Analysis: ISPs must sharpen customer agreements

The latest interpretation of copyright law by the Full Bench of the Federal Court should compel internet service providers to revisit their customer relationship agreements (CRAs), according to legal experts.

The film industry, led by lobby group AFACT, lost its appeal case against ISP iiNet over the ‘authorisation’ of the copyright infringing actions of its subscribers last week.

But the 2-1 judgment also left rights holders with a great deal of firepower to appeal to the High Court.

The ISP at the centre of the case – iiNet – was found by the Full Bench to have an inadequate customer policy with regards to ensuring its services were not used in ways that infringed copyright. 

The ISP had argued during the case that it had done enough to be protected under the Safe Harbour provisions of the Copyright Act by telling customers not to break the law whilst using the service.

But the three judges on the Full Bench thoroughly tore that argument apart.

“All three judges have taken a more robust approach to the safe harbour scheme,” said Andrew Stewart, partner at Baker and Mackenzie.

“It’s pretty clear now that ISPs will have to have a reasonable policy about repeat infringers and rigorously enforce it to bring it within safe harbour. From an ISP’s point of view, it’s time to pull out those policies and revisit them.”

“ISPs would be well advised to review their policies regarding alleged copyright infringement by customers,” agreed Nick Hart, a senior lawyer at Truman Hoyle.

“A High Court appeal may yet change the landscape again, but in the meantime a proactive ISP looking to manage its risk should make sure that it has a clear written policy in place that forms part of its customer relationship agreement,” Hart said.

Termination must be an option

A good place to look for guidance is within the judgment itself. Justice Emmett, in particular, in pulling apart iiNet’s customer agreement, gave ISPs a fairly good idea of what is no longer considered adequate.

First of all, an ISP has to actually have a policy in place that deals specifically with repeat infringement and offers account termination as a penalty.

Emmett noted that attracting the benefit of Safe Harbour requires a service provider to “adopt and reasonably implement a policy that provides for termination, in appropriate circumstances, of the accounts of repeat infringers.”

Marlia Saunders, senior associate at Blake Dawson advised that ISPs can no longer "simply point to the fact that their customer agreement prohibits the use of the internet service to infringe copyright as absolving them of authorisation liability."

"It's clear from the Full Court's decision that it won't be sufficient for an ISP to put the onus of not infringing copyright entirely on the customer - if the ISP has the right under its customer agreement to take steps to prevent its customers from infringing copyright, it may actually have to exercise that right in certain circumstances.” 

Saunders said that account termination may be deemed necessary where an ISP had “a reasonable basis to suspect that the account has been used to infringe copyright on at least a specified number of occasions.”

Communication is key

Second, Emmett noted that an adequate policy requires customers to be directly and explicitly informed of the consequences of repeated infringement.

ISPs will have to prove they made an effort to communicate that message.

Hart advised that an adequate policy “should include provisions dealing with issuing warning notices to a customer suspected (on the basis of reasonable evidence) to be involved in acts of copyright infringement, the customer’s ability to respond to those notices, the suspension of the customer’s account, and termination where there are repeat acts of infringement.”

Barristers for iiNet had argued that only a court of law should be able to make the distinction between a subscriber (account holder) and what person committed an infringing act. Many families and other groups share connections under scenarios in which identifying the culprit could prove a challenge to the service provider.

But Justice Emmett also noted that a policy would need to warn subscribers that the actions of any other user of their account could be used to justify termination of the account.   

“iiNet’s construction could lead to perverse results,” Justice Emmett said in his judgment. “The construction contended for by iiNet would make it impractical for iiNet to implement a policy, thereby undermining its ability to rely on the Safe Harbour Provisions.”

Playing ball

Further, Emmett noted that service providers are required to provide an email address or some other point of contact to receive infringement notices from aggrieved rights holders in order to qualify for Safe Harbour protection.

“iiNet’s so-called policy was not one for taking action in response to repeat infringement, and cannot constitute cooperation with copyright owners as required by the Safe Harbour Provisions,” Emmett’s judgment said.

The ISP’s policy was so inadequate, Emmett said, that “if it were established that iiNet had authorised primary acts of infringement, iiNet would not be entitled to the benefit of the Safe Harbour Provisions in relation to those acts.”

From policy to program

Beyond having an adequate policy in place, Stewart advises that meeting this new interpretation of the law would also require a compliance program to ensure subscribers took note.

“You need to ensure the policy ticks all these boxes, but also enforce a compliance program to make sure that the policies are monitored,” he said.

Saunders said that unfortunately for ISPs, implementing such a policy “is likely to result in increased administrative costs, as they will need to dedicate resources to assessing the merits of infringement claims, issuing warnings where appropriate, considering any responses from alleged infringers and keeping track of all of this correspondence so it can action the termination if it is triggered.”

The consequences of inaction, Hart said, could prove more costly.

“ISPs who take a “look the other way” or “let’s wait and see” approach risk exposing themselves to liability and losing the benefit of defences that might otherwise be available to them," he said.

FIVE QUICK TIPS:

• Construct a customer policy that specifically deals with the problem of copyright infringement on your network and threatens account termination if the policy is repeatedly breached.
• Ensure such a policy is communicated directly to account holders.
• Ensure subscribers are told that they may be held accountable (in terms of termination) for the actions of others that use their account.
• Set up an email address to receive infringement notices from rights holders and a process in place to assess the merits of the complaints.
• Document and audit your compliance program as evidence that your policy meets Safe Harbour requirements