Documente Academic
Documente Profesional
Documente Cultură
Ireland – A Chronology
Mícheál O‟Dowd
www.odowd.ie
It is hard to say where the story of the unauthorised copying of music began. The
1980s brought with it the British Phonographic Industry‟s infamous slogan “Home
Taping is killing music”, but by the turn of the century few people were still hovering
over the record button on their radio cassette for the top 40 countdown. They had
moved onto using the internet for same purpose.
There can be no question but that the Music Industry has a right in most developed
legal systems to control who can download or otherwise deal in what is their property.
In Ireland this is enshrined in the Copyright and Related Rights Act 2000.
Metallica can perhaps be credited with launching the first legal salvo against
unauthorised music downloading. The target was the then pre eminent file sharing
programme, Napster, in a California Courtroom in 20001. In A&M Records, Inc. v.
Napster, Inc. it was held by the Ninth Circuit that the owners of Napster the software
which was facilitating the breach of copyright, could control the infringing behaviour
of users, and as such were obliged to do so.
The simple solution to the ruling A&M Records, Inc. v. Napster, Inc. was that later
iterations of similar software such as Gnutella removed discretion from the equation.
Technology, rather than law tends to govern what is possible and not possible in the
relm of sharing data and the Gnutella network was designed to be decentralised, with
no one having any control over the content that it carried. No one could then shut it
down. For the Music Industry there was no longer any practical gain in pursuing the
software developers through the courts. To paraphrase WB Yeats, all changed,
changed utterly and a terrible beauty was born.
While the music industry proceeded to shut down another first generation centralised
music sharing service in 20052, the new approach was to target individual users, their
employers, universities, and in some cases parents. Hard case stories abounded,
including one where a woman described by a Federal Judge as an “Internet-illiterate
parent, who does not know Kazaa3 from kazoo, and who can barely retrieve her e-
mail” was sued for having a large amount of Gangsta Rap on her PC. The individual
in question, Patricia Santangelo had two adult children, who had downloaded the
music. After 4 years, two court cases and hundreds of thousands spend on legal fees
the Recording Industry Association of America settled the case for $7,000.4 The
policy of suing individuals was publically discontinued in the US in the 19th
December 2008 in favour of reaching individual agreements with Internet Service
1
http://www.law.cornell.edu/copyright/cases/239_F3d_1004.htm
2
http://w2.eff.org/IP/P2P/MGM_v_Grokster/
3
A file sharing program
4
http://arstechnica.com/tech-policy/news/2009/04/four-years-and-two-lawsuits-later-riaa-settles-for-
7000.ars
Providers to cut off users.5 The era of the “Three strikes” had begun in the US and
would soon be followed in Ireland.6
In Ireland, the approach of the music industry has largely mirrored the US. In EMI
Records (Ireland) Ltd & Ors v. Eircom Ltd & Anor [2005] IEHC 2337 the music
industry applied to the High Court for a “Norwich Pharmacal Order” requiring an
Internet Service Provider to disclose the names of downloaders. The Music
Companies had through their use of the Mediasentry sniffing programme uncovered
the internet protocol (IP) addresses of people who had made music available for
download. An IP address contains 4 sets of three numbers varying from 0 to 255
separated by full stops i.e. 192.168.1.2, and allows data be routed over the internet
from one computer to the other. While it can identify a particular computer, it does
not generally allow for an individual be personally identified.
Using the UK precedent of Norwich Pharmacal8 they sought to find out the names of
the 17 people behind the mask of cryptic numbers. The rule in Norwich Pharmacal
provides as follows:
“If through no fault of his own a person gets mixed up in the tortious acts of
others so as to facilitate their wrongdoing, he may incur no personal liability,
but he comes under a duty to assist the person who has been wronged by
giving him full information and disclosing the identity of the wrongdoers.
This was accepted in Irish law in Megaleasing UK Ltd. -v- Barrett and the order
sought by the Music Industry was granted by Mr. Justice Peter Kelly.
