The Music Industry v.

Ireland – A Chronology
Mícheál O‟Dowd
www.odowd.ie

In the Beginning there were tapes

It is hard to say where the story of the unauthorised copying of music began. The
1980s brought with it the British Phonographic Industry‟s infamous slogan “Home
Taping is killing music”, but by the turn of the century few people were still hovering
over the record button on their radio cassette for the top 40 countdown. They had
moved onto using the internet for same purpose.

There can be no question but that the Music Industry has a right in most developed
legal systems to control who can download or otherwise deal in what is their property.
In Ireland this is enshrined in the Copyright and Related Rights Act 2000.

Metallica can perhaps be credited with launching the first legal salvo against
unauthorised music downloading. The target was the then pre eminent file sharing
programme, Napster, in a California Courtroom in 20001. In A&M Records, Inc. v.
Napster, Inc. it was held by the Ninth Circuit that the owners of Napster the software
which was facilitating the breach of copyright, could control the infringing behaviour
of users, and as such were obliged to do so.

The simple solution to the ruling A&M Records, Inc. v. Napster, Inc. was that later
iterations of similar software such as Gnutella removed discretion from the equation.
Technology, rather than law tends to govern what is possible and not possible in the
relm of sharing data and the Gnutella network was designed to be decentralised, with
no one having any control over the content that it carried. No one could then shut it
down. For the Music Industry there was no longer any practical gain in pursuing the
software developers through the courts. To paraphrase WB Yeats, all changed,
changed utterly and a terrible beauty was born.

While the music industry proceeded to shut down another first generation centralised
music sharing service in 20052, the new approach was to target individual users, their
employers, universities, and in some cases parents. Hard case stories abounded,
including one where a woman described by a Federal Judge as an “Internet-illiterate
parent, who does not know Kazaa3 from kazoo, and who can barely retrieve her e-
mail” was sued for having a large amount of Gangsta Rap on her PC. The individual
in question, Patricia Santangelo had two adult children, who had downloaded the
music. After 4 years, two court cases and hundreds of thousands spend on legal fees
the Recording Industry Association of America settled the case for $7,000.4 The
policy of suing individuals was publically discontinued in the US in the 19th
December 2008 in favour of reaching individual agreements with Internet Service

1
http://www.law.cornell.edu/copyright/cases/239_F3d_1004.htm
2
http://w2.eff.org/IP/P2P/MGM_v_Grokster/
3
A file sharing program
4
http://arstechnica.com/tech-policy/news/2009/04/four-years-and-two-lawsuits-later-riaa-settles-for-
7000.ars
Providers to cut off users.5 The era of the “Three strikes” had begun in the US and
would soon be followed in Ireland.6

EMI v. Eircom (I) – The Norwich Pharmacal Order

In Ireland, the approach of the music industry has largely mirrored the US. In EMI
Records (Ireland) Ltd & Ors v. Eircom Ltd & Anor [2005] IEHC 2337 the music
industry applied to the High Court for a “Norwich Pharmacal Order” requiring an
Internet Service Provider to disclose the names of downloaders. The Music
Companies had through their use of the Mediasentry sniffing programme uncovered
the internet protocol (IP) addresses of people who had made music available for
download. An IP address contains 4 sets of three numbers varying from 0 to 255
separated by full stops i.e. 192.168.1.2, and allows data be routed over the internet
from one computer to the other. While it can identify a particular computer, it does
not generally allow for an individual be personally identified.

Using the UK precedent of Norwich Pharmacal8 they sought to find out the names of
the 17 people behind the mask of cryptic numbers. The rule in Norwich Pharmacal
provides as follows:

“If through no fault of his own a person gets mixed up in the tortious acts of
others so as to facilitate their wrongdoing, he may incur no personal liability,
but he comes under a duty to assist the person who has been wronged by
giving him full information and disclosing the identity of the wrongdoers.

This was accepted in Irish law in Megaleasing UK Ltd. -v- Barrett and the order
sought by the Music Industry was granted by Mr. Justice Peter Kelly.

