Will the show go on? Victory for iiNet in the Federal Court

Posted by Elisabeth Koster

Roadshow Films and 33 other film studios yesterday lost an appeal in the Full Federal Court brought against internet service provider, iiNet.

Justices Emmett and Nicholas (Justice Jagot dissenting) upheld the first instance decision of Justice Cowdroy, who held that iiNet should not be held liable for infringement of copyright by its subscribers.

As in the judgment of Justice Cowdroy (reported in our news alert of 5 February 2010), the Full Federal Court decision turned on the question of authorisation of copyright in relation to the downloading of copyright material from the internet.  Specifically, the Court considered whether an ISP could be said to have authorised the infringing acts of its subscribers where those subscribers downloaded copyrighted films and television shows without licence from the copyright owners.

The Australian Federation Against Copyright Theft (AFACT) had given evidence that it had issued notices to iiNet on behalf of the applicants.  The AFACT notices contained information as to purported copyright infringement by iiNet users and requested that iiNet send warnings to those users and then suspend or terminate those accounts if the activities persisted.  iiNet did not comply with AFACT's requests.

iiNet denied authorising its subscribers’ conduct, saying that it relied upon a series of steps which it says it took to prevent or avoid copyright infringement by users of its network, including:

·                   making its services available to subscribers upon terms which prohibited them from using services to infringe copyright;

·                   publishing a warning that hosting or posting infringing material was a breach of the customer relationship agreement which could result in suspension or termination of the account; and

·                   providing employee training to the effect that iiNet did not support or condone copyright infringement.

The issue largely turned on whether iiNet had taken reasonable steps to prevent the infringements occurring.

The majority held that iiNet's failure to take steps to issue warnings or terminate or suspend user accounts in response to allegations made in AFACT notices was not unreasonable given the evidentiary deficiencies in those notices. 

Justice Emmett went further, stating that before any finding of authorisation of copyright infringement can be found, copyright owners must show that:

·                   the ISP has been provided with unequivocal and cogent evidence of the alleged infringing acts by the use of that service; and

·                   they have undertaken:

·                   to reimburse the ISP for the reasonable costs of verifying the particulars of the alleged infringing acts and establishing and maintaining a regime to monitor the use of the service to determine whether further acts of infringements occur; and

·                   to indemnify the ISP in respect of any liability reasonably incurred as a consequence of mistakenly suspending or terminating a service on the basis of allegations made by the copyright owner.

Justice Emmett found that although the evidence presented to the court supported the suggestion that iiNet demonstrated 'a dismissive and, indeed, contumelious attitude to the complaints of infringement by the use of its service', this was not sufficient to amount to authorisation of infringing acts by iiNet users.

Although the applicants did not succeed in this case, Justice Emmett said this did not necessarily preclude a finding of authorisation of infringement by a carriage service provider where a user of their services engages in infringing acts.  His Honour stated:

it does not necessarily follow from the failure of the present proceeding that circumstances could not exist whereby iiNet might in the future be held to have authorised primary acts of infringement on the part of users of the services provided to its customers under its customer service agreements.

Justice Nicholas said that while an ISP 'should be given considerable latitude' when working out the details of a system providing for the issuing of warnings to those users engaging in infringing acts, a Court would find it difficult to criticise an ISP who had devised and adopted systems that 'involved taking such steps against subscribers who the ISP was satisfied had used (or permitted others to use) its facilities for the purpose of committing flagrant acts of copyright infringement'.  While iiNet's failure to take steps of this nature to avoid or prevent copyright infringement was taken into account by Justice Nicholas, His Honour did not think 'the failure to take such steps merits any separate or different consideration on the basis that it somehow amounts to encouragement to infringe'.

Justice Nicholas also looked at the knowledge of the ISP in providing their services for the purpose of an infringing act.  In dismissing the appeal, Justice Nicholas stated:

it cannot be inferred that a person authorises copyright infringement merely because he or she provides another person with communication facilities used by the other person to infringe copyright.

Justice Jagot (dissenting) considered that iiNet had not taken reasonable steps to prevent the infringements and as a result, held that iiNet had authorised the infringement.

All the judges held that iiNet could not rely on safe harbour provisions on the basis that it had not adopted and reasonably implemented a policy providing for termination of service of the accounts of repeat copyright infringers.

The parties have now been invited to make submissions on costs both at first instance and for the appeal.  It is not yet known whether a special leave application to the High Court will be filed by the film studios.

Partners: Charles Alexander and Paul Kallenbach

Personal Property Securities law changes - implications for technology contracting

Posted by Ian MacKenzie

Following its meeting on 13 February, the Coalition of Australian Governments has agreed to delay the commencement of the Personal Property Securities Act 2009 (Cth) (PPSA) until October 2011.

