if he had acquired a licence from the rights-holder for the act that gave rise to the claim. An interesting case in relation to damages for online copyright infringements has been rendered by the Court of Appeal in 2012.1718 In Sullivan v Bristol Studios, the claimant, a hiphop artist, demanded damages from the defendant for uploading a music video of him without his consent on YouTube. Precisely, the claimant sought damages of GBP 800,000 for “breach of statutory duty, infringement of copyright and...loss of a chance”. It was calculated that the video would have been seen by the defendant film company’s staff plus a maximum of 50 people. The claim was transferred to the Chancery Division, where its value was assessed at just GBP 50. The defendant applied successfully to have the claim struck

1716 As regards the account of profits see Hector MacQueen/Charlotte Waelde/ Graeme Laurie/Abbe Brown, Contemporary intellectual property, Law and policy (2nd ed. 2011), p. 972. 1717 As regards the award of additional damages see ibid, p. 970. 1718 Court of Appeal, Tony D Sullivan (aka Rudey Soloman) v Bristol Film Studios Ltd, [2012] EWCA civ 570.

475

Second Chapter: User-Targeted Responses

out on the basis that a claim for such a small sum was a disproportionate use of the court’s time and resources. In addition to damages, the rights-holder is also entitled to obtain an injunction to stop any further infringement. In this context the distinction between the different types of actors is not as relevant as in Germany. b) Lessons Learned from Germany: The Phenomenon of Cease and Desist Letters in the UK and Speculative Invoicing It did not take long after the first letters before claim asking for damages had been sent out in the UK that they were deemed as “speculative invoicing”. Soon they attracted considerable media attention as they usually request the Internet subscriber to pay a specified sum of several hundred pounds1719 to compensate the copyright holder for any damage caused by the alleged copyright infringement and the costs incurred in enforcing the claim outside of court. The attention, this practice gained, was not in regard to the practice as such, but to the fact that the sums demanded were out of proportion and that the rights-holders or those acting on their behalf did not seek to confirm whether the Internet subscriber was actually responsible for the copyright infringement that had been detected.1720 Soon it emerged that antipiracy companies are running a quite profitable business model. In the following this business model and its public perception will be outlined before it will be analysed how the High Court tries to set boundaries on a scheme that turns piracy into profit. aa) Introducing the Antipiracy Industry in the UK Copyright infringements in peer-to-peer networks are usually detected by “antipiracy” companies that are specialised in searching the networks for infringements. After their business model has proven successful in Ger-

1719 According to Consumer Focus typical sums demanded are in the range of GBP 500 to GBP 1,000, see High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 36. 1720 Ibid.

476

B. National Enforcement Measures Against Users

many with a number of court cases won in German courts, the companies were confident that they can do the same in the UK and started entering the UK market from 2008 onwards.1721 Their business model is the same as in Germany: The antipiracy company acquires the right to distribute movies, music or computer games from the rights-holders or as stated by HHJ Birss QC in Media CAT v Adams citing an agreement between an antipiracy company and a rights-holder: “At best it is a company with a contract which gives it 'all rights necessary to allow [Med T] to inquire claim demand and prosecute through the civil courts where necessary any person or persons identified as having made available for download a film for which [an agreement] has expressly licensed'”.1722 The antipiracy companies then access peer-to-peer networks and, acting as fictitious users (or peers), pretend, that they wish to access copyrighted material. The companies use their software to make connections with individuals who indicate that they had works of the rights-holders they represent or works for which they have acquired the distribution rights. They then download the work or parts of it onto the companies’ computers and compare the download with the original material in order to see whether it corresponds. Besides searching peer-to-peer networks for copyright infringements, critics accuse the companies to also set up “honey traps” for file-sharers by themselves making copyrighted material available for download in peer-to-peer networks.1723 This practice allows them to easily record the IP address of incoming connections that download and at the same time upload the file. While this is only an allegation, these allegations have in particular been raised in relation to hardcore pornography. When sending out the letter before claim informing the identified subscriber about the alleged infringement, they obviously expect that a sub-

1721 Miles Brignall, File sharers targeted with legal action over music downloads, The Guardian (17.07.2010), see also Tony Levene, Porn bill for couple who can’t download, The Guardian (29.11.2008). The most famous German companies specifically active in the field of copyright enforcement in peer-to-peer networks are DigiProtect, DigiRights Solutions or Logistep. 1722 Media C.A.T. Ltd v Adams and others [2011] EWPCC 6, para. 5. HHJ Bliss QC refers to an agreement between Media CAT and Sheptonhurst Ltd, which are the owners of copyright in pornographic films. The agreement purport to give Media CAT the right described as well as the sole and exclusive right to demand, collect and receive all revenues in respect of illegal file-sharing. 1723 Ernesto, When pirates become copyright cash cows, TorrentFreak (30.08.2009).

477

Second Chapter: User-Targeted Responses

stantive number of recipients will rather pay the requested fee than start negotiating or denying the claim – especially when pornography is concerned.1724 Letters before claim are not required by law in the UK. There is no formal pre-action conduct, which applies to intellectual property disputes. The antipiracy companies have optimised the detection of copyright infringements by acting and enforcing the rights of numerous artists. Like in Germany, they would cooperate with law firms that are themselves specialised in assisting intellectual property rights-holders exploiting and enforcing their rights globally. With these law firms, the companies would have “revenue sharing agreements” whereby they would share the sums recovered by sending the letters before claim to alleged infringers. The rights-holders would be invoiced for the law firm’s professional fees. It is recognised that copyright owners have a legitimate interest in obtaining legal remedies against copyright infringements. But it is not clear whether this legitimate interest can be satisfied by sending out speculative invoices. Given the profit-sharing agreements and the fact that the party conducting the litigation gets a higher share than the author of the copyright protected work, antipiracy companies are considered as acting with the sole intention of soliciting money rather than enforcing copyright. bb) The History of Speculative Invoicing in the UK The practice of speculative invoicing emerged in March 2007, when 500 individuals were accused of having shared a computer game.1725 The National Association of Citizens Advice Bureaux reported in 2010 about several incidents where individuals seeked for advice after receiving let-

1724 Miles Brignall, File sharers targeted with legal action over music downloads, The Guardian (17.07.2010). In Germany, it has been reported that the exploitation rights of cheap-produced amateur pornography have been sold by the copyright holder to third parties way above its original value so that the monetary compensation the third party could claim and which depends in Germany on the market value of the movie increases. Considering that Internet subscriber that receive a letter accusing them of sharing porn movies might be too embarrassed to risk being sued, this can became a quite lucrative business scheme. 1725 Andrew Murray, Information Technology Law, The law and society (2nd ed. 2013), p.287.

478

B. National Enforcement Measures Against Users

ters asking for damages.1726 These individuals seeked advice because they believed they were innocent of the alleged infringement and had been wrongly identified or because someone else might have used their Internet connection and downloaded the work in question. Many of the recipients of letters claim that they have been shocked and worried at having received a demand for payment and want to know how to refute the claim. Typical examples for those seeking advice would be the following: “A Derbyshire CAB client was one of many reported by this bureau who thought a demand received for GBP 295 for a claimed music download was a scam. The client explained that he never downloaded music and did not even listen to the type of music detailed in the letter. He was the only person able to access his computer. He was worried about the threat of court action and the stress this was causing his partner who had recently suffered a stroke.”1727 “A CAB client in Buckinghamshire received a letter claiming GBP 495 for downloading material protected by copyright. He was certain this had not happened in his home. At the time the download had allegedly occurred, he was getting married.”1728 “A CAB client in Buckinghamshire was worried about the consequences of not paying a GBP 295 demand for copyright breach despite being certain that no breach had occurred in her household. At the time of the claimed download the client was at work, her eldest child was away at university and the two younger children were at school. She checked the download history of all the computers and found no evidence to substantiate the claim.”1729

Interestingly, only a few actors could be identified in the UK since 2007 that have been involved in speculative invoicing.1730 The most prominent law firms involved were Davenport Lyons and ACS:Law, with the latter taking over Davenport Lyons’ work from April 2009 onwards. It was Devenport Lyons that had originally developed and pursued a scheme for recovering compensation for copyright owners whose copyright had been infringed. In April 2009, ACS:Law took over this scheme from Davenport

1726 National Association of Citizens Advice Bureaux, Online infringement of copyright and the Digital Economy Act 2010 – Draft Initial Obligations Code, Response from Citizens Advice to Ofcom (July 2010), p.4 et seq. 1727 Ibid, p.4. 1728 Ibid. 1729 Ibid, p.5. 1730 Max Rowlands, UK: “Speculative invoicing” schemes target internet file-sharers and individuals accused of minor retail crime (2011), p. 4; Andrew Murray, Information Technology Law, The law and society (2nd ed. 2013), p.287.

479

Second Chapter: User-Targeted Responses

Lyons, including the client list and staff involved being transferred from one law firm to another.1731 ACS:Law had obtained the right to identify, pursue and prosecute instances of copyright infringement from some copyright owners. Several antipiracy companies were instructed to conduct monitoring of IP addresses in peer-to-peer networks for infringements of its clients’ copyrights. Once an antipiracy company detected an IP addresses involved in filesharing, ACS:Law would apply for a Norwich Pharmacal order on behalf of its clients against the Internet service provider. Once ACS:Law had obtained the names and contact details, it sent letters of claim demanding payment of a specified sum as compensation to the Internet subscribers.1732 The compensation was said to include damages, Internet service provider administration costs (and its legal costs where applicable), as well as a contribution to the rights-holders’ legal costs incurred to date and “additional costs”.1733 No breakdown is made of the figure given, so it was not possible to identify what exactly was claimed. In the case of Media CAT v Adams,1734 the owner of copyright in relation to a number of pornographic films, the sum demanded was initially GBP 540 and later GBP 495.1735 According to Mr Crossley's own evidence was that the reason for the reduction that “the client wants to bring the figure below GBP 500 because he believes there is a psychological barrier at GBP 500 that prevents people from paying so he is trying to optimise revenue on settlement”.1736 The letter also informs the subscriber that if the sum is agreed no further payment will be sought in relation to the infringements referred to.

1731 Max Rowlands, UK: “Speculative invoicing” schemes target internet file-sharers and individuals accused of minor retail crime (2011), pp. 4 et seq. 1732 For a description of the procedure see High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 41 et seq. 1733 Cf. e.g. Patents County Court, Media C.A.T. Ltd v Adams and others [2011] EWPCC 6, para. 19. 1734 Ibid. For a comment on the case see Gary Moss, Media CAT v Adams: the CAT that did not get the cream, Journal of Intellectual Property Law & Practice 2011, Vol. 6 No. 11, 813 – 820. 1735 For a description of the procedure see High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 42. 1736 Ibid.

480

B. National Enforcement Measures Against Users

Leaked documents of correspondence between Davenport Lyons and DigiProtect suggested that the antipiracy companies also carefully selected against whom they will pursue their claim, leading to the conclusion that they do not necessarily have the intention to sue alleged infringers.1737 The recipients of the letters were ranked out of ten on the basis of how likely they were to comply and then targeted accordingly.1738 In ranking the recipients, they carefully considered the recipient’s financial means, legal knowledge, and the potential for negative publicity. Whether a claim was pursued was made dependent on the ranking. It has also been reported that ACS:Law sent questionnaires to those who refuted the allegations.1739 The questionnaire had the potential to be used against the recipient in further proceedings by asking inter alia whether the recipient used file-sharing software and why, whether someone else had access to the Internet connection and whether they would be willing to submit their computer(s) for forensic analysis.1740 They usually do not have sufficient evidence to enforce their claim unless a user confesses to illegally downloading/uploading a file. The Internet is awash with complaints from users who insist that they have not downloaded the files of which they have been accused of infringing copyright.1741 At this point, it needs to be clarified that the letters – in – in a strict sense – do not accuse the recipients of illegal downloading but inform them that the antipiracy company has evidence that one of their clients’copyrighted works was made available through a file-sharing network to others from the recipient’s Internet connection. They thus, allege the unauthorised making available of a copyrighted work from a specific Internet connection and not a download by the recipient. The scheme needed to be profitable for the actors involved otherwise the engagement of antipiracy firms would be obsolete. It is known that ACS:Law entered into retainers for “non-contentious” work with its

1737 The documents can be accessed at http://www.wikileaks.com/wiki/Davenport_L yons_and_DigiProtect_Actionpoints_for_filesharers%2C_14_Jan_2009 (last accessed on 17.03.2013). 1738 Ibid. 1739 Max Rowlands, UK: “Speculative invoicing” schemes target internet file-sharers and individuals accused of minor retail crime (2011), p. 5. 1740 Ibid. 1741 Miles Brignall, File sharers targeted with legal action over music downloads, The Guardian (17.07.2010), see also Tony Levene, Porn bill for couple who can’t download, The Guardian (29.11.2008).

481

Second Chapter: User-Targeted Responses

clients which provided for the damages and costs paid by the alleged infringers (minus applicable disbursements and the Internet service providers’ costs) to be split between ACS:Law, the antipiracy company and the rights-holder. An agreement referred to in the disciplinary proceedings against the head of ACS:Law, Anthony Crossley, set out the share of the net recoveries between each of the parties involved: in relation to the works of one specific copyright owner copyright owner was to receive 25% of the net recoveries, the law firm was to receive 42% and the antipiracy company was to receive 33%, in another case, the rights-holder was to receive 35% of the net recoveries, the law firm was to receive 52.5% and the monitoring firm was to receive 12.5%.1742 DigiRights Solutions, which is one of the antipiracy companies, that had an agreement with ACS:Law, claims that in Germany roughly 25% of people to whom they send a letter pay an average fee of around EUR 450, making the letters before claim a lucrative revenue stream considering that DigiRights Solution receives 80% of the money and forward 20% to the copyright holder.1743 As of 30 June 2010, ACS:Law had sent 20,323 letters of claim and thereby recovered the total sum of GBP 936,570.92, of which ACS:Law received GBP 341,078.92.1744 In September 2010, ACS:Law accidentally published its email archive online, so that it could be revealed that the company had even made over GBP 636,000 from alleged filesharers in less than two years activity.1745 But it is not just the generated revenues as such that are not well perceived, it is the individual fee that is claimed.1746 The antipiracy companies would often ask for the same amount of money from every alleged infringer without distinguishing between the work that has been shared or the number of files shared, which indicates that the actual damages incurred by the rights-holder seem not to be taken into consideration. Like

1742 Solicitors Regulation Authority v Andrew Jonathan Crossley, Case no. 10726 (06.02.2012), paras. 33 and 45. 1743 See Max Rowlands, UK: “Speculative invoicing” schemes target internet filesharers and individuals accused of minor retail crime (2011), p. 4. 1744 High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 44. 1745 Ernesto, Leaked emails reveal profits of anti-piracy cash scheme, TorrentFreak (26.09.2010). 1746 For early cases see Tony Levene, Porn bill for couple who can’t download, The Guardian (29.11.2008).

482

B. National Enforcement Measures Against Users

in Germany, the sum demanded would not be broken down into costs and damages. Finally, until November 2010, ACS:Law commenced only 27 cases on behalf of the rights-holder Media CAT, for which it had previously sent out tens of thousands of letters threatening legal action.1747 Considering that it is very unlikely that out of 10,000 letters only 27 recipients refused to pay, one may ask where all the announced legal actions are. When HHJ Birss QC convened a hearing for directions in all 27 Media CAT cases commenced before the Patents County Court in January 20111748, ACS:Law attended the court office with 27 notices of discontinuance. The notices of discontinuance were however set aside by HHJ Birss QC as an abuse of process for two reasons: “First, they would give the copyright owners, who had not been joined to the proceedings, an unwarranted collateral advantage stemming from a breach of section 102 of the CDPA 1988 and the avoidance of CPR r. 19.3, namely that the copyright owners would avoid being subject to CPR r. 38.7. Secondly, they would give Media CAT, ACS:Law and the copyright owners an unwarranted collateral advantage of avoiding judicial scrutiny of the underlying claims on which the Norwich Pharmacal orders were based”.1749 He found that “a wholesale letter writing campaign” was being conducted to generate revenues based on the threat of legal proceedings.1750 In this regard, the court assumed that simple arithmetic shows that the actors involved would make more than one million pounds even if 80% of the recipients refused to pay. Taking a very pragmatic view, the court concluded that it is unlikely that cases are being taken to court if one could make such an amount of many just with the threat of legal proceedings.1751 To date there is no known case of proceedings being issued by ACS:Law. Overall, HHJ Birss QC had been very critical about the letters before claim scheme. He concluded that ordinary members of the public could have a wrong understanding of the content of such a letter, in particular do 1747 Patents County Court, Media C.A.T. v Adams [2011] EWPCC 6, [2011] FSR 8, para. 22 et seq. 1748 See Patents County Court, Media C.A.T. v Billington [2010] EWPCC 18. 1749 HHJ Birss QC in Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 52, referring to Media C.A.T. v Adams [2011] EWPCC 6, [2011] FSR 8, para. 98 et seq. 1750 Patents County Court, Media C.A.T. v Adams [2011] EWPCC 6, [2011] FSR 8, para. 98. 1751 Ibid, para. 100.

483

Second Chapter: User-Targeted Responses

lay members if the public do not know that a Norwich Pharmacal order is not based on a finding of infringement by the court.1752 Considering the above described activities of ACS:Law, it is not surprising that the Solicitors’ Regulation authority received more than 500 complaints about ACS:Law within less than one and a half year of their activities in this regard.1753 These concerns also attracted the attention of politicians. During a debate on the Digital Economy Bill in the House of Lords, the issue of letters before claim and the way they are used in other jurisdictions, has been raised in the context of the notification procedure foreseen in the Digital Economy Act. Several members of the House of Lords referred to the way letters before claims are used as “bullying tactics…to get people to pay up”.1754 Lord Clement-Jones recognised that the letter before claim tactic is becoming a “big business” and does not protect the proper and legitimate rights of copyright owners while causing distress to the recipients of the letters.1755 Already in 2010, voices have been raised in the House of Lords to put an end to the scheme.1756 The concerns of the House of Lords have been shared by the Ministry of Justice in a letter sent by the Parliamentary Under Secretary of State, Bridget Prentice, to Lord Young of Norwood Green.1757 On a wide basis, the scheme is rather seen as an economic model than a model of copyright enforcement. Even BPI, the body that represents the UK recorded music industry, does not condone the mass-mailing of alleged infringers but stresses that it

1752 Ibid, para. 21. 1753 High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 45. 1754 House of Lords, Hansard, Debate 18 January 2010, Columns 792 et seq., 4.15 pm, http://www.publications.parliament.uk/pa/ ld200910/ldhansrd/text/1001180004.htm#1001185000078. 1755 House of Lords debate (18.01.2010), http://www.youtube.com/watch?v=ORBfs 3QCvTY. 1756 Lord Lucas in House of Lords debate, (01.03.2010), http://www.youtube.com/w atch?v=dwKbQVzRHEg. 1757 Letter dated 08 February 2010 from Bridget Prentice, Ministry of Justice, to Lord Young of Norwood Green, Minister for Postal Affairs and Employment Relations, http://webarchive.nationalarchives.gov.uk/+/interactive.bis.gov.uk/di gitalbritain/ wp-content/uploads/ 2010/02/Bridget%20Prentice%20MP%20letter -%208%20Feb%202010.pdf.

484

B. National Enforcement Measures Against Users

considers that legal action is best reserved for the most persistent or serious offenders, rather than being widely used as a first response.1758 Thus, it came to no surprise when the British national consumer association, Consumer Focus1759, concluded that the letter before claim scheme as it is operated to date is indiscriminate and potentially causes distress on part of consumers.1760 Notably, the owner of law firm ACS:Law, Anthony Crossley, has been referred to the Solicitors Disciplinary Tribunal by the Solicitors Regulation Authority, and in February 2012, has been suspended from practising for two years for breaching several rules of the Solicitors Code of Conduct 2007.1761 Although it seemed that the awareness and the proceedings against ACS:Law before the Solicitors’ Disciplinary Tribunal let to a decrease in

1758 Miles Brignall, File sharers targeted with legal action over music downloads, The Guardian (17.07.2010). 1759 The National Consumer Council, which operated until May 2013 as Consumer Focus and is now operating as Consumer Futures, is a non-departmental public body and statutory consumer organisation in England, Wales, Scotland, and, for postal services, Northern Ireland. It was established by the Consumers, Estate Agents and Redress Act 2007, and began operations in 2008 by the merging Postwatch, Energywatch and the Welsh, Scottish and National Consumer Councils under the Consumer Focus brand. 1760 High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 37. 1761 In specific, he breached Rule 1.03 by allowing his independence to be compromised ; he breached Rule 1.04 by acting contrary to the best interests of his clients ; he breached Rule 1.06 by acting in a way that was likely to diminish the trust of the public places in him or in the legal profession ; he breached Rule 2.04(1) by entering into arrangements to receive contingency fees for work done in prosecuting or defending contentious proceedings before the courts except as permitted by statute or the common law; he breached Rule 3.01 by acting where there was a conflict of interest in circumstances not permitted under the Rules, in particular because there was a conflict or significant risk that the Respondent’s interest were in conflict with those of his clients; he breached Rule 10.01 by using his position as a solicitor to take or attempt to take unfair advantage of other persons, being recipients of letters of claim wither for his own benefit or the benefit of his clients; he breached Rule 1.06 and 5.01(g) by failing to take adequate steps to ensure that appropriate technical and organisational safeguards were in place at his firm to protect against the accidental loss of personal data and documents. See Solicitors Regulation Authority v Andrew Jonathan Crossley, Case no. 10726 (06.02.2012).

485

Second Chapter: User-Targeted Responses

letters being sent out, in 2012 more and more disclosure orders were applied for. cc) Putting the Rule to the Test: Piracy Cannot Be Turned into Profit As outlined above, the only way in which it is possible to obtain information about the names and addresses of subscribers to whom logged IP addresses had been assigned at the relevant time is to obtain disclosure from the Internet service provider. In the case of Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), the court took the opportunity to discuss fundamental questions as to the operation of the Norwich Pharmacal Regime and the legitimacy of so called “speculative invoicing”. With regard to the latter, the court in particular dealt with the question how to balance the rights of copyright owners and consumers. (1) Golden Eye v Telefonica UK: Facts of the Case In short, Golden Eye and its fellow claimants1762 were the owners of the copyright in a number of pornographic films which they suspected had been the subject of unauthorized peer-to-peer file-sharing. The claimant Ben Dover Productions had granted Golden Eye a royalty-free worldwide

1762 Golden Eye also acted for the other 13 applicants in the application. One claimant (Ben Dover Productions) had granted Golden Eye a royalty free worldwide exclusive licence of all copyrights and rights in the nature of copyright in a number of pornographic films for a period of five years. The third to fourteenth claimants were also owners of copyrights in pornographic films and each of them had entered into an agreement with Golden Eye granting Golden Eye the exclusive right to act for them in relation to any alleged breaches of copyright arising out of peer-to-peer copying of material across the Internet. This included allowing Golden Eye to bring a claim for breach of copyright on their behalf. Under the agreements, Golden Eye agreed to pay the licensor 25% (in some agreements the figure specified was up to 37.5%) of any revenue. See High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), paras. 10-14. For a comment on the case see Gary Moss, Golden Eye v Telefonica: Media CAT revisited, Journal of Intellectual Property Law & Practice 2012, Vol. 7 No. 12, 872 – 878.

486

B. National Enforcement Measures Against Users

exclusive licence of all copyrights and rights in the nature of copyright in a number of pornographic films for a period of five years. The other claimants had entered into an agreement with Golden Eye, which granted Golden Eye the exclusive right to act for them in relation to any alleged breaches of copyright arising out of peer-to-peer file-sharing, including allowing Golden Eye to bring a claim for breach of copyright on their behalf. They had logged data of 9,124 users of the access provider O2 in connection with infringements of their copyrights. In the following, Golden Eye, acting as well for the other 13 applicants, applied for a Norwich Pharmacal order seeking disclosure from the access provider of details of their subscribers so that they could then sent cease and desist letters to the subscriber whom they suspected of copyright infringement. The business model operated by Golden Eye is identical to the ones described above: Golden Eye would receive between 25% and 37.5% of the damages collected for its clients. Although the letters that had been sent out to the Internet subscribers threatened them with legal proceedings, Golden Eye seemed to be reluctant to pursue its claims. Arising out of information obtained by virtue of Norwich Pharmacal orders in previous cases, Golden Eye had only brought three claims for infringement.1763 In two of these cases, Golden Eye served a notice of discontinuance after the claims had been transferred to the Patents County Court, while in the third case, Golden Eye obtain a default judgement.1764 In Golden Eye v Telefonica UK the draft letter, which was intended to be sent out and which was presented in the proceedings for the disclosure order against Telefonica, asked the recipients to sign an undertaking that they will abstain from infringing intellectual property rights and threatened to sue them if they did not pay the sum of GBP 700 by way of compensation for the infringement that had already occurred. Similar to the letters sent out by ACS:Law, the draft letter suggested that the subscribers were responsible for any copyright infringement that took place via their Internet connection even if it was committed by a third party whom they permitted the use of that connection.The following are extracts from the original draft letter:

1763 See ibid, para. 56. 1764 See Patents County Court, Golden Eye (International) Ltd v Mohamed Maricar [2011] EWPCC 27, and High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 58.

487

Second Chapter: User-Targeted Responses

– “Forensic Analyst We have obtained the services of a forensic computer analyst to search for and identify Internet addresses from which out copyright works (including the Work) are being made available on so called 'peer to peer' (P2P) Internet sites for the purposes of making them available for download by third parties without our client's consent or licence. – Evidence GEIL's forensic computer analyst has provided us with evidence that the following UK date and time, [B] [C], all or part of the Work was made available from the Internet protocol (or IP) address [Applicant], specifically for the purpose of downloading by third parties…On 2011 Mr Justice,…, ordered O2 to give us disclosure of your name and address for the purpose of this letter. For your information we enclose a copy of that Order…. – Infringing Acts The act of file sharing the Work without the consent of GEIL is unlawful and, in particular, has caused damage to our business. In effect, every copy of the Work that is downloaded represents a potential lost sale. … File sharing also results in lost royalty revenue and weakening of the brands saleability. We have set out below the infringing acts you are liable for to GEIL: 1. either for copying the Work on to the hard drive of your personal (or office) computer…and/or for 2. making the Work available to third parties for downloading (pursuant to sections 16(1)(d) and 20 of the Act). Please note that such making available can be caused simply by a person connected to your Internet connection downloading the Work, during the course of which the part downloaded is then made available to other third parties connected to the network in question. In the event that you were not responsible for the infringing acts outlined above, you should make full disclosure to us of the other parties at your residence using your Internet connection to make the Work available for download. – Legal Consequences … In the event that this matter cannot be resolved, it may become necessary for GEIL to being a claim against you for copyright infringement. This claim would be brought in the civil court, where liability is determined on the balance of probabilities. In that event, we must make you aware that if successful, we will be entitled to recover from you damages and possibly a contribution towards the legal costs if you choose to instruct lawyers. … 488

B. National Enforcement Measures Against Users

– Proposed Settlement … Our offer is that you: 1. promise in a written undertaking not to upload, download, make available or otherwise share the Work or any of GEIL works (or other intellectual property) and/or permit others to do the same using your Internet connection, at any time in the future, either from the above IP address or any other; 2. agree to delete any copies of the Work (and any other intellectual property of GEIL from your hard drive and/or operating system and/or any copies saved to disk (or other media), other than those that were purchased by you from a legitimate source; and 3. pay GBP 700.00 as compensation to GEIL for its losses. – Next Steps – payment and undertakings … For the avoidance of doubt, these undertakings will represent an agreement between you and GEIL and if you act in breach of that agreement, we will have no option but to take further action against you. … In the event that either the payment or undertakings are not received within fourteen days of the date of this letter, GEIL reserves the right to take further action which could include commencement of proceedings and possibly an application to your ISP to slow down or terminate your Internet connection.”1765 The content of the letter and the way it was drafted clearly suggested to a recipient without any legal knowledge that he needs to pay the requested sum. (2) The Conditions for Granting Norwich Pharmacal Relief in Relation to Peer-to-Peer File-Sharing Cases and Speculative Invoicing Although Arnold J found that there was a prima facie case that each of the respective subscribers associated with the IP addresses provided by the claimants had illicitly copied one or more of each of the applicants’ works for the purpose of making them available via file-sharing websites for third parties to download, it took the court 152 paragraphs to grant disclo-

1765 High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 33. Golden Eye argued that the letter would be suitably adapted in the case of claims concerning infringements of copyrights owned by the fellow claimants.

489

Second Chapter: User-Targeted Responses

sure of “the name and postal address of the registered owner or owners of each of the Internet account or accounts that were assigned to the Internet protocol address” The High Court took the opportunity to set a precedent after four years of speculative invoicing. Although the court granted Norwich Pharmacal orders in relation to Golden Eye and one other claimant out of 141766, it stated that any claim letter sent by copyright owners or their representatives must properly safeguard the legitimate interests of the recipients. Thus, when considering the proportionality of the order, the court balanced not just the rights of the copyright holders against those of the access provider from whom they demand disclosure of information but also took into account the rights of the not-yet-identified subscribers by examining the wording of the draft cease and desist letter. While the general prerequisites for a Norwich Pharmacal order could be established without doubt, the Court put an emphasis on the question of whether the request of the claimant was “justified and proportionate”.1767 (3) Establishment of Genuine Intent to Seek Redress for Arguable Wrongs Before the Court could deal with question of whether the claimants’ requests were justified and proportionate, it examined whether the claimants were genuinely seeking redress. In this regard, it was irrelevant that the applicants might not bring proceedings against the wrongdoer in the future. It is not a requirement for the grant of Norwich Pharmacal relief that the applicant intends to bring proceedings against the wrongdoer.1768

1766 Golden Eye had only entered into an agreement with one of the other claimants that would give Golden Exe an exclusive licence in accordance with section section 92(1) CDPA 1988, and thus a title to sue. With regard to the other claimants, Golden Exe was not licensed by the copyright owner to do any of the acts restricted by the copyrights in the works, but only to act for them in relation to any alleged breaches of copyright arising out of P2P file-sharing. 1767 Akash Sachdeva/Jonathan McDonald, The use of Norwich Pharmacal orders to identify online infringers – an old remedy updated for modern times, Entertainment Law Review 2013, Vol. 24 Issue 3, 103, 106. 1768 High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 109.

490

B. National Enforcement Measures Against Users

Sending a letter before action with to the intention of persuading the wrongdoer to agree to pay compensation and to give an undertaking not to infringe in the future was considered as one legitimate way of seeking redress.1769 There is no requirement for the intending claimant to commit himself at such an early stage to bring proceedings if redress cannot be obtained consensually.1770 The intending claimant is entitled to be selective as to whom he pursues proceedings against.1771 Bearing the costs of litigation in mind, litigating for damages of GBP 700 is likely to be uneconomic and thus, a claimant may not want to sue, except perhaps as a test case.1772 This may even be the case under the new small claims track for copyright claims in the Patents County Court which has been introduced in October 2012 as a lower cost solution for litigants with a maximum damages award of GBP 10,000 and minimal costs recovery and exposure.1773 Against this background, an applicant seeking redress for a large number of low-value infringements cannot be criticised for being selective or not pursuing claims at all.1774 It was also legitimate for Golden Eye and the other claimants to enter into commercial arrangements under which Golden Eye undertakes the effort, cost and risk of applying for Norwich Pharmacal orders and making claims against alleged infringers, including the costs of instructing solicitors and counsel, in return for a handsome share of the proceeds. Such an agreement does not as such imperil the ability of the court properly to control the circumstances in which an order will be granted and the use which may be made of the information obtained if an order is granted or to control the conduct of subsequent claims against the intended Defendants.1775

1769 1770 1771 1772 1773

Ibid, para. 109. Ibid, para. 109. Ibid, para. 110. Ibid, para. 110. If the amount that is claimed is excessive, then even bringing a small claim may be unattractive. 1774 High Court, Golden Eye (International) Ltd and others. v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 111. 1775 Ibid, para. 99. Consumer Focus which intervened on behalf of the not-yet-identified subscriber had argued that “profit-sharing-agreements” between Golden Eye and the other claimants are champertous and thus jeopardise the proper administration of justice. The Court did not find that the agreements in question were “agreements to conduct litigation in the sense of the champertous agreements” in Sibthorpe v Southwark London Borough Council [2011] EWCA Civ 25, [2011] 1 WLR 2111.

491

Second Chapter: User-Targeted Responses

The court rejected the allegation that the division of revenue between Golden Eye and the other Claimants had all the hallmarks of a moneymaking exercise for Golden Eye, (ii) the sum of GBP 700 requested in the draft letter was unsupported and unsupportable, (iii) the Claimants were equivocal about their willingness to pursue infringement actions and (iv) the conduct of the three claims brought by Golden Eye against alleged infringers suggested a desire to avoid judicial scrutiny.1776 (4) Disclosure Order Must be Necessary to Pursue Redress The applicants are owners of copyrights, which have been infringed by individuals who have been engaged in peer-to-peer file-sharing. The only way in which the applicants could ascertain the identity of the Internet subscribers and seek compensation for past infringements would be the disclosure of names and addresses of the subscribers of the logged IP addresses. Without the information sought by the application for Norwich Pharmacal relief, the claimants cannot issue proceedings to engage in preaction correspondence with the intended defendants. When the claimants’s copyrights have been infringed, it is necessary for the alleged wrongdoers to be identified so that the claimants are able to protect their rights by seeking redress.1777 (5) Proportionality of a Disclosure Order When considering the proportionality of the order sought, a court will have to take into account the precise terms of the order sought and in this regard also the terms of the draft letter of claim. Although the order sought may be proportionate between the applicants and the Internet service provider, it does not follow that it is proportionate as between the applicants and the intended defendants.1778 With regard to the latter, it is necessary to examine the terms of the draft letter of claim.

1776 High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 108 et seq. 1777 See ibid, para. 114 et seq. 1778 Ibid, para. 120.

492

B. National Enforcement Measures Against Users

The draft letter must be worded so as properly safeguard the legitimate interests of the intended defendants, and in particular the interests of intended defendants who have not committed the alleged infringements. A disclosure order can only be proportionate, if the legitimate interests of the intended defendants in protecting their privacy and data protection rights are safeguarded. This was not the case in the Golden Eye case for several reasons: As regards the letter of claim in the Golden Eye case, Arnold J criticised that the letter failed to state clearly that the merits of the infringement allegations against the intended defendant had not yet been considered by the court.1779 The letter further suggested that the recipient was liable for copyright infringement without clearly stating that that person might not be responsible at all for the infringing acts.1780 Liability for a third party that used an Internet connection to infringe copyright may only arise where the subscriber has authorised within the meaning of section 16 of the CDPA 1988 the downloading of films which involved the making of infringing copies. 1781 Allowing a third party to use an Internet connection in general cannot be equated with authorising a third party to commit infringements. The Court also recognised that an Internet connection may be unsecured and utilised unbeknownst to the owner.1782 Further the letter was considered one-sided in that it listed the legal consequences to the intended defendant of a successful claim without mentioning the consequences to the relevant claimant of an unsuccessful claim.1783 In addition, it was also unjustified to refer to “other intellectual property” under the heading “Proposed Settlement” when there was no evidence that any IP rights of the claimants have been infringed.1784 Also, it was unrea-

1779 Ibid, para. 125. 1780 Ibid, para. 126. 1781 To authorise an infringement is to “sanction, approve, or countenance” it, see High Court, Monckton v Pathe Freres Pathephone Ltd [1914] 1 KB 395 and High Court, Evans v Hulton & Co Ltd [1924] WN 130 (KB). An apparent willingness of the courts to treat indifference as capable of being authorisation, has been identified, cf. Hector MacQueen/Charlotte Waelde/Graeme Laurie/Abbe Brown, Contemporary intellectual property, Law and policy (2nd ed. 2011), p. 159 with further references. 1782 In this regard cf. also HHJ Birss QC’s arguments against equating allowing and authorising in Media C.A.T. v Adams [2011] EWPCC 6, [2011] FSR 8, para. 30. 1783 High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 127. 1784 Ibid, para. 128.

493

Second Chapter: User-Targeted Responses

sonable to require a response from the intended defendants within 14 days, in particular, as they were consumers.1785 Finally, it was unjustified to threaten further legal action in the form of an “application” to the Internet service provider to slow down or terminate the subscriber’s Internet connection.1786 As regards the claim for GBP 700, the claimants are not justified to demand from every intended defendant the payment of GBP 700. The figure was unsupportable for several reasons: (i) an unknown percentage of the intended defendants would not be infringers, and would thus not liable to pay any sum; (ii) the scale of the infringement committed by each infringer is unknown; (iii) the royalties must not necessarily be assessed on the basis of a time limited license to exploit a work worldwide; (iv) additional damages will not necessarily be awarded; (v) the sum seems to be selected so as to maximise the revenue obtained from the letters of claim and was not a realistic estimate of recoverable damages.1787 The Court took the position that instead of specifying a figure in the initial letter it would rather be acceptable for the claimants to explain that they are prepared to accept a lump sum in settlement of their claims.1788 Accordingly, the claimants should individually negotiate the settlement sum with each intended defendant.1789 In summary, a legitimate course was to inform the intended defendants about the meaning of a Norwich Pharmacal, and require those who admit infringing to disclose information about the extent to which they did so and then negotiate a settlement on a case-by-case basis. If the claim for a Norwich Pharmacal order takes into account the concerns above, the claimants’ interests in enforcing their copyrights outweigh the intended defendants’ interests in protecting their privacy and data protection rights. This meant for Golden Eye, that the order was granted under the condition that Golden Eye amends the draft order and the draft letter so as to eliminate the concerns expressed.

1785 1786 1787 1788 1789

494

Ibid, para. 129. Ibid, para. 130. Ibid, paras. 133–137. Ibid, para. 138. Ibid.

B. National Enforcement Measures Against Users

(6) Control of the litigation The claimants in the Golden Eye case were divided into two groups. The Court distinguished between Golden Eye and Ben Dover Productions, and the other claimants. While with regard to Golden Eye and Ben Dover Norwich Pharmacal relief was granted, it was denied in relation to the other claimants. The reason for this were the terms of agreements that Golden Eye had entered in with the other claimants. Ben Dover Productions was the only claimant that had entered into a worldwide licensing agreement with Golden Eye under which Golden Eye had the exclusive licence of all copyrights and rights in the nature of copyrights in specified Ben Dover films for a period of five years. Thus, Golden Eye could bring a claim in its own right. However, as regards the other twelve claimants, the situation was different as they had only granted Golden Eye the exclusive right to act for them in relation to alleged breaches of copyright arising out of peer-to-peer file-sharing. Norwich Pharmacal relief was denied in regard to these twelve claimants as this kind of relief was considered as “tantamount to the court sanctioning the scale of the intended defendants’ privacy and data protection rights to the highest bidder”.1790 Hence, a disclosure order would not be proportionate and fair. If these claimants had applied themselves, orders would have been granted in their favour.1791 This decision was however reversed by the Court of Appeal.1792 dd) Summary The Golden Eye case clarifies that revenue-sharing agreements in this context are not per se champertous and that the business model operated by Golden Eye is legitimate. As long as the applicant for a Norwich Pharmacal order can demonstrate that he has a genuine commercial desire to

1790 High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 146. 1791 Ibid. 1792 Court of Appeal, Golden Eye (International) Ltd and others v Telefonica UK Ltd [2012] EWCA Civ 1740. For a comment on the appeal see Mark Hyland, The seductive interface between adult entertainment and Norwich Pharmacal Relief, Communications Law 2013, Vol. 18 Issue 2, 56 – 60.

495

Second Chapter: User-Targeted Responses

obtain compensation for infringement of his copyrights, he is entitled to the order sought. Although speculative invoicing as a method of seeking redress for infringement was not condemned by the court, Arnold J.’s comments on the content and wording of letters before claim provides useful guidelines for future enforcement campaigns. 1793 Intended threatening behaviour in the letters before claim, in particular with regard to cut down or slow down a potential infringer’s Internet connection will not be considered favourably by a court. In Golden Eye, the High Court confirmed what has been previously set out by HJ Birss QC in Media CAT v Adams,1794 namely, that a court, when asked to grant Norwich Pharmacal relief, has to carefully consider the terms of the draft letter of claim and its impact upon ordinary consumers who may be innocent, who may not have access to specialised legal advice and who may be embarrassed or distressed at the allegations. The draft letter in Golden Eye failed this test as it failed to state clearly that the merits of the infringement allegations had not yet been proven, and was one-sided as well as of a threatening nature. A letter that is drafted in such a way and demands a lump sum for compensation without acknowledging that an unknown percentage of recipients would be non-infringers and the scale of infringements is unknown and differs from recipient to recipient. The pre-action correspondence needs to be adapted on a case-by-case basis. As at the time of application for disclosure the scale of infringement is unknown and it is not clear that the intended defendant is the actual infringer, the rights-holder may only express that he is willing to accept a lump sum as compensation but may not demand a sum that is not a realistic estimate of losses and costs incurred. Hence, a court is not going to approve standardised mass letters, which are not adapted on a case-bycase basis. In addition to what has been said, the comparable low number of warnings being send out, may also be based on the fact that in the UK, suing users “has been seen as something of a last resort because of the damage it causes to public relations”.1795 If this is true for the UK, than it becomes

1793 Paul Joseph/Charlotte Ward, Golden Eye (International) Ltd v Telefonica UK Ltd, Entertainment Law Review 2012, Vol 23 Issue 6, 183, 185. 1794 Patents County Court, Media C.A.T. v Adams [2011] EWPCC 6, [2011] FSR 8, para. 30. 1795 Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights (2011), p. 25.

496

B. National Enforcement Measures Against Users

clear why primarily adult film copyright owner rather than the mainstream industries have been involved in volume litigation. ee) The UK Application Departs from the German Approach In comparison to the German pre-litigation settlement scheme, there is, first of all, a significant conceptual difference. In Germany a subscriber is likely to be liable as a Störer, in the UK such concept does not exists. Thus, a subscriber who has not committed an infringement himself or authorised another person to do infringe copyright pursuant to s. 16(2) CDPA 1988, is not liable at all. Authorisation of infringement is sanctioning, countenancing or approving another person’s primary infringement where one has authority or control over a primary infringer. In copyright infringement cases where authorisation pursuant to s. 16(2) CDPA 1988 took place, there has always been a direct and immediate link between the act of the defendant and the infringement which followed.1796 This however, differs from the German concept of Störerhaftung as it requires more than creating an opportunity for others to infringe. Although it has been argued that where the complaint is about the provision to others of opportunity to infringe and it can be coupled with the necessary degree of control over those others and specific instances of infringement, then there may be liability for infringement,1797 this does not equate the Störerhaftung. HJ Birss QC already pointed out in Media CAT v Adams that allowing a third party to use an Internet connection does not alone equate authorising an infringement by this person.1798 UK courts have not yet decided whether the act of authorising use of an Internet connection turn the person doing the authorising into a person authorising the infringement within section 16(2), but in the light of the decision in Golden Eye it is unlikely that they will equate authorised use of an Internet connection with authorised use to infringe copyright.

1796 Cf. Hector MacQueen/Charlotte Waelde/Graeme Laurie/Abbe Brown, Contemporary intellectual property, Law and policy (2nd ed. 2011), p. 161 with further references. 1797 Ibid, p. 161. 1798 Patents County Court, Media C.A.T. v Adams [2011] EWPCC 6, [2011] FSR 8, para. 30.

497

Second Chapter: User-Targeted Responses

Another difference is the applicable law, concerns the granting of a disclosure order. While in Germany a court will only assess in summary proceedings whether an obvious infringement has been committed, the UK court has to assess the contravening interests even of the non-identified subscribers. In this regard, he will also have to take into account the concrete allegations and the terms of pre-action letter of claims. This of course leads to much more workload of a court confronted with an application for Norwich Pharmacal relief. However, it is not foreseeable that UK courts will be overrun with disclosure request like German courts are. The reasons for this are: UK courts do not approve the mass scale sending out of standardised letters before claim. Instead of specifying a figure in the letter before claim, they rather consider it acceptable for the claimants to explain that they are prepared to accept a lump sum in settlement of their claims.1799 Only if the recipient of the letter admits an infringement (either committed by himself or authorised) and in particular also the scale of the infringement, the claimants should individually negotiate the settlement sum with the intended defendant. 3. Pre-Litigation Letters: Concerns Relating toTechnology and Fundamental Rights While in Germany the pre-litigation settlement plays a major role and is primarily relied on in copyright infringement cases, in the UK courts are rather careful to grant the disclosure orders necessary to prepare for cease and desist letters. The difference in numbers is based on mainly two grounds: there are only few actors in the UK, that send out the cease and desist letters in online copyright infringement cases,1800 and the courts dealing with the disclosure request will more thoroughly examine the application for disclosure. Other than the graduated response schemes, questions as to the standards for establishing an infringement or the evasion of detection will not

1799 High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 138. 1800 As of 2013, apparently only one practioner firm is sending out speculative invoicing letters, see Andrew Murray, Information Technology Law, The law and society (2nd ed. 2013), p.287.

498

B. National Enforcement Measures Against Users

be addressed. Especially the latter does not play a role, when it comes to the efficiency of the system in the fundamental rights assessment. The prelitigation letters are no instruments that prepare criminal proceedings; they are instruments for out-of-court settlement in civil matters. The rightsholders are free to decide whether and against whom they want to pursue their claims. In the following, it will be briefly outlined how the technological problems that have previously identified are dealt with under civil law, in particular the fact that the IP address subscriber must not necessarily be the infringer as well as the securisation of Wi-Fi networks will be addressed. In terms of compliance with secondary EU law, only the disclosure of personal data is of relevance as this is based on Article 8 of the IPR Enforcment Directive. Also, the assessment of fundamental rights can be kept brief, as in the context of civil proceedings; we have private parties on the claimant and defendant side instead of a subordination relationship. a) Dealing with Technological Matters The question of how the fact is dealt with that the IP address does not necessarily lead to the actual infringer, is a matter of general copyright law: namely, whether subscribers can be liable for copyright infringements that have been committed via their Internet connection. The question of determination of an infringement is of no relevance in this discussion, because there is no third party or authority that needs to determine whether an infringement has actually been committed. If a recipient of a cease and desist letter challenges the allegations, the rights-holder may sue him before a civil court, which will then assess the case based on the evidence provided by the parties. As this research is not so much concerned with the determination of copyright infringements in court, the determination of an infringement in civil proceedings will not be analysed any further than it has already been done when outlining the pre-litigation settlement in Germany and the UK. The emphasis of this section is put on the disclosure procedure and the liability of a subscriber for wrongful act committed via his Internet access.

499

Second Chapter: User-Targeted Responses

aa) IP Address Subscribers Must Not be Equalled with Actual Infringers In Germany, the rightholder carries the burden of proof that the Internet access subscriber was the actual infringer. This proof is regularly difficult to produce unless the subscriber does not admit to be the actual infringer and only the actual infringer is liable for damages. The subscriber may always rely on his right to refuse to give evidence (§ 383 ZPO) as far as family members are concerned.1801 He may argue that he was not the infringer, but does not have to name the family member who committed the infringement. Accordingly, where the subscriber can prove that not only he but also third parties used a connection, he may only be liable as a Störer. The burden of proof is alleviated for the Störerhaftung relating solely to an obligation to cease and desist. Liability as a Störer is – as mentioned before1802 – only established where the Internet access subscriber breached a duty to of care in relation to his Internet access. Such a duty is regularly established where the subscriber shares his Internet access service with other persons. It is up to the subscriber to prove that he has not breached a duty. This concept allows to issue cease and desist letters to IP address subscribers without having to identify the actual infringer. The disadvantage for rights-holders is that they will not be entitled to damages against the mere Störer. However, they will nevertheless usually also demand damages from the addresses of their cease and desist request as there is a presumption that the subscriber has also committed the infringement. It is then up to the subscriber to rebut the presumption. What makes the Abmahnungen an attractive instrument for rights-holders is the fact, that the subscriber will have to pay the costs of the Abmahung even if only Störerhaftung can be established. As in most cases, liability as a Störer will be established, the rights-holder will not have to bear any costs for informing the subscriber about the infringement that has been committed.

1801 Similarly in the UK, a party has the right in civil proceedings to refuse to answer any question or produce any document or thing if to do so would tend to expose him (or spouse) to criminal proceedings, section 14 of the Civil Evidence Act 1968. 1802 See above B. III. 1. A) aa) (3) Application of the Liability Concepts to the Subscriber of an IP Address.

500

B. National Enforcement Measures Against Users

In the UK, liability for a third party that used an Internet connection to infringe copyright may only arise where the subscriber has “authorised” within the meaning of section 16 of the CDPA 1988 the downloading of copyrighted materials which involved the making of infringing copies. 1803 “Authorisation” cannot be equated with the conditions for Störerhaftung. Allowing a third party to use an Internet connection in general can also not be equated with authorising a third party to commit infringements. 1804 UK courts have not yet decided whether the act of authorising use of an Internet connection may turn the person doing the authorising into a person authorising the infringement within section 16(2). However, in the light of the decision in Golden Eye it is unlikely that they will equate authorised use of an Internet connection with authorised infringement of copyright. The High Court also recognised that an Internet connection may be unsecured and utilised unbeknownst to the owner.1805 Accordingly, in cases were the actual infringer cannot be identified, the pre-litigation letter will have no more effect than informing the subscriber of a wrong that has been committed via his connection. For this information, the rights-holder will have to bear the costs. bb) Obligations to Secure a Wi-Fi Connection under Private Law There is not statutory provision that sets forth, whether a Wi-Fi network that is operated by a private person has to be secured. The non-adequate securisation may however lead to liability as a Störer if the subscriber succeeds in proving that he has not himself committed the infringement. The German Federal Court of Justice held in the Sommer unseres Lebens

1803 To authorise an infringement is to “sanction, approve, or countenance” it, see Monckton v Pathe Freres Pathephone Ltd [1914] 1 KB 395 and Evans v Hulton & Co Ltd [1924] WN 130. An apparent willingness of the courts to treat indifference as capable of being authorisation, has been identified, cf. Hector MacQueen/Charlotte Waelde/Graeme Laurie/Abbe Brown, Contemporary intellectual property, Law and policy (2nd ed. 2011), p. 159 with further references. 1804 Patents County Court, Media C.A.T. v Adams [2011] EWPCC 6, [2011] FSR 8, para. 30. 1805 In this regard cf. also HHJ Birss QC’s arguments against equating allowing and authorising in ibid, para. 30.

501

Second Chapter: User-Targeted Responses

case1806, that private persons that operate a Wi-Fi have to have a sufficiently secure password defined as one that is individual and sufficiently long, and have to obey the security standards at the time of purchase. Accordingly, WPA21807 is likely to be considered as the current standard for private users. This finding recognises that Wi-Fi has become a common standard, even for non-IT-literate persons. They are not required to update the security settings on a regular basis. However, this conclusion leads to unfair results, namely that those who have an old router with outdated security mechanisms are less likely to be liable for infringements committed via their Internet connection. Whether the Court intended such a result is questionable. In the UK the question of security standard, or more general, of securisation of Wi-Fi routers has not been addressed by courts yet. cc) Concerns in Relation to Reliability of Data Although concern in relation to reliability of data is a question of a more general nature, it shall be addressed briefly at this point and by looking at the German case law. Usually the disclosure requests will contain an expert’s statement on the reliability of the data harvesting procedure. Unfortunately, to date, courts have not questioned these reports and relied on the accuracy of logged traffic data. The Redtube case has recently shown, that more attention needs to be paid on assessing how IP address data was collected. In order to be able to assess the expert’s statement and the functioning of the software in the specific case, the courts will need additional training or experts themselves that instruct them on IT-related issues. In civil proceedings the parties to the case have to present the evidence that supports their claim/defence, and only in conflicts that cannot be resolved other than by the appointment of an independent expert such

1806 BGH, Decision of 12.05.2010 – I ZR 121/08, Neue Juristische Wochenschrift 2010, 2061. 1807 WPA2 (Wi-Fi Protected Access 2) is an implementation of an IEEE ('The Institute of Electrical and Electronics Engineers, Incorporated', a New York not-forprofit corporation ) security standard for Wi-Fi networks and the most used WiFi protection nowadays in both, home and professional networks. Based on the Advanced Encryption Standard (AES), the current standard specification for the encryption of data, WPA2 provides strong security and vulnerabilities are currently only known in regard to weak passphrases.

502

B. National Enforcement Measures Against Users

an expert will be appointed. In this respect, the Redtube case and also the reasoning of the High Court in Golden Eye have shown that in procedures were the future defendant is not yet named, more scrutiny in examining the infringement is required by the court. In February 2011, the Higher Regional Court of Cologne for instance raised doubts on the reliability of the traffic data stored by a major Internet access provider.1808 This provider forces a re-connect of the Internet connection every 24 hours. Additionally, when users disconnect and re-connect, they are most likely allocated a new IP address. In the application for disclosure of information, the Internet service provider confirmed that the complainant was given a new IP several times during the period in question (three consecutive days).1809 Concluding from the way IP addresses were assigned, it was considered to be very unlikely that one person will be allocated the same IP address several times in a row. The Court had doubts whether the complainant could be identified behind one single IP address for a period of three days or whether this fact was based on a faulty transmission, collection or transfer of IP addresses. Thus, the court revoked the previous order of the Regional Court of Cologne for disclosure of information. This case has unfortunately been a single incident, but shows in connection with the Redtube incident, that IP address logging and transmission of data is prone to error and that attention needs to be paid to that fact. b) Compliance of Information Disclosure with Secondary EU Law The compliance of disclosure of personal data with secondary EU law has also already been discussed in the context of graduate response schemes. As in the context of France the disclosure was made in preparation of criminal proceedings and, at this point, it needs to be examined, whether the disclosure of personal data in civil proceedings for the benefit of a copyright holder (to prepare a civil claim against a potential infringer) is in compliance with EU law.

1808 OLG Köln, Decision of 10.02.2011 – 6 W 5/11, BeckRS 2011, 04582. 1809 In this case the same dynamic IP address was allegedly allocated to the complainant on 12.06.2010 at 9:30 pm, on 13.06.2010 at 11:01 pm and on 14.06.2010 at 8:37 pm.

503

Second Chapter: User-Targeted Responses

First of all, he communication sought constitutes the processing of personal data within the meaning of Article 2 of the E-Privacy Directive, read in conjunction with Article 2(b) of the Data Protection Directive. That communication thus falls within the scope of the latter.1810 In Promusicae1811 and in LSG – Gesellschaft zur Wahrnehmung von Leistungsschutzrechten1812, the CJEU clarified that the E-Privacy Directive and the IPR Enforcement Directive must be interpreted as not precluding national legislation that imposes an obligation to disclose to private persons personal data in order to enable them to bring civil proceedings for copyright infringements. Article 8(3) of the IPR Enforcement Directive and Articles 6 and 15 of the E-Privacy Directive are to be interpreted as permitting the disclosure of personal traffic data to private third parties for the purposes of civil proceedings for alleged copyright infringements. The Court held that Community law – in particular said articles – does not preclude Member States from imposing an obligation to disclose to private third parties personal data relating to Internet traffic in order to enable them to bring civil proceedings for copyright infringement, but nor does it require those Member States to lay down such an obligation.1813 In the Bonnier Audio case, the CJEU further held that the Data Retention Directive “…must be interpreted as not precluding the application of national legislation based on Article 8 of Directive 2004/48 ... which, in order to identify an Internet subscriber or user, permits an Internet service provider in civil proceedings to be ordered to give a copyright holder or its representative information on the subscriber to whom the Internet service provider provided an IP address which was allegedly used in an infringement, since that legislation does not fall within the material scope of Directive 2006/24”.1814 Information rights enabling rights-holder to bring civil proceedings do not fall within the material scope of the Data Retention Directive, because the Data Retention Directive deals exclusively

1810 See CJEU, C-461/10 Bonnier Audio AB and Others v Perfect Communication Sweden AB, Judgment of 19.04.2012, para. 52. 1811 CJEU, C-275/06 Productores de Musica de España (Promusicae) v Telefonica de España SAU [2008] ECR I-271. 1812 CJEU, C-557/07 LSG-Gesellschaft zur Wahrnehmung von Leistungsschutzrechten GmbH v Tele 2 Telecommunication GmbH (Tele2), Judgment of 19.02.2009, [2009] ECR I-01227. 1813 Ibid, para. 41. 1814 CJEU, C-461/10, Bonnier Audio AB and Others v Perfect Communication Sweden AB, Judgment of 19.04.2012, operative part of the judgement.

504

B. National Enforcement Measures Against Users

with the retention and handling of data generated or processed by Internet service providers for the purpose of the investigation, detection and prosecution of serious crime, and does not cover the retention of data for civil proceedings.1815 According to the ruling of the CJEU in the case of Bonnier Audio, national legislation must enable “the national court seised of an application for an order for disclosure of personal data, made by a person who is entitled to act, to weigh the conflicting interests involved, on the basis of the facts of each case and taking due account of the requirements of the principle of proportionality”.1816 The national court must strike a fair balance between the contravening interests, i.e. the protection of intellectual property rights of the copyright-holders guaranteed by Article 17(2) CFR and the protection of the fundamental rights of individuals who are affected by such measures, in particular the rights safeguarded by Articles 8(1) ECHR/Article 7 CFR and Article 8 CFR.1817 The general obligation to consider the proportionality of remedies for the infringement of intellectual property rights, including orders for the disclosure of the identities of infringers derives from Article 3(2) of the IPR Enforcement Directive. Both, the common law in the UK as well as the statutory information right in Germany require the court to conduct a proportionality assessment. Thus, the law as such is conform with EU secondary law. However, not only the law but also the application of the law must be in compliance with EU law. In this respect, the practice in Germany, where courts “wave” through information requests, is questionable. In the context of fundamental rights conformity, the proportionality of the application in Germany will be assessed.

1815 Ibid, paras. 41 et seq. The Court explained that the Data Retention Directive constitutes a special and restricted set of rules, derogating from and replacing the E-Privacy Directive general in scope and, in particular Article 15(1) thereof. 1816 Ibid, para. 59. 1817 Ibid, para. 60. See also C-275/06 Productores de Musica de España (Promusicae) v Telefonica de España SAU [2008] ECR I-271, paras. 61- 68.

505

Second Chapter: User-Targeted Responses

c) Conformity with the Fundamental Rights of Internet Users While with regard to the graduated response schemes a thorough analysis of the fundamental rights has been conducted, the following analysis will concentrate on only two aspects: the compliance of the disclosure of personal data with fundamental rights and the fact that German courts do not pay sufficient regard to how data is harvested. As rights-holders often do not make transparent how they have obtained the data, and the courts are often unwilling to require more information, this could interfere with the right to fair trial of the subscriber. aa) Collecting of Personal Data Interfering with Privacy Rights The collecting of personal data and its impact on the privacy rights of the subscribers has only briefly been addressed within the assessment of the graduated response schemes. When dynamic IP addresses are collected with the intention to have the identity of the subscriber behind an IP address disclosed, the rights-holders collect personal data.1818 It has been argued that automatised IP address “harvesting” is a disproportionate interference with the privacy rights, in particular the right to confidentiality of communication, because data is collected in a general manner without knowing whether the subscriber is liable.1819 Such a conclusion would however render the IP collecting per se illegitimate, because without information on the identity of the subscriber of an Internet access service, it is impossible to tell whether the subscriber will be liable as Störer or infringer, or will not be liable at all. In fact IP collecting would then only be legitimate if the national law provided for liability for activities conducted via the addressee’s Internet access similar to the gross negligence offence in France that has been discussed in the context of graduated response schemes. However, even such a far-reaching liability requires the breach of duties to secure an Internet access and shield the connection from abusive use. This would mean, that rights-holders would have no

1818 See above B. II. c) bb) (2) Interferrence with the Right to the Confidentiality of Communications. See also Stefan Maaßen, Urheberrechtlicher Auskunftsanspruch und Vorratsdatenspeicherung, MultiMedia und Recht 2009, 511, 513. 1819 Stefan Maaßen, Urheberrechtlicher Auskunftsanspruch und Vorratsdatenspeicherung, MultiMedia und Recht 2009, 511, 513.

506

B. National Enforcement Measures Against Users

possibility to obtain information about the identity of an infringer, and would not allow a fair balance to be struck between the rights and interests of copyright owners and Internet users. When assessing the proportionality of the interference with the privacy rights of users, one must take into account that at this point (i.e. prior to a disclosure order), no identity is yet revealed. Moreover identity can only be revealed following an assessment by a court and by a court order. Thus, there is a (theoretic) safeguard that shall hinder an abuse of information requests. Further, the logging of a dynamic IP address in connection with the infringement of a protected work, and the subsequent second logging of that IP address does not mean that two infringements by one and the same subscriber have been identified. IP addresses are attributed dynamically and the logging of the same address may refer to two different persons, so that the drawing up of personal profiles is rather unlikely. With the information collected at hand, they are not able to attribute several infringements to a specific Internet access service subscriber. Other than HADOPI or UK access providers, no repeat infringer lists can be set up. Further, in contrast to the data retention by access providers under the Data Retention Directive, which was held to be illegitimate, because all data of all customers will be retained, the rights-holder or their agents will rather not log all data of all the participants of a peer-to-peer network, their software crawls for specific pre-defined infringements only. Accordingly, there is no general surveillance of peer-to-peer traffic, but monitoring for pre-defined content, of which the distribution would constitute a copyright infringement. Due to the limited scope of the data collecting, the interference with privacy rights that is necessary to pursue civil claims for copyright infringements is proportionate, and thus can be justified.1820 bb) Disclosure of Personal Data Interfering with Privacy Rights First of all, it has to be recalled, that other than under the graduated response scheme in France, disclosure of personal data can only be

1820 Stefan Maaßen in ibid concludes that the collecting of personal data by rightsholders is not legitimate under German law.

507

Second Chapter: User-Targeted Responses

ordered by a court. In the context of pre-litigation correspondence, it is necessary to bear in mind that the applicants for a disclosure order seek the communication of the name and address of an Internet subscriber using the IP address from which it is presumed that an unlawful exchange of files containing protected works took place, in order to identify that person. As stated above, granting a disclosure order interferes with the privacy rights under Article 8 ECHR and Articles 7 and 8 CFR. An interference of right to confidentiality of communication and data protection rights needs to be in accordance with the law and pursue a legitimate aim. Such a legitimate aim is the protection of the rights and freedoms of others.1821 The claimants’s copyrights, which are protected under Article 1 of the Protocol 1 to the ECHR and Article 17(2) CFR are “rights of others” within Article 8(2) ECHR and Article 52(1) of the Charter. The same applies to the rights-holders’ right to an effective remedy. Where a balance falls to be struck between the right to intellectual property and the right to an effective remedy on the one hand and privacy rights on the other hand, neither right as such has precedence over the other. The interests need to be reconciled. The mechanisms allowing these rights and interests to be balanced are, first of all, contained in the E-Privacy Directive itself, in that it provides for rules which determine in what circumstances and to what extent the processing of personal data is lawful and what safeguards must be provided for.1822 The national implementations comply with the Directive. However, as mentioned above, the authorities and courts of the Member States must not only interpret their national law in a manner consistent with the Directives but also make sure that they do not rely on an interpretation of them which would be in conflict with the aforementioned fundamental rights or with the other general principles of Community law, such as the principle of proportionality.1823 It must be noted that the national legislation in question requires, first of all, that disclosure can only be granted by a court. The court will have to assess, inter alia, that, for an order for disclosure of personal data, there be clear evidenceof an infringement of an intellectual property right (in Germany: “obvious infringement”). Further the information requested must be necessary for the infringed party to pursue his claim in the main

1821 See Article 8(2) ECHR and Article 52(1) CFR. 1822 See CJEU, C-275/06, Productores de Musica de España (Promusicae) v Telefonica de España SAU [2008] ECR I-271, para. 66. 1823 Ibid, para. 68 with further references.

508

B. National Enforcement Measures Against Users

proceedings. Both, the German statutory provision in § 101 UrhG and the Norwich Pharmacal relief in the UK require the court concerned to respect the principle of proportionality. However, although § 101 IV UrhG requires German courts to respect the principle of proportionality, the courts will in fact hardly conduct a balancing test. In practice, they will “wave” the requests “through” considering the workload they are faced with and due to the fact that the Federal Court of Justice held that the establishment of an obvious infringement suffices to guarantee a fair balance of the fundamental rights involved and to prevent unfounded claims.1824 As regards the latter, this would mean that the court would have to thoroughly assess the obviousness of an infringement in summary proceedings, which is regularly not the case. Hence, there is a strong presumption that the German courts do not satisfy the condition for a fair balancing of rights – especially since this would not be practicable for them when they are faced with mass volume requests that contain hundreds of IP addresses each. A further reason for the reluctance to conduct a proportionality test is, that disclosure is commonly applied for in proceedings for interim measures. Under these proceedings, it is sufficient that the applicant makes a credible claim.1825 This means that there will be no assessment of the evidence, for example on the reliability of logging software that has been used. Whether the methods of data collecting are comprehensible and the software that is used is reliable, is not questioned. Instead it is sufficient that the applicant gives a statutory declaration that his methods of data collecting are validated.1826 Validated in that respect does not mean approved by an independent body, it rather means that the applicant declares that the software is reliable. Under these circumstances it is questionable how a fair balance can be struck between the contravening interests since the rights-holder basically approves his own methods of data collecting, which he does not disclose and which are not questioned by the court. Considering that a disclosure order will interfere with privacy rights of individuals, a proportionate interference can only exist, where it is established that an infringement has taken place.

1824 BGH, Decision of 19.04.2012 – 1 ZB 80/11, Neue Juristische Wochenschrift 2012, 2958 with annotation by Karl-Heinz Ladeur. 1825 See Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4th ed. 2013), § 101 UrhG, para. 28. 1826 Ibid.

509

Second Chapter: User-Targeted Responses

In the UK, the courts will regularly conduct a more thorough assessment and balance the rights of the concerned parties in detail. In the Golden Eye case, the High court set forth, that when considering the proportionality of the order sought, a court needs to take into account the terms of the draft cease and desist letter. The intended defendants must not be given a wrong impression about what the Court decided when it made the order or why. In particular, should the order not be worded in such a way as to cause the intended defendants unnecessary anxiety or distress.1827 Although a court would not usually supervise pre-action correspondence, the draft order requires the letter of claim to be in the form as handed in with the application.1828 The practice of ACS:Law indicates that it is appropriate for the court that is concerned with the Norwich Pharmacal request to consider the terms of the draft letter of claim.1829 In this respect, it was held appropriate for the court to consider the impact of the letter of claim upon ordinary consumers. Accordingly, UK courts will put a lot of weight on the interests of the to-be-identified recipients of the cease and desist letters and will also ensure that information is only disclosed when the letter before claim does not amount to unnecessary distress. At the same time, it is guaranteed that the rights-holder has a chance to be compensated for the wrongful act. The principle of proportionality is thus observed in the UK. In Germany, the situation is slightly different: whereas the statutory provision pays due regard to the contravening interests, there seems to be a deficit in the application of that provision, which needs to be addressed by the judiciary. It seems obvious that a proportionality test is not conducted in proceedings for interim measures within which disclosure is commonly ordered. In determining under which circumstances a disclosure order would be proportionate in Germany, it needs to be taken into account, that other than in the UK, a German Internet access subscriber may be liable as a Störer – a concept that does not exist in the UK. As it is not possible to determine the scope of liability prior to identification of the subscriber and an analysis of his defence, German courts could either require rights-holders to submit a draft of their cease and

1827 Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch), para. 121. 1828 Ibid, para. 123. 1829 Ibid.

510

B. National Enforcement Measures Against Users

desist letters or examine the alleged infringement in more detail. Requiring an analysis of the draft cease and desist letter would amount to a supervision of pre-action correspondence, which would be quite far-reaching. To be able to assess the proportionality of an order, it could rather be sufficient to provide the court with an estimate of the damage that has been caused. This would however only rule out bagatelle claims being made and would encourage rights-holders to provide high estimates. The Redtube case has shown, that the crux is rather the establishment of the infringement as such. Instead of only claiming that from a specific IP address at a given time via client xy an infringement has been committed, the rights-holders should be required to provide more details about the evidence that they have collected. In some cases of BitTorrent peer-to-peer file-sharing, they may only have evidence about a small part of a work being uploaded by a user. The courts addressed need to look at the evidence in more detail, even if information requests are dealt with in summary proceedings. Only when they are convinced that an infringement has taken place that goes beyond a mere bagatelle infringement, they could be satisfied that a fair balance is struck between the contravening interests. It is understood, that it will be necessary to define “bagatelle” infringement, but in this regard, the courts will also need to take into account the overall circumstances of the case. For instance, insofar as copyright infringements outside of peer-to-peer networks are committed, such as replication of images on websites or a video where someone mimes to a song that has been uploaded onto YouTube, the court could assess whether the rightsholder has also sought to have the infringing file removed simultaneously or prior to filing for disclosure. Such a behaviour could support the seriousness of the rights-holder to pursue his claim. As was seen in Redtube, no such initiative was taken by the rights-holders, and their interest in the cessation of an infringement was thus questionable. This being said, disclosure orders are not per see disproportionate. In order for the interference with the privacy rights of the intended defendants to be justified, the court that assess the disclosure requests will need to strike a fair balance between the interests concerned by assessing the evidence provided and the seriousness of the rights-holders to pursue their claims. A fair balance does not require a supervision of the pre-action correspondence.

511

Second Chapter: User-Targeted Responses

cc) Right to Fair Trial of Alleged Infringers The right to fair trial plays a role where the subscriber of an Internet access service, that has been used to infringe copyright, is being sued and carries the burden of proof, that he himself has not committed the infringement. It is difficult for a subscriber to prove that he has not infringed copyright. In the light of the aforementioned case law from Germany, an alibi, i.e. proof that he himself did not have access to the Internet access service in question would not suffice as long as he cannot prove that no third party whom he allowed to use the connection committed the infringement. Even if the subscriber was absent at the time of the infringement, and no one else had access to the service in question, he would still need to prove that his router was secured adequately. Often, the subscriber will not succeed in providing the required evidence for various reasons, for instance that he may have no memory of where he had been at the time of the infringement. Further, he may not escape disturber liability even if he has instructed his children that they should not infringe copyright. Thus, although he may be innocent, he may not be able to succeed in providing satisfying evidence. This is particularly likely in cases, where IP addresses have been logged incorrectly. The alleged infringer must have access to information about the logging of IP addresses by the rights-holder. As usually the subscriber will have to prove that he has not himself committed an infringement, he has to rely on the evidence of the claimant in order to prepare his defence – he may for instance argue, that the software used was not reliable, or that human error occurred when analysing the data harvested. Currently, rights-holders, or more precisely the specialised agencies collecting evidence on their behalf, keep relatively quiet when it comes to the functioning of their harvesting software. In the German RedTube case, the rights-holders presented an expert statement to the court, which did not refer to the functioning as such, but to tests proving the reliability of the logging software. It was not revealed how they could succeed in logging the data in the first place. The court however was satisfied with the evidence and granted a disclosure order. If they were also satisfied with such evidence in the main proceedings, this could interfere with subscriber’s right to defend himself as for this he has to know exactly how the harvesting system in place worked. For him or an expert appointed by him, it is necessary to understand how evidence was gathered if he believes that an error has occurred. If rights-holder were not asked to present more details on their evidence 512

B. National Enforcement Measures Against Users

gathering methods, this would interfere with the defendant’s right to fair trial, because, under Article 6(1) of the ECHR, civil proceedings must be adversarial, meaning that the parties must have the opportunity not only to make known any evidence needed for their claims to succeed, but also to have knowledge of, and comment on, all evidence filed by the opposing party.1830 A fair balance can otherwise not be achieved, considering that there is regularly a reversal of the burden of proof upon the subscriber, meaning that he will have to rebut the presumption that he has committed the infringement. One may also need to consider whether or not access providers should be obliged to retain data that they have disclosed for a certain period in order to allow subscribers to access this data when preparing their defence in copyright infringement proceedings. As access providers will regularly delete the data once they have disclosed it, the subscriber will not be able to check whether for example human error has occurred when the data was transmitted. As of today, it cannot be concluded that courts are reluctant to pay due regard to the fair trial principle in copyright infringement proceedings. However, a lack of understanding of technology, and a lack of questioning digital evidence as could be witnessed in the disclosure proceedings in the Redtube case pose a threat to these rights. Finally, access to judicial review must not be overly complicated or expensive in order to sufficiently protect the defendants. d) Achieving a Fair Balance of the Contravening Interests First of all, the civil pre-litigation settlement does not raise as much concerns as the graduated response schemes. There are basically two reasons for this: the subscriber of an Internet access may not be subject to sanctions such as disconnection orders, and not private party or state authority will keep records of infringers. Thus, when it comes to intereferences with fundamental rigths, questions primarily arise with regard to the disclosure of personal data to rights-holders by the access providers.

1830 ECtHR, Komanicky v Slovakia, Judgment of 04.06.2002 – Application no. 40437/07, para. 46.

513

Second Chapter: User-Targeted Responses

As outlined before, the IPR Enforcement Directive provides for minimum standards and Member States are free to provide for enforcement measures as well as information rights that go beyond those standards. While the European legal framework does not preclude Member States from imposing an obligation to disclose to private third parties personal data relating to Internet traffic in order to provide them with the necessary information to pursue civil actions for copyright infringement, Community law also does not require Member States to lay down an obligation to disclose personal data in order to ensure effective protection of copyright in the context of civil proceedings.1831 Until the judgement in Promusicae, there had been a lack of legal certainty regarding the extent to which personal data may be disclosed for the enforcement of private rights. National data protection authorities had reached different conclusions on the conditions under which parties may process IP addresses for enforcement purposes.1832 The IPR Enforcement Directive does even not preclude Member States from introducing information rights against third parties where the infringement in question does not amount to commercial scale.1833 With regard to the right to information, this is explicitly clarified in Recital 14.1834

1831 In Promusicae, the CJEU has answered the question whether the E-Privacy Directive precludes Member States from laying down, with a view to ensuring effective protection of copyright, an obligation to communicate personal data which enables a copyright-holder to bring civil proceedings. The CJEU concluded that Article 15(1) of the E-Privacy Directive in conjunction with Article 13 of the Data Protection Directive does not preclude Member States from laying down an obligation to disclose personal data in the context of civil proceedings. When introducing such an obligation Member States are bound to allow a fair balance to be struck between the various fundamental rights involved (para. 54). 1832 Cf. Christoph Kuner, Data Protection and Rights Protection on the Internet: The Promusicae Judgment of the European Court of Justice, European Intellectual Property Review 2008, Issue 5, 199, 200. 1833 Michel Walter/Dominik Göbel, in: Michel Walter/Silke von Lewinski, European Copyright Law (2010), para. 13.8.16. This view is not shared by the German Governement see Deutscher Bundestag, Bundestagsdrucksache 16/5048, p. 65. 1834 Recital 14 states that the measures provided for in inter alia Article 8(1) need to be applied only in respect of acts carried out on a commercial scale, but Member States are free to apply those measures also in respect of other acts. Acts carried out on a commercial scale are those carried out for direct or indirect eco-

514

B. National Enforcement Measures Against Users

Due to the intrusive nature of information requests, Article 8(1) of the IPR Enforcement Directive sets forth that any such obligation has to respect certain conditions. In that respect the proportionality of the interference of the rights of the subjects to an information request are essential. The subscribers of an Internet access service must not be disproportionately affected. As has been outlined above, the main safeguard is the judicial oversight over any disclosure. For data protection reasons, disclosure would either require the consent of the data subject, or a court order. The court order in itself must be proportionate, and thus, not only the law providing for the information disclosure but also the application of that law must pay due regard to the rights and interests of the parties concerned. This assessment is key to proceedings for disclosure in the UK. The court will not only examine the claim that has been made by the rights-holder, but also look at how they wish to enforce their rights. This procedure departs fundamentally from the German approach, where it will be sufficient for the rights-holder to prove that an infringement has taken place. By taking the legitimate interests of the intended defendants into consideration, a UK court is likely to come to a different conclusion in a number of cases. First of all, the court will exmine the wording of the cease and desist letter in order to rule out that the intended defendant will be faced with unfounded allegations, and put under pressure. This approach clearly intends to prevent an establishing of a system of cease and desist letters similar to the one in Germany. The supervision of pre-action correspondence seems however to be too far-reaching. While it is understandable that the intended defendants shall not be exposed to unfounded claims, the supervision of this correspondence is not feasible when large numbers of letters are being sent out. The sending out of large numbers of unfounded claims should rather be subject to proceedings before the respective lawyers’ tribunal. As regards the content of the cease and desist letters, the German legislator recognised that this may potentially be threatening and causing distress, and thus passed the Gesetz gegen unseriöse Geschäftspraktiken, which requires first of all, that any claims for compensation must be detailed. Further, it limits the maximum amount that can be claimed for lawyer’s fees, and provides for a right to compensation of the costs that occurred for consulting a lawyer

nomic or commercial advantage; this would normally exclude acts carried out by end consumers acting in good faith.

515

Second Chapter: User-Targeted Responses

in case of unfounded claims. By ensuring that no exaggerated costs can be claimed, and by providing a deterrent for unfounded claims, safeguards are provided that subscribers shall not be faced with unfounded allegations. Thus, the UrhG in itself makes a supervision of pre-action correspondence unnecessary. Accordingly, where the law provides safeguards against unfounded and exaggerated claims, the rights of the not yet identified defendants are not disproportionately affected by a disclosure order.

516

Third Chapter: Content- or Intermediary-Targeted Responses

A. Online Intermediaries as the Addressees of Enforcement Measures I. The Idea of Enforcement via Online Intermediaries It has been established that consumers are increasingly consuming media and entertainment online. While two decades ago, consumers would go to a record store to purchase music CDs or video tapes, they now either buy such content online, or consume it directly online via streams on platforms such as Amazon or Netflix. Whilst consumer demand for easy access to attractive content that can be played on the various digital devices that they possess grows, the availability of offers responding to that demand also increases. The creative industries clearly seek to capitalise on this demand.1835 As already outlined in the First Chapter, Napster was the first successful online music database – albeit the fact that it infringed copyright. So from the start, lawful services had to compete with services that enable users to share or access content unlawfully. With increased broadband capacity, high quality like HD in movies is increasingly available. Other than with peer-to-peer networks, services that are used to disseminate unauthorised copies are not per se free of charge. Many such services employ freemium models, where users may access a limited amount of data for free, and upon paying a subscription can bypass waiting lines and receives an increased download rata. Often, it becomes difficult for users to distinguish unlawful services or services that are unlawfully used from their lawful competitors. In addition, third party operators may collect information about torrent files and provide users with link directories that allows them to find copies of the desired content on the worldwide web.

1835 Ofcom, ‘Site blocking‘ to reduce online copyright infringement: A review of sections 17 and 18 of the Digital Economy Act (27.05.2011), p. 12.

517

Third Chapter: Content- or Intermediary-Targeted Responses

Recently, there has been an increase in lawsuits against intermediaries for aiding and abetting or in some other way facilitating copyright infringements.1836 Awareness has been raised that going against end-users may not present the ideal solution to combat mass-scale copyright infringements on the Internet. From a public relations point of view, volume litigation against end-users has become publicly regarded as disproportionate, fraudulent, and, due to the threatening nature of some warnings, as a modern form of blackmailing. For some artists, it took its toll on their popularity and reputation.1837 In addition, modern third generation peer-to-peer technology with advanced security, as noted above, makes it more difficult for rightsholders to identify infringers and infringements. With the exception of Germany, rights-holders may refrain from litigation against individual users because litigation may be too lengthy and too expensive with a low likelihood of being compensated at the end and difficulties in successfully

1836 For example in Germany: OLG Hamburg, Decision of 30.09.2009 – 5 U 111/08 (Sharehoster II – Rapidshare), MultiMedia und Recht 2010, 51; OLG Hamburg, Decision of 02.07.2008 – 5 U 73/07 (Sharehoster I – Rapidshare), MultiMedia und Recht 2008, 823; OLG Hamburg, Decision of 14.01.2009 – 5 U 113/07 (Usenet I – Spring nicht), MultiMedia und Recht 2009, 631; OLG Hamburg, Decision of 28.01.2009 – 5 U 255/07 (Alphaload), MultiMedia und Recht 2009, 405; OLG Düsseldorf, Decision of 27.04.2010 – I-20 U 166/09 (Rapidshare – An American Crime et al), MultiMedia und Recht 2010, 483; OLG Düsseldorf, Decision of 21.12.2010 – I-20 U 59/10 (Rapidshare III – Alone in the Dark), MultiMedia und Recht 2011, 250; OLG Köln, Decision of 21.09.2007 – 6 U 86/07 (Haftung eines Sharehoster-Dienstes), MultiMedia und Recht 2007, 786; OLG Hamburg, Decision of 14.03.2012 – 5 U 87/09 (GEMA v Rapidshare), MultiMedia und Recht 2012, 393; in the Netherlands: RB Den Haag, Decision of 24 October 2012 (BREIN v XS Networks); RB ‘s Gravenhage, Decision of 11.01. 2012 (BREIN v Ziggo and XS4ALL); RB s'Gravenhage, Decision of 10.05.2012 (Blocking of The Pirate Bay: BREIN v providers); in Sweden: Svea Hovrätt, Decision of 26.11.2010 – file no. B 4041-09 (The Pirate Bay); in Belgium: Enigmax, Belgian ISPs ordered to block The Pirate Bay, TorrentFreak (04.10.2011). 1837 The German rap artist Bushido has also been nicknamed the "Abmahnrapper" for being particularly active in the field of sending out Abmahnungen, see Peter Mühlbauer, Die Geister, die er rief..., Heise online (25.03.2010). As regards the scale of Abmahnungen see Katrin Löhr, Skandal-Rapper fordert Ablasszahlung – Vorwurf Musik-Klau! So jagt Bushido seine Fans, Bild (17.04.2010).

518

A. Online Intermediaries as the Addressees of Enforcement Measures

proving an infringement to the required standard.1838 Even the French graduated response scheme which does not require the identification of the actual infringer does not satisfy a cost-benefit-calculation: infringements are still taking place, while the rights-holders have to bear the costs for identifying infringements. Focussing on end-users also distracts attention from pursuing large scale commercial infringers. The majority of right-holders perceive restraining infringements committed for profit as more important than doing so for non-profit infringements by end-users.1839 Speaking of commercial infringers, this does not only refer to notorious pirate sites that generate profits from advertisements, but also includes the providers of websites with user-generated content. File-hosting services or streaming sites such as YouTube are also being used to distribute copyrighted works without authorisation. The more users are attracted by these websites, the more revenues may be generated from advertisements, meaning that attractive content can be essential for the business model. When self-regulation fails and widespread unauthorised postings of copyrighted content is not (successfully) policed, the responsibility of these service providers needs to be looked at. In addition, the main intentions of most copyright holders for instituting civil law proceedings concerning intellectual property rights infringements can be identified as: stopping the infringing activity and preventing future infringements of the same kind.1840 The best addressee to achieve these intentions has been identified as those hosting the infringing content or facilitating access to it. The lawsuits against the Pirate Bay are a good example of all this. Simply speaking, the Pirate Bay can be compared to a bulletin board,1841 where magnet links are posted that serve as reference resources for content that is available via peer-to-peer networks.1842 Although the operators of the Pirate Bay argued before the Swedish courts that the Pirate Bay is merely a 1838 European Commission, Synthesis of the responses „Civil enforcement of intellectual property rights: public consultation on the efficiency of proceedings and accessibility of measures“ (July 2013), p. 7. 1839 Ibid. 1840 Ibid. 1841 Stefan Larsson, Metaphors, law and digital phenomena: the Swedish pirate bay court case, International Journal of Law and Information Technology 2013, Vol. 21 No. 4, 354, 370 with further references. 1842 Before switching to magnet links in 2012, the Pirate Bay provided .torrent files.

519

Third Chapter: Content- or Intermediary-Targeted Responses

transmission service and that they were doing nothing different than search engines like Google, they were convicted.1843 Irrespective to the convictions, the Pirate Bay site is still up regardless of the convictions of its founders, 1844 having moved its servers to other countries including Iceland and the Caribbean island of St. Martin to avoid police action.1845 Physically closing down the Pirate Bay is been proving difficult, and albeit the conviction of its founders and original operators, the website is still up and running.1846

1843 Svea Hovrätt, Decision of 26.11.2010 – file no. B 4041-09 (The Pirate Bay). According to the Court and contrary to the common public perception, the Pirate Bay operators were not altruistic anarchists, but generating a decent amount of revenues from advertisements on the website. The Court had no problem to establish actual knowledge of copyright infringements on behalf of the operators since they posted take down letters sent in by copyright owners on the Pirate Bay website to ridicule. For an analysis of the decision see, Stefan Larsson, Metaphors, law and digital phenomena: the Swedish pirate bay court case, International Journal of Law and Information Technology 2013, Vol. 21 No. 4, 354–379. 1844 Stefan Larsson, Metaphors, law and digital phenomena: the Swedish pirate bay court case, International Journal of Law and Information Technology 2013, Vol. 21 No. 4, 354, 358. 1845 Ryan W. Neal, Pirates of the Caribbean: The Pirate Bay moves to island of St. Martin, International Business Times (30.04.2013). At one point, The Pirate Bay operators discussed buying an island just offshore the British coast (“Sealand”), and even considered munting their servers in space on a satellite. See Ernesto, Pirate parties plan to shoot torrent site into orbit , TorrentFreak (20.10.2010). Following, an odyssey of domain changes, Pirate Bay recently returned to Sweden, see Cyrus Farivar, After sailing the domain name seas, Pirate Bay returns to Sweden, ars technica (19.12.2013). 1846 Although the operators of the Pirate Bay were convicted in their home country Sweden for copyright infringements in 2010, the website is still being in operation. According to the Rechtbank s’Gravenhage in its the Pirate Bay decision, as of 2012, the Pirate Bay still was the world largest indexing and one of the most visited websites. At the time of the decision the website contained 4.3 million links of which at least 90 % referred to content that had been made available without authorisation of the right holders (see RB s'Gravenhage, Decision of 10.05.2012 (Blocking of The Pirate Bay: BREIN v providers), paras. 2.12 et seq,. As regards the struggle of rights-holders to block access to the Pirate Bay in the Netherlands, see Arno R. Lodder/Nicole S. van der Meulen, Evaluation of the role of access providers, Discussion of Dutch Pirate Bay case law and introducing principles on directness, effectiveness, costs, relevance, and time, Journal of Intellectual Property, Information Technology and Electronic Commerce Law 2013, Vol. 4 Issue 2, 130–141.

520

A. Online Intermediaries as the Addressees of Enforcement Measures

Like the Pirate Bay, pirate websites in general set themselves up out of jurisdiction, some cloak themselves in anonymity, others refuse to engage with legal processes. Ultimately, most of the true pirate sites, meaning that they are obviously dedicated to piracy, make very unattractive targets for litigation.1847 Hence, rights-holders are increasingly seeking Internet service provider cooperation. This cooperation can either achieved by voluntary agreement, or through court orders. While the measures presented in the first part of this research study focus on the individual user that disseminates an unauthorised copy of a copyrighted work, this part will look at measures that target the copyright infringing content as such. There have been numerous approaches to remove illegal materials from the web instead of investing a lot of time and effort to go for small scale infringers. While peer-to-peer networks have long been deemed to be the centre of large scale copyright infringement, a new area of online copyright infringement had long begun. Filehosting services like Megaupload.com or Rapidshare no longer turn downloaders at the same time into uploaders and thus, make it difficult to identify infringers. Also, the original uploader may be difficult to identify. Hence, rights-holders seek ways to go for the hosting services as such, or seek the blocking of access to the service. The latter is also sought for websites that are vital to gain access to the infringing materials such as link directories or torrent sites. This being said, numerous lawsuits in the recent past were targeted against major file-hosting services, the entities that, from the position of the rights-holders, provide the means for the unauthorised dissemination of works. While peer-to-peer file-sharing becomes for some users less attractive because they get to understand that they can easily be detected and may be sanctioned, file-hosting services are gaining popularity.1848 This shall not mean, that peer-to-peer file-sharing has disappeared – BitTorrent is still popular, but even non-IT literate users are becoming more and more sensitive about the risks involved. For both, file-hosting services as well as BitTorrent networks, access to files depends on links about the location being disseminated.

