Safe harbours

A legislative bargain

In the late 1990s, internet service providers and other intermediaries expressed concern about potential secondary liability for copyright infringement. At the same time, copyright owners were lobbying for increased protection in the online context. The result, in 1998, was the compromise position established by the Digital Millenium Copyright Act 1998 (US) (DMCA).

The DMCA was widely supported by the copyright industries; it amended some provisions to ensure application in the online environment, strengthened penalties for infringement, and introduced new rights to prevent tampering with technological locks on content. It included some trade-offs: copyright owners received additional rights, but service providers (certain intermediaries) were immunised from liability under the so-called 'safe harbours'.

Essentially, the copyright safe harbours provide that online service providers (Internet Service Providers AND content hosts) are not liable for monetary damages for the infringing acts of their users, as long as they meet certain conditions. The relevant provisions are in 17 USC § 5121). Intermediaries might still be liable, but the only remedy available is limited injunctive relief. In exchange, they undertake obligations to respond to notice & takedown requests.

It is important to note that these obligations are optional. A service provider only needs to meet the conditions in the safe harbours if it wishes to be able to rely on them.

Australian safe harbours

Australia was obliged to implement DMCA-style legislation (known as TRIPS+) as a result of the US free-trade agreement (AUSFTA). Changes to Australian law largely followed the US model, but were redrafted. The Australian safe harbours are in Copyright Act 1968 (Cth) Part V Div 2AA; the main operative provisions are ss 116AG and 116AH(1).

Only ISPs can rely on the safe harbours

The Australian Safe Harbours, unlike those in the US DMCA, only apply to 'Carriage Service Providers' (CSP). This is defined in Telecommunications Act 1997 (Cth) s 87. Essentially, a CSP is an ISP. What this means, crucially, is that the Australian safe harbours do not apply to content hosts.

Types of activity covered

There are four safe harbours that apply to different types of activity.

Category A activity: transmission (s 116AC)

“providing facilities or services for transmitting, routing or providing connections for copyright material, or the intermediate and transient storage of copyright material in the course of transmission, routing or provision of connections.”

This is the safe harbour that applies to ISPs and others who route traffic on behalf of users.

Category B activity: caching (s 116AD)

“caching copyright material through an automatic process. The carriage service provider must not manually select the copyright material for caching.”

Public material that is very popular is often automatically cached (copied) by ISPs. Caching means that instead of retrieving the material from the external server every time, the ISP can serve up a local copy of the material – much faster and cheaper.

Category C activity: hosting (s 116AE)

“storing, at the direction of a user, copyright material on a system or network controlled or operated by or for the carriage service provider.”

This is the safe harbour for hosting content – for example, ISPs who provide webserver space for their (personal and corporate) clients.

Category D activity: searching (s 116AF)

“referring users to an online location using information location tools or technology.”

This safe harbour applies to search engines.

Limited immunity

The safe harbours provide immunity from monetary damages or penalties, but not injunctive relief.

s 116AG(2): For infringements of copyright that occur in the course of carrying out any of the categories of activities set out in Subdivision B, a court must not grant relief against a carriage service provider that consists of:

(a) damages or an account of profits; or

(b) additional damages; or

(c) other monetary relief.

S 116AG then goes on to list the relief that a successful copyright owner is entitled to:

  • Injunction “requiring the carriage service provider to take reasonable steps to disable access to an online location outside Australia” (Category A);
  • Injunction “requiring the carriage service provider to terminate a specified account.” (All categories)
  • Injunction “requiring the carriage service provider to remove or disable access to infringing copyright material, or to a reference to infringing copyright material;” (Categories B, C, D)
  • “some other less burdensome but comparably effective non-monetary order if necessary.” (Categories B, C, D).

Each safe harbour requires the CSP to follow certain conditions in s 116AH(1).

