The question of whether technology intermediaries such as internet service providers (ISPs) and website hosts should be liable for acts of copyright infringement by their users has been at the forefront of copyright law for the last three decades. Yet despite a number of high-profile cases grappling with this question,¹ and repeated legislative and policy debates,² the law concerning intermediary copyright liability has not developed in a clear and predictable way. In Australia, we still do not have a reliable framework for determining if particular intermediaries should be liable for the infringement of third-party users, let alone to what extent they should be liable. This chapter considers the liability of so-called “passive” intermediaries, which are those intermediaries—like ISPs—that have not actively helped users to infringe copyright but which face liability because they have not acted to stop the infringement. It argues that principles of negligence under tort law, which consider whether the intermediary has a duty to act and whether that duty has been breached, may provide a more coherent framework for assessing the copyright liability of passive intermediaries in Australia. In particular, the concept of control in tort law is far more robust than that currently found in Australian copyright law. This chapter uses the Australian High Court decision in Roadshow Films Pty Ltd v iiNet Limited [2012] as a case study to examine the creep of tort principles into copyright analysis and to demonstrate how the High Court used those principles to inform their understanding of an intermediary’s control over the infringing actions of its users.

In Australia, intermediary liability is said to arise from the word “authorise” in sections 36(1) and 101(1) of the Copyright Act 1968, which provide that copyright is infringed by a person who does or authorises the doing of one of the exclusive acts reserved to the copyright owner. “Authorise” has been held to mean: “sanction, approve, countenance,”³ and it is on that definition that Australian intermediary liability doctrine is based. The High Court of Australia has recently criticised the fact that authorise has been defined by reference to its dictionary synonyms, especially since the words “sanction”, “approve” and “countenance” have no fixed legal meaning within copyright law.⁴ “Countenance”, for example, has a number of meanings that are not co-extensive with the common understanding of “authorise”.⁵ Intermediary copyright liability (or authorisation liability, as it is known in Australia) therefore sits on rocky foundations. The doctrine has not developed in a principled manner, resulting in significant ambiguity about the scope of liability for intermediaries in Australia.⁶

A recent decision of the High Court of Australia has subtly shifted the discourse away from these vague definitions in copyright law towards better-established principles in tort. In Roadshow Films Pty Ltd v iiNet Limited [2012] the High Court unanimously held that iiNet, Australia’s second largest ISP, was not liable for the acts of its subscribers who had communicated copyrighted films to other users over BitTorrent. The Court found that iiNet lacked the power to prevent the infringing uploads except by terminating its contractual relationships with its subscribers (in effect, terminating the subscribers’ internet access). Members of the High Court used a notion of control influenced by tort law to hold that a power to prevent infringement at an abstract level (by terminating internet access) did not amount to effective control over infringing users and so did not give rise to a duty to act to prevent the infringements. This was an unusual development, because principles of tort law have never featured prominently in Australian copyright discourse.⁷

In the United States, intermediary copyright liability developed from common law principles originating in tort. Intermediary liability for copyright infringement has traditionally been grounded in legal concepts of vicarious liability, which has its origin in agency,⁸ and contributory infringement, which is based upon principles of joint tortfeasorship.⁹ By contrast, authorisation liability in Australia derives from statute, as interpreted by the courts. In fact, courts have traditionally denied the relevance of common law tort principles, stating that authorisation liability in Australia is distinct from liability for the acts of agents or employees and liability as a joint tortfeasor.¹⁰

In Australia, intermediary liability is said to arise from the word “authorise” in sections 36(1) and 101(1) of the Copyright Act 1968, which provide that copyright “is infringed by a person who, not being the owner of copyright, and without the licence of the owner of the copyright, does in Australia, or authorizes the doing in Australia of, any act comprised in the copyright.”¹¹ “Authorise” was defined in the leading case of University of New South Wales v Moorhouse (1975) to mean: “sanction, approve, countenance.”¹² The Moorhouse case was brought as a test case to ascertain whether the University of New South Wales would be liable for making photocopy machines available in its library (where people could take books off the shelves and photocopy them from a small fee) without supervision or display of proper copyright notices. A majority of the High Court found the University liable. The most influential judgment was that of Justice Gibbs, who stated:

It seems to me… that a person who has under his control the means by which an infringement of copyright may be committed – such as a photocopying machine – and who makes it available to other persons, knowing, or having reason to suspect, that it is likely to be used for the purpose of committing an infringement, and omitting to take reasonable steps to limit its use to legitimate purposes, would authorize any infringement that resulted from its use.¹³

This statement is widely considered to be the model for sections 36(1A) and 101(1A), which were inserted into the Copyright Act 1968 in 2000.¹⁴ They provide that in determining whether a person has authorised infringement, the court must take into account:

• 
  
  (a) the extent (if any) of the person’s power to prevent the doing of the act concerned;
  
  
• 
  
  (b) the nature of any relationship existing between the person and the person who did the act concerned;
  
  
• 
  
  (c) whether the person took any other reasonable steps to prevent or avoid the doing of the act, including whether the person complied with any relevant industry codes of practice.