1847 See Darren Meale, Premier League 1, Internet pirates 0: sports streaming website the latest to be blocked, Journal of Intellectual Property Law & Practice 2013, Vol. 8 No. 11, 821. 1848 Jan Mölleken, Filehoster: Hehler oder Helfer, Der Spiegel online (14.09.2010).

521

Third Chapter: Content- or Intermediary-Targeted Responses

Rights-holders are thus not only seeking to have access blocked to link directories but also to torrent trackers. In addition, with for instance 14 million Internet connectable TVs being sold in Germany alone until December 2013,1849 and smart devices increasingly becoming standard, online streaming is posing a new threat to rights-holders. Although smart TVs are unlikely to have pirate streaming apps pre-installed, installation of new apps is easy. While it was previously necessary to connect a PC to a TV in order to watch downloaded copies or streams on TV, smart TVs allow even non-tech savvy consumers to watch streams. What can be witnessed with regard to file-hosting services, torrent sites and streaming is, that rights-holders return to Internet service providers as the natural gatekeepers to the Internet.1850 Accessing the Internet and communicating online is impossible without them. They are the chokepoints for communication and as such have access to third party information. This makes them an attractive target for Internet regulation, – and with regard to this research – an attractive target for the enforcement of copyright.1851 In their comments on the 2010 European Commission report on the application of the Enforcement Directive, rights-holders and collecting societies thus demanded a greater involvement of access providers and other intermediaries, identifying them as key actors in combating intellectual property infringements in the digital world.1852 One of the reasons identified in the comments was the issue of anonymity of users and the perceived lack of verification, by Internet service providers, of information provided by subscribers/customers, both of which were claimed to facilitate infringements these customers and thus and hinder enforcement.1853

1849 Markus Brauck/Isabell Hülsen/Alexander Kühn/Ann-Kathrin Nezik, Was glotzen Sie so?, Der Spiegel online (13.01.2014). 1850 Uta Kohl, The rise and rise of online intermediaries in the governance of the Internet and beyond – connectivity intermediaries, International Review of Law, Computers & Technology 2012, Vol. 26 Issue 2–3, 185, 188. 1851 Ibid. 1852 European Commission, Synthesis of comments on the Commission Report on the application of Directive 2004/48/EC of the European Parliament and the Council of 29.04.2004 on the enforcement of intellectual property rights (July 2011), COM(2010) 779 final, p. 4. 1853 Ibid, p. 5.

522

A. Online Intermediaries as the Addressees of Enforcement Measures

Intermediaries are seen in the position to not only put an end to persisting infringements but also to prevent further infringements taking place.1854 Taking intermediaries into responsibility has also been referred to as “taming the Internet through the use of online intermediaries as a regulatory tool”.1855 Kohl describes the multiple intermediary layers as bringing “the utopia of a perfect panopticon applied to society generally much closer to reality”.1856 Hypothetically, in this panopticon “the government is the omniscient and omipotent actor”.1857 Figuratively speaking, in this environment, private actors ask governments to protect their property rights by using online intermediaries as guardsmen.1858 Considering that the Chinese government actually obliges intermediaries to block certain content, often referred to as the Great Firewall of China, this scenario is not everywhere hypothetical. Surveillance of online communication for other reasons, for instance the fight against serious crime or terrorism, is at least tolerated by governments even in the Western hemisphere. However, having the infrastructure for total surveillance does not mean that it will be allowed to use it for that purposes, especially with regard to property rights of third parties. In the EU, strict rules already apply when it comes to monitoring systems for governmental purposes, leaving not much room for monitoring put in place for private interests. Enforcement of private rights remains private and governments so far refrain from requiring online intermediaries to monitor third party content for copyright infringing materials. This been said, when it comes to public interests such as the fight against child pornography, online intermediaries are being asked to scan content they transmit. Having such infrastructure in place, raises the interests of private actors to “piggy-back” on these monitoring schemes.1859 One example of such “piggy-backing”, that will be outlined

1854 In their comments on the Commission Report on the application of the Enforcement Directive, right holders and collecting societies criticised the shortcomings of the Enforcement Directive as transposed into national law especially in terms of how it frames the role of intermediaries as well as its perceived failure to stem the increase in online copyright infringements. See ibid, p. 4. 1855 Uta Kohl, The rise and rise of online intermediaries in the governance of the Internet and beyond – connectivity intermediaries, International Review of Law, Computers & Technology 2012, Vol. 26 Issue 2–3, 185. 1856 Ibid, 188. 1857 Ibid. 1858 Cf. ibid. 1859 Ibid.

523

Third Chapter: Content- or Intermediary-Targeted Responses

in this Chapter, is the CleanFeed software employed by the Internet Watch Foundation in the UK to filter out child pornography. This software is lately also being used to block access to obnoxious copyright infringing websites. Again, this was not imposed by the government but by the judiciary, confirming previous fears that child pornography will be a test case for further filtering. With the online intermediaries as omnipotent guardsmen, the intention to address the intermediary rather than the primary wrongdoer is however clear: those with the power to not only block infringing materials but also prevent them from happing in the first place are addressed as being in the best position to enforce third party property rights. As early as 1991, German universities for instance started blocking access to several Usenet groups which allegedly were misused for the consumption of pornography by University staff.1860 Although this was a pure private and voluntary initiative, it shows that even in the early days of the Internet, where the Internet was not such a mass phenomenon as of today, individuals were seeking ways to ban unwanted content from the Internet via the gatekeepers. With regard to copyright infringing content on the Internet, we will see that nowadays the preferred course of action lays in suing host providers and access providers in order to obtain injunctions ordering them to block specific content, or as regards access providers, to block access to third party websites. II. The Services and Activities of Online Intermediaries that Are Targeted: Scope, Specific Functioning and Consequences When enforcement against intermediaries is discussed, this encompasses not only providers that host infringing contents; moreover, there are complementary services such as link directories and indexing websites that accommodate file-sharing and copyright infringements. The way how they interact or relate to each other will be outlined in the following. In that context, also the relevance of indexing sites in relation to peer-to-peer networks will be addressed. Parallel to the rise in popularity of file-hosting services, streaming is increasingly used for the consumption of copyright1860 The actual content blocking ended in special interest groups being blocked, that did not engage in the dissemination of pornography but served as discussion fora for sexual minorities.

524

A. Online Intermediaries as the Addressees of Enforcement Measures

ed works. In this regard, youTube obviously has long been used by consumers to upload protected works without authorisation – however, youTube as such has never been solely dedicated to on-demand streaming of protected works. Lately, various platforms have appeared that are committed to the latter. Due to their popularity, streaming technology and its role in copyright infringements will also be outlined in brief. 1. File-Hosting Services, Indexing Sites and Link Directories With technological progress the cost of data storage declined. This factor combined with the increasing use of the web as the most important and central part of the Internet for most users have led to the appearance and increasing use of file-hosting services : centralised file storage services to which users can upload materials for access by themselves or others. 1861 There are numerous services of this kind, which also have become widely known as “one-click hosters”, “sharehosters” or “cyberlockers”,1862 with the most prominent being Megaupload, 4Shared and Rapidshare. Their use requires little technical expertise. In order to store or access content on a file-hosting service, users only need a web browser – whereas with Peer-to-peer file-sharing, users need to run peer-to-peer programmes like BitTorrent or eMule. On high bandwith connections, a download from a file-hosting service can be quicker than peer-to-peer file-sharing.1863 Another advantage for users is, that it is more anonymous than peer-topeer file-sharing. Users can freely upload any material to such sites. They are then provided with a link by which anyone in possession of that link can access the content. Most file-hosting services offer a basic service for free and charge users for premium accounts. Often, when the service is offered free of charge, content remains on the service for a limited period only. It may also only be downloaded a certain number of times.1864 Most service providers allow downloads only after a waiting period of a minute or so while the

1861 Envisional, Technical Report: An Estimate of Infringing Use of the Internet (2011), p. 15. 1862 Jan Mölleken, Filehoster: Hehler oder Helfer, Der Spiegel online (14.09.2010). 1863 Ibid. 1864 Ibid.

525

Third Chapter: Content- or Intermediary-Targeted Responses

potential downloader is presented with various advertisements.1865 Usually, download speeds are limited unless a premium account is purchased that often allows downloads at speeds which may be as fast as the user’s broadband capacity. Premium subscribers1866 may store content for longer and – more importantly for downloaders – may download instantly. While basic users are often granted limited traffic, premium subscribers have unlimited traffic.1867 Significantly, the majority of file-hosting services do not allow the content they store to be searched in the same manner as a .torrent file portal: they do not provide for queries for a specific file by typing a search term into a search engine. Searching for the latest Sherlock Holmes film by typing its title into a box is thus not possible. A potential downloader needs to be provided with the hyperlink that was given to the uploader in order to be able to access a particular file. One may argue that the fact that the file-hosting services do not provide for a search of the files they store, limits the attraction of these sites for piracy purposes. However, this is not the case. Almost parallel to the raise of file hosting services, hundreds of third-party file-hosting indexing sites and link sites, such as NewzBin.com or serienjunkies.org, have appeared on the scene. They basically provide inventories of available files. As many files are uploaded under cryptic names, the indexing sites also unlock these and thus play an important role.1868 In practice, many users that uploaded a file to a file-hosting service, subsequently post the link to that file on one of the many indexing sites, bulletin boards or forums directed to potential downloaders. Once a link is published, any user may click to obtain the material. There are notorious indexing sites that arrange and sort the links and also allow for searches within their lists. Alternatively, links are posted on bulletin boards or notorious online forums. While these indexes refer to content stored on file-hosting services, there are also sites dedicated to search for content in peer-to-peer networks. While previously these sites offered .torrent files for download,

1865 Ibid. 1866 Premium membership usually costs about EUR 10 per month. See for example https://rapidshare.com/#!buyrapids (last accessed on 12.01.2013). 1867 See for example ibid. 1868 See European Parliament, DG for Internal Policies, Policy Department C: Citizens’ Rights and Constitutional Affairs, File Sharing (2011), p. 6.

526

A. Online Intermediaries as the Addressees of Enforcement Measures

many of them have now switched to providing magnet links to resources available for download via peer-to-peer networks. 1869 When magnet links are opened in a BitTorrent client, they begin downloading the desired content. In contrast to BitTorrent files, which contain metadata necessary to download the data files from other peers (and require a torrent client to calculate a torrent hash based on the file it relates to, and seek the addresses of peers from a tracker before connecting to those peers), magnet links point to a particular file based on the hash value of its contents.1870 With the torrent hash, clients immediately seek the addresses of peers and connect to them to download first the torrent file, and then the desired content.1871 The Pirate Bay is probably the most famous and world largest website that provides magnet links to facilitate peer-to-peer file-sharing using the BitTorrent protocol.1872 The platform has undergone a change from its early days, where it also offered torrent files.1873 Usually the indexing site features a browse function that enables users to see what is available in different categories, like movie files, games or music, with sub-categories like music genres.

1869 The Magnet Unified Resource Identifier (URI) scheme is a standard defining a URI scheme for Magnet links, which mainly refer to resources available for download via peer-to-peer networks. The most common use of Magnet URIs is to point to a particular file based on the hash value of its contents, producing a unique identifier for the file, similar to an ISBN or catalogue number. The Pirate Bay switched for instance in 2012 from –torrent files to magnet links. 1870 See Ernesto, BitTorrent's Future? DHT, PEX and magnet Links explained, Torrentfreak.com (20.11.2009). 1871 See Ibid. 1872 According to the Rechtbank s’Gravenhage in it’s the Pirate Bay decision, The Pirate Bay is currently the world largest indexing and one of the most visited websites. At the time of the decision the website contained 4.3 million links of which at least 90 % referred to content that had been made available without authorisation of the right holders (see RB s'Gravenhage, Decision of 10.05.2012 [Blocking of The Pirate Bay: BREIN v providers], paras. 2.12 et seq.). 1873 Since 29.02.2012, The Pirate Bay like most other indexing sites, no longer offers torrent files, and instead provides only magnet links. The site commented: “Not having torrents will be a bit cheaper for us but it will also make it harder for our common enemies to stop us”. See Ernesto, The Pirate Bay, Now without torrents, TorrentFreak (28.02.2012).

527

Third Chapter: Content- or Intermediary-Targeted Responses

As magnet link providers and file-hosting services neither store the IP addresses of uploaders nor those of downloaders,1874 it is difficult for right holders to identify copyright infringers. For this particular reason, many right holders have now turned to suing the service providers, or try to obtain orders whereby access providers have to block access to notorious websites. 2. Streaming During the past years, streaming has become a standard technology for the online distribution of digital works.1875 Video streaming is being used by many broadcasting networks such as for example the BBC in the UK or ARD and ZDF in Germany, or social media sites like YouTube. Similarly, audio streaming is used for transmission of radio shows via the web and mere audio streaming sites like for instance Spotify are increasingly becoming available. According to a study by the German Bundesverband Informationswirtschaft, Telekommunikation und neue Medien (Bitkom), more than 4.5 million Germans used music streaming platforms regularly by July 2012.1876 The popularity with streaming services came along with increased bandwidth and flatrate plans being available to many customers. In addition, TV sets with smart TV functions allow immediate connection to the Internet via Wi-Fi. Pre-installed apps facilitate access to online content. There clearly is a trend to make media content available at anytime and anywhere in high quality. While music streaming services like Spotify or Simfy, and video streaming platforms like Amazon Lovefilm or Maxdome offer on-demand access to thousands of copyrighted works legally, there are also platforms that make available creative works without authorisation by the rights-holders. One of the most notorious platforms in that

1874 Rolf Schwartmann, Vergleichende Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheberrechtsverletzungen, p. 37. 1875 Maurizio Borghi, Chasing copyright infringement in the streaming landscape, International Review of Intellectual Property and Competition Law 2011, 316– 343, 317. 1876 See Bitkom, Trend zu Musik-Streaming per Internet, Press release of 10.07.2012.

528

A. Online Intermediaries as the Addressees of Enforcement Measures

regard has probably been kino.to, which was shut down and their operators arrested in June 2011. The notion of streaming refers to a particular method of delivering content to end-users, while the content delivered is a “stream”.1877 During streaming of media content, data is constantly received by and presented to an end-user. The user will need to install a client media player on his computer in order to be able to play the data. As regards the functioning, one first has to distinguish between on-demand streaming and live streaming. Live streams are only available at one time only and enable the user to view or listen to the content in real time.1878 In this respect, streaming provides an alternative to traditional broadcasting. Therefore much of the discussion on the legality of the provision of live streams revolves around the question whether the providers of live streams of television programmes are retransmitting television for which as an act of communication to the public they would need authorisation from the rights-holder.1879 Live streams are generally provided by means called true streaming, where the information is sent straight to the end-user’s computer or device without saving the file to a hard disk. This kind of transmission is regularly used to cover live events and is only available at one time only. Live streams are regularly multicast, meaning that the content is transmitted to

1877 For a more detailed description of the functioning of streaming see Malte Stieper, Rezeptiver Werkgenuss als rechtmäßige Nutzung, MultiMedia und Recht 2012, 12–17. 1878 See Maurizio Borghi, Chasing copyright infringement in the streaming landscape, International Review of Intellectual Property and Competition Law 2011, 316, 317. 1879 Cf. only the recent judgement of the UK High Court in the TVCatchup case, High Court, ITV Broadcasting Ltd. et al v TVCatchup Ltd [2013] EHWC 3638 (CH). In this case the High Court issued an order prohibiting TVCatchup from providing streams to mobile devices of all the claimants' television channels and online streams of selected digital channels. The order followed a preliminary ruling decision by the CJEU in that subject matter. The CJEU had ruled that the concept of 'communication to the public', within the meaning of Article 3(1) of the InfoSoc Directive, must be interpreted as meaning that it covers a retransmission of the works included in a terrestrial television broadcast where the retransmission is made by an organisation other than the original broadcaster, by means of an Internet stream made available to the subscribers of that other organisation who may receive that retransmission by logging on to its server, even though those subscribers are within the area of reception of that terrestrial television broadcast and may lawfully receive the broadcast on a television receiver.

529

Third Chapter: Content- or Intermediary-Targeted Responses

multiple users simultaneously from a single source.1880 Live-Streams can be compared to television or radio broadcasts. The data is transmitted on a constant rate to the user. In contrast, with on-demand streaming, transmission of the file starts upon request by a user for that user only (unicast).1881 This allows the user to pause the replay, forward or rewind.1882 On-demand streaming is the principal method to make videos available on the Internet, and is also used by most music streaming sites that make content available upon request.1883 In relation to on-demand streaming, one must differentiate between progressive download and progressive streaming: progressive downloading means that the transmitted data is stored on the hard disk of the user's device. The requested file is sent to the hard disk of the computer or device and then played from that location, both upon request by a user (socalled push technology); the download ends once the entire file has been transferred or the transmission is interrupted by the user.1884 Whether the copy made on the user's device is only temporary or permanent depends on the software used and its settings. Data that is temporary stored in the browser cache1885 will be deleted once the browser is being closed or the device is shut down.1886 Caching may thus be referred to as a temporary storage in the permanent memory, which is not part of the streaming pro-

1880 Maurizio Borghi, Chasing copyright infringement in the streaming landscape, International Review of Intellectual Property and Competition Law 2011, 316, 318. 1881 This is in contrast to live-streaming, which is multicast, meaning that the content is transmitted to multiple users at the same time. 1882 Malte Stieper, Rezeptiver Werkgenuss als rechtmäßige Nutzung, MultiMedia und Recht 2012, 12 et seq. 1883 Maurizio Borghi, Chasing copyright infringement in the streaming landscape, International Review of Intellectual Property and Competition Law 2011, 316, 319. 1884 See Ulrich Sieber in: Thomas Hoeren/Ulrich Sieber/Bernd Holznagel, Handbuch Multimedia-Recht (36th amended ed. 2013), Teil 1 para. 134. 1885 Usually, cache copies are saved into a hidden folder called “temporary Internet files” on the user’s hardware. 1886 Depending on the settings of the operating system, older data may automatically be cancelled to be replaced by

530

A. Online Intermediaries as the Addressees of Enforcement Measures

cess but is associated with it for technical reasons.1887 In contrast, progressive streaming does not require a complete, permanent storage on the user's computer.1888 Temporary storage takes place within the client buffer1889 in order to compensate a potential difference between the rate at which data is received and the rate at which it can be processed. The scope of temporary storage depends on the individually set size of the buffer, often storage of two to five seconds is recommended.1890 Data segments are overwritten once the client programme has read and replayed the segments in order to make available storage space for new data segments. At no time will the entire file be stored on the user´s device.1891 Consumption of the media content is already possible once a certain amount of data has been transferred, which makes it obsolete to have an entire file stored. Irrespective of the technology used, streaming must not be confused with traditional download, where data is stored on a permanent memory.1892 Although some streaming providers may also allow the users to download the content, on-demand streams are generally only saved for a limited amount of time. The buffering process is only necessary in order to overcome jitters and allow a non-interrupted playing of the data. Similar to peer-to-peer platforms, streaming technology is neutral and not illegal. Moreover, streaming is increasingly being used by rights-holders and there are many legal offers available of which some even are for free. As such, the distribution of content via streaming platforms is advantageous for rights-holders: user can regularly only consume the media, but do not download the file, so that the rights-holder has more control over further distribution, meaning that users are not able to further disseminate digital copies themselves.

1887 Cf. Maurizio Borghi, Chasing copyright infringement in the streaming landscape, International Review of Intellectual Property and Competition Law 2011, 316, 328. 1888 As regards the distinction between buffering and caching see ibid, 327. 1889 The buffer can be described as a „waiting room for data to be read by a media player or any other application“, see ibid. 1890 see Malte Stieper, Rezeptiver Werkgenuss als rechtmäßige Nutzung, MultiMedia und Recht 2012, 12, 13. 1891 Ibid. 1892 Ulrich Sieber in: Thomas Hoeren/Ulrich Sieber/Bernd Holznagel, Handbuch Multimedia-Recht (36th amended ed. 2013), Teil 1 para. 136.

531

Third Chapter: Content- or Intermediary-Targeted Responses

The advantages for users are, that they do not have to wait until a download is completed, but may start playing the content immediately. In addition, they no longer need huge storage capacities and thus only limited resources.1893 Websites that offer live and/or on-demand streaming may either themselves host the content. Often – as for example with YouTube – the content is user-generated, meaning that users can upload videos and other materials which are then made available on-demand to consumers. Websites may also only act as user-contributed video directories for television programs and films, and thus act as a portal that directs users to content that is available via streaming. 3. File Hosting and Streaming Websites in Numbers One of the reasons why file-hosting services and streaming provider saw a massive increase in use recently, in addition to increased bandwidth and an increased number of smart devices being used, is the fact, that these content-sharing models operate different from Peer-to-Peer file-sharing. Users that download a file do not simultaneously offer the file for download, i.e. they do not become a disseminator themselves, and thus are unlikely to become the target of enforcement measures.1894 As of April 2012, the file-hosting service 4shared.com is ranked 82 at the global three-month Alexa traffic rank.1895 As of April 2014, it is still ranked within the 200 most popular websites worldwide. Before the arrest of Megaupload.com’s owner, the website was also ranked in the TOP100 Alexa traffic rankings.1896 A report published in January 2011, claimed

1893 Maurizio Borghi, Chasing copyright infringement in the streaming landscape, International Review of Intellectual Property and Competition Law 2011, 316, 317. 1894 Jan Mölleken, Filehoster: Hehler oder Helfer?, Der Spiegel online (14.09.2010). 1895 4shared.com is thereby more popular than ThePirateBay.se which is – as of April 2012 – not listed within the TOP100 three-month Alexa traffic rankings. Alexa is a leading provider of free, global web metrics and publishes its statistics at Alexa.com. 1896 As regards the arrest of Kim Dotcom see U.S. Department of Justice, Justice Department Charges Leaders of Megaupload with Widespread Online Copyright Infringement, Press release of 29.01.2012-

532

A. Online Intermediaries as the Addressees of Enforcement Measures

that the 16 largest file-hosting services of that time were among the most popular websites in the world.1897 In this report, it was also alleged that 4Shared and Megaupload had around 78 million unique users each month.1898 Currently, Filehostwatch.com lists more than 1,400 file-hosters. Interestingly, (non-cloud-based) file-hosting websites are more popular in Europe than they are in North America.1899 While most of the previously popular web server-based services have been losing traffic since 2012, cloud –based storage services are on the rise. Again, the fast development of technology means that users shift to more convenient services. Dropbox.com for instance, which offers cloud storage and file synchronisation services, also allows users to share folders with third parties, and is ranked as the 111th most popular website in April 2014.1900This may also have to do with the increased use of smartphones and other portable devices, which on the one hand do not have much storage capacity and on the other hand the multitude of devices being used requiring file synchronisation. Already in 2011, it had been estimated that file-hosters are responsible for at least 5% of all Internet traffic.1901 This number should have risen by now. More interesting with regard to the traffic, that these services take up, is data that provides information as to the copyrighted works being shared this way. It has been estimated that as of May 2012 80% of all copyright infringements take place via file-hosting services.1902 The German music industry association for example claims that in Germany filehosters are the main source for illegal downloads.1903 However, estimating the amount of copyright infringing content stored on file-hosters is more difficult than with peer-to-peer file-sharing networks as such sites do not

1897 Envisional, Technical Report: An Estimate of Infringing Use of the Internet (2011), p. 16. 1898 With 78 million unique users, 4Shared and MegaUpload had twice as many users as ThePirateBay. In addition, Rapidshare had 60 million and Hotfile 53 million unique users. Ibid. 1899 Envisional, Technical Report: An Estimate of Infringing Use of the Internet (2011), p. 46. 1900 See Alexa.com. 1901 Envisional, Technical Report: An Estimate of Infringing Use of the Internet (2011), p. 46. 1902 Thomas Darnstädt, Wem gehören die Gedanken? Der Spiegel Online (21.05.2012). 1903 GfK Consumer Panel, Studie zur digitalen Content-Nutzung (DCN-Studie) 2011 (2011).

533

Third Chapter: Content- or Intermediary-Targeted Responses

usually allow stored content to be searched. To check the representative nature of content stored on file-hosters, Envisional collected a random sample of 2,000 file-hoster links and determined the type of content and whether it was copyrighted.1904 Based on their findings they concluded that over 90% of the content was copyrighted material.1905 However, considering that the sample of file-hoster links collected, i.e. links that provide third parties with the necessary information to access a file, must have been publicly available, the estimates of Envisional are highly questionable. It ignores that consumers may use file-hosters to back up their data, or to share content of which they own the copyright with friends, and thus do not publish the file-hoster link to the general public. Parallel to file-hosters remaining popular, users are also increasingly using on-demand streaming. As has been outlined above, streaming is popular with smart TVs, allowing users to access the media databases of broadcasters to catch up with TV programmes that they have missed. Apps that can be installed on mobile Internet devices also allow the consumption of TV broadcasts independent from a traditional TV device. Instead of video lending stores, users may now subscribe to video ondemand providers to access the latest blockbusters or their favourite TV series from anywhere at any time and with less costs. Parallel to these developments, they may also access streaming websites that grant access to copyrighted works without the consent of the rights-holders. Famous examples for streaming websites that have been the target of enforcement action by rights-holders are kino.to and Movie4k.to, formerly known as Movie2k.to.1906 While kino.to also hosted content or at least paid third

1904 Envisional, Technical Report: An Estimate of Infringing Use of the Internet (2011), p.17. 1905 Ibid. 1906 While kino.to was ultimately shut down in Germany following the arrest of its operators, Movie4k.to was the 202nd most popular website in the world in May 2013. It is a website aggregator acting as a search index for online videos. In May 2013, its predecessor, Movie2k.to, was shut down by the Motion Picture Association of America (MPAA) due to copyright infringement concerns, and morphed into Movie4k.to shortly after. It primarily addresses English and German-speaking users. Following, the blocking of the site by ISPs in the UK and parts of the USA, proxies were used on the original site “movie2k.to” to bypass blocking. How this can be done will be addressed in the following section of this chapter. The website provides a detailing listing of television programs and films, but does not host any content – instead the site acts as a search index for streaming sources. The directory supports user-submitted links by registered

534

A. Online Intermediaries as the Addressees of Enforcement Measures

parties to contribute content, movie4k.to rather falls into the category of indexing sites and link directories. As of April 2014, the latter was ranked the 60th most popular website in Germany,1907 which gives an impression of the popularity of streaming sites in a wider context. 4. The Copyright-Infringing Act It has already been briefly mentioned that streaming as such is not illegal. However, providing streams of copyrighted works without authorisation by the copyright owner generally infringes the tight to communication to the public as defined by Article 3(1) of the InfoSoc Directive.1908 The provision of a stream is an act of making publicly available that fall under the exclusive rights of the authors . While this seems obvious, the issue had to be clarified in relation to Internet television broadcasting services that make live television programmes of third parties available on the Internet. In this regard, without going into detail, the recent judgements of the CJEU in the Karen Murphy case as well as in the TVCatchup case will be outlined. In the following, a brief analysis will be given on whether endusers that consume unauthorised streams commit a copyright infringement themselves by interfering with the reproduction right of the rights-holders. a) The Legality of the Provision of File Hosting Services Like peer-to-peer file-sharing, the provision of file-hosting services is content neutral, but the technology may be used to commit copyright infringements. The possibility that a service is abused by its users does not per se

editors, and is thus rather falls into the category of indexing sites and link directories. 1907 Cf. the data on the web-ranking service Alexa of April 2014, accessible via http://www.alexa.com/siteinfo/movie4k.to (last accessed on 17.05.2014). 1908 Article 3 of the InfoSoc Directive, headed “Right of communication to the public of works and right of making available to the public other subject-matter”, provides in paragraph 2 that “Member States shall provide for the exclusive right to authorise or prohibit the making available to the public, by wire or wireless means, in such a way that members of the public may access them from a place and at a time individually chosen by them: … (c) for the producers of the first fixations of films, of the original and copies of their films…”.

535

Third Chapter: Content- or Intermediary-Targeted Responses

render the service illegitimate, in particular if the operator does not interfere with the content. The border between mere neutrality and an active role in committing infringements are often difficult to determine, and may be blurred. In the second part of this Chapter, this will be addressed in the context of monitoring duties that may arise following notification of a copyright infringement. At this point, it shall be borne in mind, that filehosting services fall within the category of host providers, that benefit from a liability exemption under the E-Commerce Directive. b) The Illegality of Making Available Links to the General Public By making available links to content hosted on a file-hosting service available, access to that file is granted to the general public. Thus, there are no difficulties in establishing an infringing act, namely the act of making publicly available protected works contra Article 3 of the InfoSoc Directive. When link directories or indexing websites host these links, they host illegal content, and may thus be required – upon acquiring actual knowledge of the illegality of that content – to remove or block access to the content in question, which will be outline in the second part of this Chapter. c) The (Il)Legality of Unauthorised Streaming While peer-to-peer technology is challenging the music industry since more than a decade and direct downloaders have been entering the market, various platforms such as TVCatchup or kino.to now place additional new challenges on the broadcasting and film industry. The difference of these platforms to peer-to-peer technology or direct downloaders is that current battle-lines are drawn around retransmission or streaming of broadcasts where there is or may be no file or fixed copy and only the transient display of sound and images. Undisputed is the fact that by providing streams of copyrighted works without the consent of the copyright owners, the provider is making a copyrighted work publicly available and thereby

536

A. Online Intermediaries as the Addressees of Enforcement Measures

infringes copyright.1909 It follows from Article 3(1) of the InfoSoc Directive that for there to be a communication to the public, it is sufficient that the work is made available to the public in such a way that the persons forming that public may access it. Article 3(2) of the InfoSoc Directive, further provides for the right of making available to the public of enumerated subject matter. 1910 Recital 23 of said Directive defines the public communication right as covering “all communication to the public not present at the place where the communication originates”. As such the public communication right encompasses two distinct rights: the right to broadcast a work to the public, and the right to make the work available from a place and at a time individually chosen by members of the public.1911 In particular, the scope of the right to broadcast a work to the public has been challenged by operators of live streaming of third party TV programmes via the Internet.1912 In the US, the US Supreme Court only recently agreed to hear the ongoing dispute between several US broadcast networks, including Fox and CBS, and Aereo, a small Internet company that uses transmitters to stream television programmes over the Internet.1913 In streaming TV programmes

1909 Cf. in that respect and with regard to the platform kino.to CJEU, C-314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, Judgment of 27.03.2014, paras. 24 et seq. 1910 CJEU, C-306/05 Sociedad General de Autores y Editores de España (SGAE) v Rafael Hoteles SA, Judgment of 07.12.2006, para. 43 1911 Maurizio Borghi, Chasing copyright infringement in the streaming landscape, International Review of Intellectual Property and Competition Law 2011, 316, 320. 1912 It has to be noted that the distinction between a broadcasting and making available right is important, since these rights are subject to different legal regimes under European copyright law. In cases of making available, authors as well as holders of related rights enjoy an exclusive right to make the work available to the public. In contrast, in cases of broadcasting, holders of rights in performances and in phonogram records have only a right to an equitable remuneration under Article 8(2) of the Rental and Lending Right Directive. In addition, broadcasting is subject to the “cable retransmission right” (provided for in Articles 9–12 of the Satellite and Cable Directive). For more information on this distinction and its relevance with regard to streaming, see Maurizio Borghi, Chasing copyright infringement in the streaming landscape, International Review of Intellectual Property and Competition Law 2011, 316, 321 et seq. 1913 Aereo, Statement from Aereo CEO and founder Chet Kanoja, Press release of 10.01.2014. For the decision of the US Court of Appeals for the Second Circuit

537

Third Chapter: Content- or Intermediary-Targeted Responses

over the Internet, Aero responds to consumers demanding flexibility as to the consumption of TV programmes, meaning that they want to watch programmes on their mobile devices at any chosen time. Not surprisingly, the broadcast networks fear a loss in revenues when they lose their ability to control the use of their content: Retransmission rights are highly lucrative and are nothing that the broadcasters want to give away for free. This issue has been addressed by the CJEU in the Karen Murphy case1914 in relation to the streaming of football matches via foreign decoding devices to avoid expensive programme reception charges. According to the CJEU’s reasoning, one has to distinguish between a copyright holder’s right to control the unauthorised use of his content and the right to control the medium or channels through which his content is accessed. The central question in relation to the streaming of TV broadcasts is whether the making available of content through retransmission via another medium constitutes an infringement of the underlying work or broadcast. In 2013, the CJEU had to consider this question in the TVCatchup case when various UK broadcasters took legal action against the Internet television broadcasting service TVCatchup.1915 In this case the question arose, whether, in using streaming technology to make regular terrestrial television programmes (i.e. broadcasts that had been provided “free-to-air”) of 30.11.2012, see https://www.eff.org/files/filenode/aereo_opinion.pdf. Also see the previous case of US Supreme Court, Cartoon Network LP v CSC Holdings, 536 F3d 2008, where the Court held that retransmission over the Internet does not infringe the underlying broadcast and broadcasters’ rights based on the finding that the notion of “public” performance requires the presence of multiple persons at once and does not include the transmission of a recording to a viewer. 1914 CJEU, Joint cases C-403/08 Football Association Premier League Ltd and others v OC Leisure and others, and C-429/08 Karen Murphy v Media Protection Services Ltd., Judgement of 04.10.2011. For comments on the case see Thomas Hoeren/Julia Ariella Bilek, Die territoriale Exklusivitätsvereinbarung bei Fußball-Übertragungen – Ein Modell der Vergangenheit!, Computer und Recht 2011, 735; Bartosz Sujecki, Wettbewerbsverstoß durch territoriale Exklusivitätsvereinbarungen bei Fußball-Übertragungen, Anmerkung, Neue Juristische Wochenschrift 2012, 213–214. 1915 CJEU, C-607/11 ITV Broadcasting Ltd et al. v TVCatchup Ltd., Judgement of 07.03.2013. For a comment on the case, see Wolfgang Frhr. Raitz von Frentz/ Christian L. Masch, Anmerkung zu EuGH, Urteil vom 7. März 2013 – EUGH 2013-03-07 Aktenzeichen C-607/11 – Livestreaming, ITV Broadcasting Ltd. u. a./TVCatchup Ltd., Zeitschrift für Urheber- und Medienrecht 2013, 393–395.

538

A. Online Intermediaries as the Addressees of Enforcement Measures

available over the Internet, TVCatchup had infringed the broadcasters’ rights. The claimants had argued before the High Court of Justice that the streaming conducted by TVCatchup constitutes a communication of the works to the public which is prohibited by section 20 of the Copyright, Designs and Patents Act 1988, and by Article 3(1) of the InfoSoc Directive 2001/29.1916 The operators of TVCatchup argued that the streaming was only transmitting or retransmitting what was anyway publicly available to viewers, and that their service was only adding another medium to view the programmes which did neither constitute an interference with the respective works nor an unauthorised use of the works. The CJEU held, that the right to communication to the public includes the retransmission of programmes even though they may have been provided “free-to-air” available to the public in the same area as the retransmission took place.1917 Hence, TVCatchup needs to obtain a licence from the broadcasters if it wants to continue its retransmission service.1918 However, where public service broadcasters are concerned and TVCatchup receives and immediately re-transmits the content via cable, the cable re-transmission defence of section 73 CDPA applies.1919

1916 CJEU, C-607/11 ITV Broadcasting Ltd et al. v TVCatchup Ltd., Judgement of 07.03.2013, para.16. 1917 Ibid, paras. 26, 40 et seq. 1918 The broadcasters obtained a restraining order in the High Court requiring TVCatchup to refrain from retransmission without obtaining a licence. The Order does, however, allow TVCatchup to continue to stream public service broadcaster (PSB) channels (i.e. ITV1, Channel 4 and Channel 5) live via cable in the UK, by virtue of the cable re-transmission defence under section 73 of the CDPA 1988. See High Court, Order of 07.10.2013 – Claim no. HC10C01057, available at http://presscentre.itvstatic.com/presscentre/sites/presscentre/files/T VCatchup.pdf (last accessed on 17.05.2014). 1919 This defence was originally designed to encourage cable roll-out in the 1980s and 1990s, see Gillie Abbotts, A catch for TVCatchup – Limits of the cable defence, Entertainment Law Review 2014, Vol. 25 Issue 1, 17, 18.

539

Third Chapter: Content- or Intermediary-Targeted Responses

d) The (Il)Legality of Consumption of Streams The consumption of illegal copies by way of streaming has long been considered as being somehow in a grey area, being neither legal nor illegal. The reason for this uncertainty was the fact that while the stream is consumed, the computer produces a temporary copy of the stream to allow uninterrupted playing of the file. While diverging views may exist throughout Europe when it comes to determining whether the end-user commits a copyright infringement by consuming streams, and this question is of no relevance for this research, the following discussion will focus on this determination under German law. By focussing on one jurisdiction only, the main issues surrounding the legality of the behaviour of end-users shall be best elaborated. First of all, it is helpful to look at the position of the rights-holders to understand the underlying problem. The rights-holders argue that the enduser produces a copy from an illegal source,1920 which under German law – in contrast to for instance Dutch law – constitutes a copyright infringement. Because streaming requires a temporary storage, rights-holders will conclude that this constitutes a reproduction in the sense of § 16 UrhG.1921 For such a reproduction the users would need the authorisation of the copyright owners.1922 The majority view taken by scholars has been that the consumption of movie or music streams is in most cases not illegal even if the making available of the file by the streaming provider infringes copyright. First of all, § 53 UrhG provides for a right to make private copies of copyright-protected material under the condition that the source has not been disseminated in an evidently illegal manner, meaning that the source is neither an evidently illegal reproduction or has been made available evi-

1920 Christian Solmecke, Redtube: Wave of Streaming Letters hits Germany (12.12.2013), http://www.wbs-law.de/eng/streaming/redtube-wave-streaming-w arning-letters-hits-germany-49182/. 1921 Ibid. 1922 For an outline of the reproduction right in EU copyright law with a focus on digital reproductions and an analysis whether reproduction in part or temporary reproduction infringes the reproduction rights of the author, see Maurizio Borghi, Chasing copyright infringement in the streaming landscape, International Review of Intellectual Property and Competition Law 2011, 316, 329 et seq.

540

A. Online Intermediaries as the Addressees of Enforcement Measures

dently illegally. 1923 The evident illegality of a source has to be determined from the perspective of an objective bystander.1924 The illegality must be obvious to the objective bystander, who carries no further burden to investigate the subject-matter.1925 With regard to platforms such as kino.to the illegality of the source has been considered obvious, as Kino.to’s repertoire included mainstream movies parallel or even prior to their release in cinemas, movies with warnings that they shall only be shown to the press as well as US serial dramas and comedy prior to their release in Europe. However, there are other platforms, where the illegality of the source is not so obvious. This may include YouTube, which has many legal offers but sometimes users may upload content for which they do not hold any communication rights. Equally, the content of streaming sites that contain porn movies and snippets from porn movies, may be considered as not being an evidently illegal source.1926 With platforms that host porn movies, it is common that rights-holders make available clips or low resolution versions of their repertoire to incite user to buy the full copy or full stream. Youporn.com, the major adult movie platform where users may upload their own films, contains many clips that have been uploaded by the rights-holders themselves. This makes it particularly difficult for users to distinguish whether a clip has been uploaded by the rights-holder or with his authorisation, or is infringing copyright. Thus, also an objective 1923 The question whether a law which allows copying from illegal sources for private use is compliant with EU copyright law has recently been decided by the CJEU in Case C-435/12 ACI Adam v Stichting de Thuiskopie. The Advocate General stated in his opinion that the private copying exception only applies to copies from legitimate sources (See Opinion of the Advocate General in Case C-435/12 ACI Adam v Stichting de Thuiskopie of 09.01.2014). The CJEU essentially followed the Opinion of the AG, see CJEU, C-435/12 ACI Adam v Stichting de Thuiskopie, Judgment of 10.04.2014. 1924 See Ulrike Grübler in: Hartwig Ahlberg/Horst-Peter Götting, Beck’scher Onlinekommentar Urheberrecht (updated 01.02.2014), § 53 para. 13 with further references; Tobias Reinbacher, Strafbarkeit der Privatkopie von offensichtlich rechtswidrig hergestellten oder öffentlich zugänglich gemachten Vorlagen, Gewerblicher Rechtsschutz und Urheberrecht 2008, 394, 397 with further references. 1925 Ulrike Grübler in: Hartwig Ahlberg/Horst-Peter Götting, Beck’scher Onlinekommentar Urheberrecht (updated 01.02.2014), § 53 para. 13. 1926 This has for example been the case with the Germany directed pornography streaming site Redtube.com, see Christian Solmecke, Redtube: Wave of Streaming Letters hits Germany (12.12.2013), http://www.wbs-law.de/eng/streaming/re dtube-wave-streaming-warning-letters-hits-germany-49182/.

541

Third Chapter: Content- or Intermediary-Targeted Responses

bystander may not succeed in establishing that a clip has been disseminated in evidently illegal manner, and therefore the illegality is not obvious. Accordingly, even if one assumes that the consumption of a stream constitutes “copying”, the consumer would be able to rely on the private copying defence. Further, any copy generated during streaming on the user’s hardware is no illegal reproduction. These kind of copies may fall within the permitted temporary acts of reproduction under § 44a UrhG.1927 § 44a No.2 UrhG sets forth that “admissible acts of reproduction are temporary acts of reproduction which are brief or of an accompanying nature and which represent an integral and essential part of a technical procedure and serve the sole purpose of making possible…2. a lawful use of a work or other subject matter of protection and which are not of any independent economic significance”.1928 As regards streaming, copies are only stored for a very short time period. They have no commercial value1929 in the sense that

1927 Ronny Hauck/Sebastian Heim, Schwerpunktbereich Urheberrecht: Die rechtliche Bewertung von „Filesharing“- und „Streaming“- Sachverhalten, Juristische Schulung 2014, 303, 306; Kathleen Fangerow/Daniela Schulz, Die Nutzung von Angeboten auf www.kino.to, Eine urheberrechtliche Analyse des Film-Streamings im Internet, Gewerblicher Rechtsschutz und Urheberrecht 2010, 677, 680 et seq.; Artur-Axel Wandtke/Felix-Tessen von Gerlach, Die urheberrechtliche Rechtmäßigkeit der Nutzung von Audio-Video Streaminginhalten im Internet, Gewerblicher Rechtsschutz und Urheberrecht 2013, 676 et seq.See also as regards the exemption for temporary acts of reproduction under EU copyright law, Maurizio Borghi, Chasing copyright infringement in the streaming landscape, International Review of Intellectual Property and Competition Law 2011, 316, 332 et seq. 1928 This corresponds to the explanation of the CJEU in the Infopaq case (CJEU, C-5/08 Infopaq International A/S v Danske Dagblades Forening) with regard to the conditions for an act of reproduction to fall under the temporary act of reproduction exception, namely that the act must be (i) temporary, (ii) transient or incidental, (iii) an integral and essential part of a technological process, and (iv) that the sole purpose of that process must be that of enabling either a transmission in a network between third parties by an intermediary or a lawful use of the work, as well as (v) that the act must have no independent economic significance. 1929 Christian Solmecke, Redtube: Wave of Streaming Letters hits Germany (12.12.2013), http://www.wbs-law.de/eng/streaming/redtube-wave-streaming-w arning-letters-hits-germany-49182/.

542

A. Online Intermediaries as the Addressees of Enforcement Measures

they allow further exploitation of the work.1930 They further constitute necessary technical measures to make a lawful use possible. The lawful use requirement does not refer to the act of temporary copying but to the consumption of the stream.1931 Thus, even if one assumes that users have “stored”1932 a copy of the protected work in the volatile memory (RAM) of their computer, this act would be protected by § 44a UrhG. Considering, that when copyright works are available in digital format, any normal use of the works involves a technical act of reproduction (e.g. browsing the net produces at least temporary copies on the user’s computer), it has been observed that the making of copies is no longer “a good predictor of whether there will be distribution to the public”, and consequently of an “intent to infringe”.1933 5. The Reasons for Targeting these Services Notably, as with Peer-to-Peer file-sharing, the file-hosting as such is not illegal. However, it provides the infrastructure and means to allow large scale distribution of large files. Due to the latter, file-hosters have become specifically popular for the distribution of movies.1934 With many services it is not even necessary to download a file as one may also watch a video stream.1935 Streaming – from a user perspective – is in most jurisdictions no infringement of copyright or it is still not clear whether it may constitute an infringement. Thus, for example the US SOPA Bill contained a respective provision criminalising streaming in order to provide for legal

1930 Ronny Hauck/Sebastian Heim, Schwerpunktbereich Urheberrecht: Die rechtliche Bewertung von „Filesharing“- und „Streaming“- Sachverhalten, Juristische Schulung 2014, 303, 306. 1931 Ibid. 1932 Stored in that context has to distinguished from downloading. 1933 Maurizio Borghi, Chasing copyright infringement in the streaming landscape, International Review of Intellectual Property and Competition Law 2011, 316, 343 quoting Ernest Miller/ Joan Feigenbaum, Taking the copy out of copyright, in: Tomas Sander (ed.), Security and Privacy in Digital Rights Management, ACM CSS-8 Workshop DRM 2001 (2002), 233, 236. 1934 Jan Mölleken, Filehoster: Hehler oder Helfer?, Der Spiegel online (14.09.2010). 1935 Ibid.

543

Third Chapter: Content- or Intermediary-Targeted Responses

certainty and make it clear to users that streaming will not be tolerated. Streaming is easy and ironically, often even easier as using one of the payper-view offers of the entertainment industry.1936 They do not require specific IT literacy, registration, payment or the installation of specific software. Significantly, many users are unaware how file-hosters work. Firstly, file-hosters provide storage space on webservers allowing the storage of data. The services allow users to upload files to the host’s server – regularly free of charge and without prior registration. Often an upload does not require more than two clicks.1937 The file-hoster returns a URL to the uploader. By entering the URL into a browser or simply clicking on the hyperlink the file can then be downloaded, or – depending on the file type – watch a movie stream. Anyone that gets hold of the URL may download the file without registering or logging in. This functioning has made the service to compete with traditional Peer-to-Peer file-sharing services. URLs may disseminated at no time and thereby allow access for an undefined number of users. Usually, files cannot be accessed without the respective link. However some providers, for example 4shared.com allow anyone to search the files that users have set on public.1938 There are also a number of search masks that scan the Internet for links to files on share hosting services. Further, indexing sites like serienjunkies.org list thousands of URLs by which users may access files. Due to the bandwidth cost involved , many services slow down downloading speeds in order to encourage users to subscribe to the service with a paid premium account offering increased downloading capacity, pace and/or straight access to a file. Users without subscription often have to queue for several hours in a waiting line until they may download a file. These premium accounts may be the sole income of the provider; however, most services make money from selling advertisement space. File hosting can be profitable. In fact, for example British website NewzBin

1936 Ibid. 1937 Ibid. 1938 See 4shared’s FAQ question 31: “4shared users can search among your files only if you allow them access. To make your files from a particular folder available for public search, check the box “Public search” when sharing the folder. If you want to make all files from your account accessible for public search choose the tab “Settings” in “My Account” and then click the box “Allow to show my files in public search results”. It takes 24 – 48 hours to index the files for our search system.” http://www.4shared.com/faq.jsp#q31 (last accessed on 17.05.2014).

544

A. Online Intermediaries as the Addressees of Enforcement Measures

had in 2009 a turnover in excess of GBP 1million, amounting to a profit in excess of GBP 360,000 and paid dividends on ordinary shares of GBP 415,000.1939 Although NewzBin was not a file-hosting service itself, but a mere indexing website that linked to downloadable files and offered premium accounts to its users, these figures indicate the potential for such services. Access to content on the basis of a paid subscription means in fact, that users are not getting (infringing) content for free. The money-generating aspect is of course a thorn in the flesh of rightsholders. While with peer-to-peer file-sharing, users were able to obtain files for “free”, the use of file-hosting services means that a third party indirectly even may generate revenues from copyright infringements. Even though, major file-hosting services such as Rapidshare or 4shared.com claim that they take copyright infringement serious and do not allow users to use their service for copyright infringement,1940 rightsholders struggle to accept this and argue that they wilfully turn a blind eye on copyright infringements or even incite those. Of course, they are also a number of “black sheep” that act under the disguise of providing a legal service. Following the investigations into the activities of Megaupload.com, which was shut down by US authorities in January 2012, the US Ministry of Justice announced, that Megaupload was more than willing to turn a blind eye on copyright infringement.1941 Finally, even if the operators of file-hosting platforms cooperate in stopping copyright infringements, the storage of a file on their service is not illegal, and thus it is doubtful whether they can be forced to delete the file. The infringing act is the making available of the URL leading to a file. How courts deal with this issue will be central to the analyses in this Chapter.

1939 High Court, Twentieth Century Fox Film Corporation and others v NewzBin Ltd [2010] EWHC 608 (Ch) (NewzBin 1), para. 15. 1940 See for example 4shared’s policy towards copyright infringement, stating that “4shared.com takes copyright violation very seriously and is committed to protecting the rights of copyright owners”, http://www.4shared.com/dmca.jsp (last accessed on 17.05.2014). 1941 Felix Knoke, Kim Dotcom: US-Justizministerium legt seine Erkenntnisse gegen Megaupload vor, Der Spiegel online (23.12.2013). It has even be reported that employees of Megaupload themselves uploaded materials.

545

Third Chapter: Content- or Intermediary-Targeted Responses

III. Technological Challenges If the actual infringer of copyright i.e. the person that uploaded a file or made a file available to the public, cannot be identified or resides outside the jurisdiction concerned, it will usually be the content that will be targeted. Targeted in that sense means that either the content is deleted or access is blocked. This research focuses on the latter, namely cases where deletion of content is not possible, because for instance the host provider does not cooperate (if outside jurisdiction) or because deletion cannot be required. There are a number of mechanisms for blocking access to particular content. In the following blocking refers to refusing users access to certain web pages without the cooperation of the content provider, the host provider and the owner of the client machine.1942 Thus, the sole focus will be at blocking measures implemented or to be implemented by access providers. The following paragraphs will look into the technical details of different ways of blocking including their implementation, cost and side effects. When analysing the proportionality of filtering in terms of potential violations of fundamental rights, the focus will shift to the efficacy of any of these filtering schemes. In this context, tools enabling the circumvention of blocking will be looked at. 1. Filtering and Blocking Techniques Several techniques are available to block access to websites with infringing content. Four currently-available techniques as well as hybrid options that could potentially be used to improve the accuracy and robustness of blocking are briefly outlined in the following.

1942 Cf. The similar definition in Maximilian Dornseif, Government mandated blocking of foreign Web content, in: Jan von Knop/Wilhelm Haverkamp/Eike Jessen (eds.), Security, E-Learning, E-Services: Proceedings of the 17. DFNArbeitstagung über Kommunikationsnetze (2013), Lecture Notes in Informatics, p. 618.

546

A. Online Intermediaries as the Addressees of Enforcement Measures

a) Internet Protocol Address Blocking Internet Protocol (IP) address blocking or IP blocking refers to the blocking of particular IP addresses by discarding Internet traffic destined for the blocked website. As outlined in the first Chapter, in Internet based communication, computers are addressed by their IP address, which identifies a host taking part in Internet communication. The IP address is a number in the range between 0 and 4 billion, usually written as four numbers separated by dots, e.g. 158.64.76.51. IP address blocking is implemented in network devices (known as border gateway routers) which Internet access providers operate to send user communications to their destinations based on the destination IP address. An Internet access provider can modify its routers to discard communications destined for the IP address of the website in question (packet dropping) or route them to an IP address defined by the Internet service provider that is different from the actual IP address of the requested website.1943 Thus, the user’s communication to a website is blocked although his computer uses the correct IP address for the website. IP address blocking can be a low cost model depending on the scope of blocking i.e. the number of IPs to be blocked.1944 The key problem with IP address blocking is that many addresses are shared between multiple content providers (shared webhosting).1945 If a particular IP address is blocked, then all of the web content under that particular IP address will become inaccessible.1946 Hence, there is an obvious risk of over-blocking when barring particular IP addresses. Websites that share the same IP address will be unavailable.1947

1943 See Ofcom, ‘Site blocking‘ to reduce online copyright infringement: A review of sections 17 and 18 of the Digital Economy Act (27.05.2011), p. 28. 1944 Richard Clayton, Harmful Content on the Internet and in Video Games (2008), p. 1. 1945 Richard Clayton, Anonymity and traceability in cyberspace (2005), Technical Report UCAM-CL-TR-653, p. 118; See also Benjamin Edelman, Web sites sharing IP addresses: Prevalence and Significance (September 2003) . 1946 See Holger Bleich/Axel Kossel, Verschleierungstaktik: Die Argumente für Kinderporno-Sperren laufen ins Leere, Der Spiegel Online (17.04.2009). 1947 Richard Clayton, Anonymity and traceability in cyberspace (2005), Technical Report UCAM-CL-TR-653, p. 115.

547

Third Chapter: Content- or Intermediary-Targeted Responses

When the German Internet access provider Arcor in 2007 used IP blocking to block access to several pornographic websites, this led to massive collateral damage.1948 One of the websites Arcor had been asked to block was Privatamateure.com, which was attributed the IP address 64.202.189.170.1949 Under this address not only Privatamateure.com could be found but also more than 3.5 million single websites, for example a Bollywood fanpage, a Linux-Kernel-Debugger, a Wi-Fi network initiative and an ICT congress.1950 Users that tried to access one of the websites were confronted with an error message “Netzwerk-Zeitüberschreitung”. Furthermore, IP address locking does not differentiate between a whole platform as such and individual subpages. Only the whole of a website could be blocked, rather than the individual part identified as illegal. Thus, if Facebook.com contained illegal content on one user’s profile, the whole of Facebook would be affected by the blocking of its IP address. b) Domain Name System Name Blocking It is also possible to subvert the Domain Name System (DNS) so that websites cannot be located. This is also known as DNS poisoning1951 and was considered by Ofcom to be the blocking technique that could be implemented with least delay.1952 As mentioned before, the DNS is the system that associates/”translates” a cryptic IP address (such as: 158.64.76.51) that Internet service providers use to route traffic to the web server which operates a website to domain name (such as: www.uni.lu) which are easier to remember than mere sequences of numbers. Internet service providers operate DNS servers that

1948 The blocking attempt was a pure voluntary measure by Arcor. See Urs Mansmann, Arcor sperrte zahlreiche Websites, Heise online (17.09.2007). 1949 Stefan Krempl, Arcor muss YouPorn sperren, Heise online (19.10.2007); Konrad Lischka, Fehlerhafte Zensur-Methode: Arcor stoppt den Porno-Filter, Der Spiegel online (17.09.2007). 1950 Ibid. 1951 Richard Clayton, Anonymity and traceability in cyberspace (2005), Technical Report UCAM-CL-TR-653, p.118. 1952 Ofcom, ‘Site blocking‘ to reduce online copyright infringement: A review of sections 17 and 18 of the Digital Economy Act (27.05.2011), p. 43. As regards a detailed outline of the functioning of DNS name blocking see Ibid, pp. 31 et seq.

548

A. Online Intermediaries as the Addressees of Enforcement Measures

their customers’ computers automatically call upon to identify which IP address corresponds to a particular DNS name.1953 This is necessary in order to resolve the website in question. In simple terms, DNS name blocking would block that translation. This can be done by manipulating the domain name resolution by way of removing or modifying the records of the IP address for a particular DNS name. Instead of resolving the domain name to an IP address, an invalid response along the lines of “host not found” will be given.1954 A user may also be directed to an IP address defined by the Internet service provider that in actuality does not correspond to the DNS name. This makes all content hosted within a particular domain inaccessible.1955 This scheme permits the blocking of individual websites without intervening with further sites that share the same IP address. The scheme is even low cost if thousands of domain names are blocked.1956 One of the drawbacks of DNS Blocking is that it – like IP Blocking – does not distinguish between a large website as such and only parts thereof.1957 Thus, it is a hardly feasible solution for blocking of certain content on for example facebook.com. An advantage is that – although over-blocking exists – over-blocking does not take place in the same scope as with IP blocking, because the blocking does not extend to other websites that are hosted under the same IP address. Nevertheless, the blocking extends to other websites under the same domain, which may have nothing to do with the illegal content that is targeted. DNS name blocking is also easy to circumvent, because the websites are still accessible by typing the numeric IP address into the address

1953 Each Internet service provider operates its own DNS servers, which he may easily manipulate. See Holger Bleich/Axel Kossel, Verschleierungstaktik: Die Argumente für Kinderporno-Sperren laufen ins Leere, Der Spiegel online (17.04.2009). 1954 Maximilian Dornseif, Government mandated blocking of foreign Web content, in: Jan von Knop/Wilhelm Haverkamp/Eike Jessen (eds.), Security, E-Learning, E-Services: Proceedings of the 17. DFN-Arbeitstagung über Kommunikationsnetze, Lecture Notes in Informatics (2013), p. 624. 1955 Richard Clayton, Anonymity and traceability in cyberspace (2005), Technical Report UCAM-CL-TR-653, p.118. 1956 Ibid. 1957 Ibid; Ofcom, ‘Site blocking‘ to reduce online copyright infringement: A review of sections 17 and 18 of the Digital Economy Act (27.05.2011), p. 34.

549

Third Chapter: Content- or Intermediary-Targeted Responses

field.1958 Alternatively, users may enter a foreign DNS server into their operating system, which does not block the translation.1959 DNS name blocking may be of limited value in the longer term.1960 First of all, it puts at risks the fundamental interconnection principle, which lies at the very heart of the Internet, by letting single jurisdictions decide unilaterally who can find what on the Internet. The principle of domain name universality requires that all domain name servers, irrespective of their location, will return the same answer when queried with respect to an Internet address.1961 This core principle would be undermined if domain name servers ceased resolving specific domain names to the respective IP address. According to a technical study by experts in the field of network security, DNS blocking indeed poses a serious threat to cybersecurity.1962 DNS is one of the protocols upon which almost every other protocol and most applications rely upon to operate correctly. Furthermore, DNS blocking would break on-going attempts to make the Internet more secure against malicious use.1963 It would for example render the planned security protocol Domain Name System Security Extensions (DNSSEC)1964 inoperable.1965 DNSSEC will authenticate and verify domain name queries to reduce the illegal use of computers, for example by Trojans via a DNS change. Under DNSSEC, users attempting to access a blocked site would no longer be re-directed to an alternative webpage and thus, would be unable to figure out whether they are faced with a law-

1958 It has been argued that this blocking mechanism is a blocking for “Fritzchen Doof”, see Holger Bleich/Axel Kossel, Verschleierungstaktik: Die Argumente für Kinderporno-Sperren laufen ins Leere, Der Spiegel Online (17.04.2009). 1959 Ibid. 1960 See Ofcom, ‘Site blocking‘ to reduce online copyright infringement: A review of sections 17 and 18 of the Digital Economy Act (27.05.2011), p. 5. 1961 Mark Lemley/David Levine/David Post, Don't break the Internet, Stanford Law Review Online 2011, Vol. 64, 34, 35. 1962 Steve Crocker/David Dagon/Dan Kaminsky/Danny McPherson/Paul Vixie, Security and other technical concerns raised by the DNS filtering requirements in the PROTECT IP Bill (2011). 1963 Mark Lemley/David Levine/David Post, Don't break the Internet, Stanford Law Review Online 2011, Vol. 64, 34, 35. 1964 DNSSEC is a new technology designed to add confidence and trust to the Internet. DNSSEC ensures that DNS data are not modified by anyone between the data provider and the consumer. 1965 Cf. Ofcom, ‘Site blocking‘ to reduce online copyright infringement: A review of sections 17 and 18 of the Digital Economy Act (27.05.2011), p. 42.

550

A. Online Intermediaries as the Addressees of Enforcement Measures

ful blocking sanction imposed by a court or malicious activity on their DNS query.1966 As relates DNS blocking even the US White House, which otherwise has been fond of access blocking to piracy websites, declared during the discussions on anti-piracy bills that DNS blocking poses a risk to cybersecurity, and legislation that drives users to dangerous, unreliable DNS servers must be avoided.1967 c) Uniform Resource Locator Site Blocking A rather precise technology for barring access to content is uniform resource locator (URL) site blocking, also known as URL filtering.1968 In comparison to IP or DNS blocking, URL filtering allows for quite precise blocking of specific parts, i.e. a specific file, directory or server. This scheme involves the use of proxy machines that interpose themselves between the requestor and the remote content.1969 This means, that the Internet service provider arranges that a request is transferred to a proxy which pretends to be the requested machine. The proxy can filter materials that pass through and search for the URLs of for instance images or videos that are on a blacklist.1970 As mentioned above, this allows filtering to be rather precise. Overblocking as with IP or DNS blocking may hence be avoided. The drawback of URL filtering is, that it is very costly. It can be extremely expensive for Internet service provider to implement URL filtering as all traffic must be processed over the proxy.1971 In practice, service providers would have to run multiple proxies in order to avoid single

1966 See ibid, p. 5. 1967 Victoria Espinel/Aneesh Chopra/Howard Schmidt, Combating online piracy while protecting an open and innovative Internet: Official White House response to stop the E-PARASITE Act (2012). 1968 For a detailed account of the functioning of URL blocking see Ofcom, ‘Site blocking‘ to reduce online copyright infringement: A review of sections 17 and 18 of the Digital Economy Act (27.05.2011), pp. 35 et seq. 1969 Ibid, p. 36. 1970 Ibid, p. 2. 1971 See Holger Bleich/Axel Kossel, Verschleierungstaktik: Die Argumente für Kinderporno-Sperren laufen ins Leere, Der Spiegel Online (17.04.2009).

551

Third Chapter: Content- or Intermediary-Targeted Responses

points of failure.1972 A redundant performance would thus require huge hardware resources. d) Deep Packet Inspection-Based Blocking Deep packet inspection (DPI) schemes examine the content of communication.1973 The service provider’s network management system will be configured to monitor traffic, i.e. the packets of data to and from customers. This packet inspection can be applied at two levels, namely shallow and deep. Shallow packet inspection is conducted by monitoring and blocking traffic to specific IP addresses, port and protocol combinations.1974 By deep packet inspection the content of a network packet will be examined for prior defined characteristics or values.1975 Where packets are fragmented during transmission, the DPI device will reassemble those packets in order to analyse their content. If content is detected that matches certain pre-defined properties, for instance traffic destined for a blocked site, the DPI device can break the connection or drop traffic destined for the blocked website.1976 It is also possible to block outbound encrypted traffic connection requests to a known, specific IP address by so called access control lists (ACL). 1977 The user’s connection to the URLs on the ACL will be reset or blocked. However, unlike with URL filtering, there are no proxies involved in the filtering process. If the network management system detects a bad connection, further packets will be discarded.

1972 Ibid. 1973 For an overview of discussions about deep packet inspection for copyright enforcement in Europe and the US see Milton Mueller/Andreas Kuehn/ Stephanie Michelle Santoso, Policing the Network: Using DPI for Copyright Enforcement, Surveillance & Society 2012, Vol. 9 Issue 4, 348–364. For a detailed account of the functioning and robustness of deep packet inspection see also Ofcom, “Site blocking” to reduce online copyright infringement: A Review of sections 17 and 18 of the Digital Economy Act (27.05.2011), pp. 39 et seq. 1974 See Ofcom, “Site blocking” to reduce online copyright infringement: A Review of sections 17 and 18 of the Digital Economy Act (27.05.2011), p. 39. 1975 Ibid. 1976 Ibid. 1977 Ibid.

552

A. Online Intermediaries as the Addressees of Enforcement Measures

Of all the techniques outlined, DPI-based filtering is the only one to be able to catch all forms of unencrypted traffic. Deep packet inspection is an expensive but yet cheaper scheme than URL filtering,1978 however, it may only be deployed by larger Internet service providers considering the investment that must be taken.1979 Deep packet inspection as a filtering mechanism is known for being employed by the Chinese Government to censor the Internet for its residents.1980 It is a key part of the Chinese “Great Firewall of China”.1981 e) Hybrid Systems – The Example of CleanFeed Hybrid systems combine at least two of the above enlisted blocking schemes. The result may be a cheaper, but yet more effective and precise means for content blocking. One may couple DNS name blocking with shallow packet inspection, DNS name blocking with URL blocking and DNS blocking with DPI-based blocking. By for example combining DPIbased blocking with URL blocking, one may avoid the blocking of further websites that share the IP address with the target website. The combination also allows for the blocking of only a portion of a website while leaving the remainder of the site accessible. The UK looks back at a relatively long experience with a hybrid content blocking system. CleanFeed was created in 2003 and implemented in June 2004 by Britain’s then largest Internet Provider British Telecom (BT).1982 All UK Internet service providers were instructed by the Home Office to implement a version of Cleanfeed by the end of 2007 on a voluntary basis or face legal compulsion. CleanFeed as a government-mandated programme was initially designed to target solely child sexual abuse materials identified as such by the UK Internet Watch Foundation (IWF).1983 The programme attempts to

1978 1979 1980 1981 1982 1983

Ibid. Ibid, p. 40. Ibid. Ibid. Martin Bright, BT puts block on child porn sites, The Observer (06.06.2004). As regards the status and the role of the IWF: In 1996 the Metropolitan Police notified the Internet Service Providers Association (ISPA) that some newsgroup content being carried by UK Internet service providers (ISPs) were indecent images of children. The police believed this may have constituted a publication

553

Third Chapter: Content- or Intermediary-Targeted Responses

block such content that is located outside of the UK.1984 The filtering system is a hybrid system of IP address blocking and DPI-based URL filtering and treats particular IP addresses special. It thus incorporates both redirection of traffic and the use of web proxies.1985 It is intended to be very precise in what it blocks, while at the same time being a low-cost model to build and operate. Accordingly, Internet traffic is filtered in a two-stage process. First of all, the IWF maintains a database of URLs that offence under the Protection of Children Act 1978 (England and Wales) by the ISPs. Efforts were then undertaken to find a way to combat the hosting of such content in the UK whilst protecting the Internet industry from being held criminally liable for providing access to the content. Following discussions between the former Department of Trade and Industry (DTI), the Home Office, the Metropolitan Police, some ISPs and the Safety Net Foundation (formed by the Dawe Charitable Trust) an R3 Safety Net Agreement regarding rating, reporting and responsibility was created by ISPA, the London Internet Exchange (LINX) and the Safety Net Foundation. A key outcome of the Agreement was the formation of the Internet Watch Foundation (IWF). The IWF as a Hotline was formally launched in December 1996 to combat child sexual abuse images and criminally obscene adult content hosted in the UK. The IWF was established to fulfil an independent role in receiving, assessing and tracing public complaints about child sexual abuse content on the Internet and to support the development of website rating systems. The intention was to provide members of the public with one single point of contact to report on the presence of child abuse materials on the Internet. Since its formation the IWF has been actively engaged in operating this Hotline service for the public to report potentially criminal content and providing a “notice and takedown” service to advise ISPs in partnership with the Police Services in the UK to effect its removal. See Internet Watch Foundation, IWF History, https://www.iwf.org.uk/about-iwf/iwf-history (last accessed on 17.05.2014). 1984 It has to be noted that for content inside the UK, law enforcement authorities will address the provider of that content directly as he is under UK jurisdiction. The experts at the IWF are to establish whether a report referred to an illegal image of a child. If illegality is established then the URL on which the material is hosted will be put on the IWF blacklist. The ISPs then have to remove the content from all of their news servers (in case of Usenet) or block access to this content on websites they do not control. The blacklist is updated twice daily. The IWF accepts reports of content irrespective of where in the world it is hosted. The UK police also reports UK material directly. Materials hosted outside the UK are reported to the National Criminal Intelligence Service (NCIS) which will pass the report via Interpol to the relevant national authority where the website is hosted (see Richard Clayton, Anonymity and traceability in cyberspace (2005), Technical Report UCAM-CL-TR-653, p. 116). 1985 Richard Clayton, Anonymity and traceability in cyberspace (2005), Technical Report UCAM-CL-TR-653, p. 116

554

A. Online Intermediaries as the Addressees of Enforcement Measures

have been inspected and keep a record/blacklist of when they led to illegal material. While some websites remained accessible for a considerable time, some countries take down illegal content upon notification expeditiously. If illegal content is not removed or blocked at its origin, Cleanfeed comes into play. The routers at the Internet service providers redirect traffic to IP addresses that match domains appearing in URLs on the IWF blacklist. Instead of simply blocking the addresses in question, they are passed through HTTP proxy servers which then conduct the actual filtering by matching HTTP requests to destinations on a more specific blacklist. By combining the easy and cheap IP blocking with the more costintensive and elaborated URL filtering, it is a more exact scheme for less cost. It has the exactness of the proxy scheme, and in comparison to the single URL filtering has to deal with less traffic.1986 Proxies can be smaller and thus cheaper. When the German Internet access provider Arcor used IP blocking to block access to several pornographic websites, for example Privatamateure.com, this led to the traffic to Privateamateure.com and inter alia a Bollywood fan page under the same IP address being blocked in 2007.1987 By employing a hybrid system like Cleanfeed, the traffic would have been redirected to a proxy, that would permit access to the fan page whilst blocking the adult content. However, Cleanfeed is not immune against producing collateral damage as could be learned from the Virgin Killer cover incident.1988 The depiction of the album cover the German rock band Scorpions was reported as potentially illegal content (indecent image of a child) to the IWF, which subsequently put the URL of the Wikipedia article on the album on their blacklist.1989 As a direct consequence the article and image was not accessible for UK based readers of the English Wikipedia. However, indirectly, all editors using the UK Internet access providers were prevented from contributing to or editing any page of Wikipedia.1990 This was due to the

1986 Richard Clayton, Harmful Content on the Internet and in Video Games, p. 2. 1987 See Urs Mansmann, Arcor sperrte zahlreiche Websites, Heise online (17.09.2007). 1988 The incident concerned a depiction of the cover of German rock band Scorpions' 1976 studio album Virgin Killer on Wikipedia. The controversial cover artwork depicted a young girl posing nude, with a faux glass shatter obscuring her genitalia. See Raphael Satter, Wikipedia article blocked in UK over child photo, The Independent (08.12.2008). 1989 Ibid. 1990 Ibid.

555

Third Chapter: Content- or Intermediary-Targeted Responses

proxies used to access Wikipedia, as Wikipedia implements a blocking policy whereby contributors can be blocked if they vandalise the encyclopaedia. As all traffic towards Wikipedia was redirected through proxies, the affected Internet service providers shared a relatively small number of IP addresses.1991 Consequently, vandalism directed through a proxy, would lead to the IP address of that proxy being blocked by Wikipedia. In the end, Wikipedia could no more distinguish users committing vandalism from others complying with Wikipedia’s terms of use.1992 The editing ban for most UK users was the result of two mutually incompatible content regulation systems. Although Cleanfeed did not directly cause the Wikipedia editing ban, the incident shows that filtering can have severe effects on network accessibility and infrastructure. 2. Circumvention Tools It has been argued that all the existing content blocking schemes are relatively easy to circumvent or as an expert puts it “trivial to evade”. 1993 An in-depth analysis of circumvention tools would go beyond the scope of this research, thus, in the following the different tools will only be addressed briefly. Two of the major tools to circumvent blocking are encryption and proxy services. Taking into account further available tools, one may distinguish between circumvention tools available to website operators and users. In light of the available circumvention techniques, it should be possible to get an estimate of the efficacy of the various blocking schemes.

1991 Becky Hogge, IWF censors Wikipedia, chaos ensues, Open Rights Group (08.12.2008). 1992 Ibid. 1993 See Thorsten Schreier, Düsseldorfer Sperrungsverfügung: Warum ein Provider erfolgreich war, MultiMedia und Recht 3004, 297 – 298; Ofcom, “Site blocking” to reduce online copyright infringement: A Review of sections 17 and 18 of the Digital Economy Act (27.05.2011), p. 5.

556

A. Online Intermediaries as the Addressees of Enforcement Measures

a) Circumvention Tools available to Website Operators The following only lists a few examples that particularly illustrate different approaches to circumvent blocking by the website providers themselves. aa) Change of IP Address and/or Additional Domain Names This sounds rather trivial but is highly effective to bypass court orders that order the blocking of access to the website. It is an effective tool where the blocking is conducted by IP filtering. The content provider simply changes the IP address of the host running the web server software. The DNS will automatically allow the user’s web browser to start communication with the new IP address.1994 However as simple as this may sound, it can get rather complicated if the IP address needs to be changed several times a day.1995 Similarly website operators could operate a so-called Fast Flux network, whereby – in simple terms – users of a blocked site could choose to use specific software which would associate hundreds or thousands of IP addresses with a blocked website which could change as often as every few minutes.1996 If blocking is conducted via DNS poising or filtering http proxies, a simple yet effective measure is the change of the domain name. Alternative domain names will regularly not be subject to the blocking order.1997

1994 Maximilian Dornseif, Government mandated blocking of foreign Web content, in: Jan von Knop/Wilhelm Haverkamp/Eike Jessen (eds.), Security, E-Learning, E-Services: Proceedings of the 17. DFN-Arbeitstagung über Kommunikationsnetze, Lecture Notes in Informatics (2013), pp. 617 et seq. 1995 Ibid. Dornseif refers to an example that was often referred to in Literature at that time, namely the Dutch provider xs4all which in 1997 was changing IP addresses on an hourly basis to circumvent being blocked. 1996 For a thorough technical account of the functioning of a Fast Flux Network, see Jamie Riden, How Fast-Flux service networks work, The Honeynet Project (16.08.2008). 1997 Dornseif states that for instance http://nazi-lauck-nsdapao.com/, a website that was ordered to be blocked in Germany, was subsequently accessible via the domain names auschwitz.biz, bundesinnenministerium.biz, bundesinnenministerium.us, bundesjustizministerium.com, bundesjustizministerium.net, bundesjustizministerium.org, bundesjustizministerium.us, bundesrepublikdeutsch-

557

Third Chapter: Content- or Intermediary-Targeted Responses

The content provider can thus evade blocking by using additional domain names pointing to the same content on the same host server.1998 Although, the user needs to be informed somehow of the new domain name so that he will be able to access it at all, it seems that such information spreads relatively quickly. For example, following an order by a Belgian court requiring Belgian Internet service providers to initiate DNS blockades of domains connected to the Pirate Bay, the Pirate Bay registered a new domain: depiraatbaai.be, which is the literal translation of The Pirate Bay in Dutch.1999 Users that accessed the standard domain from a Belgian IPaddress were instantly redirected to the new home. bb) Proxy Services, Anonymising Services and Virtual Private Networking Operators of blocked websites may make use of anonymous web proxy providers. A server will then act as an intermediary between the end-user and the website operator; equally, anonymising services may prevent that the Internet access provider becomes aware that the end-user is seeking access to the blocked website.2000 In order to bypass IP address, DNS name or URL blocking, the operator of a blocked website may offer encrypted network services which obscure the true network address. 2001 Virtual private networks (VPN) and anonymous proxies may be used to bypass inter alia DPI-based blocking or URL blocking. VPNs enable the extension of private networks across the Internet. This means that data is sent and received across the Internet as if

1998 1999 2000 2001

558

land.us, hitlerwasright.info, kanzleramt.us, nordrhein-westfalen.biz, nsdap.info, verfassungsschutz.biz, verfassungsschutz.us, zensurfrei.com and zuwanderungskommission.com. See Maximilian Dornseif, Government mandated blocking of foreign Web content, in: Jan von Knop/Wilhelm Haverkamp/Eike Jessen (eds.), Security, E-Learning, E-Services: Proceedings of the 17. DFNArbeitstagung über Kommunikationsnetze, Lecture Notes in Informatics (2013), p. 617. Ibid. Ernesto, The Pirate Bay adds domain to bypass court order, TorrentFreak (05.10.2011). Ofcom, “Site blocking” to reduce online copyright infringement: A Review of sections 17 and 18 of the Digital Economy Act (27.05.2011), p. 29. Ibid.

A. Online Intermediaries as the Addressees of Enforcement Measures

it is directly connected to the private network. Encryption and other security measures are deployed to guarantee that the data cannot be viewed by third parties.2002 cc) Mirroring Mirroring is strictly speaking not a circumvention tool as it does not circumvent a blocking mechanism. It rather refers to copies of the content being made available from different host location. The technique is commonly used to reduce resource usage on a host and to increase availability of content. A mirror is a host that retrieves the content from the original source and publishes it as a website.2003 Retrieval and publication takes place regularly and often automated. The effect of mirroring is that the content is made available from more than one source. Thus, although content from one source may be blocked, it will still be accessible on the mirrored site as long as this site is not blocked as well. With web 1.0 websites, i.e. websites that were rather static with little interactive features, mirroring could easily be done. However, modern, dynamic systems where user contribute content or database driven websites require great effort for mirroring.2004 Thus, although practicable when it comes to the circumvention of blocking, this technique has become of very limited relevance. b) Circumvention Tools available to Users As with the circumvention tools available to website operatory, the following only lists a few examples that particularly illustrate different approaches to circumvent blocking by end-users. While some of them are only

2002 Ibid,p. 33. 2003 Maximilian Dornseif, Government mandated blocking of foreign Web content, in: Jan von Knop/Wilhelm Haverkamp/Eike Jessen (eds.), Security, E-Learning, E-Services: Proceedings of the 17. DFN-Arbeitstagung über Kommunikationsnetze, Lecture Notes in Informatics (2013), p. 632. 2004 Ibid, pp. 632 et seq.

559

Third Chapter: Content- or Intermediary-Targeted Responses

addressed very briefly, a closer look will be taken on the functioning of TOR as a tool to hide the origin of a request. aa) Encryption Encryption became popular in peer-to-peer file-sharing as it allowed filesharing to continue at full speed where it was otherwise slowed down by blocking systems and traffic shaping. If traffic is encrypted, schemes that examine packets to determine what they contain, are no longer of use. It is not feasible to block any encrypted traffic on the assumption that it contains illegal materials – a lot of traffic is encrypted anyway for example such that contains personal data when shopping online. However, encrypted traffic defeats any system that relies on examining packets in order to determine what they contain.2005 bb) Proxy Services, Anonymising Services and Virtual Private Networking In order to bypass inter alia DNS name blocking, end-users may use anonymous web proxy services or other anonymising services.2006 Proxy services hide the IP addresses of their users from the public. With servers outside of the jurisdiction concerned, this means that domestic blocking can be bypassed. Accordingly, a German user may want to use a Swiss proxy which is not bound on German rules on what to block. The Swiss proxy will not filter and thereby allow access to otherwise blocked content. Connections to proxies are encrypted.2007 Encryption allows for anonymity and some individuals rely on anonymity for legitimate use of the Internet (for exam-

2005 See UK Parliament, Select Committee on Culture, Media and Sport, Memorandum submitted by Dr Richard Clayton (2008), para. 11. 2006 For an account of which proxies are available, see Enigmax/Ernesto, Review: Is your VPN service really anonymous?, TorrentFreak (02.01.2014). For the functioning of the anonymising service BTGuard see Ernesto, BTGuard review: How does it work?, TorrentFreak (19.01.2013). 2007 Ibid.

560

A. Online Intermediaries as the Addressees of Enforcement Measures

ple those posting from the Arab Spring), thus blocking proxies will have a severe impact on human rights. The use of proxies is easy, even for non-It-literate end-users. There are also more complex anonymity systems available such as TOR2008, where the concealing of origin allows the circumvention of access blocking. Initially, TOR was developed by the US Navy to permit them surfing the Internet without revealing their identity. The abbreviation TOR stands for “the onion router”. “Onion routing” refers to the layers of encryption used when using TOR. The TOR software directs Internet traffic through a volunteer-run network consisting of numerous relays to conceal a user’s location or usage from anyone conducting network surveillance or traffic analysis.2009 Instead of a taking a direct route from source to destination, data packets are encrypted and re-encrypted multiple times, and take a random pathway through several TOR relays that cover the user’s tracks so no observer at any single point can tell where the data packet came from or where it is going.2010 By this, TOR prevents that third parties monitor which websites are accessed from a certain IP address, but it also lets the TOR user access websites which are blocked by evading geographic content-blocking. This means that a TOR user located in Germany may be assigned a Russian IP address; as for Russian users for example www.kino.to is not blocked, he may then access the website. A user that wants to use TOR has to install the TOR software on his computer. But there is also a version of TOR, the TOR-Browser-Bundle2011, which does not require the installation of any TOR software: it runs off a USB flash drive, comes with a pre-configured web browser and is selfcontained. Hence, the usage of this circumvention tool does not require IT literacy anymore.

2008 See www.torproject.org. 2009 The distributed network of relays used by the TOR software is run by volunteers around the world, such as for example the Chaos Computer Club in Germany. 2010 See Tor project: Overview, https://www.torproject.org/about/overview.html.en (last accessed on 13.08.2013). 2011 https://www.torproject.org/projects/torbrowser.html.en (last accessed on 13.08.2013).

561

Third Chapter: Content- or Intermediary-Targeted Responses

Also the modified Firefox browser that is offered by The Pirate Bay in order to guarantee access to their website which is blocked in at least seven European countries2012, uses the TOR-Browser-Bundle.2013 Users may also turn to VPN clients to bypass blocking. VPNs enable the extension of private networks across the Internet, meaning that data is sent and received across the Internet as if it is directly connected to the private network. c) The Efficiency of Blocking The analysis shows that even if Internet service providers are forced to implement blocking schemes, their subscribers may succeed in accessing the blocked materials, either because they circumvent the blocking themselves or the operator of a blocked website changes the location of the websites in question. However, just because it is possible for the end-users and website operators to circumvent blocking, this does not mean that in practice they will all do so.2014 Several factors may play a role, when it comes to the usage of circumvention techniques including the convenience and prevalence of such techniques.2015 It can however be established, that none of the techniques available to users necessarily requires a high level of technical expertise. It may rather require the acquisition of additional expertise beyond the knowledge an ordinary Internet user already possesses. In that respect, the Ofcom report on website blocking found that “knowledge of how site operators and end users can work around blocks is widely distributed and easily accessible on the Internet”.2016 The question then is whether users are willing to expend time and effort to expand their knowledge on blocking and circumvention. As Ofcom noted, bypassing of blocking is “not technically

2012 For example in the UK: High Court, Dramatico Entertainment Ltd and others v BT PLC and orthers [2012] EWHC 268 (Ch). 2013 Spiegel Online, "The Pirate Bay": IT-Experten warnen vor Piraten-Browser, Der Spiegel Online (13.08.2013). The Pirate Bay announced the launch of the browser under the heading “no more Censorship” right in time for the 10th year anniversary of the platform. 2014 See Ofcom, ‘Site blocking‘ to reduce online copyright infringement: A review of sections 17 and 18 of the Digital Economy Act (27.05.2011), p. 6. 2015 Ibid. 2016 Ibid, p. 51.

562

A. Online Intermediaries as the Addressees of Enforcement Measures

challenging and does not require a particularly high level of skill or expertise”,2017 which would also mean that the necessary time and effort is limited. Even elaborated hybrid blocking mechanisms like Cleanfeed can as easy be circumvented as single blocking schemes, for instance via VPNs or anonymising services.2018 Ultimately, blocking is never perfect, and may only undermine the viability of infringing content for some users – though these users may amount to the majority of Internet users. Blocking rather makes accidental access of blocked websites unlikely, access requires a certain degree of active circumvention, so that casual and unintentional infringers are deterred (in case that they do not use the circumvention tools described above by default). IV. Resume The circumstances have been outlined that make it attractive for rightsholders to address online intermediaries, access providers and host providers, as the natural gatekeepers to online communication. With online intermediaries having the capacities to act as guardsmen, they have been targeted by rights-holders since the advent of the Internet. While targeting enforcement against individual users can be costly and lengthy, and seems to have limited effect as concerns the scope of infringements, targeting intermediaries is considered more promising. New services that have become subject to legal action in the recent past include file-hosting services, streaming services, link directories and torrent indexing sites. The popularity of file-hosting and streaming is not only owed to users migrating from peer-to-peer file-sharing because they fear detection, but is also owed to technological progress. Smart devices, such as smart TVs, smartphones and tablet pcs, are changing the way media is consumed. It is no longer necessary to download files as they can be consumed via streaming technology everywhere and at any time. Filehosting services, especially cloud storage services, are also becoming essential for back-ups of mobile devices, and to allow access to materials 2017 Ibid. 2018 Holger Bleich/Axel Kossel, Verschleierungstaktik: Die Argumente für Kinderporno-Sperren laufen ins Leere, Spiegel Online (17.04.2009).

563

Third Chapter: Content- or Intermediary-Targeted Responses

from different locations and different devices. While streaming and filehosting services are content neutral, they, similar to peer-to-peer technology, provide the infrastructure to commit copyright infringements. There is consensus that the providers of these services are under no general monitoring duty. However, we will see in the following that specific monitoring duties may arise in relation to defined content. Irrespective of the technology being neutral, the business model of a few file-hosting services is based on the service being (ab)used for copyright infringements. The same applies for streaming website, where the technology is used to make publicly available unauthorised copies of protected works. Similarly link directories exist, that provide hyperlinks to content stored on file-hosting services, and thereby makes this content publicly available. Indexing websites list content that is available on peer-to-peer networks that would otherwise be impossible or hard to find. In each of these scenarios, suing the individual infringer may be ineffective, or the identity of the infringer not traceable. Thus, copyright owners resort to suing the platform as such instead of going for the individual infringer. When online intermediaries are addressed to enforce copyright, one needs to distinguish between action that is taken against access providers and action that is taken against host providers. Host providers will usually be addressed, when they are located in the same jurisdiction, or are likely to comply with a court order. In these cases, the aim will regularly be that the provider deletes or blocks access to the infringing materials and hinders the reappearance of the infringement. In contrast, access providers will be addressed when legal action against the host is not possible, or has failed. In this context, it may also be important that intellectual property rights are regulated domestically, and thus are not universally the same. Accordingly, enforcement of IP rights may have its limits where the content in question is hosted abroad. Based on the limited effectiveness of domestic law, rights-holders are increasingly seeking to have access to the infringing content, or moreover the infringing website, blocked. Blocking access to content that is outside of a state’s jurisdiction is a recent phenomenon predominantly encountered in relation to child abuse materials. Already in this context, meaning with regard to content that is almost universally deemed illegal, there has been some controversy as to the legiti-

564

B. Enforcement Measures Directed at Intermediaries

macy of blocking.2019 Accordingly, an assessment of the legitimacy of blocking with a particular focus on the proportionality of any such measure will be central to the subsequent discussion of selected access blocking schemes. As regards access blocking in general, it is essential to understand that blocking can only practically be done at individual online intermediaries. As Richard Clayton puts it “there is no Internet backbone where it can be done for everyone at once”.2020 Thus, even blocking schemes at national levels require the cooperation of every single domestic Internet service provider. In addition, service providers have different network designs and hence, need to deploy different content blocking schemes.2021 None of the existing blocking schemes is a 100% effective. Circumvention tools exist for both, content providers and users that still allow access, even if it is blocked by the access provider. Depending on the blocking scheme that is being deployed, circumvention of blocking is feasible for every user without an IT background. Thus, access blocking may only undermine the viability of infringing content for some users – though these users may amount to the majority of Internet users. Blocking rather makes accidental access of blocked websites unlikely, which is often already considered an achievement. However, almost all blocking carries the risk of over-blocking, i.e. blocking of legitimate content. When assessing the legitimacy of any blocking measure, it thus does not only need to be considered that blocking does not mean that content is no longer accessible, it must also be considered, that legitimate content may be affected. This being said, it becomes already obvious at this stage, that blocking interferes with the fundamental right of freedom to seek, receive and impart information. B. Enforcement Measures Directed at Intermediaries Intermediaries may be taken into responsibility in various ways: by way of criminal law, civil law or even public law with administrative authorities

2019 See Yaman Akdeniz, To block or not to block: European approaches to content regulation, and implications for freedom of expression, Computer Law & Security Review 2010, 260, 269 et seq. 2020 Richard Clayton, Harmful Content on the Internet and in Video Games, p. 1. 2021 Ibid.