The High Court Judge also noted that there was no suggestion of any wrongdoing on
the part of Eircom, and that their opposition to releasing the names stemmed from the
duty of confidentiality they owned to their subscribers. He made the order releasing
the names of the 17 conditional on their names being kept from the public domain
save in circumstances where it might arise in the context of infringement proceedings
being as a result of the information gathered on foot of the order. Whether this
condition protected the privacy of the 17 or gave them an added incentive to settle for
whatever amount requested by the Record Companies is arguable.
While there was no official announcement like their US counterparts, the Record
Companies in Ireland must also have felt their approach was laborious and expensive.
5
http://online.wsj.com/article/SB122966038836021137.html
6
http://www.eff.org/deeplinks/2008/12/riaa-v-people-turns-lawsuits-3-strikes
7
http://www.bailii.org/ie/cases/IEHC/2005/H233.html
8
http://www.bailii.org/uk/cases/UKHL/1973/6.html
9
http://www.digitalrights.ie/2007/06/07/23-filesharers-to-be-identified-but-concerns-remain/
10
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., p32
It cost the Music Industry €680,000 in legal fees to identify 89 individuals from
whom €80,000 was recouped in settlements.11
The record companies clearly felt they had to change their enforcement tactics. While
they still recognised the ISP to be an innocent bystander in grand scheme of events,
they came to the opinion that they should be doing more to uphold copyright in
recorded music. An action was brought against Eircom Ltd., the largest ISP in Ireland
on the basis it had facilitated the breach of copyright.
The basis of the action lay in section 40(4) of the Copyright and Related Rights Act
2000. This provides as follows:
(3) Subject to subsection (4), the provision of facilities for enabling the making
available to the public of copies of a work shall not of itself constitute an act
of making available to the public of copies of the work.
The record companies no doubt contended as they later would in EMI v. UPC that by
their inaction in refusing to disconnect users who could be identified as file sharers
using sniffing software (by 2009 Dtecnet rather than Mediasentry was the preferred
software) were complicit.
Eircom settled the action before it went to hearing with the first Irish implementation
of the three strikes rule. It was agreed that the Irish Recorded Music Association
(IRMA) would send Eircom notifications containing among other things the IP
addresses of individuals they had detected as engaging in file sharing. Eircom would
then match the IP address to the account it was assigned to at the time the alleged file
sharing took place. The end result was that on the third written warning the user could
run the risk of having their internet connection cut off.
Despite the “three strikes settlement”, Eircom found themselves in Court again in July
of 200912, again pursuant to section 40(4) of the Copyright and Related Rights Act
2000. In this case the representatives of the music industry sought an injunction
against Eircom to block access to the website “thepiratebay.com”. A pattern in
Eircom‟s attitude to these cases was beginning to emerge.
11
ibid
12
http://www.bailii.org/ie/cases/IEHC/2009/H411.html
The Pirate bay is a Swedish website which hosts indices of files which can be
downloaded using the BitTorrent file transfer protocol. Internet users can browse the
website, and select various albums, films or other copyrighted material and download
it using a BitTorrent software client. While the method of transferring files is different
to the Gnutella network, the end result is similar; music gets transferred and copyright
gets breached. While there are many websites that ape the functionally of the pirate
bay,13 none have attracted the same media or judicial attention.
On the 24th July 2009 Chareton J. delivered an ex tempore judgment having heard
only the side of the case offered by the representatives of the music industry and
pursuant to a settlement having been reached by both sides. Eircom were present in
the courtroom but did not offer any defence. Relying only upon the affidavits
furnished by the music industry Charelton J took particular exception to the quote of
Mr. Peter Sunde, a co founder of the website when that individual noted:
This is how it works: Whatever you sink, we build back up. Whomever you sue, 10
new pirates are recruited. Wherever you go, we are already ahead of you. You are the
past and the forgotten; we are the internet and the future.14
The judge felt that Mr. Sunde and the piratebay were holding themselves up as being
“on some kind of a white horse”, yet deriving personal gain from assisting in the
breach of copyright. Emphasising he had heard only unopposed evidence the judge
held that he was entitled to block access to the piratebay website. He would change
his mind on the matter a year later.
