Tuesday, January 08, 2013

Mass Copyright Litigation in Canada: Some Observations on the Roles and Responsibilities of ISPs and their Customers

Here are some observations of about certain aspects of possible mass copyright litigation in Canada. In some instances, mass copyright litigation has aptly been referred to as “troll” litigation. Nothing in what follows is necessarily a comment about any particular case or situation, unless it is explicitly so indicated. Above all, nothing that follows endorses copyright infringement by individuals in the form of illegal downloading or file sharing (sometimes called “piracy”, although this term is seriously inappropriate and misleading when applied to individuals who are engaged in non-commercial activity). 

Let us be clear. No responsible copyright lawyer would ever encourage activity that flouts or undermines the purpose of copyright law. But that said, serious damage can also be done and disrespect for the law will inevitably result if privacy laws are breached, ignored or not adequately observed in situations where innocent persons who may even have been mistakenly identified are dragged into litigation or into a “machine” designed to use the threat of litigation to extract large “settlements”. Such settlements will frequently be paid because it will almost invariably seem cheaper  to “settle” than to fight, due to the normally insurmountable difficulties of finding competent and cost-beneficial access to justice in such circumstances. Even if the defendants have been accurately identified, it is highly questionable whether Parliament intended the Canadian courts to become a part of an aggressive en masse settlement extraction scenario that has proven futile elsewhere in inhibiting infringement. Even the RIAA (Recording Industry Association of America), which started this type of litigation in the USA and is not known for being particularly sensitive to public opinion, has now abandoned the pursuit of any new mass litigation or “settlement” activity.

Other matters should be also made clear.  There is no reason to believe that the taking of active, reasonable and responsible steps by an ISP to safeguard and preserve its customers’ privacy would in any way jeopardise the ISPs cherished “neutrality” status. There is nothing in existing Canadian law or the still un-proclaimed provisions of Bill C-11 that would point to the contrary.   What is apparent, however, is that ISPs are subject to PIPEDA privacy law and cannot divulge customer’s private information in a mass copyright litigation  case without the customers’ consent or a court order. In the BMG decision in 2005, the Federal Court of Appeal (“FCA”) made it clear that:
Pursuant to PIPEDA, ISPs are not entitled to "voluntarily" disclose personal information such as the identities requested except with the customer's consent or pursuant to a court order.

Defending privacy is in no way whatsoever tantamount to encouraging or even tolerating piracy.

The only real question is how far an ISP should be expected to go to protect its customers’ privacy by ensuring that a court order is warranted in the circumstances.   Indeed, that is the front-line and threshold question. This is because there will be cases where copyright owners seek to engage in “trolling” activity and clearly or arguably do not have an adequate basis to obtain a court order disclosing the names of dozens, hundreds or thousands of subscribers. This was precisely the case in the BMG v. Doe case in 2004 and nothing has materially changed since then and the resulting landmark 2005 ruling from the FCA upholding the requirement that there must be, inter alia, a bona fide intention of suing and that there must be reliable, admissible, timely and non-hearsay evidence to warrant such a disclosure order.  More about the BMG decision below.

Shaw and Telus bravely paved the path for timely and straightforward challenges by ISPs when disclosure material was inadequate. CIPPIC played a key role in that case and I was honoured to be CIPPIC”s lead counsel. The path is now paved and the process is now clear and potentially even be easy in some cases. In appropriate cases, it would be a simple, inexpensive and risk-free effort for an ISP to actively step up to the plate to safeguard its customers’ privacy.  Indeed, it is conceivable that in some cases there may be a real risk in not challenging the adequacy of the disclosure order material, both in terms of a business and even, conceivably, a legal sense.

It is a legitimate question to ask whether an ISP, rather than categorically deciding a priori not to resist disclosure motions, should at least be expected to review the supporting documentation, to get an expert opinion as to whether it meets the requirement of the law as laid down by the courts and Parliament, to notify all of its customers of the  proceeding  (if it is too burdensome to notify only those whose IP address has been singled out by the would-be plaintiff), to post copies of these documents, and to explain why, if it is the case, that it believes that there is no reasonable basis to challenge the disclosure motion on privacy grounds.