This means that the business community has an extra six months to prepare for the PPSA. But what is the PPSA, and what will it mean for people in the technology, media and telecommunications area?

What is the PPSA?

The PPSA is a comprehensive re-write of the law relating to personal property securities in Australia. It is modelled on existing New Zealand and North American laws and has enormously broad application.

What does it apply to?

Generally, the PPSA applies to all property, other than land, including most intangible property.

Although the PPSA applies to standard security arrangements such as mortgages and charges, it also applies to transactions that have not previously been considered "security" transactions.  These include retention of title supply arrangements.  Under the PPSA, the commonly-used retention of title arrangement (where a supplier of property retains ownership of that property until it is paid for by the purchaser) will be considered to be a "security interest".

Leases of goods (generally those for a term of more than a year or for an indefinite term) will also be considered to be security interests.  However, a licence, in and of itself, is not a security interest under the PPSA.

What do I have to do?

The person with the benefit of a security interest (ie, the supplier or lessor – the secured party) will have to take steps under the PPSA to "perfect" its security interest to ensure that it: 

• does not become void on the insolvency of the person granting it (ie, the purchaser or lessee – the grantor); and 
• has the priority required by the secured party in an enforcement scenario (vis-à-vis other secured creditors of the grantor). 

Perfection will, in most cases, be by the lodgement of an electronic form on a new register to be established – the Personal Property Securities Register. There are certain timeframes set out in the PPSA by which a secured party must perfect its security interest in order to achieve the desired protection.

What are the consequences for not doing it?

Failure to perfect a security interest may expose a secured party to some unexpected consequences.  Because an "unperfected" security interest is subordinate to a perfected security interest, if a supplier or lessor does not adequately perfect its security interest, it may well lose its asset to someone with a competing security interest in it.  In most cases this will be the purchaser's/lessee's bank who has taken all-assets security to secure its lending to the purchaser/lessee.

An important point to note is that, under the PPSA, a person can give security over assets it does not own (such as property purchased on retention of title terms, or property it has acquired on lease).  In effect, a supplier or lessor could find that, under the PPSA, it loses title to property it owns if it fails to perfect the security interest that the PPSA declares it to have.

How could it change the way I do business?

To ensure that a security agreement (such as a supplier's terms of trade or a lease agreement) is enforceable against third parties, in most cases, it will need to be in writing and signed by the grantor.  This may mean a significant change in business practice for some suppliers who may not previously have had written terms of trade or who may not have been in the practice of requiring a purchaser to sign them.

The PPSA sets out certain procedures for enforcing security interests.  These will need to be followed by a secured party if it wants to recover secured property from a grantor (and may include giving notice of enforcement action to the grantor or another person with an interest in the property subject to the security interest).  These provisions will not apply to some leases, but will apply to retention of title suppliers.   For such suppliers, this will be a marked change from the current position where there are relatively few constraints on a supplier looking to recover their property.

Re-think required

The PPSA will mark a significant shift in the way suppliers and lessors will need to think about the transactions they enter into.  The next six months are the time for all businesses to give thought to how the PPSA may affect them and seek advice to prepare themselves adequately.

Partner: John Elias

Porn at home OK? No - at least not on a work computer

Posted by Rory Jolley

On eight days in late May and mid June 2009, a senior Commonwealth public servant, John Griffiths, viewed pornography on weekends or late in the evening. He did so from home, using his own internet connection. There was no suggestion that anyone else ever saw the material in question, or that the material was unlawful. He deleted his browser history so that, he said, the material might not accidentally re-appear during a Powerpoint presentation at work.

Last week, however, the Federal Court of Australia (Griffiths v Rose [2011] FCA 30) found that the termination of Mr Griffiths' employment, as a sanction for his viewing of that pornography at home, was defensible.

Of course, other factors were at play.

The key to the Court's determination was that Mr Griffiths had viewed pornography on a work laptop in circumstances where the IT policy of the Department of Energy, Resources and Tourism clearly prohibited the viewing of pornography on its IT facilities, and made it clear that the use of those IT facilities would be monitored. This was unfortunately inescapable for Mr Griffiths: he had previously signed a document acknowledging that he had read and understood the policy. The Court observed that there was an 'element of irony' in relation to the circumstances, given that Mr Griffiths was a member of the Department's IT sub-committee.

When confronted by his employer regarding his conduct, Mr Griffiths claimed that his viewing of the material in question was accidental, and then sought to create what the Court said was an 'elaborate, but ultimately unbelievable, explanation for his actions based around notions of research and inquiry'. As a result, the Department formed an 'adverse view' about Mr Griffiths' integrity. It appears the Department considered that this compounded Mr Griffiths' initial error of judgement.

