- Chapter Overview
- A Legislative Bargain
- Australian Safe Harbours
- Conditions for Safe Harbour Protection
- Some US Authority
- Broadcasting Services Act Sch 5, Cl 91
- ‘Mere Conduits’: Sections 39B & 112E
- The Future of Notice and Takedown
- Website blocking: Section 115A of the Copyright Act
This Chapter provides a brief history of the development of safe harbour protections in the United States (US) and Australia. It then outlines the four main copyright safe harbours in Australia, which are in the Copyright Act 1968 (Cth) and only apply to Carriage Service Providers (CSPs), rather than Internet Service Providers (ISPs) as in the US. The Chapter explains that each safe harbour has particular conditions, and that Australian safe harbours provide limited immunity for CSPs. It concludes by outlining other Australian safe harbours and some US case law, and discussing the future of copyright safe harbours.
Video Overview by Nic Suzor
In the late 1990s, internet service providers and other intermediaries expressed concern about potential secondary liability for copyright infringement. At the same time, copyright owners were lobbying for increased protection in the online context. The result, in 1998, was the compromise position established by the Digital Millenium Copyright Act 1998 (US) (DMCA). The DMCA was widely supported by the copyright industries; it amended some provisions to ensure application in the online environment, strengthened penalties for infringement, and introduced new rights to prevent tampering with technological locks on content. It included some trade-offs: copyright owners received additional rights, but service providers (certain intermediaries) were immunised from liability under the so-called ‘safe harbours’.
Essentially, the copyright safe harbours provide that online service providers (Internet Service Providers AND content hosts) are not liable for monetary damages for the infringing acts of their users, as long as they meet certain conditions. The relevant provisions are in 17 USC § 5121
. Intermediaries might still be liable, but the only remedy available is limited injunctive relief. In exchange, they undertake obligations to respond to notice & takedown requests. It is important to note that these obligations are optional. A service provider only needs to meet the conditions in the safe harbours if it wishes to be able to rely on them.
Australia was obliged to implement DMCA-style legislation (known as TRIPS+) as a result of the US free-trade agreement (AUSFTA). Changes to Australian law largely followed the US model, but were redrafted. The Australian safe harbours are in Copyright Act 1968 (Cth) Part V Div 2AA; the main operative provisions are ss 116AG and 116AH(1).
The Australian Safe Harbours, unlike those in the US DMCA, primarily apply to ‘Carriage Service Providers’ (CSP). This is defined in Telecommunications Act 1997 (Cth) s 87. Essentially, a CSP is an ISP. What this means, crucially, is that the Australian safe harbours do not apply to content hosts.
The safe harbours were amended recently to also cover organisations assisting persons with a disability, libraries, archives, key cultural institutions, and educational institutions. The Government declined to extend them to content hosts and other online service providers.
There are four safe harbours that apply to different types of activity:
Category A Activity: Transmission (s 116AC)
“providing facilities or services for transmitting, routing or providing connections for copyright material, or the intermediate and transient storage of copyright material in the course of transmission, routing or provision of connections.”
This is the safe harbour that applies to ISPs and others who route traffic on behalf of users.
Category B Activity: Caching (s 116AD)
“caching copyright material through an automatic process. The carriage service provider must not manually select the copyright material for caching.”
Public material that is very popular is often automatically cached (copied) by ISPs. Caching means that instead of retrieving the material from the external server every time, the ISP can serve up a local copy of the material – much faster and cheaper.
Category C Activity: Hosting (s 116AE)
“storing, at the direction of a user, copyright material on a system or network controlled or operated by or for the carriage service provider.”
This is the safe harbour for hosting content – for example, ISPs who provide webserver space for their (personal and corporate) clients.
Category D Activity: Searching (s 116AF)
“referring users to an online location using information location tools or technology.”
This safe harbour applies to search engines.
The safe harbours provide immunity from monetary damages or penalties, but not injunctive relief.
s 116AG(2): For infringements of copyright that occur in the course of carrying out any of the categories of activities set out in Subdivision B, a court must not grant relief against a carriage service provider that consists of:
(a) damages or an account of profits; or
(b) additional damages; or
(c) other monetary relief.