The High Court Judge also noted that there was no suggestion of any wrongdoing on
the part of Eircom, and that their opposition to releasing the names stemmed from the
duty of confidentiality they owned to their subscribers. He made the order releasing
the names of the 17 conditional on their names being kept from the public domain
save in circumstances where it might arise in the context of infringement proceedings
being as a result of the information gathered on foot of the order. Whether this
condition protected the privacy of the 17 or gave them an added incentive to settle for
whatever amount requested by the Record Companies is arguable.

A second round of proceedings seeking the identities of 49 subscribers from Irish

ISPs was brought to a successful conclusion in January 2006 in similar terms, and the
process continued on into 20079. Of the subscribers identified by court action all
settled and none proceeded for full hearing.10

While there was no official announcement like their US counterparts, the Record
Companies in Ireland must also have felt their approach was laborious and expensive.

5
http://online.wsj.com/article/SB122966038836021137.html
6
http://www.eff.org/deeplinks/2008/12/riaa-v-people-turns-lawsuits-3-strikes
7
http://www.bailii.org/ie/cases/IEHC/2005/H233.html
8
http://www.bailii.org/uk/cases/UKHL/1973/6.html
9
http://www.digitalrights.ie/2007/06/07/23-filesharers-to-be-identified-but-concerns-remain/
10
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., p32
It cost the Music Industry €680,000 in legal fees to identify 89 individuals from
whom €80,000 was recouped in settlements.11

The record companies clearly felt they had to change their enforcement tactics. While
they still recognised the ISP to be an innocent bystander in grand scheme of events,
they came to the opinion that they should be doing more to uphold copyright in
recorded music. An action was brought against Eircom Ltd., the largest ISP in Ireland
on the basis it had facilitated the breach of copyright.

EMI v. Eircom (II) - The Three Strikes Settlement

The basis of the action lay in section 40(4) of the Copyright and Related Rights Act
2000. This provides as follows:

(3) Subject to subsection (4), the provision of facilities for enabling the making
available to the public of copies of a work shall not of itself constitute an act
of making available to the public of copies of the work.

(4) Without prejudice to subsection (3), where a person who provides

facilities referred to in that subsection is notified by the owner of the
copyright in the work concerned that those facilities are being used to
infringe the copyright in that work and that person fails to remove that
infringing material as soon as practicable thereafter that person shall also
be liable for the infringement.

The record companies no doubt contended as they later would in EMI v. UPC that by
their inaction in refusing to disconnect users who could be identified as file sharers
using sniffing software (by 2009 Dtecnet rather than Mediasentry was the preferred
software) were complicit.

Eircom settled the action before it went to hearing with the first Irish implementation
of the three strikes rule. It was agreed that the Irish Recorded Music Association
(IRMA) would send Eircom notifications containing among other things the IP
addresses of individuals they had detected as engaging in file sharing. Eircom would
then match the IP address to the account it was assigned to at the time the alleged file
sharing took place. The end result was that on the third written warning the user could
run the risk of having their internet connection cut off.

EMI v. Eircom (III) - The Blocking of Piratebay

Despite the “three strikes settlement”, Eircom found themselves in Court again in July
of 200912, again pursuant to section 40(4) of the Copyright and Related Rights Act
2000. In this case the representatives of the music industry sought an injunction
against Eircom to block access to the website “thepiratebay.com”. A pattern in
Eircom‟s attitude to these cases was beginning to emerge.

11
ibid
12
http://www.bailii.org/ie/cases/IEHC/2009/H411.html
The Pirate bay is a Swedish website which hosts indices of files which can be
downloaded using the BitTorrent file transfer protocol. Internet users can browse the
website, and select various albums, films or other copyrighted material and download
it using a BitTorrent software client. While the method of transferring files is different
to the Gnutella network, the end result is similar; music gets transferred and copyright
gets breached. While there are many websites that ape the functionally of the pirate
bay,13 none have attracted the same media or judicial attention.