The law in Canada, based upon the 2005 BMG decision in the FCA , is really quite simple. A list of names and addresses of alleged infringers should not be handed over by an ISP to a plaintiff unless certain conditions are met. As I wrote in 2005, closely tracking the actual FCA language: 

- The plaintiff must show that it has “a bona fide
claim” against the proposed defendant, “...i.e.,
that they really do intend to being an action…
based on the information they obtain, and that
there is no other improper purpose for seeking
the identity of these persons”.

- The bona fide claim must be based on admissible
evidence linking the IP address(es) with the
impugned action(s).

- “There should be clear evidence to the effect
that the information cannot be obtained from another
source such as the operators of the named

- “...[T]he public interest in favour of disclosure
must outweigh the legitimate privacy concerns
of the person sought to be identified if a disclosure
order is made”.

- The information on which a request for identification
is made (e.g., IP address) must be timely;
no undue delay between investigation and motion
for disclosure.

- The plaintiffs must not collect more personal
information than necessary for the purpose of
their claim.

- Re: disclosure orders, “…caution must be exercised
by the courts in ordering such disclosure,
to make sure that privacy rights are invaded in
the most minimal way”.21 In particular, “...if a
disclosure order is granted, specific directions
should be given as to the type of information
disclosed and the manner in which it can be
used”. In addition, the court should consider
making a confidentiality order or identifying the
defendant by initials only.
(footnotes omitted, emphasis added)

One paragraph from the BMG decision should be quoted its entirety:
21]            Much of the crucial evidence submitted by the plaintiffs was hearsay and no grounds are provided for accepting that hearsay evidence. In particular, the evidence purporting to connect the pseudonyms with the IP addresses was hearsay thus creating the risk that innocent persons might have their privacy invaded and also be named as defendants where it is not warranted. Without this evidence there is no basis upon which the motion can be granted and for this reason alone the appeal should be dismissed.

Anyone wanting to drill deeper can read the BMG case, and my  own short article here. By the way, the Canadian subsidiaries of the multinational record companies either could not or chose not to come back to the Court with the required evidence. The BMG litigation  just quietly faded away without any names being handed over and nobody was ever sued.

In the USA, the record companies pressed further and longer, and in couple of notorious cases achieved enormous jury awards of hundreds of thousands (in the Jamie Thomas Rasset case almost $2 million now cut back to $222,000)  for the illegal downloading of a few songs worth $0.99 each on iTunes. The Thomas-Rasset case may yet reach the US Supreme Court on the constitutionality of these enormous statutory damage awards. Canada has wisely attenuated the upper end of such statutory damage awards to $5,000 where the activity is non-commercial.  

Electing to seek this $5,000 statutory damage award will have the interesting effect of barring the plaintiff and any other copyright owners from seeking any statutory damages for any other non-commercial  infringing activity that took place before that litigation commenced. It would seem unlikely to the point of being inconceivable that any one plaintiff could prove actual damages or any other head of damages that would exceed the $5,000 cap on statutory damages for non-commercial activity. Damages for loss of profits would be negligible and the possibility of damages for conversion has long since been abolished.

If any mass litigation gets to the point of actual law suits, there could be any number of possible legitimate procedural steps that defendants could take to safeguard their interests that would render the pursuit of such en masse litigation uneconomical for the plaintiff. I will come back to this point, if it ever becomes necessary. 

Flash forward from 2005 to 2011 when Voltage Pictures sought disclosure of customers’ private information from certain Quebec-based ISPS, one of which, Vidéotron, was actively on side with BMG in 2004. In any event, the ISPs simply took no position and did not oppose the order or even appear at the hearing of the motion. The Federal Court was apparently satisfied with the paper work that was presented and left unchallenged.  The proper parties had been served. Understandably, the court  granted the order. It is not the court’s role nor is the court equipped to conduct its own investigation, which might even require cross-examination, into the adequacy of such material.

Unopposed rulings rarely set important precedents and this one breaks no new ground and is no exception. However, it does tend to confirm that if a plaintiff presents the court with paper work that at least appears to be adequate and in apparent good order and is left unchallenged, it will get its disclosure order. That does not mean that ISPs should shirk their responsibilities where the material may not appear to be adequate. To the contrary, it confirms that an ISP cannot necessarily assume that a court can or will take it upon itself to reject inadequate material, if the material is indeed inadequate. (I make no comment on the material in that particular case.)

