The Music Industry v.

Ireland – A Chronology
Mícheál O‟Dowd
www.odowd.ie

In the Beginning there were tapes It is hard to say where the story of the unauthorised copying of music began. The 1980s brought with it the British Phonographic Industry‟s infamous slogan “Home Taping is killing music”, but by the turn of the century few people were still hovering over the record button on their radio cassette for the top 40 countdown. They had moved onto using the internet for same purpose. There can be no question but that the Music Industry has a right in most developed legal systems to control who can download or otherwise deal in what is their property. In Ireland this is enshrined in the Copyright and Related Rights Act 2000. Metallica can perhaps be credited with launching the first legal salvo against unauthorised music downloading. The target was the then pre eminent file sharing programme, Napster, in a California Courtroom in 20001. In A&M Records, Inc. v. Napster, Inc. it was held by the Ninth Circuit that the owners of Napster the software which was facilitating the breach of copyright, could control the infringing behaviour of users, and as such were obliged to do so. The simple solution to the ruling A&M Records, Inc. v. Napster, Inc. was that later iterations of similar software such as Gnutella removed discretion from the equation. Technology, rather than law tends to govern what is possible and not possible in the relm of sharing data and the Gnutella network was designed to be decentralised, with no one having any control over the content that it carried. No one could then shut it down. For the Music Industry there was no longer any practical gain in pursuing the software developers through the courts. To paraphrase WB Yeats, all changed, changed utterly and a terrible beauty was born. While the music industry proceeded to shut down another first generation centralised music sharing service in 20052, the new approach was to target individual users, their employers, universities, and in some cases parents. Hard case stories abounded, including one where a woman described by a Federal Judge as an “Internet-illiterate parent, who does not know Kazaa3 from kazoo, and who can barely retrieve her email” was sued for having a large amount of Gangsta Rap on her PC. The individual in question, Patricia Santangelo had two adult children, who had downloaded the music. After 4 years, two court cases and hundreds of thousands spend on legal fees the Recording Industry Association of America settled the case for $7,000.4 The policy of suing individuals was publically discontinued in the US in the 19th December 2008 in favour of reaching individual agreements with Internet Service

1 2

http://www.law.cornell.edu/copyright/cases/239_F3d_1004.htm http://w2.eff.org/IP/P2P/MGM_v_Grokster/ 3 A file sharing program 4 http://arstechnica.com/tech-policy/news/2009/04/four-years-and-two-lawsuits-later-riaa-settles-for7000.ars

Providers to cut off users.5 The era of the “Three strikes” had begun in the US and would soon be followed in Ireland.6 EMI v. Eircom (I) – The Norwich Pharmacal Order In Ireland, the approach of the music industry has largely mirrored the US. In EMI Records (Ireland) Ltd & Ors v. Eircom Ltd & Anor [2005] IEHC 2337 the music industry applied to the High Court for a “Norwich Pharmacal Order” requiring an Internet Service Provider to disclose the names of downloaders. The Music Companies had through their use of the Mediasentry sniffing programme uncovered the internet protocol (IP) addresses of people who had made music available for download. An IP address contains 4 sets of three numbers varying from 0 to 255 separated by full stops i.e. 192.168.1.2, and allows data be routed over the internet from one computer to the other. While it can identify a particular computer, it does not generally allow for an individual be personally identified. Using the UK precedent of Norwich Pharmacal8 they sought to find out the names of the 17 people behind the mask of cryptic numbers. The rule in Norwich Pharmacal provides as follows: “If through no fault of his own a person gets mixed up in the tortious acts of others so as to facilitate their wrongdoing, he may incur no personal liability, but he comes under a duty to assist the person who has been wronged by giving him full information and disclosing the identity of the wrongdoers. This was accepted in Irish law in Megaleasing UK Ltd. -v- Barrett and the order sought by the Music Industry was granted by Mr. Justice Peter Kelly. The High Court Judge also noted that there was no suggestion of any wrongdoing on the part of Eircom, and that their opposition to releasing the names stemmed from the duty of confidentiality they owned to their subscribers. He made the order releasing the names of the 17 conditional on their names being kept from the public domain save in circumstances where it might arise in the context of infringement proceedings being as a result of the information gathered on foot of the order. Whether this condition protected the privacy of the 17 or gave them an added incentive to settle for whatever amount requested by the Record Companies is arguable. A second round of proceedings seeking the identities of 49 subscribers from Irish ISPs was brought to a successful conclusion in January 2006 in similar terms, and the process continued on into 20079. Of the subscribers identified by court action all settled and none proceeded for full hearing.10 While there was no official announcement like their US counterparts, the Record Companies in Ireland must also have felt their approach was laborious and expensive.
5 6