Substantially because of his response to the investigation, the Department determined to terminate Mr Griffiths' employment for what was held to be a breach of the Australian Public Service Code of Conduct (notwithstanding that Mr Griffiths had had a 25 year career in the APS).

Privacy

Unfortunately for Mr Griffiths, a surreptitious desktop logging system called Spector360, installed on his computer without his knowledge by his employer, had covertly recorded particular keywords and precise snapshots of his computer's desktop every 30 seconds. It recorded Mr Griffiths' pornography usage, which was detected after he typed a flagged keyword, 'knockers', into a search engine.

The Court also found that this monitoring by the Department did not breach Mr Griffiths' privacy, an explicit warning of monitoring having been given.

Mr Griffiths had sought to argue that the direction given to him by his employer not to view pornography (being the IT policy) in the circumstances in which that viewing occurred, was not lawful and reasonable (as it had to be). Relevantly, Mr Griffiths argued this on the basis that his privacy had been infringed contrary to Principle 1 of the Information Privacy Principles in the Privacy Act 1988 (Cth). Mr Griffiths also claimed that the direction was not reasonable because the Department had no legitimate interest in what he did with his own internet connection in his own time.

Principle 1 of the IPPs provides that:

1. Personal information shall not be collected … unless:

(a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and
(b) the collection of the information is necessary for or directly related to that purpose.

2. Personal information shall not be collected … by unlawful or unfair means. [emphasis added]

Mr Griffiths claimed that 'spying' on his private internet use in his own time, using his own internet connection, was not the collection of information for a purpose that was directly related to a function or activity of the Department. He also argued that the manner of its collection was unfair.

The Department argued that the information gathered was obtained and used for the purpose of monitoring compliance with the Code of Conduct. The Department also said that it had a legitimate interest in ensuring that its equipment did not come into contact with pornography, that being the risk that the material might accidentally reappear or be displayed in the workplace. These submissions were readily accepted by the Court.

Hearing the matter, Justice Perram found that, given that the Department's policies expressly provided for the monitoring of IT facilities, the use of Spector360 was not unfair. His Honour noted that it may have been unfair had the program collected personal banking information or credit card details during periods of personal use (which, he said, may very well involve a breach of privacy), but that what it did collect from Mr Griffith:

… was the very thing it was intended to collect, namely, evidence of breaches of the Code of Conduct. It was also the very thing the Department had warned Mr Griffiths that it was going to monitor his use to detect.

The Court held that it is not unfair to warn a person that their computer use will be monitored in order to detect any accessing of pornography, and then to do so. Therefore, the use of Spector360, in the circumstances it was used in relation to Mr Griffiths, did not infringe the Privacy Act.

Mr Griffiths also contended the circumstances infringed a general law right to privacy he held. However, his Honour said:

It is not necessary in [these] circumstances to determine whether the general law right asserted exists. Because of the explicit warning that monitoring would occur, this case does not provide an appropriate vehicle to explore how the action in equity to prevent misuse of confidential information extends to the personal affairs and private life of a plaintiff.

If nothing else, this case is a timely reminder for employers to ensure that they have clear and comprehensive policies regarding technology usage and how such usage might be monitored, and to ensure that employees understand them. This is especially so in today's business world, where access to companies' IT facilities is often remote, out-of-hours and via laptops, smart phones and other mobile devices.

Partner: Michael Tehan

China issues more Internet mapping licences; officially launches challenge to Google Earth

Posted by Geraldine Johns-Putra - 3 February 2011 - 4.10pm

Last week, China's State Bureau of Surveying and Mapping (SBSM) reportedly granted 7 new Internet mapping licences to enterprises operating in China.

Licensing requirements

Regulations issued by SBSM in May 2010 require online map service providers to be licensed. The deadline for applying for licences has been extended to 31 March 2011, after which unlicensed mapping service providers will be delivered warnings. SBSM says that after 1 July 2011 it will start prosecuting unlicensed operators.

The May 2010 regulations are the Professional Standards for Internet Mapping Services (in Chinese) and stipulate conditions regarding employee numbers, equipment (which must include a China-based map data server), quality management, privacy management and file management. The licences authorise the provision of map-searching services, location tagging services, map downloading and reproduction services and map transmission and referral services. Grade A licence holders can offer all these services, whilst Grade B licence holders can offer only map searching and location tagging services.

In a statement available on the SBSM website until last week, it was reported that the latest licence allocations bring to 38 the number of licences granted under the new regulations.