'repeat infringer' policy

All safe harbours require that the CSP “must adopt and reasonably implement a policy that provides for termination, in appropriate circumstances, of the accounts of repeat infringers.” The operation of this obligation is somewhat uncertain. It is not yet clear what 'appropriate circumstances' are, or even when someone becomes a “repeat infringer”

Conditions: Category A

“Any transmission of copyright material in carrying out this activity must be initiated by or at the direction of a person other than the carriage service provider.”
“The carriage service provider must not make substantive modifications to copyright material transmitted. This does not apply to modifications made as part of a technical process.”

Conditions: Category B

“If the copyright material that is cached is subject to conditions on user access at the originating site, the carriage service provider must ensure that access to a significant part of the cached copyright material is permitted only to users who have met those conditions.”
“If there is a relevant industry code in force--the carriage service provider must comply with the relevant provisions of that code relating to:(a) updating the cached copyright material; and(b) not interfering with technology used at the originating site to obtain information about the use of the copyright material.”
“The service provider must expeditiously remove or disable access to cached copyright material upon notification in the prescribed form that the material has been removed or access to it has been disabled at the originating site.”
“The carriage service provider must not make substantive modifications to the cached copyright material as it is transmitted to subsequent users. This does not apply to modifications made as part of a technical process.”

Conditions: Categories C & D

“The carriage service provider must not receive a financial benefit that is directly attributable to the infringing activity if the carriage service provider has the right and ability to control the activity.”
“The carriage service provider must expeditiously remove or disable access to copyright material residing on its system or network upon receipt of a notice in the prescribed form that the material has been found to be infringing by a court.”
“The carriage service provider must act expeditiously to remove or disable access to copyright material residing on its system or network if the carriage service provider:
(a) becomes aware that the material is infringing; or(b) becomes aware of facts or circumstances that make it apparent that the material is likely to be infringing.”
“The carriage service provider must comply with the prescribed procedure in relation to removing or disabling access [to copyright material | a reference] residing on its system or network.”

Category C safe harbour: notice & takedown procedure

Student video topic.

Copyright Regulations 1969 (Cth) prescribe more detail for the notice & takedown procedure.

  • r 20I: Copyright owner may send a notice of claimed infringement to the CSP's designated representative (must be in the specified form)
  • r 20J(1): “If a carriage service provider receives a notice of claimed infringement … the carriage service provider must expeditiously remove, or disable access to, the copyright material specified in the notice and residing on its system or network.”
  • As soon as practicable, the CSP must inform the user (r 20J(2)).
  • r 20K provides the user 3 months to lodge a counter-notice in the prescribed form. The CSP must send the counter-notice to the copyright owner.
  • r 20M: Upon receiving a counter-notice, the CSP must restore the content, unless the copyright owner files for injunctive relief

Example of the Category A safe harbour: Roadshow v iiNet

Sophie Murdock on Roadshow v iiNet

The FCAFC held that iiNet could not rely on the safe harbours, had it been liable for authorising copyright infringement.

Explain why. What was iiNet's 'repeat infringer' policy? Was it 'reasonably implemented'? What are the 'appropriate circumstances' in which repeat infringers must be terminated?

In Roadshow Films Pty Ltd v iiNet Ltd [2011] FCAFC 23 2) the Court unanimously held that iiNet could not rely on the safe harbour provisions. The three judges each gave separate reasons, however there were common threads throughout their arguments. Each judge focussed on item 1 condition 1 of s 116AH(1) of the Copyright Act, and while they acknowledged that iiNet was in Category A, they did not discuss the requirements for safe harbour in Category A.

Background: At first instance Cowdroy J found that iiNet had a repeat infringer policy as evidenced by a statement on the iiNet website that hosting or posting of copyright material was against iiNet's policy and would result in the suspension/termination of service without notice to the subscriber and the 2005 amendments to the iiNet customer relationship agreement that gave iiNet the right to terminate subscriber accounts for copyright infringement. iiNet admitted that it didn't have a written policy but the Managing Director, Malone, said that there was an unwritten policy in his mind that the Chief Regulatory Officer was aware of this policy. Cowdroy J held that this was sufficient because there was no requirement for a written policy in the Copyright Act.