http://online.wsj.com/article/SB122966038836021137.html http://www.eff.org/deeplinks/2008/12/riaa-v-people-turns-lawsuits-3-strikes 7 http://www.bailii.org/ie/cases/IEHC/2005/H233.html 8 http://www.bailii.org/uk/cases/UKHL/1973/6.html 9 http://www.digitalrights.ie/2007/06/07/23-filesharers-to-be-identified-but-concerns-remain/ 10 EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., p32

It cost the Music Industry €680,000 in legal fees to identify 89 individuals from whom €80,000 was recouped in settlements.11 The record companies clearly felt they had to change their enforcement tactics. While they still recognised the ISP to be an innocent bystander in grand scheme of events, they came to the opinion that they should be doing more to uphold copyright in recorded music. An action was brought against Eircom Ltd., the largest ISP in Ireland on the basis it had facilitated the breach of copyright. EMI v. Eircom (II) - The Three Strikes Settlement The basis of the action lay in section 40(4) of the Copyright and Related Rights Act 2000. This provides as follows: (3) Subject to subsection (4), the provision of facilities for enabling the making available to the public of copies of a work shall not of itself constitute an act of making available to the public of copies of the work. (4) Without prejudice to subsection (3), where a person who provides facilities referred to in that subsection is notified by the owner of the copyright in the work concerned that those facilities are being used to infringe the copyright in that work and that person fails to remove that infringing material as soon as practicable thereafter that person shall also be liable for the infringement. The record companies no doubt contended as they later would in EMI v. UPC that by their inaction in refusing to disconnect users who could be identified as file sharers using sniffing software (by 2009 Dtecnet rather than Mediasentry was the preferred software) were complicit. Eircom settled the action before it went to hearing with the first Irish implementation of the three strikes rule. It was agreed that the Irish Recorded Music Association (IRMA) would send Eircom notifications containing among other things the IP addresses of individuals they had detected as engaging in file sharing. Eircom would then match the IP address to the account it was assigned to at the time the alleged file sharing took place. The end result was that on the third written warning the user could run the risk of having their internet connection cut off. EMI v. Eircom (III) - The Blocking of Piratebay Despite the “three strikes settlement”, Eircom found themselves in Court again in July of 200912, again pursuant to section 40(4) of the Copyright and Related Rights Act 2000. In this case the representatives of the music industry sought an injunction against Eircom to block access to the website “thepiratebay.com”. A pattern in Eircom‟s attitude to these cases was beginning to emerge.