S 116AG then goes on to list the relief that a successful copyright owner is entitled to:
Injunction “requiring the carriage service provider to take reasonable steps to disable access to an online location outside Australia” (Category A);
Injunction “requiring the carriage service provider to terminate a specified account.” (All categories)
Injunction “requiring the carriage service provider to remove or disable access to infringing copyright material, or to a reference to infringing copyright material;” (Categories B, C, D)
“some other less burdensome but comparably effective non-monetary order if necessary.” (Categories B, C, D).
As explained in this video overview by Nic Suzor, each safe harbour requires the CSP to follow certain conditions in s 116AH(1).
All safe harbours require that the CSP “must adopt and reasonably implement a policy that provides for termination, in appropriate circumstances, of the accounts of repeat infringers.” The operation of this obligation is somewhat uncertain. It is not yet clear what ‘appropriate circumstances’ are, or even when someone becomes a “repeat infringer”
“Any transmission of copyright material in carrying out this activity must be initiated by or at the direction of a person other than the carriage service provider.”
“The carriage service provider must not make substantive modifications to copyright material transmitted. This does not apply to modifications made as part of a technical process.”
“If the copyright material that is cached is subject to conditions on user access at the originating site, the carriage service provider must ensure that access to a significant part of the cached copyright material is permitted only to users who have met those conditions.”
“If there is a relevant industry code in force–the carriage service provider must comply with the relevant provisions of that code relating to: (a) updating the cached copyright material; and (b) not interfering with technology used at the originating site to obtain information about the use of the copyright material.”
“The service provider must expeditiously remove or disable access to cached copyright material upon notification in the prescribed form that the material has been removed or access to it has been disabled at the originating site.”
“The carriage service provider must not make substantive modifications to the cached copyright material as it is transmitted to subsequent users. This does not apply to modifications made as part of a technical process.”
“The carriage service provider must not receive a financial benefit that is directly attributable to the infringing activity if the carriage service provider has the right and ability to control the activity.”
“The carriage service provider must expeditiously remove or disable access to copyright material residing on its system or network upon receipt of a notice in the prescribed form that the material has been found to be infringing by a court.”
“The carriage service provider must act expeditiously to remove or disable access to copyright material residing on its system or network if the carriage service provider:
(a) becomes aware that the material is infringing; or (b) becomes aware of facts or circumstances that make it apparent that the material is likely to be infringing.”
“The carriage service provider must comply with the prescribed procedure in relation to removing or disabling access [to copyright material | a reference] residing on its system or network.”
Copyright Regulations 1969 (Cth) prescribe more detail for the notice & takedown procedure.
- r 20I: Copyright owner may send a notice of claimed infringement to the CSP’s designated representative (must be in the specified form)
- r 20J(1): “If a carriage service provider receives a notice of claimed infringement … the carriage service provider must expeditiously remove, or disable access to, the copyright material specified in the notice and residing on its system or network.”
- As soon as practicable, the CSP must inform the user (r 20J(2)).
- r 20K provides the user 3 months to lodge a counter-notice in the prescribed form. The CSP must send the counter-notice to the copyright owner.
- r 20M: Upon receiving a counter-notice, the CSP must restore the content, unless the copyright owner files for injunctive relief
Sophie Murdock explains Roadshow v iiNet
The FCAFC held that iiNet could not rely on the safe harbours, had it been liable for authorising copyright infringement. The Court unanimously held that iiNet could not rely on the safe harbour provisions. The three judges each gave separate reasons, however there were common threads throughout their arguments. Each judge focussed on item 1 condition 1 of s 116AH(1) of the Copyright Act, and while they acknowledged that iiNet was in Category A, they did not discuss the requirements for safe harbour in Category A.
Background: At first instance Cowdroy J found that iiNet had a repeat infringer policy as evidenced by a statement on the iiNet website that hosting or posting of copyright material was against iiNet’s policy and would result in the suspension/termination of service without notice to the subscriber and the 2005 amendments to the iiNet customer relationship agreement that gave iiNet the right to terminate subscriber accounts for copyright infringement. iiNet admitted that it didn’t have a written policy but the Managing Director, Malone, said that there was an unwritten policy in his mind that the Chief Regulatory Officer was aware of this policy. Cowdroy J held that this was sufficient because there was no requirement for a written policy in the Copyright Act.