EMI v. Eircom (IV) – The referral from the Data Protection Commissioner
On the 16th April 2010 the three strikes settlement was back before Mr. Justice
Charelton.15 This time the Data Protection Commissioner had raised a number of
issues regarding the lawfulness of the settlement. In particular the queries raised
regarding the implementation of the settlement were:
13
E.g. Isohunt, torrentfunk
14
It appears however this quote was incorrectly attributed to Mr. Sunde by Envisional, and it was
instead displayed on a Lithuanian website under the control of Kestas Ermanas.
15
http://www.bailii.org/ie/cases/IEHC/2010/H108.html
3. Having regard to section 2A(1) and 2B(1) of the Data Protection Act 1988
as amended, is it open to EMI and/or Eircom to disconnect subscribers
circumstances where:-
(a) In doing so they would be engaged in the processing of personal
data and/or sensitive personal data (in so far as the data can be
considered to relate to the commission of a criminal offence),
including the provision of such data from one private entity to another
private entity; and
(b) The termination of an internet user’s subscription by Eircom would
be predicated on the internet user in question having committed an
offence ...without any determination having been made by a court...
Presumably rather than going down the costly road of implementing the “three
strikes” rule and risk falling foul of the Data Protection Acts both the music industry
and Eircom felt it wise to re-enter the matter before the High Court. The Data
Protection commissioner did not appear as the office did not receive any indemnity as
to its costs. As a result Charleton J was left to make a decision without any useful
guidance from the point of view of Irish internet users, but only legal advice offered
by the music industry and a consenting ISP between whom there was no bona fide
dispute. Given the circumstances, the Data Protection Commissioner would have been
better off not referring the matter.
16
Phonographic Performance Ireland Limited v. Cody, [1998] 4 I.R. 504
17
http://technology.timesonline.co.uk/tol/news/tech_and_web/article6478542.ece
18
http://www.itu.int/net/itunews/issues/2010/06/34.aspx
19
http://news.bbc.co.uk/2/hi/8548190.stm
5) That since no accusation of a criminal offence was being levied on
subscribers, it was not necessary that there should be an investigation by an
authorised body, or a determination made by a court following the conduct of
a fair and impartial hearing, in order to determine that an offence has in fact
been committed before a subscribers internet is cut off.
There is much to criticise about the decision of Charelton J, and even more reason to
criticise the Data Protection Commissioner for causing a matter to come before the
high court without providing the assistance necessary to give a judge a full view of
the matters at hand.
Following on from the decision in EMI v. Eircom (IV), the ISP commenced issuing
letters to subscribers, although it appears at a much lower rate than sought by IRMA.
The Record Companies in keeping their side of the settlement commenced
proceedings against other ISPs on the Irish market. While Vodafone agreed to follow
in Eircom‟s footsteps20, UPC did not.
The decision of Charelton J. in EMI v. UPC was delivered on the 11th October 2010
and stretches to 82 pages. The recording companies sought an injunction restraining
UPC from what they claimed was it infringing the copyright in music by virtue of
the fact its subscribers were using its facilities to download unauthorised content.
They also sought an order blocking www.thepiratebay.org and “such other domain
names, IP addresses and URL’s as may reasonably be notified as related domain
names by the plaintiffs’ to the defendant from time to time.”
For its part UPC argued that as a broadband provider was a “mere conduit” and had
no involvement in the piracy, but merely provided a service to be used as people
chose. It also argued that it would not be just or convenient to grant an injunction
given the rights of its subscribers and that fact the court would need to be involved in
supervising its own order.
Charelton J. accepted at the outset the damaging effect that unauthorised downloading
has on the music industry and criticised UPC for their failure to address the problem
where they had an “economic and moral obligation” to do so.21
Wisely the Judge noted that a suggestion by one expert witness to block all peer-to-
peer traffic was unreasonable given the large amount of legitimate uses for which it is
put. To do so Charelton J. noted would restrict websites such as those maintained by
the BBC and RTE, and cloud services such as Amazon S3. The Judge noted that
legitimate uses for peer-to-peer were growing and its use in sharing copyright material
20
http://www.irishtimes.com/newspaper/ireland/2010/0616/1224272615990.html
21
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., Par 20
would in all likelihood be in the minority in coming years. To any blanket ban or
suggesting of blanket throttling of peer to peer the judge said:
The other solutions proposed in the case included 1) Detection, 2) the implementation
of a Global File Registry and 3) the implementation of Copysense.