The first batch of licensees in September 2010 included Baidu, Alibaba, Sina Corp, Tencent and Nokia's Chinese division. The recent round of successful applicants include NYSE listed SouFun Holdings, owner of China's largest real estate portal, and in which Telstra held a 50.5% stake before selling out last year.

Concerns regarding unlicensed online mapping

Advances in GPS, remote sensing, geospatial information systems (GIS) and network communication technologies have fuelled growth in Internet mapping services. With a booming Internet user population, estimated to be 470 million strong, China is no exception. The attraction of a diversified revenue stream and the ability to tag business locations, build custom maps and offer route planning services have seen substantial take-up through Internet and mobile platforms in China.

These observations were outlined in a Q&A statement with Deputy Director of SBSM Mr Song Chaozhi, available in Chinese and posted on the SBSM website. In the statement, Mr Song highlights two concerns of the Chinese government regarding Internet mapping, explaining the need for tighter controls. The first is that some individuals and businesses have a "weak sense of national territory" and, intentionally or not, do not capture all of China's claimed territories within map boundaries. The second relates to national security and ensuring that sensitive data is not uploaded, which could potentially "bring harm to users in serious cases" in addition to damaging the interests of national security.

MapWorld vs Google Earth?

Along with the news of the second round of licences, the SBSM announced a day previous that it had launched the final version of its own free mapping service, called MapWorld, available at www.tianditu.cn in Chinese and English. Trialled in October 2010, MapWorld is apparently positioning itself as a competitor to Google Earth. According to SBSM, MapWorld has 11 million place names including 120,000 points of interests such as hotels, restaurants, retail businesses, government institutions, banks and roads.

Google is not one of the current Internet mapping licence holders and it is not known if Google has applied for a licence.

In March 2010, in a highly publicised move and after citing disquiet about suspected hacking and wide-scale censorship in China, Google began redirecting google.cn search traffic to Google Hong Kong. Three months later, Google reinstated a landing page and a link at google.cn to keep its ISP licence with China's Ministry of Industry and Information Technology. However, many of its services remain blocked in China.

Google is thought to have lost ground to leading Chinese search engine Baidu after limiting its activities in China. It now also looks to have a new competitor in the form of the Chinese government in providing online mapping and geographical information services.

For more information and for an English translation of the Professional Standards for Internet Mapping Services, please contact Geraldine Johns-Putra.

Partner: Elisabeth Ellis

Clouding Australian export control laws

Posted by Tim Hewitt - 4.30pm - 2 February 2011

The Department of Defence has announced that it is preparing proposals to amend Australia's export control laws to require licensing for intangible transfers of controlled technology. While these amendments are in recognition of a gap in Australia's export control regime caused by sophisticated transfers of controlled technology via intangible means, they may cause compliance woes for many organisations, particularly cloud computing service providers.

Currently, Australia's export control regime only requires licensing for exports of controlled items listed in the Defence and Strategic Goods List that are exported in a physical form (e.g., CD, DVD, HDD or on paper); whereas exports of controlled data, software or technology (collectively, 'controlled technology') via the internet, telephone lines, satellite and other intangible means are only prohibited if it can be deemed that the transferor believed or suspected that the transferee would or would likely use that controlled technology in connection with a weapon of mass destruction.

At this stage it is not clear what compliance measures will be required and many may be caught off guard. For example, a person in Australia sending encryption and information security software in an email to a colleague, client or other contact overseas will likely be considered to be making an export of controlled technology. The new regime may even extend to organisations providing the means of transfer such as cloud computing service providers.

It may seem an incongruous result that a cloud computing service provider would be considered the exporter of controlled technology given that the transfer is initiated by the cloud user. However, if the cloud users (i.e., the transferor and the transferee) who access an Australian-based cloud to initiate a transfer of controlled technology are both overseas, it may only be possible for Australian authorities to control that transfer by regulating the cloud computing service provider which receives the controlled technology on its server and then "exports" it to the transferee overseas.

Authorities in the U.S – where licensing is already required for intangible exports of controlled technology – are currently grappling with this issue. However, no legislative changes in the U.S have been made yet that can inform developments here in Australia regarding the compliance obligations of cloud computing service providers and other organisations indirectly involved in the export of controlled technology via intangible means.

Until further details of the proposed changes are released, organisations that transfer controlled technology via intangible means, as well as organisations like cloud computing service providers that may be indirectly involved in that transfer, need to "watch this space" for further developments and consider how those developments will impact their operations. If these developments are likely to cause complicated compliance procedures − for example, if it is proposed that every single transfer of controlled technology requires separate authorisation − it may be worth petitioning the Department of Defence and participating in any public consultations.

Special Counsel: Geoff Shelley