On the 24th July 2009 Chareton J. delivered an ex tempore judgment having heard
only the side of the case offered by the representatives of the music industry and
pursuant to a settlement having been reached by both sides. Eircom were present in
the courtroom but did not offer any defence. Relying only upon the affidavits
furnished by the music industry Charelton J took particular exception to the quote of
Mr. Peter Sunde, a co founder of the website when that individual noted:

This is how it works: Whatever you sink, we build back up. Whomever you sue, 10
new pirates are recruited. Wherever you go, we are already ahead of you. You are the
past and the forgotten; we are the internet and the future.14

The judge felt that Mr. Sunde and the piratebay were holding themselves up as being
“on some kind of a white horse”, yet deriving personal gain from assisting in the
breach of copyright. Emphasising he had heard only unopposed evidence the judge
held that he was entitled to block access to the piratebay website. He would change
his mind on the matter a year later.

EMI v. Eircom (IV) – The referral from the Data Protection Commissioner

On the 16th April 2010 the three strikes settlement was back before Mr. Justice
Charelton.15 This time the Data Protection Commissioner had raised a number of
issues regarding the lawfulness of the settlement. In particular the queries raised
regarding the implementation of the settlement were:

1. Do data comprising IP addresses, in the hands of EMI , and taking account

of the purpose for which they are collected and their intended provision to
Eircom, constitute “personal data” for the purposes of the Data Protection
Acts, 1988-2003

2. Having regard to section 2A(1) of the Data Protection Act 1988 as

amended, and assuming for current purposes that the processing by Eircom of
“personal data” in the context of (disconnecting subscribers) is “necessary
for the purposes of the legitimate interests pursued by [Eircom]”, does much
processing represent “unwarranted processing by reasons of prejudice to the
fundamental rights and freedoms or legitimate interests of the data subject”?

13
E.g. Isohunt, torrentfunk
14
It appears however this quote was incorrectly attributed to Mr. Sunde by Envisional, and it was
instead displayed on a Lithuanian website under the control of Kestas Ermanas.
15
http://www.bailii.org/ie/cases/IEHC/2010/H108.html
 3. Having regard to section 2A(1) and 2B(1) of the Data Protection Act 1988
as amended, is it open to EMI and/or Eircom to disconnect subscribers
circumstances where:-
(a) In doing so they would be engaged in the processing of personal
data and/or sensitive personal data (in so far as the data can be
considered to relate to the commission of a criminal offence),
including the provision of such data from one private entity to another
private entity; and
(b) The termination of an internet user’s subscription by Eircom would
be predicated on the internet user in question having committed an
offence ...without any determination having been made by a court...

Presumably rather than going down the costly road of implementing the “three
strikes” rule and risk falling foul of the Data Protection Acts both the music industry
and Eircom felt it wise to re-enter the matter before the High Court. The Data
Protection commissioner did not appear as the office did not receive any indemnity as
to its costs. As a result Charleton J was left to make a decision without any useful
guidance from the point of view of Irish internet users, but only legal advice offered
by the music industry and a consenting ISP between whom there was no bona fide
dispute. Given the circumstances, the Data Protection Commissioner would have been
better off not referring the matter.

Charelton J found as follows:

1) IP addresses do not constitute personal information. Such is defined in the

Data Protection Acts as “Data relating to a living individual who is or can be
identified either from the data or from the data in conjunction with other
information that is in, or is likely to come into, the possession of the data
controller” and an IP address cannot be readily correlated with a living
individual unless expensive litigation is engaged it (i.e. an application for a
Norwich Pharmacal Order)
2) Charelton J noted that Irish Law recognises a fundamental right to copyright.16
And that the plaintiffs enjoyed this Constitutional right. Furthermore the Judge
noted there cannot be a right to infringe the constitutional rights of others,
absent some argument as to a genuine and compelling competing right. No
discussion was given to whether access to communications might be this
compelling right. Given that such has been recognised by a number of
European Countries including France17 and Finland18 this is a regressive step.
The development of such a right has also got the backing of the International
Telecommunication Union (ITU). 19
3) Ultimately the judge felt there was nothing disproportionate about cutting off
internet access because of three infringements of copyright.
4) It appears that a business may retrospectively and unilaterally change their
terms of use & privacy policy and change the use for which their personal data
is used. By continuing to avail of the service it can be deemed that the data
subject has given his or her consent.