Voltage was given a timetable pursuant to which it was expected by the Court to identify the potential defendants in the litigation, etc.  For unknown reasons, Voltage did not follow through on this and  it never actually sued anyone in that case. Its counsel advised the Court on March 28, 2012 that the case was being discontinued. It is not known whether any “settlements” were ever sought or procured prior to the discountenance.

Individual users who fear that their names will be handed over are essentially helpless at the outset – both for economic and legal reasons.  It is simply not viable for individuals to put their name on the record and to retain counsel in order to stop this process before they are even sued – even if it is clear that it could and should be stopped. The individuals in these cases are not RIM or isoHunt, who have sufficient resources and have successfully used peremptory proceedings to advantage to deal with threatened copyright litigation.
It’s not just remaining anonymous that could be a problem, and which might very well be a problem for any individual seeking to engage at a peremptory stage. The problem will be the disproportionate expense that would be incurred and the long-shot odds of being able to recover anything close to reasonable legal costs. Any lawyer thinking of getting involved on a pro bono or discounted basis at this pre-litigation or even early litigation stage on the assumption that the involvement will be short should realize that getting off the record may be very difficult if the proceedings continue, even if the client refuses to pay.

Obviously, ISPs are not required or expected to fight to the finish or even at all on each and every disclosure application. However, if the material served on an ISP is clearly deficient, or even arguably deficient in light of  the BMG case, the ISP must then decide if it should object to the disclosure order. Leaving aside whether there is any legal obligation on the ISP to do so, there may be good business reasons to do so. The main one would be that of keeping its customers happy – and even keeping them at all. Then, of course, there is the question of what is “the right thing to do”.

Suppose that an ISP promises in its advertising, terms of service or otherwise that customers have a right to have their privacy safeguarded and that it will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law.

Then, it is arguable that customers would, at the very least, expect that ISP to scrutinize any disclosure motion material very carefully and to oppose it if it appears to be clearly or even arguably deficient.  Whether this an issue of privacy law requirements, contract law, consumer protection law, or simply a question of being “the right thing to do”, there will be an expectation that an ISP should step up to the plate when the material is not sufficient to warrant disclosure.

Many would argue forcefully that it’s not only the right thing to do but it’s an ISP’s job and duty to guard against clearly (or even arguably) inadequate attempts to open the door to mass litigation against its customers. That has enormous privacy implications. Shaw and Telus fought hard for this in 2004, with Bell and Rogers at least somewhat supportive. An ISP that stands up in this type of situation is not taking sides in the copyright wars; it is only defending its customer privacy – which is arguably, at the very least, not only the right thing to do but the smart thing to do.

Our judicial process is based upon the “adversarial system”. If nobody steps up to the plate to oppose a proceeding, and the paperwork is in order, the Court cannot be expected to conduct its own inquiry as to the adequacy of the paper work. A non-profit organization such as CIPPIC cannot be expected to intervene in  every instance of inadequately framed mass litigation disclosure motions simply because others who could or should do so are unwilling or don’t care.  In any event, it cannot be assumed that an intervener such as CIPPIC would be given the right to cross-examine on an apparently problematic affidavit, if this were in fact the situation.

ISPs are the only entities in the system that are in a position to efficiently assist the court in these situations and, at the same time safeguard their customers’ privacy by challenging the sufficiency of a disclosure motion when warranted.  As in so many aspects of the Canadian copyright system, there is a delicate balance here. Deserving copyright plaintiffs are entitled to adequate, effective and efficient remedies under appropriate circumstances. However, when they cannot make their case because they cannot or will not provide adequate evidence to warrant the disclosure of massive numbers of defendants’ identities, the required balance of the system requires that someone needs to step forward to make that point.

In most cases, for ISPs to step up to the plate at the preliminary disclosure stage will involve only a modest expenditure to assess the material and to proceed, if the material is clearly or arguably deficient. Doing so at this stage may even pay substantial dividends in good will. Doing the right thing is often the right thing to do, both for legal and business reasons.


No comments:

Post a Comment