The Court in the full court appeal did not hold that the policy was sufficient, however they generally accepted that the policy, if it did exist, was that iiNet would terminate a subscriber’s account if:
- Ordered to do so by a court
- The subscriber admitted to infringing copyright
- A court or tribunal found that a subscriber had infringed copyright.
Themes: ‘Account’- Emmett J agreed with the judgment at first instance, which had ruled against iiNet’s argument that it should only have to terminate contracts in the event that the account holder was the infringer. Emmett J said that this would result in only a fraction of cases being prosecuted and gave the example of a household where the account holder was not the main user of internet but other members of the household infringed copyright. In that instance, he said, it would be appropriate to terminate the account. He also said that the legislation was clearly drafted to cover accounts that infringed copyright, not simply account holders.
‘Reasonably Implemented:’ The Court was also critical of the implementation of the policy. iiNet argued that it had implemented the policy by having gone to industry forums, formed a policy in its Managing Directors mind and distributed a document amongst its staff regarding the laws around intermediaries and copyright infringement. The Court held that mere attendance at forums is not enough to implement a policy, and that iiNet had not implemented its policy. Emmett J argued that the document that had been distributed wouldn’t have been enough to implement the policy even if it had contained information on the policy because it hadn’t reached the staff who interacted with customers. He also said that customers should be made actively aware of the policy. Jagot J also said that Malone had simply formulated during cross-examination what the policy would have been had they been made aware of infringement. He said that this absence of a policy at the time of infringement meant that iiNet could not rely on the safe harbour provisions because s 116AH(1) requires that the policy be in place at the time of infringement.
‘Appropriate circumstances’: All three judges held that iiNet’s policy should have dealt with the concept of appropriate circumstances, however only Nicholas J gave an example of what an appropriate circumstance would be. He held that the policy was deficient because in the circumstance that iiNet knew that a subscriber had infringed copyright on multiple occasions it would not have to do anything unless the subscriber admitted the infringements or a court ordered it to do so.
‘Repeat infringer’: Jagot and Nicholas JJ held that because iiNet’s policy did not reference repeat infringers it was not sufficient because the policy could be applied to a user who had only infringed copyright once or one who had infringed it multiple times. In other words, the policy was not tailored to the legislation.
The impact of a safe harbour regime that does not apply to the full range of online service providers can be seen in the recent Redbubble decision.
Redbubble allows people to upload designs and sell merchandise. Redbubble handles the manufacturing, e-commerce, and distribution – it prints t-shirts, stickers, and other items on behalf of the seller and sends them off to purchasers.
Naturally, people sometimes try to sell material that infringes the copyright and trade mark rights of third parties. Pokemon sued Redbubble over a series of infringing items and some apparent parodies. Redbubble had taken extensive steps to mitigate potential infringement, but was still found liable for authorising infringement in:
Pokémon Company International, Inc. v Redbubble Ltd  FCA 1541
 There were, indeed, many reasonable steps taken by Redbubble directed to preventing infringement. Chief amongst those was the considered, and publicly available, IP policy. Redbubble was aware of the risk of intellectual property infringement occurring through the process it had set up, and had considered what steps it should take to prevent or minimise that from occurring. The IP policy was an important, and a reasonable, step to that end. The establishment of the content team was another reasonable step taken by Redbubble to prevent infringements. The IP policy set out the process that could be followed by persons who considered that an artwork on the Redbubble website infringed their intellectual property or similar rights and could ask Redbubble to moderate the artwork. A person who considered that his, her or its intellectual property or similar rights had been infringed could, as was described in the IP policy, send an email to a specific address at Redbubble with specified information describing the intellectual property, identifying the artwork on the Redbubble website claimed to be an infringement, and provide other information of a kind directed to seeking to have the infringing work taken down. Redbubble also accepted and processed complaints which it received other than by that means, and had in place personnel to deal with takedown notices and other complaints of infringement. The IP policy had procedures to permit a person uploading material to have their artwork moderated as a result of mistake or misidentification or wishing to have their artwork reinstated. It had other proactive measures to discourage, prevent and penalise infringements and contraventions on its website, and, at least since December 2014, had had one or more anti-fraud software applications in place.