16
Phonographic Performance Ireland Limited v. Cody, [1998] 4 I.R. 504
17
http://technology.timesonline.co.uk/tol/news/tech_and_web/article6478542.ece
18
http://www.itu.int/net/itunews/issues/2010/06/34.aspx
19
http://news.bbc.co.uk/2/hi/8548190.stm
 5) That since no accusation of a criminal offence was being levied on
subscribers, it was not necessary that there should be an investigation by an
authorised body, or a determination made by a court following the conduct of
a fair and impartial hearing, in order to determine that an offence has in fact
been committed before a subscribers internet is cut off.

There is much to criticise about the decision of Charelton J, and even more reason to
criticise the Data Protection Commissioner for causing a matter to come before the
high court without providing the assistance necessary to give a judge a full view of
the matters at hand.

Following on from the decision in EMI v. Eircom (IV), the ISP commenced issuing
letters to subscribers, although it appears at a much lower rate than sought by IRMA.
The Record Companies in keeping their side of the settlement commenced
proceedings against other ISPs on the Irish market. While Vodafone agreed to follow
in Eircom‟s footsteps20, UPC did not.

EMI v. UPC – Matters Come to a head

The decision of Charelton J. in EMI v. UPC was delivered on the 11th October 2010
and stretches to 82 pages. The recording companies sought an injunction restraining
UPC from what they claimed was it infringing the copyright in music by virtue of
the fact its subscribers were using its facilities to download unauthorised content.
They also sought an order blocking www.thepiratebay.org and “such other domain
names, IP addresses and URL’s as may reasonably be notified as related domain
names by the plaintiffs’ to the defendant from time to time.”

For its part UPC argued that as a broadband provider was a “mere conduit” and had
no involvement in the piracy, but merely provided a service to be used as people
chose. It also argued that it would not be just or convenient to grant an injunction
given the rights of its subscribers and that fact the court would need to be involved in
supervising its own order.

Charelton J. accepted at the outset the damaging effect that unauthorised downloading
has on the music industry and criticised UPC for their failure to address the problem
where they had an “economic and moral obligation” to do so.21

EMI v. UPC – Solutions Considered

Charelton J considered a number of potential solutions which could be imposed on

UPC.

Wisely the Judge noted that a suggestion by one expert witness to block all peer-to-
peer traffic was unreasonable given the large amount of legitimate uses for which it is
put. To do so Charelton J. noted would restrict websites such as those maintained by
the BBC and RTE, and cloud services such as Amazon S3. The Judge noted that
legitimate uses for peer-to-peer were growing and its use in sharing copyright material

20
http://www.irishtimes.com/newspaper/ireland/2010/0616/1224272615990.html
21
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., Par 20
would in all likelihood be in the minority in coming years. To any blanket ban or
suggesting of blanket throttling of peer to peer the judge said:

I would reject any solution that is based on any substantial

constriction in the communication of material lawfully available on the
internet unless the harm is demonstrated to be so grave as to illegal file
sharing of copyright material as to render that both necessary and just.22

The other solutions proposed in the case included 1) Detection, 2) the implementation
of a Global File Registry and 3) the implementation of Copysense.

Detection refers to the method of using software such as Dtecnet to download

copyrighted material from the internet and similar to that used in EMI v. Eircom (I).
Notwithstanding evidence given to the fact it is reasonably trivial to evade by the use
of proxies the judge formed the opinion that there was no reason why the use of
DtecNet technology would not be viable and proportionate. He took the view that
further avoidance through the use of IP cloaking or Virtual Private Networks could be
dealt with at a later stage.

The other alternatives included the use of “Global File Registry”23 which would
involve installing an appliance which would monitor files traversing the UPC network
and compare them to a database of copyrighted material. If such a copyrighted file
was found to be using the network, evidence was offered that Global File Registry
could disrupt the communication and prevent successful transmission. The judge
however felt on evidence this technology was not sufficiently mature to be the subject
of an injunction.