The Court in the full court appeal did not hold that the policy was sufficient, however they generally accepted that the policy, if it did exist, was that iiNet would terminate a subscriber's account if:

  1. Ordered to do so by a court
  2. The subscriber admitted to infringing copyright
  3. A court or tribunal found that a subscriber had infringed copyright.

Themes: 'Account'- Emmett J agreed with the judgment at first instance, which had ruled against iiNet's argument that it should only have to terminate contracts in the event that the account holder was the infringer. Emmett J said that this would result in only a fraction of cases being prosecuted and gave the example of a household where the account holder was not the main user of internet but other members of the household infringed copyright. In that instance, he said, it would be appropriate to terminate the account. He also said that the legislation was clearly drafted to cover accounts that infringed copyright, not simply account holders.

'Reasonably Implemented' - The Court was also critical of the implementation of the policy. iiNet argued that it had implemented the policy by having gone to industry forums, formed a policy in its Managing Directors mind and distributed a document amongst its staff regarding the laws around intermediaries and copyright infringement. The Court held that mere attendance at forums is not enough to implement a policy, and that iiNet had not implemented its policy. Emmett J argued that the document that had been distributed wouldn't have been enough to implement the policy even if it had contained information on the policy because it hadn't reached the staff who interacted with customers. He also said that customers should be made actively aware of the policy. Jagot J also said that Malone had simply formulated during cross-examination what the policy would have been had they been made aware of infringement. He said that this absence of a policy at the time of infringement meant that iiNet could not rely on the safe harbour provisions because s 116AH(1) requires that the policy be in place at the time of infringement.

'Appropriate circumstances' - All three judges held that iiNet's policy should have dealt with the concept of appropriate circumstances, however only Nicholas J gave an example of what an appropriate circumstance would be. He held that the policy was deficient because in the circumstance that iiNet knew that a subscriber had infringed copyright on multiple occasions it would not have to do anything unless the subscriber admitted the infringements or a court ordered it to do so.

'Repeat infringer' - Jagot and Nicholas JJ held that because iiNet's policy did not reference repeat infringers it was not sufficient because the policy could be applied to a user who had only infringed copyright once or one who had infringed it multiple times. In other words, the policy was not tailored to the legislation.

A&M Records v Napster, 239 F.3d 1004 (2001)

Student video topic.

Napster did not qualify for 17 USC 512 (a) (transmission) safe harbor because it did not actually transmit copyright material through its network.

Even if Napster did qualify, it would not have satisfied 512(i), the requirement to terminate the accounts of repeat infringers

In re: Aimster, 334 F.3d 643 (7th Cir. 2003)

Student video topic.

Aimster locked itself out of any knowledge by encrypting the network. 7th Circuit held that Aimster was wilfully blind.

Although Aimster had a repeat infringer policy, it could never really be exercised in practice because Aimster had no way to know what users were doing.

Ellison v Robertson, 357 F.3d 1072 (9th Cir. 2004)

Chris Pham explains Ellison v Robertson

AOL had a repeat infringer policy, but had changed its designated email address for complaints. AOL never received Ellison's complaints, and never bounced back the wrongly addressed email messages. There was therefore a triable question of fact as to whether AOL had 'reasonably implemented' its repeat infringer policy.

Perfect 10 v CCBill, 488 F.3d 1102 (9th Cir. 2007)

Student video topic.

CCBill kept a spreadsheet database of allegations of infringement. Court found that a service provider will 'reasonably implement' a repeat infringer policy:

"if it has a working notification system, a procedure for dealing with DMCA-compliant notifications, and if it does not actively prevent copyright owners from collecting information needed to issue such notifications."

CCBill was under no obligation to police the site.

Red flag doctrine: when will infringement become apparent?

US caselaw has developed a 'red flag' doctrine – an OSP may lose the protection of the safe harbors if it takes no action when infringement becomes apparent. See Australian equivalent under s 116AH(1)(4)(2A)(a) and (b).