 … In the present case it may be assumed, as is clearly established from the facts, that Redbubble did not expressly authorise any infringement but that it took conscious, considered and reasonable steps, both proactively and responsively, to prevent infringements and to prevent the continuation of infringements. The question, however, is whether the facts and relevant inferences establish constructive authorisation of infringement. The business established by Redbubble carried the inherent risk of infringement of copyright of the kind complained of by TPCi. It is true that Redbubble sought to mitigate the risk, but it was an inevitable incident of the business, as Redbubble chose to conduct it, that there were likely to be infringements. It could have prevented them by taking other steps but for business reasons Redbubble chose to deal with the risk of infringement by a process that enabled the infringements to occur. Such infringements were embedded in the system which was created for, and adopted by, Redbubble. There may have been a sound commercial basis for Redbubble to manage the risks of infringement as it did, but in doing so it authorised the infringements which occurred.
Redbubble could not rely on the notice and takedown scheme to limit its liability. The practical effect is that although Redbubble was quite conscientious in developing policies and processes to deal with infringements, it was still liable for creating a system that inevitably resulted in some degree of infringement.
However, the plaintiffs were unable to establish actual harm, and could not show that “the sale made by the infringement … was necessarily a sale that would have been made by the wronged party”. The Court found that the assumption of a 1:1 displacement of sales was unreliable, especially given the mash ups that would not have been licensed. The Court held that
The evidence thus did not support a confident finding of damages in the amount claimed. Such damages as may be assumed to have been suffered must, at best, be nominal.
The Federal Court awarded Pokémon $1 in damages, no injunctive relief, and 70% of its court costs.
This case neatly illustrates a concern that content hosts and other internet companies have had in Australia: how can they adequately manage the risks of running a service that involves user-generated content?
Napster did not qualify for 17 USC 512 (a) (transmission) safe harbor because it did not actually transmit copyright material through its network. Even if Napster did qualify, it would not have satisfied 512(i), the requirement to terminate the accounts of repeat infringers
Aimster locked itself out of any knowledge by encrypting the network. 7th Circuit held that Aimster was wilfully blind. Although Aimster had a repeat infringer policy, it could never really be exercised in practice because Aimster had no way to know what users were doing.
Video Overview of Ellison v Robertson by Chris Pham
AOL had a repeat infringer policy, but had changed its designated email address for complaints. AOL never received Ellison’s complaints, and never bounced back the wrongly addressed email messages. There was therefore a triable question of fact as to whether AOL had ‘reasonably implemented’ its repeat infringer policy.
CCBill kept a spreadsheet database of allegations of infringement. Court found that a service provider will ‘reasonably implement’ a repeat infringer policy:
“if it has a working notification system, a procedure for dealing with DMCA-compliant notifications, and if it does not actively prevent copyright owners from collecting information needed to issue such notifications.”
CCBill was under no obligation to police the site.
US caselaw has developed a ‘red flag’ doctrine – an OSP may lose the protection of the safe harbors if it takes no action when infringement becomes apparent. See Australian equivalent under s 116AH(1)(4)(2A)(a) and (b).
Overview video by Emily Guiver: Viacom v YouTube
Viacom International, Inc. v. YouTube, Inc was a controversial U.S case where Viacom sued YouTube for $1bil U.S dollars for copyright infringement.
Viacom alleged that over 150,000 unauthorised clips of their programming had been made available on YouTube. These clips had allegedly been viewed a collective 1.5 billion times without their permission. However, the Court ruled that YouTube was protected by the safe harbour provisions included in §512 of the Digital Millennium Copyright Act (‘DMCA’) because they had met the requisite conditions for immunity. Specifically, YouTube only had general knowledge of the infringing behaviour – not specific knowledge of infringements (which would disqualify them from protection under the DMCA).