565

Third Chapter: Content- or Intermediary-Targeted Responses

ordering the deletion or blocking of access to illegal content. As it would go beyond the scope of this research to address all constellations in detail, the focus will be on the enforcement via civil law. However, as the DEA 2010 initially foresaw provisions that would allow website blocking by administrative authorities, this issue will be briefly addressed. In that context, it will be outlined by looking at the practice in France and Germany why access blocking orders by administrative authorities are a highly controversial issue. We will see that even with regard to child abuse content, blocking is rarely ordered by administrative authorities. Thus, administrative blocking orders are not an issue when it comes to the enforcement of merely private intellectual property rights. As the focus of this Chapter is primarily on civil rights enforcement, respectively content blocking to enforce intellectual property, criminal law will not be a core subject of this chapter. Although “websites” have been seised and operators of piracy websites been convicted for large-scale intellectual property rights infringements, this research considers it more interesting to analyse the framework for civil rights enforcement and examine the efficiency of orders requiring online intermediaries to monitor content and block access or even delete third party content. Depending on their status, meaning whether they are a mere technical facilitator of online communication and provide access to the Internet (access provider), or host third party information, the liability regimes vary. In the context of this work, caching will not be addressed. I. EU Legal Framework While in the Second Chapter, the outline of the EU legal framework focussed on user-targeted enforcements mechanisms in relation to peer-topeer file-sharing, the following section focusses on enforcement mechanisms that rely on the involvement of third parties that are innocent from a tort law perspective. In that respect, the discussion is limited to obligations of access and host providers. Some legal provisions that have been outlined in Chapter 2, are also relevant when it comes to enforcement actions against intermediaries; these provisions will not be presented again but only referred to in the analysis.

566

B. Enforcement Measures Directed at Intermediaries

1. Liability of Intermediaries in General: The E-Commerce Directive 2000/31 Intermediary liability is addressed in the E-Commerce Directive. The Directive itself does not establish liability, but determines the circumstances in which the liability of certain online intermediaries should be limited.2022 The exemptions for online intermediaries that are provided for in the ECommerce Directive have already been outlined in the first Chapter. At this point, the most important aspects with regard to access and host provider liability will be recalled. First of all, Recital 45 in the preamble to the Directive clarifies that the limitations of the liability of intermediary service providers established in this Directive do not affect the possibility of injunctions of different kinds: “such injunctions can in particular consist of orders by courts or administrative authorities requiring the termination or prevention of any infringement, including the removal of illegal information or the disabling of access to it”. In the following, Recital 47 states that “Member States are prevented from imposing a monitoring obligation on service providers only with respect to obligations of a general nature; this does not concern monitoring obligations in a specific case and, in particular, does not affect orders by national authorities in accordance with national legislation”. Provisions on the liability of intermediaries can be found in Articles 12 to 15 of the E-Commerce Directive. In the context of this research Articles 12, 14 and 15 are of relevance. Article 12(1) provides that a service providers whose service “consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network” is not liable for the information transmitted, on condition that the provider “(a) does not initiate the transmission; (b) does not select the receiver of the transmission; and (c) does not select or modify the information contained in the transmission”. Pursuant to section 3 of said Arti-

2022 Accordingly, the Directive lacks EU-wide criminal intermediary liability, because there is no EU-wide criminalisation of copyright infringement. In that regard, the European Commission withdrew a proposal for a European Parliament and Council Directive on criminal measures aimed at ensuring the enforcement of intellectual property rights (Com(2005) 276/1), See OJ C 252 (18.09.2010), 9.

567

Third Chapter: Content- or Intermediary-Targeted Responses

cle, this “does not affect the possibility for a court or administrative authority, in accordance with Member States’ legal systems, of requiring the service provider to terminate or prevent an infringement”. The relevant Article in relation to enforcement against host providers is Arrticle 14 of the E-Commerce Directive. A host provider is defined as providing a service that “consist of the storage of information provided by a recipient of the service”. Furthmore hosting services are “of a mere technical, automatic and passive nature, which implies that the information society service provider has neither knowledge of nor control over the information which is transmitted or stored”.2023 Under Article 14 of the E-Commerce Directive a host provider shall not be liable for the information stored at the request of a recipient on the condition that : “(a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or (b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.”

The last condition imposes a duty of care on the provider. He has to take expeditious action if he obtains knowledge or awareness of the illegality of information. Recital 48 provides that the Directive does not affect the possibility for Member States to require host providers to apply duties of care, which can reasonably be expected from them and which are specified by national law, in order to detect and prevent certain types of illegal activities.2024 Even if a host provider receives notice of unlawful content, it can avoid liability under the condition that it takes down or blocks access to that content expeditiously. Member States are merely encouraged to implement “rapid and reliable procedures for removing and disabling access to illegal information”.2025

2023 Recital 42 of the E-Commerce Directive. 2024 It has been understood that such duties of care mean those imposed by criminal or public law e.g. aid in investigation of crime or security matters, not as extending to duties under private law, such as to help prevent copyright infringement – since that would negate the point of Article 15 as well as that of Article 14 generally. See Cf. Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights, p. 10. 2025 Recital 40 of the E-Commerce Directive.

568

B. Enforcement Measures Directed at Intermediaries

Article 15(1) prohibits Member States from imposing a general obligation on providers, when providing the above mentioned services,” to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating unlawful activity”. In that context, Member States may however establish obligations for the service providers promptly to inform the competent public authorities of alleged unlawful activities undertaken or information provided by recipients of their service or obligations to communicate to the competent authorities, at their request, information enabling the identification of recipients of their service with whom they have storage agreements”.2026 This does not mean that monitoring is in general prohibited. Moreover, Article 14(3) clarifies that the prohibition of general monitoring does not affect the possibility for a court or national authority of requiring the service provider to terminate or prevent an infringement, or of establishing procedures governing the removal or disabling of access to information. Article 15 leads to the question whether a measure that would require an online intermediary to actively search its systems infringes the prohibition to impose general monitoring. In that respect, Article 18 of the ECommerce Directive requires Member States to adopt “measures designed to terminate any alleged infringement and to prevent any further impairment of the interests involved ” (emphasis added). 2. Copyright Law Providing for Injunctions As most intermediaries do not themselves infringe copyright, but provide the technical means for such to third parties, the EU legal framework provides for sanctions to be issued against intermediaries.

2026 Article 15(2) E-Commerce Directive.

569

Third Chapter: Content- or Intermediary-Targeted Responses

a) Information Society Directive 2001/29/EC The InfoSoc Directive2027 does not only play a role when it comes to measures targeting end-users that infringe copyright, but also is relevant in the context of measures against intermediaries whose services have been used to infringe copyright. As regards the Recitals of the InfoSoc Directive, Recital 9 defines the objective pursued by the Directive as to guarantee rights-holders a high level of protection. Recital 13 then calls for common search for, and consistent application at European level of, technical measures to protect intellectual property. Recital 59 in the preamble to the InfoSoc Directive further states that “In the digital environment, in particular, the services of intermediaries may increasingly be used by third parties for infringing activities. In many cases such intermediaries are best placed to bring such infringing activities to an end. Therefore, without prejudice to any other sanctions and remedies available, rights-holders should have the possibility of applying for an injunction against an intermediary who carries a third party’s infringement of a protected work or other subject-matter in a network. … The conditions and modalities relating to such injunctions should be left to the national law of the Member States”.2028 In this regard, Articles 8 requires Member States to provide appropriate sanctions and remedies in respect of intellectual property rights infringements. The sanctions provided for shall be effective, proportionate and dissuasive. Accordingly, Article 8(3) InfoSoc Directive obliges Member States to ensure that rights-holders are in a position to apply for an injunction against intermediaries whose services are used by a third party to infringe copyright or related rights.2029 This provision applies irrespective

2027 Directive 2001/29/EC of the European Parliament and of the Council of 22.05.2001 on the harmonisation of certain aspects of copyright and related rights in the information society (InfoSoc Directive), OJ L 167 (22.6.2001), 10-19. 2028 Recital 59 has been interpreted as providing a “cheapest cost avoider” argument for intermediary liability. See High Court, L’Oréal v eBay, [2009] EWHC 1094 (Ch), para. 277 and Matthias Leistner, Grundlagen und Perspektiven der Haftung für Urheberrechtsverletzungen im Internet, Zeitschrift für Urheber- und Medienrecht 2012, 722, 723. 2029 In a limited number of Member States (Austria, Greece, Latvia, Belgium), Article 8(3) has been implemented in national legislation. In other Member States,

570

B. Enforcement Measures Directed at Intermediaries

of whether the relevant acts come under the exception for acts of temporary copying under Article 5(1) and irrespective of whether they are covered by exceptions from liability under the relevant provisions of the ECommerce Directive. For Article 8(3) to apply, it suffices that the existence of copyright infringement by a third party is established.2030 As regards the definition of “intermediary” in the sense of Articles 5(1)(a) and 8(3) InfoSoc Directive, this does not just refer to host providers but also includes access providers which merely provide users with Internet.2031 With respect to the relation of the InfoSoc Directive to the E-Commerce Directive, Recital (16) clarifies that the InfoSoc Directive is without prejudice to provisions relating to liability in that Directive. b) IPR Enforcement Directive 2004/48/EC Article 8 of the IPR Enforcement Directive2032, which provides for information rights being available for righta-holders has already been discussed in the previous Chapter. The IPR Enforcement Directive does however not only provide for information rights, but also provides for injunctions being available for right holders against infringers and intermediaries. Of specific interest in relation to stop an on-going infringement and copyright enforcement via intermediaries, is Article11 of the Enforcement Directive, which explicitly requires Member States to provide for an injunction to prohibit the continuation of an infringement:

Article 8(3) comes under the scope of existing legislation. See Commission of the European Communities, Commission Staff Working Document, Report to the Council, the European Parliament and the Economic and Social Committee on the application of Directive 2001/29/EC on the harmonisation of certain aspects of copyright and related rights in the information society (30.11.2007), SEC(2007) 1556, p. 9. 2030 Ibid. 2031 CJEU, C-557/07 LSG-Gesellschaft zur Wahrnehmung von Leistungsschutzrechten GmbH v Tele2 Telecommunication GmbH [2009] ECR I-1227. 2032 Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of Intellectual Property Rights, OJ L 157 (30.04.2004), pp. 16–25. The directive is also known as "(IPR) Enforcement Directive" or "IPRED".

571

Third Chapter: Content- or Intermediary-Targeted Responses

“Member States shall ensure that, where a judicial decision is taken finding an infringement of an intellectual property right, the judicial authorities may issue against the infringer an injunction aimed at prohibiting the continuation of the infringement. Where provided for by national law, non-compliance with an injunction shall, where appropriate, be subject to a recurring penalty payment, with a view to ensuring compliance. Member States shall also ensure that rights-holders are in a position to apply for an injunction against intermediaries whose services are used by a third party to infringe an intellectual property right, without prejudice to Article 8(3) of Directive 2001/29/ EC.”

Article 11 thereby forms a common basis for the availability of injunctions in the Member States. In this respect, Article 2(3) makes it clear that the Enforcement Directive “shall not affect” the provisions of the E-Commerce Directive as well as the substantive law on intellectual property and the Data Protection Directive. Thus, any injunction granted must not affect the provision in Article 15 E-Commerce Directive which prohibits the imposition of a general monitoring obligation onto intermediaries. In addition to Article 11 injunctions, Article 9 of the Directive provides an equivalent provision for interlocutory injunctions. For both types of injunctions, Article 3 requires that they “[S]hall be fair and equitable and shall not be unnecessarily complicated or costly, or entail unreasonable time-limits or unwarranted delays [and] shall also be effective, proportionate and dissuasive and shall be applied in such a manner as to avoid the creation of barriers to legitimate trade and to provide for safeguards against their abuse.”2033 This implies that, in a case which concerns possible infringements of trade marks on an online marketplace, the injunction obtained against the service provider cannot have as its object or effect a general and permanent prohibition on the selling, on that marketplace, of goods bearing those trade marks.2034 Some guidance as to the interpretation of Articles 3 and 11 of the Directive can also be drawn from the Recitals. Of a mere 32 Recitals, the relevant Recitals are Recitals (22)–(24), which read as follows: “(22) It is also essential to provide for provisional measures for the immediate termination of infringements, without awaiting a decision on the substance of the case, while observing the rights of the defence, ensur-

2033 In fact, Article 3 applies to all remedies which includes injunctions. 2034 CJEU, C-324/09 L’Oréal v eBay [2011] ECR I-06011, para. 140. This case will be discussed in detail below.

572

B. Enforcement Measures Directed at Intermediaries

ing the proportionality of the provisional measures as appropriate to the characteristics of the case in question and providing the guarantees needed to cover the costs and the injury caused to the defendant by an unjustified request. Such measures are particularly justified where any delay would cause irreparable harm to the holder of an intellectual property right. (23) Without prejudice to any other measures, procedures and remedies available, rights-holders should have the possibility of applying for an injunction against an intermediary whose services are being used by a third party to infringe the rights-holder’s industrial property right. The conditions and procedures relating to such injunctions should be left to the national law of the Member States. As far as infringements of copyright and related rights are concerned, a comprehensive level of harmonisation is already provided for in Directive 2001/29/EC. Article 8(3) of Directive 2001/29/EC should therefore not be affected by this Directive. (24) Depending on the particular case, and if justified by the circumstances, the measures, procedures and remedies to be provided for should include prohibitory measures aimed at preventing further infringements of intellectual property rights. Moreover there should be corrective measures, where appropriate at the expense of the infringer, such as the recall and definitive removal from the channels of commerce, or destruction, of the infringing goods and, in appropriate cases, of the materials and implements principally used in the creation or manufacture of these goods. These corrective measures should take account of the interests of third parties including, in particular, consumers and private parties acting in good faith.”

As is clear from Recital 23 to the Enforcement Directive, the rules for the operation of the injunctions for which the Member States must provide under Articles 9 and 11 of the Directive, such as those relating to the conditions to be met and to the procedure to be followed, are solely a matter for national law.2035 In July 2011, the European Commission published comments that it had received on its 2010 report on the impact of the Enforcement Directive which specifically addressed intermediaries and the workability of injunctions. Most rights-holders and all collecting societies that took a position on the issue called for a stronger involvement of intermediaries and for clearer rules regarding the conditions under which injunctions may be granted.2036 Many stakeholders expressed their concerns regarding the

2035 This is also the case with the InfoSoc Directive. 2036 European Commission, Synthesis of comments on the Commission Report on the application of Directive 2004/48/EC of the European Parliament and the Coun-

573

Third Chapter: Content- or Intermediary-Targeted Responses

scope of injunctions available to prevent repeat infringements as there is no exact guidance in the Directive.2037 c) Data Protection Framework: E-Privacy Directive 2002/58 When monitoring of online communication is concerned, the actors have to respect the data protection rules set out in the E-Privacy Directive. Article 5(1) of the E-Privacy Directive provides for the secrecy of communication by requiring Member States to “ensure the confidentiality of communications and the related traffic data by means of a public communications network and publicly available electronic communications services, through national legislation. In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent of the users concerned, except when legally authorised to do so in accordance with Article 15(1) …”. Surfing the Internet falls under the definition of “communication” as defined in Article 2(d) E-Privacy Directive. 3. Relevant Jurisprudence of the CJEU In recent cases, the CJEU had been asked on the interpretation of the aforementioned legal framework in the context of injunctions ordering the cessation of copyright infringements. The injunctions sought after by rights-holders were addressed at host providers as well as access providers. Considering the liability exemptions for intermediaries, it does not come as a surprise that intermediaries oppose any monitoring and filtering obligations. 2038 Online intermediaries argued and are still arguing that they are not in a position to make qualitative judgements as to the legality of content, and thus consider that injunctions should remain limited to the elimination of a concrete and actual infringement, and not apply

cil of 29.04.2004 on the enforcement of intellectual property rights (July 2011), COM/2010/779 final, p. 8. 2037 Ibid, p.10. 2038 Ibid.

574

B. Enforcement Measures Directed at Intermediaries

in view of possible future infringements.2039 Further, where access providers have been addressed, these intermediaries do not consider themselves as the correct addressee for costly filtering schemes. The following case law shows, that the compatibility of such injunctions with EU law, in particular with the prohibition of general monitoring obligations as set forth in the E-Commerce Directive, has been central to the disputes. A key question has been the scope of any monitoring obligation, which may not only aim at stopping an on-going infringement, but also constitute a preventive measure with a view to possible future infringements.2040 Although Louis Vuitton v Google France2041 was the first case in which the CJEU elaborated on the liability exemptions in the E-Commerce Directive, this case will not be discussed any further as it primarily dealt with the question of whether Google could be considered a host provider. An evaluation of host provider liability in general would go beyond the scope of this research. At this point it is sufficient to know, that the host provider’s service has to be neutral with the provider taking a mere technical, automatic and passive role.2042 a) Injunctions in General: Case C-324/09 L’Oréal v eBay Important guidance as regards injunctions to prevent further infringements of copyright was given by the CJEU in its preliminary ruling decision in

2039 Ibid. 2040 This has previously been discussed as a development from notice and takedown to a notice and stay down. 2041 CJEU, C-236/08 to C-238/08 Google France v Louis Vuitton [2010] E.T.M.R. 30. 2042 Ibid, para. 113.

575

Third Chapter: Content- or Intermediary-Targeted Responses

the case of L’Oréal v eBay2043. This case provided precedent for further cases concerning copyright infringements. L’Oréal took action against the online auction platform eBay because users of eBay were selling counterfeit L’Oréal products and products sourced from outside the EU/EEA, all of which L’Oréal claimed infringed its trade mark rights. The High Court of England and Wales was satisfied that it had the power under the Senior Courts Act 1981 and its equitable

2043 CJEU, C-324/09 L’Oréal v eBay [2011] ECR I-06011. This case has triggered numerous comments and annotations. For an analysis of the decision see for instance Patrick Van Eecke/Maarten Truyens, L'Oréal v eBay: Is the tide finally turning for hosting providers?, Computer und Recht 2011, 1–8; Patrick Van Eecke/Maarten Truyens, L'Oréal v eBay: The Court of Justice clarifies the position of online auction providers, Computer Law Review International 2011, Issue 5, 129–136; Birgit Brömmekamp, Der Fall L'Oréal gegen eBay: Prüfstein für die Informationsgesellschaft, Wettbewerb in Recht und Praxis 2011, 306– 316; François Terré, Être ou ne pas être… responsable – À propos des prestataires de service par Internet, La Semaine Juridique – édition générale 2011, nº 43–44, 1943–1948; Markus Rössel, Filterpflichten des Providers im Lichte des EuGH – Eine Entlastung des I. Zivilsenates, Computer und Recht 2011, 589–597; Hans-Peter Roth, Verantwortlichkeit von Betreibern von Internet-Marktplätzen für Markenrechtsverletzungen durch Nutzer: L'Oréal gegen eBay, Wettbewerb in Recht und Praxis 2011, 1258–1268; Stéphane Lemarchand/Anne-Sophie Lampe, L'arrêt eBay c/ L'Oréal de la CJUE du 12 juillet 2011 revisite les conditions de la qualification de fournisseur d'hébergement au sens de l'article 14 de la directive « e-commerce », Droit de l'immatériel : informatique, médias, communication 2011, nº 75, 53–58; Marlous Schrijvers, European Court rules on the position of eBay regarding the sale of infringing products: L'Oréal v eBay, European Intellectual Property Review 2011, Vol. 33 Issue 11, 723-724; Jan Bernd Nordemann, Haftung von Providern im Urheberrecht, Gewerblicher Rechtsschutz und Urheberrecht 2011, 977–981; Gerald Spindler, Europarechtliche Rahmenbedingungen der Störerhaftung im Internet, Multimedia und Recht 2011, 703–707; Georg Borges, Zur Haftung des Betreibers einer Handelsplattform für Markenverletzungen der Nutzer ("L'Oréal/eBay"), Entscheidungen zum Wirtschaftsrecht 2011, 823–824; Catherine Smits/Johanne Ligot, Arrêt "L'Oréal": clarifications sur le cadre légal des activités et des responsabilités des hébergeurs de sites Internet, Journal de droit européen 2011, nº 184, 294–296; Eduard Salsas/Niko Härting, L'Oréal v eBay – Consequences for EU Member States, Computer Law Review International 2011, Issue 5, 137– 142; Dennis Lievens, L'Oréal v eBay – Welcomed in France, resented in England, International Review of Intellectual Property and Competition Law 2012, 68–76; Toby Headdon, Beyond liability: on the availability and scope of injunctions against online intermediaries after L’Oréal v eBay, European Intellectual Property Review 2012, Vol 34 Issue 3, 137–144.

576

B. Enforcement Measures Directed at Intermediaries

jurisdiction to grant an injunction against an intermediary that was not itself liable, but decided to stay the proceedings and refer inter alia the following questions to the CJEU for a preliminary ruling2044: (1) Whether eBay itself had infringed L’Oréal’s trademarks by sponsoring Internet links which led to listings on eBay’s site, including listings for infringing goods; (2) Whether the service provided by eBay is covered by Article 14(1) of the E-Commerce Directive, and if so, in what circumstances it may be concluded that the operator of an online marketplace has “awareness” within the meaning of Article 14(1); (3) whether Article 11 of the IPR Enforcement Directive requires Member States to ensure that the trade mark proprietor can obtain an injunction against the intermediary to prevent further infringements of the said trade mark, as opposed to continuation that specific act of infringement, where the services of an intermediary have been used by a third party to infringe a registered trade mark; if so, what the scope of that injunction is. For host providers, it is of fundamental importance to know exactly under which circumstances they may be liable for third party content they host. While it is apparent from the definition of “information society service”2045, that the liability exemptions of Article 12 to 15 of the E-Commerce Directive apply to services provided at a distance by means of electronic equipment for the processing and storage of data, at the individual request of a recipient of services (normally) for remuneration, the fact that the service provider stores information transmitted by its customers is not in itself sufficient ground for concluding that that service falls within the scope of Article 14(1) E-Commerce Directive (hosting). Where a service provider provides “assistance which entails, in particular, optimising the

2044 By questions 1 to 4 the High Court asked the CJEU to decide if the sale of tester and dramming products and unboxed products amounts to an infringement of the trademarks according to Article 7 of the Trade Marks Directive 89/104. However, as these questions only relate to the liability of the individual sellers and not to eBay it will not be discussed here. 2045 Article 2(a) of the E-Commerce Directive defines “information society services” by reference to Article 1(2) of Directive 98/34/EC of the European Parliament and of the Council of 22.06.1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on Information Society services (OJ 1998 L 204, p. 37), as amended by Directive 98/48/EC of 20.07.1998 (OJ 1998 L 217, p. 18), which refers to “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services”.

577

Third Chapter: Content- or Intermediary-Targeted Responses

presentation of the offers for sale in question or promoting those offers, it must be considered not to have taken a neutral position between the customer-seller concerned and potential buyers but to have played an active role of such a kind as to give it knowledge of, or control over, the data relating to those offers for sale”.2046 In this case, the service provider cannot rely on the exemption from liability referred to in Article 14(1) ECommerce Directive. The liability exemption for host providers does not lead to a broad overall liability exemption. It applies to specific activities at a micro-level. Acting non-neutrally in relation to some types of third party content does not affect the status for other third party content for which neutrality has been maintained. Only “in situations in what the provider has confined itself to a merely technical and automatic processing of data”, Article 14(1) will apply, meaning that the provider may be exempt, from any liability for unlawful data that it has stored on condition that it has not had “actual knowledge of illegal activity or information” and, as regards claims for damages, has not been aware of facts or circumstances on which a diligent economic operator should have realised that the offers for sale in question were unlawful and, in the event of it being so aware, failed to act expeditiously to remove, or disable access to, the information.2047 With respect to notice and take down requests, which service providers regularly face under the E-Commerce Directive’s limited liability scheme, the question regarding the scope of a possible injunction regardless of any liability of the service provider himself is of great importance. Whilst an injunction against an infringer logically entails preventing that person from continuing the infringement, the situation is somewhat different when an injunction is sought for against the service provider that provides the means by which the infringement is committed. Service providers would obviously argue that an injunction within the meaning of the third sentence of Article 11 of the IPR Enforcement Directive may relate only to specific and clearly identified infringements of an intellectual property right, while right holders would argue that injunctions under the Enforcement Directive also cover the prevention of future infringements.2048 It was in L’Oréal v eBay, that the CJEU for the first time discussed whether the third sentence of Article 11 of the Enforcement Directive requires 2046 CJEU, C-324/09 L’Oréal v eBay [2011] ECR I-06011, para. 116. 2047 Ibid, paras. 119 and 124. 2048 Ibid, paras. 125 et seq.

578

B. Enforcement Measures Directed at Intermediaries

injunctions to prevent future infringements of intellectual property rights, rather than just bringing to an end specific existing infringements. According to the CJEU, an injunction as referred to in this particular third sentence cannot be equated with an “injunction aimed at prohibiting the continuation of the infringement” as referred to in the first sentence of Article 11.2049 National courts must be able to order service providers to take measures that go beyond a mere take down, and contribute to the prevention of future infringements.2050 The reason for this was that if Article 11 Enforcement Directive was interpreted in a manner that meant injunctions were not available to prevent “further impairment”, the scope of the obligation in Article 18 of the E-Commerce Directive would be narrowed2051 – which would be contrary to Article 2(3) of the Enforcement Directive. The Court also cited Recital 24 of the E-Commerce Directive, which explicitly states that measures aimed at preventing further infringements of intellectual property rights must be provided for.2052 Unfortunately, the CJEU did not elaborate what is meant by “future” infringements or “further impairments”. The conditions and procedures for injunctions are the responsibility of the national courts of the Member States, and thus the definition of prevention of future infringements is also a matter for national law.2053 The Court also side-stepped the elaboration of the “double requirement of

2049 Ibid, para. 130. 2050 Ibid, para. 131. 2051 Ibid, paras. 132 et seq. Under said Article of the E-Commerce Directive, Member States are required to adopt “measures designed to terminate any alleged infringement and to prevent any further impairment of the interests involved”. 2052 Ibid, para. 134. 2053 Ibid, para. 135. In comparison, the Advocate General Jääskinen’s opinion was rather detailed on this point: first, he stated that third sentence of Article 11 of the Enforcement Directive does not provide for an injunction against an intermediary to prevent any further infringement of that type (L’Oréal’s trade marks) as this would be inconsistent with the principle of proportionality. Secondly, he concluded that an injunction may be available against an intermediary to prevent not only the continuation of a specific act of infringement, but also the repetition of the same or a similar infringement in the future, where such injunctions are available under national law. However, he did not specify what may be considered a “similar” infringement. Finally, the Advocate General suggested that an appropriate limit may be to impose a “double requirement of identity”, which basically means that the future infringements would have to be committed by the same third party and in respect of the same trade mark. Hence, an injunction could be given against an intermediary to prevent the continuation or repetition of an infringement of a certain trade mark by a certain user. See Opin-

579

Third Chapter: Content- or Intermediary-Targeted Responses

identity” suggested by the Advocate General in his opinion. Under the double requirement of identity, a service provider would be obliged to prevent future infringements committed by the same user and in respect to the same intellectual property right that had previously been infringed.2054 Instead the Court considered it more important to stress that it follows from Article 15(1) E-Commerce Directive in conjunction with Article 2(3) IPR Enforcement Directives that the measures required of the service provider concerned “cannot consist in an active monitoring of all the data of each of its customers in order to prevent any future infringement of intellectual property rights via the provider’s website”.2055 Furthermore, a general monitoring obligation would be incompatible with Article 3 IPR Enforcement Directive, which states that the measures referred to by the Directive must be fair and proportionate and must not be excessively costly.2056 Finally, measures which may be imposed in the form of an injunction under the third sentence of Article 11 IPR Enforcement Directive must strike a fair balance between the various rights and interests concerned, and must not create barriers to legitimate trade.2057 In summary, the Court set up basic rules for injunctions under the third sentence of Article 11 Enforcement Directive, which must be interpreted as requiring the Member States to ensure that the national courts are able to order a host service provider to take measures which contribute, not only to bringing to an end infringements of intellectual property rights by users of that service, but also to preventing further infringements of that kind. The measures that need to be imposed will be determined by the scope of the injunction required, which further will be determined by the effectiveness, cost, proportionality and dissuasiveness of the measures that might be taken. The Court however refrained from providing further guidance on the determination of “future infringement” to which an injunction may apply.

2054 2055 2056 2057

580

ion of Advocate General Jääskinen in case C-324/09 L’Oréal v eBay, delivered on 09.12.2010, paras. 169 to 182. See Opinion of Advocate General Jääskinen in case C-324/09 L’Oréal v Ebay, delivered on 09.12.2010, para. 182. CJEU, C-324/09 L’Oréal v eBay [2011] ECR I-06011, para. 139. Ibid. In this regard, the Court referred to Case C‑275/06 Promusicae v Telefónica de Espana [2008] ECRI‑271, paras. 65–68.

B. Enforcement Measures Directed at Intermediaries

b) Injunctions against Access Providers: Case C-70/10 Scarlet Extended v SABAM It did not take long until the CJEU was asked whether a particular filtering obligation imposed by a national court fulfills the general criteria set forth in the L’Oréal v eBay ruling. In Scarlet Extended v SABAM2058, the CJEU concluded that the terms of an injunction granted by a Belgian court requiring the Internet access provider Scarlet to install and maintain at its own expense a filtering system to prevent illegal file-sharing was contrary to EU law. This case was referred to the CJEU by the Belgian Court of Appeal and concerned an appeal by Scarlet against an injunction obtained by SABAM, a Belgian collective rights management organisation (which acted on behalf of various copyright owners). SABAM had determined that Internet users were using Scarlet's services to illegally download their clients' content, and therefore sought an injunction requiring Scarlet to bring this activity to an end by making it impossible for its users to send and receive SABAM's content using peer-to-peer software. The injunction required Scarlet to monitor all electronic communications of all customers at its own expense for an unlimited period of time. The proposed injunction effectively required Scarlet to (1) identify within all of the electronic communications of all of its customers those files relating to peer-to-peer traffic; (2) identify within that traffic the files containing works in which the right owners claimed rights; (3) determine

2058 CJEU, C-70/10 Scarlet Extended v SABAM, Judgment of 14.11.2011, ECR I-11959. For comments on the judgement, see inter alia Sandra Schmitz, Die Verfolgung von Urheberrechtsverletzungen im Internet – Neues vom EUGH, in: Jürgen Taeger (ed.), IT und Internet – Mit Recht gestalten, Tagungsband Herbstakademie 2012 (2012), pp. 227–243; Stefan Kulk/Frederik Zuiderveen Borgesius, Filtering for Copyright Enforcement in Europe after the SABAM cases, European Intellectual Property Review 2012, 54–58; Evangelia Psychogiopoulou, Copyright enforcement, human rights protection and the responsibilities of Internet service providers after Scarlet, European Intellectual Property Review 2012, 552–555; Hans-Peter Roth, Überwachungs- und Prüfungspflicht von Providern im Lichte der aktuellen EuGH-Rechtsprechung, zugleich Anm. zu EuGH, Urteil vom 24-11.2011 – C-70/10, Zeitschrift für Urheber- und Medienrecht 2012, 125–128; Darren Meale, SABAM v Scarlet: of course blanket filtering of the Internet is unlawful, but this isn’t the end of the story, European Intellectual Property Review 2012, Vol. 34 Issue 7, 429–432.

581

Third Chapter: Content- or Intermediary-Targeted Responses

which of those files are being shared unlawfully; and (4) block the filesharing which it considers to be unlawful. The central question in the case was whether the InfoSoc Directive and the IPR Enforcement Directive, interpreted in the light of the E-Commerce Directive, the Data Protection Directive, the E-Privacy Directive and fundamental rights, preclude such a filter obligation. The installation of the contested filtering system namely obliged the Internet service provider to actively monitor all the data relating to each of its customers in order to prevent future infringements. The CJEU concluded that the extent of the obligations placed upon Scarlet corresponded to a general monitoring obligation, which is prohibited by Article 15(1) of the E-Commerce Directive.2059 When assessing whether that injunction was consistent with EU law, account was also taken of the requirements that stem from the protection of the applicable fundamental rights. In that regard, as paragraphs 62 to 68 of the judgment in case C‑275/06 Promusicae2060 make clear, the protection of the fundamental right to property, which includes the rights linked to intellectual property, must be balanced against the protection of other fundamental rights. Hence, a fair balance must be struck between the intellectual property right enjoyed by the copyright holders and the right to freedom to conduct a business enjoyed by the Internet service provider under Article 16 CFR. The installation of a “complicated, costly, permanent computer system” at the expense of the service provider, thus did not only contravene Article 3(1) of the IPR Enforcement Directive (no measures that are unnecessarily complicated or costly), but also did not strike a fair balance between the interests of the service provider and copyright holders involved.2061 Moreover, as the filtering “would involve a systematic analysis of all content” and “the collection and identification of users’ IP addresses from which unlawful content on the network is sent”,2062 this also infringed the fundamental rights of the Internet service provider’s customers, namely their right to protection of their personal data (Article 8 CFR) and their freedom to receive or

2059 CJEU, C-70/10 Scarlet Extended v SABAM, Judgment of 14.11.2011, ECR I-11959, paras. 35 et seq.In this respect, the CJEU also referred to its ruling in L’Oréal v eBay, para. 139. 2060 CJEU, C-275/06 Promusicae [2008] ECR I‑271. 2061 CJEU, C-70/10 Scarlet Extended v SABAM, Judgment of 14.11.2011, paras. 48 et seq. 2062 Ibid, para. 51.

582

B. Enforcement Measures Directed at Intermediaries

impart information (Article 11 CFR).2063 The Court considered the collection and identification of users’ IP addresses as protected personal data because “they allow those users to be precisely identified”.2064 The proposed injunction was further held to potentially undermine freedom of information since that system might not distinguish adequately between unlawful content and lawful content, “with the result that its introduction could lead to the blocking of lawful communications”.2065 c) Injunctions against Host Providers: Case C-360/10 SABAM v Netlog While the case of Scarlet Extended v SABAM concerned a filtering obligation imposed on an Internet access provider, the case of SABAM v Netlog2066 concerned a similar obligation imposed on a social network provider.2067 SABAM had applied before a Belgian court to order Netlog to cease unlawfully making available musical or audio-visual works from SABAM’s repertoire and to pay a penalty for each day of delay in complying with the order. The Belgian Court in that respect referred the following question to the CJEU for a preliminary ruling: “Do Directives 2001/29 and 2004/48, in conjunction with Directives 95/46, 2000/31 and 2002/58, construed in particular in the light of Articles 2063 2064 2065 2066

Ibid, para. 50. Ibid, para. 51. Ibid, oara. 52. CJEU, C-360/10, SABAM v Netlog NV, Judgment of 16.02.2012. For comments on the judgment see inter alia Axel Metzger, Anm. zu EuGH: Keine Pflicht für Betreiber sozialer Netzwerke zu umfa-senden Überwachungs- und Filtersystemen, Gewerblicher Rechtsschutz und Urheberrecht 2012, 382–385; Sandra Schmitz, Die Verfolgung von Urheberrechtsverletzungen im Internet – Neues vom EUGH, in: Jürgen Taeger (ed.), IT und Internet – Mit Recht gestalten (2012), pp. 227–243; Stefan Kulk/Frederik Zuiderveen Borgesius, Filtering for Copyright Enforcement in Europe after the SABAM cases, European Intellectual Property Review 2012, 54–58; Evangelia Psychogiopoulou, Copyright enforcement, human rights protection and the responsibilities of Internet service providers after Scarlet, European Intellectual Property Review 2012, 552–555. 2067 Netlog runs an online social networking platform where users who register acquire a personal space known as a “profile” which the user can complete himself and which allows him to participate in virtual communities through which the users can communicate with each other and develop friendships. On their profile, users can enter information about themselves, keep a diary, and inter alia, display images or publish video clips.

583

Third Chapter: Content- or Intermediary-Targeted Responses

8 and 10 of the European Convention on the Protection of Human Rights and Fundamental Freedoms [signed in Rome on 4 November 1950], permit Member States to authorise a national court, before which substantive proceedings have been brought and on the basis merely of a statutory provision stating that “[the national courts] may also issue an injunction against intermediaries whose services are used by a third party to infringe a copyright or related right”, to order a hosting service provider to introduce, for all its customers, in abstracto and as a preventive measure, at its own cost and for an unlimited period, a system for filtering most of the information which is stored on its servers in order to identify on its servers electronic files containing musical, cinematographic or audio-visual work in respect of which SABAM claims to hold rights, and subsequently to block the exchange of such files?”. Because the CJEU’s judgment resembles the prior judgment in Scarlet Extended, the following outline only refers to aspects where the judgment departs from Scarlet Extended. First of all the CJEU established that the social network provider in question can be considered as hosting providers, as it “stores information provided by the users of that platform, relating to their profile, on its servers”.2068 As the court had already ruled in Scarlet Extended v SABAM that the prohibition of general monitoring applies in particular to national measures which would require an intermediary provider to actively monitor all the data of each of its customers in order to prevent any future infringement of intellectual property rights, the CJEU only had to examine whether the contested filtering system would oblige Netlog to actively monitor all its customers’ data.2069 As this was the case, the CJEU almost literally reiterated its findings in the Scarlet Extended case and concluded that the E-Commerce Directive, the InfoSoc Directive and the IPR Enforcement Directive “read together and construed in the light of the requirements stemming from the protection of the applicable fundamental rights, must be interpreted as precluding a national court from issuing an injunction against a hosting service provider which requires it to install a system for filtering: information which is stored on its servers by its service users, which applies indiscriminately to all of those users, as a preventative measure, exclusively at its expense, and for an unlimited period,

2068 CJEU, C-360/10, SABAM v Netlog NV, Judgment of 16.02.2012, para. 27. 2069 See ibid, paras. 34 et seq.

584

B. Enforcement Measures Directed at Intermediaries

which is capable of identifying electronic files containing musical, cinematographic or audio-visual work in respect of which the applicant for the injunction claims to hold intellectual property rights, with a view to preventing those works from being made available to the public in breach of copyright”.2070 d) Injunctions Specifying the Means of Access Blocking: Case C-314/12 UPC Telekabel Wien v Constantin Film Verleih In the case of UPC Telekabel Wien v Constantin Film Verleih2071, the CJEU had to inter alia deal with the question whether it is compatible with EU law, to require an Internet access provider to take specific measures to make it more difficult for its customers to access a piracy website without any further determination of the measures to be adopted. Constantin Film and Wega, two film production companies applied for interim measures with an Austrian in order to enjoin UPC Telekabel, an Internet service provider, to block the access of its customers to the website kino.to. The website in question made available to the public without their consent, cinematographic works over which Constantin Film and Wega hold a right related to copyright.2072 By order of 13 May 2011, the Handelsgericht Wien prohibited UPC Telekabel from providing its customers with access to said website. In particular, this prohibition was to be carried out by blocking that kino.to’s domain name and current IP address and any other IP address of that site of which UPC Telekabel might be aware. In June 2011, kino.to ceased its operation. By order of 27 October 2011, the Oberlandesgericht Wien, as an appeal court, partially reversed the order of the court of first instance, in so far as the Handelsgericht had specified the means that UPC Telekabel had to introduce in order to block access to kino.to. The Oberlandesgericht Wien held that UPC Telekabel as an intermediary whose services were used to infringe a right related to copyright could be required to forbid its customers access to kino.to, but

2070 Ibid, grounds. 2071 CJEU, C-314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, Judgment of 27.03.2014. 2072 It was undisputed that the protected works were made available to users of the website without the consent of the rights-holders mentioned in Article 3(2) of the InfoSoc Directive.

585

Third Chapter: Content- or Intermediary-Targeted Responses

was free to decide the means to be used. Upon appeal by UPC Telekabel, the Oberster Gerichtshof referred the case to the CJEU for a preliminary ruling on inter alia the interpretation of Article 8(3) of the InfoSoc Directive.2073 The CJEU held that when protected subject-matter is made available to users of a website without the consent of the rights-holder, this infringes Article 3 of the InfoSoc Directive.2074 In order to remedy this infringement, Article 8(3) InfoSoc Directive provides rights-holders with the possibility to apply for an injunction against the intermediary whose services are used to infringe copyright or related rights. It follows from Recital 59 of said Directive that the term “intermediary” in Article 8 encompasses any person who carries a third party’s infringement in a network.2075 UPC Telekabel as an access provider was held to be an inevitable actor in any transmission of an infringement over the Internet between one of its customers and a third party, since, in granting access to the network, it makes tat transmission possible. 2076 The CJEU confirmed its findings in the SABAM cases that the InfoSoc Directive requires that the requested injunction must not only aim at bringing to an end infringements of copyright and of related rights, but also at preventing them.2077 In the following the CJEU reiterates that in order to assess whether an injunction such as that at issue in the main proceedings, taken on the basis of Article 8(3) InfoSoc Directive, is consistent with EU law, it is necessary to take account in particular of the requirements that stem from the protection of the applicable fundamental rights.2078 The Court arrived at outlin-

2073 ÖOGH, Decision of 11.05.2012 – 4 Ob 6/12d. 2074 CJEU, C-314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, Judgment of 27.03.2014, paras. 24 et seq. 2075 Ibid, para. 30. 2076 Ibid, para. 32 with reference to CJEU, C-557/07 LSG-Gesellschaft zur Wahrnehmung von Leistungsschutzrechten [2009] ECR I-1227, para. 44. In LSG the CJEU held that “Access providers which merely provide users with Internet access, without offering other services such as email, FTP or file-sharing services or exercising any control, whether de iure or de facto, over the services which users make use of, must be regarded as ‘intermediaries’ within the meaning of Article 8(3) of the [Information Society] Directive”. 2077 Ibid, para. 37. 2078 Ibid, para. 45.

586

B. Enforcement Measures Directed at Intermediaries

ing and balancing the fundamental rights concerned in a more detailed account than in the SABAM cases. As regards the freedom to conduct a business, the Court held that this includes inter alia “the right for any business to be able to freely use, within the limits of its liability for its own acts, the economic, technical and financial resources available to it”.2079 The injunction at issue, which obliges the access provider to take measures which may represent a significant cost for him, constrains the access provider in a manner which restricts the free use of the resources at his disposal.2080 The measure would have a considerable impact on the organisation of his activities or require difficult and complex technical solutions.2081 However, the measure in question would not infringe the core of the freedom to conduct business as it leaves the access provider to determine the specific measures to be taken in order to achieve the requested result. Hence, he can choose to put in place measures which are “best adapted to the resources and abilities available to him”.2082 Having implemented measures that are reasonable for him, the access provider will be exempted from liability.2083 The law does not require the addressee of an injunction to make unbearable sacrifices, which the Court considers as justified in the light of the fact the service provider is not the author of the infringement in question.2084 In that regard, the CJEU also stated that, “in accordance with the principle of legal certainty, it must be possible for the addressee of an injunction such as that at issue in the main proceedings to maintain before the court, once the implementing measures which he has taken are known and before any decision imposing a penalty on him is adopted, that the measures taken were indeed those which could be expected of him in order to prevent the proscribed result”.2085 However, not only the interests of the addressee of the injunction and the copyright owners must be balanced, when adopting a measure, the ser-

2079 2080 2081 2082 2083 2084 2085

Ibid, para. 49. Ibid, para. 50. Ibid. Ibid, para. 52. Ibid, para. 53. Ibid. Ibid, para. 54.

587

Third Chapter: Content- or Intermediary-Targeted Responses

vice provider must also ensure compliance with the fundamental right of Internet users to freedom of information.2086 The adopted measures “must be strictly targeted, in the sense that they must serve to bring an end to a third party’s infringement of copyright or of a related right but without thereby affecting Internet users who are using the provider’s services in order to lawfully access information”.2087 Otherwise, there would be an unjustified interference in the freedom of information of those users. A review of the compliance with this requirement can practically not be carried out at the stage of the enforcement proceedings if the adopted measures are not challenged.2088 Accordingly, the CJEU held that – in order to prevent that fundamental rights preclude the adoption of an injunction – national procedural rules must provide a possibility for Internet users to assert their rights before the court once the concrete measures that have been taken by the service provider are known.2089 In the following, the CJEU recognised that it is possible that an injunction may not lead to a complete cessation of the intellectual property rights infringements.2090 First, as mentioned above, the addressee of an injunction may escape liability, when measures that may be achievable, constitute unreasonable measures for him.2091 Secondly, means, that put an end to the infringements in question, may not exist, or the complete cessation of the infringements may in practice not be achievable as users may circumvent the blocking.2092 Nevertheless, the measures adopted “must be sufficiently effective to ensure genuine protection of the fundamental rights at issue”, meaning that “they must have the effect of preventing unauthorised access to the protected subject-matter or, at least, of making it difficult to achieve and of seriously discouraging Internet users who are using the services of the addressee of that injunction from accessing the subject-matter made available to them in breach of that fundamental right”.2093

2086 2087 2088 2089 2090 2091 2092 2093

588

Ibid, para. 55. Ibid, para. 56. Ibid, para. 57. Ibid, para. 57. Ibid, para. 58. Ibid, para. 59. Ibid, para. 60. Ibid, para. 62.

B. Enforcement Measures Directed at Intermediaries

As a consequence, even where measures do not achieve the cessation of an infringement at 100%, they cannot per se be considered to be incompatible with the requirement of striking a fair balance between the applicable fundamental rights.2094 e) Summary of the Case Law of the CJEU From the E-Commerce Directive, the InfoSoc Directive and the IPR Enforcement Directive follows, that – regardless of the liability exemptions in the E-Commerce Directive – national courts can impose injunctions on online intermediaries. The InfoSoc Directive and the Enforcement Directive foresee the possibility for rights-holders to apply for an injunction against an infringer, aiming at the prohibition of the continuation of an infringement. The case law outlined above clarifies that rights-holders may also apply for an injunction against online intermediaries who are not themselves liable for the infringement but whose services have been used by a third party to infringe intellectual property rights. While the possibility for injunctions is settled case law, the scope of any such injunction remains rather unclear. So far, the CJEU has established that a general monitoring obligation would be incompatible with Article 3 of the IPR Enforcement Directive, which states that the measures referred to by the Directive must be fair and proportionate and must not be excessively costly. 2095 As regards the scope of any injunction, Article 11 of the IPR Enforcement Directive must be interpreted as requiring the Member States to ensure that the national courts are able to order a host service provider to take measures which contribute, not only to bringing to an end infringements of intellectual property rights by users of that service, but also to preventing further infringements of that kind. The measures that need to be imposed will be determined by the scope of the injunction required, which further will be determined by the effectiveness, cost, proportionality and dissuasiveness of the measures that might be taken. So far, it remains unclear which kind of infringements would amount to “future infringements”, for instance whether that means the repertoire of

2094 Ibid, para. 63. 2095 CJEU, C-324/09 L’Oréal and Others v eBay [2011], para. 141.

589

Third Chapter: Content- or Intermediary-Targeted Responses

the rights-holder, the protected work that has previously been infringed, and whether that would apply to infringements committed by the previous infringer or any potential user. Some guidance has however been given in the SABAM cases as to what kind of monitoring obligations are not fair and equitable, unnecessarily complicated or costly and entail unreasonable time-limits. In the words of the CJEU, injunctions shall be precluded that require an Internet access to install a system for filtering all electronic communications passing via its services, which applies indiscriminately to all its customers, as a preventive measure, exclusively at its own expense, and for an unlimited period, which is capable of identifying on that provider’s network the movement of electronic files containing a musical, cinematographic or audiovisual work in respect of which the applicant claims to hold intellectualproperty rights, with a view to blocking the transfer of files the sharing of which infringes copyright. Similarly, host providers cannot be obliged to install a system for filtering information which is stored on its servers by its service users, which applies indiscriminately to all of those users, as a preventative measure, exclusively at its expense, and for an unlimited period, which is capable of identifying electronic files containing musical, cinematographic or audio-visual work in respect of which the applicant for the injunction claims to hold intellectual property rights, with a view to preventing those works from being made available to the public in breach of copyright. In simple terms, an injunction requiring access or host providers to filter traffic/content must not be a complicated, costly and permanent computer system at the expense of the service provider, and must not amount to a general obligation to monitor all data of each of its customers. Hence, rather than providing guidance on the design of such a monitoring system, and the scope of an injunction in terms of the prevention of future infringements of intellectual property rights, the CJEU only did not go any further than making clear that the suggested filtering and monitoring systems infringed EU law. In reaching its conclusion, the CJEU also briefly discussed the fundamental rights of the service providers (freedom to conduct a business), the copyright owners (right to intellectual property) and the Internet service users (right to protection of their personal data and freedom to receive or impart information). A filtering obligation that is complicated, costly and permanent and at the expense of the service provider would disproportionately affect the service provider’s freedom to conduct a business. A sys590

B. Enforcement Measures Directed at Intermediaries

tematic analysis of all content and the collection and identification of users’ IP addresses from which unlawful content on the network is sent would also interfere with protected personal data. At the same time, such filtering could potentially limit the Internet user’s freedom of information, because the filter may not adequately distinguish legal from illegal content. Unfortunately, the CJEU did not develop the argument of IP addresses as personal data any further, nor did the Court discuss the secrecy of communications2096 or the right to respect for private life in the context of monitoring.2097 As regards the guarantee secrecy of communications, the CJEU had already clarified in the Promusicae case that Member States may establish exceptions on that obligation to enable copyright enforcement.2098 In the UPC Telekabel Wien case, the CJEU finally conducted a more detailed analysis of at least the fundamental rights of the addressee of an injunction, and the balancing of the fundamental rights that are applicable. In this very recent case, the CJEU set forth that the fundamental rights recognised by EU law must be interpreted as not precluding a court injunction prohibiting an Internet service provider from allowing its customers to access an intellectual property rights-infringing website when that injunction does not specify the measures which the access provider must take. There is no requirement in EU law that would require a court to determine the appropriate filtering and blocking measures. Further, EU law does not preclude such an injunction, when the access provider can avoid incurring coercive penalties for breach of that injunction by showing that it has taken all reasonable measures, provided that (i) the measures

2096 The filtering system as requested by SABAM would require DPI-based filtering, meaning that all communication would have to be inspected. Article 5(1) of the E-Privacy Directive however requires that "Member States shall ensure the confidentiality of communications and the related traffic data by means of a public communications network and publicly available electronic communications services, through national legislation. In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent of the users concerned, except when legally authorised to do so in accordance with Article 15(1) …”. 2097 Stefan Kulk/Frederik Zuiderveen Borgesius, Filtering for Copyright Enforcement in Europe after the SABAM cases, European Intellectual Property Review 2012, 54, 56. 2098 CJEU, Promusicae v Telefonica de Espana, [2008] ECR I‑271, para. 53. This case has been discussed in the Second Chapter.

591

Third Chapter: Content- or Intermediary-Targeted Responses

taken do not unnecessarily deprive Internet users of the possibility of lawfully accessing the information available, and (ii) that those measures have the effect of preventing unauthorised access to the protected subject-matter or, at least, of making it difficult to access, and may seriously discourage Internet users from accessing the infringing subject-matter. Whether these conditions are fulfilled is a matter for the national authorities and courts to establish. Finally, as the Court has not outruled the employment of filtering systems to enforce copyright and has provided little guidance as to where the balance should lie between the fundamental rights concerned, it does not only need to be examined in the following whether national measures obliging online intermediaries to monitor and filter content respect secondary EU law, but also whether they adequately respect the fundamental rights of the actors involved. 4. Jurisprudence of the ECtHR Other than with regard to measures directed at users, there is case law of the ECtHR in respect to access blocking and online intermediary liability. In order to understand the weighting of the different interests involved under the ECHR, the cases will be outlined briefly in addition to the case law of the CJEU. a) Access Blocking: Yildirim v Turkey In the case of Yildirim v Turkey in 2012, the ECtHR reviewed whether the blocking of access to the domain sites.google.com was legitimate.2099 The crux with the Turkish blocking order requiring Turkish access providers to block access to sites.google.com was the fact in order to block access to one website hosted under that domain which was disseminating content in violation of Turkish law, all websites hosted under the domain were blocked. The applicant in that case also had his personal website hosted under the domain in question, and was thus, also affected by the blocking order. Therefore, the applicant asked the ECtHR to review whether an

2099 ECtHR, Yildirim v Turkey, Judgment of 18.12.2012 – Application no. 3111/10.

592

B. Enforcement Measures Directed at Intermediaries

interference with his right to freedom of expression was prescribed by law, pursued legitimate aims and was necessary in a democratic society as required by Article 10(2) ECHR. The Court reiterated that Article 10 does not prohibit prior restraints on publication as such.2100 In its assessment of whether there was an interference with Article 10, the Court considered that the Internet had now become one of the principal means of exercising the right to freedom of expression and information. This role of the Internet in modern society was seen as an aggravating factor in determining the illegality of the measures in question taken by Turkish authorities. Because Article 10 protects not only the content of information but also the means of dissemination,2101 the preventive order to block access to a Google Sites amounted to an interference by public authority with the applicant’s right to freedom of expression.2102 In terms of justification of the interference, the Court examined whether, at the time the blocking order was issued, a clear and precise rule existed, which enabled the applicant to regulate his conduct in the matter.2103 The problem in this regard was, that the Turkish law provided for the blocking of access to Internet publications if the content amounted to “offences”. Neither the content of the applicant’s website nor that of Google Sites per se was illegal. Neither the applicant’s website nor Google Sites was the subject of judicial proceedings. Further, it had not been maintained that the law authorised the blocking of an entire Internet domain like Google Sites, and Google was not notified that it was hosting illegal content. Considering that prior restraints are not necessarily incompatible with the ECHR as a matter of principle, the Court also reiterated that such restraints would need a legal framework that ensures both tight control over the scope of bans and effective judicial review to prevent any abuse of power.2104 Precise and specific rules are required regarding the application of preventive restriction on freedom of expression. These rules 2100 Ibid, para. 46 with reference to ECtHR, Sunday Times v United Kingdom, Judgment of 26.04.1979 – Application no. 6538/74, and Markt intern Verlag GmbH and Klaus Beermann v Germany, Application No. 10572/83, Ser A No 165 (1989). 2101 Ibid, para 50 with reference to ECtHR, Autronic AG v Switzerland, Judgment of 22.05.1990 – Application No. 12726/87, Ser A No. 178 (1990), para. 47. 2102 Ibid, para. 55. 2103 Ibid, paras. 60 et seq. 2104 Ibid, para. 64.

593

Third Chapter: Content- or Intermediary-Targeted Responses

must also be designed to strike a balance between the competing interests.2105 When the Turkish court of first instance decided to block access to Google Sites in general, it did not weigh up the various interests at stake, in particular did the court no assess the need to block access to Google Sites as such.2106 According to the ECtHR, this shortcoming was a consequence of the Turkish law, which did not lay down any obligation for the domestic courts to examine the necessity to block access to the whole domain.2107 The obligation to consider the fact that such a measure substantially restricted the rights of Internet users and had a significant collateral effect was held to flow directly from the Convention and the case-law of the Convention institutions.2108 In the light of these considerations, the ECtHR concluded that the interference, which resulted from the application of Turkish law, did not satisfy the foreseeability requirement under the ECHR and did not afford the applicant the degree of protection to which he was entitled by the rule of law in a democratic society.2109 The measure in question could not be said to have been aimed solely at blocking access to the offending website, since it consisted in the blocking of a whole domain. b) Criminal Liability of Intermediaries: Neij and Sunde Kolmisoppi v Sweden Some guidance as regards the (criminal) liability of operators of a link directory for .torrent files2110 can be drawn from the ECtHR’s decision in the case of Neij and Sunde Kolmisoppi v Sweden2111, which concerned the

2105 2106 2107 2108 2109 2110

Ibid. Ibid, para. 66. Ibid. Ibid. Ibid, paras. 67 At the time of the Swedish court proceedings, the Pirate Bay was hosting .torrent files. 2111 ECtHR, Neij and Sunde Kolmisoppi v Sweden, Inadmissibility order of 19.02.2013 – Application no. 40397/12. For a comment on the case see Joseph Jones, Internet pirates walk the plank with Article 10 kept at bay: Neij and Sunde Kolmisoppi v Sweden, European Intellectual Property Review 2013, Vol. 35 Issue 11, 695–700. See also Dirk Voorhoof, Freedom of expression and the right to information: Implications for copyright, in Christophe Geiger (ed.),

594

B. Enforcement Measures Directed at Intermediaries

operators of the (in)famous link directory for .torrent files, and lately magnet links, the Pirate Bay. The applicants complained that their convictions interfered with their right to freedom of expression under Article 10 ECHR. In consideration that Article 10 guarantees the right to impart information and the right of the public to receive it, the ECtHR emphasised the important role of in enhancing the public’s access to news and facilitating the sharing and dissemination of information generally.2112 Further, Article 10 applies not only to the content of the information but also to the means of transmission or reception since any restriction imposed on the means necessarily interferes with the right to receive and impart information.2113 Article 10 also guarantees freedom of expression to “everyone”, and does not distinguish whether the aim pursued is profit-making or not.2114 By providing third parties with the means to impart and receive information within the meaning of Article 10 ECHR, the applicants were also afforded protection under Article 10(1) ECHR. Consequently, their convictions by a Swedish court interfered with their right to freedom of expression. Such interference was held to breach Article 10 unless it was “prescribed by law”, pursued one or more of the legitimate aims referred to in Article 10(2) and was “necessary in a democratic society” to attain such aim or aims. The conviction were based on the Swedish Copyright Act and the Criminal Code, and therefore prescribed by law. Because the conviction aimed at protecting the copyright of others and preventing crime, the aim pursued by the interference was legitimate within the meaning of Article 10(2). In order to determine whether the interference was necessary in a democratic society, the ECtHR examined the interference corresponded to a “pressing social need”. With respect to the test, the Court took into account the nature of the competing interest involved and the degree to

Research handbook on human rights and intellectual property (2015), pp. 331 – 353. 2112 In that respect the ECtHR referred to its previous Judgments in Times Newspapers Ltd v the United Kingdom (nos. 1 and 2), Application No. 3002/03 and 23676/03 and Ashby Donald and Others v France, Judgment of 10.01.2013 – Application no. 36769/08. 2113 The ECtHR cited its judgment in Öztürk v Turkey, Application no. 22479/93, para. 49. 2114 See ECtHR, Autronic AG v Switzerland, Judgment of 22.05.1990 – Application No. 12726/87, Ser A No. 178 (1990), para. 47.

595

Third Chapter: Content- or Intermediary-Targeted Responses

which those interests require protection in the circumstances of the case. Accordingly, the Court weighed the interest of the applicants to facilitate the sharing of the information in question and, against the interest in protecting the rights of the copyright-holders. As to the weight afforded to the interest of protecting the copyright‑holders rights enshrined in Article 1 of the Protocol 1 to the ECHR, the Court reiterated the principle that genuine, effective exercise of the rights protected by that provision does not depend merely on the State’s duty not to interfere, but may require positive measures of protection.2115 As regards the width of the margin of appreciation afforded to States, this varies depending on a number of factors, among which the type of information at issue is of particular importance. The protection afforded to the distributed material did not reach the same level as that afforded to political expression and debate. Because the Swedish authorities were under an obligation to protect the property rights of the copyright-holders in accordance with the Swedish Copyright Act and the ECHR, the ECtHR held that there were weighty reasons for the restriction of the applicants’ freedom of expression. This included the fact that the activities of the applicants within the commercially run platform the Pirate Bay amounted to criminal conduct requiring appropriate punishment. Finally, the Court reiterated that the nature and severity of the penalties imposed are factors to be taken into account when assessing the proportionality of interference with the freedom of expression guaranteed by Article 10 ECHR. As the applicants had not taken any action to remove the files in question when asked to do so, the Court concluded the prison sentence and award of damages cannot be regarded as disproportionate, and was thus “necessary in a democratic society” within the meaning of Article 10(2) ECHR. Hence, the ECtHR rejected the application as manifestly ill-founded.

2115 See also ECtHR, Öneryildiz v Turkey, Judgment of 30.11.2004 – Application no. 48939/99, para. 134.

596

B. Enforcement Measures Directed at Intermediaries

c) Civil Liability of Intermediaries: Delfi v Estonia In the case of Delfi AS v Estonia the ECtHR handed down its first judgment with regard to Internet service provider liability. 2116 The case concerns the question of liability of Delfi, an Internet news portal, for third party comments made on its website under one of the news items. This news item, which concerned a ferry company and its decision to change some of its routes which caused ice to break where ice roads could have been made in the near future, triggered many user comments, 2117 which were found by an Estonian court to be defamatory. Further the domestic court held Delfi responsible for the defamatory comments and Delfi was ordered to pay damages to the ferry company. In reaching this decision, the domestic courts rejected Delfi’s argument that it falls under the host provider liability exemption encompassed in the E-Commerce Directive. Relying on Article 10 ECHR, Delfi complained that the Estonian civil courts had found Delfi liable for comments written by its readers. The Strasbourg Court was thus faced with making an Article 10 evaluation of the consequences of a very narrow interpretation of the E-Commerce Directive’s liability exemption for hosting content. The ECtHR held unanimously, that there had been no violation of Article 10 ECHR.2118 It found

2116 ECtHR, Delfi AS v Estonia, Judgment of 10.10.2013 – Application no. 64569/09. For comments on the case see Leo Schapiro, Anhaltende Rechtsunsicherheit für die Betreiber von Internetmeinungsportalen?, Das Urteil des EGMR »Delfi AS v Estonia« und seine Auswirkungen auf die deutsche Rechtslage, Zeitschrift für Urheber- und Medienrecht 2014, 201 – 210; Alexander Milstein, Anmerkung zu EGMR: Haftung eines Forenbetreibers für anonyme Nutzerkommentare mit Meinungsfreiheit vereinbar, MultiMedia und Recht 2014, 41–42. 2117 The comments were not moderated on a routine bases, although there was evidence that on some occasions the website had proactively removed comments. Comments containing certain obscene words were automatically deleted. There was a notice and take down procedure in place for victims of defamatory comments. Any user could flag comments as abusive, which were subsequently taken down expeditiously. About 10,000 comments were posted per day, the majority under pseudonyms. Once a user posted a comment he could not edit or delete the comment. 2118 The Court accepted the Estonian courts’ view that Delfi was not an intermediary but a publisher as it had an economic interest in the comments and had the sole control over the comments once they were posted; in particular, users could not change or delete their comments, they could merely report obscene comments. Unfortunately, the Court did not examine itself whether Delfi, a Internet news

597

Third Chapter: Content- or Intermediary-Targeted Responses

that the finding of liability by the Estonian courts was a justified and proportionate restriction on the portal’s right to freedom of expression, in particular, because: the comments were highly offensive; the portal failed to prevent them from becoming public, profited from their existence, but allowed their authors to remain anonymous; and, the fine imposed by the Estonian courts was not excessive. This conclusion has been widely criticised by free speech activists2119 as well as scholars2120 and news providers2121 for not adequately respecting the freedom of expression online but also for misunderstanding the EU legal framework regulating intermediary liability. Delfi subsequently argued that the decision may have a chilling effect on free speech, when anonymous expression of opinions is not protected as the Court indirectly requires the registration of users and monitoring of third party content.2122 It can be established, that the ECtHR avoided to determine whether the service provider qualified as host as it was not its role to take the place of the domestic courts. The ECtHR also subsequently recognised the importance of the case and decided on 17 February 2014 to refer the case to the Grand Chamber

2119

2120 2121 2122

598

site, that published 330 articles a day and employed – as common on newspaper sites – an “add your comment” section at the end of each article, is a publisher or intermediary. It would have been interesting to see the Court determining on the facts before it whether a service provider like Delfi is an intermediary or a publisher before analysing the Article 10 in the light of this finding. See in specific, ECtHR, Delfi AS v Estonia, Judgment of 10.10.2013 – Application no. 64569/09, para. 86. See for instance Gabrielle Guillemin, Case Law, Strasbourg: Delfi AS v Estonia: Court Strikes Serious Blow to Free Speech Online, Inform's blog (15.10.2013); Graham Smith, Who will sort out the Delfi mess?, Cyberleagle blog (16.10.2013). See for instance Dirk Voorhoof, Treating a news portal as publisher of users’ comment may have far-reaching consequences for online freedom of expression, Inform's blog (29.10.2013). See the open letter to the ECtHR’s president signed by 69 news organisations, Algemene Vereniging van Beroepsjournalisten in Belgie et al., Open letter to President Dean Spielmann of 13.01.2014. Delfi's request for referral to the Grand Chamber can be accessed online at http:/ /www.psw.ugent.be/cms_global/uploads/ publicaties/dv/REQUEST%20FOR%2 0REFERRAL%20TO%20THE%20GRAND%20CHAMBER_DELFI_2014%2 001%2008%20FINALDV.pdf (last accessed 30.04.2014).

B. Enforcement Measures Directed at Intermediaries

at the request of Delfi.2123 As a consequence the Delfi judgment did not become final. By accepting to review the case, the Grand Chamber Panel recognised the case as exceptional and raising a serious question that affects the interpretation or application of the ECHR or its protocols, or raising a serious issue of general importance.2124 In its much-awaited judgment the Grand Chamber Panel confirmed the previous Chamber judgement in June 2015.2125 The judgment contains two concurring and one dissenting opinions and in particular the harsh joint dissenting opinion of judges Sajó and Tsotsoria and the great length of the judgment may explain why the release of the judgment took some time. The judgment has to be criticised for in effect requiring a pre-monitoring of user comments by Delfi and Internet news portals in general. Interestingly, the Court distinguishes between different types of platforms that exist for and curating information, when stating that “the case ase does not concern other fora on the Internet where third-party comments can be disseminated, for example an Internet discussion forum or a bulletin board where users can freely set out their ideas on any topics without the discussion being channelled by any input from the forum’s manager; or a social media platform where the platform provider does not offer any content and where the content provider may be a private person running the website or a blog as a hobby”2126. Delfi, however, was held to be “a large professionally managed Internet news portal run on a commercial basis”2127 and thus, the Grand Chamber concluded that the portal had control over user-generated content. The concurring opinion of judges Raimondi, Karakas, de Gaetano and Kjølbro goes to great length to draw a

2123 ECtHR, Grand Chamber Panel's decisions of 18.02.2014, available at http://hud oc.echr.coe.int/webservices/content/pdf/003-4674833-5667824 (last accessed 30.04.2014). 2124 Under article 43 of the ECHR, within three months from the date of a Chamber judgment, any party to the case may, in exceptional cases, request that the case be referred to the 17 member Grand Chamber of the ECtHR. In that event, a panel of five judges considers whether the case raises a serious question affecting the interpretation or application of the Convention or its protocols, or a serious issue of general importance, in which case the Grand Chamber will deliver a final judgment. If no such question or issue arises, the panel will reject the request, at which point the judgment becomes final. 2125 ECtHR, Delfi AS v Estonia, Judgment of 16.06.2015 – Application no. 64569/09 (Grand Chamber). 2126 Ibid, para. 116. 2127 Ibid, para. 144.

599

Third Chapter: Content- or Intermediary-Targeted Responses

line between liability for failure to prevent unlawful comments and liability for not subsequently removing such comments. This distinction is not made by the majority judges and indicates a lack of understanding of practical control of user-generated content; as well as of the consequences that their findings have, namely an obligation to pre-monitor user-generated content. The latter would have to be considered when balancing the contravening rights, as pre-monitoring is a clear burden for any portal provider.2128 However, the concurring opinion also makes clear that the majority judges have adopted case-specific reasoning and have left the relevant principles to be developed more clearly in subsequent case-law.2129 Thus, the case does not set a clear precedent: it only concerns the assessement of the Estonian ruling in the context of the ECHR and does not create a strict liability for host providers. The conclusion that can be drawn from the Delfi case is that the ECHR permits pre-monitoring of user-generated content. Considering that EU law prohibits general monitoring duties, there is some potential for conflict. The Estonian courts would have been well-advised to submit a question for a preliminary ruling to the CJEU on the application of EU law, instead of seemingly misapplying the EU liability regime for host providers that resulted in the ECtHR judgment. This being said, the Delfi judgment must not be generalised and is for the above stated reasons very limited in its precedence for future cases of liability for user-generated content. d) Summary of the Case-Law of the ECtHR The case law of the ECtHR shows, that any restriction on the access to content on the Internet will interfere with end-users’ right to receive, seek and impart information. The ECtHR in this context recognises that the Internet has become one of the principle means of transmission of free speech and information. In order to determine whether an interference with Article 10 ECHR is necessary in a democratic society, the ECtHR will examine whether the interference corresponds to a “pressing social need”. With respect to the test, one needs to take into account the nature of 2128 Cf. concurring opinion of judges Raimondi, Karakas, de Gaetano and Kjølbro at para. 7. 2129 Ibid, paras. 8 et seq.

600

B. Enforcement Measures Directed at Intermediaries

the competing interest involved and the degree to which those interests require protection in the circumstances of the case. In the context of copyright infringements, this means that the interests of the Internet users to access or share the information in question, and the interests of website operators to impart information, have to be weighed against the interest in protecting the intellectual property rights of the copyright-holders. As regards the width of the margin of appreciation afforded to States, this varies depending on a number of factors, among which the type of information at issue is of particular importance. If as for instance in the Pirate Bay case, the information at issue amounted to criminal conduct, this could well require criminal prosecution. With regard to access blocking to infringing content via access provider, the quantitative assessment of the foreseeable success of the blocking measure is one factor to be weighed. Thus, collateral effects that may be caused by the blocking need to be taken into consideration when assessing the proportionality of a measure. Prior to the proportionality test however, it needs to be examined whether the national law, that prescribes the interference with users’ Article 10 rights, satisfies the requirement under Article 10(2) ECHR that any law restricting freedom of expression must be formulated with sufficient precision to enable individuals to regulate their conduct. Thus, third parties, which may eventually affected by access blocking, must be able to foresee that this may be the case. Proportionality is also unlikely to be achieved, where the host provider that hosts the infringing content is not informed of the illegal content prior to the blocking. In addition, laws that provide for the blocking of access to illegal materials must provide sufficient safeguards against potential abuses such as a guarantee of judicial review. While the ECtHR has recognised the significance of the Internet in contemporary communication, the judgment in Yildirim v Turkey does not mean that no access blocking orders directed at access providers can comply with Article 10 ECHR. Moreover, the case makes clear that laws, that set forth access blocking, must be carefully drafted, so that orders are targeted at the infringing content only, and that there must be a thorough assessment of the contravening interests before any measure may be imposed.

601

Third Chapter: Content- or Intermediary-Targeted Responses

II. Enforcement upon Initiative of Administrative Authorities Insofar as access blocking to content is concerned, the most likely scenario is that rights-holders will apply for a court order before a civil court. Regularly, there have been attempts to extend the competence for blocking orders to administrative authorities as a quick, less costly and efficient alternative. In particular with regard to gambling and pornography, state authorities are addressed for regulation. The following paragraphs give a brief outline explaining how and why administrative authorities rarely order the blocking of access to certain content and why government are reluctant to pass laws that would allow for access blocking upon initiative of administrative authorities. While France does not grant any competence to administrative authorities to order the blocking of access to illegal materials, Germany has been rather progressive in this field – though of limited success and excluding the enforcement of private rights such as intellectual property rights by administrative authorities. In light of the controversy of access blocking by administrative authorities, the UK part will solely focus on the initially foreseen access blocking under the DEA 2010. 1. France: No Competence of Administrative Authorities to Order Access Blocking to Illegal Materials When it comes to blocking obligations under French law, French law foresees that administrative authorities as well as courts may order an Internet service provider to block access to specified content. However, as to date no blocking has been ordered by an administrative authority. In France, the issue of blocking is dealt with on a vertical level, meaning that for different areas of law, specified rules may exist. The first provision that was passed granting administrative authorities the power to order access blocking was in the course of the transposition of the E-Commerce Directive into national law by the Loi de 21 juin 2004 pour la confiance dans l’économie numérique (LCEN) in 2004, and was restricted to violations or risks of violations of fundamental state interests. It requires the Conseil d’Etat to pass an order determining the conditions under which administrative authorities may order access blocking. Until September 2013, no such executive order has been passed, meaning that no blocking may be ordered by administrative authorities to date in the course of Arti602

B. Enforcement Measures Directed at Intermediaries

cle 18 LCEN. A similar fate has been encountered by a provision that foresees the blocking of access to child pornography that has been inserted into the Article 6 LCEN by the Law on guidelines and programming for the performance of internal security (LOPPSI 2) in 2011. Hence, as of September 2013, there is no provision based on which an administrative authority may actually order intermediaries to block access to illegal content. Pursuant to Article 18 of the LCEN, the Conseil d’Etat may pass an order that may lay down the conditions under which administrative authorities may impose restrictions on eCommerce in case of violation, or where there is a serious risk of violation, of the maintenance of public order and security, the protection of minors, the protection of public health, the preservation of interests of the national defense, or the protection of physical persons”. Ecommerce in that context encompasses providers of online information, commercial communications and search tools, access and recovery tools, access to a communications networks or data hosting, even if they are not paid by those who benefit from them.2130 A first draft of an executive order was discussed in 2011, but did not come into force. The draft order of June 2011 implementing Article 18 of the LCEN foresaw that the Ministries of Defense, of Justice, of the Interior, of the Economy, of Communication, of Health, of the Digital Economy, and the National Authority for the Defense of Information System would have the power to take down or block Internet content they deem harmful.2131 These ministries would be able to start a three-step process: (i) first, the operator of the website will be requested to cease publication of the content in concern or block access to it, or to remove it from the net entirely; (ii) If there is no reaction within 72 hours, the hosting provider will be notified to delete the content or block its publication; and (iii) finally, if there is no reaction from the hosting provider, Internet service providers will be prompted to block the website.2132 In case of emergency, the Inter-

2130 Cf. Article 14 LCEN. 2131 The draft executive order became public after the new French Conseil National du Numérique (CNN; National Digital Council) published an opinion on the proposal. Conseil National du Numérique, Avis n° 2 du Conseil National du Numérique relatif au projet de décret pris pour l’application de l’article 18 de la loi pour la confiance dans l’économie numérique (20.06.2011). 2132 See Simon Columbus, French Government plans to extend Internet censorship, OpenNet Initiative (21.06.2011).

603

Third Chapter: Content- or Intermediary-Targeted Responses

net service providers could also be ordered to block the respective content straight away. The order foresaw that Internet service providers would be compensated for their efforts. In case of non-compliance with a blocking request, the non-compliant party would face a fine of up to 1500 Euros as well as confiscation measures.2133 Presumably due to severe criticism relating to the power given by the Ministries to impose blocking order without judicial oversight,2134 the draft order did not become law. The situation has been similar with regard to Article 4 of LOPPSI 2, which inserted into Article 6 I 7 LCEN that "Where justified by the requirements of combating the distribution of pictures or representations of minors falling under Article 227-23 Code Pénal, the administrative authority shall notify the electronic addresses of public online communications services which breach the provisions of this Article to the persons mentioned under paragraph I(1) hereof, which must promptly block access to these sites”. While Article 4 LOPPSI 2 laid down the competence of administrative authorities to order access blocking, it also made the blocking dependent on an executive order that should set forth the procedures for any website blocking under this provision including the compensation of intermediaries concerned. The provision itself was widely criticised by Internet activists as constituting censorship2135 and was referred to the Conseil Constitutionnel for review by members of the French parliament2136. Although the Conseil Constitutionnel did not consider the provision unconstitutional, in specific not constituting a violation of the right to freedom of communication guaranteed under Article 11 of the Declaration of the Rights of man and the Citizen of 1789,2137 the French government

2133 Ibid. 2134 See for example the statements by the digital rights advocacy group La Quadrature du Net: Félix Tréguer, France on its way to total Internet censorship?, Index on Censorship (27.06.2011). 2135 La Quadrature du Net, French LOPPSI Bill adopted: the Internet under control?, La Quadrature du Net (09.02.2011); Philippe Berry, LOPPSI 2 donne les pleins pouvoirs au ministère de l'Intérieur pour censurer le Net, 20 minutes (21.12.2010); Le Monde, RSF critique le filtrage du Net prévu par la Loppsi 2, Le Monde (16.09.2010). 2136 Notably by members of the opposition. 2137 Conseil Constitutionnel, Decision of 10.03.2011 – decision no 2011-625 DC, paras. 7 et seq. English version available at http://www.conseil-constitutionnel.f r/conseil-constitutionnel/francais/les-decisions/acces-par-date/decisions-depuis1959/2011/2011-6 25-dc/decision-n-2011-625-dc-du-10-mars-2011.94924.html (last accessed on 17.05.2014). The Constitutional Court stressed in its decision

604

B. Enforcement Measures Directed at Intermediaries

decided to refrain from passing an executive order on the application of Article 4 LOPPSI 2.2138 Hence, until today, there is no order in force that stipulates the conditions under which administrative authorities may impose blocking orders on online service providers. Considering that even for child abuse images, French law does not foresee the possibility for administrative authorities to order the blocking of access to that clearly illegal material, it is highly unlikely that such a competence will ever be granted to protect private rights.

on the constitutionality of the website blocking provision that it is restricted in its analysis to examine whether the procedures adopted by the law were manifestly inappropriate for the objective pursued. The Court does not have the competence to assess whether the objectives of the law (combatting child pornography) can be achieved by other means as its general power of assessment and decision is limited and not as far reaching as that of the legislator. Thus, the Court did not have to examine alternative means to prevent access to illegal materials, unless it could establish that the procedures adopted by the law were manifestly inappropriate for the objective pursued. Such a manifest error of assessment by the legislator could not be established (It was in particular not manifestly appropriate to use public funds to compensate Internet service provider for the costs incurred resulting from the obligation to block access.). When assessing the proportionality of granting the administrative authority the power to limit access to online content, the Court took into account that (i) the aim was to protect Internet users from accessing child pornography and that the power to limit access was restricted to child pornography, and (ii) that a decision of the administrative authority to impose blocking obligations may be challenged at any time by any party concerned before a court (also in proceedings for interim injunctive relief). Due to the very restricted scope of application of the provision and the possibility of judicial review, the interference with freedom of communication guaranteed under Article 11 of the Declaration of the Rights of man and the Citizen of 1789 was not considered disproportionate. 2138 Mark Rees, LOPPSI: le gouvernement abandonne le blocage de sites sans juge, PC Inpact (25.07.2012); Le Monde, Loppsi 2: le gouvernement pourrait abandonner le blocage des sites sans juge, Le Monde (25.07.2012).

605

Third Chapter: Content- or Intermediary-Targeted Responses

2. Germany: Regional Initiatives and Legislative Attempts to Provide for Access Blocking Have Limited Success In Germany, website blocking by administrative authorities is highly controversial2139 and most authorities refrain from ordering access blocking to specific content. Due to this controversy, there is basically just one administrative authority, namely the Bezirksregierung Düsseldorf that has ordered access blocking on various occasions. As a consequence, this regional public authority has become (in)famous for this practice.2140 However, none of its orders aimed at blocking access to content that infringed intellectual property rights. The reasons for this will be addressed when discussing the access blocking orders of the Düsseldorf authority. The best example for the tough climate for administrative blocking orders has recently been the Zugangserschwerungsgesetz – a statute providing for the blocking of child abuse content that has already been recalled. Finally, the following paragraphs will also examine whether in the highly regulated field of online gambling, access blocking can be ordered by regulatory authorities. a) “Düsseldorfer Sperrverfügungen” In 2002 the Bezirksregierung Düsseldorf (Regional Administrative Authority) orderd 80 commercial and University Internet service providers

2139 Cf. for instance Stefan Krempl, SPD-Sprecher verreißt die rheinischen Sperrungsverfügungen, Heise online (20.02.2002); Thomas Stadler, Sperrungsverfügung gegen Access-Provider, MultiMedia und Recht 2002, 343–347. 2140 Cf. Peter Mankowski, Die Düsseldorfer Sperrungsverfügung – alles andere als rheinischer Karneval, MultiMedia und Recht 2002, 277–278; Christoph Engel, Die Internet-Service-Provider als Geiseln deutscher Ordnungsbehörden – Eine Kritik an den Verfügungen der Bezirksregierung Düsseldorf, MultiMedia und Recht 2003, Beilage 4; Thomas Stadler, Sperrungsverfügungen gegen AccessProvider, MultiMedia und Recht 2002, 343–347; Ulrich Sieber/Christian Volkmann, Die öffentlich-rechtliche Störerhaftung der Access-Provider, Kommunikation und Recht 2002, 398–409. There are even Ph.D. theses being written solely about the blocking orders of the Bezirksregierung Düsseldorf, which indicates the controversial nature of these orders, for instance Eva Billmeier, Die Düsseldorfer Sperrungsverfügung: ein Beispiel für verfassungs- und gefahrenabwehrrechtliche Probleme der Inhaltsregulierung in der Informationsgesellschaft (2007).

606

B. Enforcement Measures Directed at Intermediaries

to block access to two web pages with right-wing extremist content.2141 The blocking orders were based on the then existing §§ 8 and 18 Mediendienste-Staatsvertrag (MDStV) 2142. According to the Bezirksregierung Düsseldorf, the content on the respective websites was in violation of § 8 MDStV2143 which determined content that is considered illegal, namely

2141 See Stefan Krempl, Provider in Nordrhein-Westfalen erhalten Sperrungsverfügungen, Heise online (08.02.2002). Initially, it was also planned to block access to the website rotten.com which depicts inter alia terrorism, murders, suicides and rape. The blocking order issued in February 2002 ordered the blocking of http://www.stormfront.org and http://www.nazi-lauck-nsdapao.com (for a professional translation of the administrative blocking order see Maximilian Dornseif, Government mandated blocking of foreign Web content, in: Jan von Knop/Wilhelm Haverkamp/Eike Jessen (eds.), Security, E-Learning, E-Services: Proceedings of the 17. DFN-Arbeitstagung über Kommunikationsnetze, Lecture Notes in Informatics (2013), pp. 617–648). It has to be noted that Universities were exempted from the blocking obligation to the extent that they need to make these websites available for the purpose of research or teaching. For a critical assessment of the blocking orders see Christoph Engel, Die Interrnet-Service-Provider als Geiseln deutscher Ordnungsbehörden, MultiMedia und Recht 2003, Beilage 4; Timo Rosenkranz, Sperrungsverfügungen gegen AccessProvider, JurPC 2003, Web–Dok. 16/2003; Thomas Stadler, Sperrungsverfügungen gegen Access Provider, MultiMedia und Recht 2002, 343–347; Peter Mankowski. Die Düsseldorfer Sperrungsverfügung – alles andere als rheinischer Karneval, MultiMedia und Recht 2002, 277–278. 2142 Mediendienste-Staatsvertrag – MDStV (State Treaty on Media Services). From April 2003 to 2007, the provisions could be found in §§ 12 and 22 MDStV, which have now been integrated in § 59 Rundfunk-Staatsvertrag – RStV (State Treaty on Broadcasting). As regards the competences of administrative authorities to issue blocking orders based on the MDStV see Ulrich Sieber/Malaika Nolde, Sperrverfügungen im Internet, Territoriale Rechtsgeltung im globalen Cyberspace? (2008), pp. 4 et seq. 2143 The successor to § 8 MDStV, § 12 MDStV refers to the JugendmedienschutzStaatsvertrag – JMStV (State Treaty on Media Protection of Minors) which in its § 4 defines illegal content. Illegal content includes – without prejudice to any liability under the German Criminal Code, content that represents propaganda instruments as defined in § 86 StGB, content which is directed against the free and democratic order or the spirit of understanding among the nations,…, incites to hatred against parts of the population or against a national, racial, religious or ethnic group, encourages violent or arbitrary action against such a group or violates the human dignity of a person or group by insulting, maliciously degrading or defaming parts of the population or any of the aforementioned groups, content that denies or plays down acts committed under the Nazi regime, content which disturbs public peace, presents cruel or otherwise inhuman acts of violence against a person in a manner devised to glorify or trivialise

607

Third Chapter: Content- or Intermediary-Targeted Responses

such content that violates provisions of the Strafgesetzbuch (StGB)2144, glorifies war, is evidently obscene, depicts human beings that are dying or suffering grievous bodily harm or mental cruelty without respecting their human dignity, or in other ways infringes human dignity. Under § 18 II MDStV2145, the authority competent to regulate media could take measures against the provider of illegal content to remove the content in question. In particular, the authority could forbid Internet service providers to offer certain content and may order this content to be blocked. In the 2002 blocking order by the Bezirksregierung Düsseldorf, the websites concerned hosted right-wing extremist content that was in violation of § 130 StGB and § 8 MDStV. As regards the blocking of access to said content, the Bezirksregierung Düsseldorf stated that the present state of the art foresees three possibilities of blocking: excluding domains on the domain server, use of a proxy server, or excluding IP addresses by blocking them at a router level.2146 The Bezirksregierung argued that the blocking was

such acts of violence or devised to present the cruel or inhuman nature of the act in a manner which violates human dignity,…, content which violates human dignity, especially by presenting persons who are or were dying or exposed to serious physical or mental suffering while reporting actual facts without any justified public interest in such form of presentation or reporting being given…., content which presents children or adolescents in unnatural poses (this explicitly also applies to virtual presentations), content which is pornographic and has as its subject acts of violence, the sexual abuse of children or adolescents or sexual acts of persons involving animals (again this explicitly also applies to virtual presentations). According to subsection 2 of said paragraph content is furthermore illegal if it is inter alia pornographic in any other manner, or evidently suited to seriously impair the development of children and adolescents or their education into self-responsible and socially competent personalities, taking into account the specific effect of the media via which the content is provided. In contrast to the content listed in § 4 I JMStV, this content is legal if the telemedia service provider has ensured that such content is accessible for adult persons only (closed user group). 2144 Strafgesetzbuch StGB (Criminal Code). 2145 § 18 (later § 22) MDStV specified the competent administrative authorities to enforce the provisions of the Mediendienste-Staatsvertrag. Subsection 3 of set paragraph also grants the competent authorities the power to order third parties to block access to unlawful content in the interest of public weal. 2146 As to the specific functioning of these blocking methods foreseen in the order see Maximilian Dornseif, Government mandated blocking of foreign Web content, in: Jan von Knop/Wilhelm Haverkamp/Eike Jessen (eds.), Security, ELearning, E-Services: Proceedings of the 17. DFN-Arbeitstagung über Kommunikationsnetze, Lecture Notes in Informatics (2013), pp. 617 et seq.

608

B. Enforcement Measures Directed at Intermediaries

reasonable and does not impose a heavy burden upon providers. In the following court proceedings, it was argued that although the blocking may not succeed in preventing access for everyone to all the materials, it was nevertheless proportionate.2147 The legitimate aim, barring access to illegal materials, must only be achieved in the sense that the legitimate aim is promoted and access is limited.2148 The providers faced fines of up to DM 1 million (approx. EUR 0.5 million) or court proceedings in case of noncompliance. Some of the Internet service providers complied with the order, while others took action. In June 2005, the Verwaltungsgericht Düsseldorf declared the blocking order lawful.2149 The court held that § 22 MDStV, which at that time granted competence to the administrative authority similar to its predecessor § 18 MDStV (before 2003), contained a legitimate basis for ordering access blocking and that this does not violate Article 12(3) of the E-Commerce Directive.2150 According to said Article of the E-Commerce Directive the liability exemption for access providers shall explicitly not affect the possibility for a court or administrative

2147 Cf. for instance VG Köln, Decision of 03.03.2005 – 6 K 7151/02, MultiMedia und Recht 2005, 399, 402. 2148 Cf. Bodo Pieroth/Bernhard Schlink/Michael Kniesel, Polizei- und Ordnungsrecht (2002), § 10 para. 22; Wolf-Rüdiger Schenke, Polizei- und Ordnungsrecht (3rd ed. 2004), para. 333. In the main proceedings against the blocking order, the VG Köln for instance explicitly recognised that IT-literate users will have many ways to circumvent access blocking to certain websites. However, against “normal” users, the blocking was predicted to have some effect. See VG Köln, Decision of 03.03.2005 – 6 K 7151/02, MultiMedia und Recht 2005, 399, 402. 2149 As regards the proceedings for interim relief: VG Düsseldorf, Decision of 19.12.2002 – 15 L 4148/02, MultiMedia und Recht 2003, 205. The decision was affirmed by OVG Münster, Decision of 19.03.2003 – 8 B 2567/02, MultiMedia und Recht 2003, 348 with comment by Gerald Spindler/Christian Volkmann. These decisions concerned only the claims for injunctive relief by the service providers and thus, only required a summary examination by the courts addressed. The final decision in this subject matter was rendered by the VG Düsseldorf in May 2005 (27 K 5968/02, Zeitschrift für Urheber- und Medienrecht-RD 2006, 150), which ultimately affirmed the blocking orders by the Bezirksregierung Düsseldorf. 2150 VG Düsseldorf, Decision of 10.05.2005 – 27 K 5968/02, Zeitschrift für Urheberund Medienrecht-RD 2006, 150. Cf. also the similar judgements of VG Arnsberg, Decision of 26.11.2004 – 13 K 3173/02; VG Gelsenkirchen, Decision of 28.7.2006 – 15 K 2170/03; VG Köln, Decision of 03.03.2005 – 6 K 7151/02, MultiMedia und Recht 2005, 399.