Viacom v YouTube (2nd Cir.) (Decided April 5, 2012)

Google were very responsive to takedown notices, although this suit targeted behaviour pre-2008, when protocols were not always highly formalised. District Court found that Google's actions were sufficient to find (on summary judgment) that Google was protected by the 512(c) safe harbor.

On appeal, the Second Circuit held that there were open questions of fact that warranted investigation on trial – summary judgment was inappropriate.

This content is now out of date! Please help by updating it.

US hosting safe harbour applies to direct as well as secondary liability: “The District Court correctly determined that a finding of safe harbor application necessarily protects a defendant from all affirmative claims for monetary relief.”

Different levels of knowledge can disqualify a provider from the safe harbour:

  • Actual knowledge of specific acts of infringement;
  • “Red flags” knowledge of specific acts of infringement (note, however, that not even Viacom could reliably identify infringing clips); or
  • Wilful blindness.

There were internal emails that might constitute knowledge of clips sufficient to disqualify YouTube from the safe harbour (question of fact for the jury).

“Right and ability to control” also disqualifies providers from the safe harbours. The 2nd Circuit dismissed the SDNY's construction that specific knowledge is required, but also did not agree with Viacom's submission that this test is the same as for vicarious liability (it must mean something more than an ability to remove). It is not clear what this means in the 2nd Circuit now.

YouTube may also fail the “stored at a user's direction” test when it syndicated user videos, licensing them to third parties.

Affirmed District Court’s holding that §512(c) requires knowledge of specific and identifiable infringements.

“Under §512(c)(1)(A), knowledge or awareness alone does not disqualify the service provider, rather, the provider that gains knowledge or awareness of infringing activity retains the safe-harbor protection if it ‘acts expeditiously to remove, or disable access to, the material.’ Thus, the nature of the removal obligation itself contemplates knowledge or awareness of specific infringing material, because expeditious removal is possible only if the service provider knows with particularity which items to remove.”

Nic Suzor explains other Australian safe harbours

Schedule 5, Clause 91(1) of the Broadcasting Services Act 1992 provides that a law of a State or Territory, or a rule of common law or equity, has no effect to the extent to which it:

  • (a) subjects, or would have the effect (whether direct or indirect) of subjecting, an internet content host to liability (whether criminal or civil) in respect of hosting particular internet content in a case where the host was not aware of the nature of the internet content; or
  • (b) requires, or would have the effect (whether direct or indirect) of requiring, an internet content host to monitor, make inquiries about, or keep records of, internet content hosted by the host; or
  • (c) subjects, or would have the effect (whether direct or indirect) of subjecting, an internet service provider to liability (whether criminal or civil) in respect of carrying particular internet content in a case where the service provider was not aware of the nature of the internet content; or
  • (d) requires, or would have the effect (whether direct or indirect) of requiring, an internet service provider to monitor, make inquiries about, or keep records of, internet content carried by the provider.

Although on its face the clause seems to protect intermediaries against liability for content available on their services but provied by third parties, its application in practice is limited. As protection under the clause depends largely on whether the intermediary has actual knowledge of the content, protection is lost where the intermediary is given notice of the content. Rights holders can easily stop intermediaries relying on this clause by providing written notice to intermediaries before instituting legal action.

Sections 39B and 112E of the Copyright Act 1968 both provide a defence for interemdiaries who merely provide facilities for communications. Section 39B applies to Part III works, while section 112E applies to Part IV audio-visual items.

While the wording of the section may appear to provide an important defence to ISPs, the way Australian courts have interpreted the defence renders it virtually useless. Essentially, the world 'merely' has been interpreted in a way that it excludes any intermediary that could be considered potentially liable for authorising infringement. As such, the provision only provides protection where such protection isn't actually required.

Help needed! This section is a stub. Please help out by filling in some details.


  • cyberlaw/intermediaries_safe_harbours.txt
  • Last modified: 4 weeks ago
  • (external edit)