11 12

ibid http://www.bailii.org/ie/cases/IEHC/2009/H411.html

The Pirate bay is a Swedish website which hosts indices of files which can be downloaded using the BitTorrent file transfer protocol. Internet users can browse the website, and select various albums, films or other copyrighted material and download it using a BitTorrent software client. While the method of transferring files is different to the Gnutella network, the end result is similar; music gets transferred and copyright gets breached. While there are many websites that ape the functionally of the pirate bay,13 none have attracted the same media or judicial attention. On the 24th July 2009 Chareton J. delivered an ex tempore judgment having heard only the side of the case offered by the representatives of the music industry and pursuant to a settlement having been reached by both sides. Eircom were present in the courtroom but did not offer any defence. Relying only upon the affidavits furnished by the music industry Charelton J took particular exception to the quote of Mr. Peter Sunde, a co founder of the website when that individual noted: This is how it works: Whatever you sink, we build back up. Whomever you sue, 10 new pirates are recruited. Wherever you go, we are already ahead of you. You are the past and the forgotten; we are the internet and the future.14 The judge felt that Mr. Sunde and the piratebay were holding themselves up as being “on some kind of a white horse”, yet deriving personal gain from assisting in the breach of copyright. Emphasising he had heard only unopposed evidence the judge held that he was entitled to block access to the piratebay website. He would change his mind on the matter a year later. EMI v. Eircom (IV) – The referral from the Data Protection Commissioner On the 16th April 2010 the three strikes settlement was back before Mr. Justice Charelton.15 This time the Data Protection Commissioner had raised a number of issues regarding the lawfulness of the settlement. In particular the queries raised regarding the implementation of the settlement were: 1. Do data comprising IP addresses, in the hands of EMI , and taking account of the purpose for which they are collected and their intended provision to Eircom, constitute “personal data” for the purposes of the Data Protection Acts, 1988-2003 2. Having regard to section 2A(1) of the Data Protection Act 1988 as amended, and assuming for current purposes that the processing by Eircom of “personal data” in the context of (disconnecting subscribers) is “necessary for the purposes of the legitimate interests pursued by [Eircom]”, does much processing represent “unwarranted processing by reasons of prejudice to the fundamental rights and freedoms or legitimate interests of the data subject”?

13 14

E.g. Isohunt, torrentfunk It appears however this quote was incorrectly attributed to Mr. Sunde by Envisional, and it was instead displayed on a Lithuanian website under the control of Kestas Ermanas. 15 http://www.bailii.org/ie/cases/IEHC/2010/H108.html

3. Having regard to section 2A(1) and 2B(1) of the Data Protection Act 1988 as amended, is it open to EMI and/or Eircom to disconnect subscribers circumstances where:(a) In doing so they would be engaged in the processing of personal data and/or sensitive personal data (in so far as the data can be considered to relate to the commission of a criminal offence), including the provision of such data from one private entity to another private entity; and (b) The termination of an internet user’s subscription by Eircom would be predicated on the internet user in question having committed an offence ...without any determination having been made by a court... Presumably rather than going down the costly road of implementing the “three strikes” rule and risk falling foul of the Data Protection Acts both the music industry and Eircom felt it wise to re-enter the matter before the High Court. The Data Protection commissioner did not appear as the office did not receive any indemnity as to its costs. As a result Charleton J was left to make a decision without any useful guidance from the point of view of Irish internet users, but only legal advice offered by the music industry and a consenting ISP between whom there was no bona fide dispute. Given the circumstances, the Data Protection Commissioner would have been better off not referring the matter. Charelton J found as follows: 1) IP addresses do not constitute personal information. Such is defined in the Data Protection Acts as “Data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller” and an IP address cannot be readily correlated with a living individual unless expensive litigation is engaged it (i.e. an application for a Norwich Pharmacal Order) 2) Charelton J noted that Irish Law recognises a fundamental right to copyright.16 And that the plaintiffs enjoyed this Constitutional right. Furthermore the Judge noted there cannot be a right to infringe the constitutional rights of others, absent some argument as to a genuine and compelling competing right. No discussion was given to whether access to communications might be this compelling right. Given that such has been recognised by a number of European Countries including France17 and Finland18 this is a regressive step. The development of such a right has also got the backing of the International Telecommunication Union (ITU). 19 3) Ultimately the judge felt there was nothing disproportionate about cutting off internet access because of three infringements of copyright. 4) It appears that a business may retrospectively and unilaterally change their terms of use & privacy policy and change the use for which their personal data is used. By continuing to avail of the service it can be deemed that the data subject has given his or her consent.
16 17