609

Third Chapter: Content- or Intermediary-Targeted Responses

authority, in accordance with Member States' legal systems, of requiring the service provider to terminate or prevent an infringement. Since 2007, the legal grounds on which the Bezirksregierung based its blocking orders are enshrined in § 59 III and IV Rundfunk-Staatsvertrag – RStV.2151 Said paragraph foresees that the competent regulatory authorities may forbid or order providers to remove content that infringes the provisions of said treaty or data protection provisions of the Telemediengesetz – TMG if this measure would not be disproportionate.2152 Subparagraph 4 provides that a blocking order may also be directed against access or hosts providers. In practice, the new legal basis for blocking orders by administrative authorities did not trigger any decisive changes. First of all, the provision is still similar to its predecessors. Its main field of application is set to be the contents already addressed by the Bezirksregierung Düsseldorf, namely pornography (in particular hardcore pornography and child abuse content)2153 and right-wing extremist speech2154, which is – due to German history – a very sensitive subject in Germany, as well as content that is in violation of human dignity2155. While the Bezirksregierung Düsseldorf succeeded before the courts, subsequent attempts by providers of pornographic content and intellectual property rights-holders to obtain injunctions against access providers to order them to block access to websites that infringed their rights based on competition law, or intellectual property law respectively, failed.2156 Although this did not concern blocking by administrative authorities, it shows that following the Düsseldorf blocking orders and the controversy about blocking in general that arose in the aftermath, produced a tough cli-

2151 As regards the legislative developments from MDStV to RStV, see Ulrich Sieber/ Malaika Nolde, Sperrverfügungen im Internet, Territoriale Rechtsgeltung im globalen Cyberspace? (2008), pp. 4 et seq. 2152 Accordingly, also content that is in violation of § 20 Abs. 4 JMStV is encompassed. 2153 Ulrich Sieber/Malaika Nolde, Sperrverfügungen im Internet, Territoriale Rechtsgeltung im globalen Cyberspace? (2008), pp. 9 et seq. with further references. 2154 Ibid, pp. 13 et seq. with further references. 2155 Ibid, pp. 18 et seq. with further references. 2156 Dieter Frey /Matthias Rudolph/Jan Oster, Internetsperren und der Schutz der Kommunikation im Internet, Am Beispiel behördlicher und gerichtlicher Sperrungsverfügungen im Bereich des Glücksspiel- und Urheberrechts, MultiMedia und Recht-Beilage 2012 to Issue 3, 3 et seq.

610

B. Enforcement Measures Directed at Intermediaries

mate for blocking orders and legislation that foresees such blocking.2157 Hence, no attempts were made by administrative authorities to block access to content that may infringe the feelings of certain religious groups2158, supports terrorism2159 or violates the private rights of others2160. As regards the latter, § 59 V RStV explicitly sets forth that insofar as administrative measures aim at the enforcement of private rights, such measures shall be subsidiary to the individual pursuing his claims in ordinary proceedings.2161 The basic principle of the law governing public security that gives priority to the protection of individual rights via the due process of law is also applied to administrative blocking orders.2162 The administrative authorities shall only become active in matters of general public interest.2163 The intention of this approach is obvious, namely to prevent the escalation of requests to administrative authorities aiming at the enforcement of mere private rights,2164 and thus protecting public resources. Against this background and considering that already in regard to content that is harmful for children and/or violates human dignity, administrative blocking orders are disputed, blocking orders in the context of intellectual property rights infringements are not on the agenda of administrative regulatory authorities. b) The Fate of the “Zugangserschwerungsgesetz” The controversy about access blocking reached its peak during the legislative procedure leading to the passing of the Zugangserschwerungsgesetz

2157 Ibid, 5. 2158 Ulrich Sieber/Malaika Nolde, Sperrverfügungen im Internet, Territoriale Rechtsgeltung im globalen Cyberspace? (2008), p. 24. 2159 Ibid, p. 25. 2160 Ibid, p. 26. 2161 Ibid, pp. 26 et seq.; Christian Volkmann in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 59 RStV, para. 75. 2162 Cf. Arved Greiner, Die Verhinderung verbotener Internetinhalte im Wege polizeilicher Gefahrenabwehr (2001), p. 139. 2163 See § 59 V RStV. 2164 Christian Volkmann in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 59 RStV, para. 75.

611

Third Chapter: Content- or Intermediary-Targeted Responses

– ZugErschwG2165.2166 In order to block access to child abuse materials, the German legislator decided in 2009 to introduce a federal statute on access blocking to such content.2167 Pursuant to § 2 of the ZugErschwG access provider were supposed to block access to websites listed on a “black list” at least at the DNS level and redirect users to a website of the Federal Criminal Police Office displaying a stop sign.2168 The “black list” should have been administered by said authority, meaning that the Federal Criminal Police Office would also have been in charge of deciding which websites were to be included in the list. The ZugErschwG raised a lot of controversy between the political parties and society, particular the Internet community.2169 Due to a new political situation in Germany in 2011 with a coalition of the Christian Democrats, CDU, and the liberal Party, FDP, where especially the FDP opposes restrictions on the use and access to the Internet, the controversial ZugErschwG is now history.2170 2165 The full title was Gesetz zur Erschwerung des Zugangs zu kinderpornographischen Inhalten in Kommunikationsnetzen. 2166 See for instance Dieter Frey/Matthias Rudolph, Zugangserschwerungsgesetz: Schnellschuss mit Risiken und Nebenwirkungen, Computer und Recht 2009, 644; Christoph Schnabel, Das Zugangserschwerungsgesetz – Zum AccessBlocking als ultima ratio des Jugendschutzes, Juristenzeitung 2009, 996; Ulrich Sieber, Sperrverpflichtungen gegen Kinderpornografie im Internet, Juristenzeitung 2009, 653. 2167 For an overview of the rise and fall of the statute, see Jenny Kortlander, Is filtering the new silver bullet in the fight against child pornography on the Internet? A legal study into the experiences of Australia and Germany, Computer and Telecommunications Law Review 2011, Vol. 17 Issue 7, 199, 204 et seq. 2168 For a comment on § 2 ZugErschwG see Christian Volkmann in: Gerald Spindler/ Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 2 ZugErschwG. 2169 See Jenny Kortlander, Is filtering the new silver bullet in the fight against child pornography on the Internet? A legal study into the experiences of Australia and Germany, Computer and Telecommunications Law Review 2011, Vol. 17 Issue 7, 199, 200 with further references. 2170 The Bill was originally proposed by the previous coalition government of the Christian Democrats and the Social-Democrats in April 2009. After the national federal election in September 2009 the German CDU/CSU/SPD coalition government ended in a somewhat awkward situation: The then elected CDU/CSU/FDP coalition government did not want the Act anymore. In the following the new coalition government agreed upon a "non application directive" for the law. Germany’s new justice secretary Sabine Leutheusser-Schnarren-

612

B. Enforcement Measures Directed at Intermediaries

Besides a questionable federal competence for a preventive measure in the field of public security,2171 concerns were also raised in regard to the compliance of the Act with secondary EU legislation. As regards the latter, the ZugErschwG, and in specific its blocking provision, constituted a technical regulation, which – according to the Technical Standards Directive 98/34/EC as amended by the Transparency Directive 98/48/EC – should have been notified to the European Commission without undue delay. This however had been neglected prior to the passage of the Act.2172 Further, the Act had been criticised for being disproportionate: while § 59 RStV requires the competent regulatory authorities of the Länder to examine each single measure in terms of proportionality and their decision being subject to judicial review if challenged, the ZugErschwG does not foresee any such examination.2173 The main point of criticism has been the risk of over-blocking,2174 meaning that not only child abuse content would be blocked but also legitimate content. This “collateral damage” is inevitable with most blocking

2171 2172

2173

2174

berger stated that the German government has agreed that access blocking will not be conducted. For one year, the access blocking should be replaced by stronger efforts to tighten international cooperation regarding deletion of incriminated sites. In November 2009, the German President of that time, Horst Köhler, refused to sign the Act into law. This led to the situation that – without the president’s signature, a mere formal act, the law was not in force, but in case he would sign it, it still would not be applied. Surprisingly for the new government, the president signed the Bill after all on 17.02.2010, expressing that he does not have any significant concerns regarding the law’s compatibility with the German constitution. Five days later the law was officially published and came into force on 23.02.2010. Germany then had a law that no one wanted to apply. Even the SPD party, which in 2009 voted for the law, had changed its opinion on the subject. Thomas Stadler, Kein erschwerter Zugang, MultiMedia und Recht 2009, 581, 582. See Christoph Schnabel, Das Zugangserschwerungsgesetz – Zum AccessBlocking als ultima ratio des Jugendschutzes, JZ 2009, 996, 997; Dieter Frey/ Matthias Rudolph, Zugangserschwerungsgesetz: Schnellschuss mit Risiken und Nebenwirkungen, Computer und Recht 2009, 644, 645. While judicial review is possible concerning the inclusion of a service on the black list, no appeal is possible against the concrete measure that is taken to block access to the content in question. See Christian Volkmann in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), Vorbem. ZugErschwG, para. 6. Ulrich Sieber, Sperrverpflichtungen gegen Kinderpornografie im Internet, Juristenzeitung 2009, 653, 657.

613

Third Chapter: Content- or Intermediary-Targeted Responses

means.2175 Where legitimate content is blocked, this obviously violates the disseminator’s right to free speech. In addition, the users' right to information freedom (Article 5 I GG) is interfered with. Access blocking has also been and still is criticised for interfering with the access providers’ rights out to pursue their business and their right to property (Article 12 GG and Article 10 GG).2176 These issues will be further discussed in the context of the legitimacy of access blocking.2177 Finally, the usefulness of the ZugErschwG remained questionable. Considering the ease by which blocking can be circumvented, blocking does not seem an appropriate tool to limit the dissemination of child abuse content.2178 In that context the particular subject of child pornography may also play a significant role. Such content is rarely freely distributed on the web. Instead secretive channels are used, such as hidden fora, friends-tofriends networks or other means of trusted communication. Thus, the aim of the ZugErschwG, limiting access to child pornography, is already hardly to achieve where those disseminating, exchanging and trading the content act secretively, and may well be aware of how to hide their traces. At the same time, anyone with some IT literacy is able to circumvent access blocking means. c) No Positive Future for Access Blocking by Administrative Authorities in Germany Interestingly, parallel the legislative process of the Act, courts in Hamburg were asked to block access to inter alia copyright-infringing content. In one case, rights-holders requested the blocking of the Indian website gstream.in, which made publicly available copyrighted works without authorisation. Against the background of the at this time on-going legislative process of the ZugErschwG, the Higher Regional Court Hamburg analysed the impact of DNS blocking on legitimate content and referred to 2175 The Act as such did not prescribe a specific way of blocking, so that access providers were free to decide upon the means. 2176 Christian Volkmann in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), Vorbem. ZugErschwG, para. 6. 2177 See III. 3. e) Striking a fair balance between the contravening interests, p. 657. 2178 See Thomas Stadler, Kein erschwerter Zugang, MultiMedia und Recht 2009, 581, 582; Holger Bleich/Axel Kossel, Verschleierungstaktik: Die Argumente für Kinderporno-Sperren laufen ins Leere, Der Spiegel Online (17.04.2009).

614

B. Enforcement Measures Directed at Intermediaries

the controversy on blocking as censorship. Referring also to the controversy surrounding the ZugErschwG, the Court stated that if already the efficacy of blocking of child abuse content is not clear then the Court can hardly order access providers to block access to copyright infringements.2179 Although one may make out a tendency to refrain from blocking against access providers, the Bezirksregierung Düsseldorf lately has again turned to ordering the blocking of access to certain online content.2180 This time, subject of the orders were gambling websites outside the territory of Germany. The Bezirksregierung sought to base the orders on the new Glücksspielstaatsvertrag (GlüStV)2181, which foresees in § 9 I No. 5 that the regulatory authority may order service providers, insofar as they are liable under law, to desist from assisting to give access to non-permitted gambling services. Administrative courts rejected the enforcement of the orders against several access providers based on the findings that the orders lacked a legitimate basis.2182 Other than § 22 MDStV and § 59 RStV, the GlüStV does not foresee that third parties that are not liable for the infringing content can be ordered to block access. Finally, an analysis of the blocking under the Düsseldorf order namely showed that all providers on the one hand blocked more content than ordered and on the other hand blocked not all content that they were required to block.2183

2179 OLG Hamburg, Decision of 22.12.2010 – 5 U 36/09, Computer und Recht 2011, 735L 2180 Torsten Kleinz, Sperrverfügungen gegen Wettanbieter in NRW, Heise online (04.05.2011). 2181 Glücksspielstaatsvertrag (GlüStV) – State Treaty on Gambling. The Treaty entered into force on 01.01.2008. 2182 See inter alia VG Düsseldorf, Decision of 29.11.2011 – 27 K 5887/10, Computer und Recht 2012, 155; VG Düsseldorf, Decision of 08.11.2011 – 27 K 5887/10, Zeitschrift für Urheber- und Medienrecht-RD 2012, 362. This outcome has already been predicted by Sieber and Nolde in their 2008 study on access blocking, see Ulrich Sieber/Malaika Nolde, Sperrverfügungen im Internet, Territoriale Rechtsgeltung im globalen Cyberspace? (2008), p. 23. 2183 Holger Bleich/Axel Kossel, Verschleierungstaktik.Die Argumente für Kinderporno-Sperren laufen ins Leere, Der Spiegel Online (17.04.2009).

615

Third Chapter: Content- or Intermediary-Targeted Responses

3. UK: The Fate of the Website Blocking Provisions of the DEA 2010 The Digital Economy Bill 2009-10, which led to the passage of the Digital Economy Act 2010, did not only foresee the graduated response scheme discussed in the previous Chapter. During the wash-up period, Conservative and Liberal Democrats introduced Clause 17 on website blocking for copyright infringement into the Bill which was subsequently removed in the House of Commons committee stage.2184 The originally intended website blocking clause2185 was replaced by two new clauses, now sections 17 and 18 of the Act, empowering the Secretary of State to bring in regulations for website blocking – subject to a superaffirmative procedure. a) Legal Framework foreseen in the DEA 2010 Sections 17 and 18 set forth that the Secretary of State could make website blocking regulations, but only a court could order the blocking of a website once such regulations provide for this. Section 17 of the DEA 2010 provides that “the Secretary of State may by regulations make provision about the granting by a court of a blocking injunction in respect of a location on the Internet which the court is satisfied has been, is being or is likely to be used for or in connection with an activity that infringes copyright”. In that context “blocking injunction” refers to “an injunction that requires a service provider to prevent its service being used to gain access to the location”.2186 No regulations shall be made unless satisfied that “(a) the use of the Internet for activities that infringe copyright is having a serious adverse effect on businesses or consumers, (b) making the regulations is a proportionate way to address that effect, and (c) making the regulations would not prejudice national security or the prevention or detection of crime” (section 17(3)). As regards a regulation as such, it must provide that a court may not grant a blocking injunction unless from or at the location in question a substantial amount of infringing material has been, is

2184 See Dinusha Mendis, Digital Economy Act 2010: fighting a losing battle? Why the’three strikes’ law is not the answer to copyright law’s latest challenge, International Review of Law, Computers & Technology 2013, Vol.27 Nos. 1-2, 60, 69. 2185 Clause 18 Bill 89 2009-10. 2186 Section 17 (2) of the DEA 2010.

616

B. Enforcement Measures Directed at Intermediaries

being or is likely to be obtained or made available, or the location in question facilitates access to infringing materials (section 17(4)). Hence the court would need to be satisfied that such websites are used, or are likely to be used, to infringe copyright. When determining whether to grant an order, the regulations must ensure that the court also takes into account the steps already taken by the service provider, or by an operator of the location in question, to prevent infringement of copyright. As regards the speed of granting an injunction, copyright owners will first have to give notice of the application to the site owner (section 17(6)), Section 17 enumerates further general principles that must be considered by a court when granting an injunction such as the importance of freedom of expression and the principle of proportionality.2187 Section 18, which is entitled “Consultation and Parliamentary Scrutiny”, sets forth the steps that the Secretary of State should follow before making regulations under section 17. Not surprisingly, “the music industry was mad keen – as indeed were many broadcasters and sports organisations” about such extensive legal basis for blocking of copyright infringing content.2188 However, their delight did not last long as said sections will soon be abolished. b) Sections 17 and 18 of the DEA 2010: Unnecessary? Already in August 2011, the government announced in its paper “Next steps for the implementation of the Digital Economy Act” that it would not make regulations on the basis of sections 17 and 18. This opinion is still upheld and accordingly, no regulations have been passed.2189 Moreover, the Draft Deregulation Bill of July 2013 foresees the repeal of sections 17 and 18 of the DEA 2010.2190

2187 Section 17 (5) of the DEA 2010. 2188 Hansard (House of Lords) Lord Clement-Jones, Column 472 (15.03.2010). 2189 House of Commons, Digital Economy Act: Copyright, Standard Note: SN/HA/ 5515 (28.06.2013), p.1. 2190 Clause 26 of Draft Deregulation Bill presented to Parliament by the Minister for Government Policy and the Minister without Portfolio by Command of Her Majesty (July 2013), https://www.gov.uk/government/uploads/system/uploads/a ttachment_data/file/210035/130701_CM_8642_Draft_Deregulation_Bill.pdf (last accessed on 17.05.2014).

617

Third Chapter: Content- or Intermediary-Targeted Responses

This came to no surprise as previously an Ofcom report on the practicability of website blocking questioned the practicability of sections 17 and 18, and concluded that the specific blocking injunctions were unlikely to be effective in practice.2191 The report stated that whilst it is possible to block access to websites by using techniques such as IP addresses, DNS, URL and packet inspection, there were some serious concerns that need to be taken into account.2192 The expectations of copyright owners, to achieve blocking of infringing materials potentially within hours of an application being made, and thus, having a much speedier procedure than before a court, do not appear realistic given the constraints imposed on the courts by the DEA 2010.2193 These constraints include inter alia a notice to the website operator in order to guarantee a process which is fair to the legitimate interest of website operators and end-users.2194 Hence, any injunction scheme operated under sections 17 and 18 was considered unlikely to give rise to a sufficient level of actions to have a material impact on levels of copyright infringement. Ofcom concluded that it is not possible to deliver a framework under the DEA for website blocking that would be effective.2195 The decision to repeal the power to make regulations on website blocking can also be seen as a consequence of copyright owners having brought successful court actions against infringing websites under existing laws. It was right after the precedent under section 97A of the CDPA 1988 by the decision in NewzBin II2196 and obviously as a consequence of the review by Ofcom, that the Government first recommended the abolition of section 17 in their response to the Hargreaves Report.2197 The government’s response to the Hargreaves Report referring to website blocking established that “the approach set out in the DEA is unlikely to be effective

2191 Ofcom, ‘Site blocking’ to reduce online copyright infringement: A review of sections 17 and 18 of the Digital Economy Act (27.05.2011), pp. 46 et seq. 2192 Ibid. 2193 See Ibid, p. 48. 2194 Ibid. 2195 Ibid. 2196 High Court, Twentieth Century Fox Film Corp v British Telecommunications Plc [2011] EWHC 1981 (Ch). 2197 See Dinusha Mendis, Digital Economy Act 2010: fighting a losing battle? Why the’three strikes’ law is not the answer to copyright law’s latest challenge, International Review of Law, Computers & Technology 2013, Vol.27 Nos. 1–2, 60, 69.

618

B. Enforcement Measures Directed at Intermediaries

because of the slow sped that would be expected from a full court process. This would provide site operators with the opportunity to change the location of the site long before any injunction could come into force”.2198 The NewzBin II decision, which will be discussed in detail in the second part of this Chapter, put the final nail in the coffin of sections 17 and 18. At the time the NewzBin II case entered the court, sections 17 and 18 where already met with controversy.2199 The counsel for BT as well as Arnold J expressed their concerns during the hearings. The counsel for BT questioned in particular the necessity of a new blocking provision, “if section 97A of the CDPA 1988 already allowed a ‘blocking injunction’ to be granted where a website has been, is being or is likely to be used to infringe copyright”.2200 This argument summarises the major point of criticism: the significance of section 17 is unclear, considering that section 97A of CDPA 1988 can carry out the same function as section 17.2201 In fact, the requirements that a provision based on section 17 will have to take into account, do not go any further than the existing law already does.2202 In specific, when section 17(5) requires that the importance of freedom of expression needs to be taken into account as well as the principle of proportionality, then this does nothing more than summarising existing legal principles. Hence, it must be seen as coming to no surprise that the government will repeal sections 17 and 18 of the DEA 2010.

2198 Government’s Response to Hargreaves Review: ‘Next steps for implementation of the Digital Economy Act’ (August 2011), p. 7, http://www.culture.gov.uk/ima ges/publications/Next-steps-for-implementation-of-the-Digital-Economy-Act.pd f (last accessed on 17.05.2014). 2199 Cf. for example Benjamin Farrand, The Digital Economy Act 2010: A cause for celebration, or a cause for concern, European Intellectual Property Review 2010, Vol. 32 Issue 10, 536–541. 2200 High Court, Twentieth Century Fox Film Corp v British Telecommunications Plc [2011] EWHC 1981 (Ch), para. 149. 2201 The scope of blocking injunctions under section 97A CDPA 1988 will be discussed below 1. UK: Injunctions to Block Access against Access Providers, pp. 622 et seq. 2202 For a comparison of the requirements for injunctions under section 97A CDPA 1988 and injunctions under the DEA 2010 provisions see Ofcom, “Site blocking” to reduce online copyright infringement: A Review of sections 17 and 18 of the Digital Economy Act (27.05.2011), p. 47.

619

Third Chapter: Content- or Intermediary-Targeted Responses

4. Resume: No Blocking of Copyright Infringing Content to Be Ordered by Administrative Authorities None of the states that are subject of this research foresees that the blocking of access to copyright infringing materials can be ordered by administrative authorities.2203 First of all, secondary EU law would not forbid blocking orders by administrative authorities. Article 15 of the E-Commerce Directive does only forbid the imposition of general filtering obligations on access providers. Although, Article 12(1) of the E-Commerce Directive provides that mere conduits are not liable for information they transmit, this does not prevent an injunction being imposed. In fact, Article 12(3) of the ECommerce Directive makes it clear that the liability exemption “does not affect the possibility for a court or administrative authority, in accordance with Member States’ legal systems, of requiring the service provider to terminate or prevent an infringement”. The same applies for host providers under Article 14 of the E-Commerce Directive. Blocking as such is a controversial subject due to its technological implications: depending on the blocking system used, there is a risk of over-blocking; depending on the blocking system used, blocking can be expensive. The above discussion shows that even where evidently illegal content such as child pornography is concerned, access blocking by administrative authorities is not met with acceptance, although there is consensus that such materials should not be accessible.

2203 Within the EU, Spanish and Italian administative authorities have so far issued administrative blocking orders. In 2014, the Italian Communication Authority (AGCOM) passsed a regulation on online copyright enforcement (Allegato A alla Delibera n. 680/13/CONS del 12.12.2013), which – in cases of copyright infringement - provides fort he selective takedown of content hosted in Italy, or the blocking of a whole website issued against Italian access providers if there is massive infringement or the website is hosted outside Italy. Less than a month after the regulation entered into force in March 2014, the first Italian administrative blocking injunction against the website www.cineblog-01net was issued and access providers operating in Italy were required to disable access to said website (the order can be accessed via AGCOM’s website, see http://www.agcom.it/ documents/10179/1260293/Delibera+41-14-CSP/70e102fa-b552-4064-9513-a3 b41b1117e8?version=1.2 (last accessed 07.07.2015). In Spain, the first blocking order by an administrative court was released following a complaint filed tby the Spanish Association of Intellectual Rights Management (AGEDI) in March 2015.

620

B. Enforcement Measures Directed at Intermediaries

The main reason for refraining from introducing access blocking by administrative authorities is the risk of over-blocking and the impact of over-blocking on fundamental rights. If legitimate content is blocked by way of “collateral damage”, the blocking interferes with the disseminator’s right to free speech that is guaranteed by Article 10 ECHR (and Article 11 CFR). If end-users can no longer access legitimate content that has been blocked unintentionally, this also interferes with the users’ rights to receive information, which is equally guaranteed by said Articles. Furthermore access blocking interferes with the access providers’ rights out to pursue business and their right to property as guaranteed by Article 1 of the Protocol No. 1 to the ECHR (and Articles 16 and 17 CFR). When assessing the proportionality of a measure, the effectiveness of a blocking measure needs to be taken into account. As aforementioned, there are many ways to circumvent blocking, which may even be used by non-ITliterate users. This would mean effectively, that the blocking would not fundamentally affect notorious, wilful infringers as they would be able to make their way around the blocking mechanism. Finally, considering that there would be no judicial oversight before blocking would be ordered, it cannot be imagined how the interferences could be justified even if they pursue the legitimate aim of protecting the right to intellectual property of others. III. Enforcement upon Initiative of the Rights-holders via Access Providers Enforcement via access providers is one route that has become specifically popular in the UK. Enforcement via access providers in this context refers to rights-holders applying for injunctions against access providers that require the providers to block access to infringing materials. This route is usually taken when addressing the website hosting the infringing materials is not practical: the website is located outside of the domestic jurisdiction, it moves its location on a regular basis, and/or does not pay regard to take down requests.

621

Third Chapter: Content- or Intermediary-Targeted Responses

1. UK: Injunctions to Block Access against Access Providers Content access restrictions to infringements of intellectual property rights are a relatively new scenario in the UK. Cleanfeed, a software that is being used to block access to child abuse materials, has been tried and run for several years until the first court suggested that it might also be used for online copyright enforcement. a) The Legal Framework: Section 97A CDPA 1988 Section 97A was inserted into the CDPA 1988 in 2003 by the implementing regulations for the InfoSoc Directive. Precisely, it implements Article 8(3) of said Directive, which provides that rights-holders must be “in a position to apply for an injunction against intermediaries whose services are used by a third party to infringe a copyright”. Section 97A(1) CDPA 1988 in that regard provides that “the High Court […] shall have power to grant an injunction against a service provider, where that service provider has actual knowledge of another person using their service to infringe copyright”. Section 97A(2) defines the condition for determining “actual knowledge”, namely that “a court shall take into account all matters which appear to it in the particular circumstances to be relevant and, amongst other things, shall have regard to— (a)whether a service provider has received a notice through a means of contact made available in accordance with regulation 6(1)(c) of the Electronic Commerce (EC Directive) Regulations 2002 (SI 2002/2013); and (b)the extent to which any notice includes— (i) the full name and address of the sender of the notice; (ii)details of the infringement in question”. b) Setting the Precedent: Twentieth Century Fox v BT In 2011, the High Court ruled that BT must block access to NewzBin.2204 NewzBin provided a search service for UseNet content, which included unauthorised copies of protected works. Already in 2010, Twentieth Century Fox Film Corporation and others had taken joint legal action against 2204 High Court, Twentieth Century Fox Film Corp v British Telecommunications Plc [2011] EWHC 1981.

622

B. Enforcement Measures Directed at Intermediaries

NewzBin for copyright infringement. 2205 Although the rights-holders won their case against NewzBin, their success showed little effect when NewzBin reappeared as NewzBin2, this time located abroad with little chances to enforce a British judgment. aa) Excursus: From NewzBin1 (Twentieth Century Fox v NewzBin) to NewzBin2 (Twentieth Century Fox v BT) NewzBin was a British Usenet indexing website intended to facilitate access to content on Usenet, one of the oldest communications arenas on the Internet.2206 Usenet is strictly speaking also a form of peer-to-peer network, files are placed into news groups on decentralized servers, from where they can be retrieved by the news group participants.2207 An important difference with the forms of peer-to-peer described earlier is the fact that the user does not need to be active in supplying files. Users may also just download files. Usenet allows its users to upload and view messages on an electronic equivalent of public bulletin boards. Usenet had been developed in the early 1980s and predated the World Wide Web by some years. It was originally designed as a text-based medium and supported text content only, but evolved in the following so as to support binary i.e. non-text content. The infrastructure for the system is provided by interconnected servers that store the content uploaded to them in a hierarchy of newsgroups that are usually named in such a way as to reflect their content. Text content on Usenet is designed to be read by other users without further processing. As Usenet however was initially designed to deal with text only, binary materials require further processing. They are encoded in

2205 High Court, Twentieth Century Fox Film Corporation and others v NewzBin Ltd [2010] EWHC 608 (Ch) (NewzBin 1). For a comment on the case see Ryan Hocking, Secondary liability in copyright infringement: still no Newz?, Entertainment Law Review 2012, Vol. 23 Issue 4, 83 – 90. 2206 Usenet is a worldwide distributed Internet discussion forum. It resembles an online bulletin board, but is distributed among a large, constantly changing conglomeration of servers that store and forward messages to one another in socalled news feeds. See First Chapter, A. II. 3. USENET. 2207 European Parliament, DG for Internal Policies, Policy Department C: Citizens’ Rights and Constitutional Affairs, File Sharing (2011), p. 6.

623

Third Chapter: Content- or Intermediary-Targeted Responses

text form and in the following split into multiple parts so that they can be posted as a set of individual but related messages. The consequences for users are that they need a news client to post messages to or download messages from newsgroups. The user has to enter details of his chosen server to the news client. He then selects the newsgroups to which he would like access and to which he will post or from which he will download messages. Binary materials are often split up by RAR encoding - meaning that a large file will be split into a series of smaller parts called RAR archive files, each of which is again split into 50 or more messages. Each of these messages is posted to the newsgroup separately. This results in for example a movie file being distributed across potentially hundreds or thousands of messages. Hence, if a user wants to download a copy of the movie, he must identify every one of those messages from a list of messages available on the Usenet server to which he has access. Usually, the server will list these messages in the order in which it has received them. As a result, messages comprising one movie get mixed up with other messages added to the newsgroup during the time the upload of the movie was completed. Consequently, each message file must be downloaded into appropriate RAR archive files and must then be assembled together to form the whole copy. Some years ago, the operators of NewzBin created the “NZB” system for quickly retrieving large files from Usenet. The NZB system facilitated access to files on Usenet. Access to NewzBin itself was restricted to members and membership was only granted to users who had had an invitation from someone who already was a member to NewzBin. The service was free for basic members, which were not given the ability to download files sourced using NewzBin1. Premium members, who had to pay a membership fee, however could download files. Contents of NewzBin1 were indexed either as “reports” or “files” and tools were provided to search them. The focus of the site was binary content; information about films, television programmes and other works were processed and stored in three main indices: RAW index, Condensed index and NewzBin index. The NewzBin index was the highest level index and showed entries with reports, which had been created by a team of about 250 ‘editors’. These editors checked that the subject matter of a report related to a complete set of Usenet messages. Within the NewzBin index reports were listed by the title of the film or work in question. Also, 624

B. Enforcement Measures Directed at Intermediaries

further descriptive information was added by the editors, such as the file size in total and details of other attributes such as genre, source and language of the work. Typically information in relation to films linked to an Internet address with further information, for example Amazon or a movie database. Remarkably, reports often also included information or a file in which the uploader of the infringing copy identified himself. Premium members of NewzBin1 could download file sets suitable for burning to a DVD by a facility that created so called “NZB” files. A NZB file contained all the information necessary for a news client to fetch all the Usenet messages to assemble the original binary work. Thus, the features “Create NZB” or “Download Report NZB” make the download process much easier for the user. He does not have to identify and individually download all the messages required to assemble the original file. He also does not need a separate software application to assemble the messages. NewzBin1 premium members could also search the NewzBin indices by reference to a specific category. NewzBin1 grouped Usenet messages into various categories such us for example “books”, “Games” or “Movies”. These categories were often divided into subcategories by source (e.g. DVD, BluRay, CAM, Screener), video format (e.g. DivX, XviD, BluRay). From some of the subcategories names it was obvious that they contained pirated content. CAM for example, referred to the use of a handheld cam in a cinema to record a film shown there.2208 An analysis of 50,000 reports in the movies category showed that 97.5% were linked to the IMDb site2209, whereas only 0.3% of them were not shown to be commercially available. Twentieth Century Fox and other film rights holders accused NewzBin of locating and categorising unlawful copies of films and (1) displaying the titles of these copies in its indices, (ii) providing a facility for its users to search for particular unlawful copies, (iii) displaying their search results and (iv) providing a simple one-click mechanism for users to acquire the

2208 The same applies to the sources Telesync, referring to a copy of a film made in a cinema using professional camera equipment, and Screener, referring to a copy of a film supplied on a restricted basis to persons within the industry before the film has been released commercially. 2209 IMDb is an Amazon company, and, according to Amazon, “is the world’s most popular and authoritative source for movie, TV and celebrity content”.

625

Third Chapter: Content- or Intermediary-Targeted Responses

unlawful copies of their choice.2210 NewzBin argued that its website was simply a search engine like Google – though not directed to the whole Internet but merely to Usenet -, and played no part in copyright infringements. The High Court held that NewzBin Ltd knew that its service was used mainly by its members for the unauthorised downloading of infringing copies of the claimant’s films. The argument of NewzBin Ltd that it had no knowledge of infringement occurring on its service and did not encourage copyright infringement was rejected as “simply not credible”.2211 Kitchin J found that NewzBin knew that the vast majority of films in the movies category were commercial and very likely to be protected by copyright and that users that used the NZB facility to download those materials were infringing copyright.2212 Thus, “a reasonable member would deduce from the defendant's activities that it purports to possess the authority to grant any required permission to copy any film that a member may choose from the Movies category on NewzBin and that the defendant has sanctioned, approved and countenanced the copying of the claimants' films …”.2213 While “mere (or even knowing) assistance or facilitation of the primary infringement is not enough”, the Court found that NewzBin had involved itself so the infringement was made its own.2214 Based on the ECJ’s ruling in Sociedad General de Autores e Editores de Espana v Rafael Hoteles SA2215, the Court further held that NewzBin communicated unauthorised copies of protected works available to the public.2216 Kitchin J held that NewzBin had infringed the claimants’ copyrights in three ways: (i) It had authorised its premium members to make infringing copies of the Studios’ films because a reasonable member would deduce from its activities that it purported to possess the authority to grant any required permission to copy any film that a member may choose from the

2210 High Court, Twentieth Century Fox Film Corporation and others v NewzBin Ltd [2010] EWHC 608 (Ch) (NewzBin 1) 2211 Ibid, para.63. 2212 Ibid, para. 78. 2213 Ibid, para. 102. 2214 Ibid, para. 108. 2215 CJEU, C-306/05 Sociedad General de Autores y Editores de España (SGAE) v Rafael Hoteles SA, Judgment of 07.12.2006. 2216 NewzBin’s premium subscribers downloaded the protected works from a place and at a time individually chosen by them, and considered NewzBin to be making the films available to them.

626

B. Enforcement Measures Directed at Intermediaries

Movies category on NewzBin1, and it had sanctioned, approved and countenanced the copying of the Studios' films, including each of the films specifically relied on.2217 (ii) For similar reasons, it had procured the premium members to infringe, had participated in a common design with the premium members to infringe, the Studios’ copyrights. It was immaterial that the Studios were not able to point to specific acts of infringement by particular infringers which NewzBin Ltd might be said to have procured.2218 (iii) NewzBin Ltd had itself infringed the Studios’ copyrights by communicating the copyright works to the public, specifically by making each work available to the public by electronic transmission in such a way that members of the public may access it from a place and at a time chosen by them within section 20(2)(b) CDPA 1988 which implements Article 3(2) of the InfoSoc Directive.2219 The Court concluded that, so far relief was concerned, it was appropriate and necessary to grant an injunction restraining infringement of the copyrights in the claimants‘repertoire.2220 Kitchin J declined however, to grant an injunction pursuant section 97A CDPA1988 restraining NewzBin Ltd from including in its indices or databases entries identifying any material posted to or distributed through any Usenet group in infringement of copyright.2221

2217 Twentieth Century Fox Film Corporation and others v NewzBin Ltd [2010] EWHC 608 (Ch) (NewzBin 1), paras. 85–102. 2218 See ibid, paras. 103–112 2219 See ibid, paras. 113–125. 2220 Ibid, para. 129. 2221 High Court, Twentieth Century Fox Film Corporation and others v NewzBin Ltd [2010] EWHC 608 (Ch) (NewzBin 1), paras. 130–135. Section 97A of the CDPA 1988 states: ”97A Injunctions against service providers (1) The High Court (in Scotland, the Court of Session) shall have power to grant an injunction against a service provider, where that service provider has actual knowledge of another person using their service to infringe copyright. (2) In determining whether a service provider has actual knowledge for the purpose of this section, a court shall take into account all matters which appear to it in the particular circumstances to be relevant and, amongst other things, shall have regard to – (a) whether a service provider has received a notice through a means of contact made available in accordance with regulation 6(1)(c) of the Electronic Commerce (EC Directive) Regulations 2002 (SI 2001/2013); and (b) the extent to which any notice includes – (i) the full name and address of the sender of the notice; (ii) details of the infringement in question. (3) In this section "service provider" has the meaning given to it by regulation 2 of the Electronic Commerce (EC Directive) Regulations 2002”.

627

Third Chapter: Content- or Intermediary-Targeted Responses

Following a further hearing in April 2010, Kitchin J granted the injunctions restraining NewzBin from infringing copyright in or relating to the motion pictures and television programmes enlisted by the applicants. The order also applied to content notified after the decision. The Newzbin operators were ordered to ensure that users of the NewzBin Website or any other service, by use of the said website or service, do not infringe copyright in or relating to the content in question.2222 Accordingly, the injunction did not only cover the Studios’ existing repertoire, but also future additions to the repertoire as long as they would be notified to the operators of NewzBin. bb) The Injunctions against BT in NewzBin2 In April 2010 NewzBin Ltd entered into voluntary liquidation and NewzBin1 ceased to operate shortly thereafter.2223 However, already in May 2010 the very similar NewzBin2 website went online. The design and manner of NewzBin2 became substantially the same as that of NewzBin1. The only significant difference was that the website’s starting page revealed listings of content available and that the name NewzBin was followed by the numeral 2. NewzBin2 was hosted in Sweden and the domain name www.newzbin.com registered to a company in the Seychelles.2224 The website used the same code and database including the same categorisation mode for content as its predecessor.2225 Again, membership to NewzBin was subject to a fee, payable in Pounds Sterling, accordingly NewzBin2 was obviously directed at UK users.2226 As with NewzBin1, the main focus of NewzBin2 was film and television programmes.2227 The Court found that “it appears to be quite hard to find any content on NewzBin2 that is not protected by copyright”.2228

2222 High Court, Twentieth Century Fox Film Corp v British Telecommunications Plc [2011] EWHC 1981, para. 43. 2223 Ibid, paras. 45–47. 2224 Ibid, para. 58. As of 27.04.2012, a whois search showed that the server is still located in Linkoping, Sweden. However, since NewzBin.com has been closed down in February 2012, NewzBin migrated to www.newzbin2.es. 2225 Ibid, para. 48. 2226 Ibid, para. 49. 2227 Ibid, para. 53. 2228 Ibid, para. 55.

628

B. Enforcement Measures Directed at Intermediaries

On 28 July 2011, the High Court ruled that BT must block access to NewzBin2 using Cleanfeed as NewzBin2 and its users were infringing copyright of the movie studies that applied for injunctive relief.2229 The same service was thus required to be used to block access to copyright infringing materials as is deployed to block access to child pornography: IP address blocking, using the unique IP address of a website and DPIbased URL blocking. Justice Arnold concluded that users of BT’s service infringe the studios’ copyrights.2230 He ruled that BT had actual knowledge regarding other persons using its service to infringe copyright: ‘it knows that users and operators of NewzBin2 infringe copyright on a large scale, and in particular infringe the copyrights of the Studios in large numbers of their films and television programmes’.2231 This knowledge satisfied the requirements of section 97A(1) of the CDPA 1988.2232 Thus, the Court had jurisdiction to grant an injunction against BT pursuant to section 97A. The Court clarified that the obligation to monitor traffic and disrupt traffic between BT’s users and the NewzBin2 website does not involve a general obligation to monitor, but constitutes rather a specific and limited one.2233 It distinguished the case from Scarlet Extended v SABAM.2234 In contrast to SABAM, the studios are not seeking an order that BT has to “introduce, for all its customers, in abstracto and as a preventive measure, exclusively at [its] cost … and for an unlimited period, a system for filtering all electronic communications, both incoming and outgoing, passing via its services, in particular those involving the use of peer-to-peer software, in order to identify on its network the sharing of electronic files containing a musical, cinematographic or audio-visual work in respect of which the applicant claims to hold rights, and subsequently to block the

2229 Twentieth Century Fox Film Corporation, Universal City Studios Productions LLLP, Warner Bros. Entertainment Inc, Paramount Pictures Corporation, Disney Enterprises, Inc and Columbia Pictures Industries Inc. The Studios are members of the Motion Picture Association of America Inc, and they bring this application in a representative capacity on behalf of all group companies of the Studios that are owners or exclusive licensees of copyrights in films and television programmes, see ibid, para. 1. 2230 Ibid, para. 108. 2231 Ibid, para. 157. 2232 Ibid, para. 157. 2233 Ibid, para. 161. 2234 Ibid, para. 177.

629

Third Chapter: Content- or Intermediary-Targeted Responses

transfer of such files, either at the point at which they are requested or at which they are sent”.2235 As regards NewzBin2 the Studios sought a clear and precise order that merely required BT to implement an existing technical solution. This technical solution is already employed by BT for a different purpose, namely child abuse images identified as such by the Internet Watch Foundation. BT itself accepted that the solution is technically feasible and that the cost is not excessive.2236 In addition, a provision was made to enable the order to be varied or discharged in the event of a future change in circumstances. Therefore, Justice Arnold held requested order to be foreseeable by Internet service providers on the basis of Section 97A as well as Article 8(3) of the InfoSoc Directive.2237 He also concluded that the order is “prescribed by law” within the meaning of Article 10(2) ECHR.2238 The Studios will not have to identify individual URLs corresponding to individual NZB files as indexed by NewzBin2 that relate to infringing copies of individual works.2239 The Court considered such a precise identification of infringing files as not practicable since it would require the Studios to invest a lot of effort and cost in notifying long lists of URLs to BT on a daily basis.2240 Such a requirement would also have been disproportionate for the same reasons. Interestingly, while Justice Arnold recognised that the order would potentially prevent BT subscribers from making legitimate i.e. noninfringing use of NewzBin2, he concluded that – on the evidence – such uses are de minimis.2241 Of course, every case has to be decided on its individual circumstances and any order has to be proportionate, this very finding of Justice Arnold indicates that if there is proof that the network is used for legitimate purposes on a large scale, an order might not be granted. BT feared that in the wake of the order countless other applicants may demand that BT blocks access to further websites including such that con-

2235 2236 2237 2238 2239 2240 2241

630

Ibid, para. 177. Ibid, para. 177. Ibid, para. 177. Ibid, para. 177. Ibid, para. 201. Ibid, para. 201. Cf. Ibid, para. 186.

B. Enforcement Measures Directed at Intermediaries

tain defamatory statements or private information.2242 It was concerned that numerous replications of the order would undermine the Cleanfeed blocking system and/or put strain on BT’s network itself.2243 This could involve substantial compliance costs for BT.2244 However, considering the effort and expenditure necessary for an application to be successful, rights-holders are unlikely to undertake an application lightly.2245 c) Applying the Precedent The NewzBin2 case seems to have encouraged further cases. In February 2012, the High Court was asked by several UK record companies2246 to

2242 2243 2244 2245 2246

Ibid, paras. 187 and 191. Ibid, para. 190. Ibid, para. 190. See also ibid, para. 189. Dramatico Entertainment Ltd, Emi Records Ltd, Mercury Records Ltd, Polydor Ltd, Rough Trade Records Ltd, Sony Music Entertainment UK Ltd, Virgin Records Ltd, Warner Music UK Ltd and 679 Recordings Ltd. They claimed on their own behalf and in a representative capacity on behalf of the other members of BPI (British Recorded Music Industry) Ltd ("BPI") and Phonographic Performance Ltd ("PPL"), see High Court, Dramatico Entertainment Ltd & others v British Sky Broadcasting Ltd & others [2012] EWHC 268. For a comment on the case see Darren Meale, Avast, ye file sharers! The Pirate Bay is sunk, Journal of Intellectual Property Law & Practice 2012, Vol. 7 No. 9, 646; Alexander Ross/Claire Livingstone, Communication to the public: Part 2, Entertainment Law Review 2012, Vol. 23 Issue 7, 209–213; Ruth Hoy/John Wilks/Nick Edbrooke, Dramatico Entertainment v BskyB: Pirate Bay runs aground in English waters, Entertainment Law Review 2012, Vol. 23 Issue 5, 151–153; Joel Smith/Sarah Burke, Record companies win first round v The Pirate Bay in the United Kingdom but pirates remain at large: Dramatico Entertainment Ltd v British Sky Broadcasting Ltd, European Intellectual Property Review 2012, Vol. 34 Issue 6, 416–419.

631

Third Chapter: Content- or Intermediary-Targeted Responses

order six ISPs2247 to block access to the Pirate Bay.2248 Largely based on his findings in NewzBin2 Justice Arnold ruled that both users and the operators of the Pirate Bay infringe copyrights of the claimants and those they represent in the UK.2249 Like the operator of NewzBin1 and NewzBin2, the operators of the Pirate Bay were held to “authorise its users’ infringing acts of copying and communication to the public”.2250 Justice Arnold even came to the conclusion that “if anything, it is a stronger case’ of infringement than NewzBin”.2251 Accordingly, major Internet service providers were ordered to block access to the Pirate Bay. In 2013, EMI Records Ltd and others sought the blocking of three popular BitTorrent trackers, namely KAT (KickassTorrents), H22T and Fenopy.2252 Like the early Pirate Bay, these trackers provided users with user-uploaded descriptions of copyrighted material, i.e. metadata including .torrent files) in indexed and searchable form. Users could use that metadata to download infringing copies of protected works using the BitTorrent file-sharing protocol. The rights-holders argued that the operators of the trackers in question communicated sound recordings to the public, committed the tort of authorising infringements, and were jointly liable as accessories for infringements.2253 The reasoning of the Court basically fol-

2247 British Sky Broadcasting Ltd, BT Plc, Everything Everywhere Ltd, TalkTalk Telecom Group PLC, Telefónica UK Ltd and Virgin Media Ltd. They are the six main retail Internet service providers in the UK with a fixed line market share of some 94 % of UK Internet users between them, see Dramatico Entertainment Ltd & others v British Sky Broadcasting Ltd & others [2012] EWHC 268, para. 1. 2248 Dramatico Entertainment Ltd & others v British Sky Broadcasting Ltd & others [2012] EWHC 268. 2249 Ibid, para. 84. 2250 Ibid, para. 81. 2251 Ibid. 2252 High Court, EMI Records Ltd and others v British Sky Broadcasting Ltd and others [2013] EWHC 379 (Ch). For a comment on the case see Darren Meale, A triple strike against piracy as the music industry secures three more blocking injunctions, Journal of Intellectual Property Law & Practice 2013, Vol. 8, No. 8, 591–594; Paddy Gardiner/Gillie Abbotts, Sky’s the limit for ISP blocking orders, Entertainment Law Review 2013, Vol. 24 Issue 6, 217–219. 2253 High Court, EMI Records Ltd and others v British Sky Broadcasting Ltd and others [2013] EWHC 379 (Ch), para. 43. In contrast, in the earlier case of the Pirate Bay (Dramatico Entertainment Ltd & others v British Sky Broadcasting Ltd & others [2012] EWHC 268), only the last two causes were pursued.

632

B. Enforcement Measures Directed at Intermediaries

lowed previous cases. It was held that the service provided by the trackers in question was not purely passive and that the operators had intervened in an active manner by having a mechanism specifically designed to allow users to provide actual content. Arnold J further concluded that even if this conclusion was wrong, the operators might still be liable on the grounds of authorisation and joint tortfeasance.2254 In reaching this conclusion, Arnold J spent some time on discussing the take down policy that was employed by the operators of the tracker websites. The deletion of individual links was held to be impractical and ineffective because users might have uploaded multiple versions of each infringing recording and were constantly uploading additional ones. According to the Court, a cessation of an infringement could thus not be achieved by deleting one URL. Moreover, a cessation would require a constant monitoring of the website by the rights-holder in order to notify each and every link. Other than in the previous cases, the access providers concerned did not actively oppose the blocking application.2255 The same conclusions were applied in the context of video streams. In Football Association Premier League Ltd v Sky,2256 a website, FirstRow, that provided links to various user-generated sports video streams, was considered analogous to .torrent trackers, because it aggregated, indexed and provided users a link to access the streams.2257 A visitor to the FirstRow website would be presented with lists of links, organised by sport and time of the day, to streams containing live coverage of a wide range of sporting events, including in particular Premier League matches and events organised by the other supporting rights-holders in this case. Upon clicking on one of those links, the user was taken to a new page,

2254 Ibid, paras. 44–46. 2255 Without an oral hearing and the rather fast CPR Par 8 alternative claims procedure being employed, the costs for the blocking applications have been lower for the rights-holders than in previous cases. See Darren Meale, A triple strike against piracy as the music industry secures three more blocking injunctions, Journal of Intellectual Property Law & Practice 2013, Vol. 8, No. 8, 591, 594. 2256 High Court, Football Association Premier League Ltd v British Sky Broadcasting Ltd. [2013] EWHC 2058. For a comment on the case see Rachel Alexander, FirstRow – access denied, Entertainment Law Review 2013, Vol. 24 Issue 8, 280–283; Darren Meale, Premier League 1, Internet pirates 0: sports streaming website the latest to be blocked, Jounral of Intellectual Proporty Law & Practice 2013, Vol. 8 No. 11, 821–823. 2257 Ibid, paras. 40 et seq.

633

Third Chapter: Content- or Intermediary-Targeted Responses

which featured a “frame” or window in which that live coverage then appeared, accompanied by advertising. The streams were provided by third party streamers using one of a number of user-generated content websites.2258 By presenting the content within a frame, it seemed as if the stream originated from FirstRow. In these scenarios, it is commonly discussed whether the provider is directly liable for raising the impression that he presents “own” content.2259 Due to the framing and the aggregation and indexing, the operator of Football Association Premier League Ltd was held directly liable for communication to the public. In a subsequent blocking injunction relating to the similar functioning SolarMovie and TubePlus websites, Arnold J. discussed his previous conclusion in the light of recent CJEU referrals and acknowledged that it is arguable whether the provision of hyperlinks amounts to communication to the

2258 The Court explained that the presentation of a stream to the end-users was the result of a process involving several stages. First of all, a third party needed to digitally capture a broadcast of a live sports event on his computer. The captured broadcast may be one that the streamer is receiving legally, for instance via a legitimate subscription, or may be an illegal stream. Secondly, the streamer would have to send the captured images in real time to the server of a user-generated content website. Thirdly, the streamer would use the user-generated content site to create an “embed code” which enables the stream player to be embedded into a website like FirstRow. Finally, the streamer would have to submit the embed code to FirstRow, which would then list the code as a link on its website. By clicking on the link, the users would be able to watch the stream. See ibid, para. 15. 2259 In particular in German case law, one can find lengthy discussion whether embedding and framing amounts to “Zueigenmachen” (“making the content own content”). For content that is user-generated but perceived as “own content”, the host provider will be directly liable as he would be for own content. Unfortunately, the Court did not evaluate this question in Football Association Premier League Ltd v British Sky Broadcasting Ltd. The question of whether hyperlinking constitutes communication to the public as “making available” has recently been discussed by the CJEU in C-466/12 Svensson, Judgment of 13.02.2014 (for a comment on this decision see Frank Michael Höfinger, Anmerkung zu EuGH, Urteil vom 13. Februar 2014 – C-466/12 – Nils Svensson u.a./Retriever Sverige AB, Zeitschrift für Urheber- und Medienrect 2014, 293– 295). Questions to embedding and framing have recently been decided by the CJEU in C-279/13, C More Entertainment, Judgment of 26.03.2015 and C-348/13, BestWater International, Order of 21.10.2014.

634

B. Enforcement Measures Directed at Intermediaries

public.2260 This did however not affect the outcome, and the blocking of access to the websites was ordered. As regards the scope of blocking injunctions, the High Court does not necessarily require Cleanfeed to be used for access blocking. For instance, in the case of Football Association Premier League Ltd v Sky, the Court ordered IP address blocking of the IP address of FirstRow’s domain name firstrow1.eu because the Court was convinced that this would not result in over-blocking since that IP address is not shared. Further, the orders also required IP address re-routing and URL blocking for URLs at any shared IP addresses.2261 With the case of Football Association Premier League Ltd v Sky, the High Court’s approach to evaluating the proportionality has also changed slightly. Whereas previously, the Court concluded that circumvention of blocking requires some technical expertise, the Court has now accepted that the “narrow and targeted” blocking is “unlikely to be completely efficacious, since some users will be able to circumvent the technical measures which the orders require the Defendants to adopt”.2262 Nevertheless, the Court is convinced that blocking is likely to be reasonably effective. d) Injunctions under Section 97A CDPA 1988: A Pyrrhic Victory for Copyright Owners In a series of cases that began with the NewzBin case, the High Court has awarded injunctions under section 97A CDPA 1988 requiring access providers to take measures to block or at least impede access by their customers to peer-to-peer file-sharing websites using Cleanfeed or similar technologies. All blocking orders were based on the fact that the websites in question were held themselves to infringe copyright. In NewzBin, liability of the NewzBin operators was established because the operators went beyond 2260 See High Court, Paramount Home Entertainment International Ltd v British Sky Broadcasting Ltd [2013] EWHC 3479 (Ch), paras. 13–22. For a comment on the case see Paddy Gardiner/Juliane Althoff, High Court grants further blocking injunction against film and TV streaming websites, Entertainment Law Review 2014, Vol. 25 Issue 3, 108–110. 2261 High Court, Football Association Premier League Ltd v British Sky Broadcasting Ltd. [2013] EWHC 2058, para. 56. 2262 Ibid, para. 55.

635

Third Chapter: Content- or Intermediary-Targeted Responses

merely enabling and assisting the users to infringe copyright; the operators were held to have inter alia authorised its premium members to make infringing copies of the Studios’ films, and to have itself infringed the Studios’ copyrights by communicating the copyright works to the public. In Dramatico v Sky, the Pirate Bay operators were held to have authorised infringement and be jointly liable as accessories. In EMI v Sky, the operators of KAT, H33T and Fenopy were held liable for communicating sound recordings to the public by indexing .torrent files and providing a search function to these files. In Football Association Premier League Ltd v Sky, the operator of FirstRow was held directly liable for communication to the public. While the liability can be questioned, an analysis of liability for the different services provided would go beyond the scope of this research, which focuses on the response to an established infringement. It shall only be mentioned at this point that in particular the authorisation of an infringement is not such a clear case as the rights-holders want it to be. Beside its dictionary meaning of sanction, approve and countenance, authorisation can also be defined as to “grant or purport to grant to a third person the right to do the act complained of, whether the intention is that the grantee shall do the act on his own account, or only on account of the grantor”.2263 Authorisation does not extend to mere enablement, assistance or even encouragement.2264 It seems that we can witness a shift in the interpretation of authorisation towards “allowing facilitation”.2265 As regards the establishment of liability, it may be more appropriate to take the route of joint tortfeasance. The principles of joint tortfeasance have already been applied in NewzBin 1 and Dramatico. Joint tortfeasance exists where someone is “so involved in the commission of the tort as to make the infringing act their own”.2266 The concept thus introduces a component of blameworthiness to the liability standard, and this is exactly what the courts were trying to establish in all cases.2267

2263 High Court, Falcon v Famous Players Film Co. [1926] 2 KB 474, 499. 2264 See Pekka Savola, Blocking injunctions and website operators’ liability for copyright infringement for user-generated links, European Intellectual Property Review 2014, Vol. 36 Issue 5, 279, 285. 2265 See ibid, 286. 2266 Court of Appeal, SABAF SpA v MFI Furniture [2003] RPC 14, para. 59. 2267 Christina Angelopoulos, Beyond the Safe Harbours: Harmonising substantive intermediary liability for copyright infringement in Europe, p. 6.

636

B. Enforcement Measures Directed at Intermediaries

Irrespective of how the court arrived at establishing liability, once liability is established, blocking will be considered as an appropriate remedy. In NewzBin2, the Court discussed in detail the proportionality of the order sought and concluded that the blocking of access to NewzBin “is necessary and appropriate to protect the Article 1 First Protocol rights of the Studios and other copyright owners”.2268 In all subsequent cases that have been addressed above the interests of the rights-holders in enforcing their copyrights were held to outweigh the Article 10 ECHR/Article 11 CFR rights of the users of the service in question. Besides the arguments brought forward in NewzBin, it must also be noted that in Football Association Premier League Ltd v Sky, the Court also noted that the users could obtain the blocked content from available lawful source.2269 The outweighing was considered to be even more clearly in relation to the rights of operators of the websites in question, in particular when they were profiting from large scale infringement.2270 The rights-holders interests were also always held to outweigh the access providers’ freedom of expression rights to the extent that they were engaged. Decisive was inter alia that the order is a narrow and targeted one, and that it contains “safeguards in the event of any change of circumstances”.2271 Also the cost of implementation for the access provider was considered modest and proportionate considering that access providers already use Cleanfeed to filter out child abuse materials. The High Court however underestimated the circumvention measures available to users.2272 Although the High Court acknowledged that the operators of NewzBin2 were already making plans to assist users to circumvent blocking, at the same time, the Court concluded that blocking would require the acquisition of additional technical expertise that goes beyond the expertise of ordinary users.2273 This would require that users

2268 High Court, Twentieth Century Fox Film Corp v British Telecommunications Plc [2011] EWHC 1981, para. 200. 2269 High Court, Football Association Premier League Ltd v British Sky Broadcasting Ltd. [2013] EWHC 2058, para. 59. 2270 See only ibid, para. 59 and High Court, Twentieth Century Fox Film Corp v British Telecommunications Plc [2011] EWHC 1981. 200. 2271 High Court, Twentieth Century Fox Film Corp v British Telecommunications Plc [2011] EWHC 1981, para. 200. 2272 Cf. Ibid, paras. 192 et seq. 2273 Cf. Ibid, paras. 194 et seq.

637

Third Chapter: Content- or Intermediary-Targeted Responses

spent time and effort, which not all users would be willing to invest.2274 The Court was also convinced that circumvention measures would result in slower performance and lower quality downloads unless users were prepared to pay for circumvention services (such as for instance a good proxy) – which again not all users would be willing to do.2275 Considering the added costs, the Court concluded that the gap between lawful services and the use of NewzBin2 would diminish, in particular, for less active users.2276 Finally, the order as such may reduce usage of NewzBin2,2277 and thus, efficacy was attributed to the blocking. This reasoning ignores that already four months before the judgment was rendered, NEwzBin2 had announced a new web address to which users could navigate using the free-of-charge TOR network.2278 The latter is impossible for access providers to block. As outlined under the technological challenges in this Chapter, current blocking measures are imperfect and circumvention is available for all of them. Other than the High Court concluded, employing a circumvention tool is also not complicated and not necessarily connected to costs. A lot of circumvention services are free. While it is true for most of the tools available to users, that download speed will decrease, the Court simply ignored that the easiest way is that the site operators themselves circumvent blocking by relocating their service.2279 Considering that already four months prior to the judgment, the NewzBin2 operators already provided for the circumvention, the efficacy of the blocking is more than questionable. Moreover, the victory for the rights-holders only existed on paper, but not in reality. On the other hand, the Court also acknowledged that legitimate content may become victim of the blocking. This was however not considered to have enough impact on the legitimacy of the blocking order as the percentage of legal content to be blocked was held to be de minimis. Legal in that context can however not refer to the sharing of non-copyrighted works, legal must also include copyrighted content where the rights-hold-

2274 2275 2276 2277 2278

Ibid, para. 194. Cf. Ibid, para. 195. Ibid, para. 196. Ibid, para. 197. See Darren Meale, NewzBin2: the first section 97A injunction against an ISP, Journal of Intellectual Property Law & Practice 2011, Vol. 6 No. 12, 854, 856. 2279 Ibid.

638

B. Enforcement Measures Directed at Intermediaries

ers do not take action to have access blocked. Rights-holder may also have reasons not to intervene. Bands may use peer-to-peer networks for promotion; the band Georgia Wonder for instance seeded its songs in peer-topeer network to become the 14th most downloaded band in the world.2280 By blocking access to torrent indexing sites, one automatically cuts off access to platforms that can be used for free promotion by artists. The High Court failed to take into consideration the rights and interests of third parties. Although one might argue, that Georgia Wonder could have also set up its own website, the disseminating factor of peer-to-peer networks cannot be neglected. However, the strongest argument against access blocking by access providers is, that it is a costly system that is easy to circumvent and thus, has little effect. As regards the access providers the latest case shows their resignation in fighting the applications. Moreover, they agree their terms with the rights-holders, and include a clause whereby operators of third party websites, who claim to be affected by the order, are enabled to apply to vary or discharge an order.2281 With less opposition on behalf of the providers, less court costs and a swift procedure, it can thus be predicted that rights-holders will increasingly seek blocking injunctions and be successful with their applications.2282 Considering that already the NewzBin case was more of a “catch me if you can” matter, there is a strong presumption that successful applications are rather pyrrhic victories. 2. Germany: No Injunctions against Access Providers While in the UK copyright may be enforced through access providers, German laws as it stands today does not provide a legal basis for measures

2280 Techradar, Cheap promotion, Twitter and peer-to-peer, How one band used YouTube, Twitter and file-sharing to create a community of fans, Techradar (16.01.2010). 2281 Rachel Alexander, FirstRow – access denied, Entertainment Law Review 2013, Vol. 24 Issue 8, 280, 282. 2282 Paddy Gardiner/Gillie Abbotts, Sky’s the limit for ISP blocking orders, Entertainment Law Review 2013, Vol. 24 Issue 6, 217, 219; Darren Meale, Premier League 1, Internet pirates 0: sports streaming website the latest to be blocked, Journal of Intellectual Property Law & Practice 2013, Vol. 8 No. 11, 821, 822.

639

Third Chapter: Content- or Intermediary-Targeted Responses

that would require access providers to enforce copyright. In order to provide a contrasting approach to the one conducted in the UK, this section will briefly look at the very short history of access blocking by access providers in Germany. Between 11 and 17 September 2007, the German Internet access provider Arcor blocked access for all its 2.4 million customers to YouPorn and further websites that allowed free access to pornographic materials. According to Arcor the blocking was voluntarily following the request of a Kirchberg Logistik GmbH that charged its customers for downloads of erotica and argued that pursuant to German youth media protection laws, access to pornography without proof of age is not permissible.2283 These cases thus did not concern liability for copyright infringements, but claims under unfair competition law. Blocking was lifted when it became clear that by the blocking of the IP addresses of the websites in question led to over-blocking; further sites that did not contain pornographic content were also blocked.2284 Ironically, the website of an IT Conference belonged to the sites affected.2285 On 19 October 2007, Kirchberg Logistik GmbH obtained an injunction before the Regional Court of Frankfurt am Main against Arcor, requiring Arcor to block content to the websites in question. 2286 Arcor then opted for DNS manipulation in order to block access.2287 In the following, Kirchberg sent out several cease and desist letters demanding further German Internet service providers to block access as well. As they did not comply with the cease and desist requests, Kirchberg applied for preliminary injunctions against several providers. On 23 November 2007, the Regional Court of Kiel rejected Kirchberg’s claim arguing that the provision of Internet access is content neutral and access providers are not liable for the content of websites.2288 In addition, the Regional Court of

2283 Urs Mansmann, Arcor sperrt Zugriff auf Porno-Seiten, Heise online (10.09.2007). 2284 Konrad Lischka, Fehlerhafte Zensur-Methode: Arcor stoppt den Porno-Filter, Spiegel Online (17.09.2007). 2285 Ibid. 2286 Stefan Krempl, Arcor muss YouPorn sperren, Heise online (19.10.2007). 2287 Stefan Krempl, Arcor installiert leicht umgehbare Netzsperre für YouPorn, Heise online (24.10.2007). 2288 LG Kiel, Decision of 23.11.2007 – 14 O 125/07, MultiMedia und Recht 2008, 123 with comment by Christoph Schnabel.

640

B. Enforcement Measures Directed at Intermediaries

Düsseldorf refused to issue an injunction against an access provider.2289 The obligation imposed upon Arcor to block access to YouPorn has later been annulled by the Regional Court Frankfurt.2290 Further attempts by providers of pornographic content to have access blocked to for instance google.com and google.de, based on the fact that the search engines list links to pornographic content without limiting access to adults, were unsuccessful.2291 Recently, there seems to be a consensus that the imposition of filtering and blocking duties upon access providers infringes the fundamental rights of users, in particular Article 10 II GG which protects the confidentiality of communications.2292 Considering that blocking as such is not prescribed by law in Germany, a blocking order could solely be based on the Störerhaftung,2293 which in turn is not considered sufficient to justify an infringement of Article 10 II GG.2294 As regards copyright infringements, the majority of courts and scholars even rule out the possibility of Störerhaftung of access providers.2295 When examining whether the DNS and IP blocking which was requested by rights-holders could be justified, courts have first acknowledged that this would require the access provider to monitor the data communications

2289 LG Düsseldorf, Decision of 13.12.2007 – 12 O 550/07, MultiMedia und Recht 2008, 349. 2290 LG Frankfurt/M., Urteil vom 8.2.2008 – 3-12 O 171/07, MultiMedia und Recht 2008, 344. 2291 See OLG Frankfurt, Decision of 22.01.2008 – 6 W 10/08, MultiMedia und Recht 2008, 166 with comment by Gerald Spindler. 2292 Dieter Frey /Matthias Rudolph/Jan Oster, Internetsperren und der Schutz der Kommunikation im Internet, Am Beispiel behördlicher und gerichtlicher Sperrungsverfügungen im Bereich des Glücksspiel- und Urheberrechts, MultiMedia und Recht-Beilage 2012 to Issue 3, 5. 2293 The concept of Störerhaftung has already been discussed in the context of prelitigation settlement in Chapter 2. In relation to host providers, the concept will be evaluated in the context of monitoring and filtering obligations. 2294 LG Köln, Decision of 31.08.2011 – 28 O 362/10, MultiMedia und Recht 2011, 833 with comment by Christoph Schnabel. 2295 See Thomas Hoeren/Silviya Yankova, The Liability of Internet Intermediaries – The German Perspective, International Review of Intellectual Property and Competition Law 2012, 501, 518 with further references. Thomas Hoeren in: Thomas Hoeren/Ulrich Sieber/Bernd Holznagel, Multimedia-Recht (37th amended ed. 2014), para. 79. As regards jurisprudence cf. only OLG Hamburg, Decision of 21.11.2013 – 5 U 68/10 (3dl.am), Gewerblicher Rechtsschutz und Urheberrecht-RR 2014, 140.

641

Third Chapter: Content- or Intermediary-Targeted Responses

of all his customers, which would also mean that the providers acquires knowledge of the circumstances of communication including the content.2296 The acquisition of such knowledge was held to constitute a serious interference with the right to confidentiality of communications.2297 In this context, German courts have also recognised that DNS or IP blocking does not constitute a feasible means to prevent further infringements.2298 Blocking by access providers would not be allowed to go so far as to block access to an indexing service, as this would also mean that legitimate content and the rights and interests of third parties were concerned.2299 The courts paid regard to the fact, that if the service provider of the targeted service added one digit to the URL concerned, this would mean that the illegal content would still be available under the same domain but under another URL. This would then require that the claimant applies for new injunctions or amends his request with each and every change.2300 Consequently, effective blocking by access providers would require the provider to implement the technical infrastructure for access blocking and invest human resources to comply with the requests. Considering that a Störer does not himself interfere with the rights of another party, but in another way contributes deliberately and adequately causal to the infringement of a protected right, such contributions by the access providers are not considered proportionate.2301 As rights-holders are still trying to obtain injunctions against access providers, the question of whether access providers could be obliged as Störer to bar access to copyright infringing materials irrespective of a statutory basis has recently been referred to the Federal Court of Justice

2296 Ibid, 834. See also LG Hamburg, Decision of 12.3.2010 – 308 O 640/08, MultiMedia und Recht 2010, 488, 490 and OLG Hamburg, Decision of 22.12.2010 – 5 U 36/09, Computer und Recht 2011, 735. 2297 Ibid. 2298 LG Köln, Decision of 31.08.2011 – 28 O 362/10, MultiMedia und Recht 2011, 833; see also Christoph Schnabel, Anmerkung zu Urteil des LG Kiel, MultiMedia und Recht 2008, 123, 125. 2299 LG Köln, Decision of 31.08.2011 – 28 O 362/10, MultiMedia und Recht 2011, 833, 834. See also LG Hamburg, Decision of 12.3.2010 – 308 O 640/08, MultiMedia und Recht 2010, 488, 490 and OLG Hamburg, Decision of 22.12.2010 – 5 U 36/09, Computer und Recht 2011, 735. 2300 Ibid. 2301 Ibid. See also see also Christian Czychowski/Jan Bernd Nordemann, Grenzenloses Internet – entgrenzte Haftung?, Gewerblicher Rechtsschutz und Urheberrecht-Beilage 2014, 3, 9.

642

B. Enforcement Measures Directed at Intermediaries

for clarification.2302 As of now, no injunctions will be issued until the Federal Court has answered this question. 3. Access Blocking by Access Providers: Concerns relating to Technology and Fundamental Rights Many of the issues that arise from technology in relation to blocking have already been addressed in the above analyses. The focus of this section shall thus be on the conformity with fundamental rights. a) Technological Concerns in Relation to Access Blocking The reason for access blocking lies in the difficulty to provide an effective remedy to rights-holders. Operators of piracy sites, that index .torrent files or provide link directories often change their domain names, so that seizures of domains like for example conducted in the case of FirstRow2303 by the US Department of Homeland Security, are ineffective. The operators are difficult to catch, they cloak themselves in anonymity, and do not respond to take down requests. For instance in respect to FirstRow, the rights-holders concerned were not even able to establish who the operators of FirstRow were, and where they could be contacted.2304 Cease and desist letters on behalf of the rights-holders were not responded to.2305 In particular in the UK, rights-holders are thus applying for injunctions against domestic access providers requiring the blocking of access of such

2302 OLG Hamburg, Decision of 21.11.2013 – 5 U 68/10 (3dl.am), Gewerblicher Rechtsschutz und Urheberrecht-RR 2014, 140. The case is pending with the Federal Court of Justice (BGH, file no. I ZR 3/14), a decision is expected in autumn 2015. 2303 FirstRow was subject of the order sought in Football Association Premier League Ltd v Sky, see High Court, Football Association Premier League Ltd v British Sky Broadcasting Ltd. [2013] EWHC 2058, para. 14. 2304 FirstRow had been registred under many different domain names, using a mixture of what appeared to be fals name and address details and registrations via proxy registration firms. At the time the case was before the High Court, the website was hosted in Sweden. Ibid, paras. 21–22. 2305 Ibid, para. 22.

643

Third Chapter: Content- or Intermediary-Targeted Responses

websites. The main difference between the German and UK approach in relation to access blocking by access providers is, that German law does not provide legal grounds for such a far-reaching measure. In addition, German courts also considered that DNS or IP blocking do not constitute feasible means to prevent further infringements, and that it is easy for website operators to escape blocking. Consequently, blocking does not only lack a legal basis but is also considered ineffective. In contrast to German law, in the UK, section 97A CDPA 1988 provides a legal basis for court orders in relation to access blocking. The first problem of a technological nature in relation to section 97A injunctions is that of actual knowledge of the access provider. Access providers do not monitor the content they transmit, so how can they acquire actual knowledge that their service is being used by a third party to infringe a copyright. In NewzBin2 knowledge was established, because BT knew of the judgment against NewzBin1, was aware of the service provided by NewzBin2 and aware that its customers accessed NewzBin2. Knowledge does not require that the access provider is aware of a particular user accessing NewBin, or a particular infringing act was committed. The actual knowledge condition can thus be justified by a general knowledge of infringing acts. Rightsholders will send pre-litigation letters to the access providers informing them about the infringements and the action that they are intending to take. The UK case law has shown that section 97A injunctions are increasingly applied for to bar access to “infringing websites”. While the Turkish order in the Yildirim case before the ECtHR concerned the blocking of a whole domain, UK orders are more precise and require the blocking of a specified website. Blocking will be conducted by using Cleanfeed, a hybrid blocking system of IP address blocking and DPI-based URL filtering Cleanfeed incorporates both redirection of traffic and the use of web proxies.2306 While it is particularly precise in what it blocks, it is also a low-cost model to build and operate. Referring to Cleanfeed as “particularly precise” already indicates that it is not a 100% precise system that does not have the potential to produce collateral damage. The Virgin

2306 Richard Clayton, Anonymity and traceability in cyberspace (2005), Technical Report UCAM-CL-TR-653, p.116. The functioning has already been outlined above; see above A. III. 1. e) Hybrid Systems – The Example of CleanFeed.

644

B. Enforcement Measures Directed at Intermediaries

Killer incident,2307 which has previously been described, has proven that it may clash with other content regulation systems and have a severe effect on network accessibility and infrastructure. In addition, and this relates to one of the concerns, that the German courts addressed, even elaborated hybrid blocking mechanisms like Cleanfeed can as easy be circumvented as single blocking schemes. Users may circumvent the blocking system for instance via VPNs or anonymising services.2308 The blocking does rather prevent the accidental access of the blocked website, whereas users that want to access the website may still do so. In particular notorious infringes, may not be affected as they will now how to access the materials. Taking the example of Football Association Premier League Ltd v Sky, this case also shows like many others, that the operators of piracy sites change their domain names quite often and migrate from one country to another, so that blocking will need to be adapted with every move they take. It is unclear in how far a section 97A CDPA 1988 injunction would cover the reappearance of a blocked service under a new name. While in NewzBin2, the Court had no difficulties in establishing that NewzBin2 was an identical service to NewzBin1, the case may not always be so clear cut. Further, access blocking does not mean that the content disappears. The access blocking orders that have so far been issued by the UK courts did not relate to host providers that hosted the materials as such. Instead the blocking of .torrent trackers, indexing sites and streaming portals, that framed third party content were targeted. Metaphorically speaking, the phonebook was deleted, but the phone numbers persisted. The content remained, and only one way to get information about its location was cut off, or more precisely, “hidden” from the public. Finally, the access blocking orders were always directed at a whole website, once the court was convinced that it had substantial infringing use. Considering that for instance in the case of Football Association Pre-

2307 The incident concerned a depiction of the cover of German rock band Scorpions' 1976 studio album Virgin Killer on Wikipedia. The controversial cover artwork depicted a young girl posing nude, with a faux glass shatter obscuring her genitalia. See Raphael Satter, Wikipedia article blocked in UK over child photo, The Independent (08.12.2008). 2308 Holger Bleich/Axel Kossel, Verschleierungstaktik: Die Argumente für Kinderporno-Sperren laufen ins Leere, Der Spiegel Online (17.04.2009).

645

Third Chapter: Content- or Intermediary-Targeted Responses

mier League Ltd v Sky, access to FirstRow as such was blocked, also access to content that did not belong to the Premier League Ltd was blocked as well. FirstRow was not solely dedicated to Premier League matches, but to all kinds of sports events. Although the High Court acknowledges that legitimate content may become victim of blocking, this is not considered to have enough impact on the legitimacy of the blocking order as the percentage of legal content to be blocked is regularly held to be de minimis. Notably, in the UK cases, it is true, that the websites in question, were dedicated to piracy. However, no assessment was made as to whether there was a substantial non-infringing use of the platforms that could be affected. It will be interesting to see, how the courts will deal with cases where website operators do not respond to take down requests of certain infringing content, but also provide for substantial non-infringing use. This may in particular be the case with file-hosting services, which are used for both, legal and illegal acts.2309 With generations of digital natives growing up, it may be likely that blocking becomes less and less effective, because they will find it easy to circumvent blocking. Thus, one may witness a “technological arms race”2310, where to new forms of blocking, new ways of circumvention will be developed. b) Compliance with Secondary EU Law In contrast to the assessment of whether graduated response schemes comply with secondary EU law, the analysis can be cut short in relation to access blocking orders against access providers. As already stated in the context of access blocking upon orders by an administrative authority, although, Article 12(1) of the E-Commerce Directive provides that mere conduits are not liable for information they transmit, this does not prevent an injunction being imposed. In fact, Article 12(3) E-Commerce Directive makes it clear that the liability exemption “does not affect the possibility

2309 Lilian Edwards refers to websites that host both infringing and non-infrining content as “dual purpose” sites, see Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights, p. 52. 2310 Toby Headdon, Beyond liability: on the availability and scope of injunctions against online intermediaries after L’Oréal v eBay, European Intellectual Property Review 2012, Vol. 34 Issue 3, 137, 144.

646

B. Enforcement Measures Directed at Intermediaries

for a court or administrative authority, in accordance with Member States’ legal systems, of requiring the service provider to terminate or prevent an infringement”. Under Article 8(3) of the InfoSoc Directive injunctive relief is available against intermediaries specifically in relation to preventing infringements of intellectual property rights. When Article 15(1) E-Commerce Directive forbids Member States to impose general obligations on online intermediaries to monitor the information they transmit, this does for instance exclude an “active monitoring of all the data of each of a website’s customers in order to prevent any future infringement via the provider’s website”.2311 c) Conformity with Fundamental Rights of Internet Users The fundamental rights of Internet users in the context of blocking have already been briefly addressed in relation to access blocking orders by administrative authorities and will be analysed in more detail at this point. aa) Interference with Users’ Rights to Seek, Receive and Impart Information If legitimate content is blocked by way of “collateral damage”, the blocking interferes with the disseminator’s right to freedom of expression that is guaranteed by Article 10 ECHR (and Article 11 CFR). If end-users can no longer access legitimate content that has been blocked unintentionally, this also interferes with the users’ rights to receive information, which is equally guaranteed by said Articles. As regards filtering and blocking of content on the Internet, the first Chapter of the Declaration of the Committee of Ministers on human rights and the rule of law in the Information Society recognises that “1. […] ICTs provide unprecedented opportunities for all to enjoy freedom of expression. However, ICTs also pose many serious challenges to that freedom, such as state and private censorship”.2312 In the preamble to their Declaration of 28 May 2003 on freedom of communication on the Inter-

2311 CJEU, C-324/09 L’Oréal v eBay [2011] ECR I-06011, para. 139. 2312 Council of Europe, Declaration of the Committee of Ministers on human rights and the rule of law in the information society (13.05.2005), CM(2005)56 final.

647

Third Chapter: Content- or Intermediary-Targeted Responses

net, the Committee of Ministers went on to state that prior control of communications on the Internet, regardless of frontiers, should remain an exception.2313 While this relates to censorship as such, the Declaration clarified that “Principle 3: […] Public authorities should not, through general blocking or filtering measures, deny access by the public to information and other communication on the Internet, regardless of frontiers. This does not prevent the installation of filters for the protection of minors, in particular in places accessible to them, such as schools or libraries. Provided that the safeguards of Article 10, paragraph 2, of the Convention for the Protection of Human Rights and Fundamental Freedoms are respected, measures may be taken to enforce the removal of clearly identifiable Internet content or, alternatively, the blockage of access to it, if the competent national authorities have taken a provisional or final decision on its illegality”. The Council of Europe thus recognises that courts may order the deletion or blocking of clearly identifiable content, given that the competent national authorities have taken a decision on the illegality of the content. Hence, filtering or monitoring obligations are not as such forbidden by the ECHR. The same applies for monitoring and filtering obligations under EU law. Decisive is under both frameworks, whether the monitoring and filtering regime respects freedom of expression. As with all interferences to be justified, they must be prescribed by law. Already the requirement that any interference must be “prescribed by law” is doubtful. For the interference to be prescribed by law, the measure in question must have a legal basis. This legal basis must, firstly, be adequately accessible (the individual must be able to have an indication that is adequate in the circumstances of the legal rules applicable to a given case); secondly, be formulated with sufficient precision to enable individuals to regulate their conduct (they must be able to foresee the consequences which a given action may entail).2314 In Germany, there is consensus that the Störerhaftung does not provide a sufficiently precise legal basis for access blocking orders against access providers. In the UK, section 97A of the CDPA 1988 has been considered to be foreseeable enough, although it only provides a basis for injunctions

2313 Council of Europe, Freedom of communication on the Internet, Declaration adopted by the Committee of Ministers on 28.05.2003 at the 840th meeting of the Ministers' Deputies and explanatory note (2003), preamble. 2314 ECtHR, Sunday Times v the United Kingdom, Application No, Ser A No 30 (1979), para. 49.

648

B. Enforcement Measures Directed at Intermediaries

in a rather general manner. While the general concept of Störerhaftung does not precisely determine that access providers fall within its scope, section 97A CDPA 1988 specifically targets service providers including access providers. In that regard, the provision is much more precise than its German counterpart. Considering that in Germany, the crux was that it was not sufficiently foreseeable that access providers may be liable as Störer, in the UK access providers could foresee that they may be subject to an injunctions for actions of their users as section 97A CDPA 1988 set forth that injunctions may be granted against a service provider, where that service provider has actual knowledge of another person using their service to infringe copyright. Considering that access providers in the UK already employ a blocking system in relation to child pornography, one may conclude that an order to block copyright infringing materials pursuant to section 97A CDPA 1988 is foreseeable. The same applies with regard to the foreseeability of users that have uploaded content, which is no longer accessible following a blocking order. In this context, it must be noted that they can hardly rely that content remains accessible, if the content is illegal. As regards legitimate content, it must be noted, that the blocking orders that have been issued in the UK, only related to sites that facilitated access to infringing materials, they did not themselves host the data as such. By only blocking links and trackers that have been published on one website, the orders did not interfere with the materials as such. Further, the websites concerned where evidently piracy sites. In cases where it is not obvious, that a website is dedicated to infringing use, and a user uploads a legitimate link or .torrent file, it is more difficult to establish foreseeability in that particular case. However, as blocking exist, users must foresee that they may be affected. Considering that the access blocking measure would be foreseeable, the question remains whether the interference can be justified. Although the access blocking in general protects the rights of the copyright owners, it is questionable whether it is proportionate. As regards the proportionality of any blocking measure, it must be ensured that the blocking is a matter of last resort, meaning that no less intrusive measure is available. In all UK cases, that have been discussed above, the website operator did not respond to take down requests and thus, did not comply with a legal obligation. This has been considered by the court, which also discussed the fact that some of the operators shielded their identity, and contact was not possible.

649

Third Chapter: Content- or Intermediary-Targeted Responses

In Scarlet Extended v SABAM, the CJEU held that the installation of a “complicated, costly, permanent computer system” at the expense of the service provider did not strike a fair balance between the interests of the access provider and copyright holders involved.2315 The proposed filtering “would involve a systematic analysis of all content” and “the collection and identification of users’ IP addresses from which unlawful content on the network is sent”,2316 and thus infringed the fundamental rights of the access provider’s customers, namely their right to protection of their personal data (Article 8 CFR) and their freedom to receive or impart information (Article 11 CFR).2317 The proposed injunction was further held to potentially undermine freedom of information since that system might not distinguish adequately between unlawful content and lawful content, “with the result that its introduction could lead to the blocking of lawful communications”.2318 Accordingly, injunctions that would require a systematic analysis of all content and which do not distinguish adequately between unlawful content and lawful content so that they also result in the blocking of lawful content cannot be justified. When in NewzBin2 films and television programmes comprised about 70% of the material accessible via Newzbin2 and about 30% of that material consisted of other types of content, this means that not all content necessarily constituted unlawful content.2319 More precisely only 70% of NewzBin2’s content related to materials of the claimants. The other 30% of the content was owned by an uncertain number of third parties that were not parties to the case. The High Court concluded that the non-infringing uses of NewzBin2 that were affected by the injunction were de minimis, and thus blocking proportionate. This conclusion however goes too far. Having not established whether the rights-holders in the 30% of content did just not care about the dissemination of their materials via NewzBin, it cannot be certain that NewzBin had no substantial noninfringing use. The latest injunctions thus provide for the possibility of third parties that are affected by the blocking orders to apply to vary or

2315 CJEU, C-70/10 Scarlet Extended v SABAM, Judgment of 14.11.2011, ECR I-11959, paras. 48 et seq. 2316 Ibid, para. 51. 2317 Ibid, para. 50. 2318 Ibid, oara. 52. 2319 High Court, Twentieth Century Fox Film Corp v British Telecommunications Plc [2011] EWHC 1981, para. 179.

650

B. Enforcement Measures Directed at Intermediaries

discharge the order insofar as it affects that applicant.2320 Naturally, this safeguard only becomes effective following the order being applied, because only then will the party concerned obtain knowledge of the order. Considering that access is only blocked, or more precisely the “sign” to the location of content is turned “invisible”, the blocking can be reversed easily and the content still be accessed. Without such safeguard, it is difficult to see, how an order can be proportionate if national law does not provide for a third party appeal to an order by which the third party is affected in its fundamental rights. As regards users that want to access content, an argument in favour of blocking may be the fact that content can be obtained from legal sources as an alternative. It is not that they no longer can access the content as such, but they can no longer access it for free or from that specific source. This argument is valid, insofar as commercialised content is concerned, that is otherwise available. It is relevant with regard to the claimants in the aforementioned cases as they pursued legal action to ensure that they alone can commercially exploit the protected works. However, as the blocking extends to whole platforms, and to content, where it is not certain that it is otherwise available, or which is legally disseminated, this argument loses strength. When assessing the proportionality of a measure, the efficacy of a blocking measure needs to be taken into account. As aforementioned, there are many ways to circumvent blocking, which may even be used by non-IT-literate users. This would mean effectively, that the blocking would not fundamentally affect notorious, wilful infringers, as they would be able to make their way around the blocking mechanism. In addition, as mentioned above, access blocking to indexing sites and .torrent trackers does not hinder the distribution of the content as such: Links may exist on other platforms, or can be distributed anew. The content as such is not banned, but merely the “sign” to where it can be found. While the latter may not apply where file-hosting services are targeted, an application of blocking orders to these services seems unlikely, because they provide for substantial non-infringing use.

2320 See for instance High Court, Football Association Premier League Ltd v British Sky Broadcasting Ltd. [2013] EWHC 2058, para. 57.

651

Third Chapter: Content- or Intermediary-Targeted Responses

The lack in efficacy has been addressed by the High Court as being not so severe as to render blocking disproportionate.2321 The Court cited research that blocking to the Pirate Bay in Italy let to a 73% reduction in audience accessing the Pirate Bay in Italy.2322 Similarly, following the blocking of the Pirate Bay in UK, the website dropped from rank 43 in the Alexa rating to rank 293.2323 The latter indicates that the Pirate Bay is still popular and that many users find their way round the blocking. As regards the efficacy of blocking, also the CJEU acknowledged in the UPC Telekabel Wien case, that access blocking may not lead to a complete cessation of the intellectual property rights infringements.2324 Accordingly, it is accepted, that a complete cessation of copyright infringements may in practice not be achievable as users may circumvent the blocking.2325 The standard thus has to be to provide for “sufficiently effective” measures “to ensure genuine protection of the fundamental rights at issue”, meaning that “they must have the effect of preventing unauthorised access to the protected subject-matter or, at least, of making it difficult to achieve and of seriously discouraging Internet users who are using the services of the addressee of that injunction from accessing the subject-matter made available to them in breach of that fundamental right”.2326 Simply speaking, this means that it is sufficient that access is rendered more difficult, and accessing the content is discouraged. At least for casual users, circumventing the blocking may be too much hassle. Further, unintentional access is avoided. Users that search for a specific file may not be pointed to an illegal offer. This being said, what is left, is a very narrow scope of application of blocking injunctions under section 97A CDPA 1988. A blocking order can only be proportionate under very narrow circumstances. In its blocking orders, the High Court has repeatedly acknowledged that it only grants targeted and narrow orders. However, the “narrow” in the above assessment

2321 Cf. High Court, Twentieth Century Fox Film Corp v British Telecommunications Plc [2011] EWHC 1981, paras. 192 – 198. 2322 Ibid, para. 197. 2323 High Court, EMI Records Ltd and others v British Sky Broadcasting Ltd and others [2013] EWHC 379 (Ch), para. 106. 2324 CJEU, C-314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, Judgment of 27.03.2014, paras. 58 et seq. 2325 Ibid, para. 60. 2326 Ibid, para. 62.