The final method of constraining the sharing of copyrighted songs considered

involved the deployment of a software appliance known as “Copysense”. Copysense
the judge accepted could be effective. The appliance works by filtering copyrighted
contents on the basis of digital fingerprints and it facilitates the sending of warnings to
the users who it detects were infringing copyright. Having been deployed in a
number of third level institutions with what appears to be reasonably successful
results. Content filtering has not however been widely embraced anywhere outside the
education sector. Although the Belgian Courts ruled the imposition of Copysense was
an appropriate response to unauthorised downloading in 2007,24 the issue was
revisited by the Belgian Court of Appeal in 2010.

In the Belgian Court of Appeal, the issues between the parties were that SABAM (the
representatives of the Music Industry in Belgium) relied on national copyright laws,
interpreted in the light of Directive 2001/29 (Information Society Directive) and
2004/48 (IP Enforcement Directive), which permitted, and potentially required an
injunction to be granted against an intermediary whose services were used to infringe
copyright. The ISP however relied upon the E-Commerce Directive (2000/31), the
Data Protection Directive (1995/46) and the Privacy and Electronic Communications

22
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., par 33
23
http://www.globalfileregistry.com/
24
Sabam V. S.A. Tiscali (Scarlet) District Court of Brussels, No. 04/8975/A, Decision Of 29 June
2007 http://www.cardozoaelj.net/issues/08/case001.pdf or
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1027954
Directive (2002/58) and their corresponding national implementing legislation, and
contended that SABAM's proposals required a general surveillance of all network
traffic and was incompatible with the obligations placed on the ISP regarding privacy
and confidentiality of communications.

The conflict was not one which the court felt it could resolve on its own, as such made
the following preliminary reference being made to the ECJ:

1) Do EU Directives 2001/29/EC and 2004/48/EC, in conjunction with EU

Directives 95/46/EC, 2000/31/EC and 2002/58/EC, construed in particular in
the light of Articles 8 and 10 of the European Convention on the Protection of
Human Rights and Fundamental Freedoms, permit member states to authorise
a national court, before which substantive proceedings have been brought and
on the basis merely of a statutory provision that: 'They [the national courts]
may also issue an injunction against intermediaries whose services are used
by a third party to infringe a copyright or related right', to order an Internet
Service Provider (ISP) to introduce, for all its customers, in abstracto and as
a preventive measure, exclusively at the cost of that ISP and for an
unlimited period, a system for filtering all electronic communications, both
incoming and outgoing, passing via its services, in particular those involving
the use of peer-to-peer software, in order to identify on its network the sharing
of electronic files containing a musical, cinematographic or audio-visual work
in respect of which the applicant claims to hold rights, and subsequently to
block the transfer of such files, either at the point at which they are requested
or at which they are sent?

2) If the answer to question 1 is in the affirmative, do those directives require

a national court, called upon to give a ruling on an application for an
injunction against an intermediary whose services are used by a third party to
infringe a copyright, to apply the principle of proportionality when deciding
on the effectiveness and dissuasive effect of the measure sought?25

The decision of the ECJ is still awaited. In light of the fact the Belgian Courts felt the
matter serious enough to refer to the European Court, Charelton J‟s dismissal of the
matter in the following terms is unusual: “Were there a willingness by UPC to engage
with such a system, it could readily be made to work. It is clear why they do not wish
to so engage.”

EMI v. UPC – The Injunction

The music industry had sought the following:

1) An injunction, pursuant to s. 37 and s. 40(4) of the Copyright and Related

Rights Act, 2000, restraining the defendant internet service
provider from infringing the copyright in sound recordings owned
by, or exclusively licensed to, the plaintiffs by making available to the

25
Bold highlighting the authors own. OJ reference: http://eur-
lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:113:0020:0020:EN:PDF
 public copies of those sound recording without the plaintiffs’
consent using its internet service facilities.
2) Without prejudice to the generality of the foregoing order, an order
pursuant to s. 40(4) of the Copyright and Related Rights Act, 2000 that
the defendant block or otherwise disable access by its subscribers to
the website thePirateBay.org and related domain names, IP addresses and
URL’s, as set out in the schedule hereto attached, together with
such other domain names, IP addresses and URL’s as may reasonably be
notified as related domain names by the plaintiffs’ to the
defendant from time to time.