Phonographic Performance Ireland Limited v. Cody, [1998] 4 I.R. 504 http://technology.timesonline.co.uk/tol/news/tech_and_web/article6478542.ece 18 http://www.itu.int/net/itunews/issues/2010/06/34.aspx 19 http://news.bbc.co.uk/2/hi/8548190.stm

5) That since no accusation of a criminal offence was being levied on subscribers, it was not necessary that there should be an investigation by an authorised body, or a determination made by a court following the conduct of a fair and impartial hearing, in order to determine that an offence has in fact been committed before a subscribers internet is cut off. There is much to criticise about the decision of Charelton J, and even more reason to criticise the Data Protection Commissioner for causing a matter to come before the high court without providing the assistance necessary to give a judge a full view of the matters at hand. Following on from the decision in EMI v. Eircom (IV), the ISP commenced issuing letters to subscribers, although it appears at a much lower rate than sought by IRMA. The Record Companies in keeping their side of the settlement commenced proceedings against other ISPs on the Irish market. While Vodafone agreed to follow in Eircom‟s footsteps20, UPC did not. EMI v. UPC – Matters Come to a head The decision of Charelton J. in EMI v. UPC was delivered on the 11th October 2010 and stretches to 82 pages. The recording companies sought an injunction restraining UPC from what they claimed was it infringing the copyright in music by virtue of the fact its subscribers were using its facilities to download unauthorised content. They also sought an order blocking www.thepiratebay.org and “such other domain names, IP addresses and URL’s as may reasonably be notified as related domain names by the plaintiffs’ to the defendant from time to time.” For its part UPC argued that as a broadband provider was a “mere conduit” and had no involvement in the piracy, but merely provided a service to be used as people chose. It also argued that it would not be just or convenient to grant an injunction given the rights of its subscribers and that fact the court would need to be involved in supervising its own order. Charelton J. accepted at the outset the damaging effect that unauthorised downloading has on the music industry and criticised UPC for their failure to address the problem where they had an “economic and moral obligation” to do so.21 EMI v. UPC – Solutions Considered Charelton J considered a number of potential solutions which could be imposed on UPC. Wisely the Judge noted that a suggestion by one expert witness to block all peer-topeer traffic was unreasonable given the large amount of legitimate uses for which it is put. To do so Charelton J. noted would restrict websites such as those maintained by the BBC and RTE, and cloud services such as Amazon S3. The Judge noted that legitimate uses for peer-to-peer were growing and its use in sharing copyright material
20 21

http://www.irishtimes.com/newspaper/ireland/2010/0616/1224272615990.html EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., Par 20

would in all likelihood be in the minority in coming years. To any blanket ban or suggesting of blanket throttling of peer to peer the judge said: I would reject any solution that is based on any substantial constriction in the communication of material lawfully available on the internet unless the harm is demonstrated to be so grave as to illegal file sharing of copyright material as to render that both necessary and just.22 The other solutions proposed in the case included 1) Detection, 2) the implementation of a Global File Registry and 3) the implementation of Copysense. Detection refers to the method of using software such as Dtecnet to download copyrighted material from the internet and similar to that used in EMI v. Eircom (I). Notwithstanding evidence given to the fact it is reasonably trivial to evade by the use of proxies the judge formed the opinion that there was no reason why the use of DtecNet technology would not be viable and proportionate. He took the view that further avoidance through the use of IP cloaking or Virtual Private Networks could be dealt with at a later stage. The other alternatives included the use of “Global File Registry”23 which would involve installing an appliance which would monitor files traversing the UPC network and compare them to a database of copyrighted material. If such a copyrighted file was found to be using the network, evidence was offered that Global File Registry could disrupt the communication and prevent successful transmission. The judge however felt on evidence this technology was not sufficiently mature to be the subject of an injunction. The final method of constraining the sharing of copyrighted songs considered involved the deployment of a software appliance known as “Copysense”. Copysense the judge accepted could be effective. The appliance works by filtering copyrighted contents on the basis of digital fingerprints and it facilitates the sending of warnings to the users who it detects were infringing copyright. Having been deployed in a number of third level institutions with what appears to be reasonably successful results. Content filtering has not however been widely embraced anywhere outside the education sector. Although the Belgian Courts ruled the imposition of Copysense was an appropriate response to unauthorised downloading in 2007,24 the issue was revisited by the Belgian Court of Appeal in 2010. In the Belgian Court of Appeal, the issues between the parties were that SABAM (the representatives of the Music Industry in Belgium) relied on national copyright laws, interpreted in the light of Directive 2001/29 (Information Society Directive) and 2004/48 (IP Enforcement Directive), which permitted, and potentially required an injunction to be granted against an intermediary whose services were used to infringe copyright. The ISP however relied upon the E-Commerce Directive (2000/31), the Data Protection Directive (1995/46) and the Privacy and Electronic Communications
22 23

EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., par 33 http://www.globalfileregistry.com/ 24 Sabam V. S.A. Tiscali (Scarlet) District Court of Brussels, No. 04/8975/A, Decision Of 29 June 2007 http://www.cardozoaelj.net/issues/08/case001.pdf or http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1027954

Directive (2002/58) and their corresponding national implementing legislation, and contended that SABAM's proposals required a general surveillance of all network traffic and was incompatible with the obligations placed on the ISP regarding privacy and confidentiality of communications. The conflict was not one which the court felt it could resolve on its own, as such made the following preliminary reference being made to the ECJ: 1) Do EU Directives 2001/29/EC and 2004/48/EC, in conjunction with EU Directives 95/46/EC, 2000/31/EC and 2002/58/EC, construed in particular in the light of Articles 8 and 10 of the European Convention on the Protection of Human Rights and Fundamental Freedoms, permit member states to authorise a national court, before which substantive proceedings have been brought and on the basis merely of a statutory provision that: 'They [the national courts] may also issue an injunction against intermediaries whose services are used by a third party to infringe a copyright or related right', to order an Internet Service Provider (ISP) to introduce, for all its customers, in abstracto and as a preventive measure, exclusively at the cost of that ISP and for an unlimited period, a system for filtering all electronic communications, both incoming and outgoing, passing via its services, in particular those involving the use of peer-to-peer software, in order to identify on its network the sharing of electronic files containing a musical, cinematographic or audio-visual work in respect of which the applicant claims to hold rights, and subsequently to block the transfer of such files, either at the point at which they are requested or at which they are sent? 2) If the answer to question 1 is in the affirmative, do those directives require a national court, called upon to give a ruling on an application for an injunction against an intermediary whose services are used by a third party to infringe a copyright, to apply the principle of proportionality when deciding on the effectiveness and dissuasive effect of the measure sought?25 The decision of the ECJ is still awaited. In light of the fact the Belgian Courts felt the matter serious enough to refer to the European Court, Charelton J‟s dismissal of the matter in the following terms is unusual: “Were there a willingness by UPC to engage with such a system, it could readily be made to work. It is clear why they do not wish to so engage.” EMI v. UPC – The Injunction The music industry had sought the following: 1) An injunction, pursuant to s. 37 and s. 40(4) of the Copyright and Related Rights Act, 2000, restraining the defendant internet service provider from infringing the copyright in sound recordings owned by, or exclusively licensed to, the plaintiffs by making available to the

25

Bold highlighting the authors own. OJ reference: http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:113:0020:0020:EN:PDF