This decision confirms that online service providers can rely on the DMCA’s safe harbour provisions to protect them from copyright infringement claims even where they have general knowledge of infringement on their sites.
Google were very responsive to takedown notices, although this suit targeted behaviour pre-2008, when protocols were not always highly formalised. The District Court found that Google’s actions were sufficient to find (on summary judgment) that Google was protected by the 512(c) safe harbor.
On appeal, the Second Circuit held that US hosting safe harbour applies to direct as well as secondary liability: “The District Court correctly determined that a finding of safe harbor application necessarily protects a defendant from all affirmative claims for monetary relief.”
Different levels of knowledge can disqualify a provider from the safe harbour:
Actual knowledge of specific acts of infringement;
“Red flags” knowledge of specific acts of infringement (note, however, that not even Viacom could reliably identify infringing clips); or
There were internal emails that might constitute knowledge of clips sufficient to disqualify YouTube from the safe harbour (question of fact for the jury).
“Right and ability to control” also disqualifies providers from the safe harbours. The 2nd Circuit dismissed the SDNY’s construction that specific knowledge is required, but also did not agree with Viacom’s submission that this test is the same as for vicarious liability (it must mean something more than an ability to remove). It is not clear what this means in the 2nd Circuit now.
YouTube may also fail the “stored at a user’s direction” test when it syndicated user videos, licensing them to third parties.
Affirmed District Court’s holding that §512(c) requires knowledge of specific and identifiable infringements.
“Under §512(c)(1)(A), knowledge or awareness alone does not disqualify the service provider, rather, the provider that gains knowledge or awareness of infringing activity retains the safe-harbor protection if it ‘acts expeditiously to remove, or disable access to, the material.’ Thus, the nature of the removal obligation itself contemplates knowledge or awareness of specific infringing material, because expeditious removal is possible only if the service provider knows with particularity which items to remove.”
On April 18, 2013, the District Court issued another order granting summary judgment in favor of YouTube. Following the remand from the Second Circuit court of appeals, Judge Stanton ruled in favor of YouTube, finding that YouTube had no actual knowledge of any specific instance of infringement of Viacom’s works, and therefore could not have “willfully blinded itself”. He also ruled that YouTube did not have the “right and ability to control” infringing activity because “there is no evidence that YouTube induced its users to submit infringing videos, provided users with detailed instructions about what content to upload or edited their content, prescreened submissions for quality, steered users to infringing videos, or otherwise interacted with infringing users to a point where it might be said to have participated in their activity.”
An appeal was begun, but the week before the parties were to appear in the 2nd U.S. Circuit Court of Appeals, a settlement was announced, and it was reported that no money changed hands.
Video Overview by Nic Suzor: Other Australian Safe Harbours
Schedule 5, Clause 91(1) of the Broadcasting Services Act 1992 provides that a law of a State or Territory, or a rule of common law or equity, has no effect to the extent to which it:
- (a) subjects, or would have the effect (whether direct or indirect) of subjecting, an internet content host to liability (whether criminal or civil) in respect of hosting particular internet content in a case where the host was not aware of the nature of the internet content; or
- (b) requires, or would have the effect (whether direct or indirect) of requiring, an internet content host to monitor, make inquiries about, or keep records of, internet content hosted by the host; or
- (c) subjects, or would have the effect (whether direct or indirect) of subjecting, an internet service provider to liability (whether criminal or civil) in respect of carrying particular internet content in a case where the service provider was not aware of the nature of the internet content; or
- (d) requires, or would have the effect (whether direct or indirect) of requiring, an internet service provider to monitor, make inquiries about, or keep records of, internet content carried by the provider.
Although on its face the clause seems to protect intermediaries against liability for content available on their services but provied by third parties, its application in practice is limited. As protection under the clause depends largely on whether the intermediary has actual knowledge of the content, protection is lost where the intermediary is given notice of the content. Rights holders can easily stop intermediaries relying on this clause by providing written notice to intermediaries before instituting legal action.
Sections 39B and 112E of the Copyright Act 1968 both provide a defence for intermediaries who merely provide facilities for communications. Section 39B applies to Part III works, while section 112E applies to Part IV audio-visual items.