The other alternatives included the use of “Global File Registry”23 which would
involve installing an appliance which would monitor files traversing the UPC network
and compare them to a database of copyrighted material. If such a copyrighted file
was found to be using the network, evidence was offered that Global File Registry
could disrupt the communication and prevent successful transmission. The judge
however felt on evidence this technology was not sufficiently mature to be the subject
of an injunction.
In the Belgian Court of Appeal, the issues between the parties were that SABAM (the
representatives of the Music Industry in Belgium) relied on national copyright laws,
interpreted in the light of Directive 2001/29 (Information Society Directive) and
2004/48 (IP Enforcement Directive), which permitted, and potentially required an
injunction to be granted against an intermediary whose services were used to infringe
copyright. The ISP however relied upon the E-Commerce Directive (2000/31), the
Data Protection Directive (1995/46) and the Privacy and Electronic Communications
22
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., par 33
23
http://www.globalfileregistry.com/
24
Sabam V. S.A. Tiscali (Scarlet) District Court of Brussels, No. 04/8975/A, Decision Of 29 June
2007 http://www.cardozoaelj.net/issues/08/case001.pdf or
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1027954
Directive (2002/58) and their corresponding national implementing legislation, and
contended that SABAM's proposals required a general surveillance of all network
traffic and was incompatible with the obligations placed on the ISP regarding privacy
and confidentiality of communications.
The conflict was not one which the court felt it could resolve on its own, as such made
the following preliminary reference being made to the ECJ:
The decision of the ECJ is still awaited. In light of the fact the Belgian Courts felt the
matter serious enough to refer to the European Court, Charelton J‟s dismissal of the
matter in the following terms is unusual: “Were there a willingness by UPC to engage
with such a system, it could readily be made to work. It is clear why they do not wish
to so engage.”
25
Bold highlighting the authors own. OJ reference: http://eur-
lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2010:113:0020:0020:EN:PDF
public copies of those sound recording without the plaintiffs’
consent using its internet service facilities.
2) Without prejudice to the generality of the foregoing order, an order
pursuant to s. 40(4) of the Copyright and Related Rights Act, 2000 that
the defendant block or otherwise disable access by its subscribers to
the website thePirateBay.org and related domain names, IP addresses and
URL’s, as set out in the schedule hereto attached, together with
such other domain names, IP addresses and URL’s as may reasonably be
notified as related domain names by the plaintiffs’ to the
defendant from time to time.
Despite the sympathy which the judge had for the recording companies he felt he
could not grant an injunction. He noted “The Court is bound.... been considered by
the Oireachtas, to apply the law within the four corners of the Copyright and Related
Rights Act 2000.”26 To do otherwise he stated “would be to ignore the power of the
Oireachtas to regulate rights in accordance with a just scheme of legislation
that balances the exercise of those rights with the responsibility of living within an
ordered society.”27 In other words, the Judge felt the doctrine of the separation of
powers prevented him legislating in what was already an area heavily regulated by
statute.
He noted that section 40(4) of the Copyright and Related Rights Act 2000 provides
that when a person is notified of material on its network and “... [where] that person
fails to remove that infringing material as soon as practicable thereafter that person
shall also be liable for the infringement. Charelton J felt however that “Cutting off
access to the computers holding pirated copyright songs is not to remove infringing
material; it is to stop the transit of that material. Further, as has been analysed in
relation to the possible responses to internet piracy, two of the programmes, namely
CopySense and Global File Registry cannot fairly, on my analysis, be described as
removing material from the internet.”28 Despite the view of one expert witness who
felt if a person stops transmitting information on a network that information can fairly
be said to be removed, the judge felt that CopySense and Global File Registry
functioned by interrupting transmission or sending warnings and did not remove
anything. Furthermore in the “three strikes” scenario the judge felt that by the time the
warnings are given the material had long since been transmitted and as such was not
capable of being removed.
As a result, the music industry could not be successful in the first element of their
claim. To decide on the second aspect, Charelton J had to revisit EMI v. Eircom (III).