public copies of those sound recording without the plaintiffs’ consent using its internet service facilities. 2) Without prejudice to the generality of the foregoing order, an order pursuant to s. 40(4) of the Copyright and Related Rights Act, 2000 that the defendant block or otherwise disable access by its subscribers to the website thePirateBay.org and related domain names, IP addresses and URL’s, as set out in the schedule hereto attached, together with such other domain names, IP addresses and URL’s as may reasonably be notified as related domain names by the plaintiffs’ to the defendant from time to time. Despite the sympathy which the judge had for the recording companies he felt he could not grant an injunction. He noted “The Court is bound.... been considered by the Oireachtas, to apply the law within the four corners of the Copyright and Related Rights Act 2000.”26 To do otherwise he stated “would be to ignore the power of the Oireachtas to regulate rights in accordance with a just scheme of legislation that balances the exercise of those rights with the responsibility of living within an ordered society.”27 In other words, the Judge felt the doctrine of the separation of powers prevented him legislating in what was already an area heavily regulated by statute. He noted that section 40(4) of the Copyright and Related Rights Act 2000 provides that when a person is notified of material on its network and “... [where] that person fails to remove that infringing material as soon as practicable thereafter that person shall also be liable for the infringement. Charelton J felt however that “Cutting off access to the computers holding pirated copyright songs is not to remove infringing material; it is to stop the transit of that material. Further, as has been analysed in relation to the possible responses to internet piracy, two of the programmes, namely CopySense and Global File Registry cannot fairly, on my analysis, be described as removing material from the internet.”28 Despite the view of one expert witness who felt if a person stops transmitting information on a network that information can fairly be said to be removed, the judge felt that CopySense and Global File Registry functioned by interrupting transmission or sending warnings and did not remove anything. Furthermore in the “three strikes” scenario the judge felt that by the time the warnings are given the material had long since been transmitted and as such was not capable of being removed. As a result, the music industry could not be successful in the first element of their claim. To decide on the second aspect, Charelton J had to revisit EMI v. Eircom (III). The facts of EMI v. Eircom (III) are noted above, and the factual background was similar in this case. Thepiratebay.org had proven itself to be a safehaven for pirates and the music industry felt the world would be a better place without it. Charelton J agreed with the sentiment, but having heard a full argument on the matter felt he did not have the legislative authority to enjoin the existence of the website for UPC subscribers. Accordingly the judge reached the conclusion his decision in EMI v. Eircom (III) was incorrect.
26 27

EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., Par 86 ibid 28 EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., Par 100

EMI v. UPC – Privacy and Individual Rights EMI v. UPC raised a number of interesting points regarding internet privacy in Ireland. It should firstly be noted that Charelton J. reaffirmed his decision in EMI v. Eircom (IV) regardless of arguments raised by UPC, and as such his findings in that case can still be considered part of Irish law. The existence of a constitutional right to privacy is well recognised, and further protection is given by the Data Protection Acts. On the co-existance of privacy with the internet the judge noted: Privacy in the modern panoptic society must be flexible enough to address new technologies and developments and their privacy implications while at the same time certain enough as to offer guidance and clarity as a matter of law.29 Indeed given that 1.66 million Irish people appear to have forsaken a good deal of privacy to use the social networking site Facebook, this does not seem an unreasonable conclusion.30 The EMI v. UPC decision made reference to essentially two different methods of logging and monitoring. One method involved using software such as Media sentry or Dtecnet at one end of a transmission. The software would spoof or lead the computer being monitored to believe the monitoring software wished to download a particular song in an evidence gathering exercise. The record companies then proposed they would use this evidential matter as the basis of implementing the “three strikes” rule. In this context the judge took the view that “there are no privacy or data protection implications to detecting unauthorised downloads of copyright material using peerto-peer technology”31. This rationale is predicated on the belief, as outlined in EMI v. Eircom (IV) that an IP address is merely a sequence of numbers that does not have the quality of personal data. In an international context this matter is far from settled, with the Swiss Federal Supreme Court ruling the opposite in September 2010.32 For now however in Irish Law any filtering, logging or monitoring at the point before a person is defined by their name as opposed to their IP address is perfectly acceptable. The second method of logging and monitoring involved a monitoring appliance being positioned half ways between two computers in a transmission and utilising Deep Packet Inspection (DPI) to monitor the content of the transmission. In internet terms a packet is much like a piece of mail in an envelope; it contains headers that specify a destination and return address, with useful data inside the packet itself. Generally when routed across the internet the packet headers containing the addresses are that is looked at. In devices using deep packet inspection, however, the entire packet is examined. In many respects it is not entirely unlike opening post. DPI gained notoriety in 2009 when the European Commission commenced infringement proceedings against the UK for permitting the use of “Phorm”. This is a
29 30

EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., par 66 http://www.siliconrepublic.com/comms/item/18010-irish-facebook-users-hit-1 31 EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., par 68 32 http://www.edoeb.admin.ch/aktuell/01688/index.html?lang=en

“behavioural advertising” system which displays personalised adverts on websites contingent on the results of DPI. As of September 2010 the Commission has referred the matter to the European Court of Justice33 due to the UK in the opinion of the Commission: “not fully implementing EU rules on the confidentiality of electronic communications such as e-mail or internet browsing. Specifically, the Commission considers that UK law does not comply with EU rules on consent to interception and on enforcement by supervisory authorities. The EU rules in question are laid down in the ePrivacy Directive 2002/58/EC and the Data Protection Directive 95/46/EC." The commission has three grievances with UK law, in particular: there is no independent national authority to supervise the interception of some communications, although the establishment of such authority is required under the Privacy and Electronic Communications and Data Protection Directives. current UK law authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has „reasonable grounds for believing‟ that consent to do so has been given. Unlike EU law, current UK law prohibiting and providing sanctions in case of unlawful interception are limited to „intentional‟ interception only. In an Irish context however Charleton J was content to assume: “Deep packet inspection, as described in this judgment is not the seeking of information which is in the course of transmission. Instead, it identifies the nature of transmissions, whether encrypted or otherwise, by reference to the ports which they use, and the protocol employed, so as to identify peer-to-peer communication..... UPC does this already for legitimate commercial purposes related to the management of transmissions. If it suited, they could also easily identify the file # of copyright works and block them or divert the search in aid of theft to a legal site. This is not a general search for information. It is simple use of deep packet inspection technology in aid of proper transmission.”34 It is surprising the judge did not refer to the Postal and Telecommunications Services Act, 1983 and its subsequent amending legislation in this paragraph. Furthermore Charelton J notes at the outset that DPI is only used to established the type of transmission (i.e. whether HTML from a web browser or peer to peer traffic), however six lines later he suggests DPI could be used to identity particular content, and to do so would not be a general search for information and furthermore that “the right of privacy is not engaged by the scrutiny of files publicly made available for

33

http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1215&format=HTML&aged=0&langu age=EN&guiLanguage=en 34 EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd. ,par 107

copyright theft on the internet and nor is it engaged by deep packet inspection for the purpose of detecting and diverting or disenabling such transmissions.”35 From the above it seems that for now, the High Court has ruled that no privacy protection can attach to an IP address, and that no protection is available in Ireland against any form of sniffing or monitoring carried out by third parties on individuals internet connections. It also appears that how a “packet” may be treated differs greatly depending on whether it is or is not of the electronic variety. Conclusion Charelton J concluded that the Irish Legislature did not correctly implement the eCommerce and Copyright Directives into Irish Law by “making no proper provision for the blocking, diverting or interrupting of internet communications intent on breaching Copyright”36 It seems inevitable that legislation will be required in this area. Should they choose to allow some means of monitoring they may be well advised to wait for the ECJ to decide on the SABAM and Phorm decisions. The other alternative is to legislate for a “three strikes” law such as the UK and France. An essential element of this however would be independent oversight. As Charelton noted, the District Court would be the ideal forum for this.37 While copyright holders have been put at a disadvantage by this ruling it is clear where Charelton J‟s sentiments lie. Thankfully however the judge felt on this occasion it was best to defer to the legislature to come up with a solution rather than allow private bodies decide who may, or may not, have internet access. Any law in this area must recognise the competing right of individuals to access communications networks, and this right should not be usurped easily. Mícheál O‟Dowd O‟Hanlon & O‟Dowd Solicitors www.ohod.ie

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

35 36

Ibid, par 70 EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., par 138 37 Ibid, par 62

Sign up to vote on this title
UsefulNot useful