652

B. Enforcement Measures Directed at Intermediaries

does not refer to the injunction being “narrowly” addressed at a certain website; it rather means, that only very few websites can be considered for blocking. As soon as a website is also used for legitimate purposes, access blocking cannot be ordered. The Court needs to be convinced that the website in question is substantially infringing. In most of the aforementioned cases, this could be established. In order to prevent disproportionate interferences with third party rights, a further safeguard has been established, allowing third parties that are affected by a blocking injunction, to rebut the presumption of illegality by applying for a variation of the order or a discharge. This safeguard satisfies the criteria set up by the CJEU in the UPC Telekabel Wien case. The CJEU held that – in order to prevent that fundamental rights preclude the adoption of an injunction – national procedural rules must provide a possibility for Internet users to assert their rights before the court once the concrete measures that have been taken by the service provider are known and by which they are affected.2327 Finally, access blocking can be proportionate, but only in very limited cases. As soon as an indexing feature or a .torrent tracker does not almost exclusively refer to infringing content, blocking is likely to be disproportionate in terms of an interference with the rights of users. It will be interesting to see, whether a court will discharge or vary an injunction when a third party is affected by the blocking. bb) Interference with the Users’ Privacy Rights In addition to what has been said above, blocking may also interfere with privacy rights, in particular where DPI-based blocking is deployed.2328 Deep packet inspection schemes examine the content of communication,2329 which is something an access provider would normally not do.

2327 Ibid, para. 57. 2328 See in this regard, Lilian Edwards refers to websites that host both infringing and non-infrining content as “dual purpose” sites, see Lilian Edwards, Role and responsibility of Internet intermediaries in the field of copyright and related rights, p. 54. 2329 For a detailed account of the functioning and robustness of deep packet inspection see also Ofcom, “Site blocking” to reduce online copyright infringement: A Review of sections 17 and 18 of the Digital Economy Act (27.05.2011), pp. 39 et seq.

653

Third Chapter: Content- or Intermediary-Targeted Responses

Such filtering would amount to blanket monitoring of users, something that has been rejected by the CJEU in the Scarlet Extended v SABAM case.2330 Due to its functioning, DPI-based blocking “would involve a systematic analysis of all content” and “the collection and identification of users’ IP addresses from which unlawful content on the network is sent”;2331 this would infringe the fundamental rights of the access provider’s customers, including their right to protection of their personal data (Article 8 CFR).2332 In the aforementioned access blocking cases, DPI-based blocking has not been ordered. Instead, the Cleanfeed blocking scheme was ordered to be employed, for instance in the NewzBin2 case. The filtering system is a hybrid system of IP address blocking and DPI-based URL filtering and treats particular IP addresses special. It thus incorporates both redirection of traffic and the use of web proxies.2333 Only suspicious requests are thus examined, which does not amount to a systematic analysis of all content, even though all requests would be filtered. Further Cleanfeed does not log any user data. Thus, depending on the blocking scheme that is used, there is a risk of disproportionate interference with users’ privacy rights. d) Conformity with Fundamental Rights of Access Providers Access blocking interferes with the access providers’ rights to pursue business and their right to property as guaranteed by Article 1 of the Protocol No. 1 to the ECHR (and Articles 16 and 17 CFR). Injunctions against provider to block access to certain materials or website further constitute a restriction of freedom of expression and information. Although it is true that, in substance, the expressions of opinion and information in question are those of the access provider’s customers, the provider can nevertheless rely on that fundamental right by virtue of its function of publishing its customers’ expressions of opinion and providing

2330 CJEU, C-70/10 Scarlet Extended v SABAM, Judgment of 14.11.2011, ECR I-11959. 2331 Ibid, para. 51. 2332 Ibid, para. 50. 2333 Richard Clayton, Anonymity and traceability in cyberspace (2005), Technical Report UCAM-CL-TR-653, p.116

654

B. Enforcement Measures Directed at Intermediaries

them with information. It must be ensured in that regard that the blocking measure does actually affect infringing material and that there is no danger of blocking access to lawful material.2334 As regards the freedom to conduct a business, that is guaranteed under the CFR, the CJEU held in UPC Telekabel Wien that this includes inter alia ”the right for any business to be able to freely use, within the limits of its liability for its own acts, the economic, technical and financial resources available to it”.2335 This being said, an injunction, which obliges an access provider to take measures which may represent a significant cost for him, is considered to constrain the access provider in a manner which restricts the free use of the resources at his disposal.2336 This shall in particular apply, where the measure would have a considerable impact on the organisation of his activities or require difficult and complex technical solutions.2337 It needs to be stressed that the domestic law must not require the addressee of an injunction to make unbearable sacrifices. A blocking injunction is, in that respect, not proportionate if it jeopardises an access provider’s business activity as such, that is, the commercial activity of making Internet access.2338 Similar to the administration of copyright infringement reports and lists in the context of a graduated response scheme, the imposition of a blocking obligation requires expenditures by the access provider, but does not jeopardise the business activity of providing Internet access as such. As has been explained in the introductory section, the more precise a blocking mechanism is, the more costly is its implementation. Irrespective of the expenditures, a blocking obligation may not infringe the core of the freedom to conduct business when it leaves the access provider to determine the specific measures to be taken in order to achieve the requested

2334 See Opinion of the AG Cruz Villalón of 26.11.2013 in -314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, para. 82. 2335 CJEU, C-314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, Judgment of 27.03.2014, para. 49. 2336 Ibid, para. 50. 2337 Ibid. 2338 Opinion of the AG Cruz Villalón of 26.11.2013 in -314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, para. 108

655

Third Chapter: Content- or Intermediary-Targeted Responses

result.2339 In the UPC Telekabel Wien case, this meant that the provider could choose to put in place measures which are “best adapted to the resources and abilities available to him”.2340 The blocking ordered in the UK can be distinguished from the Austrian case insofar as the measures to be taken were already specified in the injunction. Thus, the Court also assessed the costs involved, which were considered to be not very high as no blocking scheme had to be implemented anew, but a scheme that was already being deployed to block access to child abuse materials was to be used. Hence, although the measures could not be chosen by the access provider, it was guaranteed that they were adapted to the resources and abilities available to the provider, i.e. requiring the usage of a system that was already in use. Accordingly, in the UK cases, the blocking can be considered reasonable to achieve the aim of protection of third party copyright. Obligations that would go further than those outlined above would be unjustifiable in the light of the fact that the service provider is not the author of the infringement in question.2341 This being said, it is questionable whether the Austrian approach in the UPC Telekabel Wien case can amount to a fair balancing of rights.2342 As has already been outlined in the first section of this Chapter, there are a number of measures available to block a website. They include simple and cheap methods as well as highly complex methods, which are difficult to implement. Some are prone to over-blocking, others are very precise. The degree of interference with the fundamental rights of the access provider thus differs. It would then be left for the access provider to assess the reasonability of a blocking measure, which is however something that the court ordering the blocking should assess. As has been noted by the Advocate General Cruz Villalón in his opinion in the UPC Telekabel Wien case, “according to the case-law, the balance between the fundamental rights must be observed when the injunction is issued”.2343 Consideration relevant to fundamental rights

2339 CJEU, C-314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, Judgment of 27.03.2014, para. 52. 2340 Ibid, para. 52. 2341 Cf. Ibid, para. 53. 2342 See also Opinion of the AG Cruz Villalón of 26.11.2013 in -314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, paras. 86 et seq. 2343 Ibid, para. 88.

656

B. Enforcement Measures Directed at Intermediaries

must not be examined at a later stage.2344 The possibility of a judicial review of the standard adopted by the access provider as suggested by the CJEU does not heal the lacking assessment of a fair balance. The procedural guarantee does not heal the severe impact of the access blocking order on the fundamental rights of an access provider. If an access provider would opt for a mild blocking in order not to interfere too much with user rights, he must fear a dispute for non-compliance with the blocking order.2345 If he opts for an extensive yet not overly complex blocking measure, he must fear disputes with his customers for over-blocking.2346 Considering the extent some blocking measures may have on users’ rights to freedom of expression and information, it should be for a court to assess what kind of blocking is reasonable and justified in order not to leave the service provider in legal uncertainty. e) Striking a Fair Balance between the Contravening Interests Following the analysis above, it is established that access blocking interferes with the rights of users to freedom of expression and information as well as privacy rights. Further access blocking orders against access providers interfere with the providers’ right to freedom of expression and information and their freedom to pursue business. In order for a measure that seeks to stop and prevent copyright infringements to be justified a fair balance needs to be struck between the contravening interests. The proportionality of blocking obligations particularly depends on three factors: their effectiveness, the severity of the interference, and the presence of adequate and effective measures against abuse. The European Court of Human Rights has repeatedly held that “adequate and effective measures against abuse” need to be present in order for an interference to be proportional.2347

2344 2345 2346 2347

Ibid. Cf. ibid, para. 89. Cf. ibid. ECtHR, Klass and Others v Germany, Judgment of 06.09.1978 – Application No. 5029/71, para. 50; see also Rotaru v Romania, Judgment of 04.05.2000 – Application No. 28341/95, para. 59, which uses the term “safeguards” instead of guarantees.

657

Third Chapter: Content- or Intermediary-Targeted Responses

Access blocking orders seek to protect copyright and undoubtedly pursue a legitimate aim. What is questionable is the appropriateness of access blocking for the furtherance of the aim, meaning whether they make a contribution to the attainment of the aim. Doubts exist in this regard, because the blocking measures that are available can be circumvented. As with traditional crimes, offenders will always try to find a way to evade detection and prosecution. Only because some users will succeed in circumventing the blocking, the enforcement mechanism is not being rendered inappropriate per se. With online copyright infringement, the aim has to be the reduction of the scale of infringements in order to ensure revenues for creative works. Even if there is not just the possibility of evasion but facts that some circumvention of the technical measures is going to happen, this does not mean that these measures are not appropriate and cannot be justified. The Advocate General rightly noted in this respect that the presumption of “an intention of the part of every user to gain access to a website despite a block would […] mean that one assumes inadmissibly that every user intends to further a breach of the law”.2348 Furthermore, it must be observed that, while quite a few users will know how to circumvent a blocking, this does not mean that all users will do so. Similarly, the possibility that the operator of the website to be blocked migrates to another domain/different IP address does not, in principle, preclude the appropriateness of blocking measures. In this regard the Advocate General in the UPC Telekabel Wien case concluded that an initial blocking will raise awareness of the illegality of the website and its service in question, and thereby possibly also prevent users from accessing the website.2349 However, this prominence may also make the website even more known to users that have previously never heard of that platform.2350 This being said, the quantitative assessment of the foreseeable success of the blocking measure sought after is one factor to be weighed in the proportionality test.

2348 Opinion of the AG Cruz Villalón of 26.11.2013 in -314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, paras. 86 et seq., para. 101. 2349 Ibid. 2350 This phenomenon falls into the catgory of Streisand effect, meaning that the attempt to hide, remove or block access to a piece of information has the unintended consequence of attracting attention to that information, which results in more people trying to access the information.

658

B. Enforcement Measures Directed at Intermediaries

A blocking measure must also not go beyond what is necessary to achieve the objective pursued, and of several appropriate measures, recourse must be had to the least onerous.2351 As mentioned previously, a less intrusive measure would be the deletion of the infringing content by the host provider. However, in those cases cited above, the host providers, or respectively the joint tortfeasors, did not respond to take down requests or were not contactable at all. Educating users about the illegal nature of the acts in question does not promise to be equally effective. Although education of users is a track that should be pursued, an amelioration of media competence does not lead to instant results and is an on-going process. Finally, the legitimacy of a blocking measure depends on whether the disadvantages caused by the measure are proportionate to the aim pursued. According to the CJEU’s case law, in particular the case of Scarlet Extended v SABAM, the complexity, costs and duration of the measure sought for must be weighed with the other factors. The effect of the ruling in SABAM was, that general filtering is incompatible with fundamental rights, but specific (in the sense of “targeted at a clearly indicated website”) blocking injunctions are permissible, as long as they do not unreasonably infringe the fundamental rights of users and access providers. This was the case in the UK cases where a narrow and targeted blocking obligation was imposed upon access providers that also specified the measure to be taken. Further, a remedy was provided for third parties affected by the order to have an order discharged or varied upon application to a Court. The most important aspect was however, that the Court assessed the contravening interests in light of the specified measure. Having specified the measure, the Court was in a position to analyse the costs that the access provider was faced with, potential risks of over-blocking, the rights of users affected etc.. The High Court also put weight on the fact that the website operators of the sites to be blocked were profiting from infringement on an industrial scale.2352 Considering that the measures imposed were all directed against indexing sites and .torrent trackers, the effect on potential legal user content was also minimal.2353

2351 CJEU, C‑375/96 Zaninotto [1998] ECR I‑6629, para. 63. 2352 Cf. for instance High Court, Football Association Premier League Ltd v British Sky Broadcasting Ltd. [2013] EWHC 2058, para. 59. 2353 See above B. III. 3. c) aa) Interference with Users’ Rights to Seek, Receive and Impart Information.

659

Third Chapter: Content- or Intermediary-Targeted Responses

Other than concluded by the CJEU in the UPC Telekabel Wien case, it must be for the national court that is addressed by the rights-holder to examine the proportionality of the measure envisaged in the specific case. The Court must not pass on the assessment of the proportionality of a measure to the access providers.2354 In this context, the measures employed, “must be sufficiently effective to ensure genuine protection, that is to say that they must have the effect of preventing unauthorised access to the protected subject-matter or, at least, of making it difficult to achieve and of seriously discouraging Internet users who are using the services of the addressee of that injunction from accessing the subject-matter made available to them in breach of that fundamental right.”2355 It is evident, that the effectiveness of site blocking may be limited in a wider context, due to an inherent flaw in the very concept of blocking websites. Shortly after the Pirate Bay trial in Sweden, the website returned to cyberspace with more users than ever. Following the judgement declaring that NewzBin was infringing copyright, the service was back online within weeks after the trial as “NewzBin v. 2.0”, laughing off the loss in court on the main page. New services continue to enter the market. Every time a website is blocked, new ones appear to take over their place; more than that, the same website might return under a slightly different address. It is evident that site blocking can never achieve a total cessation of copyright infringements. However, once a website is blocked, it disappears for most users in the wide world of the Web. New services that appear must first be brought to the awareness of users, thus there will always be a delay until they reach high traffic volume. With blocking injunctions in the UK being granted more quickly than ever, many UK Internet users may find it more and more difficult to find the content they search for. In parallel, the blocking orders also raise attention about the illegality of the activities and may have a dissuasive effect. As of now, there is no reliable and robust evidene on this. Similarly, it would be interesting to know whether – in consideration of more and more smart devices (smartphones, smart TV and tablets) being used and cheap flatrates available to content databases, convenient access to audio and audio-visual

2354 See above B. III. 3. d) Conformity with Fundamental Rights of Access Providers. 2355 CJEU, C-314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, Judgment of 27.03.2014, para. 62.

660

B. Enforcement Measures Directed at Intermediaries

media gains in importance over free access. Thus, it is not only made difficult to obtain files from the service that is being blocked, but users are also seriously discouraged to access the service in question and potentially also its successors. Whether access blocking discourages users to access particular and even similar services has been subject to a Dutch research study. With regard to access blocking to in particular the Pirate Bay, evidence from that study suggests that blocking of the Pirate Bay significantly reduced the number of unique visitors of this site.2356 Although this seems to support the thesis that blocking is an appropriate means to reduce piracy, the researchers could not establish a long-term effect of the blocking. In fact, the researchers reached the conclusion that the blocking of the Pirate Bay by Dutch access providers has no lasting net impact on the percentage of the Dutch population downloading from illegal sources, as users turn to alternatives to the Pirate Bay.2357 While this may still support blocking of indexing sites as a means to reduce peer-to-peer file-sharing as an additional means to further measures, the study also suggests that users may learn how to circumvent blocking and education effects may wear off after a few months.2358 This in turn means that the effect of blocking in the long run is close to zero. Consequently, one must ask whether an enforcement action that results in the blocking of content, but has practically no or little effect on piracy in general can be considered as an appropriate means to fight copyright infringements. In order to answer that question, one must first determine whether effectiveness relates to piracy in general.2359 If effectiveness is interpreted as reducing piracy in general,2360 one may argue that the described access blocking is not effective. However, as stated above, the CJEU interprets effective as having the effect of preventing “unauthorised access to the protected subject-matter or, at least, of making

2356 Joost Poort/Jorna Leenheer/Jeroen von der Ham/Cosmin Dumitru, Baywatch: Two Approaches to Measure the Effects of Blocking Access to The Pirate Bay, Telecommunications Policy 2014, Vol. 38 Issue 4, 383–392. 2357 Ibid. 2358 Ibid, p. 390. 2359 T.J. McIntyre, Child abuse images and Cleanfeeds: Assessing Internet Blocking Systems, in: Ian Brown (ed.), Research handbook on governance of the Internet (2012), 299, section 5.7. 2360 See in the context of graduated response schemes Rebecca Giblin, Evaluating graduated response, Columbia Journal of Law & the Arts 2014, Vol. 37 No.2, 147, 208.

661

Third Chapter: Content- or Intermediary-Targeted Responses

it difficult to achieve and of seriously discouraging Internet users ... from accessing the subject-matter made available to them in breach of that fundamental right”.2361 Thus, effectiveness must not be understand as requiring evidence demonstrating a causal link between the blocking and an overall reduction of infringements.2362 Accordingly, even the introduction of obstacles towards the respective content is sufficient to satisfy the criterion of effectiveness. The discussion of effectiveness of blocking measures also exists in the context of the fight against child pornography, namely whether access blocking can be an effective means to combat the dissemination of child abuse images on the Internet.2363 The dominant argument in favour of blocking is that accidental exposure shall be prevented.2364 In the context of child abuse materials, this argument seems to be strong at a first glance, but in fact ignores that such content is rarely freely distributed on the web. Instead secretive channels are used, such as hidden fora, friends-to-friends networks or other means of trusted communication. In the context of copyright infringement the argument of accidental access however becomes stronger: if an Internet user searches for a particular file on the Internet – be it either via a search engine or the search function of an indexing website, he will be confronted with many search results that lead to unauthorised copies. Thus, it is not necessary to determine whether evidence exists that accidental or casual access is a significant problem. Further, while in relation to child abuse images, blocking has also been considered as counterproductive – as it may distract attention from international attempts to achieve the removal of the materials at source,2365 there are no international attempts to remove IP infringing contents from the Internet. There is an obvious reason for the latter: IP rights are territorial and may differ, in particular as terms of protection and exceptions such

2361 CJEU, C-314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, Judgment of 27.03.2014, para. 62. 2362 This has been criticised by Giblin in relation to graduated response schemes, see Rebecca Giblin, Evaluating graduated response, Columbia Journal of Law & the Arts 2014, Vol. 37 No.2, 147, 208. 2363 See for instance T.J. McIntyre, Child abuse images and Cleanfeeds: Assessing Internet Blocking Systems, in: Ian Brown (ed.), Research handbook on governance of the Internet (2012), pp. 299 et seq. 2364 See ibid, section 5.7 with further references. 2365 See ibid, with further references.

662

B. Enforcement Measures Directed at Intermediaries

as fair use are concerned. Thus, while some consider child abuse images the best case scenario for blocking, in fact copyright may present an equally good scenario: the lack of a common determination of illegality of the acts concerned makes the removal of infringing materials from the Internet almost impossible if hosted abroad. Ultimately, the proportionality test also needs to take into consideration that in case of an interference with Article 10 ECHR, the ECtHR requires a “pressing social need” for the interference. With respect to the test, one needs to take into account the nature of the competing interest involved and the degree to which those interests require protection in the circumstances of the case. In the context of copyright infringements, this means that the interests of the Internet users to access the materials in question, and the interests of website operators to impart information, have to be weighed against the interest in protecting the intellectual property rights of the copyright-holders. As to the weight to be afforded to the interest of protecting the copyright‑holders rights enshrined in Article 1 of the Protocol 1 to the ECHR, the Court reiterated in Neji and Sunde Kolmisoppi v Sweden2366 the principle that genuine, effective exercise of the rights protected by that provision also encompasses positive measures of protection by States.2367 The protection of a genuine, effective exercise of copyright can accordingly be necessary in a democratic society and amount to a pressing social need. As regards the width of the margin of appreciation afforded to States, this varies depending on a number of factors, among which the type of information at issue is of particular importance. If it can be established that the materials are copyright infringing music or film files, the protection granted does not reach the same level of protection as that afforded to political expression and debate. In the summary proportionality test in Neji and Sunde Kolmisoppi v Sweden the ECtHR paid regard to the fact, that the applicants did not respond to take-down requests and thus upheld their activities that were criminal under Swedish law. Accordingly, it becomes

2366 ECtHR, Neij and Sunde Kolmisoppi v Sweden, Inadmissibility order of 19.02.2013 – Application no. 40397/12. For a comment on the case see Joseph Jones, Internet pirates walk the plank with Article 10 kept at bay: Neij and Sunde Kolmisoppi v Sweden, European Intellectual Property Review 2013, Vol. 35 Issue 11, 695–700. 2367 See also ECtHR, Öneryildiz v Turkey, Judgment of 30.11.2004 – Application no. 48939/99, para. 134.

663

Third Chapter: Content- or Intermediary-Targeted Responses

clear that access blocking can only be proportionate in very limited scenarios: where there is no contactable, identifiable defendant or that defendant does not comply with legitimate take-down requests. Further, no other domestic means of enforcement against the defendant must be available. Blocking is ultima ratio. Taking into account also the interests of the uploader of links and interested Internet users, it must further be established that effects on legitimate content are excluded or marginal. Only then can a blocking measure be proportionate. Obviously, the scenarios of legitimate blocking are very limited and may in fact only concern such websites that are dedicated to piracy. If their service is evidently supporting piracy and profits are generated, there is a strong presumption that copyright will outweigh the interest of the website provider and its users. However, this has to be decided on a case by case basis. In accordance with these conclusions, fundamental rights do not preclude the blocking of access to infringing website even if a complete cessation of infringements might not be possible or achievable in practice. However, in contrast to the findings of the CJEU in the UPC Telekabel Wien case, in order to achieve a fair balance of the contravening interests, the court addressed must specify the concrete measure to be taken by the access provider. Open-textured injunctions leave too much legal uncertainty to access provider, and carry the risk that either not enough or too much content is blocked, which in turn will affect Internet users as well. Thus, irrespective of the overall effect of a single blocking order on piracy in general, access blocking can be legitimate under very restrictive conditions. IV. Enforcement upon Initiative of the Rights-Holders via Host Providers Having established that European law and fundamental rights do not preclude the targeted and narrow access blocking to illegal content by access blockers, the closing section of this Chapter will look at enforcement procedures against host providers. As has already been addressed previously, such proceedings only promise to be effective where the sites targeted are within the same jurisdiction, or voluntarily comply with the legal obligations imposed upon them. The following analysis will focus on France and Germany, because they provide two similar, but yet diverging approaches. The primary focus will be on the German approach as the numerous cases within the last years perfectly highlights the problems courts have encoun664

B. Enforcement Measures Directed at Intermediaries

tered when trying to determine possible take down and monitoring obligations of host providers under the regime introduced by the E-Commerce Directive. This section will show that courts struggle to apply the E-Commerce Directive regime, that was developed at the turn of the millennium to the participatory Internet that exists today. 1. Germany: Obligations of Host Providers to Prevent Similar Infringements In the absence of the possibility to obtain blocking injunctions against access providers, rights-holders resort to seeking injunctions against host providers requiring them not only to stop an infringement but also achieve its cessation. The legal basis for such injunctions lies in the E-Commerce Directive and the respective provision in the national implementation of the Directive. In particular when infringers or Internet access subscribers cannot be or prove difficult to be identified, the rights-holders are increasingly relying on the liability provisions from the start of this millennium. This being said, it must be recalled that the legal action against host providers only promises success where the host provider is located within the jurisdiction, or will voluntarily comply with an injunction. The following section will show that often it will not even be necessary to take a matter before the court, as the German courts interpret the obligation to delete or block access to an infringement quite wide so that the obligation that stems from the E-Commerce Directive will also extend to the prevention of future identical infringements. a) The Legal Framework In order to determine whether host providers may incur liability for third party content that they host, the following paragraphs outline the liability exemptions for host providers in the Telemediengesetz (TMG)2368 and the concept of liability as a disturber (Störerhaftung). The latter has already

2368 Telemedia Act.

665

Third Chapter: Content- or Intermediary-Targeted Responses

been discussed on several occasions throughout this work, and at this point shall only be addressed briefly with a focus on host providers. aa) Telemediengesetz In the first Chapter, the concept of limited liabiltiy for host providers under the E-Commerce Directive has already been touched upon, and the necessity to go beyond notice and take down has been identified. In Germany the relevant provisions of the E-Commerce Directive on limited liability for online intermediaries can be found in the Telemediengesetz (TMG). The German legislator implemented the provision first in §§ 6–9 Mediendienstestaatsvertrag (MDStV)2369 and §§ 8–11 Teledienstegesetz (TDG).2370 These statutes have been merged without any material changes into the TMG.2371 Structure and wording of the German statutory provisions are very similar to the wording of Articles 12–15 of the ECommerce Directive. § 10 TMG provides that service providers are not liable for third-party content that they store for a user “if they do not have knowledge of the illegal act or information and as regards claims for damages, are not aware of facts or circumstances from which the illegal act or information is apparent or, upon obtaining such knowledge, act expeditiously to remove or to disable access to the information”. The wording of § 10 TMG is almost exactly the same as in the German language version of Article 14(1) and (2) of the E-Commerce Directive but with the slight difference that where the Directive requires that the host provider does not have “actual” knowledge the German national provision just refers to knowledge as such. As becomes clear from § 7 TMG – which is entitled “General Principles” – exemption from liability depends on whether the content provided derives from a third party and is not adopted as own content. For own content providers are liable according to the general laws. Pursuant to § 7 II TMG service providers are not obliged to monitor information that they host or transmit, or to search for circumstances which indicate illegal

2369 Media services State Treaty. 2370 Teleservices Act. 2371 The TDG formerly applied to teleservices, whereas the MDStV applied to media services. To distinguish between these two types of services has proven difficult. With the implementation of the TMG any distinction is now obsolete.

666

B. Enforcement Measures Directed at Intermediaries

activities. This privilege must not be rendered invalid by imposing general and proactive monitoring duties upon service providers. The liability privileges for hosting, caching and the provision of access to the Internet (§§ 8 to 10 TMG) do only apply for claims of damages and criminal liability. They do not affect the possibility to impose injunctions upon these intermediaries. Injunctive relief is often the only remedy available for rights-holders when the actual infringers cannot be identified. As intermediaries are considered in a position to cease infringement, it is obvious that rights-holders will seek their cooperation. bb) Störerhaftung Irrespective of the liability exemption for online intermediaries that originate from the E-Commerce Directive, online intermediaries may be obliged to terminate and prevent infringements once they have acquired knowledge of a particular infringement. In these cases, responsibility will be construed under the concept of Störerhaftung (liability as a disturber).2372 As stated above, someone who is not a direct infringer or accessory will not be liable for damages. Nevertheless, non-infringers (as well as infringers) may be obliged upon obtaining knowledge of an illegal act or information to act expeditiously to remove or to disable access to the information. This obligation derives from the doctrine of Störerhaftung. Under this doctrine, he will also be required to prevent similar infringements in the future.2373 According to the doctrine of Störerhaftung, liability will be established if the provider knowingly contributes to the infringement of a protected right.2374 It needs to be recalled that the Störer does not himself interfere

2372 See above Second Chapter, B. III. 1. a) aa) (2) Störerhaftung: Liability as a Disturber. 2373 For an evaluation of the concept in English and its applicability on Auctioning websites see Andreas Rühmkorf, The Liability of online auction portals: Towards a Uniform Approach?, Journal of Internet Law 2010, Vol. 14 Issue 4, 3–10. 2374 BGH, Decision of 15.10.1998 – 1 ZR 120/96 (Möbelklassiker), Gewerblicher Rechtsschutz und Urheberrecht 1999, 419; BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668 with a case comment by Thomas Hoeren; concerning the specific requirements in detail see

667

Third Chapter: Content- or Intermediary-Targeted Responses

with the rights of another party, but in another way contributes deliberately and adequately causal to the infringement of a protected right without being the perpetrator or an accessory. Hence, where the service provider cannot be held liable for damages, the claimant will regularly try to institute proceedings for an injunction against the Störer. Injunctions can be issued regardless of negligence or fault.2375 Accordingly, it is not only the perpetrator himself, i.e. the direct infringer, and accessories, i.e. abettors to the infringement, that can be subject to an injunction claim, but also the so-called Störer. As stated before, this doctrine originally applied to cases where a person had constructive control over dangerous property and was therefore held liable under public law – irrespective of intentional or negligent behaviour – for any foreseeable harm arising from such source of danger. Under private law, the notion of Störer characterises a person who is liable under § 1004 BGB to cease any interference with the property of another that is not caused by removal or retention of the possession.2376 The concept of Störerhaftung has been applied by analogy to other kind of interferences, in particular to determine responsibility for unlawful content on a website.2377 Service providers that provide online communication services are considered to run a “source of danger” as their service provides

Markus Köhler/Hans-Wolfgang Arndt/Thomas Fetzer, Recht des Internet (7th ed. 2011), para. 774 et seq.; Gerald Spindler/Katharina Anton in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 1004 BGB para. 8 et seq. with further references. 2375 BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668. For an analysis of the first Internet auction case in English see Joachim Bornkamm, E-Commerce Directive vs. IP rights enforcement – Legal balance achieved?, Gewerblicher Rechtsschutz und Urheberrecht – Internationaler Teil 2007, 642–644. 2376 § 1004 BGB: “(1) If the ownership is interfered with by means other than removal or retention of possession, the owner may require the disturber to remove the interference. If further interferences are to be feared, the owner may seek a prohibitory injunction. (2) The claim is excluded if the owner is obliged to tolerate the interference”. Translation provided by the Langenscheidt Translation Service at the homepage of the Ministry of Justice, www.gesetzeimInternet.de (last accessed: 21.03.2014). 2377 BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668 et seq. with a case comment by Thomas Hoeren; concerning the specific requirements in detail see Markus Köhler/Hans-Wolfgang Arndt/Thomas Fetzer, Recht des Internet (7th ed. 2011), para.774 et seq.; Gerald Spindler/Katharina Anton in: Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 1004 BGB para. 8 et seq. with further

668

B. Enforcement Measures Directed at Intermediaries

the infrastructure for infringements of intellectual property rights.2378 Accordingly, a host provider, that is neither infringer nor abettor to an infringement, will be obliged to terminate and prevent any infringement of a third party’s right if he deliberately and causally contributes to the infringement, and has the legal and effective means to prevent the infringement.2379 Liability is not extended without limits upon third parties: Considering that a Störer will be liable to cease AND desist, liability requires a breach of due diligence or monitoring duties and is also restricted by the principle of proportionality. In relation to online marketplaces it was held that the provider of such a platform has to ensure that sellers of adult material employ a functioning age verification system.2380 He will however not be required to determine which goods are not to be sold to minors.2381 This would be beyond reasonableness and cannot be expected from the online marketplace provider. In general, a monitoring duty may only then arise, if a Störer has acquired knowledge of an infringement. The duty only arises if and in so far as it can be reasonably expected from the Störer. This particularly applies where third parties use the structural and technical means provided by the Störer to infringe intellectual property rights. As mentioned above, a monitoring duty does not exist per se; this would contravene § 7 II TMG (which transposes Article 15(1) E-Commerce Directive into German law). Hence, where the service provider cannot be held liable for damages, the claimant will regularly try to institute proceedings for an injunction

2378 2379

2380 2381

references; Thomas Dreier in: Thomas Dreier/Gernot Schulze, Urheberrechtsgesetz (4th ed. 2013), § 97 para. 33 with further references. Rolf Schwartmann, Vergleichende Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheberrechtsverletzungen (2012), p. 232. BGH, Decision of 17.05.2001 – I ZR 251/99 (ambiente.de), MultiMedia und Recht 2001, 671; BGH, Decision of 01.04.2004 – I ZR 317/01 (Schöner Wetten), Gewerblicher Rechtsschutz und Urheberrecht 2004, 693; BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668. BGH, Decision of 12.07.2007 – I ZR 18/04 (Jugendgefährdende Medien bei eBay), Zeitschrift für Urheber- und Medienrecht 2007, 846, 852. Ibid. Whether the sale to minors is prohibited, is subject to the determination by the respective authorities or self-regulatory bodies.

669

Third Chapter: Content- or Intermediary-Targeted Responses

against the Störer. Injunctions can be issued regardless of negligence or fault.2382 Usually, the rights-holder will ask the infringer or Störer to sign a predrafted cease and desist letter (so-called Abmahnung),2383 in which the recipient declares that he will cease and desist from the declared infringement, meaning that he will not only cease the infringement but also refrain from committing that the infringement in question in the future. The declaration will usually contain a penalty clause as an additional enforcement mechanism. cc) The Scope of Monitoring Duties of Host Providers In the case of host providers a monitoring duty arises following a first time infringement of which the provider has gained knowledge. Knowledge requires knowledge of the act/activity or information and its illegality and does not mean mere knowledge of the existence of the act/activity or information alone.2384 Usually, knowledge is acquired by notification by the injured rights-holder.2385 Whether and if a monitoring duty is reasonable is to be determined in due consideration of the individual rights of the infringer, the host

2382 BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668. 2383 The practice of cease and desist letters as enforcement mechansisms has already been addressed in the Second Chapter, see Second Chapter, B. III. 1. Germany: Abmahnungen. 2384 Helmut Hoffmann in: Gerald Spindler/Fabian Schuster, Gerald Spindler/Fabian Schuster, Recht der elektronischen Medien (2nd ed. 2011), § 10 TMG para. 23; Dirk Heckmann, Juris PraxisKommentar Internetrecht, Chapter 1.10 para. 17; Gerald Spindler, Das Gesetz zum elektronischen Geschäftsverkehr – Verantwortlichkeit der Diensteanbieter und Herkunftslandprinzip, Neue Juristische Wochenschrift 2002, 921, 924. 2385 Knowledge as such can only be obtained by physical persons and not by automatic transmission or storage. See Gerald Spindler, Die zivilrechtliche Verantwortlichkeit von Internetauktionshäusern – Haftung für automatisch registrierte und publizierte Inhalte?, MultiMedia und Recht 2001, 737, 740; OLG Brandenburg, Decision of 16.12.2003 – 6 U 161/U (Haftung eines Onlineauktionshauses), MultiMedia und Recht 2004, 330, 332.

670

B. Enforcement Measures Directed at Intermediaries

provider and the rights-holder.2386 Criteria that may have an impact on the reasonableness are for example economic advantages of the host provider due to the infringing content,2387 quantity and quality of the infringements,2388 or the possibility of filtering.2389 If liability as a Störer has been established, the Störer may also be liable for damages for repeated similar infringements, specifically in the field of copyright law.2390 At first sight this may sound contrary to what has been said before about this concept. However, the obligation following a first infringement implies the duty to prevent identical and even similar infringements in the future. If a service provider does not implement measures to prevent similar infringements in the future, he will basically be in the same position as someone who is aware of an infringement.2391 Host providers are often sued for non-compliance with monitoring duties following a first infringement. In fact, non-implementation of precautionary measures to prevent similar infringements is the most common scenario where host providers face legal action. German courts have developed an elaborated system of what constitutes a “similar” infringement and what can be expected in relation to the prevention of such an infringement.

2386 OLG Hamburg, Decision of 02.07.2008 – 5 U 73/07 (Rapidshare I), MultiMedia und Recht 2008, 823; OLG Hamburg, Decision of 30.09.2009 – 5 U 111/08 (Rapidshare II), MultiMedia und Recht 2010, 51, 53. 2387 Ibid. 2388 Thomas Wilmer, Überspannte Prüfpflichten für Host-Provider? – Vorschlag für eine Haftungsmatrix, Neue Juristische Wochenschrift 2008, 1845, 1849 with further references. 2389 BGH, Decision of 19.04.2007 – I ZR 35/04 (Internetversteigerung II), MultiMedia und Recht 2007, 507; Ibid. 2390 Stefan Krüger/Simon Apel, Haftung von Plattformbetreibern für urheberrechtlich geschützte Inhalte – Wie weit geht die Haftung und wann droht Schadensersatz?, MultiMedia und Recht 2012, 144, 149. 2391 See: Stefan Krüger/Simon Apel, Haftung von Plattformbetreibern für urheberrechtlich geschützte Inhalte – Wie weit geht die Haftung und wann droht Schadensersatz?, MultiMedia und Recht 2012, 144, 149 with further references.

671

Third Chapter: Content- or Intermediary-Targeted Responses

The case law on Internet auction platforms2392 has shown that the extent of a monitoring duty is subject to a test of reasonableness. What is reasonable depends on the specific facts of the individual case, and thus, needs to be determined on a case by case basis. Some guidance can however be drawn from these cases, namely that a monitoring duty following a first infringement does not mean that a host provider has to actively monitor every single posting/offer for sale prior to its publication. The monitoring duties are specific monitoring duties in accordance with Article 15(1) of the E-Commerce Directive and can only apply under certain circumstances.2393 This means for Internet auction providers that they must disable access to an infringing offer without undue delay upon becoming aware of the infringement, AND take reasonable steps to prevent similar infringements in the future.2394 As regards eBay and the sale of counterfeited goods, the Federal Court of Justice held that a host provider could be required to use filter software to detect suspicious offers for sale which could subsequently be checked manually for identical infringements of intellectual property rights.2395 Such a filtering duty was assumed to bring the colliding interests of eBay in pursuing its business and the interests of intellectual property rights owners in protecting their brand into a fair balance. The host provider’s role in relation to an infringement as well as the means in terms of human or financial resources available to him, are important criteria that need to be taken into account.2396 As concerns the role of the host provider, courts will examine whether the provider got a

2392 BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668; Decision of 19.04.2007 – I ZR 35/04 (Internetversteigerung II), MultiMedia und Recht 2007, 507; Decision of 30.04.2008 – I ZR 73/05 (Internet-Versteigerung III); Decision of 22. 07. 2010 – I ZR 139/08 (Kinderhochstühle im Internet), Gewerblicher Rechtsschutz und Urheberrecht 2011, 152. 2393 BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668. See also BGH, Decision of 22. 07. 2010 – I ZR 139/08 (Kinderhochstühle im Internet), Gewerblicher Rechtsschutz und Urheberrecht, 2011, 152. 2394 BGH, Decision of 11.03.2004 – I ZR 304/01(Internetversteigerung I), MultiMedia und Recht 2004, 668, 671. 2395 Ibid, 672; BGH, Decision of 22. 07. 2010 – I ZR 139/08 (Kinderhochstühle im Internet), Gewerblicher Rechtsschutz und Urheberrecht 2011, 152. 2396 See only BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668 et seq.; BGH, Decision of 12.07.2007 – I ZR

672

B. Enforcement Measures Directed at Intermediaries

financial gain from infringements of intellectual property rights,2397 or whether the provider facilitated infringements by providing users with the necessary means for example specific software.2398 Monitoring duties shall not reach so far as compliance would challenge the business model.2399 Concerning the feasibility of monitoring duties, the courts will have to examine the necessary financial effort with regard to the implementation of a monitoring system, 2400 as well as the efficacy of monitoring and filtering measures.2401 Measures are not necessarily unreasonable if the host provider has to employ further staff to comply with the monitoring duty.2402 Unreasonable are only those duties that challenge the business model as a whole.2403 A provider will not be required to implement software that does not distinguish between potential infringements and legitimate offers in its result list.2404 For example if eBay runs a software that instead of potential infringements of a certain trademark lists all offers referring to that trademark, the host provider will not be expected to check all results manually for potential infringements.2405

2397 2398 2399 2400 2401

2402 2403 2404 2405

18/04 (Jugendgefährdende Medien bei eBay), Zeitschrift für Urheber- und Medienrecht 2007, 846, 849 et seq. See only BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668, 671 et seq. OLG Hamburg, Decision of 28.01. 2009 – 5 U 255/07 (Alphaload/Usenet II), MultiMedia und Recht 2009, 405, 407. See only BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668, 671 et seq. LG Hamburg, Decision of 12.11.2008 – 308 O 548/08, Kommunikation und Recht 2009, 272, 275 with comment by Flemming Moos/Anna Gosche. Ibid. Cf. also in relation to Usenet LG München I, Decision of 19.04.2007 – 7 O 3950/07, MultiMedia und Recht 2007, 453, 456; OLG Hamburg, Decision of 14.01. 2009 – 5 U 113/07 (Spring nicht – Usenet I), MultiMedia und Recht 2009, 631, 634. OLG Köln, Decision of 21.09.2007 – 6 U 86/07, Zeitschrift für Urheber- und Medienrecht 2007, 927, 930. BGH, Decision of 12.07.2007 – I ZR 18/04 (Jugendgefährdende Medien bei eBay), Zeitschrift für Urheber- und Medienrecht 2007, 846, 849; BGH, Decision of 12.05.2010 – I ZR 121/08 (Sommer unseres Lebens). BGH, Decision of 22. 07. 2010 – I ZR 139/08 (Kinderhochstühle im Internet), Gewerblicher Rechtsschutz und Urheberrecht 2011, 152, 155; Helmut Redeker, IT-Recht (5th ed. 2012), para. 1286. Cf. BGH, Decision of 22. 07. 2010 – I ZR 139/08 (Kinderhochstühle im Internet), Gewerblicher Rechtsschutz und Urheberrecht 2011, 152, 155.

673

Third Chapter: Content- or Intermediary-Targeted Responses

Accordingly, the manual control of all data, where large volumes of data are concerned, is not reasonable,2406 whereas the manual control of filtered data is not necessarily disproportionate.2407 However, recently the Court held that eBay does not have to check the results of a word filter search manually in order to detect intellectual property right infringements due to the sheer volume of data.2408 In this case, such an obligation was considered disproportionate and challenging eBay’s business model. The lesser time and effort is needed to control hosted content, the more likely a certain type of control will be considered reasonable.2409 As regards the limitation to “similar” infringements, the Court also determined what kind of infringements fall within the category of similar. This was necessary as the notion of “similar” is not particularly precise, and could refer to infringements by a specific infringer, within a certain category, or with regard to all products by the injured party. As far as auctions of counterfeited goods are concerned, not only repeated auctions of such goods by the same infringer, but also auctions of counterfeited goods by other users will amount to “similar” infringements.2410 This conclusion was based on the fact, that users may re-register to the auctioning website using another pseudonym, and the real identity of an infringer is difficult to establish.2411 Further, the Federal Court of Justice held in the context of unfair competition law, that “similar” infringing sales on eBay include infringements committed by the same user in relation to the same carrier

2406 Ibid; BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I), MultiMedia und Recht 2004, 668, 671 et seq.; Gerald Spindler, Präzisierungen der Störerhaftung im Internet – Besprechung des BGH-Urteils „Kinderhochstühle im Internet”, Gewerblicher Rechtsschutz und Urheberrecht 2011, 101, 104 with further references. 2407 BGH, Decision of 12.07.2007 – I ZR 18/04 (Jugendgefährdende Medien bei eBay), Zeitschrift für Urheber- und Medienrecht 2007, 846, 852; BGH, Decision of 30.04.2008 – I ZR 73/05 (Internetversteigerung III), MultiMedia und Recht 2008, 531, 533. 2408 BGH, Decision of 22.07.2010 – I ZR 139/08 (Kinderhochstühle im Internet), MultiMedia und Recht 2011, 172. 2409 Jürgen Ensthaler/Jürgen Heinemann, Die Fortentwicklung der Providerhaftung durch die Rechtsprechung, Gewerblicher Rechtsschutz und Urheberrecht 2012, 433, 438. 2410 BGH, Decision of 11.03.2004 – I ZR 304/01(Internetversteigerung I), MultiMedia und Recht 2004, 668, 672 2411 Ibid.

674

B. Enforcement Measures Directed at Intermediaries

medium in the same category of goods (e.g. Nazi propaganda, pornography).2412 In conclusion it has been suggested that the monitoring duty stipulated in the Internet auction cases shall be understood as “not turning a blind eye to illegality”.2413 In practice, rights-holders as well as host providers use Hash value filters,2414 and for instance software, that can detect certain images in copyrighted video files2415 in order to identify copyright infringements. Hash value filters will however only allow the identification of files that are a 100% identical with the original file – cutting less than a second of an audio file or altering it otherwise will mean that the file cannot be detected.2416 Obviously, the host provider can only successfully deploy such a filter if he has been notified of a first infringement. In summary, the duty to monitor emerges when a host provider has been notified of a first infringement. In simple terms, liability as a Störer is interlinked with the violation of the duty to monitor – those who, after being notified do not monitor are liable. Once an infringement has been notified, the provider is under an obligation to take all technically and economically possible and reasonable measures to prevent similar infringements in the future. The following paragraphs will explore what this means in particular for providers of file-hosting services.

2412 BGH, Decision of 12. Juli 2007 – I ZR 18/04 (Jugendgefährdende Medien bei eBay), Zeitschrift für Urheber- und Medienrecht 2007, 846, 851. 2413 Thomas Hoeren, The European Liability and Responsibility of Providers of Online-Platforms such as “Second Life”, Journal of Information, Law & Technology 2009, Issue 1, 1, 10, http://go.warwick.ac.uk/jilt/2009_1/hoeren. 2414 Jan Bernd Nordemann, Störerhaftung für Urheberrechtsverletzungen – Welche konkreten Prüfpflichten haben Hostprovider (Contentprovider)?, Computer und Recht 2010, 653, 656 and 659; Stefan Krüger/Simon Apel, Haftung von Plattformbetreibern für urheberrechtlich geschützte Inhalte – Wie weit geht die Haftung und wann droht Schadensersatz?, MultiMedia und Recht 2012, 144, 150. 2415 As regards the content-ID filter employed by YouTube see http://www.youtube. com/t/contentid. In April 2012, the LG Hamburg declared such a contentID filter as not sufficient to escape liability, see LG Hamburg, Decision of 20.04.2012 – 310 O 461/10 (GEMA v YouTube), Zeitschrift für Urheber- und Medienrecht 2012, 596. 2416 If only one second of a song is missing, the hash value will differ from the hash value of the original file.

675

Third Chapter: Content- or Intermediary-Targeted Responses

b) Liability of File-Hosting Services in General The liability of file-hosting services for hosted content has been subject to a number of court decisions in Germany with the result of extensive yet inconsistent jurisprudence. First of all, German courts categorise the providers of file-hosting services as host providers, to whom the limited liability under § 10 TMG (Article 14 E-Commerce Directive) applies. The fact that the file-hoster charges fees for a premium service does not change its status. Hence, a file-hoster will only be liable if he has knowledge of the illegal act or information and as regards claims for damages, is aware of facts or circumstances from which the illegal act or information is apparent, or, upon obtaining such knowledge, does not act expeditiously to remove or disable access to the content. Early judgements held that users committed a copyright infringement by uploading a file onto the servers of a file-hosting service or social media platform.2417 There is now consensus, that file-hosting services as such and cloud-computing services in particular are online data storage services and both offer to a large extent neutral services.2418 Accordingly, the mere upload upon a file-hoster´s servers is no longer considered as an act of making a work publicly available.2419 Instead a work is made publicly available when the URL via which it can be accessed is published. The act of link publication thus constitutes the infringing act. This change in reasoning was necessary, because otherwise the emerging business model of Cloud-Computing services, on which many smart devices rely,

2417 See for instance OLG Hamburg, Decision of 02.07.2008 – 5 U 73/07 (Sharehoster I – Rapidshare), MultiMedia und Recht 2008, 823. 2418 Cf. OLG Hamburg, Decision of 14.03.2012 – 5 U 87/09 (GEMA v Rapidshare), MultiMedia und Recht 2012, 393 with comment by Markus Schröder. Previously, i.e. before 1 July 2010, Rapidshare employed a rewards program that allowed the user to trade "RapidPoints" for a selection of products depending on the number of points the user had collected. In June 2010, RapidShare announced that it would stop this program along with RapidDonations on 1 July 2010 in order to avoid the impression it rewarded its users for uploading copyrighted material. 2419 OLG Hamburg, Decision of 14.03.2012 – 5 U 87/09 (GEMA v Rapidshare), MultiMedia und Recht 2012, 393

676

B. Enforcement Measures Directed at Intermediaries

would have been under serious threat.2420 Moreover, external storage of date would have been legally impossible. In July 2012, in the Alone in the dark case2421, the German Federal Court of Justice gave its first ruling on the liability of file-hosting services that confirmed this approach.2422 It held that file-hosting services are only liable for copyright infringements committed via their service if they have previously been made aware of an obvious similar infringement. The facts of the case were as follows: Atari Europe requested that the provider of Rapidshare, a popular file-hosting service, should cease and desist from making publicly available copies of the popular computer game Alone in the dark on the website www.rapidshare.com. Rapidshare provides storage space; the service provided is comprable to the provision of an online backup service. Rapidshare is a classic file-hoster/sharehoster/one-click hoster. Users of Rapidshare upload files via the Rapidshare website, which are then stored on Rapidshare’s servers. Upon uploading, the user is supplied with a unique download URL which enables anyone with whom the uploader shares the URL to access and download the file. Users can register for a premium service for which they will have to pay but in return receive inter alia unlimited download speed, the possibility of immediate download (instead of a waiting period), simultaneous download of several files, and significantly more storage space. Rapidshare does not provide a file index or allows to search its server for content. However, certain search engines, so-called “indexing sites”2423 allow searches of enlisted files with Rapidshare URLs.2424 When the computer game “Alone in the dark” had been made available for download on Rapidshare’s servers, the rights-holder filed for injunctive relief arguing that the possibility to download the file constituted a copyright infringement. The Regional Court Düsseldorf granted injunctive relief. An appeal by Rapidshare was subsequently dismissed by the Higher Regional Court Düsseldorf.2425 The Federal Court of Justice annulled the 2420 Ibid. 2421 Ibid. 2422 BGH, Decision of 12.07.2012 – I ZR 18/11 (Alone in the Dark), MultiMedia und Recht 2013, 185. 2423 The German court uses the term “Link-Sammlungen” (link collections). 2424 These indexing sites contain data collected and entered by users, see above A. II. 1. File-Hosting Services, Indexing Sites and Link Directories. 2425 OLG Düsseldorf, Decision of 21.12.2010 – I-20 U 59/10 (Rapidshare III – Alone in the Dark), MultiMedia und Recht 2011, 250.

677

Third Chapter: Content- or Intermediary-Targeted Responses

judgement and referred the case back to the Higher Regional Court.2426 The Court held that Rapidshare is neither infringer nor abettor as user had uploaded the files without prior knowledge by Rapidshare. Rapidshare is a host provider and is as such not obliged to monitor information hosted on its server. This applies even where the service provided is prone to copyright infringements. However, Rapidshare was held to be liable as a Störer to cease the infringement and prevent further similar infringements. c) Notice and Stay-Down: Scope of Specific Monitoring Duties of FileHosting Services A specific monitoring duty in relation to the prevention of identical infringements emerges once a host provider has been notified of infringing material. Similar to the controversy on the liability of file-hosting service for third party content in general, controversy existed with regard to the scope of specific monitoring duties that arise following an infringement with in particular the courts in Hamburg arguing that the business model of file-hosting as such triggers monitoring duties. Two major contradicting views existed prior to the decision of the Federal Court of Justice in the Alone in the Dark case: The courts in Hamburg held that the provider of a file-hosting service is under an increased monitoring duty following notification of an infringement. 2427 The provider has to disable access to the file and prevent similar infringements.2428 The Higher Regional Court of Hamburg specified this obligation and held that the provider is obliged to monitor all content of such users that in the past have committed copyright infringements via the platform. Even a specific control of content during its upload was consid-

2426 BGH, Decision of 12.07.2012 – I ZR 18/11 (Alone in the Dark), MultiMedia und Recht 2013, 185. 2427 LG Hamburg, Decision of 12.06. 2009 – 310 O 93/08, Zeitschrift für Urheberund Medienrecht 2009, 863, 864; OLG Hamburg, Decision of 30.09.2009 – 5 U 111/08 (Sharehoster II – Rapidshare), MultiMedia und Recht 2010, 51, 54; OLG Hamburg, Decision of 02.07.2008 – 5 U 73/07 (Sharehoster I – Rapidshare), MultiMedia und Recht 2008, 823; see also OLG Hamburg, Decision of 14.01.2009 – 5 U 113/07 (Usenet I – Spring nicht), MultiMedia und Recht 2009, 631; OLG Hamburg, Decision of 28.01.2009 – 5 U 255/07 (Alphaload), MultiMedia und Recht 2009, 405. 2428 Ibid.

678

B. Enforcement Measures Directed at Intermediaries

erate reasonable.2429 In its first file-hoster case, the Hamburg Court made clear that it considers the upload of a work on a file-hosting service as the act of making a work available to the public.2430 This conclusion ignored that under German law, user have a right to private copy (§ 53 I UrhG)2431 and that the materials are not available to the public by the upload alone; publication requires the distribution of the hyperlink leading to the materials in question. According to the Hamburg court, the implementation of an “abuse” department, password encryption, word filters and the checking of notorious piracy websites for hyperlinks leading to content on the filehoster´s servers does not satisfy the required monitoring obligations if the service is prone to copyright infringements.2432 Moreover, the Court did not consider file-hosting as conducted by Rapidshare as a legitimate business model at all.2433 Later on the Hamburg courts departed from these findings, but nevertheless requested extensive monitoring. The Hamburg Regional Court for instance requested that the social media platform YouTube, in addition to an effective notice and take down regime and its complex and costly content-ID filtering system, has to block user accounts that have been used for copyright infringements, use word filtering to detect further similar infringements and implement a dispute settlement procedure.2434 The latter was considered necessary as a response to potential over-blocking.2435 In comparison, the Higher Regional Court of Düsseldorf considers the extensive monitoring duties discussed by the Hamburg courts unreasonable.2436 The Düsseldorf Court argued that the file-hoster Rapidshare offers a completely neutral service and is not only exempted from direct

2429 See for example: OLG Hamburg, Decision of 02.07.2008 – 5 U 73/07 (Sharehoster I – Rapidshare), MultiMedia und Recht 2008, 823, 827. 2430 OLG Hamburg, Decision of 02.07.2008 – 5 U 73/07 (Sharehoster I – Rapidshare), MultiMedia und Recht 2008, 823. 2431 See above Second Chapter, A. II. 4. c) Non-Applicability of the Private Copying Exception.See also Alexander Klett, Cloud und Privatkopie, Zeitschrift für Urheber- und Medienrecht 2014, 18–22. 2432 OLG Hamburg, Decision of 30.09.2009 – 5 U 111/08 (Sharehoster II – Rapidshare), MultiMedia und Recht 2010, 51. 2433 Ibid. 2434 LG Hamburg, Decision of 20.04.2012 – 310 O 461/10 (GEMA v YouTube), Zeitschrift für Urheber- und Medienrecht 2012, 596. 2435 Ibid, 605. 2436 OLG Düsseldorf, Decision of 27.04.2010 – I-20 U 166/09 (Rapidshare – An American Crime et al), MultiMedia und Recht 2010, 483, 484.

679

Third Chapter: Content- or Intermediary-Targeted Responses

liability, but also from liability as a Störer. Liability as a Störer would require that there are feasible monitoring options. However, according to the Court this is not the case: by blocking certain files via word or text filters, it is impossible to achieve the aim pursued, while manual checks are considered disproportionate due to the quantity of content and the disambiguity of search terms.2437 Furthermore, manual searches on Google would require unreasonable human resources.2438 The Court also held that the blocking of certain IP addresses that have been used for infringements in the past is also not feasible as IP addresses are regularly not used by one single person.2439 In addition to the possibility of shared connections, the Court recognised that IP addresses are often allocated dynamically. As regards link directories, the Düsseldorf Court analysed the feasibility of monitoring notorious link directories in detail, but did not considered their monitoring as a reasonable way to go.2440 A similar conclusion was drawn by the Higher Regional Court of Köln, which held that automatic monitoring of uploads is not possible to detect infringements as the upload as such can be legal, i.e. a private copy without making available to the public.2441 However, the regular manual checking of notorious link directories that are known for disseminating links to infringing content was considered reasonable. Due to different standards of monitoring being requested by different courts throughout Germany, guidance by the Federal Court of Justice that would put an end to the discrepancies was eagerly awaited. The Higher Regional Court recognised in the matter of Alone in the Dark, that “most people utilize RapidShare for legal use” and that, if the contrary were assumed, it would mean “a general suspicion against shared hosting services and their users which is not justified”.2442 One may argue

2437 OLG Düsseldorf, Decision of 27.04.2010 – I-20 U 166/09 (Rapidshare – An American Crime et al), MultiMedia und Recht 2010, 483, 485. See also OLG Düsseldorf, Decision of 06.07.2010 – I-20 U 8/10 (Rapidshare II – Inside a Skinhead), MMR 2010, 702. 2438 Ibid. 2439 Ibid. 2440 OLG Düsseldorf, Decision of 21.12.2010 – I-20 U 59/10 (Rapidshare III – Alone in the Dark), MultiMedia und Recht 2011, 250. 2441 OLG Köln, Decision of 21.09.2007 – 6 U 86/07 (Haftung eines SharehosterDienstes), MultiMedia und Recht 2007, 786, 788. 2442 OLG Düsseldorf, Decision of 21.12.2010 – I-20 U 59/10 (Rapidshare III – Alone in the Dark), MultiMedia und Recht 2011, 250.

680

B. Enforcement Measures Directed at Intermediaries

that this was a surprising conclusion, namely, just because it is not appropriate to have such a suspicion, it should be presumed that most people utilise the services legitimately. The Court did not find it justified to obligate RapidShare, in addition to take down illegal copies when duly notified, to prevent, through a filtering system, repeated uploading of illegal copies of the same works. The Federal Court of Justice saw the factual situation more realistical2443 ly and reversed the ruling of the Düsseldorf court.2444 Although it stated that, in principle, file-hosting services are to be recognized as an appropriate business model, it also ruled that they should duly cooperate with copyright owners not only by removing illegal copies from their system but also by preventing repeated uploading thereof, i.e. if illegal copies of a work are taken down, they should stay down. If Rapidshare does not apply a reasonable filtering system for this purpose, it will be liable for the infringements. Accordingly, it was not sufficient that Rapidshare upon notification in August 2008, removed the respective file immediately, but did not check whether other users had also uploaded a copy of the computer game to its servers, and if so, whether these files were still accessible. It did not come as a surprise that the Court held that it was not sufficient to bar access to only the concrete infringing file that Rapidshare had been made aware of. From the Internet auction cases, it was known, that host providers are obliged to do everything that is technically and economically reasonable – without challenging their business model – to prevent, that the infringements reappears. As regards the computer game Alone in the Dark, this meant that Rapidshare had to prevent that the game could be made available to third parties via its servers. The Court held that this duty had potentially been infringed by the non-implementation of a word filter which scans all uploaded data for the word sequence “Alone in the Dark”. In order to prevent over-blocking, the results of the word would have to be checked manually for infringements. Additionally, the judges considered that the examination of third party indexing sites with “link collections” is generally reasonable to put an end to similar infringements. This being said, Rapidshare can be required to check pertinent indexing sites for results to the search term “Alone in the Dark” in order to identify files that

2443 This is reflected, for example, by the remark that after all “[t]he company is called RapidShare and not RapidStore.” 2444 BGH, Decision of 12.07.2012 – I ZR 18/11 (Alone in the Dark), MultiMedia und Recht 2013, 185.

681

Third Chapter: Content- or Intermediary-Targeted Responses

it cannot itself detect on its own servers by the word filter running on its site. Although the defendant is not the provider of the link indexing site, the defendant can subsequently delete the files containing the computer game on its own servers and thereby prevent access to them. Unfortunately, the Federal Court did not render a final judgment in this matter, but referred the case back to the Higher Regional Court of Düsseldorf2445 holding that the Court had not sufficiently established that the outlined monitoring duties were unreasonable in the specific case. Finally, in September 2013, the Federal Court of Justice clarified in the case of GEMA v Rapidshare that a file-hosting service is under an obligation to monitor indexing websites, if his business model “supports” copyright infringements.2446 Although Rapidshare’s service was not dedicated to copyright infringements, it was noted that the risk of copyright-infringing use was supported by Rapidshare.2447 Already the Higher Regional Court of Hamburg held in this case that Rapidshare is more than a neutral provider, and rather takes over an “active role”. Decisive for establishing an “active role” of Rapidshare in relation to the copyright infringements was the fact that Rapidshare tried to gain financial advantages from potentially infringing services. At the time the claim was made, Rapidshare had employed an awards program for content upload, which has however been ceased in July 2010 in order to avoid the impression that Rapidshare rewards its users for uploading copyrighted material. Accordingly, it can be said, that once a “tendency” can be established that a host provider influences its users to infringe copyright and the host provider benefits indirectly from the infringements, an active role will be attributed to the

2445 OLG Düsseldorf, Decision of 21.12.2010 – I-20 U 59/10 (Rapidshare III – Alone in the Dark), MultiMedia und Recht 2011, 250. 2446 BGH, Decision of 15.08.2013 – I ZR 80/12 (GEMA v Rapidshare). In this case GEMA, a German collecting society, claimed that 4815 music files that belonged to its repertoire were downloadable on Rapidshare without its authorisation. For a comment on the case see Barbara Völzmann-Stickelbrock, BGH: Prüfpflichten für Sharehoster im Rahmen der Störerhaftung – File-HostingDienst, Kommentierte BGH-Rechtsprechung Lindenmaier-Möhring 2013, 352737, and Manuel Finger/Simon Apel, Anmerkung zu BGH, Urteil vom 15. August 2013 – I ZR 80/12 – File-Hosting Dienst, Zeitschrift für Urheberund Medienrecht 2013, 879–882. 2447 Cf. the findings of the previous instance court OLG Hamburg, Decision of 14.03.2012 – 5 U 87/09 (GEMA v Rapidshare), MultiMedia und Recht 2012, 393.

682

B. Enforcement Measures Directed at Intermediaries

provider.2448 An active role means that increased duties exist to prevent further similar infringements. Although most file-hosters have recognised by now, that they must not in any way influence the content upload, the “active role” condition has not become obsolete. An increased duty of care was also based on the fact that Rapidshare allows its users to use the service anonymous. Anonymity was held to be an incentive for illegal behaviour, because users can be practically certain that they will not be sued.2449 File-hosting services that provide for the anonymous use of their service are thus not considered a mere neutral provider.2450 In addition, Rapidshare sells premium accounts for massive downloaders, which are rather attractive for downloading copyrighted materials. Having established an active role of the host provider, extensive monitoring duties arise. With regard to Rapidshare, they currently consist of the following: (i) once an “illegal” link has been notified, similar links have to searched for and checked whether they relate to the protected work in question; (ii) when monitoring link directories/indexing sites, the file-hoster will not only have to check for links containing the file name, but must also search the description of files to identify similar files, i.e. scanning will not be sufficient, the descriptions have to be actually read; (iii) in addition to notorious link directories/indexing sites, the file-hoster will also have to resort to common search engines like “Google, Facebook or Twitter” to search for information about infringing links; potentially also web crawlers may be deployed.2451

2448 See Adrian Schneider, OLG Hamburg: Die Rapidshare-Entscheidung, ein Meilenstein?, Telemedicus (29.03.2012). 2449 Ibid. See with regard to anonymity and illegal behaviour in general Sandra Schmitz, Facebook’s real name policy, Bye-bye, Max Mustermann?, Journal of Intellectual Property, Information Technology and E-Commerce Law 2013, Vol. 4 Issue 3, 190–204. 2450 OLG Hamburg, Decision of 14.03.2012 – 5 U 87/09 (GEMA v Rapidshare), MultiMedia und Recht 2012, 393 et seq. 2451 BGH, Decision of 15.08.2013 – I ZR 80/12 (GEMA v Rapidshare), Kommunikation und Recht 2013, 655.

683

Third Chapter: Content- or Intermediary-Targeted Responses

d) Extensive Monitoring in Practice The German monitoring duty is rather high,2452 considering that it is not sufficient for host providers to remove notified infringing content, but also prevent similar infringements in the future. After being notified of an infringement, the prevention of similar infringements in the future means that the provider has to check constantly – insofar as technically and economically reasonable – all content. The recent case-law has shown, that courts struggled to find a common approach to determine the scope of these monitoring duties. This can be based on the fact, that the reasonable duties of care requested by the providers are not specified in statutory law. It is questionable whether the monitoring duties as finally confirmed by the Federal Court of Justice in compliance with the E-Commerce Directive.2453 The standard required is considerably high in comparison to that required by the jurisprudence of the CJEU. The CJEU requires a fair balance to be struck between the contravening interests of rights-holders, third parties and users, and takes into consideration the economic and legal implications of complex and costly filtering technologies.2454 In contrast, the German courts concentrate solely on assessing what could be reasonably requested from the service provider without a real balancing of interests. It seems that as long as the monitoring duties do not challenge the business model of the service provider as such, they will be considered reasonable. However, following in particular the case-law of the courts in Hamburg, host providers must have gained the impression that their attempts to filter content are not valued enough. Sophisticated filtering as the Content-ID filter deployed by social media platform YouTube had been declared insufficient without the court having assessed the functioning in detail.2455 As a consequence, it has been argued by scholars that no incentive existed for host-providers to employ filtering mechanisms voluntarily, and to invest resources into research and the implementation of

2452 See Georg Nolte/Jörg Wimmers, Wer stört? Gedanken zur Haftung von Intermediären im Internet, GRUR-Beilage 2014, 58, 64. 2453 This will be discussed below. 2454 See only with regard to host providers CJEU, C-360/10, SABAM v Netlog NV, Judgment of 16.02.2012, [2012] 2 C.M.L.R. 18. 2455 The same applied to the VeRI filter deployed by eBay, see Georg Nolte/Jörg Wimmers, Wer stört? Gedanken zur Haftung von Intermediären im Internet, GRUR-Beilage 2014, 58, 64.

684

B. Enforcement Measures Directed at Intermediaries

complex filtering tools.2456 In particular the courts in Hamburg were difficult to satisfy, and thus became attractive for rights-holders seeking to put extensive filtering obligations upon host providers. The Hamburg courts were happy to respond to these demands by introducing extensive monitoring obligations that did pay little regard to the feasibility and appropriateness of certain filtering mechanisms.2457 The argument of potential over-blocking resulting from extensive blocking was considered invalid as long as a dispute settlement procedure was in place.2458 A repeated target for enforcement action has been the Swiss file-hosting service Rapidshare, which – following the judgments of the Federal Court of Justice in the Alone in the Dark case and GEMA v Rapidshare – will have to implement a word filter to filter for similar infringements following notification of a first infringement. The monitoring duties however go beyond the a monitoring of the service provided by the file-hoster and encompass the monitoring of notorious link directories/indexing sites and searches to be conducted via search engines. The file-hoster is obliged to identify not only links that contain the title of the work in question, but also look out for descriptions of the content to which a link leads. This is such a far-reaching duty that it is questionable, whether in practice a filehoster will be able to fulfil this obligation.2459 In this respect one also needs to take into account, that for example GEMA requested Rapidshare to cease and prevent copyright infringements in relation to more than 4800 works. GEMA holds the rights in several millions of works. If a file-hoster was only obliged to manually check a small percentage of this repertoire, the provider would most certainly reach his capacities in terms of human,

2456 Per Christiansen, Störerhaftung des Betreibers einer Video-Plattform wegen Urheberrechtsverletzung, Anmerkung zu LG Hamburg, 310 O 461/10 vom 20.04.2012, Kommunikation & Recht 2012, 533, 534. 2457 Cf. ibid; Georg Nolte/Jörg Wimmers, Wer stört? Gedanken zur Haftung von Intermediären im Internet, GRUR-Beilage 2014, 58, 64. See also LG Hamburg, Decision of 20.04.2012 – 310 O 461/10 (GEMA v YouTube), Zeitschrift für Urheber- und Medienrecht 2012, 596 2458 LG Hamburg, Decision of 20.04.2012 – 310 O 461/10 (GEMA v YouTube), Zeitschrift für Urheber- und Medienrecht 2012, 596, 605. 2459 The practicability has been questioned by Thomas Hoeren, Anmerkung zu BGH: Störerhaftung von RapidShare – Alone in the Dark, MultiMedia und Recht 2013, 185, 188.

685

Third Chapter: Content- or Intermediary-Targeted Responses

organisational and economical resources.2460 Reaching its capacities may in turn mean that the business model as such is under threat. The question remains what the file-hosting service provider can do in order to escape the attribution of having an “active role” in copyright infringements. From the reasoning of the Federal Court of Justice it seems that one option would be to disable the anonymous use of the service. Anonymous use of the Internet has traditionally been thought to be more likely to create negative outcomes.2461 This assumption is for instance one of the reasons the providers of Facebook put forward to enforce their real name policy.2462 Obviously, anonymous speech poses challenges to unwanted behaviour,2463 but it is also one of the safeguards for free speech on the Internet.2464 It would not be appropriate to require all services that could potentially be abused for copyright infringements to introduce real name registration procedures – considering that this would basically include all websites with user-generated content. This would mean that free speech was only free as long as the host provider holds information about the identity of the speaker. The implications of this conclusion are severe.2465 This being said, the sixth senate of the Federal Court of Justice2466 introduced as reasonable monitoring obligation in relation to host providers of blogs a “ping-pong” notice and take down procedure similar to the proce-

2460 See Georg Nolte/Jörg Wimmers, Wer stört? Gedanken zur Haftung von Intermediären im Internet, GRUR-Beilage 2014, 58, 65. 2461 Kimberly M. Christopherson, The positive and negative implications of anonymity in Internet social interaction: “On the Internet, nobody knows you’re a dog”, Computers in Human Behaviour 2007, Vol. 23 Issue 6, 3038, 3042 with further references. 2462 See Sandra Schmitz, Facebook’s real name policy, Bye-bye, Max Mustermann?, Journal of Intellectual Property, Information Technology and E-Commerce Law 2013, Vol. 4 Issue 3, 190, 198. 2463 Anna Vamialis, Online defamation: confronting anonymity, International Journal of Law and Information Technology 2013, Vol. 21, 31, 61. 2464 See Sandra Schmitz, Facebook’s real name policy, Bye-bye, Max Mustermann?, Journal of Intellectual Property, Information Technology and E-Commerce Law 2013, Vol. 4 Issue 3, 190, 198. 2465 The evaluation of this subject matter would go beyond the scope of this research. 2466 In contrast to the file-hoster cases, which were decided by the first senate, the Blog case was decided by the sixth senate. See BGH, Decision of 25.10.2011 – VI ZR 93/10 (Blog), MultiMedia und Recht 2012, 124 with a case comment by Thomas Hoeren.

686

B. Enforcement Measures Directed at Intermediaries

dure enshrined in the US DMCA.2467 If someone claims that a certain blog posting infringes his rights, the provider must forward the complaint to the blogger in question. If the blogger does not respond within a defined time frame, the host provider will have to delete the posting. If the author of the posting substantiates that the posting does not infringe the rights of the claimant, the host provider will have to forward this information to the claimant and ask him to provide evidence for his allegations. In case, the claimant does not respond to this request, the host provider is under no further obligations to monitor. Although in the concrete case before the Court, personality rights infringements were concerned, it has been suggested that this approach could also be applied to infringements of copyright.2468 In conclusion, it remains to be seen whether the efforts undertaken by file-hosters to prevent similar infringements will satisfy the required extensive duty of care. As of now, no real assessment of the reasonableness has been conducted that also pays regard to the technical feasibility and appropriateness of monitoring and active searching for infringements.2469 It is about time, that the Federal Court of Justice turns to the CJEU for a preliminary ruling decision on whether such extensive monitoring is in compliance with the prohibition of general monitoring under the E-Commerce Directive.2470

2467 As regards the DMCA procedure, see First Chapter, A. III. 2. a) aa) The US Digital Millenium Copyright Act. 2468 Cf. Andreas Leupold in: Andreas Leupold/Silke Glossner, Münchener Anwaltshandbuch IT-Recht (3rd ed. 2013), Part 2 para. 667. 2469 This has been criticised by inter alia Christian Volkmann, Aktuelle Entwicklungen in der Providerhaftung im Jahr 2013, Kommunikation & Recht 2014, 375; Andreas Sesing, Anmerkung zur Entscheidung des BGH-Urteil vom 15.08.2013 (I ZR 80/12, MMR 2013, 733) – Zur Frage der Prüfungs- und Handlungspflichten für Sharehoster, MultiMedia und Recht 2013, 737, 739 and Thomas Hoeren, Anmerkung zu BGH: Störerhaftung von RapidShare – Alone in the Dark, MultiMedia und Recht 2013, 185, 188. 2470 Cf. Andreas Leupold in: Andreas Leupold/Silke Glossner, Münchener Anwaltshandbuch IT-Recht (3rd ed. 2013), Part 2 para. 660 et seq.

687

Third Chapter: Content- or Intermediary-Targeted Responses

2. France In accordance with the E-Commerce Directive, French law requires host providers to remove or block access to materials that are illegal upon receiving notice of such materials. Like in Germany, the question in that context is whether notice and take down has to be interpreted as notice and stay-down. Similar to Germany, this question has also been subject to a number of court decisions where rights-holders tried to obtain injunctions against host providers in order to prevent the continuation of infringements. However, in contrast to Germany, host providers will not have to monitor third party websites, but search engines themselves may be under an obligation – following notification – to prevent listings of links directing users to copyright infringing materials. Finally, the case law shows that the assumption made in the introduction, namely, that courts struggle to apply the concepts developed in the advent of user-generated content to new forms of services provided by online service providers, also applies to France. This in particular applies to host providers. Thus, the analysis of potential monitoring obligations needs to be preceded by a short analysis of the concept of host provider and how the original concept has been reshaped and extended to encompass new phenomena. a) Legal Framework: Loi pour la confiance dans l’économie numerique The E-Commerce Directive was transposed into French national law by means of Loi n° 2004-575 de 21 juin 2004 pour la confiance dans l'économie numérique (LCEN)2471. The liability exemptions of the ECommerce Directive for different kinds of provider are incorporated into one single article, Article 6 of the LCEN. Under Article 6-I-2 LCEN a host provider may not be held civilly liable for the activities or information stored at the request of a recipient of these services if they did not have actual knowledge of their unlawful nature or of facts or circumstances making this nature apparent, or if, as soon as they obtained such knowledge, they acted expeditiously to remove or to disable access to these data. Further a host provider may not be held crimi-

2471 Law on Trust in the Digital Economy.

688

B. Enforcement Measures Directed at Intermediaries

nal liable for the information stored at the request of a recipient of these services if they did not have actual knowledge of the unlawful activity or information, or if, as soon as they obtained such knowledge, they acted expeditiously to remove or to disable access to these information.2472 Departing from the wording of the E-Commerce Directive Directive, the LCEN sets forth how knowledge of infringing content can be acquired by way of notification. Article 6-I-5° of the LCEN also serves as a rule of evidence to establish “knowledge” in court proceedings.2473 Accordingly, where a notification does not fulfil the requirements of Article 6-I-5 LCEN, the notification will be void and will not trigger liability of the host provider.2474 One of the requirements for a valid notification under Article 6-I-5 LCEN relates to the precise location of the notified content, because otherwise the hosting provider would in most cases not be able to identify and remove the litigious content. The French legislator added further aspects to the LCEN: pursuant to Article 6-II the host provider is legally obliged to obtain and to keep data of its users that allows their identification in case of dispute. It has been argued that this provision has the potential to ease the handling of liability cases involving host providers.2475 In order not to put host providers into the position of a judge deciding over the legality of the content, the Constitutional Council clarified that liability of host providers only arises where content is clearly unlawful or where the removal of the content was ordered by a judge.2476 In general,

2472 See Article 6-I-3° LCEN. 2473 According to said Article knowledge of illegal content will be assumed, if someone asks for the withdrawal of information giving his name, describing the facts clearly and the reasons for its withdrawal request. The notification has to contain the following: (i) notification date; (ii) details about the notifier (iii) the name and address of the addressee; (iv) a description of the illegal activity and its precise localisation; (v) the reasons why the content should be removed including reference to the legal and factual grounds; (vi) a copy of the correspondence with the author or editor of the illegal information or activities asking for their interruption, removal or modification. In order to deter third parties from filing false notifications, the filing of abusive notifications is an offence and punishable with imprisonment of up to one year and a fine of EUR 15,000. 2474 Cour de cassation, Decision of 17.02.2011 (affaires Dailymotion, Fuzz et Amen). 2475 Thomas Hoeren, The European liability and responsibility of providers of online-platforms such as “Second Life”, Journal of Information, Law & Technology 2009, Issue 1, 10. 2476 Initially, only content of such nature as enlisted in Article 6-I-7 LCEN (child pornography, denial of crimes against humanity and incitement of racial hatred)

689

Third Chapter: Content- or Intermediary-Targeted Responses

the notion of host provider is interpreted broadly by French courts. This has been widely criticised, and it is being suggested to revise the concept of host to reflect the diversity of service providers that exist today in contrast to the time the E-Commerce Directive was drafted.2477 A recent parliamentary report2478 proposed to create – alongside host providers and publishers – the category of “éditeur de services”2479 which gain a direct economic benefit from users accessing hosted content, and to impose upon these éditeurs de services the obligation to monitor the hosted content.2480 As regards the monitoring of content, Article 6-I-7 LCEN restates the principle of Article 15(1) E-Commerce Directive that the host or access provider is under no general obligation to actively monitor content transmitted or stored on his website. In accordance with Article 14(3) E-Commerce Directive, the second paragraph of Article 6-I-7 LCEN allows the judiciary to order host providers to implement targeted and temporary

2477 2478

2479 2480

690

was held to be manifestly illegal. However, courts held that also defamation (TGI Paris, Decision of 15.11.2004) and infringements of intellectual property rights (CA Paris, Decision of 07.06.2006 (Tiscali Media v Dargaud)) fulfil the requirements of manifestly illegal. See Pierre Lescure, Culture-acte 2, Mission «Acte II de l’exception culturelle», Contribution aux politiques culturelles à l’ére numérique (May 2013), p. 400. Rapport d’information des sénateurs Laurent Béteille et Richard Yung, La lutte contre la contrefaçon : premier bilan de la loi du 29 octobre 2007 (February 2011), http://www.senat.fr/rap/r10-296/r10-2960.html (last accessed on 17.05.2014). “Éditeurs de services” may best be translated as “publishing services”. This suggestion has to be seen in the context of the ongoing struggle of courts to hold user-generated content platforms liable for third party content from which they generate remarkable revenues by selling advertising space. One exemplary case in this regard is the judgment of the Paris High Court in TF1 v YouTube (TGI Paris, Decision of 29.05.2012 – RG no. 10/11205). Applying the principles of SABAM v Netlog, the Court concluded that YouTube was a hosting provider and thus, it only had the duty to remove infringing copies of the work in question when it was notified. However, although a five-day delay in removing content was considered unreasonably long, YouTube did not incur any liability for that delay. This conclusion was based on the finding that the conditions of Article L.216-1 Code de la propriété intellectuelle were not met: Article L.216-1 contemplates an infringement where programmes are telecasts or communicated to the public in a place open to the public in exchange for an entrance fee; although the notion of telecasts does not require that access to the site is only granted in exchange for payment, the court concluded that telecasts with free access do not infringe Article L.216-1.

B. Enforcement Measures Directed at Intermediaries

surveillance with regard to specific contents. Article 6-I-8 LCEN stipulates a principle of subsidiarity for injunctions.2481 The French law thus also foresees for injunctions requiring the service provider to cease and desist from an infringement as required by Article 8(3) InfoSoc Directive. French courts imposed an obligation to monitor third-party content with regard to subsequent infringements of a specific subject matter for example on the video platform Dailymotion.2482 This decision has however been overturned on appeal and Dailymotion excluded from liability for further copyright infringing uploads by its users of the disputed content.2483 Although the LCEN does not explicitly state that monitoring of subsequent publications is required by law, French courts recently tend to impose such an obligation on host providers. 2484 What can be witnessed is a shift from a notice and take down rule to a notice and stay-down rule, which will be examined in the following.

2481 As regards the subsidiarity principle in practice see TGI Paris, Decision of 13.06.2005 – RG no. 05/53871 (UEJF, J'Accuse, SOS Racisme et autres v SA Tiscali [Telecom Italia], AFA, France Telecom et autres); Decision of 20.04.2005 – RG no. 05/52674 – 05/53871 (UEJF, J'Accuse, SOS Racisme et autres v Olm LLC et autres), affirmed by CA Paris, Decision of 24.11.2006 – RG no. 05/15722 (SA Tiscali (Telecom Italia), AFA, France Telecom et a. v UEJF, J'Accuse, SOS Racisme et autres), affirmed by Cour de Cassation, Decision of 19.06.2008 – RG no. 07/12244; see also Étienne Montéro/Quentin van Enis, Ménager la liberté d’expression au regard des mesures de filtrage imposées aux intermédiaires de l’Internet : la quadrature du cercle ?, Revue Lamy Droit de l'Immatériel 2008, No. 40, 86, 97. 2482 TGI Paris, Decision of 13.07.2007 (Christian C., Nord-Ouest Production et UGC Images v Dailymotion). The findings were partly revised by the Court of Appeal of Paris in CA Paris, Decision of 06.05.2009 (Christian C., Nord-Ouest Production et UGC Images v Dailymotion), which was also affirmed by Court de Cassation, Decision of 17.02.2011 (Christian C., Nord-Ouest Production et UGC Images v Dailymotion). 2483 CA Paris, Decision of 6.05.2009 (Christian C., Nord-Ouest Production et UGC Images v Dailymotion), affirmed by Court de Cassation, Decision of 17.02.2011 (Christian C., Nord-Ouest Production et UGC Images v Dailymotion). 2484 Cf. Catherine Jasserand, YouTube guilty but not liable for late removal of infringing material, Journal of Intellectual Property Law & Practice 2012, Vol. 7 Issue 11, 790–791.

691

Third Chapter: Content- or Intermediary-Targeted Responses

b) Scope of Any Blocking Obligation: Take down and Stay Down? As aforementioned, the effect of a notice complying with the legal requirements of a valid notification has long been uncertain. The reason for this uncertainty was the underlying question whether the obligation to remove content expeditiously is met as soon as the provider removes the notified content, or whether he must also ensure that the same content is not re-posted in the future. The re-appearance of content that has been removed upon request significantly limits the effectiveness of the procedures laid down in the LCEN: notification relates to specific content at a specific location, however, the litigious content can be available at several locations on a website or reappear quickly after removal. Thus, rights owners usually demand that the obligation of take down following notification of the illegality of content shall encompass an obligation to prevent further infringements of the same kind: notice and take down shall be interpreted as notice and stay down and in case of reappearance of the content in question, the host shall incur liability.2485 If host providers do not comply with this request the rights-holders usually try to obtain an injunction pursuant to Article L 336-2 CPI. Article L 336-2 CPI, which was inserted into the CPI by the Loi HADOPI I, sets forth that where an infringement of copyright or a related right is caused by the content of an online public communication service, the regional court may order (at request of the rights-holder) any measure necessary to prevent or put an end to an infringement of copyright or a related right in respect of any person likely to contribute to resolving the problem without taking into account any liability and without demanding that the measure should be totally effective.2486 The rights owners will usually request the broadest injunction pos-

2485 Cf. Pierre Lescure, Culture-acte 2, Mission «Acte II de l’exception culturelle», Contribution aux politiques culturelles à l’ére numérique (May 2013), p. 401. 2486 This provision was also challenged before the Conseil Constitutionnel, which held that the provision is not unconstitutionnel. The applicants argued that the possibility of blocking might deprive many Internet users of the right to receive information and ideas, and that the wording of the provision is too wide and uncertain, so that providers concerned may preventively restrict access to the Internet. The Court rejected these arguments, stressing that it is incumbent upon a court that has to deal with such a request to order solely such measures that are strictly necessary to preserve the rights involved. See Conseil Constitutionnel, Decision of 27.07.2006, no. 2006-540 DC, paras. 37 et seq.

692

B. Enforcement Measures Directed at Intermediaries

sible by relying on the possibility that a court may “order a measure of such a kind as to prevent or end the damage related to the current content of the website in question”.2487 Like in Germany, the re-posting of content that is identical or similar to content, which had been notified and deleted, became subject to numerous disputes. There was legal uncertainty, whether – in order to keep notifications to a minimum – the obligation to end and prevent damage amounts to a prevention of future infringements of the litigious content. In this respect, host providers obviously wanted to keep their efforts to a minimum and only delete upon notification. Various courts concluded that notice and take down amounts to notice and stay down, and imposed upon host providers a proactive specific monitoring duty requiring them to prevent any future infringements of notified works.2488 Accordingly, liability of a host provider was established for re-posted content identical to the content that had previously been notified and that infringed the same intellectual property rights.2489 The obligation to prevent infringements was held to not only include the prevention of re-posts of the litigious content by the same user responsible for the first infringement, but also to extend to other users.2490 Accordingly, the rights-holder would not have to notify the host provider every time the content is uploaded again, irrespective of the identity of the uploader. At the same time when the German Federal Court of Justice was asked to rule on the scope of monitoring duties, the French Supreme Court was addressed with this question as well. In three separate but similar judgments rendered on 12 July 2012 the French Supreme Court held that the

2487 Cf. Christelle Coslin/Christine Gateau, No 'stay down' obligation for hosting providers in France, Society for Computers and Law (02.07.2013). 2488 See for example CA Paris, Decision of 09.04.2010 (Google v Flach Films and others); CA Paris, Decision of 03.12.2010 (Dailymotion v Zadig Production); CA Paris, Decision of 14.01. 2011 (Google Inc. v Bac Films and others); CA Paris, Decision of 04.02.2011 – RG no. 09/21941 (André Rau v Google & AuFeminin.com); TGI Paris, Decision of 11.06.2010 (La Chauve Souris and 120 Films v Dailymotion); TGI Paris, Decision of 13.01.2011 (Calt Production v Dailymotion); TGI Créteil, Decision of 14.12.2010 (INA v YouTube). These cases concerned either films that could be streamed or downloaded from host providers and/or through links on Google’s video service, or reproductions of photographs on the website aufeminin.com, that were used by Google Images. 2489 CA Paris, Decision of 04.02.2011 – RG no. 09/21941 (André Rau v Google & AuFeminin.com). 2490 Ibid.

693

Third Chapter: Content- or Intermediary-Targeted Responses

subsequent unauthorised upload of litigious content by a different user must be considered as a new infringement that requires a new notification.2491 The Court recalled that such a notification is required for the host provider to have actual knowledge of the illicit nature and the location of the litigious content. Intermediaries do not have any obligation to actively search for illicit content. However, a duty to prevent any future infringements of the litigious content by any users of the service (= stay down) would require an intermediary to search for these infringement, which vice versa would impose upon intermediaries a general obligation to monitor all content.2492 In particular, the Supreme Court criticised the imposition of a monitoring duty that is not restricted in time; only temporary measures shall be allowed. 2493 Non-temporary injunctions were held to be prohibited by Article 6-I-7 LCEN, which implements Article 15 of the ECommerce Directive. The Court emphasised that every restriction of the freedom to receive and impart information must be necessary in a democratic society and strictly proportionate with regard to the aim pursued; the wide stay down obligation in question failed that test. However, the decisions of the Supreme Court do not exclude that the judge can require a host provider to implement measures that aim at preventing the reappearance of the content in question when restricted to a limited number of content and limited in time.2494 This has to be decided on a case by case basis. The French Supreme Court followed the guidelines set up by the CJEU in the SABAM cases (Scarlet Extended v SABAM, SABAM v Netlog) without explicitly referring to them: namely, that injunctions that aim at the prevention of infringements of intellectual property rights must be effect-

2491 Cour de cassation, Decision of 12.07.2012 – Arrêt n° 830 (André Rau v Google & AuFeminin.com); Decision of 12.07.2012 – Arrêt n° 831 (Bac Films v Google France and Inc [1 & 2]); Decision of 12.07.2012 – Arrêt n° 832 (SNEP v Google France). 2492 Instead of many see Cour de casssation, Decision of 12.07.2012 – Arrêt n° 831 (Bach Films v Google France and Inc [1 & 2]), para. “sur le quatrième moyen”. 2493 Ibid. 2494 See also Pierre Lescure, Culture-acte 2, Mission «Acte II de l’exception culturelle», Contribution aux politiques culturelles à l’ére numérique (May 2013), p. 401.