The facts of EMI v. Eircom (III) are noted above, and the factual background was
similar in this case. Thepiratebay.org had proven itself to be a safehaven for pirates
and the music industry felt the world would be a better place without it. Charelton J
agreed with the sentiment, but having heard a full argument on the matter felt he did
not have the legislative authority to enjoin the existence of the website for UPC
subscribers. Accordingly the judge reached the conclusion his decision in EMI v.
Eircom (III) was incorrect.
26
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., Par 86
27
ibid
28
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., Par 100
EMI v. UPC – Privacy and Individual Rights
The EMI v. UPC decision made reference to essentially two different methods of
logging and monitoring. One method involved using software such as Media sentry or
Dtecnet at one end of a transmission. The software would spoof or lead the computer
being monitored to believe the monitoring software wished to download a particular
song in an evidence gathering exercise. The record companies then proposed they
would use this evidential matter as the basis of implementing the “three strikes” rule.
In this context the judge took the view that “there are no privacy or data protection
implications to detecting unauthorised downloads of copyright material using peer-
to-peer technology”31. This rationale is predicated on the belief, as outlined in EMI v.
Eircom (IV) that an IP address is merely a sequence of numbers that does not have the
quality of personal data.
In an international context this matter is far from settled, with the Swiss Federal
Supreme Court ruling the opposite in September 2010.32 For now however in Irish
Law any filtering, logging or monitoring at the point before a person is defined by
their name as opposed to their IP address is perfectly acceptable.
The second method of logging and monitoring involved a monitoring appliance being
positioned half ways between two computers in a transmission and utilising Deep
Packet Inspection (DPI) to monitor the content of the transmission.
29
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., par 66
30
http://www.siliconrepublic.com/comms/item/18010-irish-facebook-users-hit-1
31
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., par 68
32
http://www.edoeb.admin.ch/aktuell/01688/index.html?lang=en
“behavioural advertising” system which displays personalised adverts on websites
contingent on the results of DPI. As of September 2010 the Commission has referred
the matter to the European Court of Justice33 due to the UK in the opinion of the
Commission:
It is surprising the judge did not refer to the Postal and Telecommunications Services
Act, 1983 and its subsequent amending legislation in this paragraph. Furthermore
Charelton J notes at the outset that DPI is only used to established the type of
transmission (i.e. whether HTML from a web browser or peer to peer traffic),
however six lines later he suggests DPI could be used to identity particular content,
and to do so would not be a general search for information and furthermore that “the
right of privacy is not engaged by the scrutiny of files publicly made available for
33
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1215&format=HTML&aged=0&langu
age=EN&guiLanguage=en
34
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd. ,par 107
copyright theft on the internet and nor is it engaged by deep packet inspection for the
purpose of detecting and diverting or disenabling such transmissions.”35
From the above it seems that for now, the High Court has ruled that no privacy
protection can attach to an IP address, and that no protection is available in Ireland
against any form of sniffing or monitoring carried out by third parties on individuals
internet connections. It also appears that how a “packet” may be treated differs greatly
depending on whether it is or is not of the electronic variety.
Conclusion
Charelton J concluded that the Irish Legislature did not correctly implement the e-
Commerce and Copyright Directives into Irish Law by “making no proper provision
for the blocking, diverting or interrupting of internet communications intent on
breaching Copyright”36 It seems inevitable that legislation will be required in this
area. Should they choose to allow some means of monitoring they may be well
advised to wait for the ECJ to decide on the SABAM and Phorm decisions. The other
alternative is to legislate for a “three strikes” law such as the UK and France. An
essential element of this however would be independent oversight. As Charelton
noted, the District Court would be the ideal forum for this.37
While copyright holders have been put at a disadvantage by this ruling it is clear
where Charelton J‟s sentiments lie. Thankfully however the judge felt on this
occasion it was best to defer to the legislature to come up with a solution rather than
allow private bodies decide who may, or may not, have internet access.
Any law in this area must recognise the competing right of individuals to access
communications networks, and this right should not be usurped easily.
Mícheál O‟Dowd
O‟Hanlon & O‟Dowd Solicitors
www.ohod.ie
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
35
Ibid, par 70
36
EMI Records (Ireland) Ltd. & Ors, v. UPC Communications Ireland Ltd., par 138
37
Ibid, par 62