Despite the sympathy which the judge had for the recording companies he felt he
could not grant an injunction. He noted “The Court is bound.... been considered by
the Oireachtas, to apply the law within the four corners of the Copyright and Related
Rights Act 2000.”26 To do otherwise he stated “would be to ignore the power of the
Oireachtas to regulate rights in accordance with a just scheme of legislation
that balances the exercise of those rights with the responsibility of living within an
ordered society.”27 In other words, the Judge felt the doctrine of the separation of
powers prevented him legislating in what was already an area heavily regulated by
statute.

He noted that section 40(4) of the Copyright and Related Rights Act 2000 provides
that when a person is notified of material on its network and “... [where] that person
fails to remove that infringing material as soon as practicable thereafter that person
shall also be liable for the infringement. Charelton J felt however that “Cutting off
access to the computers holding pirated copyright songs is not to remove infringing
material; it is to stop the transit of that material. Further, as has been analysed in
relation to the possible responses to internet piracy, two of the programmes, namely
CopySense and Global File Registry cannot fairly, on my analysis, be described as
removing material from the internet.”28 Despite the view of one expert witness who
felt if a person stops transmitting information on a network that information can fairly
be said to be removed, the judge felt that CopySense and Global File Registry
functioned by interrupting transmission or sending warnings and did not remove
anything. Furthermore in the “three strikes” scenario the judge felt that by the time the
warnings are given the material had long since been transmitted and as such was not
capable of being removed.

As a result, the music industry could not be successful in the first element of their
claim. To decide on the second aspect, Charelton J had to revisit EMI v. Eircom (III).

The facts of EMI v. Eircom (III) are noted above, and the factual background was
similar in this case. Thepiratebay.org had proven itself to be a safehaven for pirates
and the music industry felt the world would be a better place without it. Charelton J
agreed with the sentiment, but having heard a full argument on the matter felt he did
not have the legislative authority to enjoin the existence of the website for UPC
subscribers. Accordingly the judge reached the conclusion his decision in EMI v.
Eircom (III) was incorrect.
26
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., Par 86
27
ibid
28
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., Par 100
EMI v. UPC – Privacy and Individual Rights

EMI v. UPC raised a number of interesting points regarding internet privacy in

Ireland. It should firstly be noted that Charelton J. reaffirmed his decision in EMI v.
Eircom (IV) regardless of arguments raised by UPC, and as such his findings in that
case can still be considered part of Irish law.

The existence of a constitutional right to privacy is well recognised, and further

protection is given by the Data Protection Acts. On the co-existance of privacy with
the internet the judge noted: Privacy in the modern panoptic society must be flexible
enough to address new technologies and developments and their privacy implications
while at the same time certain enough as to offer guidance and clarity as a matter of
law.29 Indeed given that 1.66 million Irish people appear to have forsaken a good deal
of privacy to use the social networking site Facebook, this does not seem an
unreasonable conclusion.30

The EMI v. UPC decision made reference to essentially two different methods of
logging and monitoring. One method involved using software such as Media sentry or
Dtecnet at one end of a transmission. The software would spoof or lead the computer
being monitored to believe the monitoring software wished to download a particular
song in an evidence gathering exercise. The record companies then proposed they
would use this evidential matter as the basis of implementing the “three strikes” rule.

In this context the judge took the view that “there are no privacy or data protection
implications to detecting unauthorised downloads of copyright material using peer-
to-peer technology”31. This rationale is predicated on the belief, as outlined in EMI v.
Eircom (IV) that an IP address is merely a sequence of numbers that does not have the
quality of personal data.

In an international context this matter is far from settled, with the Swiss Federal
Supreme Court ruling the opposite in September 2010.32 For now however in Irish
Law any filtering, logging or monitoring at the point before a person is defined by
their name as opposed to their IP address is perfectly acceptable.

The second method of logging and monitoring involved a monitoring appliance being
positioned half ways between two computers in a transmission and utilising Deep
Packet Inspection (DPI) to monitor the content of the transmission.

In internet terms a packet is much like a piece of mail in an envelope; it contains

headers that specify a destination and return address, with useful data inside the
packet itself. Generally when routed across the internet the packet headers containing
the addresses are that is looked at. In devices using deep packet inspection, however,
the entire packet is examined. In many respects it is not entirely unlike opening post.