694

B. Enforcement Measures Directed at Intermediaries

ive, proportionate and dissuasive.2495 National courts must not enjoin intermediaries to implement preventive filtering systems of all the electronic communications passing through their services that would indistinctly apply to all their customers at their exclusive expense and without any limitation in time. It is interesting to see, that while the CJEU in SABAM v Netlog set up cumulative criteria that would render a blocking measure disproportionate, the French Supreme Court considered that the “no limitation in time” criterion suffices to qualify proactive filtering as disproportionate. Following the decisions of the French Supreme Court, rights owners will have to send a notice each time content infringing their rights is posted online.2496 This puts them in an unsatisfactory position: they will have to monitor numerous websites for intellectual property rights infringements, while some of the most popular sites (directly or indirectly) benefit financially from the content that is posted on their platforms. The French Supreme Court had no issues basing its conclusion on only one criterion from the SABAM v Netlog reasoning. It is doubtful whether that was the interpretation intended to be given to Article 15 E-Commerce Directive by the CJEU in SABAM v Netlog. As mentioned above, the CJEU test is a cumulative test. The CJEU did not state that where one of the criteria ((i) filtering of all communication, (ii) all customers, (iii) at its exclusive expense and (iv) without any limitation in time) is not fulfilled the filtering will be disproportionate. In this regard the French Supreme Court may have overshot the mark. The Court also did not give reasons why the lack of a time limit rendered the monitoring obligation disproportionate. It is one thing to state that a measure is disproportionate, but another thing to give an explanation. Further, like in Germany, but this time in favour of the host provider, there was no real balancing of interests conducted. In addition, the Court did not give any guidance as to how the disproportionality could be eliminated. One may draw the conclusion that as long as proactive filtering is imposed temporary, the interests of the rights owners are likely to prevail.

2495 CJEU, C-70/10 Scarlet Extended v SABAM, Judgment of 14.11.2011, ECR I-11959; CJEU, C-360/10, SABAM v Netlog NV, Judgment of 16.02.2012, [2012] 2 C.M.L.R. 18. 2496 See also Pierre Lescure, Culture-acte 2, Mission «Acte II de l’exception culturelle», Contribution aux politiques culturelles à l’ére numérique (May 2013), p. 401.

695

Third Chapter: Content- or Intermediary-Targeted Responses

Although the reactions to the judgments of the Supreme Court were mixed,2497 most commentaries concentrated on the prohibition of proactive filtering as such, and ignored that the Court also mentioned – but unfortunately did not discuss – the feasibility of proactive filtering.2498 As relates to Google, it needs to be stressed that the Supreme Court recognised Google’s argument that proactive filtering is not possible with regard to the automatic indexing on its Google video site. Google in relation to its Google Video service however is not a classical provider of hosting services, but rather a search engine. There was no analysis as to whether, and ultimately how, the provision of a search engine differs from that of a provider of a social network like Netlog, and thus, it was not addressed whether the Netlog criteria could be applied at all. Considering the advancements in filtering and blocking technology, stay down obligations may easier be imposed where users upload content on the service provider’s own servers. Of course, the courts will then have to examine the temporary scope of any request for an injunction sought by rights owners. The cases before the Cour de cassation indicate, that courts struggle to apply a system, that has been developed in the last century and was created to achieve an appropriate balance in a time where only few types of services existed, to new forms of services. c) Limits of Notice and Take down and the Shift to Content Blocking by Search Engines As mentioned above, French courts will need to examine whether an injunction requested by rights-holders is temporary and may thus be proportionate. As convenient the injunction may be, their effect is also limi-

2497 Christophe Caron, Responsabilité des hébergeurs : requiem pour le «take down, stay down», Communication Commerce éléctronique 2012, Vol. 14 Issue 9, 28– 30; Milhály J. Fiscor, The WIPO "Internet Treaties" and copyright in the "cloud", ALAI 2012 Congress, pp.40 et seq.; Christelle Coslin/Christine Gateau, No “stay down” obligation for hosting providers in France, Society for Computers and Law (02.07.2013). 2498 See for example Milhály J. Fiscor, The WIPO "Internet Treaties" and copyright in the "cloud", ALAI 2012 Congress, pp.40 et seq.; Christelle Coslin/Christine Gateau, No “stay down” obligation for hosting providers in France, Society for Computers and Law (02.07.2013).

696

B. Enforcement Measures Directed at Intermediaries

ted. They are only ever an effective mechanism when the host providers are within French jurisdiction or otherwise comply with the order. Further, rights-holders may also find it particularly time and cost consuming to send out notifications if content expeditiously reappears after its been taken down and/or where the sheer mass of files requires constant monitoring in order to reduce unauthorised copying. Hence, the French national syndicate of music producers (Le Syndicat national de l’édition phonographique – SNEP) decided to turn to Google as the provider of one of the most popular search engines to bar access to unauthorised copies. The reason for this was the fact that Google’s suggest service provided the suggestions “Torrent”, “Megaupload" and “Rapidshare” when users typed the names of artists or music bands in the Google search bar. Google Suggest autocompletes search queries based on the most popular search terms by other users associated with the term that is being typed in the search bar. As Google would not comply with SNEP’s request, SNEP sued Google to refrain from providing these suggestions, arguing that the search tool made it possible to infringe copyright and related rights by directing users to services that offer illegal downloading. Both, the Court of First Instance2499 and the Appellate Court2500, rejected SNEP's demands based on the findings that the suggested search results were not illegal in themselves. In addition, the blocking of the requested terms would simply make it less easy to find these sites for users that do not already know them, but would in fact not hinder the illegal download of protected works as such. The Supreme Court overturned these rulings, and held (i) that Google's suggest feature actually “provided the means to infringe copyright and related rights” by systematically directing users towards downloading portals, and (ii) that the measures requested by SNEP, while not being totally effective, could in fact “prevent or terminate such infringements” by making it more difficult to find the websites in question.2501 The Court did not

2499 TGI Paris, Decision of 10.09.2010 – RG no. 10/53985 (SNEP v Google France). 2500 CA Paris, Decision of 03.05.2011 – RG no. 10/19845 (SNEP v Google France). 2501 Cour de Cassation, Decision of 12.07.2012 – Arrêt n° 832 (SNEP v Google France). The case has been referred back to a lower court to be reassessed. Interestingly, six months before the ruling by the Supreme Court, Google voluntarily removed "Rapidshare", "uTorrent" and "MegaUpload" from its Google Suggest service.

697

Third Chapter: Content- or Intermediary-Targeted Responses

discuss whether ordering Google to abolish the suggestions in question when users typed the names of SNEP’s artists into the search bar was proportionate.2502 This would have been particularly interesting as the omission of particular suggestions based on popular queries does not effectively block access to the downloading sites. The only effective result of such omission would be that users would not be automatically be confronted with these suggestions, but would need to specifically search for these sites in connection with the artists in question. Although the decision remained silent on many interesting aspects, it indicates a tendency which at the same time could also be seen in German courts in a different context: namely, a differentiation based on whether information is pushed to the attention of a user or whether the information needs to be actively searched for by the user.2503 One may thus say that there is a differentia-

2502 This was not necessary because the court annulled the previous judgment of the Court of Appeal in Paris and referred the case to the Court of Appeal in Versailles. The proportionality test needs to be conducted by the Court of Appeal Versailles to whom the case was referred to for reassessment taking into account the finding that Google Suggest provides the means to infringe intellectual property rights. 2503 See Lawrence Siry/Sandra Schmitz, A right to be forgotten? – How recent developments in Germany may affect the Internet publishers in the US, European Journal of Law and Technology, Vol.3 No. 1, 2012, pp. 3 et seq. The German cases concerned two brothers that were convicted of the murder of the famous German actor Walter Sedlmayr. They both denied and still deny the accusations. The murder, and the subsequent trial and conviction of the brothers, received extensive media coverage in Germany, especially due to controversies surrounding the investigations. When one of them was released from prison, they began to sue publishers in an effort to have their names deleted from archived stories. While archived stories identifying the brothers are legitimate, any new publication must respect their right to rehabilitation meaning that in balancing the interests of those concerned, the personality rights of the brothers would outweigh the interest of the publishers to inform and the public to be informed, In the proceedings, the question arose whether the easy accessibility of these stories, amounts to another quality of the stories that equals that of new reports on the subject matter. While new reports would certainly fail the test of proportionality (time has passed, offenders due to be released, interest of public to be informed about trial and proceedings satisfied), the archived stories are not new publications. Some lower courts have found that the storage of old news stories in online archives equals a current dissemination of the story, thus having the quality of completely new reports (LG Hamburg, Decision of 01.06.2007 – 324 O 717/06, MultiMedia und Recht 2007, 666; LG Hamburg: Decision of 29.02.2008 – 324 O 469/07, BeckRS 2009, 22552; LG Hamburg, Decision of

698

B. Enforcement Measures Directed at Intermediaries

tion between push and pull effect or active and passive access. In Germany, the cases where the Federal Court of Justice conducted this differentiation concerned information in online archives that interfered with the personality rights of the claimants. Although the context of online archives cases is different, in that it concerned personality rights, the similarities in the conclusion are striking similar. The German Federal Court of Justice held, that the provision of out-dated news stories in online archives is legal as long as the archived story does not give the impression that it is up to date or presents or has the characteristics of an afresh publication.2504 In this context it is relevant to know that while news reports on criminal cases may allow the identification of the accused, the personality rights of a criminal will outweigh the public interest in reports about him if time has passed. The easy accessibility of old and often out-dated news stories by search engines as such does not constitute sufficient reason to eliminate “historical memory”.2505 Hence, where articles are clearly identifiable as archived reports, the provision of the article in an online archive is legitimate. In this case, the user will need to actively search for the story. The story will not be dragged to his attention by the publisher, meaning that it

28.02.2008 – 324 O 459/07, BeckRS 2010, 03447; LG Hamburg, Decision of 18.01. 2008 – 324 O 507/07, Neue Juristische Wochenschrift-RR 2009, 120, 121). Other lower courts have found that online archives are comparable to traditional archives for printed works and accordingly, came to the conclusion that there is “no renewal of former statements” (OLG Frankfurt, Decisions of 20.09.2006 – 16 W 55/06 and 16 W 57/06, see also KG Berlin, Decision of 19.10.2001 – 9 W 132/01, BeckRS 2007 02224; LG München I, Decision of 13 June2007 – 9 O 2295/07, BeckRS 2008 03243). The Federal Court of Justice finally held that as long as the story is not pushed to the attention of the reader but is clearly marked as an archived report and requires an active search by the users in order to be accessed, the provision of the news story in an online archive is legal (BGH, Decision of 10.11.2009 – VI ZR 217/08 (rainbow.at); Decisions of 15.12.2009 – VI ZR 227/08 and 228/08 (Deutschlandradio); Decisions of 09.02.2010 – VI ZR 243/08 and 244/08 (Spiegel online); Decisions of 20.04.2010 – VI ZR 245/08 and 246/08 (morgenweb.de)). 2504 BGH, Decision of 10.11.2009 – VI ZR 217/08 (rainbow.at); Decisions of 15.12.2009 – VI ZR 227/08 and 228/08 (Deutschlandradio); Decisions of 09.02.2010 – VI ZR 243/08 and 244/08 (Spiegel online); Decisions of 20.04.2010 – VI ZR 245/08 and 246/08 (morgenweb.de). 2505 See also Walter Seitz in: Thomas Hoeren/Ulrich Sieber, Handbuch MultimediaRecht (2010), Part 8 C, para. 62a.

699

Third Chapter: Content- or Intermediary-Targeted Responses

is not “pushed” to the reader by for example linking it in a current news story.2506 Similarly the French Supreme Court did not argue that the provision of links to file-hosters or torrent indexing sites is illegal, whereas dragging the attention of users to these sites by suggesting them as search terms in connection with the repertoire of the claimants, was providing the means to infringe copyright. Although the decision may be criticised for concluding that the suggestion as such constitutes a means to infringe copyright, hence interpreting the notion of means very wide, the decision shows the same tendency as those by the German court in the online archive cases. The push and pull differentiation requires the court to examine the degree of involvement of the provider in making content available to the public. In this regard, it is important whether the user plays a rather passive role, and the provider actively supports him in accessing files by suggesting search results or links, or whether the provider remains passive and only responds to queries by the active user. 3. Host Provider Obligations: Concerns Relating to Technology and Fundamental Rights a) Dealing with Technological Matters: The Difficulties to Identify Similar or Identical Infringements At this point, the discussion shall be restricted to the difficulties to identify similar or identical infringements, because this lies at the heart of the ability to prevent the continuation of an infringement. Other than the access blocking conducted by access providers, host providers may block access and delete content to infringing materials. As they store the materials in question, they can target only the infringing file and one may assume that do not carry risks of over-blocking. The latter is however not true, insofar as the monitoring duties imposed by German courts are rather extensive and also require the blocking of access or deletion of identical infringements. It has already been outlined that hash value filters may only detect identical infringements that have exactly the same hash value as the original 2506 See Sandra Schmitz/Lawrence Siry, Online-Archive – “Der ewige Pranger im Internet”? in: Jürgen Taeger (ed.), Digitale Evolution (2010), pp. 217 et seq.

700

B. Enforcement Measures Directed at Intermediaries

work. If only less than a second is cut off from a song, this would mean that the hash value filter is unable to identify a file as identical. Word filters are also only successful, where the title of the work in question is included in the file name. Users may however change the name of a file in order to prevent the blocking of a file. Sophisticated filtering like for instance YouTube’s content-ID filter requires the provision of reference data by the rights-holder and thus requires mutual cooperation.2507 However, no matter how sophisticated filtering systems are, there success is mostly limited to identify content that is hosted on the host provider’s servers. With social media platforms or other user-generated content platforms, this will suffice to identify most infringements. The situation with file-hosters is however different. The essence of the service provided is the storage of the protected work, which is legal as long as the link by which the file can be accessed is not made publicly available. Thus, even a (hypothetical) manual check of all uploaded files containing a protected work would not in itself be sufficient to identify an infringement. German courts responded to this problem quite rigorous and require file-hosters upon notification of an infringement to monitor pertinent link directories for links in relation to the litigious content hosted on its servers. In this context, the deployment of web crawlers searching for the content would however not be enough to comply with the monitoring obligations. Moreover, it is required to check not only the file names, but also look for materials that are hidden behind other file names to disguise infringements. In addition, searches must be conducted via search engines to identify further links. Obviously, the German Federal Court recognised that word filters are unlikely to identify all infringements and carry the risk of false positives.2508 The same applies to searches on notorious link directories. However, while the Court certainly recognised that links can be distributed in various ways and references to the content be disguised, the Court ignored the complexity of identifying the links. It is obvious that such extensive

2507 As regards the content-ID filter employed by YouTube see http://www.youtube. com/t/contentid. In April 2012, the LG Hamburg declared such a content-ID filter as not sufficient to escape liability, see LG Hamburg, Decision of 20.04.2012 – 310 O 461/10 (GEMA v YouTube), Zeitschrift für Urheber- und Medienrecht 2012, 596. 2508 Matthias Leistner, Grundlagen und Perspektiven der Haftung für Urheberrechtsverletzungen im Internet, Zeitschrift für Urheber- und Medienrecht 2012, 722, 733.

701

Third Chapter: Content- or Intermediary-Targeted Responses

filtering would not only require complex filtering technology but also manual searches. Considering the sheer volume of data and the number of link directories, fora and indexing sites, the file-hosters are faced with a near impossible task. It is obvious, that the Courts felt the need to respond to the increased use of file-hosters for copyright infringements while recognising that a deletion of the actual infringing act, the publication of the hyperlink, is not feasible because the providers of link directories regularly do not respond to take down requests, and are regularly located outside jurisdiction. The deletion of the content, or at least the blocking of access to the litigious content, thus is considered the easier way to go as the links will no longer be of any use. It is highly questionable whether the monitoring that goes beyond the monitoring of the own service provided and extends to third party platforms is in compliance with secondary EU law and fundamental rights. b) Compliance with Secondary EU Law The basic question that needs to be addressed in respect to all filtering obligations is whether the InfoSoc Directive and the Enforcement Directive, in the light of the E-Commerce Directive, the Data Protection Directive, the E-Privacy Directive and fundamental rights as guaranteed by the ECHR and CFR preclude such a filter obligation. Since the CJEU’s decision in L’Oréal v eBay, and most recently SABAM v Netlog, it is clear that the Directives do not exclude the imposition of specific filtering obligations upon host providers. Thus, the following analysis can be restricted to compliance with the findings in these cases. First of all, the providers in question must fall within the definition of host providers in relation to the content in question. This has not disputed as file-hoster as well as social media platforms “store information provided by the users of that platform, [….], on its servers”.2509 For host providers, the prohibition of general monitoring applies in particular to national measures which would require the host provider to actively moni-

2509 Cf. CJEU, C-360/10, SABAM v Netlog NV, Judgment of 16.02.2012, [2012] 2 C.M.L.R. 18, para. 27.

702

B. Enforcement Measures Directed at Intermediaries

tor all the data of each of its customers in order to prevent any future infringement of intellectual property rights. According to the CJEU in SABAM v Netlog the E-Commerce Directive, the InfoSoc Directive and the IPR Enforcement Directive and thereby the prohibition of a general filtering obligation “must be interpreted as precluding a national court from issuing an injunction against a hosting service provider which requires it to install a system for filtering: – – – – –

information which is stored on its servers by its service users; which applies indiscriminately to all of those users; as a preventative measure; exclusively at its expense; and for an unlimited period,

which is capable of identifying electronic files containing musical, cinematographic or audio-visual work in respect of which the applicant for the injunction claims to hold intellectual property rights, with a view to preventing those works from being made available to the public in breach of copyright”.2510 This prohibition outlines the archetype of general monitoring which infringes Article 15 of the E-Commerce Directive,2511 and does not give any further guidance as to what would be appropriate specific monitoring. This had to do with the question referred to the CJEU for preliminary reference being drafted rather general. The test as such is a cumulative test, meaning that a filtering obligation that fulfils all the criteria is prohibited. Taking the example of Germany, one may argue that host providers are obliged to install exactly such as system as the one precluded by the CJEU, namely a system for filtering of information which is stored on its servers by its users which applies indiscriminately to all service users as a preventative measure exclusively at its expense and for an unlimited period. Although the Federal Court of Justice restricted the monitoring duty to the litigious work and not any further, it requires the active search for infringements in relation to all content stored by all of its users without a limitation in time. Similar monitoring duties were rejected by the French Supreme Court in due consideration that the monitoring of all users in

2510 Ibid, grounds. 2511 Matthias Leistner, Grundlagen und Perspektiven der Haftung für Urheberrechtsverletzungen im Internet, Zeitschrift für Urheber- und Medienrecht 2012, 722, 728.

703

Third Chapter: Content- or Intermediary-Targeted Responses

relation to the litigious content that is not limited in time is disproportionate and not in compliance with EU law. The monitoring obligation in France thus has its limits where content of other users than the original infringer is concerned and where not limitation in time is prescribed. There is no doubt that such a limited monitoring duty is in compliance with the SABAM v Netlog criteria. In contrast, the German approach goes too far and amounts to a general monitoring obligation.2512 From the wording of the CJEU in SABAM v Netlog, it becomes clear that the monitoring of all data in relation to a specific infringement (the “work in respect of which the applicant for the injunction claims to hold intellectual property rights, with a view to preventing those works from being made available”) in the aforementioned scope is prohibited, and not as one may argue, the active search for infringements in general. Thus, the obligation has either to be restricted to specific user(s) or data, and/or be limited in time. Although it is understandable that it is necessary for the identification of infringements to check whether the links granting access to the litigious content have been made publicly available, a monitoring that even goes beyond pertinent link directories goes even further than the monitoring of content stored on own servers. In addition, the technical feasibility of such monitoring and its effectiveness and the necessary efforts to be taken when thousands of works are concerned, has not been addressed by the courts. The necessary measures to prevent identical infringements have also not been construed in the light of the requirements stemming from the protection of the applicable fundamental rights. The German Federal Court of Justice did not even take into consideration the judgment of the CJEU in SABAM v Netlog, and only briefly noted that the extensive monitoring would be in compliance with the findings of the CJEU in L’Oréal v eBay. Obviously the Court sought to respond with its extensive monitoring obligation to the problem that the anonymised usage of file-hosters makes it difficult to pursue action against direct infringers. This intention does however not justify setting aside almost completely a fair balancing of the contravening interests. If courts want to impose extensive monitoring duties upon service providers, they can do so as long as the service providers are not classified

2512 Cf. Andreas Leupold in: Andreas Leupold/Silke Glossner, Münchener Anwaltshandbuch IT-Recht (3rd ed. 2013), Part 2 para. 660 et seq.

704

B. Enforcement Measures Directed at Intermediaries

as host providers to which Article 15 of the E-Commerce Directive applies. The approach taken, i.e. to accredit an active role to a service provider in order to base on this active role increased monitoring duties, and nevertheless classify the provider as a host provider is not possible under the current regime. This being said, the Federal Court of Justice ignored the jurisprudence of the CJEU on the interpretation of the aforementioned Directives. The obligations imposed upon file-hosters are not in compliance with secondary EU law, in particular Article 15 of the E-Commerce Directive. c) Conformity with Fundamental Rights of Host Providers Monitoring obligations that are imposed upon host providers interfere with their freedom to pursue business and their right to impart information by third parties. aa) Freedom to Pursue Business and Property Rights Filtering and monitoring obligations interfere with the host providers’ rights to pursue business and their right to property as guaranteed by Article 1 of the Protocol No. 1 to the ECHR (and Articles 16 and 17 CFR). The freedom to conduct a business includes, inter alia, the right for any business to be able to freely use, within the limits of its liability for own acts, the economic, technical and financial resources available to it.2513 The adoption of monitoring duties such as those discussed above constrains its addressee, the host provider, in a manner which restricts the free use of the resources at his disposal because it obliges him to take measures which may represent significant cost for him.2514 Similar to the administration of copyright infringement reports and lists in the context of a graduated response scheme, the imposition of monitoring obligations, that even go beyond the monitoring of the own platform have also a considerable impact on his human resources and require in addition complex tech-

2513 Cf. CJEU, C-314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, Judgment of 27.03.2014, para. 49. 2514 Cf. ibid, para. 50.

705

Third Chapter: Content- or Intermediary-Targeted Responses

nical solutions. However, at least in France, the obligation does not seem to infringe the very substance of the freedom of host providers to conduct their legitimate business models. The situation may be different in Germany where monitoring extends to pertinent link directories and searches via popular search engines. In that context, it needs to be recalled, how and to what extent host providers in Germany are required to monitor external content. First of all, it needs to be noted that monitoring duties increase in parallel to the active involvement of the provider in the infringements. Although this is rather of relevance in the ultimate balancing test, at this point it is necessary to look at the extent in order to determine what kind of monitoring is still considered to be legitimate by German courts (irrespective of whether it is non-compliant with the E-Commerce Directive). The increased monitoring as described above relates so far to file-hosters only because they are considered to be more than neutral intermediaries by allowing anonymous usage of service and benefitting financially from high traffic volume as well as an established high number of infringements. An obligation such as that at issue leaves it to the filehosters to determine the specific means to be taken in order to achieve the result sought, thereby allowing the file-hosters to put in place measures which are best adapted to the resources and abilities available to him. However, the courts also declared what measures they will not consider sufficient, leaving in practice not much discretion to the file-hosters. By proving that he has taken all reasonable measures, the file-hoster would avoid liability. The possibility of exoneration has the effect that the filehoster will not be required to make unbearable sacrifices considering that he is not the author of copyright infringements. However, the question of reasonableness is a question that has not been properly assessed by German courts. If a host provider is obliged to actively search for further infringements of the same kind, he essentially has two choices: to implement a monitoring system that would search the hosted content for infringements. However, as noted above hash value filters only identify exact copies of the original work and not slightly modified versions, while word filters may return false positives and only identify files that carry the name of a protected work, which can in turns be inconclusive. Word filtering brings with it false positives and a risk of over-blocking. However the latter can be reduced by blocking the content first and implement a dispute settlement scheme which allows users to file a complaint if their legitimate con-

706

B. Enforcement Measures Directed at Intermediaries

tent is blocked.2515 Alternatively, in order to avoid over-blocking, the host provider would have to check results manually as well. When in Germany the monitoring duty would go as far as requiring the screening of notorious indexing websites and link directories, it seems obvious that additional manpower would be needed. Though this may be just and fair considering that many file-hosting services generate profits from the provision of their services, no excessive financial burden must be placed on them that would render their business model inoperable. Although it is not yet known how much a monitoring system that would be able to satisfy the monitoring duty imposed on for instance Rapidshare would cost, it seems obvious that the core of the business is interfered with. The extent of monitoring required is hardly feasible from a technical perspective, and as mentioned above, clearly requires manual checks. Considering that 500,000 files are uploaded per day, the court concluded that this results in 30,000 infringements.2516 The German rights-holders association GEMA applied for an injunction with regard to more than 4,800 by one single application. Considering that the deployment of software would not be sufficient according to the court, and disguised or hidden files must be manually searched for, the personal and financial resources necessary pose a severe threat to small businesses and also severely affect the service of file-hosting as such. It is questionable whether file-hosting can comply with the obligations and be economically feasible.2517 The German Federal Court of Justice was not satisfied that less intrusive measures may be available to file-hosters such as for instance the content-ID filtering system as deployed by YouTube. The software is able to detect infringements by using reference data; the software is able to identify whether content corresponds – even in part – to that reference data.2518 Content-ID also allows rights-holders to decide, what the users

2515 Matthias Leistner, Grundlagen und Perspektiven der Haftung für Urheberrechtsverletzungen im Internet, Zeitschrift für Urheber- und Medienrecht 2012, 722, 733. 2516 BGH, Decision of 15.08.2013 – I ZR 80/12, Kommunikation & Recht 2013, 655, 658. 2517 See Joerg Heidrich, Weitergehende Prüfpflichten bei besonderer Gefahrengeneigtheit eines File-Hosting-Diensts, K&R-Kommentar, Kommunikation & Recht 2013, 655, 659. 2518 As regards the functioning of the Content-ID filter see Georg Nolte/Jörg Wimmers, Wer stört? Gedanken zur Haftung von Intermediären im Internet, GRURBeilage 2014, 58, 65.

707

Third Chapter: Content- or Intermediary-Targeted Responses

may do with their repertoire. Parallel to the system of Content-ID filter, YouTube deploys a dispute settlement procedure by which disputes can be settled between the uploader and the rights-holder. However, this system is a purely voluntary system and depends on cooperation between the rights-holders and the host provider. Another less intrusive measure that would also be in conformity with Article 15 of the E-Commerce Directive would be the monitoring of accounts of those that have already infringed copyright instead of monitoring the data of all users. As previously mentioned the mere upload of a file onto the file-hoster’s servers does not infringe copyright. Only when the link is made publicly available an infringement is established. Thus monitoring the data of all users on the platform to identify copies of the litigious content is useless without checking whether the access link has been distributed. If only the accounts of those that have infringed copyright before, or even those accounts that have infringed copyright in the litigious work, were monitored, this would already reduce the amount of data to be checked tremendously. Further, a specific monitoring obligation must be clearly defined in order to make it practicable. When in Germany courts order the prevention of similar infringements by all users and in relation to all data hosted in the future, in practice, this may amount to a general obligation to monitor content. Although, the monitoring obligations as such pursue a legitimate aim, namely the protection of the intellectual property rights of the copyright owners, the interference with the host providers’ rights cannot be justified when they have to monitor all content of all users at their own expense without a limitation in time. bb) Right to Impart Information Created by Third Parties Monitoring obligations also interfere with the service provider's right to impart information created by third parties. This interference is however only minor in comparison to the interference with their right to pursue business. Further, when file-hosting services are concerned, one needs to be aware that their primary aim is not the dissemination of information but the provision of external storage capacities. It may however play a role where indexing sites and link directories are concerned. In this regard, it also needs to be taken into consideration that especially the ECtHR differentiates between, on the one hand, expression and content that is message 708

B. Enforcement Measures Directed at Intermediaries

driven, and on the other hand, “commercial speech”. 2519The latter, which is merely money driven does not enjoy the added value of the protection guaranteed by Article 10 ECHR, and thus, the margin of appreciation of domestic courts is rather wide.2520 As the monitoring would not just apply to the accounts of users that have infringed copyright before, but to all users and all data hosted, Internet users who are using the file-hoster’s service in a lawful manner for example for lawful data back-ups or the storage of own works, would also be affected by the monitoring in their right to freedom of information. In this respect, the CJEU held in UPC Telekabel Wien, that measures adopted by the service provider must be strictly targeted, in the sense that they must serve to bring an end to a third party’s infringement of copyright but without thereby affecting Internet users who are using the provider’s service in order to lawfully access information.2521 This can be applied by analogy also to host providers, meaning that the obligation must not be targeted against all users of the service when there are also users that use the service in a lawful manner. Failure to strictly target the monitoring, results in an unjustifiable interference in the freedom of information of the legitimate users in the light of the objective pursued.2522 d) Extensive Monitoring and a Fair Balance of Rights From the above analysis it becomes obvious that extensive monitoring does not put sufficient weight on the rights of host providers. A fair balance can hardly be achieved when already the legitimate business as such is substantially affected. This does not mean that there is no appropriate filtering that goes beyond the mere deletion of notified content as required in France and at the same time is less intrusive than the general monitoring obligation imposed upon file-hosters in Germany.

2519 ECtHR, Mouvement Raëlien Suisse v Switzerland, Judgment of 13.07.2012 – Application No. 16354/06, para. 61 with reference to Markt Intern Verlag GmbH and Klaus Beermann v Germany, Judgment 20.09.1989 – Application No. 10572/83. 2520 Ibid. 2521 CJEU, C-314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, Judgment of 27.03.2014, para. 56. 2522 Cf. ibid.

709

Third Chapter: Content- or Intermediary-Targeted Responses

First of all, in addition to the severe interference with the rights of host providers, it shall only briefly be mentioned that the (German) national courts have ignored, that the systematic monitoring of data, may interfere with the privacy rights of users, in particular when users have registered for the premium service and provided payment details. As regards the rights and interests of users, the German courts limited the discussion to safeguards against over-blocking, by suggesting the implementation of an internal dispute settlement procedure, where user could appeal unjustified content blocking. This indicates that host providers are advised to block access rather than delete in order to avoid the deletion of legitimate content. Considering that the content may constitute own data of the users, the deletion of such content would also interfere with the property rights of users. It is difficult to assess the rights of users in abstracto as the severity of interferences with their rights and interests depends on the particular filtering regime employed. As stated above, the extensive monitoring obligations imposed by the German courts are likely to be disproportionate when the service that is targeted is used by many users legitimately. In this case the monitoring of the content of all users appears to assume that all users are infringing and thus give a reason to be monitored. It is difficult to determine when exactly users are triggering monitoring. As regards file-hosting providers, monitoring duties increase in parallel to the active involvement of the provider in the infringements. Although still considered to be host providers, from allowing anonymous usage of their service and benefitting financially from high traffic volume, in connection with the establishment of a high number of infringements,2523 it seems that the courts draw the conclusion that the provider “turned a blind eye” to copyright infringements. At least these factors are considered as risk factors that – according to a German court – may justify increased obligations to prevent identical infringements in the sense of the prevention of all infringements of the litigious content without any limitations. The main issue with monitoring obligations is, that as long as they are not clearly defined, they create legal uncertainty. The determination of what is technologically and economically reasonable monitoring is however important for the Internet economy. Service providers must be in a

2523 Rapidshare itself admitted that approximately 5 to 6% of uploads will be infringing. Considering that 500,000 files are uploaded per day, the court calculated that this makes 30,000 infringements. BGH, Decision of 15.08.2013 – I ZR 80/12, Kommunikation & Recht 2013, 655, 658.

710

B. Enforcement Measures Directed at Intermediaries

position so as to calculate the risks they may be confronted with – as well as to foresee the costs associated with risk-avoidance. The Federal Court of Justice is correct in concluding that file-hosters are not ordinary host providers. In particular in the early years of file-hosting, the operators of these services provided incentives for users to use the service unlawfully. Thus, it is understandable that they could not be considered to benefit from the liability exemptions under the E-Commerce Directive in the same way as completely neutral providers. However, in particular Rapidshare had abolished its early reward model and had taken a number of measures to prevent copyright infringements. The company had founded an abuse department, which responded to take down requests considerably quick.2524 Further Rapidshare deployed a MD5 filter2525, a hash value filter that is able to detect identical infringements. In addition, Rapidshare also created an interface for rights-holders that allowed them to delete infringing data themselves.2526 Even the combination of these preventive measures did not satisfy the extensive monitoring duties that arise in relation to a protected work following a first infringement. The German Federal Court of Justice held that the omission to also check pertinent “link collections” for the litigious content infringed the monitoring duties. Following the decision in GEMA v Rapidshare, the monitoring extended even to unspecified pertinent links collections. A file-hoster will not only have to check the link collections for litigious content but also examine the description of the files as it may not be evident from the link as such or the heading that it relates to the work in question. Further, popular search engines like Google or social media like Twitter should be checked for infringements. The Court ignored that this basically means that file-hosters will have to search the whole World Wide Web. First of all, they can never be sure, what “link collections” will be considered pertinent. The case law from the UK that has been addressed above in the context of access blocking by access provider has shown, how fast content is moved, platforms may reappear under a new domain, and new link

2524 Joerg Heidrich, Weitergehende Prüfpflichten bei besonderer Gefahrengeneigtheit eines File-Hosting-Diensts, K&R-Kommentar, Kommunikation & Recht 2013, 655, 660. 2525 MD5 stands for Message-Digest algorithm 5. 2526 See Joerg Heidrich, Weitergehende Prüfpflichten bei besonderer Gefahrengeneigtheit eines File-Hosting-Diensts, K&R-Kommentar, Kommunikation & Recht 2013, 655, 660.

711

Third Chapter: Content- or Intermediary-Targeted Responses

directories enter the market. Links may also be distributed in chats, via Usenet, etc.. Considering the aforementioned amount of data, it is evident that additional staff would be required to comply with the monitoring duties. In addition, it remains unclear what searches shall be conducted via search engines. In this context, it must be noted that the Court addressed Facebook and Twitter as “common search engines” which indicates the lack of understanding of social media platforms, and moreover of technology as such, by the Court.2527 It must be noted that the search query “Alone in the Dark” on google.de listed 24,300,000 results as of June 2014, while the query “Alone in the Dark” and Rapidshare still returned 209,000 results. Considering that the GEMA v Rapidshare case alone related to 4,800 works, it seems that the Court underestimated the personal and economical capacities of Rapidshare which at the time in question had 60 staff members.2528 In addition, following blocking injunctions against search engine providers like in France, search engine may not only block results for French users, but do so elsewhere as well, which adds to the difficulties for file-hoster to find infringing content. The Court also overshot the mark of what is required by the Störerhaftung, which does not require a 100% prevention of infringements, but merely a reduction of the risk of infringements.2529 In this respect, Article 11 of the IPR Enforcement Directive sets forth that an injunction must be “aimed at prohibiting the continuation” of an infringement. In connection with the requirement that all measures must be proportionate, it is clear that non-infringers that in some way contribute to an infringement are not required to guarantee the cessation of infringements. Another point for criticism is the rather negative perception of the Federal Court of Justice of anonymous use of Rapidshare that is not only considered to prevent legal action against the direct infringer, but also as lowering the threshold for illegal behaviour. Considering that in Germany, telemedia services are obliged to provide for the anonymous or pseudonymous use of their service,2530 this can be seen as an open criticism on the weight attributed to data protection.

2527 Ibid. 2528 See ibid. 2529 Matthias Leistner, Grundlagen und Perspektiven der Haftung für Urheberrechtsverletzungen im Internet, Zeitschrift für Urheber- und Medienrecht 2012, 722, 732. 2530 See § 13 VI TMG.

712

B. Enforcement Measures Directed at Intermediaries

The conclusion reached by the Federal Court of Justice is ultimately the result of a misjudgement of what is technologically and economically feasible monitoring, and did not assess the proportionality of the obligations imposed in an appropriate manner. In particular little regard was paid to less intrusive measures such as requiring a registration of users under their real name (which would have to be balanced against the interest of the users in protecting their personal data), or limitations of downloads or traffic as such. While the deletion of accounts is regularly considered as insufficient,2531 the situation may have been different with regard to Rapidshare. The service of Rapidshare was only convenient when users subscribed to a premium account. Thus, it is questionable whether blocking of users could not be conducted based on the fact that they are unlikely to subscribe to several new accounts once they have already paid. While this may more likely be a less intrusive measure for users that up- and download, pure uploaders would at least face new registrations with every account blocked. Another feasible monitoring would also be an internal filtering for litigious content and a subsequent check of downloads of that content from one particular account. This could also be automatized. By identifying irregular numbers of downloads of a protected work, this content could at least be blocked. A solution on how to determine reasonable and appropriate filtering in general could be to require the rights-holder to define in his application for an injunction the means that he considers appropriate. The host provider that is targeted should then be able to rebut the appropriateness of specific measures by explaining why these measures are not feasible or reasonable in his particular case. However, this would not avoid the fragmentation of intermediary liability that has been encountered not only throughout Europe, but even within individual jurisdictions.2532 What is needed is clear guidance by the CJEU on whether the prevention of identical infringements must be interpreted as to extend to all infringements of the litigious content on the platform in question, or needs to be restricted any further.2533 With regard to the latter, the double identity requirement suggest-

2531 Cf. the Internet auction cases of the Federal Court of Justice cited above. 2532 Cf. With regard to the UK Daithí Mac Síthigh, The fragmentation of intermediary liability in the UK, Journal of Intellectual Property Law & Practice 2013, Vol. 8 No. 7, 521-531. 2533 Cf. Andreas Leupold in: Andreas Leupold/Silke Glossner, Münchener Anwaltshandbuch IT-Recht (3rd ed. 2013), Part 2 para. 661.

713

Third Chapter: Content- or Intermediary-Targeted Responses

ed by the Advocate General Jääskinen in L’Oréal v eBay could also be reconsidered in defining the notion of “identical infringement”.2534 Under such a double requirement of identity, a host provider could comply with specific monitoring duties if he shuts down the account of the infringing user to prevent future infringements committed by the same user and in respect to the same work that had previously been infringed.2535 Limiting “identical infringement” to infringements by the same user in respect to the litigious content would not only put host providers in a position to determine whether an“identical infringement”occurred. It would also mean that host providers must not actively search all content hosted for infringements. Rapidshare had drawn consequences from being faced with extensive monitoring obligations: Already following the Alone in the Dark case, Rapidshare reduced the maximum traffic per upload and has thereby rendered its service unattractive for mass-scale downloads.2536 However, it must be noted, that this had little effect on the problem of file-hosting and copyright infringements. New file-hosters entered the market, which is currently more diverse than ever. While in the aftermath of the copyright disputes Rapidshare’s popularity declined and as a consequence the service was ultimately shut down in March 2015, new services emerged with locations in considerably safe harbours like the Carribean or Eastern Europe; these services do not even respond to take down requests.2537 Thus, making a service, that was willing to cooperate in putting an end to infringements, unattractive for users, turned out to be Pyrrhus victory like the access blocking to link directories and indexing sites in the UK. With every service that is shut-down or blocked, new services emerge – and are welcomed by consumers.This assumption is supported by evidence from a Dutch research study, that has been discussed in context of blocking under section 97A CDPA 1988 in the UK: blocking has no lasting net impact on

2534 See Opinion of Advocate General Jääskinen in case C-324/09 L’Oréal v eBay, delivered on 09.12.2010, paras. 169 to 182. 2535 Cf. ibid, para. 182. 2536 See Joerg Heidrich, Weitergehende Prüfpflichten bei besonderer Gefahrengeneigtheit eines File-Hosting-Diensts, K&R-Kommentar, Kommunikation & Recht 2013, 655, 661. 2537 Ibid, 662.

714

B. Enforcement Measures Directed at Intermediaries

the percentage of users downloading from illegal sources, as users turn to alternatives to the blocked website.2538 Further, the French Supreme Court’s decision against “notice- and stay down” does also fail to provide an answer to the ongoing debate on the future of specific monitoring. It rather leaves rights-holders with a blunt instrument to enforce their rights. File-sharing networks or other websites where files are shared are essentially about sharing, meaning that once a file has been uploaded, it will be copied, and leaving numerous copies in circulation. The rights-holder will need to send a copyright infringement notification relating to each single copy that is being disseminated. There is no chance of obtaining an injunction requiring the service provider to prevent the re-distribution of a particular work; an injunction is limited in scope to the work being made available by one particular user. So it becomes understandable that rights-holders are now also turning to an indirect mechanism of information control by addressing search engines in order to make it more difficult to find information about the location of unauthorised copies or infringing files. As mentioned before, file-hosters for instance do no provide a search function for the materials stored on their servers. Thus, users will either directly access pertinent link directories or, and this is probably the most easy way or a good starting point, conduct a search via a search engine to find out on which link directory or indexing site information about the location of a requested file is stored. Considering the amount of data on the World Wide Web, search engines are essential to find information.2539 The effective use of the Internet is only guaranteed when search engines facilitate access to content. It has been said that for information to exist on the Internet, it has to be indexed by a search engine.2540 Online content that cannot be found via a search engine is factual non-existent for the general public. Users depend in general on search engine technology to be able to find and access information.2541 By blocking certain search results, the blocked information 2538 Ibid. 2539 Cf. Wolfgang Schulz/Thorsten Held/Arne Laudien, Search engines as gatekeepers of public communication: Analysis of the German framework applicable to Internet search engines including Media Law and Anti-trust Law, German Law Journal 2005, 1419–1432. 2540 See Lucas D. Introna/Helen Nissenbaum, Shaping the Web: Why the politics of search engine matters, The Information Society 2000, Vol. 16, 169, 171. 2541 See Inka Frederike Brunn, Cache Me if You Can (2012), pp. 189 et seq. with further references. Therefore one may argue that there is a common interest to

715

Third Chapter: Content- or Intermediary-Targeted Responses

becomes “less visible” and basically vanishes in the Deep Web, the “unindexed … terrain of the Internet”.2542 Search engines are critical chokepoints acting as the link between readers and information by making information accessible.2543 In addition to facilitating access to online content, search engines also have an influence on which content is received.2544 In 2004, a German research study has found that 74% of German Internet users rely on search engines as their primary tool to find information on the web.2545 The approach to require Google and co. to refrain from displaying certain search results also seems to be in compliance with the reasonableness requirement.2546 It does neither require host providers to search the notorious websites themselves, nor conduct searches via search

2542 2543

2544

2545 2546

716

guarantee the overall functioning of search engines, cf. LG Frankfurt, NJW-RR 2002, 545, 546. See Emily Laidlaw, Internet gatekeepers, human rights and corporate social responsibilities (2012), p. 165. Emily Laidlaw, Internet gatekeepers, human rights and corporate social responsibilities (2012), p. 166; for search engines as gatekeepers see also Wolfgang Schulz/Thorsten Held/Arne Laudien, Suchmaschine als Gatekeeper, pp. 13 et seq. with further references. Inka Frederike Brunn, Cache Me if You Can (2012), pp. 190 et seq. The selective and prioritised presentation of content has some influence on media consumption by the users (see Burkhard Danckert/Frank Joachim Mayer, Die vorherrschende Meinungsmacht von Google – Bedrohung durch einen Informationsmonopolisten?, MultiMedia und Recht 2010, 219). Hence, search engines do not only provide access to information; in providing access, they also have an editorial and selective role (Inka Frederike Brunn, Cache Me if You Can (2012), p. 191). One may thus pose the question whether search results are expressions by the search engine provider. As a consequence, there would also be an interference with the search engine provider’s freedom of expression. This question may in particular arise with regard to autocomplete functions, where the search engine suggests further search terms in connection to the search the user has started, for instance if a user searches for a song and the search engine autocompletes this search with “bitTorrent”. It is difficult to see, how programming of algorithms that autocomplete searches with popular search terms or influence page ranking could be considered as expression of opinion by the search engine provider. Birgit van Eimeren/Heinz Gerhard/Beate Frees, ARD/ZDF-Online-Studie 2004, Internetverbreitung in Deutschland: Potenzial vorerst ausgeschöpft?, Media Perspektiven 2004, No. 8, 350, 355. As regards the measures being reasonable for search engines see above B. IV. 2. c) Limits of Notice and Take down and the Shift to Content Blocking by Search Engines.

B. Enforcement Measures Directed at Intermediaries

engines for infringing content. Further, search engines are likely to comply with the requests/injunctions as their service usually falls within national jurisdiction.2547 In contrast, notorious services are commonly located abroad, operators hide identities, and no point of contact is provided in order to not be bothered with legal obligations. Finally, the German case-law shows that courts can also be rather creative in constructing monitoring duties of services that are already trying to comply with domestic laws as they have an economic interest to conduct business within national jurisdiction. Nevertheless the courts have construed far-reaching duties that they consider to be still permissible under the E-Commerce Directive as specific monitoring duties although they extent to a systematic filtering of all data passing through their service. In doing so, the German judges unfortunately revealed a lack of understanding of technology by demanding the (rather) impossible. Extensive filtering is being justified by way of a neutrality test that allows for far-reaching duties if the provider has an active role in relation to the copyright infringements. The filtering in question however blurs the lines between specific and general monitoring; this is something that must be avoided. In France, this led to the discussion of whether another category of provider needs to be introduced that is something in-between content and a host provider – a category that also seems to be favoured by the Federal Court of Justice in Germany, when it requires more extensive filtering from file-hosters than ordinary host providers. It is urgently required that the CJEU specifies the guidance given in the SABAM cases, in order to provide for a uniform interpretation of the relevant EU Directives and an approach that considers the fundamental rights of all actors involved.

2547 With regard to Google and Spanish jurisdiction see CJEU, C-131/12, Google Spain and Google Inc v Agencia Española de Protección de Datos (AEPD), Judgment of 13.05.2014.

717

General Conclusions

The above analysis of different copyright enforcement schemes has shown that the adaption of existing copyright enforcement systems to the 21st century proves difficult. However, equally difficult is the drafting of new enforcement legislation. Some of the very recent legislation that has been subject to this research shows blindness to the limits on these laws’ ability to exercise control over Internet users. Similarly, the application of traditional copyright regimes is characterised by a result-oriented approach that too often expresses a lack of understanding of technology. Graduated response schemes that were deemed to be the silver bullet against copyright infringements, do not seem to be as successful as predicted. While the French model is currently under revision for being too expensive in light of the results achieved, the UK scheme makes little progress in its implementation. The legal analysis has proven that the UK is well advised to refrain from implementing the current draft as it fails to strike a fair balance between the interests of copyright owners on the one hand and Internet access providers and Internet users on the other hand – irrespective of whether the final sanction would mean a suspension or limitation of Internet access. As regards the latter, this research has proven that interferences with Internet access constitute an unjustifiable violation of Internet users’ right to seek, receive and impart information and opinions. In contrast to the graduated response schemes, civil enforcement against users does not put any burdens on access providers, but is prone to abuse when scare tactics are used to achieve compliance. The analysis has shown that the weakness of user-targeted sanctions is the difficulty to identify the actual infringer. With action being targeted against potential non-infringers, it is difficult to respect the principle of proportionality, and to achieve that enforcement is perceived as fair and just. Hence, it is not surprising that rights-holders are returning to third parties to enforce their intellectual property rights. While in the early days of the Internet, legal action was directed against the innovators, there has now been a shift to online intermediaries. Online intermediaries, no matter whether access providers, host providers or search engines are considered

719

General Conclusions

as gatekeepers and as such to be in a position to not only regulate user behaviour but also to limit access to infringing materials. In this regard, issues arise in relation to the scope of monitoring and blocking that can be legitimately required. In this respect, the focus must not be solely on what is technologically feasible; attention must be paid to the capacities of the service provider concerned because otherwise the operation of legitimate and innovative services is at risk. This being said, the following final conclusions recapitulate some of the main problems identified by this research before the prospects of copyright enforcement are addressed. A. Problems Encountered in Copyright Enforcement I. Copyright Enforcement on the Internet is a Struggle to Find the Right Target As has been shown in this research, there is no uniform approach to enforce copyright online. Although national enforcement is based on European law, the fact that the area of enforcement is regulated by Directives leaves room for different interpretations and determinations of enforcement. Thus, though similar, national approaches to copyright enforcement on the Internet vary. A common tendency throughout the EU Member States presented in this work is the targeting of online intermediaries. The reason for this has been addressed in various contexts and in simple terms is the response to the struggle to find an identifiable, locatable defendant that is also located within jurisdiction of the place of damage. In the early days of the Internet, innovators of technology were considered ideal targets that also fulfil the above criteria. For this very reason, for instance Napster was shut-down. However, suing the innovators had its limits where the involvement of the innovators in the actual infringing act diminished and their contribution did not go beyond the mere provision of technology. The example addressed in the first Chapter in this context is peer-to-peer file-sharing. With technological progress, the central server that was Napster’s fate disappeared and was replaced by a centralised system with no central server. Without any involvement of the innovators of the technology in the actual act of sharing and infringing copyright, and no incitement of the innovators of peer-to-peer clients, the easy identifiable and locatable actor was gone. 720

A. Problems Encountered in Copyright Enforcement

Thus, new targets were searched for and quickly identified. With users being uploaders and downloaders in peer-to-peer file-sharing networks, and technology providing information about the user from which a file was being obtained, rights-holders could identify infringers by joining the network. However, what they were left with was the IP address of the infringer and nothing more. While the IP address allows for identification of the Internet access service provider and thus, the general location, and hence jurisdiction, of an infringer, it does not give any information about the identity of an actual infringer. Further information rights were necessary to sue users. This did however not solve the issue of whether the subscriber of an Internet access service is the right target. A subscriber must not necessarily be the actual infringer. While German courts succeeded in constructing a liability regime by analogy to a public law institute of liability for a source of danger, other jurisdictions struggled to establish such liability. Thus, new legislation was drafted to allow action against Internet access subscribers.2548 In parallel, alternative targets for action were identified in the services that facilitate the infringements by providing the technology for sharing files. While courts in Germany are considering the contribution of access providers too minimal to allow action against them, rights-holders in the UK have successfully obtained injunctions against access providers to block access to indexing sites. The effect is, however, minimal: Like a hydra, with every website cut off, new sites appear, making it difficult to take legal action with efficient results. With news forms of file-sharing such as via file-hosting services or new forms of media consumption such as streaming, host providers have also been identified as attractive targets. As legal action against host providers only produces effective results when the host providers fulfil the aforementioned criteria of identifiable, locatable and complying with obligations and injunctions , new targets for legal action were identified in search engine providers. With search engines being the navigators through the vastness of Cyberspace, they are essentially the gatekeepers to information. With the quasi-monopoly of Google, it also becomes easy to identify a promising target. Although this means that the visibility instead of the existence of infringing copies disappears, it may have some temporary impact on users – until the next search engine appears or information is passed on within the community of Internet users about the location of the desired content.

2548 For instance the French Loi HADOPI and the UK Digital Economy Act 2010.

721

General Conclusions

II. Copyright Enforcement on the Internet Puts Disproportionate Weight on Intellectual Property Rights The research has shown that some copyright enforcement mechanisms in an Internet context put a disproportionate weight on intellectual property rights. They thereby not only trigger the feeling of consumers that they are under constant surveillance, but also put businesses at risk and interfere disproportionately with fundamental rights. They further target noninfringers by construing responsibility by the provision of an Internet service, i.e. hosting and providing access to the Internet. When in the analogue world, people made copies of records that they had purchased for their friends, there was hardly a way that this came to the attention of the record companies. The same applied to movies recorded from TV. At that time, rights-holders concentrated their legal action against the inventors of technology. Whether they would have gone after users for making a copy of a TV screening is hard to imagine. One may argue that consumers today do nothing else than they did before, they make copies of their mp3s or CDs for their friends, and they “record” TV programme on their hard drives. However, what has changed is that instead of handing over the copies from one-to-one, they distribute it one-to-many and also obtain data that way. They do it because technology allows them to do it. As regards the distribution and acquisition of media via peer-to-peer file-sharing, the only way to try to effectively put an end to file-sharing – besides educating consumers – would be the surveillance of all file-sharing networks. This is something that is just not possible. Although the activities of specialised companies that join networks to harvest IP addresses of infringers, is often perceived by users as general surveillance, this is actually not true. This research has shown that the “IP harvesting” is legitimate if it is limited to identify infringers of certain works and in order to prepare civil proceedings. However, already at this point, one may question this behaviour, because every download comes along with an upload, meaning that the rights-holders themselves become distributors if they have not deactivated this function. If one looks at other ways to distribute copyrighted materials without authorisation, such as file-hosting services or streaming sites, it becomes even more obvious that user-targeted action would require surveillance of everybody’s communication as there is no way to separate private communication from copyright infringements without checking the content of the data transmitted. This would mean that privacy of commu722

A. Problems Encountered in Copyright Enforcement

nication would no longer exist. The access blocking by access providers in the UK already goes into that direction by requiring all communication to be filtered – although the technology used is highly sophisticated in order not to violate fundamental rights (see Third Chapter B. III.). A disproportionate shifting of weight on copyright protection can clearly be witnessed when host providers are required to not only block certain materials but also monitor third party websites for infringements (cf. Third Chapter B. IV 1). This basically means that they would either have to monitor the “whole” World Wide Web or implement a blocking policy that would block access to all materials that can be linked to the content in question on their servers. The incentive to over-block, i.e. also block access to legitimate private back-up copies or materials with the same file name, and thereby comply with monitoring duties is rather high. It thus, does not come as a surprise that the formerly globally largest file-hosting service Rapidshare saw a massive decline in user numbers.2549 Although the legitimacy of the service provided was confirmed by German courts, the burden put upon the provider to prevent future identical infringements is putting the business model at risk. Even though Rapidshare changed its focus on cloud storage services for businesses, the formerly pioneering and flourishing service provider ultimately shut down ist service in March 2015 .2550 Over-blocking is also a serious matter when access providers are obliged to block access to piracy websites, with UK courts granting orders once they are satisfied that the website to be blocked is “so involved in the commission of the tort as to make the infringing act their own"2551 and “it appears to be quite hard to find any content… that is not protected by

2549 As of June 2014, only 2.7% of Rapidshare users were located in Germany, its overall global rank is dropping since 2010 with a remarkable decline by the end of 2012 following the implementation of anti-piracy measures such as reduction of download speed for non-premium users and a limitation on the amount of outbound public traffic that could be generated by a single user, see Enigmax, Rapidshare: Traffic and piracy dipped after new business model kicked in, TorrentFreak (09.01.2013). 2550 The shut-down followed an announcement on RapidShare’s website in February 2015 that it would shut down ist service permanently. See also Simon Gröflin, RapidShare ohne Führung und Angestellte, PC Tipp (25.02.2014). 2551 Court of Appeal, SABAF SpA v MFI Furniture [2003] RPC 14, para. 59.

723

General Conclusions

copyright”.2552 Finding it hard to find legitimate content, does not mean that legitimate content does not exist. The case law that derives from the UK so far can however not be generalised as the cases were exceptional in the sense that the website operators were ignorant to any take-down requests or were not identifiable at all. They also did not challenge the blocking orders, presumably because they were well aware that they were facilitating access to unauthorised copies. Beside enforcement models that provide for action against online intermediaries, enforcement schemes are discussed or implemented that allow action against subscribers of Internet access services. Subscribers are held responsible for infringements committed via their Internet connection. Sanctions may be imposed upon subscribers that would result in restricting their access to the Internet. This violates not only their right to freely seek, receive and impart information and opinions in an unjustifiable way, but also that of third parties using the same connection. Theoretically the download of only parts of three songs within a period of several months may trigger this sanction. Even when courts are required to assess the proportionality of such a sanction, it is difficult to foresee, in what circumstances a measure will be seen as disproportionate. At the same time, it is often unclear, what kind of security measures can be expected from a subscriber in relation to his Internet access. Although the warnings send out in France or the UK propose certain measures, it remains to be seen whether they will be considered sufficient by a court.2553In particular, it remains unclear, how a subscriber could comply with his obligation to ensure that no third parties commit infringements via his connection. Obviously, he will have to instruct third parties, but will he also have to monitor them? And to what extent? In this respect, privacy rights need to be observed as well as free speech which may be under serious threat if online behaviour is supervised. The situation becomes even more unclear, when a subscriber allows not only family members and flatmates to use his Internet access but also other third parties for instance in the course of his business. Consumers expect today that hotel owners, pub landlords, or café owners provide free Wi-Fi access to them. While in the UK most pubs

2552 High Court, Twentieth Century Fox Film Corp v British Telecommunications Plc [2011] EWHC 1981, para. 55. 2553 In contrast, German courts clarified that the security standard for Wi-Fi routers only has to comply with the technical standard at the time of purchase of the router.

724

A. Problems Encountered in Copyright Enforcement

offer Wi-Fi access, the situation is different in Germany, where landlords are under fear to be held liable for abusive use of their connection, in particular with regard to copyright infringements. With liability being unforeseeable, copyright indirectly prevails of the provision of communication services.2554 III. Copyright Enforcement Discourages Innovation and Creativity Referring to what has just been stated above, Wi-Fi access points are a risky matter as long as it is uncertain whether the service providers will be held liable. Innovative projects of providing Wi-Fi access (such as HOTCITY in Luxembourg)2555 to an ever increasing number of smartphone users that are frustrated by weak 3G/LTE coverage, slow speeds and service restrictions, are rarely implemented due to unclear responsibilities when the system is abused. Obviously, innovation is discouraged for the sake of copyright protection. If one takes the example of the Lawrence Lessig lecture being blocked in YouTube2556, one gets the impression that copyright protection sometimes goes further than it was originally intended. The need to protect creators is undeniable, but it may be necessary to focus rather on the core idea of copyright as an incentive to create and secure income, which is not harmed by such activities.2557

2554 It remains to be seen, whether the eagerly awaited decision of the CJEU in C-484/14 (Tobias McFadden v Sony Music Entertainment Germany GmbH) will provide legal certainty. The request for a preliminary ruling to the CJEU by the Landgericht München I seeks clarification as to whether the provider of an open Wi-Fi network, i.e. a free non-password-protected Wi-Fi, may be liable for third-party copyright infringements or whether said provider may be shielded from liability on the basis that he falls within the category of “mere conduit” provider under Art. 12 of the E-Commerce Directive. 2555 See www.hotcity.lu. 2556 See Introduction, D. The Research Topic: Copyright Infringement on the Internet. 2557 Chris Reed suggests in that context to reframe copyright infringement in terms of the “use” of works. Use of a protected work that amounts to commercial exploitation should amount to infringements, because it is commercial exploitation that secures a return for creators. See Chris Reed, Making laws for Cyberspace (2012), pp. 154 et seq. and 237 et seq.

725

General Conclusions

It is also necessary to take into consideration that the availability of content on the Internet also triggers demand to use that content. For instance, in order to give directions to a locality, many users and businesses alike rely on Google Maps. However, those that have ever tried to obtain a licence from Google for a screenshot of a map, are faced with complicated terms of use and even the “Frequently Asked Questions” are of little help. Instead Google states that it cannot make judgements of fair use or dealing and advises users to consult a lawyer.2558 At the same time, Google states that due to limited resources, they are not able to sign individual letters asking for licences.2559 This triggers the question why rightsholders make it so difficult to obtain licences, while at the same time it is so easy to infringe copyright. Beyond the issues discussed in this research, copyright enforcement also prevents or restricts user from being “prosumers” that publish their samples or voice-overs for instance on YouTube or post adapted images on their Facebook profile. Assuming that they do not commercially exploit copyrighted works, users are often left in a grey zone were they do not know whether their activities are still legitimate or not. While ignorance of the law is no defence, it is necessary to educate users about legitimate use. IV. Copyright Enforcement on the Internet Targets End-Users Rather than Commercial Infringers From the John Doe letters by RIAA in the US to graduated response schemes in the UK and France and cease and desist letters in Germany, these measures have in common that they target end-users. Although legal action is also pursued against commercial infringers, it is striking that the principal legislative projects target users. At times, there seems to be capitulation when it comes to enforcement against commercial infringers. Only lately, for instance the blocking injunctions in the UK, enforcement is addressing those that benefit commercially from the infringements. Although previously, some services have also been prominently shut-

2558 See http://www.google.de/intl/de/permissions/geoguidelines.html (last accessed on 06.06.2014). 2559 Ibid.

726

A. Problems Encountered in Copyright Enforcement

down, for example the streaming portal kino.to,2560 quantitatively the enduser was the focus of legal action. For a substantial number of users, it is difficult to tell what constitutes legitimate use and what not. Streaming websites may provide content that is not evidently illegal. Infringing services may not always be as easy to distinguish from piracy services as it was the case with kino.to. Most prominently users have been threatened with lawsuits were it was not even established that the streams were infringing copyright. While the user is the direct infringer, the saying that “opportunity makes a thief” is truer than ever in Cyberspace. With availability creating demand, users are tempted to download or consume works that are not yet, or not at all, available in their region. This shall not trivialise that copyright is infringed on a large scale, but highlight that not all infringements are committed in bad faith or are actually replacing sale. At the same time, as has been outlined on a few occasions, piracy services are not particularly reliable to use. Content may be defected, be infected with viruses, be slowly transmitted and numerous advertisement windows popup in the process of getting information about the content and downloading it. In order to obtain information about the availability and location of desired content, indexing sites and link directories need to be consulted. These are rarely run by volunteers, but by service providers that generate revenues by having advertisements placed on these sites. Thus, someone is “cashing in” on what is supposed to support creators. Further, with services like Rapidshare having to almost shut-down due to legal obligations although trying their best to comply with the law, new services emerge where the operators are hardly identifiable, locatable or willing to comply with legal obligations. These providers do not run their service out of altruistic reasons but to generate profit. In most cases profit is generated through advertisements or premium services.2561 The question arises, whether it should not rather be the commercial providers that generate profits that should be the focus of legal action.2562 Similar thoughts are also brought forward when it comes to the fight against illegal substances, where the focus is today on those dealing with drugs instead of the con-

2560 See Ole Reißmann, Geschäft mit Raubkopien: Wie kino.to Millionen verdiente, Der Spiegel Online (14.06.2012). 2561 See below B. III. A Promising Alternative: Follow the Money. 2562 Cf. Bart Cammaerts/Robin Mansell/Bingchun Meng, Copyright & Creation, A case for promoting inclusive online sharing (September 2013), London School of Economics and Political Science, Media Policy Brief 9, p. 14.

727

General Conclusions

sumers (who typically equally commit a criminal offence by possessing the substance). On an international level, legislation for instance against money laundering aims at combatting the drug trade. Whether addressing the revenue streams of piracy sites is more promising than investing vast resources in the warning or sanctioning of users will be briefly addressed below. V. No Evidence of Effectiveness of Current Initiatives There is hardly any obust and reliable evidence on the effects of graduated response schemes or other anti-piracy measures. In fact, it appears that there is no evidence that a causal link exists between current enforcement and reduced infringement.2563 The creative industries tend to oversell achievements. Moreover, we are left with the question whether current copyright enforcement measures help to achieve any of the underlying aims of copyright law. Do current regimes establish an incentive to create? Do current regimes have an effect on sales? Would sales be declining without a graduated response scheme being in force? More specifically, what effect do warnings have on infringers? In that context, it would be interesting to know whether they migrate to other services where they are more difficult to track. In France, for instance, there is a persistent high number of first warnings, while the number of second warnings is low. This does however not mean that the graduated response is effective. The second warning only follows if a subscriber’s IP address is detected for a second time within a period of six months following the first warning.2564 Thus, some Internet access subscribers may have received several first warnings. Thus, it is difficult to determine whether the warning has an effect on user behaviour; taking the high number of first warnings and the considerably low number of second warnings in consideration, one may also conclude that warnings have an effect on those that have received a warning but not on users in general.

2563 As regards graduated response schemes and a lack of evidence on its impact on a reduction of infringements see Rebecca Giblin, Evaluating graduated response, Columbia Journal of Law & the Arts 2014, Vol. 37 No. 2, pp. 147 et seq. 2564 Article L.331-25 para. 2 CPI.

728

A. Problems Encountered in Copyright Enforcement

In addition, it has not been established whether reduced infringement increases legitimate sales. Little regard is paid as to whether we have a change in consumption of music, and whether declining sales are the result of that change in consumption. With new legitimate streaming services entering the market, we are likely to see a shift towards consuming rather than possessing. This may apply in particular against the background that web-enabled devices are omnipresent. Considering that streaming does not count as sale even if money is being paid for the service, a substantial number of uses of copyrighted works does not appear in the sales statistics. Ultimately, it will also be necessary to reconsider how effectiveness is to be measured: considering the underlying aims of copyright, this should be a decrease in sharing unauthorised copies and an increase in assessing legal content. VI. Access Blocking is Playing Cat and Mouse It has repeatedly been addressed that copyright enforcement has its limits at national borders – even within the European Union. In the third Chapter, it has been shown that this also applies to access blocking. Nevertheless, in particular the UK employs access blocking to respond to copyright infringements where they lack an identifiable, locatable defendant, or that defendant does not respond to take down requests or orders to cease an infringement. Access blocking is however playing cat and mouse in light of the many circumvention methods available. Already in the early 1990s, the computer scientist and civil libertarian John Gilmore concluded in the context of blocking access to unwanted materials on Usenet that “the Net interprets censorship as damage and routes around it”.2565 There will always be a way to circumvent blocking and it needs to be accepted as a fact that eventually blocking may only delay access. In particular the blocking of access to indexing sites and link directories are phyrric victories as the operator will just migrate his service to another web address. Nevertheless the increased use of section 97A CDPA 1998

2565 According to John Gilmore this conclusion was quoted by Philip Elmer-DeWitt in his article First Nation in Cyberspace in the Time Magazine of 06.12.1993. See John Gilmore’s homepage at http://www.toad.com/gnu/ (last accessed on 30.09.2014).

729

General Conclusions

injunctions in the UK indicates that rights-holders consider this mechanism as a feasible means. To some regard this consideration is true, for instance when the service provider does not change its IP address or domain name. It is generally assumed that although circumvention does not require distinguished IT literacy, not all users will try to circumvent the blocking. Accordingly, access blocking is commonly justified on the basis that the enforcement measure must only achieve a reduction of the scale of infringements and may as such also raise awareness of the illegality of the blocked content or service [see Third Chapter B. III. 3. E]). In this context, it must be noted that access blocking that avoids over-blocking is a costly matter. Where access providers do not employ an access blocking system in a different context, most likely in relation to child pornography, a blocking obligation may constitute a “complicated, costly, permanent computer system” at the expense of the service provider”. It may also fail to strike a fair balance between the interests of the access provider and copyright holders involved.2566 B. Prospects Beyond the findings above and the concluding summaries in the second Chapter (B. II. 3. and B. III. 3.) and the third Chapter (B. III. 3. and B. IV. 3.), there is also a need to refer to some general observations that may also provide some perspective for the future of online copyright infringement. I. The German Cease and Desist Letter Regime: Not so Bad as it May Seem The German system of cease and desist letters, the so-called Abmahnungen, has been analysed in great detail in the second Chapter (B. II. 1.). In this context, also the deficits of the system have been highlighted such as the perceived “abusive” use of warning letters (B. II. 1. c) to d)). However, the core of the system, namely the warning of potential infringers at their very own cost, is not unfair. In contrast to the graduated response scheme, no cost and effort of third parties is required in the administration and 2566 Cf. CJEU, C-70/10 Scarlet Extended v SABAM, Judgment of 14.11.2011, ECR I-11959, paras. 48 et seq.

730

B. Prospects

issuing of the letters before claim. The letters intend to notify a subscriber that an infringement has been committed via his Internet access. If the subscriber has not himself committed the infringement, he will not be liable for damages. If he has not secured his Internet access adequately, or shares his connection with others that may have committed the infringement, he will only be liable to cease and desist. In both cases, he will also have to carry the costs of the cease and desist letter. The main drawback of this system has been that the letters are drafted in a way as to suggest liability for damages, and demanded relatively high damages and consequently high lawyer’s fees. In a response to the perceived abusive use, the legislator reformed the law with the intent to put an end to disproportionately high claims and the fact that the letters were turned in a profitable tool (See Second Chapter B. III. 1. d)). The core of the letters has to be the cessation of an infringement and not being a separate instrument to generate revenues. If it can be guaranteed that rights-holders do not carry any further costs and the recipients of the letters, which can hardly be proven guilty as direct infringers, do not face excessive costs, the cease and desist letter may well be a reasonable means to limit copyright infringements. It does not only have a deterrent effect on the recipient himself, but also a dissuasive effect on other users. By abolishing the side-effect that Abmahnungen can be profitable in themselves, a decline in the number of Abmahnungen could recently be witnessed. Although there are no statistics on Abmahnungen in general, and on a decline since the latest legal reform in particular, German lawyers reported at an annual conference on law and informatics that they have experienced a decline in clients seeking advice on Abmahnungen.2567 Thus, rights-holders seem to limit the initiation of the enforcement mechanism to cases where they have a real interest in protecting their rights. The time where rights-holders in porn movies could generate substantial income by sending out thousands of Abmahnungen seem to be gone. It remains to be seen, whether rights-holders will now use their capacities to concentrate on commercial infringers, which are more difficult to get hold of than end-users.

2567 There are no official statistics, understandably no law firm publishes such figures. However, within personal conversation, the author was told that the decline in clients that are alleged of online copyright infringements is remarkable. A small law firm that is specialised in advising clients on Abmahnungen reported of a decline of 100 mandates per month on average solely relating to Abmahnungen for copyright infringements on the Internet.

731

General Conclusions

II. Search Engines as Law Enforcement Officers: Limiting Visibility of Illegal Materials In the third Chapter, it has been shown that online intermediaries such as Internet access providers and host providers are crucial in the production and distribution of cultural goods, as well as in the enforcement of copyright. In addition, search engine providers have been identified as important chokepoints that have the potential to play a role in copyright enforcement. Considering the amount of data on the World Wide Web, search engines are vital to find and access information.2568 Content that is not indexed by a search engine, is factual non-inexistent.2569 Users depend in general on search engine technology to be able to find and access information and this makes the basically vanishes in the Deep Web, the “unindexed … terrain of the Internet”.2570 Considering that there are also only few actors on the scene, turning to search engines to combat copyright infringements gains even more attractiveness. In addition, search engines are likely to comply with blocking requests or injunctions, because their service usually falls within national jurisdiction.2571 However, one also has to consider in this regard, that in particular Google has a quasi-monopoly role in many States.2572 Against this background, Google is almost taking over a governmental role if it becomes THE gatekeeper to information. When gatekeepers like Google are turned into auxiliary policemen acting on behalf and upon notification of the rights-holders, this needs to be carefully watched. It will be necessary to provide clear rules when and under which circumstances results may be

2568 Cf. Wolfgang Schulz/Thorsten Held/Arne Laudien, Search engines as gatekeepers of public communication: Analysis of the German framework applicable to Internet search engines including Media Law and Anti-trust Law, German Law Journal 2005, 1419–1432. 2569 See Lucas D. Introna/Helen Nissenbaum, Shaping the Web: Why the politics of search engine matters, The Information Society 2000, Vol. 16, 169, 171. 2570 See Emily Laidlaw, Internet gatekeepers, human rights and corporate social responsibilities (2012), p. 165. 2571 With regard to Google and Spanish jurisdiction see CJEU, C-131/12, Google Spain and Google Inc v Agencia Española de Protección de Datos (AEPD), Judgment of 13.05.2014. 2572 The European Commission is for instance conduction antitrust investigations on online search against Google. See European Commission, Antitrust: Commission obtains from Google comparable display of specialised search rivals, Press release of 05.02.2014.

732

B. Prospects

blogged and what evidence needs to be provided by the requesting party. In this regard, one may introduce a system of notification and counternotification as required by § 512 (g ) of the US DMCA (see First Chapter, A. I. 2. a) aa)). Also, there must be a right to appeal de-listing, considering that the removal from search results could ruin legitimate businesses if they can no longer be found in the World Wide Web. III. A Promising Alternative: Follow the Money Both, the UK Hargreaves Report2573 as well as the Lescure Report in France2574, suggest as an alternative means the aforementioned “follow the money” approach.2575 This approach has also been part of the US SOPA and PIPA Bills that have been outlined in the Introduction. The advantage of addressing payment and advertisement services is that they may be, and often are, physically located in the US or Europe. Undeniably, major sectors like the online advertising industry could make it considerably harder for the operators of piracy sites to unfairly take revenues away from the creative industries. In fact, research has shown that pirate websites, i.e. websites that either provide access to copyright-infringing content or information about the location of such content, are most commonly funded in part or in combination by either advertising or payments (including subscriptions, donations, and transactions).2576 Where operators of pirate websites rely on payment collection, in most

2573 Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011), 10 key recommendations. 2574 Pierre Lescure, Culture-acte 2, Mission « Acte II de l’exception culturelle », Contribution aux politiques culturelles à l’ére numérique (May 2013), pp. 413 et seq. 2575 In Germany, this approach has also been suggested by scholars in the context of illegal online gambling websites, see Matthias Steegmann, Die Haftung der Basisinfrastruktur bei rechtswidrigen Internetangeboten (2010), pp. 207 – 218. 2576 See Google/PRS for Music/BAE Systems Detica, The six business models for copyright infringement (27.06.2012). Relying on data provided by the Google Transparency Report (see http://www.google.com/transparencyreport/removals/ copyright/domains/?r=last-year (last accessed on 05.05.2014)), research by the University of Southern California evidenced that "in the last five years, a large number of new advertising networks now service the seemingly infinite advertising inventory of the broadband era [and that] much of that inventory sits on more than 150,000 pirate entertainment sites". See Jonathan Taplin and Others,

733

General Conclusions

cases card processors or other electronic payment processors such as PayPal are used for payment collection.2577 Advertising plays a key role in commercial online piracy. Fact is that many pirate websites make large amounts of money from advertiser because millions of users visit their website every month. Considering that those users often have the age profile that web advertisers are keen to reach and that they are often forced to look at advertisements first before they can access the desired materials, these websites constitute an interesting market for online advertising networks. Also, advertisements are regularly the only possibility for the operators of these websites to generate revenues. It has been reported that one British website2578 that linked to pirate content generated GBP 35,000 per month from on-site advertisements before its owner was imprisoned.2579 The Pirate Bay pre-trial investigation revealed email correspondence between the founders of the Pirate Bay and their “ad man” confirming that the website was profitable from 2005 onwards with a monthly turnover of SEK 30,000 to 40,0002580.2581 While this was prior The Pirate Bay engaging seriously in the field of advertisements, mails from The Pirate Bay revealed ahead to its founders' trial showed it was offered GBP 65,000 per month to run online gambling advertisements alone.2582 In so far as advertisements are concerned, for instance the German website heftig.co,2583 which is only directed at a Ger-

2577 2578 2579 2580

2581 2582 2583

734

Advertising transparency report, monthly updates are available at http://www.an nenberglab.com/projects/ad-piracy-report-0 (last accessed on 06.06.2014). Ibid. I.e. Surfthechannel. Charles Arthur/Stuart Dredge, Google ads to be blocked from sites offering pirated content, The Guardian (16.07.2013). This corresponds to approximately EUR 3,400 – 4,500. The cost of internet lines, server-hosting etc. was less, making The Pirate Bay profitable. See Helienne Lindvall, Piracy sites are raking in ad money from some of the World's biggest brands, Business Insider (05.02.2013). Ibid. Ibid. As of June 2014, heftig.co was ranked as the 84th most popular website in Germany. See the page ranking by Alexa at http://www.alexa.com/siteinfo/heftig.co (last accessed on 06.06.2014). As of June 2006, the website also had more than 800.000 Facebook fans and as of July 2015, it had acquired more than 1.5 million fans.

B. Prospects

man-speaking audience, generated estimated 6 digit figures profits from advertisements.2584 The bigger the websites are and the more infrastructures are needed to operate them, the operators more or less depend on advertisement as a revenue source because it means that they will not have to charge their customers. Although popular portals like for instance Megaupload also set up merchant accounts with payment providers to process payments from customers, numerous sites refrain because they attract users that would anyway be unwilling to pay. Also, many operators may want to receive as little information as possible about their users to avoid being confronted with information requests. Many top advertising networks place advertisements on websites that feature pirated content. The University of Southern California's Annenberg Innovation Lab for instance ranked Google and Yahoo among the top 10 advertising networks that actually support major piracy sites around the world, based on the lab's analysis of online advertisements that receive the most copyright infringement notices.2585 Google itself lists in its Transpareny Report internet sites that receive the most take-down notices from the creative industries to remove copyrighted works.2586 Software by the Annenberg Innovation Lab obtained the name of the ad network once an ad appeared on of pirate sites that had been identified as leading by Google. Although Google believes that the extent by which Google ads are a major source of funds for major pirate sites is mistaken by the USC lab, further studies, such as for instance a UK study by Google and the Performing Rights Society for Music in Britain with research conducted

2584 Lars Wienand, Das ist heftig: Die Viralseiten-Macher und ihr Verhältnis zu Urheberrechten, Rhein-Zeitung (27.05.2014). 2585 From January 2013 to May 2013 the Innovation lab published on its website a monthly report on online advertisements which aims to raise awareness of major brands which ad networks put ads on pirate sites so that they could avoid these networks, see Jonathan Taplin and Others, Advertising transparency report, http://www.annenberglab.com/projects/ad-piracy-report-0 (last accessed on 06.06.2014). See also Dawn C. Chmielewski, Report links Google, Yahoo to Internet piracy sites, LA Times (02.01.2013). 2586 For the weekly updated Google Transparency Report, see http://www.google.co m/transparencyreport/removals/ copyright/domains/?r =last-year (last accessed on 05.05.2014).

735

General Conclusions

by BAE Systems Detica,2587 suggest that most of the financing for piracy sites is related to advertising.2588 In fact, the UK study found that 86% of the financing of peer-to-peer communities and 67% of the financing of live TV Gateways (streaming)2589 is provided by advertising.2590 While the Annenberg Innovation Lab intends to make major brands aware which advertising networks put ads on websites that they have identified as piracy websites, the British music industry body BPI is working with the UK Internet Advertising Bureau on a scheme that will involve a central database of piracy sites for ad networks, agencies and brands to consult in order to avoid advertisements on these sites.2591 The latter is a welcomed policy with regard to limiting revenues from advertisements. However, it is unlikely to be sufficient to “dry out” piracy providers. Requiring third parties to cease providing services to an “infringing” site had already been tested in practice and proved partly successful in the case of WikiLeaks. WikiLeaks as such could not be stopped from providing access to leaked secret dossiers when it moved its content to a Swedish storage provider, but WikiLeaks suffered a severe loss in revenue when payment system providers stopped servicing WikiLeaks.2592 Against this background, it must be evaluated how revenue streams could be cut off legitimately, in particular with regard to the extra-territorial effect of such measures. In this regard one could think about creating a legal basis for court orders requiring advertisement providers to refrain from placing advertisement on certain platforms. In relation to payment

2587 Google/PRS for Music/BAE Systems Detica, The six business models for copyright infringement (27.06.2012). 2588 See also Dawn C. Chmielewski, Report links Google, Yahoo to Internet piracy sites, LA Times (02.01.2013). 2589 The study describes Live TV Gateways as websites that predominantly offer links to streams of livefree-to-air and pay TV. They typically also provide links to downloads with content being centrally hosted (as opposed to peer-to-peer networks) in a different location from the site. Google/PRS for Music/BAE Systems Detica, The six business models for copyright infringement (27.06.2012), p. 5. 2590 Ibid, pp. 3 and 11. 2591 Cf. Charles Arthur/Stuart Dredge, Google Ads to be blocked from sites offering pirated content, The Guardian (16.07.2013). 2592 For a summary of the events leading to WikiLeaks moving its content to Sweden and the denial of service by payment services see Yochai Benkler, WikiLeaks and the PROTECT-IP Act: A new public-private threat to the Internet Commons, Daedalus 2011, Vol. 140 Issue 4, 154, 156 et seq.

736

B. Prospects

providers, a criminal law provision could be considered that would allow for the blocking of money processing or freeze payments in order to render the operation of a piracy website unattractive. IV. In Parallel: Protecting Copyright and Users Within this work, it has become obvious that copyright enforcement must not only protect copyright but also pay regard to the rights and interests of users that are affected by enforcement. What must be avoided is overregulation of activities which do not prejudice the central objective of copyright – the provision of incentives to creators. Thus, it will be necessary to clear up outdated rules, such as existing laws on format shifting which mean that it is illegal to download a CD on to an mp3 player;2593 ensure that there is a private copying exception2594 and clarify the (il)legality of streaming. The legislators must be called upon to adapt legislation to the altered distribution environment.2595 In the following two specific aspects will be addressed that are essential for the promotion of copyright, namely that it should be made easier for people who want to try new business models to do so legally by making it easier for them to acquire the rights to the content that they don’t have.2596 At the same time, the education of users and the promotion of legitimate offers should have a priority on the policy agenda.

2593 Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011), Recommendation 5, p. 99. 2594 This has not only been demanded by Ian Hargreaves in ibid, but also by Pierre Lescure in his report, see Pierre Lescure, Culture-acte 2, Mission « Acte II de l’exception culturelle », Contribution aux politiques culturelles à l’ére numérique (May 2013), pp. 352 et seq. 2595 Cf. James Griffin, Copyright evolution – creation, regulation and the decline of substantively rational copyright law, Intellectual Property Quarterly 2013, 234, 252. 2596 Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011), pp. 3 et seq.

737

General Conclusions

1. In Specific: Remove Obstacles to the Provision of Cross-Border Digital Content Services As regards the consumption of music, a transition is taking place in younger generations from an ownership to an access model of consuming music and radio, with younger generations buying and owning less CDs and instead accessing music on services like Youtube, Spotify and Mixcloud.2597 These legitimate services are also interested in solutions that make it easier for them to acquire licenses, preferably via a one-stop shop for Europe, as they have to compete with piracy.2598 The principle of territoriality that applies to copyright as well as licensing practices means that often it is necessary to obtain separate licences for each territory. Evidently, this constitutes an obstacle to the provision of cross-border digital content services.2599 It also leads to frustration by users, where popular and legitimate service provider block contents for certain territories. Obstacles are clearly put in the way of legal platforms in so far as the licensing of content is concerned. Copyright-holders can choose between individual rights management, or collective management of their rights. The latter is mostly carried out by collective management organisation, i.e. collecting societies.2600 The advantage for commercial users is that they can clear rights for a large number of works instead of negotiating with each individual rights-holder. Collecting societies however usually tend to be concerned with activities only within a particular territory.2601 Opera-

2597 See Nico Perez, New creative- and content-delivery services, in: Ian Hargreaves/ Paul Hofheinz (eds.), Intellectual property and innovation. A framework for 21st century growth and jobs, p. 25. 2598 Ibid. 2599 Territorial licensing practices were also the subject of a case before the CJEU in 2012 that was widely discussed not only by legal scholars but also the general public. The Murphy case concerned the restriction of access by means of conditional access technology, in specific decoder cards, to Premier league broadcasts which were transmitted via satellite in various Member States. Premier league brought actions against a number of UK pubs using Greek pay-tv subscriptions to show live football matches, see CJEU, C-430/08, Football Association Premier League Ltd v QC Leisure and C-429/08, Karen Murphy v Media Protection Services Limited, Judgment of 04.10.2011. 2600 For a brief overview on collective licensing see Hector MacQueen/Charlotte Waelde/Graeme Laurie/Abbe Brown, Contemporary Intellectual Property – Law and Policy (2nd ed. 2011), pp. 935 et seq. 2601 Ibid, p. 938.

738

B. Prospects

tion between territories only took place by means of reciprocal agreements. Due to negotiations pending or difficulties in acquiring licenses, legal offers often operate only within a certain jurisdiction and/or offer a limited catalogue of works. For licensing reasons, streams of TV broadcasts may be blocked for users outside the original broadcast area as it is the case with for example the BBC iPlayer for users outside the UK. The same applies for music streaming services, where the operators have not succeeded in obtaining multi-territorial licences. Spotify2602 for instance had only been made available in Luxembourg in November 2012, a time at which it had already acquired the status of the second most used digital music platform after iTunes and an estimated 10% of the UK population using the service.2603 Many collective management organisations today are not ready to cater the needs of services such as Spotify: they do not even have the capacity to process data from online service providers on music downloads and streaming, or to match this data with their repertoire.2604 The slow pace in expanding innovative business models was frustrating for users as well as rights-holders that want to obtain their fair share of revenues. While on the one hand, legal services find it difficult to enter multiple markets, illegal offers that do not respect any rights at all, often provided a more attractive service. As long as collective management organisations are not ready to satisfy the needs of online service providers, namely the

2602 Spotify is a commercial music streaming service providing digital rights management-restricted content from many record labels. Spotify principally operates under the so-called “Freemium” model: basic services are free with advertisements, while more advanced, ad-free services need to be paid for. 2603 Adam Walder, Popular music platform “Spotify” launches in Luxembourg, Luxemburger Wort (13.11.2012). The press release in relation to the adoption by the European Parliament of a new directive directive on collective management of copyright and related rights and multi-territorial licensing explicitly mentions Luxembourg alongside Malta, Cyprus, Slovenia, Hungary, Estonia, Latvia, Lithuania, Bulgaria, Greece and Romania, as being a Member State where fewer music services are available to consumers. See European Commission, Directive on collective management of copyright and related rights and multi-territorial licensing – frequently asked questions, MEMO/14/79 of 04.02.2014, p. 4. As a consequence, there is also a risk of incorrect invoicing. 2604 European Commission, Directive on collective management of copyright and related rights and multi-territorial licensing – frequently asked questions, MEMO/14/79 of 04.02.2014, p. 4.

739

General Conclusions

provision of their services within a multitude of territories covering a large catalogue of music, this situation was not going to change.2605 As early as 2004, it was therefore suggested that the existing regulation of collecting societies under competition law should be complemented by a legislative framework to tackle inter alia the above mentioned issues in order to achieve a genuine internal market for both the offline and online exploitation of intellectual property.2606 The abstention from legislative action was not considered an option anymore, as soft law appeared to be not appropriate. 2607 Almost ten years on, on 4 February 2014, the EU Parliament finally adopted a directive on collective management of copyright and related rights and multi-territorial licensing.2608 Legislation in this field had been proposed by the Commission after concerns had been raised in relation to the transparency, governance and the handling of revenues collected on behalf of rights-holders by some collective management organisations. The Commission also recognised that collective management of rights is important for the licensing of online service providers such as music download services and streaming services.2609 Without a solution to these issues, it was feared that fewer music services would be available to

2605 See ibid. 2606 European Commission, Communication from the Commission to the Council, the European Parliament and the European Economic and Social Committee, The Management of Copyright and Related Rights in the Internal Market, COM(2004) 0261 final. 2607 Ibid. 2608 European Parliament, Legislative resolution of 4 February 2014 on the proposal for a Directive of the European Parliament and of the Council on collective management of copyright and related rights and multi-territorial licensing of rights in musical works for online uses in the internal market (COM[2012] 0372 – C7-0183/2012 – 2012/0180[COD]). For a critical analysis of the "proposal for a Directive of the European Parliament and of the Council on collective management of copyright and related rights and multi-territorial licensing of rights in musical works for online uses in the internal market" of 2012 see Josef Drexl/ Sylvie Nérisson/Felix Trumpke/Reto M. Hilty, Comments of the Max Planck Institute for Intellectual Property and Competition Law on the Proposal for a Directive of the European Parliament and of the Council on collective management of copyright and related rights and multi-territorial licensing of rights in musical works for online uses in the internal market COM (2012)372. 2609 See European Commission, Directive on collective management of copyright and related rights and multi-territorial licensing – frequently asked questions, MEMO/14/79 of 04.02.2014, p. 4, http://europa.eu/rapid/press-release_MEMO14-79_en.pdf.

740

B. Prospects

consumers across the EU, along with a slower uptake of innovative services and poor allocation of revenue to rights-holders.2610 The new Directive thus intends to create conditions that can expand the legal offer of online music and also allows online content services to test new business models.2611 As a first step to facilitate invoicing and administration of repertoires, Articles 23 et seq. of the Directive require collecting societies to set up proper databases to be able to keep better track of their own repertoire. In future, collect management societies shall function better and it will be easier for service providers to clear rights.2612 For users this will mean that they will have access to wider variety of content.2613At the same time, rights-holders shall exercise more control over collecting societies. Increased business opportunities and the aforementioned improvements in administering the rights shall ultimately result in increased revenue distributed to the creative industries and thereby also be an incentive to create.2614 Because as of now, the Directive has only been adopted by the Parliament, it remains to be seen how the final provisions will be worded. However, the Directive constitutes a long-awaited and necessary step for the improvement of legal offers on the Internet – in particular, as there are many examples that users are also willing to pay for content. As could be witnessed with iTunes, users also accept payment models as long as they are easy to use and convenient. Though it is not the one and only solution, it clearly is one step on the way for a just and fair system for creators and users. 2. In Specific: Education of Users and Promotion of Legal Offers The scale of copyright infringement2615 proves that users are often ignorant of the law. Ignorant however does not only mean that they necessarily

2610 2611 2612 2613 2614 2615

Ibid. Ibid. Ibid, p. 5. Ibid. Ibid. As outlined in the First Chapter, the scale of copyright infringement is difficult to establish. As many studies on the scale of infringements are commissioned by the rights-holders, the results have to be carefully assessed. However, it cannot be denied that many copyright infringements take place, especially if one looks at the number of warnings sent out in France, on which one has reliable data.