While the wording of the section may appear to provide an important defence to ISPs, the way Australian courts have interpreted the defence renders it virtually useless. Essentially, the world ‘merely’ has been interpreted in a way that it excludes any intermediary that could be considered potentially liable for authorising infringement. As such, the provision only provides protection where such protection isn’t actually required.
Video Overview by Nic Suzor: The Future of Notice and Takedown
Video Overview by Kylie Pappalardo
Section 115A of the Copyright Act 1968 (Cth) was inserted by a 2015 amendment to the Copyright Act. The section enables a copyright owner to obtain an injunction to require a carriage service provider to block access to infringing websites and other internet resources.
The Act empowers the Federal Court to order injunctive relief against ISPs on application by copyright owners in respect of an ‘online location’. Copyright owners are required to show that “the online location infringes, or facilitates an infringement of, the copyright”, and that “the primary purpose of the online location is to infringe, or to facilitate the infringement of, copyright (whether or not in Australia).”
The Act uses a definition that catches foreign internet sites that ‘infringe or facilitate’ infringement of copyright. ‘Facilitate’ is not a defined term in Australian copyright law; there is considerable uncertainty as to the breadth of this test. Presumably, the term is designed to include foreign sites that help people to infringe – for example by providing software or indexing services – but may not necessarily ‘authorise’ infringement.
The Act introduces a primary limiting factor on this broad ‘facilitates’ test: the ‘primary purpose’ of the foreign site must be to infringe or facilitate copyright infringement. Again, this ‘primary purpose’ test is not defined, but is presumably designed to exclude general purpose services which may be used to infringe. A general purpose search engine, for example, might link to infringing copyright and therefore ‘facilitate’ infringement, but its ‘primary purpose’ is to facilitate access to information generally, not to facilitate infringement.
The Federal Court must also take into account any other relevant matters before ordering injunctive relief. There is an enumerated list of the types of things the Court may have regard to in the legislation, and the most significant of these include “whether disabling access to the online location is a proportionate response in the circumstances”; “the impact on any person, or class of persons, likely to be affected by the grant of the injunction;” and “whether it is in the public interest to disable access to the online location”.
(1) The Federal Court of Australia may, on application by the owner of a copyright, grant an injunction referred to in subsection (2) if the Court is satisfied that:
- (a) a carriage service provider provides access to an online location outside Australia; and
- (b) the online location infringes, or facilitates an infringement of, the copyright; and
- (c) the primary purpose of the online location is to infringe, or to facilitate the infringement of, copyright (whether or not in Australia).
(2) The injunction is to require the carriage service provider to take reasonable steps to disable access to the online location.
(5) In determining whether to grant the injunction, the Court may take the following matters into account:
- (a) the flagrancy of the infringement, or the flagrancy of the facilitation of the infringement, as referred to in paragraph (1)(c);
- (b) whether the online location makes available or contains directories, indexes or categories of the means to infringe, or facilitate an infringement of, copyright;
- (c) whether the owner or operator of the online location demonstrates a disregard for copyright generally;
- (d) whether access to the online location has been disabled by orders from any court of another country or territory on the ground of or related to copyright infringement;
- (e) whether disabling access to the online location is a proportionate response in the circumstances;
- (f) the impact on any person, or class of persons, likely to be affected by the grant of the injunction;
- (g) whether it is in the public interest to disable access to the online location;
- (h) whether the owner of the copyright complied with subsection (4);
- (i) any other remedies available under this Act;
- (j) any other matter prescribed by the regulations;
- (k) any other relevant matter.
The scheme is inspired by UK legislation that enables courts to enjoin ISPs to block certain websites. Similar schemes exist in other jurisdictions - although, notably, other jurisdictions have found that they are disproportionate. The lack of evidence that the schemes worked led the European Court of Justice to strike down website blocking in the Netherlands.2 An order to require ISPs to block access to The Pirate Bay was overturned on appeal, and the Court noted that rates of infringement had actually increased following the imposition of the block. The inference drawn by the court was that the measure could not have been proportionate, since it necessarily imposed a cost on freedom of speech for little ascertainable benefit.