DPI gained notoriety in 2009 when the European Commission commenced

infringement proceedings against the UK for permitting the use of “Phorm”. This is a

29
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., par 66
30
http://www.siliconrepublic.com/comms/item/18010-irish-facebook-users-hit-1
31
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., par 68
32
http://www.edoeb.admin.ch/aktuell/01688/index.html?lang=en
“behavioural advertising” system which displays personalised adverts on websites
contingent on the results of DPI. As of September 2010 the Commission has referred
the matter to the European Court of Justice33 due to the UK in the opinion of the
Commission:

“not fully implementing EU rules on the confidentiality of electronic

communications such as e-mail or internet browsing. Specifically, the
Commission considers that UK law does not comply with EU rules on consent
to interception and on enforcement by supervisory authorities. The EU rules in
question are laid down in the ePrivacy Directive 2002/58/EC and the Data
Protection Directive 95/46/EC."

The commission has three grievances with UK law, in particular:

there is no independent national authority to supervise the interception of

some communications, although the establishment of such authority is
required under the Privacy and Electronic Communications and Data
Protection Directives.
current UK law authorises interception of communications not only where the
persons concerned have consented to interception but also when the person
intercepting the communications has „reasonable grounds for believing‟ that
consent to do so has been given.
Unlike EU law, current UK law prohibiting and providing sanctions in case of
unlawful interception are limited to „intentional‟ interception only.

In an Irish context however Charleton J was content to assume:

“Deep packet inspection, as described in this judgment is not the seeking of

information which is in the course of transmission. Instead, it identifies the
nature of transmissions, whether encrypted or otherwise, by reference to the
ports which they use, and the protocol employed, so as to identify peer-to-peer
communication..... UPC does this already for legitimate commercial purposes
related to the management of transmissions. If it suited, they could also easily
identify the file # of copyright works and block them or divert the search in aid
of theft to a legal site. This is not a general search for information. It is simple
use of deep packet inspection technology in aid of proper transmission.”34

It is surprising the judge did not refer to the Postal and Telecommunications Services
Act, 1983 and its subsequent amending legislation in this paragraph. Furthermore
Charelton J notes at the outset that DPI is only used to established the type of
transmission (i.e. whether HTML from a web browser or peer to peer traffic),
however six lines later he suggests DPI could be used to identity particular content,
and to do so would not be a general search for information and furthermore that “the
right of privacy is not engaged by the scrutiny of files publicly made available for

33

http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1215&format=HTML&aged=0&langu
age=EN&guiLanguage=en
34
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd. ,par 107
copyright theft on the internet and nor is it engaged by deep packet inspection for the
purpose of detecting and diverting or disenabling such transmissions.”35

From the above it seems that for now, the High Court has ruled that no privacy
protection can attach to an IP address, and that no protection is available in Ireland
against any form of sniffing or monitoring carried out by third parties on individuals
internet connections. It also appears that how a “packet” may be treated differs greatly
depending on whether it is or is not of the electronic variety.

Conclusion
Charelton J concluded that the Irish Legislature did not correctly implement the e-
Commerce and Copyright Directives into Irish Law by “making no proper provision
for the blocking, diverting or interrupting of internet communications intent on
breaching Copyright”36 It seems inevitable that legislation will be required in this
area. Should they choose to allow some means of monitoring they may be well
advised to wait for the ECJ to decide on the SABAM and Phorm decisions. The other
alternative is to legislate for a “three strikes” law such as the UK and France. An
essential element of this however would be independent oversight. As Charelton
noted, the District Court would be the ideal forum for this.37

While copyright holders have been put at a disadvantage by this ruling it is clear
where Charelton J‟s sentiments lie. Thankfully however the judge felt on this
occasion it was best to defer to the legislature to come up with a solution rather than
allow private bodies decide who may, or may not, have internet access.

Any law in this area must recognise the competing right of individuals to access
communications networks, and this right should not be usurped easily.

Mícheál O‟Dowd
O‟Hanlon & O‟Dowd Solicitors
www.ohod.ie

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

35
Ibid, par 70
36
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., par 138
37
Ibid, par 62