741

General Conclusions

wilfully ignore the law, but also means that they lack understanding of the law as it stands. At the same time, copyright enforcement can lead to frustration, when for instance it is difficult for users to understand why content is blocked in their place of residence but freely available elsewhere.2616 It may also be difficult to understand why it is allowed to copy music from the radio or a non-DRM-protected CD and give it to close friends, but often not allowed to download content from the Internet. For the user the difference in these acts is hard to understand in particular in the light of increased dematerialisation of content. What is thus needed is to accept the reality and invest into the education of Internet users.2617 The latter was also important to the legislators when they drafted the graduated response schemes. Both schemes that have previously been discussed put an emphasis on educating users. Warnings should not only have a dissuasive but also persuasive effect, and thus shall inform users about copyright as such and legal alternatives. It is not necessary that users will fully understand all the details of intellectual property law, but they must be sensitised to understand which behaviour and activities can be problematic in terms of copyright. Copyright as one aspect of media competence must be taught at school level. With more and more children and teens owning smartphones, they must not only learn how to use technology but also how to use it responsibly. In addition, educational campaigns are necessary that do not depict users as criminals as it has been done in the German cam-

2616 A further prominent example for this – beside the aforementioned BBC iPlayer – is YouTube, where many content is blocked for German users due to a unfruitful negotiations regarding a licence between the German collecting society GEMA and YouTube. Without a licence agreement, GEMA has repeatedly obtained injunctions against YouTube to block materials of which GEMA holds the licence. GEMA even succeeded in having the wording of the blocking message that appears when users try to access content changed (LG München I, Decision of 25.02.2014 – 1 HK O 1401/13, Gewerblicher Rechtsschutz und Urheberrecht, Praxis im Immaterialgüter und Wettbewerbsrecht 2014, 140 with comment by Manuel Kleinemenke). GEMA no longer wanted to be the sole scapegoat for the lacking licensing agreement. In fact, what GEMA wants is a fair renumeration. What it achieves is that users consider GEMA as non-consumer-friendly and thus, may rarely develop guilt when they follow the instructions of PC magazines to circumvent blocking (See PC Magazin, YoutubeGEMA-Sperre umgehen – so geht’s, PC Magazin (16.05.2014)). 2617 See in this regard also Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011), pp. 78 et seq.

742

B. Prospects

paign of “Raubkopierer sind Verbrecher”,2618 because copyright is too complex as to justify the equation “copyright infringers are criminals”. Users need to understand what copyright is and why it matters. In this regard, it is also necessary to look beyond copyright infringements from an economical perspective. It may also be that with increased use of smart phones and tablets and a new culture of sharing information, more users themselves become victims of copyright infringements, when other users make use of the images they have uploaded on social media platforms. In that regard, equations such as the above are out of place, insofar as primarily moral rights will be infringed. In parallel, legitimate offers and services need to be promoted. This may be done by enhancing the availability of legal online content in all markets (see above), or clear marking of legal content.2619 Most importantly, it must be prevented that legitimate services have to compete with piracy. In his “Digital Opportunity Report”, Ian Hargreaves refers to a US study that found that pragmatic issues of price and availability usually override moral considerations.2620 Thus, not only promotion of legitimate service is necessary, but service providers and rights-holder must reassess what users get when they buy digital content. As has been outlined in the introduction, online purchase of music in a digital format means that the buyer only acquires a licence to use the digital content. If these copies are sold at the same price as a CD, users will obtain a good that actually has less value. Amazon for instance has recognised this discrepancy and is providing an audio-rip version to most CDs that can be purchased on Amazon’s platform. With such additional services that are easy to use and most importantly reliable, the incentive to pay for content may rise. The education of users and promotion of legitimate content can however never be the only means to fight online piracy; what is necessary is an integrated approach based upon enforcement, promotion of legal services and education.

2618 See Nathalie Waehlisch, Kampagne der Filmindustrie: “Raubkopierer sind Verbrecher“, Der Spiegel online (27.11.2003). 2619 See Lilian Edwards, Next steps in the UK, in: Ian Hargreaves/Paul Hofheinz (eds.), Intellectual property and innovation. A framework for 21st century growth and jobs, p. 38. 2620 Ian Hargreaves, Digital Opportunity, A Review of Intellectual Property and Growth (2011), p. 79.

743

General Conclusions

V. Exciting Time with Pitfalls The digital age brings with it many challenges, in particular when it comes to the protection of copyright. These challenges are responded to in different ways of which graduated response schemes and ACTA are the most controversial. As such, policymaking in the digital intellectual property arena is controversial matter, and has been described as being “bedevilled by a well-funded lobbying community and a lack of technological expertise among legislators”. 2621 With no consensus achievable on macro-level, also regional initiatives like the revision of the IPR Enforcement Directive are taking their time. So what we are faced with is micro-level regulation that has led to some fragmentation, although there still is a common basis and most aspects are basically regulated by EU Directives. Nevertheless the Directives leave room for interpretation which needs to be addressed. As of now, the interpretation in Member States does not diverge fundamentally and the analysis above has shown that the differences are not as severe as they may seem at first glance. Even though there is for instance a discrepancy when it comes to monitoring duties of host providers in order to prevent identical infringements, the interpretation of this notion does not depart essentially. The lacking guidance by the CJEU on the interpretation of this notion is obviously a shortcoming, but the real problem – at least in some occasions – is the lack of understanding of technology by courts. For instance, German courts require file-hosting services to monitor not only their own platform but also basically the whole Internet in order to identify links that have been published and direct to copyrighted works stored on their servers. The courts misinterpreted the feasibility of such extensive monitoring, and only therefore have been able to reach the conclusion that such monitoring is reasonable and proportionate. This shows that it is not only necessary to educate users about copyright but also the judiciary about technology. Unjust balancing of interests of the parties to a case is the result of a lack of understanding of technology by judges. They arrive at constructing result-oriented monitoring duties without paying regard to the technological and economical means of the service providers concerned. It may thus be necessary to introduce “Cyber”-chambers that 2621 Lilian Edwards, Next steps in the UK, in: Ian Hargreaves/Paul Hofheinz (eds.), Intellectual property and innovation. A framework for 21st century growth and jobs, p. 38.

744

B. Prospects

would solely deal with cases that require an assessment on the interface of law and technology. This example also shows that in this exciting time, many pitfalls exist. With new targets for enforcement action being identified, it is necessary to rethink where we are and where we go; and whether that is really where we want to go. Finally, with new technologies attracting the attention of users and smart devices becoming everyday commodities, user behaviour may also be changing. In particular smart devices such as smartphones, smart TVs or tablet PCs are increasingly being used. As of now, these devices have in common that they only have limited storage capacities and thus, it is the technology itself that is turning downloads unattractive.2622 Instead users may be more interested in streaming content. Accordingly, while legislators and rights-holders are concentrating on the combat against peer-topeer file-sharing, this way of sharing may not attract as many users in the near future as it used to. Considering that the graduated response scheme in the UK is still not being applied, one must wonder whether it will ever be employed and what effect it will have. As of now, it is more than likely that it will never come into force. The DEA 2010 is the perfect example how legislative projects struggle to keep up with technology. In these exciting times, there is also light at the end of the tunnel: the music industry has experienced an overall revenue growth recently, also in regard to digital sales.2623 Furthermore, despite the Motion Picture Association of America’s (MPAA) claiming that online piracy is ruining the movie industry, Hollywood achieved record-breaking global box office revenues of USD 35 billion in 2012.2624 At the same time, the publishing industry has encountered a record of revenue stabilisation thanks to an increase in sales of E-books.2625 Thus, the overall situation of the creative industries is not as bad as they may want us to believe. Although copy-

2622 It must nevertheless be noted that peer-to-peer file-sharing apps for smartphones exist, such as for instances BitTorrent, Kazaa Lite and BitComet. 2623 Bart Cammaerts/Robin Mansell/Bingchun Meng, Copyright & Creation, A case for promoting inclusive online sharing (September 2013), London School of Economics and Political Science, Media Policy Brief 9, p. 7. In 2013, for the first time, UK revenues from online music were higher than revenues from CDs and vinyl combined, see ibid. 2624 See ibid, p. 8. 2625 “In 2013, the global book publishing industry was worth some USD 102 billion, larger than the film, music or video games industries. Although revenues from

745

General Conclusions

right is evidently infringed in new dimensions, a lot of factors influence the sale of creative works; neither strict enforcement alone nor education on its own may prevent that pirates become competitors to legitimate offers. An integrated approach is needed that guarantees a fair balance to be struck between the interests of rights-holders, Internet users and online intermediaries. Finally, it remains to be seen if the problems in online copyright enforcement that we encounter today will persist in the future or may be resolved by media convergence and new revenue schemes.

print book sales have declined, this has been offset by increases in sales of eBooks and the rate of growth is not declining”, see ibid, pp. 8 et seq.

746

List of References

Books and Commentaries Ahlberg, Hartwig/Götting, Horst-Peter, Beck’scher Online-Kommentar Urheberrecht (updated 01.02.2014) Barendt, Eric, Freedom of Speech (2nd ed. 2007) Benedek, Wolfgang/Kettemann, Matthias C., Freedom of expression and the Internet (2014) Bentley, Lionel/Sherman, Brad, Intellectual Property Law (2001) Berners-Lee, Tim, Weaving the Web: The original design and ultimate destiny of the World Wide Web by its inventor (2000) Billmeier, Eva, Die Düsseldorfer Sperrungsverfügung: ein Beispiel für verfassungsund gefahrenabwehrrechtliche Probleme der Inhaltsregulierung in der Informationsgesellschaft (2007) Brownsword, Roger/Goodwin, Morag, Law and the technologies of the twenty-first century (2012) Brunn, Inka Frederike, Cache me if you can (2012) Calliess, Christian, Die neue Europäische Union nach dem Vertrag von Lissabon (2010) Cassese, Antonio, International Law (2001) de Schutter, Olivier, International Human Rights Law (2010) Deibert, Ronald/Palfrey, John/Rohozinski, Rafal/Zittrain, Jonathan (eds.), ‘Access denied’ – The practice and policy of global Internet filtering (2008) Dreier, Thomas/Schulze, Gernot, UrhG, Kommentar (3rd ed. 2008) Dreier, Thomas/Schulze, Gernot, UrhG, Kommentar (4th ed. 2013) Greiner, Arved, Die Verhinderung verbotener Internetinhalte im Wege polizeilicher Gefahrenabwehr (2001) Heckmann, Dirk, Juris PraxisKommentar Internetrecht, (2nd ed. 2009) Helfer, Laurence R./Austin, Graeme W., Human rights and intellectual property: Mapping the global interface (2011) Hoeren, Thomas/Sieber, Ulrich/Holznagel, Bernd (eds.), Handbuch Multimedia-Recht (36th amended ed. 2013) Horten, Monica, A copyright masquerade: How corporate lobbying threatens online freedoms (2013) Horten, Monica, The copyright enforcement enigma, Internet politics and the ‘Telecoms Package’ (2011) Ibing, Stefan, Die Einschränkung der europäischen Grundrechte durch Gemeinschaftsrecht (2006)

747

List of References Janis, Mark W./Kay, Richard S./Bradley, Anthony Wilfred, European Human Rights Law: Text and Materials (3rd ed. 2008) Jørgensen, Rikke Frank (ed.), Human Rights in the global information society (2006) Klett, Alexander/Sonntag, Matthias/Wilske, Stephan, Intellectual Property Law in Germany (2008) Köhler, Markus/Arndt, Hans-Wolfgang/Fetzer, Thomas, Recht des Internet, (7th ed. 2011) Laidlaw, Emily, Internet gatekeepers, human rights and corporate social responsibilities (2012), http://etheses.lse.ac.uk/317/1/Laidlaw_Internet%20Gatekeepers,%20 H uman%20 Rights%20and%20Corporate%20Social%20Responsibilities.pdf (last accessed 17.05.2014) Lessig, Lawrence, Code: Version 2.0 (2006) Leupold, Andreas/Glossner, Silke, Münchener Anwaltshandbuch IT-Recht (3rd ed. 2013) Lloyd, Ian J., Information Technology Law (6th ed. 2011) Löwenheim, Ulrich (ed.), Handbuch des Urheberrechts (2nd ed. 2010) MacQueen, Hector/Waelde, Charlotte/Laurie, Graeme/Brown, Abbe, Contemporary intellectual property, Law and policy (2nd ed. 2011) Marsden, Christopher, Net neutrality: Towards a co-regulatory solution (2010) Meyer-Ladewig, Jens, EMRK, Handkommentar (3rd ed. 2011) Mock, William B. T./Demuro, Gianmario (eds.), Human Rights in Europe, Commentary on the Charter of Fundamental Rights of the European Union (2010) Mowbray, Alastair, Cases, materials and comments on the European Convention on Human Rights (3rd ed. 2012) Murray, Andrew, Information Technology Law, The law and society (2nd ed. 2013) Nowak, Manfred, U.N. Covenant on Civil and Political Rights, CCPR Commentary (2005) Pettiti, Louis-Edmond/Decaux, Emmanuel/Imbert, Pierre-Henri (eds.), La Convention Euro–péenne des Droits de l’Homme, Commentaire (1999) Pieroth, Bodo/Schlink, Bernhard/Kniesel, Michael, Polizei- und Ordnungsrecht (2002) Reed, Chris, Making laws for cyberspace (2012) Reed, Chris, Internet Law, Text and Materials (2nd ed. 2004) Rowland, Diane/Kohl, Uta/Charlesworth, Andrew, Information Technology Law (4th ed. 2012) Schaar, Peter, Datenschutz im Internet (2002) Schulz, Wolfgang/Held, Thorsten/Laudien, Arne, Suchmaschinen als Gatekeeper in der öffentlichen Kommunikation: Rechtliche Anforderungen an Zugangsoffenheit und Transparenz bei Suchmaschinen im WWW (2005) Siemen, Birte, Datenschutz als Europäisches Grundrecht (2006) Spindler, Gerald/Schuster, Fabian, Recht der elektronischen Medien (2nd ed. 2011) Spindler, Gerald/Wiebe, Andreas, Internet-Auktionen und elektronische Marktplätze (2nd ed. 2005)

748

List of References Steegmann, Matthias, Die Haftung der Basisinfrastruktur bei rechtswidrigen Internetangeboten, Verantwortlichkeit von Internet- und Finanzdienstleistern im Rahmen des illegalen Online-Glücksspiels (2010) Stokes, Simon, Digital Copyright (2nd ed. 2005) Tanenbaum, Andrew/Wetherall, David, Computer Networks (5th ed. 2011) van Bockel, Bas, The Ne Bis In Idem Principle in EU Law (2010) van Dijk, Peter/Hoof, Godefridus J. H. (eds.), Theory and Practice of the European Convention on Human Rights (4th ed. 2006) Walter, Michel/von Lewinski, Silke, European Copyright Law (2010) Wandtke, Artur-Axel/Bullinger, Winfried, Praxiskommentar zum Urheberrecht (3rd ed. 2009) Scientific Papers and Journal Articles Abbotts, Gillie, A catch for TVCatchup – Limits of the cable defence, Entertainment Law Review 2014, Vol. 25 Issue 1, 17–18 Adermon, Adrian / Liang, Che-Yuan, Piracy, music, and movies: A natural experiment, Uppsala Universitet Working Paper 2010: 18, http://www.nek.uu.se/Pdf/wp201018. pdf (last accessed on 20.04.2014) Aguiar, Luis/Martens, Bertin, Digital music consumption on the Internet: Evidence from clickstream data (2013), European Commission JRC Technical Reports, Institute for Prospective Technological Studies, http://ftp.jrc.es/EURdoc/JRC79605.pdf (last accessed 30.04.2014) Ahlert, Christian/Marsden, Chris/Yung, Chester, How “liberty” disappeared from Cyberspace: The mystery shopper tests Internet content self-regulation, http://www. rootsecure.net/content/downloads/pdf/liberty_disappeared_from_cyberspace.pdf (last accessed on 30.04.2014) Akdeniz, Yaman, To block or not to block: European approaches to content regulation, and implications for freedom of expression, Computer Law & Security Review 2010, 260–272 Alexander, Rachel, FirstRow – access denied, Entertainment Law Review 2013, Vol. 24 Issue 8, 280–283 Alsbih, Amir/Janson, Thomas/Schindelhauer, Christian, Analysis of peer-to-peer traffic and user behaviour (2009), http://archive.cone.informatik.uni-freiburg.de/pubs/ITA 11_bittorrent_alsbih_janson_schindelhauer.pdf (last accessed on 17.05.2014) Angelopoulos, Christina, Beyond the Safe Harbours: Harmonising substantive intermediary liability for copyright infringement in Europe, http://www.ivir.nl/publicatio ns/angelopoulos/IPQ_2013_3.pdf Barron, Anne, 'Graduated Response' à l'Anglaise: Online Copyright Infringement and the Digital Economy Act 2010, Journal of Media Law 2011, Vol. 3 Issue 2, 305– 347

749

List of References Bastard Irène/Bourreau, Marc/Moreau, François, L'impact du piratage sur l'achat et le telechargement legal: une comparaison de quatre filieres culturelles (2012), Working paper, http://manzanamecanica.org/files/Piratage4filieres_06avril2012.pdf (last accessed on 30.04.2014) Benabou, Valérie-Laure, The Chase: The French insight into the ‘Three Strikes’ system, in: Stamatoudi, Irini A. (ed.), Copyright enforcement and the Internet (2010), 163–182 Benassiano, William, Décision n° 2009-590 DC du 22 octobre 2009, La sanction de l'incompétence négative, Revue française de droit constitutionnel 2010, 390–396 Benassiano, William, L'inconstitutionnalité, sanction de l'identification d'un pouvoir de répression pénale dévalué. Décision no 2009-580 DC du 10 juin 2009, Revue française de droit consti-tutionnel 2010, no 81, 168–174 Benkler, Yochai, WikiLeaks and the PROTECT-IP Act: A new public-private threat to the Internet Commons, Daedalus 2011, Vol. 140 Issue 4, 154–164 Bernault, Carine/Lebois, Audrey, Peer-to-peer file sharing and literary and artistic property, A feasibility study regarding a system of compensation for the exchange of works via the Internet (2005), http://privatkopie.net/files/Feasibility-Study-peer-t o-peer-acs_Nantes.pdf (last accessed on 17.05.2014) Besselink, Leonard, Entrapped by the maximum standard: On fundamental rights and subsidiarity in the European Union, Common Market Law Review 1998, Vol. 35, 629–680 Binet-Grosclaude, Aurélie, La décision du Conseil constitutionnel du 10 juin 2009 relative à la loi favorisant la diffusion et la protection de la création sur internet : un coup d'arrêt au pouvoir de sanction des AAI ?, Droit Pénal 2009, No. 11, 11–17 Bölling, Markus, Unterlassungsantrag und Streitgegenstand im Falle der Störerhaftung, Gewerblicher Rechtsschutz und Urheberrecht 2013, 1092–1099 Borges, Georg, Pflichten und Haftung beim Betrieb privater WLAN, Neue Juristische Wochenschrift 2010, 2624–2627 Borges, Georg, Zur Haftung des Betreibers einer Handelsplattform für Markenverletzungen der Nutzer („L'Oréal/eBay“), Entscheidungen zum Wirtschaftsrecht 2011, 823–824 Borghi, Maurizio, Chasing copyright infringement in the streaming landscape, International Review of Intellectual Property and Competition Law 2011, 316–343 Bornkamm, Joachim, E-Commerce Directive vs. IP rights enforcement – Legal balance achieved?, Gewerblicher Rechtsschutz und Urheberrecht – Internationaler Teil 2007, 642–644 Boubekeur, Iliana, De la « loi HADOPI » à la « loi HADOPI 2 ». Analyse de la décision du Conseil constitutionnel 2009-580 DC et de ses conséquences, Revue Lamy Droit de l'Immatériel 2009, No. 51, 107–113 Brömmekamp, Birgit, Der Fall L'Oréal gegen eBay: Prüfstein für die Informationsgesellschaft, Wettbewerb in Recht und Praxis 2011, 306–316 Buchmann, Felix/Brüggemann, Sebastian, Der Preis des „Filesharing“ – Streitwert, Schadensersatz und Kostendeckelung nach § 97 a Abs. 2 UrhG, Kommunikation und Recht 2011, 368–373

750

List of References Burnett, Rachel, The role of Ofcom, ITNOW 2010, Vol. 52 Issue 6, 24 Calliess, Christian, Die Charta der Grundrechte der Europäischen Union – Fragen der Konzeption, Kompetenz und Verbindlichkeit, Europäische Zeitschrift für Wirtschaftsrecht 2001, 261–268 Cammaerts, Bart/Mansell, Robin/Meng, Bingchun, Copyright & Creation, A case for promoting inclusive online sharing (September 2013), London School of Economics and Political Science, Media Policy Brief 9, http://www.lse.ac.uk/media@ls e/documents/MPP/LSE-MPP-Policy-Brief-9-Copyright-and-Creation.pdf (last accessed on 06.06.2014) Caron, Christophe, Responsabilité des hébergeurs : requiem pour le «take down, stay down», Communication Commerce éléctronique 2012, Vol. 14 Issue 9, 28–30 Chaltiel, Florence, La loi HADOPI II de nouveau censurée, Petites affiches 2009, No. 235 (25.11.2009), 7–13 Chang, Liliana, The red flag test for apparent knowledge under the DMCA § 512 (c) Safe Harbor, Cardozo Arts & Entertainment Law Journal, Vol. 28, 195–222 Chen, Erik/Brown, Mark, Taiwan: Taiwan enacts ISP ‘safe harbour’ amendments to Copyright Act, Computer Law & Security Review 2009, Vol. 25 Issue 4, 389–390 Chothia, Tom/Chatzikokolakis, Konstantinos, A survey of anonymous peer-to-peer file-sharing, http://www.lix.polytechnique.fr/~tomc/P2P/Papers/AnonP2PSurvey.pd f (last accessed on 13.08.2013) Christiansen, Per, Störerhaftung des Betreibers einer Video-Plattform wegen Urheberrechtsverletzung, Anmerkung zu LG Hamburg, 310 O 461/10 vom 20.04.2012, Kommunikation & Recht 2012, 533 Christoffersen, Jonas, Human Rights and balancing: The principle of proportionality, in: Geiger, Christophe (ed.), Research Handbook on Human rights and Intellectual Property (2015), pp. 19 – 38 Christopherson, Kimberly M., The positive and negative implications of anonymity in Internet social interaction: “On the Internet, nobody knows you’re a dog”, Computers in Human Behaviour 2007, Vol. 23 Issue 6, 3038–3056 Clarke, Ian/Miller, Scott G./Hong, Theodore W./Sandberg, Oskar/Wiley, Brandon, Protecting free expression online with Freenet, IEEE Internet Computing 2011, Vol. 6 Issue 1, 40–49 Clayton, Richard, Anonymity and traceability in cyberspace (August 2005), Technical Report UCAM-CL-TR-653, http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-6 53.pdf (last accessed on 17.05.2014) Clayton, Richard, Expert Opinion in case R (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, https://www. openrightsgroup.org/assets/JK1RC.pdf (last accessed 30.04.2014) Clayton, Richard, Harmful Content on the Internet and in Video Games (2008), http:// www.cl.cam.ac.uk/~rnc1/080129-cms.pdf (last accessed 13.04.2012) Clayton, Richard, Online traceability: Who did that?, Technical expert report on collecting robust evidence of copyright infringement through peer-to-peer filesharing (2012), http://www.consumerfocus.org.uk/files/2012/07/Online-traceability.pdf (last accessed 30.04.2014)

751

List of References Clayton, Richard/et al., A study of Whois privacy and proxy services abuse, National Physical Laboratory (20.09.2013), http://gnso.icann.org/en/issues/whois/pp-abuse-st udy-20sep13-en.pdf (last accessed on 17.05.2014) Costes, Lionel, Peer to Peer et recherche des contrefacteurs: les précisions de la CJCE, Droit de l'immatériel : informatique, médias, communication 2009, No. 48, 22–23 Czychowski, Christian/Nordemann, Jan Bernd, Grenzenloses Internet – entgrenzte Haftung?, Gewerblicher Rechtsschutz und Urheberrecht-Beilage 2014, 3–13 Czychowski, Christian/Nordemann, Jan Bernd, Vorratsdaten und Urheberrecht – Zulässige Nutzung gespeicherter Daten, Neue Juristische Wochenschrift 2008, 3095–3099 D’Erme, Roberto/Geiger, Christophe/Große Ruse-Khan, Henning/ Heinze, Christian/ Jaeger, Thomas and Others, Opinion of European academics on anti-counterfeiting trade agreement, Journal of Intellectual Property, Information Technology and ECommerce Law 2011, Vol. 2 Issue 1, 65–72 Danaher, Brett/Smith, Michael D/Telang, Rahul/Chen, Siwen, The Effect of Graduated Response Anti-Piracy Laws on Music Sales: Evidence from an Event Study in France (2012), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1989240 (last accessed on 15.05.2014) Danckert, Burkhard/Mayer, Frank Joachim, Die vorherrschende Meinungsmacht von Google – Bedrohung durch einen Informationsmonopolisten?, MultiMedia und Recht 2010, 219–222 Danckwerts, Rolf, Neues vom Störer: Was ist ein „von der Rechtsordnung gebilligtes Geschäftsmodell“?, Gewerblicher Rechtsschutz und Urheberecht-Prax 2011, 260– 262 Dara, Rishabh, Intermediary liability in India: Chilling effects on free expression on the Internet (2011), http://cis-india.org/internet-governance/intermediary-liability-in -india.pdf/view (last accessed on 17.05.2014) de Hert, Paul/Kloza, Dariusz, Internet (Access) as a new fundamental right. Inflating the current rights framework?, European Journal of Law and Technology 2012, Vol. 3 No. 3, http://ejlt.org/article/view/123/268 (last acccessed on 17.05.2014) de Silva, Sam/Weedon, Faye, The Digital Economy Act 2010: Past, present and a future “in limbo”, Computer and Telecommuncations Law Review 2011, Vol. 17 No. 3, 55–62 Derieux, Emmanuel, Le droit communautaire n'impose pas que les législations nationales prévoient l'obligation de communiquer des données à caractère personnel dans le cadre d'une procédure civile, La Semaine Juridique – édition générale 2008, No. 21 (21.05.2008), 40–42 Derieux, Emmanuel, Validation par le Conseil constitutionnel de l'essentiel des dispositions de la loi 'HADOPI 2', Revue Lamy Droit de l'Immatériel 2009, No. 54, 6–8 Devigne, Luc Pierre/Velasco-Martins, Pedro/Iliopoulou, Alexandra, Where is ACTA taking us? Policies and politics, in: Irini Stamatoudi (ed.), Copyright enforcement and the Internet (2010), pp. 29–42

752

List of References Dimita, Gaetano, Six characters in search of infringement: potential liability for creating, downloading, and disseminating .torrent files, Journal of Intellectual Property Law & Practice 2012, Vol. 7 Issue 6, 466–472 Dix, Alexander, Vorratsdatenspeicherung von IP-Adressen?, Datenschutz und Datensicherheit 2003, 234–235 Dnes, Antony W., Should the UK Move to a Fair-Use Copyright Exception, International Review of Intellectual Property and Competition Law 2013, 418–444 Dornseif, Maximilian, Government mandated blocking of foreign Web content, in: von Knop, Jan/Haverkamp, Wilhelm/Jessen, Eike (eds.), Security, E-Learning, E-Services: Proceedings of the 17. DFN-Arbeitstagung über Kommunikationsnetze (2013), Lecture Notes in Informatics, pp. 617–647 Drexl, Josef Nérisson, Sylvie/Trumpke, Felix/Hilty, Reto M., Comments of the Max Planck Institute for Intellectual Property and Competition Law on the Proposal for a Directive of the European Parliament and of the Council on collective management of copyright and related rights and multi-territorial licensing of rights in musical works for online uses in the internal market COM (2012)372 Dussollier, Séverine, L’utilisation légitime de l’œuvre: un noveau sesame pour le benefice des exceptions en droit d’auteur?, Communication commerce électronique November 2005, No. 11, 19 Edelman, Benjamin, Web sites sharing IP addresses: Prevalence and Significance (September 2003), http://cyber.law.harvard.edu/archived_content/people/edelman/i p-sharing/ ((last accessed on 17.05.2014) Edstrom, Jerker/Nillson, Henrik, The Pirate Bay verdict – predictable, and yet…, European Intellectual Property Review 2009, Vol. 31 No. 9, 483–487 Edwards, Lilian, Next steps in the UK, in: Hargreaves, Ian /Hofheinz, Paul (eds.), Intellectual property and innovation. A framework for 21st century growth and jobs, pp. 37–41 http://www.lisboncouncil.net/index.php?option=com_downloads&i d=693 (last accessed on 06.06.2014) Edwards, Lilian, Mandy and Me: Some Thoughts on the Digital Economy Bill, ScriptED 2009, Vol. 6 Issue 3, 534–537 Edwards, Lilian/Waelde, Charlotte, Online intermediaries and liability for copyright infringement, WIPO Workshop Keynote Paper (2005), http://papers.ssrn.com/sol3/pa pers.cfm?abstract_id=1159640 (last accessed 16.06.2009) Engel, Christoph, Die Internet-Service-Provider als Geiseln deutscher Ordnungsbehörden – Eine Kritik an den Verfügungen der Bezirksregierung Düsseldorf, MultiMedia und Recht 2003, Beilage 4 Engström, Christian/Falkvinge, Rick, The case for copyright reform (2012), http://ww w.copyrightreform.eu/sites/copyrightreform.eu/files/The_Case_for_Copyright_Ref orm.pdf (last accessed on 06.06.2014) Ensthaler, Jürgen/Heinemann, Jürgen, Die Fortentwicklung der Providerhaftung durch die Rechtsprechung, Gewerblicher Rechtsschutz und Urheberrecht 2012, 433–440 Fangerow, Kathleen/Schulz, Daniela, Die Nutzung von Angeboten auf www.kino.to, Eine urheberrechtliche Analyse des Film-Streamings im Internet, Gewerblicher Rechtsschutz und Urheberrecht 2010, 677–682

753

List of References Farrand, Benjamin, The Digital Economy Act 2010: A cause for celebration, or a cause for concern, European Intellectual Property Review 2010, Vol. 32 Issue 10, 536–541 Feeman, Vickie L./Coats, William S./Rafter, Heather D./Given, John G., Revenge of the Record Industry Association of America: The rise and fall of Napster, Villanova Sports & Entertainment Law Journal 2002, Vol. 9, 35–36 Feiler, Lukas, Tor als Prüfstein der Data Retention Richtlinie (2005), http://www.lukas feiler.com/Tor.pdf (last accessed on 17.05.2014) Finger, Manuel/Apel, Simon, Anmerkung zu BGH, Urteil vom 15. August 2013 – I ZR 80/12 – File-Hosting Dienst, Zeitschrift für Urheber- und Medienrecht 2013, 879– 882 Fiscor, Milhály J., The WIPO “Internet Treaties” and copyright in the “cloud”, ALAI 2012 Congress, pp.40 et seq., http://www.alai.jp/ALAI2012/program/paper/The%2 0WIPO%20Internet%20Treaties%20and%20copyright%20in%20the%20Cloud%2 0%EF%BC%88Dr.%20Mih%C3%A1ly%20J.%20Ficsor%EF%BC%89.pdf Francillon, Jacques, Téléchargement illégal. Heur et malheur de la loi Création et Internet : la loi HADOPI censurée par le Conseil constitutionnel, Revue de science criminelle et de droit pénal comparé 2009, No. 3, 609–622 Frey, Dieter/Rudolph, Matthias, Zugangserschwerungsgesetz: Schnellschuss mit Risiken und Nebenwirkungen, Computer und Recht 2009, 644–651 Frey, Dieter/Rudolph, Matthias/Oster, Jan, Internetsperren und der Schutz der Kommunikation im Internet, Am Beispiel behördlicher und gerichtlicher Sperrungsverfügungen im Bereich des Glücksspiel- und Urheberrechts, MultiMedia und Recht-Beilage 2012 to Issue 3, 1–26 Frhr. Raitz von Frentz, Wolfgang/Masch, Christian L., Anmerkung zu EuGH, Urteil vom 7. März 2013 – EUGH 2013-03-07 Aktenzeichen C-607/11 – Livestreaming, ITV Broadcasting Ltd. u. a./ TVCatchup Ltd., Zeitschrift für Urheber- und Medienrecht 2013, 393–395 Gallant, Kenneth S., Legality as a Rule of Customary International Law: Non-Retroactivity of Crimes and Punishments – research through 2010 (14.06.2011), UALR Bowen School Research Paper No. 11–12, http://ssrn.com/abstract=1864930 (last accessed on 17.05.2014) Gardiner, Paddy/Abbotts, Gillie, Sky’s the limit for ISP blocking orders, Entertainment Law Review 2013, Vol. 24 Issue 6, 217–219 Gardiner, Paddy/Althoff, Juliane, High Court grants further blocking injunction against film and TV streaming websites, Entertainment Law Review 2014, Vol. 25 Issue 3, 108–110 Gautron, Allan, La « réponse graduée » (à nouveau) épinglée par le Conseil constitutionnel. Ou la délicate adéquation des moyens aux fins, Revue Lamy Droit de l'Immatériel 2009, No. 51, 63–73 Geiger, Christophe, Counterfeiting and the music industry: towards a criminalization of end users? The French ‘HADOPI’ example, in: Geiger, Christophe (ed.), Criminal enforcement of intellectual property (2012), pp. 386–402

754

List of References Geiger, Christophe, Honourable attempt but (ultimately) dis-proportionately offensive against peer-to-peer on the internet (HADOPI) – a critical analysis of the recent anti-file-sharing legislation in France, International Review of Intellectual Property and Competition Law 2011, Vol. 42, 457–472 Geiger, Christophe, Intellectual Property Shall be Protected!? – Article 17(2) of the Charter of Fundamental Rights of the European Union: a Mysterious Provision with an Unclear Scope, European Intellectual Property Review 2009, 113–117 Geiger, Christophe, Les exceptions au droit d’auteur en France, in: Geiger, Christophe/ Bouyssi-Ruch, Michele/Hilty, Reto M. (eds.), Perspectives d’harmonisation du droit d’auteur en Europe, pp. 335–360 Giblin, Rebecca, Evaluating graduated response, Columbia Journal of Law & the Arts 2014, Vol. 37 No. 2, 147–209 Griffin, James, Copyright evolution – creation, regulation and the decline of substantively rational copyright law, Intellectual Property Quarterly 2013, 234–252 Griffin, James G. H., The effect of the Digital Economy Act 2010 upon ‘Semiotic Democracy’, International Review of Law, Computers & Technology 2010, Vol. 24 No. 3, 251–262 Griffiths, Jonathan, Constitutionalising or harmonising? – the Court of Justice, the right to property and European copyright law, European Law Review 2013, Vol. 38, 65–78 Griffiths, Jonathan, Criminal liability for intellectual property infringement in Europe: the role of fundamental rights, in: Geiger, Christophe (ed.), Criminal enforcement of intellectual property (2012), pp. 191–212 Griffiths, Jonathan, Enforcement of intellectual property rights and the right to a fair trial, in: Geiger, Christophe (ed.), Research handbook on human rights and intellectual property (2015), pp. 438 - 454 Grosskopf, Lambert, Anmerkung zum Urteil des LG Hamburg: Störerhaftung des Internanschlussinhabers für Urheberrechtsverletzungen, Computer und Recht 2007, 122–124 Hammond, Robert G., Profit Leak? Pre-released file-sharing and the music industry (2013), Working paper, http://www4.ncsu.edu/~rghammon/Hammond_File_Sharing _Leak.pdf (last accessed on 17.05.2014) Hauck, Ronny/Heim, Sebastian, Schwerpunktbereich Urheberrecht: Die rechtliche Bewertung von „Filesharing“- und „Streaming“- Sachverhalten, Juristische Schulung 2014, 303–307 Headdon, Toby, Beyond liability: on the availability and scope of injunctions against online intermediaries after L’Oréal v eBay, European Intellectual Property Review 2012, Vol 34 Issue 3, 137–144 Hečko, Zuzana, Data retention by Internet service providers for IP rights protection: Bonnier Audio (C-461/10), Journal of Intellectual Property Law and Practice 2012, 449–456 Heidrich, Joerg, Weitergehende Prüfpflichten bei besonderer Gefahrengeneigtheit eines File-Hosting-Diensts, K&R-Kommentar, Kommunikation & Recht 2013, 655–662

755

List of References Heinemeyer, Dennis/Kreitlow, Matthias/Nordmeyer, Arne/Sabellek, André: Kampf gegen Filesharing als Modell verfehlter Mehrfachkompensation? – Fragen zur Schadenshöhe, zu Gesamtschuldnern und Beweisen bei Tauschbörsen, MultiMedia und Recht 2012, 279–284 Helfer, Laurence R., The new innovation frontier? Intellectual property and the European Court of Human Rights, in: Torremans, Paul L. C. (ed.), Intellectual Property and Human Rights, Enhanced Edition of Copyright and Human Rights (2008), pp. 25–76 Herr, Robin Elizabeth, Can Human Rights Law Support Access to Communication Technology? A Case Study under Article 10 of the Right to Receive Information, Information & Communications Technology Law 2013, Vol. 22, No. 1, 1–13 Hocking, Ryan, Secondary liability in copyright infringement: still no ‘Newz’?, Entertainment Law Review 2012, Vol. 23 Issue 4, 83–90 Hoeren, Thomas, Anmerkung zu BGH: Störerhaftung von RapidShare – Alone in the Dark, MultiMedia und Recht 2013, 185–189 Hoeren, Thomas, Kurzgutachten zur BMWi-Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheberrechtsverletzungen (2012), http://politik.eco.de/files/2012/03/20120227-Hoeren-eco-Gutachten_ final-2702.pdf (last accessed on 10.03.2013) Hoeren, Thomas, The European liability and responsibility of providers of online-platforms such as “Second Life”, Journal of Information, Law & Technology 2009, Issue 1, http://go.warwick.ac.uk/jilt/2009_1/hoeren (last accessed on 10.03.2013) Hoeren, Thomas/Bilek, Julia Ariella, Die territoriale Exklusivitätsvereinbarung bei Fußball-Übertragungen – Ein Modell der Vergangenheit!, Computer und Recht 2011, 735–741 Hoeren, Thomas/Yankova, Silviya, The liability of Internet intermediaries – The German perspective, International Review of Intellectual Property and Competition Law 2012, 501–531 Höfinger, Frank Michael, Anmerkung zu EuGH, Urteil vom 13. Februar 2014 – C-466/12 – Nils Svensson u.a./Retriever Sverige AB, Zeitschrift für Urheber- und Medienrect 2014, 293–295 Hofmann, Herwig/Mihaescu, Bucura, The relation between the Charter's fundamental rights and the unwritten general principles of EU law: good administration as the test case, European Constitutional Law Review 2013, Vol. 9. No. 1, 73–101 Hörnle, Julia, Premature or Stillborn? – The Recent Challenge to the Digital Economy Act, Computer Law & Security Review 2012, Vol. 28, 83–89 Horten, Monica, The Digital Economy Act in the dock: A proportionate ruling? Journal of Intellectual Property, Information Technology and Electronic Commerce Law 2012, 81–87 Hoy, Ruth/Wilks, John/Edbrooke, Nick, Dramatico Entertainment v BskyB: Pirate Bay runs aground in English waters, Entertainment Law Review 2012, Vol. 23 Issue 5, 151–153 Hyland, Mark, The seductive interface between adult entertainment and Norwich Pharmacal Relief, Communications Law 2013, Vol. 18 Issue 2, 56–60

756

List of References Imbert-Quaretta, Mireille/Monfort, Jean-Yves/Carpentier, Jean-Baptiste, La contravention de négligence caractérisée à la lumière de la mise en œuvre de la procédure de réponse graduée, La Semaine Juridique – Édition Générale 2012, No. 19, 966–971 Introna, Lucas D./Nissenbaum, Helen, Shaping the Web: Why the politics of search engine matters, The Information Society 2000, Vol. 16, 169–185 Jasserand, Catherine, YouTube guilty but not liable for late removal of infringing material, Journal of Intellectual Property Law & Practice 2012, Vol. 7 Issue 11, 790–791 Lynn, Jeff, Copyright for growth, in: Hargreaves, Ian/Hofheinz, Paul (eds.), Intellectual property and innovation. A framework for 21st century growth and jobs, pp. 11-16, http://www.lisboncouncil.net/index.php?option=com_downloads&id=693 (last accessed on 06.06.2014) Johnson, M. Eric/McGuire, Dan/Willey, Nicholas D., The evolution of the peer-to-peer file sharing industry and the security risks for users, Proceedings of the 41st Hawaii International Conference on System Sciences 2008, http://cds.tuck.dartmouth.edu/di gital/assets/images/30750383.pdf (last accessed 13.03.2013) Jones, Joseph, Internet pirates walk the plank with Article 10 kept at bay: Neij and Sunde Kolmisoppi v Sweden, European Intellectual Property Review 2013, Vol. 35 Issue 11, 695–700 Joseph, Paul/Ward, Charlotte, Golden Eye (International) Ltd v Telefonica UK Ltd, Entertainment Law Review 2012, Vol. 23 Issue 6, 183–185 Kahlert, Henning, Urheberrecht kontra Datenschutz: EuGH bremst Forderungen nach einem zivilrechtlichen Auskunftsanspruch gegen Internet-Provider über die Identität von Tauschbörsen-Benutzern, European Law Reporter 2008, 7882 Kennedy, Rónán, No Three Strikes for Ireland (yet): EU Copyright Law and individual liability in recent Internet file sharing litigation, Journal of Internet Law 2011, Vol. 14, 15–28 Keplinger, Michael, Enforcement of IP rights in the digital environment: The role of the World Intellectual Property Organisation, Gewerblicher Rechtsschutz und Urheberrecht – Internationaler Teil 2007, 648–649 Kern, Benjamin D., Whacking, joyriding and war-driving: Roaming use of Wi-Fi and the Law, CIPerati – a Cyberspace and I.P. Law newsletter 2005, Vol. 2 Issue 4, http://apps.americanbar.org/buslaw/committees/CL320010pub/newsletter/0009/ (last accessed on 17.05.2014) Kioupis, Dimitris, Criminal liability on the Internet, in: Stamatoudi, Irini (ed.), Copyright enforcement on the Internet (2010), pp. 233–254 Klett, Alexander, Cloud und Privatkopie, Zeitschrift für Urheber- und Medienrecht 2014, 18–22 Kohl, Uta, The rise and rise of online intermediaries in the governance of the Internet and beyond – connectivity intermediaries, International Review of Law, Computers & Technology 2012, Vol. 26 Issue 2–3, 185–210 Kortlander, Jenny, Is filtering the new silver bullet in the fight against child pornography on the Internet? A legal study into the experiences of Australia and Germany, Computer and Telecommunications Law Review, 2011, Vol. 17 Issue 7, 199–208

757

List of References Kraßer, Rudolf, Schadensersatz für Verletzungen von gewerblichen Schutzrechten und Urheberrechten nach deutschem Recht, Gewerblicher Rechtsschutz und Urheberrecht, Internationaler Teil 1980, 259–272 Krüger, Stefan/Apel, Simon, Haftung von Plattformbetreibern für urheberrechtlich geschützte Inhalte – Wie weit geht die Haftung und wann droht Schadensersatz?, MultiMedia und Recht 2012, 144–151 Krüger, Stefan/Maucher, Svenja-Ariane, IP-Adresse wirklich ein personenbezogenes Datum? – Ein falscher Trend mit großen Auswirkungen auf die Praxis, MultiMedia und Recht 2011, 433–439 Kulk, Stefan/Zuiderveen Borgesius, Frederik, Filtering for Copyright Enforcement in Europe after the SABAM cases, European Intellectual Property Review 2012, 54– 58 Kuner, Christopher, Data Protection and Rights Protection on the Internet: The Promusicae Judgment of the European Court of Justice, European Intellectual Property Review 2008, 199–202 Larsson, Stefan, Metaphors, Law and digital phenomena: the Swedish pirate bay court case, International Journal of Law and Information Technology 2013, Vol. 21 No. 4, 354–379 Larusson, Haflidi Kristjan, Uncertainty in the scope of copyright: the case of illegal file-sharing in the UK, European Intellectual Property Review 2009, Vol. 31 No. 3, 124–134 Lauinger, Tobias/Kirda, Engin/Michiardi, Pietro, Paying for piracy? An analysis of one-click hosters’ controversial reward schemes, in: Balzarotti, Davide/Stolfo, Salvatore J./Cova, Marco (eds.), Research in attacks, intrusions, and defenses (2012), Lecture Notes in Computer Science Vol. 7462, pp. 169–189 Leistner, Matthias, Grundlagen und Perspektiven der Haftung für Urheberrechtsverletzungen im Internet, Zeitschrift für Urheber- und Medienrecht 2012, 722–740 Leistner, Matthias, Structural aspects of secondary (provider) liability in Europe, Journal of Intellectual Property and Practice 2014, Vol. 9 No. 1, 75–90. Leistner, Matthias/Stang, Felix, Die Neuerung der wettbewerbsrechtlichen Verkehrspflichten – Ein Siegeszug der Prüfungspflichten? Wettbewerb in Recht und Praxis 2008, 533–555 Lemarchand, Stéphane/Lampe, Anne-Sophie, L'arrêt eBay c/ L'Oréal de la CJUE du 12 juillet 2011 revisite les conditions de la qualification de fournisseur d'hébergement au sens de l'article 14 de la directive « e-commerce », Droit de l'immatériel : informatique, médias, communication 2011, No. 75, 53–58 Lemley, Mark/Levine, David/Post, David, Don't break the Internet, Stanford Law Review Online 2011, Vol. 64, 34–38, http://www.stanfordlawreview.org/online/don t-break-internet (last accessed on 12.06.2012) Lievens, Dennis, L'Oréal v. eBay – Welcomed in France, resented in England, International Review of Intellectual Property and Competition Law 2012, 68–76 Lindner, Brigitte, The WIPO Treaties, in: Lindner, Brigitte/Shapiro, Ted, Copyright in the Information Society (2011), pp. 3–26

758

List of References Liu, Zhengye/Dhungel, Prithula/Wu, Di/Zhang, Chao/Ross, Keith W., Understanding and improving incentives in private P2P communities (2010), http://www.cis.poly.e du/~ross/papers/private_incentive.pdf (last accessed on 20.04.2013) Lodder, Arno R./van der Meulen, Nicole S., Evaluation of the role of access providers, Discussion of Dutch Pirate Bay case law and introducing principles on directness, effectiveness, costs, relevance, and time, Journal of Intellectual Property, Information Technology and Electronic Commerce Law 2013, Vol. 4 Issue 2, 130–141 Lou, Xiaosong/Hwang, Kai, Adaptive content poisoning to prevent illegal file distribution in P2P networks (2006), http://gridsec.usc.edu/files/publications/IEEE-TC-Lou -Hwang-Aug24-2006.pdf (last accessed on 20.04.2013) Maaßen, Stefan, Urheberrechtlicher Auskunftsanspruch und Vorratsdatenspeicherung, MultiMedia und Recht 2009, 511–515 MacEwan, Neil, A tricky situation: deception in cyberspace, Journal of Criminal Law 2013, Vol. 77 Issue 5, 417–432 Mac Síthigh, Daithí, The fragmentation of intermediary liability in the UK, Journal of Intellectual Property Law & Practice 2013, Vol. 8 No. 7, 521-531 Mankowski, Peter, Die Düsseldorfer Sperrungsverfügung – alles andere als rheinischer Karneval, MultiMedia und Recht 2002, 277–278 Mansell, Robin/Steinmueller, W. Edward, Copyright infringement online: The case of the Digital Economy Act Judicial Review in the United Kingdom, New Media & Society 2013, Vol. 15, 1312–1328 Marino, Laure, Le droit d'accès à internet, nouveau droit fondamental, Recueil Dalloz 2009, Issue 30, 2045–2046 Matthews, Duncan/Zikovska, Petra, The rise and fall of the Anti-counterfeiting Trade Agreement (ACTA): lessons for the European Union, International Review of Intellectual Property and Competition Law 2013, Vol. 44 Issue 6, 626–655 McIntyre, T.J., Child abuse images and Cleanfeeds: Assessing Internet blocking systems, in: Ian Brown (ed.), Research handbook on governance of the Internet (2012), 277–302 Meale, Darren, A triple strike against piracy as the music industry secures three more blocking injunctions, Journal of Intellectual Property Law & Practice 2013, Vol. 8, No. 8, 591–594 Meale, Darren, Avast, ye file sharers! The Pirate Bay is sunk, Journal of Intellectual Property Law & Practice 2012, Vol. 7 No. 9, 646–648 Meale, Darren, NewzBin2: the first section 97A injunction against an ISP, Journal of Intellectual Property Law & Practice 2011, Vol. 6 No. 12, 854–857 Meale, Darren, Premier League 1, Internet pirates 0: sports streaming website the latest to be blocked, Journal of Intellectual Property Law & Practice 2013, Vol. 8 No. 11, 821–823 Meale, Darren, SABAM v Scarlet: of course blanket filtering of the Internet is unlawful, but this isn’t the end of the story, European Intellectual Property Review 2012, Vol. 34 Issue 7, 429–432 Meier-Beck, Peter, Herausgabe des Verletzergewinns – Strafschadensersatz nach deutschem Recht, Gewerblicher Rechtsschutz und Urheberrecht 2005, 617–623

759

List of References Mendis, Dinusha, Digital Economy Act 2010: fighting a losing battle? Why the ‘three strikes’ law is not the answer to copyright law’s latest challenge, International Review of Law, Computers & Technology 2013, Vol. 27 Issue 1–2, 60–84 Meyerdierks, Per, Personenbeziehbarkeit Statischer IP-Adressen – Datenschutzrechtliche Einordnung der Verarbeitung durch Betreiber von Webseiten, MultiMedia und Recht 2013, 705–708 Meyerdierks, Per, Sind IP-Adressen personenbezogene Daten, MultiMedia und Recht 2009, 8–14 Michel, Norbert, The impact of digital file sharing on the music industry: An empirical analysis, B.E. Journal of Economic Analysis & Policy 2006, Vol. 6 Issue 1, 1–24 Miller, Ernest/Feigenbaum, Joan, Taking the copy out of copyright, in: Sander, Tomas (ed.), Security and Privacy in Digital Rights Management, ACM CSS-8 Workshop DRM 2001 (2002), 233–244 Milstein, Alexander, Anmerkung zu EGMR: Haftung eines Forenbetreibers für anonyme Nutzerkommentare mit Meinungsfreiheit vereinbar, MultiMedia und Recht 2014, 41–42 Möller, Doris, Urheber-/Datenschutzrecht: Herausgabe gespeicherter Verkehrsdaten zur zivilrechtlichen Verfolgung von Urheberrechtsverletzungen, Europäische Zeitschrift für Wirtschaftsrecht 2012, 519–520 Montéro, Étienne/van Enis, Quentin, Ménager la liberté d’expression au regard des mesures de filtrage imposées aux intermédiaires de l’internet : la quadrature du cercle ?, Revue Lamy Droit de l'Immatériel 2008, No. 40 Moos, Flemming, Die Entwicklung des Datenschutzrechts im Jahr 2007, Kommunikation & Recht 2008, 137–145 Moreno, Felipe Romero, Incompatibility of the Digital Economy Act 2010 subscriber appeal process provisions with Article 6 of the ECHR, International Review of Law, Computers & Technology 2014, 1–17 Morgenstern, Holger, Zuverlässigkeit von IP-Adressen-Ermittlungssoftware, Zur Sicherheit der eingesetzten Programme und Verfahren zur Verletzungsdokumentation, Computer und Recht 2011, 203–208 Moss, Gary, Golden Eye v Telefonica: Media CAT revisited, Journal of Intellectual Property Law & Practice 2012, Vol. 7 No. 12, 872–878 Moss, Gary, Media CAT v Adams: the CAT that did not get the cream, Journal of Intellectual Property Law & Practice 2011, Vol. 6 No. 11, 813–820 Mueller, Milton/Kuehn, Andreas/Santoso, Stephanie Michelle, Policing the Network: Using DPI for Copyright Enforcement, Surveillance & Society 2012, Vol. 9 Issue 4, 348–364 Mühlberger, Sven, Die Haftung des Internetanschlussinhabers bei Filesharing-Konstellationen nach den Grundsätzen der Störer-haftung, Gewerblicher Rechtsschutz und Urheberrecht 2009, 1022–1027 Nas, Sjoera, The Multatuli Project ISP Notice & take down, revised article (27.10.2004), http://www.bof.nl/docs/researchpaperSANE.pdf (last accessed on 24.06.2009)

760

List of References Nasir, Colin, Taming the beast of file-sharing—Legal and technological solutions to the problem of copyright infringement over the Internet: Part 2, Entertainment Law Review 2005, Vol. 16 No. 4, 82–88 Neill, Art, Does a new wave of filesharing lawsuits represent a new business model for copyright owners?, Journal of Internet Law 2011, Vol. 14 No.12, 1–17 Nguyen, Godefroy Dang/Dejean, Sylvain/Moreau, François, Are streaming and other music consumption modes substitutes or complements? (2012), http://ssrn.com/abst ract=2025071 (last accessed on 30.04.2014) Nicol, Danny, Original Intent and the European Convention on Human Rights, Public Law 2005, 152–172 Nolte, Georg/Wimmers, Jörg, Wer stört? Gedanken zur Haftung von Intermediären im Internet, GRUR-Beilage 2014, 58–69 Nordemann, Jan Bernd, Haftung von Providern im Urheberrecht, Gewerblicher Rechtsschutz und Urheberrecht 2011, 977–981 Nordemann, Jan Bernd, Störerhaftung für Urheberrechtsverletzungen – Welche konkreten Prüfpflichten haben Hostprovider (Contentprovider)?, Computer und Recht 2010, 653–661 Nordemann, Jan Bernd/Schaefer, Martin, Vermittlereigenschaft eines AccessProviders, Gewerblicher Rechtsschutz und Urheberrecht 2009, 583–584 Oberholzer-Gee, Felix/Strumpf, Koleman, The effect of file sharing on record sales: An empirical analysis, Journal of Political Economy 2007, Vol. 115 Issue 1, 1–42 Paal, Boris/Hennemann, Moritz, Schutz von Urheberrechten im Internet, ACTA, Warnhinweismodell und Europarecht, MultiMedia und Recht 2012, 288–293 Peguera, Miquel, The DMCA safe harbors and their European counterparts: A comparative analysis of some common problems, Columbia Journal of Law & the Arts 2009, Vol. 32, 481–482 Peitz, Martin/Waelbroeck, Patrick, The effect of internet piracy on music sales: Crosssection evidence, Review of Economic Research on Copyright Issues 2004, Vol. 1 Issue 2, 71–79 Perez, Nico, New creative- and content-delivery services, in: Hargreaves, Ian/ Hofheinz, Paul (eds.), Intellectual property and innovation. A framework for 21st century growth and jobs, pp. 22–26, http://www.lisboncouncil.net/index.php?option =com_downloads&id=693 (last accessed on 06.06.2014) Peter, Markus, Störer im Internet – Haften Eltern für ihre Kinder? Kommunikation und Recht 2007, 371–375 Piasentin, Robert C., Unlawful? Innovative? Unstoppable? A comparative analysis of the potential legal liability facing P2P end-users in the United States, United Kingdom and Canada, International Journal of Law and Information Technology 2006, No. 14, 195–241 Piatek, Michael/Kohno, Tadayoshi/Krishnamurthy, Arvind, Challenges and directions for monitoring P2P file sharing networks – or – Why my printer received a DMCA takedown notice, University of Washington Technical Report 2008, UW-CS, http:// dmca.cs.washington.edu/uwcse_dmca_tr.pdf (last accessed on 17.05.2014)

761

List of References Poort, Joost/Leenheer, Jorna/von der Ham, Jeroen/Dumitru, Cosmin, Baywatch: Two approaches to measure the effects of blocking access to the Pirate Bay, Telecommunications Policy 2014, Vol. 38 Issue 4, 383–392 Prechal, Sacha, Competence creep and general principles of Law, Review of European Administrative Law 2010, Vol. 3 Issue 1, 5–22 Psychogiopoulou, Evangelia, Copyright enforcement, human rights protection and the responsibilities of Internet service providers after Scarlet, European Intellectual Property Review 2012, 552–555 Reinbacher, Tobias, Strafbarkeit der Privatkopie von offensichtlich rechtswidrig hergestellten oder öffentlich zugänglich gemachten Vorlagen, Gewerblicher Rechtsschutz und Urheberrecht 2008, 394–401 Reinbothe, Jörg, The EU Enforcement Directive 2004/48/EC as a tool for copyright enforcement, in: Stamatoudi, Irini (ed.), Copyright enforcement and the Internet (2010), pp. 3–28 Revet, Thierry, Droit de propriété sur droit de propriété ne vaut, Revue trimestrielle de droit civil 2009, No. 4, 754–756 Revet, Thierry, La consécration de la liberté d'accéder aux services de communication au public en ligne, protection comme res de la position contractuelle permettant l'accès au réseau internet ?, Revue trimestrielle de droit civil 2009, No. 4, 756–757 Ricke, Thorsten/Wild, Fabian, Konten in Sachen „kino.to“ beschlagnahmt, MultiMedia und Recht-Aktuell 2011, 319492 Roemer, Ryan, The digital evolution: Freenet and the future of copyright in the Internet, UCLA Journal of Law & Technology 2002, Vol. 6 Issue 2, 1–28 Rogers, Michael/Bhatti, Saleem, How to disappear completely: A survey of private peer-to-peer networks 2 (2007), http://www.cs.st-andrews.ac.uk/~saleem/papers/20 07/space2007/space2007-rb2007.pdf (last accessed on 17.05.2014) Rosenkranz, Timo, Sperrungsverfügungen gegen Access-Provider, JurPC 2003, Web– Dok. 16/2003, http://www.jurpc.de/jurpc/show?id=20030016 (last accessed on 17.05.2014) Rösler, Hannes, Comment to OLG Hamburg, Decision of 08.02.2006 – 5 U 78/05 (Cybersky), International Review of Intellectual Property and Competition Law 2006, 994–996 Ross, Alexander/Livingstone, Claire, Communication to the public: Part 2, Entertainment Law Review 2012, Vol. 23 Issue 7, 209–213 Rössel, Markus, Filterpflichten des Providers im Lichte des EuGH – Eine Entlastung des I. Zivilsenates, Computer und Recht 2011, 589–597 Roth, Hans-Peter, Überwachungs- und Prüfungspflicht von Providern im Lichte der aktuellen EuGH-Rechtsprechung, zugleich Anm. zu EuGH, Urteil vom 24..11.2011 – C-70/10, Zeitschrift für Urheber- und Medienrecht 2012, 125–128 Roth, Hans-Peter, Verantwortlichkeit von Betreibern von Internet-Marktplätzen für Markenrechtsverletzungen durch Nutzer: L'Oréal gegen eBay, Wettbewerb in Recht und Praxis 2011, 1258–1268 Rousseau, Dominique, Après HADOPI 1et HADOPI 2, HADOPI 3 ? La décision du Conseil constitutionnel du 22 octobre 2009, Légipresse 2009, No. 267, 173–174

762

List of References Rousseau, Dominique, Hado-pirate la Constitution : le Conseil sanctionne !, Revue Lamy Droit de l'Immatériel 2009, No. 51, 103–105 Rudkin-Binks, Jason/Melbourne Stephanie, The new ‘three strikes’ regime for copyright enforcement in New Zealand – requiring ISPs to step up to fight, Entertainment Law Review 2009, Vol. 20, 146–149 Rühmkorf, Andreas, The Liability of online auction portals: Towards a Uniform Approach?, Journal of Internet Law 2010, Vol. 14 Issue 4, 3–10 Sachdeva, Akash/McDonald, Jonathan, The use of Norwich Pharmacal orders to identify online infringers – an old remedy updated for modern times, Entertainment Law Review 2013, Vol. 24 Issue 3, 103–106 Salsas, Eduard/Härting, Niko, L'Oréal v. eBay – Consequences for EU Member States, Computer Law Review International 2011, Issue 5, 137–142 Savola, Pekka, Blocking injunctions and website operators’ liability for copyright infringement for user-generated links, European Intellectual Property Review 2014, Vol. 36 Issue 5, 279–288 Schapiro, Leo, Anhaltende Rechtsunsicherheit für die Betreiber von Internetmeinungsportalen?, Das Urteil des EGMR „Delfi AS v. Estonia“ und seine Auswirkungen auf die deutsche Rechtslage, Zeitschrift für Urheber- und Medienrecht 2014, 201–210. Scharf Nick, Napster’s long shadow: copyright and peer-to-peer technology, Journal of Intellectual Property Law & Practice 2011, Vol. 6 No. 11, 806–812 Schmitz, Sandra, The US SOPA and PIPA – A European Perspective, International Review of Law, Computers & Technology 2013, Vol. 27 Issue 1-2, 213–229 Schmitz, Sandra, Die Verfolgung von Urheberrechtsverletzungen im Internet – Neues vom EUGH, in: Taeger, Jürgen (ed.), IT und Internet – Mit Recht gestalten, Tagungsband Herbstakademie 2012 (2012), pp. 227–243 Schmitz, Sandra, Facebook’s real name policy, Bye-bye, Max Mustermann?, Journal of Intellectual Property, Information Technology and E-Commerce Law 2013, Vol. 4 Issue 3, 190–204 Schmitz, Sandra, The RedTube copyright infringement affair in Germany: Shame on who?, International Review of Law, Computers & Technology 2015, Vol. 29 Issue 1, pp. 33 - 49 Schmitz, Sandra/Ries, Thorsten, Three songs and you are disconnected from Cyberspace? Not in Germany where the industry may “turn Piracy into Profit”, European Journal of Law and Technology 2012, Vol. 3 No. 1 Schmitz, Sandra/Siry, Lawrence, Online-Archive – „Der ewige Pranger im Internet”? in: Taeger, Jürgen (ed.), Digitale Evolution, Tagungsband Herbstakademie 2010 (2010), pp. 217–232 Schnabel, Christoph, Das Zugangserschwerungsgesetz – Zum Access-Blocking als ultima ratio des Jugendschutzes, Juristenzeitung 2009, 996–1001 Schreier, Thorsten, Düsseldorfer Sperrungsverfügung: Warum ein Provider erfolgreich war, MultiMedia und Recht 2004, 297–302 Schrijvers, Marlous, European Court rules on the position of eBay regarding the sale of infringing products: L'Oréal v eBay, European Intellectual Property Review 2011, Vol. 33 Issue 11, 723–724

763

List of References Schwartmann, Rolf, Filesharing, Sharehosting & Co, Funktionsweise und rechtliche Bewertung aktueller Erscheinungsformen von Urheberrechtsverletzungen im Internet, Kommunikation und Recht 2011, Beihefter 2 Seltzer, Wendy, Free speech unmoored in copyright’s safe harbor: Chilling effects of the DMCA on the First Amendment, Harvard Journal of Law & Technology 2010, Vol. 24 No. 1, 171–232 Senftleben, Martin, The International Three-Step Test, A model provision for EC fair use legislation, Journal of Intellectual Property, Information Technology and Electronic Commerce Law 2010, 67–82 Sesing, Andreas, Anmerkung zur Entscheidung des BGH-Urteil vom 15.08.2013 (I ZR 80/12, MMR 2013, 733) – Zur Frage der Prüfungs- und Handlungspflichten für Sharehoster, MultiMedia und Recht 2013, 737–739 Sieber, Ulrich, Sperrverpflichtungen gegen Kinderpornografie im Internet, Juristenzeitung 2009, 653–662 Sieber, Ulrich/Nolde, Malaika, Sperrverfügungen im Internet, Territoriale Rechtsgeltung im globalen Cyberspace? (2008), http://www.mpicc.de/de/data/pdf/mpi_sperrv erfuegungen_pm-gutachten.pdf (last accessed on 17.05.2014) Sieber, Ulrich/Volkmann, Christian, Die öffentlich-rechtliche Störerhaftung der Access-Provider, Kommunikation & Recht 2002, 398–409 Simon, Charles, Les adresses IP sont des données personnelles selon le Conseil constitutionnel, Revue Lamy Droit de l'Immatériel 2009, No. 51, 114–115 Siry, Lawrence/Schmitz, Sandra, A right to be forgotten? – How recent developments in Germany may affect the internet publishers in the US, European Journal of Law and Technology, Vol.3, No. 1, 2012, 1–12 Smith, Joel/Burke, Sarah, Record companies win first round v The Pirate Bay in the United Kingdom but pirates remain at large: Dramatico Entertainment Ltd v British Sky Broadcasting Ltd, European Intellectual Property Review 2012, Vol. 34 Issue 6, 416–419 Smits, Catherine/Ligot, Johanne, Arrêt « L'Oréal » : clarifications sur le cadre légal des activités et des responsabilités des hébergeurs de sites internet, Journal de droit européen 2011, No. 184, 294–296 Solmecke, Christian, Darlegungs- und Beweislast in Filesharing-Verfahren – Eine Auswertung der Aktuellen Rechtsprechung, in: Taeger, Jürgen (ed.), Law as a Service (LaaS) – Recht im Internet- und Cloud-Zeitalter (2013), Band 1, pp. 447–459 Solmecke, Christian, LG Köln: Erstattung von Anwaltskosten einer (Massen-) Abmahnung wegen P2P-Urheberrechtsverletzung, MultiMedia und Recht 2008, 129–130 Solmecke, Christian, Wenn sich die Abmahnindustrie verzockt – Rechtsprobleme bei Massenabmahnungen im Internet, in: Taeger, Jürgen (ed.), Digitale Evolution – Herausforderungen für das Informations- und Medienrecht (2010), pp. 627–633 Solmecke, Christian/Bärenfänger, Jan, Urheberrechtliche Schutzfähigkeit von Dateifragmenten – Nutzlos = Schutzlos, MultiMedia und Recht 2011, 567–573 Solmecke, Christian/Rüther, Felix/Herkens, Thomas, Uneinheitliche Darlegungs- und Beweislast in Filesharing-Verfahren – Abweichen von zivilprozessualen Grundsätzen zu Gunsten der Rechteinhaber?, MultiMedia und Recht 2013, 217–221

764

List of References Spindler, Gerald, „Die Tür ist auf“ – Europarechtliche Zulässigkeit von Auskunftsansprüchen gegenüber Providern, Gewerblicher Rechtsschutz und Urheberrecht 2008, 574–577 Spindler, Gerald, Das Gesetz zum elektronischen Geschäftsverkehr – Verantwortlichkeit der Diensteanbieter und Herkunftslandprinzip, Neue Juristische Wochenschrift 2002, 921–927 Spindler, Gerald, Die zivilrechtliche Verantwortlichkeit von Internetauktionshäusern – Haftung für automatisch registrierte und publizierte Inhalte?, MultiMedia und Recht 2001, 737–743 Spindler, Gerald, Europarechtliche Rahmenbedingungen der Störerhaftung im Internet, Multimedia und Recht 2011, 703–707 Spindler, Gerald, Präzisierungen der Störerhaftung im Internet – Besprechung des BGH-Urteils „Kinderhochstühle im Internet” Gewerblicher Rechtsschutz und Urheberrecht 2011, 101–108 Stadler, Thomas, Kein erschwerter Zugang, MultiMedia und Recht 2009, 581–582 Stadler, Thomas, Sperrungsverfügungen gegen Access-Provider, MultiMedia und Recht 2002, 343–347 Stamatoudi, Irini, Ethics, reality and the Law – The example of Promusicae v Telefonica & LSG v Tele 2, Revue Hellénique de droit international 2010, 921–948 Stieper, Malte, Rezeptiver Werkgenuss als rechtmäßige Nutzung, MultiMedia und Recht 2012, 12–17 Strowel, Alain, La loi création et Internet : de la confirmation d’un ‘droit d’accès’ en droit d’auteur à l’analyse de la proportionalité de la réponse graduée, in : Institut de Recherche en Propriété Intellectuelle (ed.), Contrefaçon sur Internet : Les enjeux du droit d'auteur sur le Web 2.0 (2009), pp. 99–121 Strowel, Alain, The “Graduated Response” in France, in: Stamatoudi, Irini, Copyright enforcement and the Internet (2010), pp. 147–162 Sujecki, Bartosz, Wettbewerbsverstoß durch territoriale Exklusivitätsvereinbarungen bei Fußball-Übertragungen, Anmerkung, Neue Juristische Wochenschrift 2012, 214 Szuskin, Laurent/De Guillenschmidt, Maxime, L'arrêt « Promusicae » beaucoup de bruit pour rien?, Droit de l'immatériel : informatique, médias, communication 2008, No. 37, 6–8 Taylor, Mark/Haggerty, John/Gresty, David/Berry, Tom, Digital evidence from peer-topeer networks, Computer Law & Security Review 2011, Vol. 27, 647–652 Terré, François, Être ou ne pas être… responsable – À propos des prestataires de service par Internet, La Semaine Juridique – édition générale 2011, Nos. 43–44, 1943– 1948 Thoumyre, Lionel, La licence globale optionelle: un pare-feu contre le bugs de la repression, Revue Lamy Droit de l'Immateriél 2006, 80–84 Tibber, Andrew, Know your enemy, Magazine of the Society for Computers and Law 2008, Vol. 19 Issue 4, 1–3

765

List of References Tikk, Eneken, IP Addresses Subject to Personal Data Regulation, in: Tikk, Eneken/ Talihärm, Anna-Mari (eds.), International Cyber Security Legal & Policy Proceedings (2010), pp. 24–39 Tully, Stephen, A human right to access the Internet? Problems and Prospects, Human Rights Law Review 2014, Vol. 14, 175–195 Tyra, Frank, Ausgewählte Probleme aus der Abmahnpraxis bei Privatnutzungen in Musiktauschsystemen, Zeitschrift für Urheber- und Medienrecht 2009, 934–944 Usai, Andrea, The freedom to conduct a business in the EU, its limitations and its role in the European legal order: A new engine for deeper and stronger economic, social and political integration, German Law Journal 2010, Vol. 14 No. 9, 1867–1888 Vamialis, Anna, Online defamation: confronting anonymity, International Journal of Law and Information Technology 2013, Vol. 21 Issue 1, 31–65 van Eecke, Patrick/Truyens, Maarten, L'Oréal v eBay: Is the tide finally turning for hosting providers?, Computer und Recht 2011, 1–8 van Eecke, Patrick/Truyens, Maarten, L'Oréal v. eBay: The Court of Justice clarifies the position of online auction providers, Computer Law Review International 2011, Issue 5, 129–136 van Eimeren, Birgit/Gerhard, Heinz/Frees, Beate, ARD/ZDF-Online-Studie 2004, Internetverbreitung in Deutschland: Potenzial vorerst ausgeschöpft?, Media Perspektiven 2004, No. 8, 350–370 Venzke, Sven, Die Personenbezogenheit der IP-Adresse, Zeitschrift für Datenschutz 2011, 114–118 Verpeaux, Michel, Loi Hadopi 2, contrôle à double détente : 1. A propos de la décision du Conseil constitutionnel du 22 octobre 2009, La Semaine Juridique, Édition générale 2009, No. 46, 15–17 Verweyen, Urs, Grenzen der Störerhaftung in Peer to Peer-Netzwerken, MultiMedia und Recht 2009, 590–594 Vincents, Okechukwu Benjamin, When Rights Clash Online: The tracking of P2P copyright infringements vs. the EC Personal Data Directive, International Journal of Law and Information Technology 2011, Vol.16, No.3, 270–296 Volkmann, Christian, Aktuelle Entwicklungen in der Providerhaftung im Jahr 2013, Kommunikation & Recht 2014, 375–381 Völzmann-Stickelbrock, Barbara, BGH: Prüfpflichten für Sharehoster im Rahmen der Störerhaftung – File-Hosting-Dienst, Kommentierte BGH-Rechtsprechung Lindenmaier-Möhring 2013, 352737 von Lohmann, Fred, Measuring the Digital Millennium Copyright Act against the Darknet: Implications for the regulation of Technological Protection Measures, Loyola of Los Angeles Entertainment Law Review 2004, Vol. 24, 635–648 Voorhoof, Dirk, Freedom of expression and the right to information: Implications for copyright, in Geiger, Christophe (ed.), Research Handbook on Human Rights and Intellectual Property (2015), pp. 331 – 353 Wandtke, Artur-Axel/von Gerlach, Felix-Tessen, Die urheberrechtliche Rechtmäßigkeit der Nutzung von Audio-Video Streaminginhalten im Internet, Gewerblicher Rechtsschutz und Urheberrecht 2013, 676–683

766

List of References Wang, Xiaoyun/Yu, Hongbo, How to break MD5 and other hash functions, in: Cramer, Ronald (ed.), Advances in Cryptology – EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings, Lecture Notes in Computer Science Vol. 3494 (2005), pp. 19– 35 Wechsler, Andrea, Criminal enforcement of intellectual property law: an economic approach, in: Geiger, Christophe (ed.), Criminal enforcement of intellectual property (2012), pp. 128–150 Weinstein, Debra, Defining Expeditious: Uncharted territory of the DMCA safe harbor provision – A survey of what we know and do not know about the expeditiousness of service provider responses to takedown notifications, Cardozo Arts & Entertainment Law Journal 2009, Vol. 26, 589–621 Wilmer, Thomas, Überspannte Prüfpflichten für Host-Provider? – Vorschlag für eine Haftungsmatrix, 61 Neue Juristische Wochenschrift 2008, 1845–1851 Wolfgang Schulz/Thorsten Held/Arne Laudien, Search engines as gatekeepers of public communication: Analysis of the German framework applicable to Internet search engines including Media Law and Anti-trust Law, German Law Journal 2005, 1419–1432 Wood, Jessica A., The Darknet: A digital copyright revolution, Richmond Journal of Law & Technology 2010, Vol. 16 Issue 4, Article 14 Yu, Peter K., Six secret (and now open) fears of ACTA, Southern Methodist University Law Review 2011, Vol. 64 Issue 3975–1094 Yu, Peter K., Intellectual Property and Human Rights in the Nonmultilateral Era, Florida Law Review 2012, Vol. 64, 1045–1100 Yu, Peter K., The Graduated Response, Florida Law Review 2010, Vol 62, 1373–1430 Zentner, Alejandro, Measuring the effect of file sharing on music purchases, Journal of Law and Economics 2006, Vol. 49 Issue 1, 63–90 Government Materials and Official Documents Article 29 Data Protection Working Party, Opinion 01/2008 on Data Protection Issues related to Search Engines, 00737/EN, WP 148 of 04.04.2008, http://ec.europa.eu/ju stice/policies/privacy/docs/wpdocs/2008/wp148_en.pdf (last accessed on 17.05.2014) Article 29 Data Protection Working Party, Opinion 4/2007 on the Concept of Personal Data, 01248/07/EN, WP 136 of 20.06.2007, http://ec.europa.eu/justice/policies/priv acy/docs/wpdocs/2007/wp136_en.pdf (last accessed on 17.05.2014) Article 29 Data Protection Working Party, Statement of the Working Party on Current Discussions Regarding the Data Protection Reform Package (27.02.2013), http://ec. europa.eu/justice/data-protection/article-29/documentation/other-document/files/20 13/20130227_statement_dp_reform_package_en.pdf (last accessed on 17.05.2014) Article 29 Data Protection Working Party, WP 37: Privacy on the Internet – An integrated EU Approach to Online Data Protection, 5063/00/EN/FINAL, WP 37 of 21.11.2000 http://ec.europa.eu/justice/data-protection/article-29/documentation/opi nion-recommendation/files/2000/wp37_en.pdf (last accessed on 17.05.2014)

767

List of References Assemblée Nationale, Réponse à la Question écrite No. 3096, Journal Officiel de la Republique Francaise of 25.12.2012, 7918, http://questions.assemblee-nationale.fr/ q14/14-3096QE.htm (last accessed on 17.05.2014) Bundesministerium für Wirtschaft und Technologie, Gesamt-wirtschaftliche Perspektiven der Kultur- und Kreativwirtschaft in Deutschland, Forschungsbericht Nr. 577, http://www.kultur-kreativ-wirtschaft.de/Dateien/KuK/PDF/doku-577-gesamtwirtsc haftliche-perspektiven-kultur-und-kreativwirtschaft-kurzfassung,property=pdf,berei ch=kuk,sprache=de,rwb=true.pdf (last accessed on 15.05.2014) Bundesministerium für Wirtschaft und Technologie, Monitoring zu ausgewählten wirtschaftlichen Eckdaten der Kultur- und Kreativwirtschaft 2009, Forschungsbericht Nr. 589 (2010), http://www.creative.nrw.de/fileadmin/files/downloads/Publi kationen/589_BMWI_StudieKuK2009.pdf (last accessed on 15.05.2014) Bundesverband Musikindustrie, Musikindustrie in Zahlen 2009, http://www.musikindu strie.de/uploads/media/MiZ_2009_gesamt_01.pdf (last accessed on 30.04.2014) Bureau of the Convention, Draft Charter of Fundamental Rights of the European Union, New proposal for Articles 1 to 30 (Civil and political rights and citizens' rights) (05.05.2000), CHARTE 4284, Convent 28 Bureau of the Convention, Note from the Praesidium, Draft Charter of Fundamental Rights of the European Union, Text of the Explanations Relating to the Complete Text of the Charter as set out in CHARTE 4487/00 CONVENT 50 (11.10.2000), CHARTE 4473/00, Convent 49 Bureau of the Convention, Note from the Presidium, Draft Charter of Fundamental Rights of the European Union, New Proposal for Articles 1 to 12 (now 1 to 16) (08.03.2000), CHARTE 4149/00, Convent 13 Bureau of the Convention, Presidency Note, Draft Charter of Fundamental Rights of the European Union, Text of the explanations relating to the complete text of the Charter as set out in CHARTE 4422/00 CONVENT 45 (31.07.2000), CHARTE 4423/00, Convent 46 Commission of the European Communities, Commission Staff Working Document, Report to the Council, the European Parliament and the Economic and Social Committee on the application of Directive 2001/29/EC on the harmonisation of certain aspects of copyright and related rights in the information society (30.11.2007), SEC(2007) 1556, http://ec.europa.eu/internal_market/copyright/docs/copyright-infs o/application-report_en.pdf (last accessed on 30.04.2014) Commission of the European Communities, Green Paper, Copyright in the Knowledge Economy (16.07.2008), COM(2008) 466 final, http://eur-lex.europa.eu/LexUriServ/ LexUriServ.do?uri=COM:2008:0466:FIN:EN:PDF (last accessed on 30.04.2014) Commission of the European Parliament, First Report on the Application of Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on Certain Legal Aspects of Information Society Services, in particular Electronic Commerce, in the Internal Market (Directive on Electronic Commerce) COM(2003) 702 final, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2003:0702:FI N:EN:PDF (last accessed on 30.04.2014)

768

List of References Council of Europe, Internet: Case-Law of the European Court of Human Rights (June 2011), http://www.echr.coe.int/Documents/Research_report_Internet_ENG.pdf (last accessed on 05.05.2014) De Wolf & Partners, Study on the Application of Directive 2001/29/EC on Copyright and Related Rights in the Information Society (The “InfoSoc Directive”) (2013), http://ec.europa.eu/internal_market/copyright/docs/studies/131216_study_en.pdf (last accessed on 15.05.2014) Department for Culture, Media and Sport and Department for Business, Innovation and Skills, Digital Britain Report (2009), http://www.official-documents.gov.uk/doc ument/cm76/7650/7650.pdf (last accessed on 30.04.2014) Department of Trade and Industry, Consultation Document on Electronic Commerce Directive: the liability of Hyperlinkers, Location Tool Services and Content Aggregators (June 2005), http://www.berr.gov.uk/files/file13986.pdf (last accessed on 30.04.2014) Détraigne, Yves/Escoffier, Anne-Marie, Rapport d’information fait au nom de la Commission des lois constitutionnelles, de législation, du suffrage universel, du Règlement et d’administration générale, par le groupe de travail relatif au respect de la vie privée à l’heure des mémoires numériques (27.05.2009), http://www.senat.fr/rap /r08-441/r08-441.html (last accessed on 30.04.2014) Deutscher Bundesrat, Empfehlungen der Ausschüsse zum Gesetz zur Neuregelung der Telekommunikationsüberwachung und anderer verdeckter Ermittlungsmaßnahmen sowie zur Umsetzung der Richtlinie 2006/24/EC, Bundesratsdrucksache 798/1/07 (19.11.2007) Deutscher Bundestag, Bundestagsdrucksache 16/5048 (20.04.2007) Deutscher Bundestag, Dritter Zwischenbericht der Enquete-Kommission 'Internet und digitale Gesellschaft', Bundestagsdrucksache 17/7899 (23.11.2011) Deutscher Bundestag, Entwurf eines Gesetzes zur Produktpiraterie, Bundestagsdrucksache 11/4792 (15.06.1989) Deutscher Bundestag, Entwurf eines Zweiten Gesetzes zur Regeleung des Urheberrechts in der Informationsgesellschaft, Bundestagsdrucksache 16/1828 (05.06.2006) Edwards, Lilian, Role and responsibility of Internet intermediaries in the field of copyright and related rights (2011), http://www.wipo.int/export/sites/www/copyright/en/ doc/role_and_responsibility_of_the_Internet_intermediaries_final.pdf (last accessed on 17.05.2014) Espinel, Victoria / Chopra, Aneesh / Schmidt, Howard, Combating online piracy while protecting an open and innovative Internet: Official White House response to stop the E-PARASITE Act (2012), https://wwws.whitehouse.gov/petition-tool/response/ combating-online-piracy-while-protecting-open-and-innovative-internet (last accessed: 12.07.2012) Espinel, Victoria/Chopra, Aneesh/Schmidt, Howard, Combating online piracy while protecting an open and innovative Internet, Official White House response to the petitions “Stop the E-Parasite Act” and “VETO the SOPA bill and any other future bills that threaten to diminish the free flow of information” (14.01.2012), https://pet itions.whitehouse.gov/response/combating-online-piracy-while-protecting-open-and -innovative-internet (last accessed on 06.06.2014)

769

List of References EU Commission, Code of EU online rights (2012), https://ec.europa.eu/digital-agenda/ sites/digital-agenda/files/Code%20EU%20online%20rights%20EN%20final%202.p df (last accessed on 30.04.2014) EU Network of Independent Experts on Fundamental Rights, Commentary of the Charter of Fundamental Rights of the European Union (June 2006), http://ec.europa.eu/j ustice/fundamental-rights/files/networkcommentaryfinal_en.pdf, Article 7 CFR (last accessed on 30.04.2014) European Commission, Antitrust: Commission obtains from Google comparable display of specialised search rivals, Press release of 05.02.2014, http://europa.eu/rapid/ press-release_IP-14-116_en.htm (last accessed on 06.06.2014) European Commission, Civil enforcement of intellectual property rights: public consultation on the efficiency of proceedings and accessibility of measures, consultation period 30.11.2012 to 30.03.2013 (July 2013), http://ec.europa.eu/internal_mark et/consultations/docs/2012/intellectual-property-rights/questionnaire_en.pdf (last accessed on 06.06.2014) European Commission, Communication from the Commission to the Council, the European Parliament and the European Economic and Social Committee, The Management of Copyright and Related Rights in the Internal Market, COM(2004) 0261 final, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52004DC02 61:EN:NOT (last accessed on 06.06.2014) European Commission, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A Single Market for intellectual property rights – Boosting creativity and innovation to provide economic growth, high quality jobs and first class products and services in Europe, Com(2011) 287 final, http://ec.europa.eu/internal_ market/copyright/docs/ipr_strategy/COM_2011_287_en.pdf (last accessed on 30.04.2014) European Commission, DG Internal Market and Services, Civil enforcement of intellectual property rights: Public Consultation of the efficiency of proceedings and accessibility of measures, synthesis of the responses (July 2013), http://ec.europa.eu /internal_market/consultations/docs/2012/intellectual-property-rights/summary-of-r esponses_en.pdf (last accessed on 30.04.2014) European Commission, DG Internal Market and Services, Study on Online Copyright Enforcement and Data Protection in Selected Member States (November 2009), http://ec.europa.eu/internal_market/iprenforcement/docs/study-online-enforcement_ en.pdf (last accessed on 30.04.2014) European Commission, Directive on collective management of copyright and related rights and multi-territorial licensing - frequently asked questions, MEMO/14/79 of 04.02.2014, http://europa.eu/rapid/press-release_MEMO-14-79_en.pdf (last accessed on 06.06.2014) European Commission, Evidence Dossier – Evidence for Necessity of Data Retention in the EU (2013) http://ec.europa.eu/dgs/home-affairs/pdf/policies/police_cooperati on/evidence_en.pdf (last accessed on 30.04.2014)

770

List of References European Commission, Proposal for a Directive of the European Parliament and of the Council on measures and procedures to ensure the enforcement of intellectual property rights, COM (2003) 46 final (20.01.2003), http://eur-lex.europa.eu/LexUriServ/ LexUriServ.do?uri=COM:2003:0046:FIN:EN:PDF (last accessed on 30.04.2014) European Commission, Proposal for a European Parliament and Council Directive on criminal measures aimed at ensuring the enforcement of intellectual property rights, COM(2005) 276 final (12.07.2005), http://www.europarl.europa.eu/registre/docs_a utres_institutions/commission_europeenne/com/2005/0276/COM_COM%282005% 290276_EN.pdf (last accessed on 06.06.2014) European Commission, Proposal for a revision of the Directive on the enforcement of intellectual property rights (Directive 2004/48/EC), http://ec.europa.eu/smart-regula tion/impact/planned_ia/docs/2011_markt_006_review_enforcement_directive_ipr_e n.pdf (last accessed on 06.06.2014) European Commission, Report from the Commission to the Council and the European Parliament, Evaluation Report on the Data Retention Directive (Directive 2006/24/ EC), Com(2011) 225 final (18.04.2011), http://eur-lex.europa.eu/LexUriServ/LexUr iServ.do?uri=COM:2011:0225:FIN:en:PDF (last accessed on 30.04.2014) European Commission, Strategy for the enforcement of intellectual property rights in third countries, OJ C 129 (26.05.2005), pp. 3–16. http://trade.ec.europa.eu/doclib/d ocs/2010/december/tradoc_147070.pdf (last accessed on 06.06.2014) European Commission, Synthesis of Comments on the Commission Report on the Application of Directive 2004/48/EC of the European Parliament and the Council of 29 April 2004 on the Enforcement of Intellectual Property Rights (July 2011), COM(2010) 779 final, http://ec.europa.eu/internal_market/consultations/docs/2011/ intellectual_property_rights/summary_report_replies_consultation_en.pdf (last accessed on 30.04.2014) European Commission, Synthesis of the responses “Civil enforcement of intellectual property rights: public consultation on the efficiency of proceedings and accessibility of measures” (July 2013), http://ec.europa.eu/internal_market/consultations/docs/ 2012/intellectual-property-rights/summary-of-responses_en.pdf (last accessed on 30.04.2014) European Convention, Working Group II "Intégration de la Charte/adhésion à la CEDH", Speaking note of M. le juge Vassilios Skouris (17.09.2002), http://european-convention.eu.int/ docs/wd2/3063.pdf (last accessed on 30.04.2014) European Data Protection Supervisor, Opinion of the European Data Protection Supervisor on the current negotiations by the European Union of an Anti-Counterfeiting Trade Agreement (ACTA), OJ C 147 (05.06.2010), 1, http://eur-lex.europa.e u/LexUriServ/LexUriServ.do?uri=OJ:C:2010:147:0001:0013:EN:PDF (last accessed on 30.04.2014) European Observatory on Counterfeiting and Piracy, Evidence and right of information in Intellectual Property Rights (2010), http://ec.europa.eu/internal_market/ipren forcement/docs/evidence_en.pdf. (last accessed on 30.04.2014) European Parliament, ACTA before the European Parliament, press release Ref. no. 20120217BKG38488 of 04.06.2012, http://www.europarl.europa.eu/news/en/pressr oom/content/20120217BKG38488/ht (last accessed on 06.06.2014)

771

List of References European Parliament, DG for Internal Policies, Policy Department C: Citizens' Rights and Constitutional Affairs, File Sharing (2011), http://www.ivir.nl/publications/van eijk/pe432775_en-rev-fin.pdf (last accessed on 15.05.2014) European Parliament, Freedom of expression on the Internet, resolution, P6_TA(2006)0324 (6.07.2006), http://www.europarl.europa.eu/sides/getDoc.do?typ e=TA&reference=P6-TA-2006-0324&language=EN European Parliament, Legislative resolution of 4 February 2014 on the proposal for a directive of the European Parliament and of the Council on collective management of copyright and related rights and multi-territorial licensing of rights in musical works for online uses in the internal market (COM(2012) 0372 – C7-0183/2012 – 2012/0180(COD)), http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP// TEXT+TA+P7-TA-2014-0056+0+DOC+XML+V0//EN (last accessed on 06.06.2014) European Telecommunications Standards Institute, ETSI TS 101 331 (August 2001), http://www.etsi.org/deliver/etsi_ts/101300_101399/101331/01.01.01_60/ts_101331 v 010101p.pdf (last accessed on 15.05.2014) Executive Office of the President of the United States, US Intellectual Property Enforcement Coordinator, Joint Strategic Plan on Intellectual Property Enforcement (June 2010), http://www.whitehouse.gov/sites/default/files/omb/assets/intellectualpr operty/intellectualproperty_strategic_plan.pdf (last accessed on 06.06.2014) Gowers, Andrew, Gowers Review of Intellectual Property (December 2006), http:// www.official-documents.gov.uk/document/other/0118404830/0118404830.pdf (last accessed on 30.04.2014) HADOPI, 2010 Activity Report (2011), http://hadopi.fr/sites/default/files/page/pdf/Had opi_Rapportannuel_ENG.pdf (last accessed on 30.04.2014) HADOPI, Biens culturels et usages d’Internet : pratiques et perceptions des internautes français (January 2013), http://hadopi.fr/sites/default/files/page/pdf/HADOPI-1601 13-BU2-Complet.pdf (last accessed on 30.04.2014) HADOPI, HADOPI – 1 ½ year after the launch (March 2012), http://www.hadopi.fr/sit es/default/files/page/pdf/note17_en.pdf (last accessed on 30.04.2014) HADOPI, Rapport Annuel 2012/2013 (2013), http://www.hadopi.fr/sites/default/files/p age/pdf/HADOPI_RapportAnnuel_2013.pdf (last accessed on 30.04.2014) HADOPI, Réponse graduée – Les chiffres clés (06.11.2013), http://www.hadopi.fr/site s/default/files/Chiffres_reponsegraduee_Octobre2013.pdf (last accessed on 30.04.2014) Hargreaves, Ian, Digital Opportunity, A Review of Intellectual Property and Growth (2011), http://www.ipo.gov.uk/ipreview-finalreport.pdf (last accessed on 15.05.2014) HM Government, Modernising Copyright: A modern, robust and flexible framework, Government Response to Consultation on Copyright Exceptions and Clarifying Copyright Law (December 2012), http://www.ipo.gov.uk/response-2011-copyrightfinal.pdf (last accessed on 30.04.2014)

772

List of References House of Commons, Digital Economy Act: Copyright, Standard Note: SN/HA/5515 (28.06.2013), www.parliament.uk/briefing-papers/sn05515.pdf (last accessed on 30.04.2014) House of Lords, Hansard, Debate 18.01.2010, http://www.publications.parliament.uk/p a/ld200910/ldhansrd/text/100118-0004.htm#1001185000078 (last accessed on 30.04.2014) House of Lords, House of Commons, Joint Committee on Human Rights, Legislative Scrutiny: Digital Economy Bill, Fifth Report of Session 2009-10, HL Paper 44 = HC 327 (05.02.2010), http://www.publications.parliament.uk/pa/jt200910/jtselect/jt rights/44/44.pdf (last accessed on 30.04.2014) House of Representatives, Digital Millennium Copyright Act of 1998, Report, H.R. Rep. No. 105–551, Part II, 49 (1998), http://frwebgate.access.gpo.gov/cgi-bin/ getdoc.cgi?dbname =105_cong_reports&docid=f:hr551p2.105.pdf (last accessed on 30.04.2014) International Telecommunication Union, Understanding Cybercrime: A guide for developing countries (April 2009), http://www.itu.int/dms_pub/itu-d/oth/01/0B/D01 0B0000073301PDFE.pdf (last accessed on 30.04.2014) Joint Committee on Human Rights, Legislative Scrutiny: Digital Economy Bill, Fifth Report of Session 2009 – 10, http://www.publications.parliament.uk/pa/jt200910/jts elect/jtrights/44/44.pdf (last accessed on 15.05.2014) Kuner, Christoper/Burton, Cédric/Hladjk, Jörg/Proust, Oliver, Study on online copyright enforcement and data protection in selected Member States (November 2009), http://ec.europa.eu/internal_market/iprenforcement/docs/study-online-enforcement_ en.pdf (last accessed on 15.05.2014) Lescure, Pierre, Culture-acte 2, Mission « Acte II de l’exception culturelle », Contribution aux politiques culturelles à l’ére numérique (May 2013), http://www.culturec ommunication.gouv.fr/content/download/67159/514925/version/1/file/Rapport_Les cure.pdf (last accessed on 30.04.2014) Macovei, Monica, Freedom of Expression, Council of Europe Human Rights Handbooks, No. 2 (2nd ed. 2004), http://www.coe.int/t/dgi/publications/hrhandbooks/HR HAND-02%282004%29_en.pdf (last accessed on 20.04.2013) Ministère de la Culture et de la Communication, Publication du décret supprimant la peine complémentaire de la suspension d’accès á Internet, Press release (09.07.2013), http://culturecommunication.gouv.fr/Espace-Presse/Communiques/Pu blication-du-decret-supprimant-la-peine-complementaire-de-la-suspension-d-accesa-Internet (last accessed on 30.04.2014) OECD, Directorate for Science, Technology and Industry, Committee for Information, Computer and Communications Policy, Working Party on the Information Economy, Participative Web: User-Created Content (12.04.2007), DSTI/ICCP/IE(2006)7/ FINAL, http://www.oecd.org/sti/38393115.pdf (last accessed on 30.04.2014) OECD, Magnitude of counterfeiting and piracy of tangible products – November 2009 update, http://www.oecd.org/document/23/0,3343,en_2649_34173_44088983_1_1_ 1_1,00.html (last accessed on 30.04.2014)

773

List of References Ofcom, “Site Blocking” to reduce online copyright infringement: A review of sections 17 and 18 of the Digital Economy Act (2011), http://stakeholders.ofcom.org.uk/bina ries/internet/site-blocking.pdf (last accessed 30.04.2014) Office of the High Commissioner for Human Rights, General Comment No. 16: The right to respect of privacy, family, home and correspondence, and protection of honour and reputation (Article 17), CCPR General Comment No. 16 (08.04.1988) Parliament, Hansard (House of Commons), Column 1142 (07.04.2010), http://www.pu blications.parliament.uk/pa/cm200910/cmhansrd/cm100407/debtext/100407-0032.h tm (last accessed 30.04.2014) Parliament, Select Committee on Culture, Media and Sport, Memorandum submitted by Dr Richard Clayton (2008), http://www.publications.parliament.uk/pa/cm20070 8/cmselect/cmcumeds/353/353we05.htm (last accessed 17.05.2014) Praesidium of the European Convention, Explanations relating to the Charter, OJ C 303 (14.12.2007), 17–35, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri= OJ:C:2007:303:0017:0035:EN:PDF (last accessed 17.05.2014) Schwartmann, Rolf, Vergleichende Studie über Modelle zur Versendung von Warnhinweisen durch Internet-Zugangsanbieter an Nutzer bei Urheberrechtsverletzungen, Studie im Auftrag des Bundesministerium für Wirtschaft und Technologie (Januar 2012), http://bmwi.de/BMWi/Redaktion/PDF/Publikationen/Technologie-und-Inno vation/warnhinweise-lang,property=pdf,bereich=bmwi,sprache=de,rwb=true.pdf (last accessed on 06.05.2014) Sénat, Explanatory Memorandum, Projet de loi favorisant la diffusion et la protection de la création sur Internet, Annexe au procès-verbal de la séance du 18.06.2008, http://www.senat.fr/leg/pjl07-405.html (last accessed 30.04.2014) Senate, Digital Millennium Copyright Act, S. Rep. No. 105-190, (1998), http://frwebg ate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=105_cong_reports&docid=f:sr190.1 05.pdf (last accessed 30.04.2014) Söndermann, Michael / Backes, Christoph / Arndt, Olaf, Gesamtwirtschaftliche Perspektiven der Kultur- und Kreativwirtschaft in Deutschland, Bundesministerium für Wirtschaft und Technologie, Forschungsbericht Nr. 577 (2009), http://www.kultur-k reativ-wirtschaft.de/Dateien/KuK/PDF/doku-577-gesamtwirtschaftliche-perspektive n-kultur-und-kreativwirtschaft-kurzfassung,property=pdf,bereich=kuk,sprache=de,r wb=true.pdf (last accessed on 17.05.2014) United Nations Conference on Trade and Development, Information Economy Report 2005, UNCTAD/SDTE/ECB/2005/1, http://www.unctad.org/en/docs/sdteecb20051 ch6_en.pdf (last accessed on 30.04.2014) United Nations Human Rights Committee, General comment No. 34. Article 19: Freedoms of opinion and expression, CCPR/C/GC/34 (21.07.2011), http://www2.ohchr. org/english/bodies/hrc/docs/gc34.pdf (last accessed 30.04.2014) United Nations Human Rights Council, Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue (16.05.2011), A/HRC/17/27, http://www2.ohchr.org/english/bodies/hrcouncil/d ocs/17session/A.HRC.17.27_en.pdf (last accessed 30.04.2014)

774

List of References United States Department of Justice, Justice Department Charges Leaders of Megaupload with Widespread Online Copyright Infringement, Press release of 29.01.2012, http://www.justice.gov/opa/pr/2012/January/12-crm-074.html (last accessed 17.05.2014) United States Government Accountability Office, Observations on Efforts to Quantify the Economic Effects of Counterfeit and Pirated Goods, Report to Congressional Committees (12.04.2010) http://www.gao.gov/new.items/d10423.pdf (last accessed on 15.05.2014) US Senate, Committee on the Judiciary, Statement from Chairman Smith on Senate Delay of Vote on PROTECT IP Act, Senate press release of 20.01.2012, http://judic iary.house.gov/index.cfm/2012/1/statementfromchairmansmithonsenatedelayofvote onprotectipact (last accessed on 06.06.2014) Other Sources Aereo, Statement from Aereo CEO and founder Chet Kanoja, Press release of 10.01.2014, http://blog.aereo.com/2014/01/statement-aereo-ceo-founder-chet-kanoji a-2/ (last accessed on 17.05.2014) AFP, HADOPI : Première condamnation d’un internaute, Libération (13.09.2012), http://www.liberation.fr/cultuere/2012/09/13/premiere-condamnation-d-un-internau te-dans-le-cadre-de-hadopi_846042 (last accessed on 17.05.2014) Algemene Vereniging van Beroepsjournalisten in Belgie et al., Open letter to President Dean Spielmann of 13.01.2014, www.mediadefence.org/sites/default/files/DelfiSup portLetter.pdf (last accessed 05.05.2014). Anderson, Nate, Darknets and the future of P2P investigators, Ars Technica (05.03.2009), http://arstechnica.com/tech-policy/2009/03/the-new-version-of-p2p/ (last accessed on 17.05.2014) Apple, Apple reports second quarter results, net profit increases 94 % year-over-year, Press release (24.04.2012), http://www.apple.com/pr/library/2012/04/24Apple-Rep orts-Second-Quarter-Results.html (last accessed 30.04.2014) Arthur, Charles, Are downloads really killing the music industry? Or is it something else?, The Guardian (09.06.2009), http://www.theguardian.com/news/datablog/200 9/jun/09/games-dvd-music-downloads-piracy (last accessed on 17.05.2014) Arthur, Charles/Dredge, Stuart, Google ads to be blocked from sites offering pirated content, The Guardian (16.07.2013), http://www.theguardian.com/technology/2013/ jul/16/google-ads-block-pirated-content (last accessed on 06.06.2014) Ball, James/Borger, Julian/Greenwald, Glenn, Revealed: How US and UK spy agencies defeat Internet piracy and security, The Guardian (06.09.2013), http://www.the guardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security/print (last accessed on 17.05.2014) Bangemann, Eric, Pass or fail? RIAA's college litigation campaign turns one, Ars Technica (28.02.2008), http://arstechnica.com/tech-policy/2008/02/riaa-college-law suit-anniversary/ (last accessed on 17.05.2014)

775

List of References Barnett, Emma, Wikipedia founder Jimmy Wales defends SOPA protest blackout, The Telegraph (17.01.2012), http://www.telegraph.co.uk/technology/wikipedia/9020053 /Wikipedia-founder-Jimmy-Wales-defends-SOPA-protest-blackout.html (last accessed on 17.05.2014) BBC News, Music fans back legal downloads, BBC News (12.10.2008), http://news.bb c.co.uk/2/hi/technology/7664088.stm (last accessed on 17.05.2014) BBC News, UK piracy warning letters delayed until 2015, BBC News (06.06.2013), http://www.bbc.com/news/technology-22796723 (last accessed on 17.05.2014) BBC World Service, Four in five regard Internet access as a fundamental right: global poll, BBC News (08.03.2010), www.bbc.co.uk/pressoffice/pressreleases/stories/201 0/03_march/07/poll.shtml (last accessed on 17.05.2014) Beckedahl, Markus/Lüke, Falk, Wie die Musikbranche zum Internet-gegner wurde, Der Spiegel Online (23.05.2012), http://www.spiegel.de/netzwelt/netzpolitik/die-di gitale-gesellschaft-ein-buchauszug-a-834398.html (last accessed on 15.05.2014) Berry, Philippe, LOPPSI 2 donne les pleins pouvoirs au ministère de l'Intérieur pour censurer le Net, 20 minutes (21.12.2010), http://www.20minutes.fr/web/642783-we b-loppsi-2-donne-pleins-pouvoirs-ministere-interieur-censurer-net (last accessed on 17.05.2014) Bitkom, Trend zu Musik-Streaming per Internet, Press release of 10.07.2012, http://ww w.bitkom.org/files/documents/BITKOM-Presseinfo_Musik-Streaming_10_07_2012 %281%29.pdf (last accessed on 17.05.2014) BitTorrent Inc., BitTorrent, inc. grows to over 100 million active monthly users (03.01.2011), Business Wire, http://www.businesswire.com/news/home/201101030 05337/en/BitTorrentGrows-100-Million-Active-Monthly-Users (last accessed on 17.05.2014) Bleich Holger, Die Abmahn-Industrie – Wie mit dem Missbrauch des Urheberrechts Kasse gemacht wird, c´t 2010, Issue 1, 154–156 Bleich, Holger, Briefkasten-Ermittlungen, c't 2014, Issue 5, 28, http://www.heise.de/ct/ heft/2014-5-Pornostreaming-Richter-geben-Fehler-in-Auskunftsverfahren-zu-21071 27.html (last accessed on 15.05.2014) Bleich, Holger/Heidrich, Joerg/Stadler, Thomas, Schwierige Gegenwehr – Was tun bei unberechtigten Filesharing-Abmahnungen?, c´t 2010, Issue 19, http://www.heise.de /ct/artikel/Schwierige-Gegenwehr-1069835.html (last accessed on 15.05.2014) Bleich, Holger/Kossel, Axel, Verschleierungstaktik: Die Argumente für KinderpornoSperren laufen ins Leere, Der Spiegel online (17.04.2009), http://www.spiegel.de/n etzwelt/web/verschleierungstaktik-die-argumente-fuer-kinderporno-sperren-laufen-i ns-leere-a-619505.html (last accessed on 17.05.2014) Blocman, Amélie, Adoption of the Act on Copyright and Neighbouring Rights in the Information Society (2006), http://merlin.obs.coe.int/iris/2006/7/article20.en.html (last accessed on 17.05.2014) Blocman, Amélie, Illegal downloading: Penalty of refusing Internet access abolished, IRIS 2013-8:1/16, http://merlin.obs.coe.int/iris/2013/8/article16.en.html (last accessed on 17.05.2014)

776

List of References Brauck, Markus/Hülsen, Isabell/Kühn, Alexander/Nezik, Ann-Kathrin, Was glotzen Sie so?, Der Spiegel online (13.01.2014), http://www.spiegel.de/spiegel/print/d-124381 357.html (last accessed on 17.05.2014) Bright, Martin, BT puts block on child porn sites, The Observer (06.06.2004), http://w ww.theguardian.com/technology/2004/jun/06/childrensservices.childprotection (last accessed on 17.05.2014) Brignall, Miles, File sharers targeted with legal action over music downloads, The Guardian (17.07.2010), http://www.theguardian.com/money/2010/jul/17/file-sharer s-legal-action-music-downloads (last accessed on 17.05.2014) British Record Music Industry (BPI), Digital Music Nation 2013, the UK’s legal and illegal digital music landscape (2013), http://www.bpi.co.uk/assets/files/BPI_Digita l_Music_Nation_2013.PDF (last accessed on 17.05.2014) Business Wire, BitTorrent, Inc. grows to over 100 million active monthly users, Business Wire (03.01.2011), http://www.businesswire.com/news/home/2011010300533 7/en/BitTorrent-Grows-100-Million-Active-Monthly-Users (last accessed on 17.05.2014) Business Wire, Strategy Analytics: A Quarter of Households Worldwide Now Have Wireless Home Networks, Business Wire (04.04.2012), http://www.businesswire.co m/news/home/20120404006331/en/Strategy-Analytics-Quarter-Households-World wide-Wireless-Home (last accessed on 15.05.2014) Champeau, Guillaume, Le transfert HADOPI > CSA n’est “plus l’axe prioritaire”, Numerama.com (19.02.2015), http://www.numerama.com/magazine/32267-le-trans fert-hadopi-csa-n-est-plus-l-axe-prioritaire.html (last accessed on 07.07.2015) Chmielewski, Dawn C., Report links Google, Yahoo to Internet piracy sites, LA Times (02.01.2013), http://articles.latimes.com/2013/jan/02/entertainment/la-et-ct-piracy-a ds-20130102 (last accessed on 06.06.2014) Cisco Systems Inc., Cisco Visual Networking Index: Forecast and Methodology, 2012– 2017 (2013), http://www.cisco.com/c/en/us/solutions/collateral/service-provider/ipngn-ip-next-generation-network/white_paper_c11-481360.pdf (last accessed on 17.05.2014) Columbus, Simon, French Government plans to extend internet censorship, OpenNet Initiative (21.06.2011), https://opennet.net/blog/2011/06/french-government-plans-e xtend-internet-censorship (last accessed on 17.05.2014) Conseil National du Numérique, Avis n° 2 du Conseil National du Numérique relatif au projet de décret pris pour l’application de l’article 18 de la loi pour la confiance dans l’économie numérique (20.06.2011), http://www.cnnumerique.fr/wp-content/u ploads/2012/02/2011-06-20_CP_LCENArticle8.pdf (last accessed on 17.05.2014). Consumer Focus, Consumer Focus Submission to the Secondary Legislation Scrutiny Committee on the Digital Economy Cost Sharing Order (July 2012), http://www.co nsumerfocus.org.uk/files/2010/10/Consumer-Focus-submission-to-the-Secondary-le gislation-Scrutiny-Committee-on-the-Digital-Economy-cost-sharing-order.pdf (last accessed on 17.05.2014) Consumer Focus, Outdated copyright law confuses consumers, press release (24.02.2010), http://www.consumerfocus.org.uk/news/outdated-copyright-law-conf uses-consumers (last accessed on 15.05.2014)

777

List of References Coslin, Christelle/Gateau, Christine, No 'stay down' obligation for hosting providers in France, Society for Computers and Law (02.07.2013), http://www.scl.org/site.aspx? i=ed32661 (last accessed on 17.05.2014) Cowell, Simon/Daltrey, Roger/Professor Green/John, Elton/Lloyd-Webber, Andrew/ May, Brian/ Plant, Robert/Taylor, Roger/Tinie Tempah/Townshend, Pete, Musicians need strong copyright laws to excel globally, The Telegraph (24.07.2012), http://ww w.telegraph.co.uk/comment/letters/9421416/Musicians-need-strong-copyright-laws -to-excel-globally.html (last accessed on 06.06.2014) Crocker, Steve/Dagon, David/Kaminsky, Dan/McPherson, Danny/Vixie, Paul, Security and other technical concerns raised by the DNS filtering requirements in the PROTECT IP Bill (May 2011), http://domainincite.com/docs/PROTECT-IP-TechnicalWhitepaper-Final.pdf (last accessed: 12.06.2012) Darnstädt, Thomas, Wem gehören die Gedanken? Der Spiegel online (21.05.2012), http://www.spiegel.de/spiegel/urheberrecht-a-833984.html (last accessed on 17.05.2014) Der Spiegel, Erpressung im Internet: 21-jähriger Münchner zu Facebook-Verbot verurteilt, Der Spiegel online (25.03.2014), http://www.spiegel.de/panorama/justiz/ muenchner-zu-facebook-verbot-verurteilt-a-960688.html (last accessed on 17.05.2014) Eckersley, Peter/Higgins, Parker, An Open Letter From Internet Engineers to the U.S. Congress, EFF (15.12.2011), https://www.eff.org/deeplinks/2011/12/internet-invent ors-warn-against-sopa-and-pipa (last accessed on 06.06.2014) Eco, 300.000 Adressen pro Monat: erfolgreicher Kampf gegen illegale Downloads, Press release (31.05.2011), http://www.eco.de/verband/202_9137.htm (last accessed 16.06.2011) Electronic Frontier Foundation, Lawrence Lessig settles fair use lawsuit over Phoenix music snippets, EFF press release of 27.02.2014, https://www.eff.org/press/releases /lawrence-lessig-settles-fair-use-lawsuit-over-phoenix-music-snippets (last accessed on 06.06.2014) Electronic Frontier Foundation, Lawrence Lessig strikes back against bogus copyright takedown, EFF press release of 22.08.2013, https://www.eff.org/press/releases/lawr ence-lessig-strikes-back-against-bogus-copyright-takedown (last accessed on 06.06.2014) Electronic Frontier Foundation, Lenz v Universal, https://www.eff.org/cases/lenz-v-un iversal (last accessed on 06.06.2014) Electronic Frontier Foundation, RIAA v. the People: Five years later (2008), https://w ww.eff.org/files/eff-riaa-whitepaper.pdf (last accessed on 15.05.2014) Enigmax (= Maxwell, Andy), Which are the best anonymous VPN providers, TorrentFreak (07.10.2011), http://torrentfreak.com/which-vpn-providers-really-take-anonym ity-seriously111007/ (last accessed on 15.05.2014) Enigmax, Rapidshare: Traffic and piracy dipped after new business model kicked in, TorrentFreak (09.01.2013), http://torrentfreak.com/rapidshare-traffic-and-piracy-dip ped-after-new-business-model-kicked-in-130109/ (last accessed on 06.06.2014)

778

List of References Enigmax/Ernesto, Review: Is your VPN service really anonymous?, TorrentFreak (02.01.2014), http://torrentfreak.com/vpn-services-that-take-your-anonymity-seriou sly-2013-edition/ (last accessed on 17.05.2014) Envisional, Technical Report: An Estimate of Infringing Use of the Internet (2011), http://documents.envisional.com/docs/Envisional-Internet_Usage-Jan2011.pdf (last accessed on 15.05.2014) Ernesto (= Renkema, Lennart), Anonymous, decentralized and uncensored file-sharing is booming, TorrentFreak (03.03.2012), https://torrentfreak.com/anonymous-decentr alized-and-uncensored-file-sharing-is-booming-120302/ (last accessed on 15.05.2014) Ernesto, BitTorrent's Future? DHT, PEX and magnet Links explained, TorrentFreak (20.11.2009), http://torrentfreak.com/bittorrents-future-dht-pex-and-magnet-links-e xplained-091120/ (last accessed on 17.05.2014) Ernesto, BTGuard review: How does it work?, TorrentFreak (19.01.2013), http://torren tfreak.com/make-bittorrent-transfers-anonymous-with-btguard-100419/ (last accessed on 17.05.2014) Ernesto, Leaked emails reveal profits of anti-piracy cash scheme, TorrentFreak (26.09.2010), http://torrentfreak.com/leaked-emails-reveal-profits-of-anti-piracy-ca sh-scheme-100926/ (last accessed on 15.05.2014) Ernesto, Pirate parties plan to shoot torrent site into orbit, TorrentFreak (20.10.2010), http://torrentfreak.com/pirate-parties-plan-to-shoot-torrent-site-into-orbit-101020/ (last accessed on 17.05.2014) Ernesto, The Pirate Bay adds domain to bypass court order, TorrentFreak (05.10.2011), https://torrentfreak.com/the-pirate-bay-adds-domain-to-bypass-court-order-111005/ (last accessed on 17.05.2014) Ernesto, The Pirate Bay, now without torrents, TorrentFreak (28.02.2012), https://torre ntfreak.com/the-pirate-bay-dumps-torrents-120228/ (last accessed on 17.05.2014) Ernesto, When pirates become copyright cash cows, Torrentfreak.com (30.08.2009), http://torrentfreak.com/when-pirates-become-copyright-cash-cows-090830/ (last accessed on 15.05.2014) European Digital Rights, ACTA fact sheet, EDRi (02.02.2012), http://www.edri.org/A CTAfactsheet (last accessed on 06.06.2014) Farivar, Cyrus, After sailing the domain name seas, Pirate Bay returns to Sweden, ars technica (19.12.2013), http://arstechnica.com/tech-policy/2013/12/after-sailing-thedomain-name-seas-pirate-bay-returns-to-sweden/ (last accessed on 17.05.2014) Fisher, David, Dotcom trial may not occur, The New Zealand Herald (21.04.2012), http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10800409 (last accessed on 17.05.2014) Fisher, Ken, Students largely ignore RIAA instant settlement offers, Ars technica (26.03.2007), http://arstechnica.com/tech-policy/2007/03/students-largely-ignore-ri aa-instant-settlement-offers/ (last accessed on 17.05.2014) Fleishman, Glenn, Cartoon Captures Spirit of the Internet, The New York Times (14.12.2000), http://www.nytimes.com/2000/12/14/technology/14DOGG.html (last accessed on 17.05.2014)

779

List of References GfK Consumer Panel, Studie zur digitalen Content-Nutzung (DCN-Studie) 2011 (2011), http://www.musikindustrie.de/uploads/media/DCN-Studie_2011_Pressevers ion_FINAL.pdf (last accessed on 15.05.2014) Gillmor, Dan, The Bruce Willis dilemma? In the digital era, we own nothing, The Guardian (03.09.2012), http://www.theguardian.com/commentisfree/2012/sep/03/br uce-willis-dilemmadigital-era-own-nothing (last accessed on 06.06.2014) Google, Google Transparency Report (updated weekly), http://www.google.com/transp arencyreport/removals/copyright/domains/?r=last-year (last accessed on 05.05.2014) Google/PRS for Music/BAE Systems Detica, The six business models for copyright infringement (27.06.2012), http://www.prsformusic.com/aboutus/policyandresearch /researchandeconomics/Documents/TheSixBusinessModelsofCopyrightInfringemen t.pdf (last accessed on 06.06.2014) Gröflin, Simon, RapidShare ohne Führung und Angestellte, PC Tipp (25.02.2014), http://www.pctipp.ch/news/firmen/artikel/rapidshare-ohne-fuehrung-und-angestellte -70690/ (last accessed on 06.06.2014) Guillemin, Gabrielle, Case Law, Strasbourg: Delfi AS v Estonia: Court strikes serious blow to free speech online, Inform's blog (15.10.2013), http://inforrm.wordpress.co m/2013/10/15/case-law-strasbourg-delfi-as-v-estonia-court-strikes-serious-blow-tofree-speech-online-gabrielle-guillemin/ (last accessed: 05.05.2014) heise.de, LTE-A-Modems liefern bald bis zu 300 MBit/s, Heise online (11.09.2013), http://www.heise.de/netze/meldung/LTE-A-Modems-liefern-bald-bis-zu-300-MBits-1953525.html (last accessed on 15.05.2014) heise.de, Porno-Abmahnungen: Indizienkette zur IP-Adressen-Ermittlung verdichtet sich, Heise online (13.12.2013), http://www.heise.de/newsticker/meldung/Porno-Ab mahnungen-Indizienkette-zur-IP-Adressen-Ermittlung-verdichtet-sich-2065879.htm l (last accessed on 15.05.2014) Hogge, Becky, IWF censors Wikipedia, chaos ensues, Open Rights Group (08.12.2008), http://www.openrightsgroup.org/blog/2008/iwf-censors-wikipedia-ch aos-ensues (last accessed on 17.05.2014) Holzel, Mark, The connected TV landscape: Why smart TVs and streaming gadgets are conquering the living room, Business Insider (03.03.2014), http://www.business insider.com/the-connected-tv-landscape-why-smart-tvs-and-streaming-gadgets-areconquering-the-living-room-2-2014-2 (last accessed on 30.04.2014) Kaufman, Gil, Madonna to pirates: 'What the F--- do you think you're doing?', Singer lashes out at file traders on P2P networks, MTV news (16.04.2003), http://www.mt v.com/news/articles/1471321/madonna-rips-file-traders.jhtml (last accessed on 15.05.2014) Kleinz, Torsten, Sperrverfügungen gegen Wettanbieter in NRW, Heise online (04.05.2011), http://www.heise.de/newsticker/meldung/Sperrverfuegungen-gegenWettanbieter-in-NRW-1237731.html (last accessed on 17.05.2014) Knoke, Felix, Kim Dotcom: US-Justizministerium legt seine Erkenntnisse gegen Megaupload vor, Der Spiegel online (23.12.2013), http://www.spiegel.de/netzwelt/ web/us-justizministerium-legt-erkenntnisse-gegen-megaupload-vor-a-940627.html (last accessed on 17.05.2014)

780

List of References Knoke, Felix, Streaming: Disney löscht Weihnachtsfilm für Amazon-Kunden, Der Spiegel Online (16.12.2013), http://www.spiegel.de/netzwelt/web/streaming-disney -loescht-weihnachtsfilm-fuer-amazon-kunden-a-939297.html (last accessed on 06.06.2014) Korff, Douwe/Brown, Ian, Opinion on the compatibility of ACTA with the ECHR and the EU Charter of Fundamental Rights (2011), http://www.greens-efa.eu/fileadmin/ dam/Documents/Studies/ACTA_fundamental_rights_assessment.pdf (last accessed on 15.05.2014) Kremp, Matthias, Streaming-Portal: Redtube will für Recht auf Porno kämpfen, Der Spiegel online (20.12.2013), http://www.spiegel.de/netzwelt/web/redtube-betreiberalex-taylor-bestreitet-weitergabe-von-ip-adressen-a-940113.html (last accessed on 17.05.2014) Krempl, Stefan SPD-Sprecher verreißt die rheinischen Sperrungsverfügungen, Heise online (20.02.2002), http://www.heise.de/newsticker/meldung/SPD-Sprecher-verrei sst-die-rheinischen-Sperrungsverfuegungen-56316.html (last accessed on 17.05.2014) Krempl, Stefan, Arcor installiert leicht umgehbare Netzsperre für YouPorn, Heise online (24.10.2007), http://www.heise.de/newsticker/meldung/Arcor-installiert-leic ht-umgehbare-Netzsperre-fuer-YouPorn-188617.html (last accessed: 04.12.2012) Krempl, Stefan, Arcor muss YouPorn sperren, Heise online (19.10.2007), http://www.h eise.de/newsticker/meldung/Arcor-muss-YouPorn-sperren-Update-187184.html (last accessed on 17.05.2014) Krempl, Stefan, Provider in Nordrhein-Westfalen erhalten Sperrungsverfügungen, Heise online (08.02.2002), http://www.heise.de/newsticker/meldung/Provider-in-N ordrhein-Westfalen-erhalten-Sperrungsverfuegungen-53926.html (last accessed on 17.05.2014) La Quadrature du Net, French LOPPSI Bill adopted: the Internet under control?, La Quadrature du Net (09.02.2011), http://www.laquadrature.net/en/french-loppsi-billadopted-the-Internet-under-control (last accessed on 17.05.2014) Lainé, Pascal, Belfortain poursuivi pour téléchargement illégal : 150 € d'amende, LePays.fr (13/09/2012), http://www.lepays.fr/faits-divers/2012/09/13/belfort-un-quadra genaire-poursuivi-pour-Telechargement-illegal-hadopi-mp3-lepuix (last accessed on 15.05.2014) Le Monde, Le budget de la Hadopi passe à 8 millions d'euros, Le Monde (03.10.2012), http://www.lemonde.fr/technologies/article/2012/10/03/le-budget-de-la-hadopi-redu it-a-8-millions-d-euros_1769154_651865.html (last accessed on 17.05.2014) Le Monde, Loppsi 2: le gouvernement pourrait abandonner le blocage des sites sans juge, Le Monde (25.07.2012), http://www.lemonde.fr/technologies/article/2012/07/ 25/loppsi-2-le-gouvernement-pourrait-abandonner-le-blocage-des-sites-sans-juge_1 738020_651865.html (last accessed on 17.05.2014) Le Monde, RSF critique le filtrage du Net prévu par la Loppsi 2, Le Monde (16.09.2010), http://www.lemonde.fr/technologies/article/2010/09/16/rsf-critique-le -filtrage-du-net-prevu-par-la-loppsi-2_1411897_651865.html (last accessed on 17.05.2014)

781

List of References Lee, Doug Jay/Kim, Misung/Hong, Jong Won, Annual Report 2009, Korea APAA Copyright Committee, http://www.apaaonline.org/pdf/APAA_56th_&_57th_counci l_meeting/copyright/2-Korea%20Copyright%20Cttee%20Country%20Report%202 009.pdf (last accessed on 17.05.2014) Leeds, Jeff, Labels win suit against song sharer, The New York Times (05.10.2007), http://www.nytimes.com/2007/10/05/business/media/05music.html?_r=0 (last accessed on 17.05.2014) Leparisien.fr, Téléchargement illégal: Fleur Pellerin confirme qu’HADOPI va disparaître, Le Parisien (24.05.2013), http://www.leparisien.fr/high-tech/telechargeme nt-illegal-fleur-pellerin-confirme-qu-hadopi-va-disparaitre-24-05-2013-2831541.ph p (last accessed on 17.05.2014) Levene, Tony, Porn bill for couple who can’t download, The Guardian (29.11.2008), http://www.theguardian.com/money/2008/nov/28/internet-porn-bill-mistake (last accessed on 17.05.2014) Lewis, Rita, What is DRM and why should I care?, Firefox News (08.01.2008), http://f irefox.org/news/articles/1045/1/What-is-DRM-and-why-should-I-care/Page1.html (last accessed on 30.04.2014) Lindvall, Helienne, Piracy sites are raking in ad money from some of the World's biggest brands, Business Insider (05.02.2013), http://www.businessinsider.com/pira cy-sites-raking-in-ad-money-2013-2 (last accessed on 06.06.2014) Lischka, Konrad, Anti-Abzock-Gesetz: Das Märchen von der Abmahn-Deckelung, Der Spiegel Online (30.01.2013), http://www.spiegel.de/netzwelt/netzpolitik/anti-a bzock-gesetz-das-maerchen-von-der-abmahn-deckelung-a-880503.html (last accessed on 17.05.2014) Lischka, Konrad, Fehlerhafte Zensur-Methode: Arcor stoppt den Porno-Filter, Der Spiegel online (17.09.2007), http://www.spiegel.de/netzwelt/web/fehlerhafte-zensur -methode-arcor-stoppt-den-porno-filter-a-506143.html (last accessed on 17.05.2014) Löhr, Katrin, Skandal-Rapper fordert Ablasszahlung – Vorwurf Musik-Klau! So jagt Bushido seine Fans, Bild (17.04.2010), http://www.bild.de/unterhaltung/musik/bush ido/jagt-weiter-fans-wegen-musik-klau-12228662.bild.html (last accessed on 17.05.2014) LTO-Redaktion, Entwicklungen in Sachen Redtube – Gegenwind für Abmahnanwälte, Neues zu IP-Ermittlung, Legal Tribune online (13.12.2013), http://www.lto.de/recht /nachrichten/n/abmahnwelle-redtube-strafanzeige-erfolgshonorar-mandantenverein barung/ (last accessed on 17.05.2014) Manenti, Boris, Aurélie Filippetti : « Je vais réduire les crédits de l'Hadopi », Le nouvel Observateur (01.08.2012), http://obsession.nouvelobs.com/high-tech/20120801.O BS8587/aurelie-filippetti-je-vais-reduire-les-credits-de-l-hadopi.html (last accessed on 17.05.2014) Manenti, Boris, L'abrogation de l'Hadopi est en marche, Le nouvel Observateur (03.07.2012), http://obsession.nouvelobs.com/high-tech/20120703.OBS5858/l-hado pi-court-toujours.html (last accessed on 17.05.2014)

782

List of References Mansmann, Urs, Arcor sperrte zahlreiche Websites, Heise online (17.09.2007), http:// www.heise.de/newsticker/meldung/Arcor-sperrte-zahlreiche-Websites-Update-1759 06.html (last accessed on 17.05.2014) Marchive, Valéry, Three years and millions of euros later, Hadopi has its first conviction. Now what?, ZDnet (30.10.2012), http://www.zdnet.com/three-years-and-milli ons-of-euros-later-hadopi-has-its-first-conviction-now-what-7000006612/ (last accessed on 17.05.2014) Masons, Pinsent, Ofcom anti-piracy code delayed until 2015, out-law.com (10.06.2013), http://www.out-law.com/en/articles/2013/june/ofcom-anti-piracy-cod e-delayed-until-2015/ (last accessed on 17.05.2014) McBride, Sarah / Smith, Ethan, Music Industry to Abandon Mass Suits (19.12.2008), Wall Street Journal, http://online.wsj.com/news/articles/SB122966038836021137 (last accessed on 17.05.2014) Meller, Paul, Leaked ACTA draft reveals plans for Internet clampdown, Computerworld (20.02.2010), http://www.computerworld.co.nz/article/490341/leaked_acta_d raft_reveals_plans_internet_clampdown/ (last accessed on 06.06.2014) Mennecke, Thomas, RIAA announces new campus lawsuit strategy, Slyck News (28.02.2007), http://www.slyck.com/story1422.html (last accessed on 17.05.2014) Mölleken, Jan, Filehoster: Hehler oder Helfer ?, Der Spiegel online (14.09.2010), http://www.spiegel.de/netzwelt/web/0,1518,717333,00.html (last accessed on 17.05.2014) Mühlbauer, Peter, Die Geister, die er rief..., Heise online (25.03.2010), http://www.hei se.de/tp/artikel/32/32327/1.html (last accessed on 17.05.2014) Müller, Carl Christian, Abmahnwelle gegen Redtube-Nutzer, Vom Leerlaufen des Richtervorbehalts, Legal Tribune Online (12.12.2013), http://www.lto.de/recht/hint ergruende/h/redtube-streaming-abmahnung-Internetporno-urmann/ (last accessed on 17.05.2014) National Association of Citizens Advice Bureaux, Online infringement of copyright and the Digital Economy Act 2010 – Draft Initial Obligations Code, Response from Citizens Advice to Ofcom (July 2010) Neal, Ryan W., Pirates of the Caribbean: The Pirate Bay moves to island of St. Martin (30.04.2013), International Business Times, http://www.ibtimes.com/pirates-caribb ean-pirate-bay-moves-island-st-martin-1226787 (last accessed on 17.05.2014) Ofcom Consultation Report, Online infringement of copyright and the Digital Economy Act 2010: Draft Initial Obligations Code (28.05.2010), http://www.ofcom.org.u k/consult/condocs/copyright-infringement/condoc.pdf (last accessed on 17.05.2014) Ofcom, New Measures to Protect Online Copyright and Inform Consumers (26.06.2012), http://media.ofcom.org.uk/2012/06/26/new-measures-to-protect-onlin e-copyright-and-inform-consumers/ (last accessed on 17.05.2014) Ofcom, Online infringement of copyright and the Digital Economy Act 2010, Notice of Ofcom’s proposal to make by order a code for regulating the initial obligations (26.06.2012), http://stakeholders.ofcom.org.uk/binaries/consultations/online-notice/ summary/notice.pdf (last accessed on 17.05.2014)

783

List of References Pany, Thomas, Beginnt jetzt die Sanktionsphase von Hadopi?, heise.de blogs (05.07.2011), http://www.heise.de/tp/blogs/6/150095 (last accessed on 17.05.2014) PC Magazin, Youtube-GEMA-Sperre umgehen – so geht’s, PC Magazin (16.05.2014), http://www.pc-magazin.de/ratgeber/youtube-sperre-gema-umgehen-1343989.html (last accessed on 06.06.2014) Pépin, Guénaël, La Hadopi défend le bilan de la réponse graduée, Le Monde (05.09.2012), http://www.lemonde.fr/technologies/article/2012/09/05/la-hadopi-def end-le-bilan-de-la-reponse-graduee_1755909_651865.html (last accessed on 17.05.2014) Pepitone, Julianne, SOPA explained: What is is and why it matters, CNN (20.01.2012), http://money.cnn.com/2012/01/17/technology/sopa_explained/ (last accessed on 06.06.2014) Philips, Jeremy, Digital Opportunity Knocks..., IPkat (03.08.2011), http://ipkitten.blog spot.de/2011/08/digital-opportunity-knocks.html (last accessed on 17.05.2014) Poort, Joost/ Leenheer, Jorna/ von der Ham, Jeroen/ Dumitru, Cosmin, Baywatch : Two Approaches to Measure the Effects of Blocking Access to The Pirate Bay (Working Paper, 22.08.2013), available via http://papers.ssrn.com/sol3/papers.cfm? abstract_id=2314297 (last accessed on 17.05.2014) Ramalho, Ana, The EU mandate to negotiate the TTIP: should copyright be an outcast?, Kluwer Copyright Blog (21.05.2013), http://kluwercopyrightblog.com/2013/0 5/21/the-eu-mandate-to-negotiate-the-ttip-should-copyright-be-an-outcast/ (last accessed 07.07.2015) Rawlinson, Kevin, Turkey Steps up Bid to Block Twitter after Users Flout Ban, The Guardian (23.03.2014), http://www.theguardian.com/world/2014/mar/23/turkey-twi tter-ban (last accessed on 17.05.2014) Rees, Marc, Hadopi : 600 € d’amende et quinze jours de suspension pour un abonné , PC Inpact (12.06.2013), http://www.pcinpact.com/news/80487-hadopi-600-d-amen de-et-quinze-jours-suspension-pour-abonne.htm (last accessed on 17.05.2014) Rees, Mark, LOPPSI: le gouvernement abandonne le blocage de sites sans juge, PC Inpact (25.07.2012), http://www.pcinpact.com/news/72658-loppsi-gouvernement-a bandonne-blocage-sites-sans-juge.htm (last accessed on 17.05.2014) Reißmann, Ole, Geschäft mit Raubkopien: Wie kino.to Millionen verdiente, Der Spiegel online (14.06.2012), http://www.spiegel.de/netzwelt/netzpolitik/die-geschic hte-von-kino-to-wer-mit-den-raubkopien-verdiente-a-838816.html (last accessed on 30.04.2014) Riden, Jamie, How Fast-Flux service networks work, The Honeynet Project (16.08.2008), http://www.honeynet.org/node/132 (last accessed on 17.05.2014) Robertson, Struan, The legislative farce of the Digital Economy Bill, out-law.com (07.04.2010), http://www.out-law.com/page-10900 (last accessed on 17.05.2014) Rowlands, Max, UK: “Speculative invoicing” schemes target internet file-sharers and individuals accused of minor retail crime (2011), http://www.statewatch.org/analyse s/no-156-speculative-invoicing.pdf (last accessed on 17.05.2014)

784

List of References Rundle, Micheal, Government Scraps Plans to Block Content-Sharing Websites, Huffington Post (03.08.2011), http://www.huffingtonpost.co.uk/2011/08/03/website-blo cking-plans-sc_n_916826.html (last accessed on 17.05.2014) Salzenberg, Chip/Spafford, Gene/Moraes, Mark, What is Usenet? (1998), http://cyber.l aw.harvard.edu/lawofcyberspace/news.html (last accessed on 17.05.2014) Satter, Raphael, Wikipedia article blocked in UK over child photo, The Independent (08.12.2008), http://www.independent.co.uk/life-style/gadgets-and-tech/news/wikip edia-article-blocked-in-uk-over-child-photo-1057010.html (last accessed on 17.05.2014) Schneider, Adrian, OLG Hamburg: Die Rapidshare-Entscheidung, ein Meilenstein?, Telemedicus (29.03.2012), http://www.telemedicus.info/article/2229-OLG-Hambur g-Die-Rapidshare-Entscheidung,-ein-Meilenstein.html (last accessed on 17.05.2014) Schumpeter, Joseph, Net Neutraliy, More equal than others, The Economist (25.04.2014), http://www.economist.com/blogs/schumpeter/2014/04/net-neutrality (last accessed on 17.05.2014) Sisario, Ben, 7 Charged as F.B.I. closes a top file-sharing site, The New York Times (20.01.2012), http://www.nytimes.com/2012/01/21/technology/megaupload-indictm ent-Internet-piracy.html?ref=technology (last accessed on 17.05.2014) Smith, Graham, Who will sort out the Delfi mess?, Cyberleagle blog (16.10.2013), http://cyberleagle.blogspot.co.uk/2013/10/who-will-sort-out-delfi-mess.html (last accessed 05.05.2014) Software & Information Industry Association (SIIA), SIIA Releases Sequel to Classic Anti-Piracy Music Video “Don’t Copy That Floppy”, Reuters (09.09.2009), http://w ww.reuters.com/article/2009/09/09/idUS141575+09-Sep-2009+PRN20090909 (last accessed on 17.05.2014) Solmecke, Christian, Redtube: Wave of Streaming Letters hits Germany (12.12.2013), http://www.wbs-law.de/eng/streaming/redtube-wave-streaming-warning-letters-hits -germany-49182/ (last accessed on 17.05.2014) Spiegel Online, “The Pirate Bay”: IT-Experten warnen vor Piraten-Browser, Der Spiegel online (13.08.2013), http://www.spiegel.de/netzwelt/web/piratebrowser-it-e xperten-warnen-vor-piraten-browser-a-916279.html (last accessed 13.08.2013) Spiegel Online, 22-Jähriger festgenommen: Ermittler entdecken riesige KinderpornoSammlung in Köln, Der Spiegel online (19.09.2013), http://www.spiegel.de/panora ma/koeln-ermittler-entdecken-riesige-kinderporno-sammlung-a-923284.html (last accessed on 17.05.2014) Spiegel Online, Gesetz gegen Abzocke: Bundestag setzt Massenabmahnungen Grenzen, Der Spiegel online (27.06.2013), http://www.spiegel.de/wirtschaft/service/gese tz-gegen-abzocke-bundestag-setzt-massenabmahnungen-grenzen-a-908267.html (last accessed on 06.06.2014) Spiegel Online, Sven Regener zum Urheberrecht: “Man pinkelt uns ins Gesicht!”, Der Spiegel Online (22.03.2012), http://www.spiegel.de/kultur/gesellschaft/sven-regene r-im-bayerischen-rundfunk-zum-urheberrecht-a-823144.html (last accessed on 06.06.2014)

785

List of References Spiegel Online, Urheberrechtskampagne: 1500 Künstler gegen Gier und Geiz, Der Spiegel Online (10.05.2012), http://www.spiegel.de/netzwelt/netzpolitik/kuenstler-s chreiben-offenen-brief-fuer-das-urheberrecht-a-832538.html (last accessed on 06.06.2014) Spier, Alexander, Darf’s ein bisschen schneller sein? Wie sich LTE im mobilen Alltag schlägt, c't 2012, Issue 22, http://www.heise.de/ct/artikel/Darf-s-ein-bisschen-schnel ler-sein-1722006.html (last accessed on 17.05.2014) Steier, Henning, Ersten Piraten Drohen Netzsperren, Neue Züricher Zeitung (07.10.2011), http://www.nzz.ch/aktuell/digital/frankreich-hadopi-bilanz-1.1287330 3 (last accessed on 17.05.2014) Streams, Kimber, France's controversial Hadopi piracy law nets its first conviction, a man who says he didn't do It, The Verge (14.09.2012), http://www.theverge.com/20 12/9/14/3332056/france-hadopi-piracy-law-conviction-alain-prevost (last accessed on 17.05.2014) Sweney, Mark, Ofcom outlines new anti-piracy rules, The Guardian (26.06.2012), http://www.guardian.co.uk/technology/2012/jun/26/ofcom-outlines-anti-piracy-rule s (last accessed on 17.05.2014) Syndicat National de l’édition Phonographique (SNEP), Presentation des Resultats du 1er semestre 2013 (18.09.2013), http://www.actu.snepmusique.com/snep/actualitesdu-snep/presentation-des-resultats-du-1er-semestre-2013/ (last accessed on 17.05.2014) Syndicat National de l'Edition Phonographique, Bilan Economique 2012 (2013), http:/ /proxy.siteo.com.s3.amazonaws.com/www.snepmusique.com/file/bilaneconomique snepmidem2013etpresentationmidem.pdf (last accessed on 17.05.2014) Tait, Morgan, Dotcom extradition hearing delayed, The New Zealand Herald (01.05.2015), http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=114 41894 (last accessed on 07.07.2015). Taplin, Jonathan and Others, Advertising transparency report, monthly updates are available at http://www.annenberglab.com/projects/ad-piracy-report-0 (last accessed on 06.06.2014) Techradar, Cheap promotion, Twitter and peer-to-peer, How one band used YouTube, Twitter and file-sharing to create a community of fans, Techradar (16.01.2010), http://www.techradar.com/news/internet/how-to-get-famous-online-663244/2 (last accessed on 17.05.2014) The British Record Music Industry (BPI), Digital Music Nation 2010, the UK’s legal and illegal digital music landscape (2010), http://www.bpi.co.uk/assets/files/Digital %20Music%20Nation%202010.pdf (last accessed on 17.05.2014) The Economist, Criminalising the consumer – Where digital rights went wrong, The Economist (27.04.2007), http://www.economist.com/node/9096421 (last accessed on 30.04.2014) Thévenet, Sébastien, Hadopi: Un premier internaute condamné, Le Figaro (13.09.2012), http://www.lefigaro.fr/secteur/high-tech/2012/09/13/01007-20120913 ARTFIG00599-hadopi-un-premier-internaute-condamne.php (last accessed on 17.05.2014)

786

List of References Tréguer, Félix, France on its way to total Internet censorship?, Index on Censorship (27.06.2011), http://www.indexoncensorship.org/2011/06/france-on-its-way-to-total -internet-censorship/ (last accessed on 17.05.2014) Tulkens, Francoise, EU Accession to the European Convention on Human Rights (2013), http://www.ejtn.eu/Documents/About%20EJTN/Independent%20Seminars/ Human%20Rights%20and%20Access%20to%20Justice%20Seminar/Krakow_Tulk ens_final.pdf (last accessed on 17.05.2014) Verein zur Hilfe und Unterstützung gegen den Abmahnwahn e.V., Annual statistic 2010, http://www.verein-gegen-den-abmahnwahn.de/zentrale/download/statistiken/ 2010/jahresbilanz_2010.html (last accessed 16.06.2011) Voorhoof, Dirk, Copyright vs Freedom of Expression Judment, ECHR Blog (22.01.2013), http://echrblog.blogspot.de/2013/01/copyright-vs-freedom-of-express ion.html (last accessed on 17.05.2014) Voorhoof, Dirk, Treating a news portal as publisher of users’ comment may have farreaching consequences for online freedom of expression, Inform's blog (29.10.2013), http://inforrm.wordpress.com/2013/10/29/treating-a-news-portal-as-p ublisher-of-users-comment-may-have-far-reaching-consequences-for-online-freedo m-of-expression-dirk-voorhoof/ (last accessed on 05.05.2014) Waehlisch, Nathalie, Kampagne der Filmindustrie: “Raubkopierer sind Verbrecher“, Der Spiegel online (27.11.2003), http://www.spiegel.de/netzwelt/web/kampagne-de r-filmindustrie-raubkopierer-sind-verbrecher-a-275867.html (last accessed on 06.06.2014) Walder, Adam, Popular music platform 'Spotify' launches in Luxembourg, Luxemburger Wort (13.11.2012), http://www.wort.lu/en/view/popular-music-platform-spotify-l aunches-in-luxembourg-50a26ee3e4b0f09219140f0a (last accessed on 06.06.2014) Washington Post, NSA slides explain the PRISM data-collection program, The Washington Post (06.06.2013, updated 10.07.2013), http://www.washingtonpost.com/wp -srv/special/politics/prism-collection-documents/ (last accessed on 17.05.2014) WBS Law, Nach dem BGH Filesharing Urteil (Morpheus) – Wie geht es nun weiter? (16.11.2012), http://www.wbs-law.de/abmahnung-filesharing/nach-dem-bgh-filesha ring-urteil-morpheus-wie-geht-es-nun-weiter-32204/ (last accessed on 17.05.2014) Weber, Sara, Der Piraten-Jäger, UniSpiegel 2012, Issue 3, 14–16, (last accessed on 15.05.2014) Wienand, Lars, Das ist heftig: Die Viralseiten-Macher und ihr Verhältnis zu Urheberrechten, Rhein-Zeitung (27.05.2014), http://www.rhein-zeitung.de/nachrichten/netz welt/news_artikel,-Das-ist-heftig-Die-Viralseiten-Macher-und-ihr-Verhaeltnis-zu-U rheberrechten-_arid,1158093.html#.U5HapSiuNEP (last accessed on 06.06.2014) Williams, Christopher, E-books Drive Older Women to Piracy, The Telegraph (17.05.2011), http://www.telegraph.co.uk/technology/news/8518755/E-books-drive -older-women-to-digital-piracy.html (last accessed on 06.06.2014) Wyatt, Edward, Rebuffing F.C.C. in 'Net Neutrality' Case, court allows streaming deals, The New York Times (14.01.2014), http://www.nytimes.com/2014/01/15/technolog y/appeals-court-rejects-fcc-rules-on-Internet-service-providers.html?_r=0 (last accessed on 17.05.2014)

787

Table of Cases

Court of Justice of the European Union CJEU, Joined Cases C-453/03, C-11/04, C-12/04 and C-194/04 ABNA and Others, [2005] ECR I-10423 CJEU, Case C-435/12 ACI Adam v Stichting de Thuiskopie, Judgment of 10.04.2014 CJEU, Case C‑343/09 Afton Chemical, [2010] ECR I‑7027 CJEU, Case C-221/09 AJD Tuna, [2011] ECR I-1655 CJEU, Case C-617/10 Åklagaren v Hans Åkerberg Fransson, Judgment of 26 .02.2013 CJEU, Joined Cases C-154/04 and C-155/04 Alliance for Natural Health and Others, [2005] ECR I-6451 CJEU, Case C-142/87 Belgium v Commission, Order of 15.06.1987, [1990] ECR I-959 CJEU, C-348/13 BestWater International, Order of 21.10.2014 CJEU, Case C-78/01 BGL and Bundesrepublik Deutschland, Judgment of 23.09.2003, [2003] ECR I-9543 CJEU, Case C-489/10 Bonda, Judgment of 05.06.2012 CJEU, Case C-461/10 Bonnier Audio AB and Others v Perfect Communication Sweden AB, Judgment of 19.04.2012 CJEU, Joined Cases C-20/00 and C-64/00 Booker Aquaculture and Hydro Seafood, [2003] ECR I-7411 CJEU, Case C-97/91 Borelli, [1992] ECR I-6313 CJEU, Case C-279/13, C More Entertainment, Judgment of 26.03.2015 CJEU, Joined Cases C‑145/08 and C‑149/08 Club Hotel Loutraki and Others, [2010] ECR I- 4165 CJEU, Case C‑437/04 Commission v Belgium, [2007] ECR I‑2513 CJEU, Case C-53/05 Commission v Portugal, [2006] ECR I-6215 CJEU, Joined Cases C-133/93, C-300/93 and C-362/93 Crispoltoni and Others, [1994] ECR I-4863 CJEU, Case C‑544/10 Deutsches Weintor, Judgment of 06.09.2012 CJEU, Joined cases C-293/12 and C-594/12 Digital Rights Ireland v Minister for Communications, Marine and Natural Resources and Others, and Kärntner Landesregierung and Others, Judgment of 08.04.2014 CJEU, Case C-260/89 ERT v DEP, [1991] ECR I-5485 CJEU, Joint Cases C-403/08 Football Association Premier League Ltd and others v OC Leisure and others, and C-429/08 Karen Murphy v Media Protection Services Ltd., [2011] ECR I-9083 CJEU, Case C‑213/10 F-Tex SIA v Lietuvos-Anglijos UAB "Jadecloud-Vilma", Judgment of 09.04.2012

789

Table of Cases CJEU, Case C-135/92 Fiskano v Commission, [1994] ECR I-2885 CJEU, Case C-280/93 Germany v Council, [1994] ECR I-4973 CJEU, Case C-156/98 Germany v Commission, [2000] ECR I-6857 CJEU, Joined Cases C-236/08 to C-238/08, Google France, Google Inc. v Louis Vuitton Malletier, Google France v Viaticum Luteciel, Google France v CNRRH PierreAlexis Thonet, Bruno Raboin, Tiger, a franchisee of Unicis, [2010] ECR I-02417 (Google Adwords) CJEU, Case C-131/12, Google Spain and Google Inc v Agencia Española de Protección de Datos (AEPD), Judgment of 13.05.2014 CJEU, Case C-44/79 Hauer v Land Rheinland-Pfalz, [1979] ECR 3727 CJEU, Case C-101/12 Herbert Schaible v Land Baden-Württemberg, Judgment of 17.10.2013 CJEU, Case C-85/76 Hoffmann-La Roche v Commission, Judgment of 13.02.1979 [1979] ECR 461 CJEU, Case C-5/08 Infopaq International v Danske Dagblades Forening, [2009] ECR I-6569 CJEU, Case C-1/11 Interseroh, Judgment of 29.03.2012 CJEU, Case C-301/06 Ireland v European Parliament and Council of the European Union, [2009] ECR I-593 CJEU, Case C-315/99 P Ismeri Europea v Court of Auditors, [2001] ECR I-5281 CJEU, Case C-607/11 ITV Broadcasting Ltd et al. v TVCatchup Ltd., Judgment of 07.03.2013 CJEU, Case C-222/84 Johnston, [1986] ECR 1651 CJEU, Case C-213/99 José Teodoro de Andrade v Director da Alfandega de Leixoes, intervener: Ministério Público, [2000] ECR I-11083 CJEU, Joined Cases C-402/05P and C-415/05P Kadi and Al Barakaat v Council of the European Union and Commission of the European Communities, [2008] ECR I-6351 CJEU, Case C‑479/04 Laserdisken, [2006] ECR I‑8089 CJEU, Case C-294/83 Les Verts v European Parliament, [1986] ECR 1339 CJEU, Case C-118/89 Lingenfelser, [1990] ECR I-2637 CJEU, Case C‑101/01 Lindqvist, [2003] ECR I‑12971 CJEU, Case C-324/09 L’Oréal v eBay, [2011] ECR I-6011 CJEU, Case C-557/07 LSG-Gesellschaft zur Wahrnehmung von Leistungsschutzrechten GmbH v Tele 2 Telecommunication GmbH (Tele2), [2009] ECR I-01227 CJEU, Joined Cases C-402/05 P and C-415/05 P Kadi and Al Barakaat, [2008] ECR I-6351 CJEU, Case C-356/97 Molkereigenossenschaft Widergeltingen eG v Hauptzollamt Lindau, [2000] ECR I-5461 CJEU, Case C-354/95 National Farmers' Union and Others, [1997] ECR I-4559 CJEU, Joined Cases C‑581/10 and C‑629/10 Nelson and Others, Judgment of 23.10.2012

790

Table of Cases CJEU, Joined Cases C‑90/90 and C‑91/90 Neu, [1991] ECR I‑3617 CJEU, Case C-4/73 Nold, [1974] ECR 491 CJEU, Case C-465/00 C-138/01 Österreichischer Rundfunk and Others, [2003] ECR I-4989 CJEU, Case C-319/90 Pressler, [1992] ECR I-203 CJEU, Case C-275/06 Productores de Música de España (Promusicae) v Telefónica de España SAU, [2008] ECR I-271 CJEU, Case C-379/08 Raffinerie Mediterranee (ERG) SpA v Ministero dello Sviluppo economic, [2010] ECR I-2007 CJEU, Case C-360/10 SABAM v Netlog NV, Judgment of 16.02.2012 CJEU, Case C-70/10 Scarlet Extended SA v SABAM, [2012] ECR I-11959 CJEU, Case C-283/11 Sky Österreich GmbH v Österreichischer Rundfunk, Judgment of 22.01.2013 CJEU, Case C-306/05 Sociedad General de Autores y Editores de España v Rafael Hoteles SA, [2006] ECR I-11519 CJEU, Case C-230/78 SpA Eridiana and Others, [1979] ECR 2749 CJEU, Case C-240/97 Spain v Commission, [1999] ECR I-6571 CJEU, Joined Cases C‑184/02 and C‑223/02 Spain and Finland v Parliament and Council, [2004] ECR I‑7789 CJEU, Case C-151/78 Sukkerfabriken Nykøbing, [1979] ECR 1 CJEU, Case C-466/12 Svensson, Judgment of 13.02.2014 CJEU, Case C-432/05 Unibet, [2007] ECR I-2271 CJEU, Case C-314/12 UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproduktionsgesellschaft GmbH, Judgment of 27.03.2014 CJEU, Case C-222/86 Union nationale des entraineurs et cadres techniques professionnels du football (UNECTEF) v Georges Heylens, Judgment of 15.10.1987, [1987] ECR 4097 CJEU, Joined Cases C‑222/05 to C‑225/05 Van der Weerd and Others, [2007] ECR I-4233 CJEU, Joined Cases C‑430/93 and C‑431/93 Van Schijndel and van Veen, [1995] ECR I-4705 CJEU, Case C‑375/96 Zaninotto [1998] ECR I‑6629 CJEU, Case C-8/89 Zardi, [1990] ECR I-2515 European Court of Human Rights ECtHR, Anheuser-Busch Inc. v Portugal, Judgment of 11.01.2007, Application No. 73049/01 ECtHR, Artico v Italy, Judgment of 13.05.1980, Application No. 6694/74 ECtHR, Ashby Donald and others v France, Judgment of 10.01.2013, Application No. 36769/08

791

Table of Cases ECtHR, Autronic AG v Switzerland, Judgment of 22.05.1990, Application No. 12726/87 ECtHR, Barberà, Messegué and Jabardo v Spain, Judgment of 06.12.1988, Application No. 10590/83 ECtHR, Bensaid v The United Kingdom, Judgment of 06.02.2001, Application No. 44599/98 ECtHR, Boldea v Romania, Judgment of 15.02.2007, Application No. 19997/02 ECtHR, Borgers v Belgium, Judgment of 30.10.1991, Application No. 12005/86 ECtHR, Bosphorus Hava Yollari Turzm ve Ticaret Anonim Sirketi v Ireland, Judgment of 30.06.2005, Application No. 45036/98 ECtHR, Botta v Italy, Judgment of 24.02.1998, Application No. 21439/93 ECtHR, Brozicek v Italy, Judgment of 19.12.1989, Application No. 10964/84 ECtHR, Castells v Spain, Judgment of 23.04.1992, Application No. 11798/85 ECtHR, Copland v The United Kingdom, Judgment of 03.04.2007, Application No. 62617/00 ECtHR, Cumpǎnǎ and Mazǎre v Romania, Judgment of 17.12.2004, Application No. 33348/96 ECtHR, Cyprus v Turkey, Judgment of 10.05.2001, Application No. 25781/94 ECtHR, Chorherr v Austria, Judgment of 25.08.1993, Application No. 13308/87 ECtHR, De Haes and Gijsels v Belgium, Judgment of 24.02.1997, Application No. 19983/92 ECtHR, Delfi AS v Estonia, Judgment of 10.10.2013, Application No. 64569/09, and Judgment of 16.06.2015, Application no. 64569/09 (Grand Chamber) ECtHR, De Wilde, Ooms and Versyp v Belgium, Judgment of 18.06.1971, Application No. 2832/66 ECtHR, Dima v Romania, Judgment of 16.11.2006, Application No. 58472/00 ECtHR, Dombo Beheer BV v the Netherlands, Judgment of 27.10.1993, Application No. 14448/88 ECtHR, Eur. Comm. H.R., DVO v Belgium, Judgment of 01.03.1979, Application No. 7654/76 ECtHR, Fredrik Neij and Peter Sunde Kolmisoppi v Sweden, Decision of 19.02.2013, Application No. 40397/12 ECtHR, Golder v The United Kingdom, Judgment of 21.02.1975, Application No. 4451/70 ECtHR, Groppera Radio AG Others v Switzerland, Judgment of 28.03.1990, Application No. 10890/84 ECtHR, Guerra and Others v Italy, Judgment of 19.02.1998, Application No. 14967/89 ECtHR, Handyside v The United Kingdom, Judgment of 07.12.1976, Application No. 5493/72

792

Table of Cases ECtHR, Huvig v France, Judgment of 24.04.1990, Application No. 11105/84 ECtHR, Ireland v The United Kingdom, Judgment of 18.01.1978, Application No. 5310/71 ECtHR, J.B. v Switzerland, Judgment of 03.05.2001, Application No. 31827/96 ECtHR, Jersild v Denmark, Judgment of 23.09.1994, Application No. 15890/89 ECtHR, John Murray v The United Kingdom, Judgment of 08.02.1996, Application No. 18731/91 ECtHR, K. U. v Finland, Judgment of 02.12.2008, Application No. 2872/02 ECtHR, Karatas v Turkey, Judgment of 08.07.1999, Application No. 23168/94 ECtHR, Kenedi v Hungary, Judgment of 26.05.2009, Application No. 31475/05 ECtHR, Khurshid Mustafa and Tarzibachi v Sweden, Judgment of 16.12.2008, Application No. 23883/06 ECtHR, Klass and Others v Germany, Judgment of 06.09.1978, Application No. 5029/71 ECtHR, Komanicky v Slovakia, Judgment of 04.06.2002, Application No. 40437/07 ECtHR, Leander v Sweden, Judgment of 26.03.1987, Application No. 9248/81 ECtHR, Liberty and Others v The United Kingdom, Judgment of 01.07.2008, Application No. 58243/00 ECtHR, Lingens v Austria, Judgment of 08.07.1986, Application No. 9815/82 ECtHR, Malone v The United Kingdom, Judgment of 02.08.1984, Application No. 8691/79 ECtHR, Marckx v Belgium, Judgment of 13.06.1979, Application No. 6833/74 ECtHR, Markt Intern Verlag GmbH and Klaus Beermann v Germany, Judgment of 20.09.1989, Application No. 10572/83 ECtHR, Mouvement Raëlien Suisse v Switzerland, Judgment of 13.07.2012 – Application No. 16354/06 ECtHR, Müller and Others v Switzerland, Judgment of 24.05.1988, Application No. 10737/84 ECtHR, Neij and Sunde Kolmisoppi v Sweden, Admissibility Decision of 19.02.2013, Application No. 40397/12 ECtHR, Oberschlick v Austria No. 2, Judgment of 01.07.1997, Application No. 20834/92 ECtHR, Observer and Guardian v The United Kingdom, Judgment of 26.11.1991 – Application No. 13585/88 ECtHR, Öcalan v Turkey, Judgment of 12.05.2005, Application No. 46221/99 ECtHR, Öneryıldız v Turkey, Judgment of 30.11.2004, Application No. 48939/99 ECtHR, Otto-Preminger Institut v Austria, Judgment of 20.09.1994, Application No. 13470/87 ECtHR, Pretty v The United Kingdom, Judgment of 29.04.2002, Application No. 2346/02

793

Table of Cases ECtHR, Rotaru v Romania, Judgment of 04.05.2000, Application No. 28341/95 ECtHR, Rowe and Davis v The United Kingdom, Judgment of 16.02.2000, Application No. 28901/95 ECtHR, S. and Marper v The United Kingdom, Judgment of 04.12.2008, Application Nos. 30562/04 and 30566/04 ECtHR, Salabiaku v France, Judgment of 07.10.1988, Application No. 10519/83 ECtHR, Saunders v The United Kingdom, Judgment of 17.12.1996, Application No. 19187/91 ECtHR, Sporrong and Lönnroth v Sweden, Judgment of 23.09.1982, Application No. 7152/75 ECtHR, Sunday Times v The United Kingdom, Judgment of 26.04.1979, Application No. 6538/74 ECtHR, Skałka v Poland, Judgment of 27.05.2003, Application No. 43425/98 ECtHR, Telegraaf Media Nederland Landelijke Media B. V and Others v the Netherlands, Judgment of 22.11.2012, Application No. 39315/06 ECtHR, Times Newspapers Ltd v The United Kingdom (nos. 1 and 2), Judgment of 10.06.2009, Application Nos. 3002/03 and 23676/03 ECtHR, TV Vest AS & Rogaland Pensjonistparti v Norway, Judgment of 11.12.2008, Application No. 21132/05 ECtHR, V. v The United Kingdom, Judgment of 16.12.1999, Application No. 24888/94 ECtHR, Weber and Saravia v Germany, Admissibility Decision of 29.06.2006, Application No. 54934/00 ECtHR, Yefimenko v Russia, Judgment of 12.02.2013, Application No. 152/04 ECtHR, Y. F. v Turkey, Judgment of 22.07.2003, Application No. 24209/94 ECtHR, Yildirim v Turkey, Judgment of 18.12.2012, Application No. 3111/10 National courts Australia Federal Court of Australia, Roadshow Films Pty Ltd v iiNet Ltd, [2010] FCA 24 Federal Court of Australia, Roadshow Films Pty Ltd v iiNet Ltd, [2011] FCAFC 23 Federal Court of Australia, Universal Music Australia Pty Ltd v Sharman License Holdings Ltd, [2005] FCA 1242 High Court of Australia, Roadshow Films Pty Ltd v iiNet Ltd, [2012] HCA 16 Austria ÖOGH, Decision of 11.05.2012 – 4 Ob 6/12d OGH, Decision of 21.12.2006 – 6 Ob 178/04a

794

Table of Cases France CA Paris, Decision of 04.02.2011 – RG no. 09/21941 (André Rau v Google & AuFeminin.com) CA Paris, Decision of 09.04.2010 (Google v Flach Films and others) CA Paris, Decision of 03.12.2010 (Dailymotion v Zadig Production) CA Paris, Decision of 14.01.2011 (Google Inc. v Bac Films and others) Cour de Cassation, Decision of 17.02.2011, RG no. 09/67896 (Christian C., NordOuest Production et UGC Images v Dailymotion) Cour de Cassation, Decision of 12.07.2012, Arrêt no. 830 (André Rau v Google & AuFeminin.com) Cour de Cassation, Decision of 12.07.2012, Arrêt no. 831 (Bach Films v Google France and Inc [1 & 2]) Cour de Cassation, Decision of 12.07.2012, Arrêt no. 832 (SNEP v Google France) Cour d’Appel d’Aix-en-Provence, Decision of 05.09.2007, Arrêt no. 501 Cour d’Appel de Montpellier, Decision of 10.03.2005 (Buena Vista Home Entertainment et al. v D.A.C.) Cour d’Appel Paris, Decision of 03.05.2011, RG no. 10/19845 (SNEP v Google France) Cour d’Appel Paris, Decision of 24.11.2006, RG no. 05/15722 (SA Tiscali [Telecom Italia]) Cour de Cassation, Decision of 30.05.2006, RG no. 05/83335 Cour de Cassation, Decisions of 17.02.2011 (affaires Dailymotion, Fuzz et Amen) Conseil Constitutionnel, Decision of 27.07.2006, no. 2006-540 DC Conseil Constitutionnel, Decision of 10.06.2009, no. 2009-580 DC Conseil Constitutionnel, Decision of 22.10.2009, no. 2009-590 DC Conseil Constitutionnel, Decision of 10.03.2011, no. 2011-625 DC TP Montreuil, Decision of 03.06.2013, parquet no. 12053081381 TGI Créteil, Decision of 14.12.2010 (INA v YouTube) TGI Paris, Decision of 20 November 2000 – RG no. 00/05308 (La Ligue contre le racisme et l’antisémitisme et al. v Yahoo Inc) TGI Paris, Decision of 13.06.2005, RG no. 05/53871 TGI Paris, Decision of 11.06.2010 (La Chauve Souris and 120 Films v Dailymotion) TGI Paris, Decision of 10.09.2010, RG no. 10/53985 (SNEP v Google France) TGI Paris, Decision of 13.01.2011 (Calt Production v Dailymotion) TGI Paris, Decision of 29.05.2012, RG No. 10/11205 Germany AG Düsseldorf, Decision of 05.04.2011 – 57 C 15740/09 AG Frankfurt/M., Decision of 04.02.2009 – 29 C 549/08 – 81 AG Frankfurt/M., Decision of 29.01.2010 – 31 C 1078/09 – 78

795

Table of Cases AG Frankfurt/M., Decision of 12.02.2010 – 32 C 1634/09-72 AG Frankfurt/M., Decision of 16.04.2010 – 30 C 562/07 – 47 AG Halle, Decision of 14.11.2009 – 95 C 3258/09 AG Magdeburg, Decision of 12.05.2010 – 140 C 2323/09 BGH, Decision of 18.03.1960 – I ZR 75/58 (Eisrevue II) BGH, Decision of 16.06.1971 – I ZR 120/69 (Konzertveranstalter) BGH, Decision of 15.10.1998 I ZR 120 / 96 (Möbelklassiker) BGH, Decision of 17.05.2001 – I ZR 251/99 (ambiente.de) BGH, Decision of 11.03.2004 – I ZR 304/01 (Internetversteigerung I) BGH, Decision of 01.04.2004 – I ZR 317/01 (Schöner Wetten) BGH, Decision of 19.04.2007 – I ZR 35/04 (Internetversteigerung II) BGH, Decision of 12.07.2007 – I ZR 18/04 (Jugendgefährdende Medien bei eBay) BGH, Decision of 30.04.2008 – I ZR 73/05 (Internetversteigerung III) BGH, Decision of 10.11.2009 – VI ZR 217/08 (rainbow.at) BGH, Decisions of 15.12.2009 – VI ZR 227/08 and 228/08 (Deutschlandradio) BGH, Decisions of 09.02.2010 – VI ZR 243/08 and 244/08 (Spiegel online) BGH, Decisions of 20.04.2010 – VI ZR 245/08 and 246/08 (morgenweb.de) BGH, Decision of 12.05.2010 – I ZR 121/08 (Sommer unseres Lebens) BGH, Decision of 22.07.2010 – I ZR 139/08 (Kinderhochstühle im Internet) BGH, Decision of 25.10.2011 – VI ZR 93/10 (Blog) BGH, Decision of 19.04.2012 – 1 ZB 80/11 (Alles kann besser werden) BGH, Decision of 12.07.2012 – I ZR 18/11 (Alone in the Dark) BGH, Decision of 15.11.2012 – I ZR 74/12 (Morpheus) BGH, Decision of 15.08.2013 – I ZR 80/12 (GEMA v Rapidshare) BGH, Decision of 08.01.2014 – I ZR 169/12 (BearShare) BGH, Decisions of 11.06.2015 – I ZR 75/14; I ZR 7/14 and I ZR 19/14 (Tauschbörse I – III) BVerfG, 1 BvR 256/08 (Vorratsdatenspeicherung) BVerfG, 1 BvR 2074/05, 1 BvR 1254/07 (Automatisierte Erfassung von Autokennzeichen) BVerfG, Order of 21.03.2012 – 1 BvR 2365/11 (Unerlaubtes Filesharing im Internet) KG Berlin, Decision of 19 October2001 – 9 W 132/01 LG Düsseldorf, Decision of 13.12.2007 – 12 O 550/07 LG Düsseldorf, Decision of 27.05.2009 – 12 O 134/09 LG Frankfurt/M., Decision of 12.04.2007 – 2/03 O 824/06 LG Frankfurt/M., Decision of 08.02.2008 – 3-12 O 171/07 LG Frankfurt/M., Decision of 18.08.2010 – 2-6 S 19/09 LG Hamburg, Decision of 19.04.2006 – 308 O 92/06 LG Hamburg, Decision of 21.04.2006 – 308 O 139/06

796

Table of Cases LG Hamburg, Decision of 01.06.2007 – 324 O 717/06 LG Hamburg, Decision of 18.01.2008 – 324 O 507/07 LG Hamburg: Decision of 28.02.2008 – 324 O 459/07 LG Hamburg: Decision of 29.02.2008 – 324 O 469/07 LG Hamburg, Decision of 15.07.2008 – 310 O 144/08 LG Hamburg, Decision of 12.11.2008 – 308 O 548/08 LG Hamburg, Decision of 12.06.2009 – 310 O 93/08 LG Hamburg, Decision of 25.11.2010 – 310 O 433/10 LG Hamburg, Decision of 12.3.2010 – 308 O 640/08 LG Hamburg, Decision of 20.04.2012 – 310 O 461/10 (GEMA v YouTube) LG Kiel, Decision of 23.11.2007 – 14 O 125/07 LG Köln, Decision of 28.02.2007 – 28 O 10/07 LG Köln, Decision of 27.01.2010 – 28 O 241/09 LG Köln, Decision of 31.08.2011 – 28 O 362/10 LG Leipzig, Decision of 14.06.2012 – 11 KLs 390 Js 191/11 (kino.to) LG Mannheim, Decision of 29.09.2006 – 7 O 76/06 LG München I, Decision of 19.04.2007 – 7 O 3950/07 LG München I, Decision of 13.06.2007 – 9 O 2295/07 LG München I, Decision of 19.06.2008 – 7 O 16402/07 LG München I, Decision of 25.02.2014 – 1 HK O 1401/13 OLG Brandenburg, Decision of 16.12.2003 – 6 U 161/U OLG Düsseldorf, Decision of 27.12.2007 – I-20 W 157/07 OLG Düsseldorf, Decision of 27.04.2010 – I-20 U 166/09 (Rapidshare – An American Crime et al) OLG Düsseldorf, Decision of 06.07.2010 – I-20 U 8/10 (Rapidshare II – Inside a Skinhead) OLG Düsseldorf, Decision of 21.12.2010 – I-20 U 59/10 (Rapidshare III – Alone in the Dark) OLG Düsseldorf, Decision of 15.03.2011 – I-20 U 136/10 OLG Frankfurt/M., Decision of 22.01.2008 – 6 W 10/08 OLG Frankfurt/M., Decision of 20. 12. 2007 – 11 W 58/07 OLG Frankfurt/M., Decisions of 20.09.2006 – 16 W 55/06 and 16 W 57/06 OLG Frankfurt/M., Decision of 20.12.2007 – 11 W 58/07 OLG Frankfurt/M., Decision of 12.05.2009 – 11 W 21/09 OLG Frankfurt/M., Decision of 12.11.2009 – 11 W 41/09 OLG Frankfurt/M., Decision of 21.12.2010 – 11 O 52/07 OLG Hamburg, decision of 08.02.2006 – 5 U 78/05 (Cybersky) OLG Hamburg, Decision of 11.10.2006 – 5 W 152/06 OLG Hamburg, Decision of 02.07.2008 – 5 U 73/07 (Sharehoster I – Rapidshare)

797

Table of Cases OLG Hamburg, Decision of 14.01.2009 – 5 U 113/07 (Spring nicht – Usenet I) OLG Hamburg, Decision of 28.01.2009 – 5 U 255/07 (Alphaload – Usenet II) OLG Hamburg, Decision of 30.09.2009 – 5 U 111/08 (Sharehoster II – Rapidshare) OLG Hamburg, Decision of 22.12.2010 – 5 U 36/09 OLG Hamburg, Decision of 14.03.2012 – 5 U 87/09 (GEMA v Rapidshare) OLG Hamburg, Decision of 21.11.2013 – 5 U 68/10 (3dl.am) OLG Hamm, Decision of 02.11.2010 – 4 W 119/10 OLG Hamm, Decision of 27.10.2011 – I-22 W 82/11 OLG Köln, Decision of 21.09.2007 – 6 U 86/07 (Haftung eines Sharehoster-Dienstes) OLG Köln, Decision of 23.12.2009 – 6 U 101/09 OLG Köln, Decision of 10.02.2011 – 6 W 5/11 OLG Köln, Decision of 24.03.2011 – 6 W 427/11 OLG Köln, Decision of 16.05.2012 – 6 U 239/1 OLG München, Decision of 21.09.1978 – 6 U 4941/77 (Transvestiten-Show) OVG Münster, Decision of 19.03.2003 – 8 B 2567/02 VG Arnsberg, Decision of 26.11.2004 – 13 K 3173/02 VG Düsseldorf, Decision of 19.12.2002 – 15 L 4148/02 VG Düsseldorf, Decision of 10.05.2005 – 27 K 5968/02 VG Düsseldorf, Decision of 08.11.2011 – 27 K 5887/10 VG Düsseldorf, Decision of 29.11.2011 – 27 K 5887/10 VG Gelsenkirchen, Decision of 28.7.2006 – 15 K 2170/03 VG Köln, Decision of 03.03.2005 – 6 K 7151/02 Ireland Irish High Court, EMI v UPC, Decision of 11.10.2010, [2009] no 5472 Sweden Svea Hovrätt, Decision of 26.11.2010 – B 4041-09 (The Pirate Bay) The Netherlands Gerechtshof Amsterdam, Decision of 28.03.2002, – 1370/01SKG (KAZAA B.V v BUMA/STEMRA) RB Den Haag, Decision of 24.10.2012 (BREIN v XS Networks) RB ‘s Gravenhage, Decision of 11.01.2012 (BREIN v Ziggo and XS4ALL) RB ‘s Gravenhage, Decision of 10.05.2012 (Blocking of The Pirate Bay: BREIN v providers)

798

Table of Cases The United Kingdom Court of Appeal, Axa Equity & Law Life Assurance Society Plc v National Westminster Bank [1998] CLC 1177 Court of Appeal, Newspaper Licensing Agency Ltd v Meltwater Holding BV [2011] EWCA Civ 890, Court of Appeal, Rugby Union v Viagogo Ltd [2011] EWCA Civ 1585 Court of Appeal, SABAF SpA v MFI Furniture [2003] RPC 14 Court of Appeal, Sibthorpe v Southwark London Borough Council [2011] EWCA Civ 25 Court of Appeal, Tony D Sullivan (aka Rudey Soloman) v Bristol Film Studios Ltd [2012] EWCA civ 570 Court of Appeal, Totalise plc v Motley Fool Ltd [2001] EWCA Civ 1897 High Court, Aoot Kalmneft v Denton Wilde Sapte [2002] 1 Lloyds Rep 417 High Court, Applause Store Productions Ltd v Grant Raphael [2008] EWHC 1781 High Court, Barings Plc v Coopers & Lybrand [2001] PNLR 22 High Court, Carlton Film Distributors Ltd v VCI Plc [2003] EWHC 616 High Court, CHC Software Care v Hopkins and Wood [1993] FSR 241 High Court, Dramatico Entertainment Ltd and others v British Sky Broadcasting Ltd and others [2012] EWHC 268 High Court, EMI Records Ltd and others v British Sky Broadcasting Ltd and others [2013] EWHC 379 (Ch) High Court, Exxon Corp. v Exxon Insurance Consultants [1982] Ch 119 High Court, Falcon v Famous Players Film Co. [1926] 2 KB 474 High Court, Football Association Premier League Ltd v British Sky Broadcasting Ltd [2013] EWHC 2058 High Court, G and G v Wikimedia Foundation Inc [2009] EWHC 3148 (QB) High Court, Golden Eye (International) Ltd and others v Telefonica UK Ltd, Consumer Focus intervening [2012] EWHC 723 (Ch) High Court, ITV Broadcasting Ltd and others v TVCatchup Ltd [2013] EHWC 3638 (CH) High Court, Jane Clift v Martin Clark [2011] EWHC 1164 (QB) High Court, L’Oréal v eBay [2009] EWHC 1094 (Ch) High Court, Mitsui & Co Ltd v Nexen Petroleum UK Ltd [2005] EWHC 625 (Ch) High Court, Newspaper Licensing Agency Ltd v Meltwater Holding BV [2010] EWHC 3099 (Ch) High Court, Paramount Home Entertainment International Ltd v British Sky Broadcasting Ltd [2013] EWHC 3479 (Ch) High Court, Polydor Ltd v Brown [2005] EWHC 3191 (Ch) High Court, Pro Sieben Media v Carlton UK Television [1997] EMLR 509 High Court, R. (on the application of British Telecommunications Plc) v Secretary of State for Business, Innovation and Skills, [2011] EWHC 1021 (Admin)

799

Table of Cases High Court, Sheffield Wednesday Football Club Ltd v Hargreaves [2007] EWHC 2375 (QB) High Court, Twentieth Century Fox Film Corp and others v British Telecommunications Plc [2011] EWHC 1981 High Court, Twentieth Century Fox Film Corporation and others v NewzBin Ltd [2010] EWHC 608 (Ch) House of Lords, Ashworth Hospital Authority v MGN Ltd [2002] UKHL 29 House of Lords, CBS Songs v Amstrad [1988] AC 1013 House of Lords, Norwich Pharmacal Co. and others v Customs and Excise Commissioners [1974] AC 133 House of Lords, R v Johnstone [2003] UKHL 28 House of Lords, Re S [2004] UKHL 47 Patents County Court, Media C.A.T. v Adams [2011] EWPCC 6, [2011] FSR 8 Patents Court, Smith Kline and French Laboratories Ltd v R.D. Harbottle (Mercantile) Ltd [1980] RPC 363 Solicitors Disciplinary Tribunal, Solicitors Regulation Authority v Andrew Jonathan Crossley, Case no. 10726 (06.02.2012) The United States of America 17 U.S.C. A&M Records. Inc. v Napster Inc. (N. D. Cal. 2000), A&M Records Inc. v Napster Inc., 239 F.3d 1004 (9th Cir. 2001) Corbis Corp. v Amazon.com Inc., 351 F. Supp. 2d 1090 (W.D. Wash. 2004) CoStar Group Inc. v LoopNet Inc., 164 F.Supp. 2d 688 (D. Md. 2001) CoStar Group Inc. v LoopNet Inc., 373 F.3d 544 (4th Cir. 2004) Cubby v CompuServe, 766 F Supp 135 (SDNY 1991) Gershwin Publishing Corp. v Columbia Artists, 443 F. 2d 1159 (2nd Cir. 1971) Hendrickson v eBay Inc., 165 F. Supp. 2d 1082 (C.D. Cal. 2001) In Re: Aimster Copyright Litigation, 252 F.Supp.2d 634 (N.D. Ill. 2002) In Re: Aimster Copyright Litigation, 334 F 3d 643 (7th Cir. 2003) IO Group Inc. v Veoh Networks Inc., 586 F. Supp. 2d 1132 (N.D. Cal. 2008) K-Beech, Inc. v John Does 1-37, CV 11-3995 (DRH)(GRB) (United States District Court, Eastern District of New York) Metro-Goldwyn-Mayer Studios Inc. v Grokster Ltd., 125 S. Ct. 2764 (U.S.S.C. 2005) Metro-Goldwyn-Mayer Studios Inc. v Grokster Ltd., 259 F.Supp.2d 1029 (C.D. Calif. 2003) Metro-Goldwyn-Mayer Studios Inc. v Grokster Ltd., 380 F.3d 1154 (9th Cir. 2004) Perfect 10 Inc. V CCBill LLC, 488 F.3d 1102, 1117 (9th Cir. 200) Sony Corp. of America v Universal City Studios, 464 U.S. 417 (1984) Stratton Oakmont Inc. v Prodigy Services Co., 1995 WL 323710 (NY Sup. Ct. 1995)

800