The power to prevent infringement, which loosely correlates to control, is the first factor to which judges must turn their minds. It is therefore an important feature of the authorisation doctrine in Australia. In Roadshow Films Pty Ltd v iiNet Limited [2012], the High Court departed from established authority to examine this factor with reference to tort law. Two judges expressly referenced principles derived from tort cases in ascertaining the meaning of control where passive intermediaries have failed to act to stop infringement. The remaining three judges, while not referring to tort principles directly, read down the power to prevent factor in a way that accords with a tort-influenced approach. Section 11.3 describes, in brief, the facts of this case and the tort law references made by the court.

iiNet, Australia’s second largest ISP, provides general internet access to subscribers under the terms of its Customer Relationship Agreement. The agreement states, in clause 4, that the subscriber must comply with all laws in using the internet service, and must not use or attempt to use the service to infringe another person’s rights. It further provides, in clause 14, that iiNet may, without liability, immediately cancel, suspend or restrict the supply of the service if the subscriber breaches clause 4 or otherwise misuses the service.

In August 2007, the Australian Federation Against Copyright Theft (AFACT),¹⁵ a body which represents the interests of copyright owners and exclusive licensees in films and TV programs in Australia, hired DtecNet Software, a software company, to gather evidence of apparent copyright infringement by Australian internet users. From July 2008 to August 2009, AFACT sent notices (“the AFACT notices”) to iiNet on a weekly basis, alleging that iiNet subscribers (identified by IP addresses) were downloading and sharing movies via BitTorrent. In response, iiNet raised two issues: it could not understand AFACT’s data, and that an IP address was insufficient to identify a particular internet user. iiNet stated that AFACT should refer its allegations to the appropriate authorities. iiNet did not suspend or terminate any subscriber account under the terms of its Customer Relationship Agreement in response to the AFACT notices, nor did it send warning notices to its subscribers.¹⁶

The case against iiNet was brought by an alliance of movie studios and media companies, including Village Roadshow, Universal Pictures, Paramount Pictures, Warner Brothers Entertainment, Sony Pictures Entertainment, Twentieth Century Fox and Disney. The movie companies argued that by doing nothing in response to the AFACT notices, particularly by failing to enforce the terms of its Customer Relationship Agreement, iiNet had at least ‘countenanced’ the infringements. Therefore, by failing to take reasonable steps to prevent subscribers from downloading and sharing infringing copies of films, iiNet had authorised the infringing acts of its subscribers.

The case came to the High Court on appeal from the Full Court of the Federal Court of Australia. The High Court was unanimous in finding that iiNet had not authorised the infringements. The High Court delivered two separate judgments. The first, a joint judgment by Chief Justice French and Justices Crennan and Kiefel, focused on the statutory language in s 101(1A) of the Copyright Act 1968 to find that iiNet’s power to prevent was limited: “It had no direct power to prevent the primary infringements and could only ensure that result indirectly by terminating the contractual relationship it had with its customers.”¹⁷ Additionally, the judges noted the inadequacy of the information in the AFACT notices, holding that the notices did not provide enough evidence to compel iiNet to act.¹⁸ However, it is the second joint judgment by Justices Gummow and Hayne that is of greater interest for the purposes of this chapter. Their Honours drew principles from tort law in finding that iiNet did not have a duty to act to stop subscribers from infringing copyright owners’ rights. This is an interesting development, given that Australian courts have seldom relied on tort law in framing authorisation liability.

In their reasons, Justices Gummow and Hayne described the appellants’ case by reference to the elements of negligence in tort:

• 
  
  [C]ounsel for the appellants appeared to accept that their case posited a duty upon iiNet to take steps so as not to facilitate the primary infringements and that this duty was broken because, in particular, iiNet did nothing in that regard.
  
  
• 
  
  So expressed, the appellants’ case resembles one cast as a duty of care owed to them by iiNet, which has been broken by inactivity, causing damage to the appellants.¹⁹

Indeed, the appellants had placed significant weight on s. 101(1A)(c) of the Copyright Act 1968 in arguing that because iiNet had not taken any reasonable steps to “prevent the continuation of the [infringing] acts” it had exhibited indifference about the infringements.²⁰ They asserted that indifference in the face of knowledge or suspicion of copyright infringement amounted to countenancing infringement. The appellants therefore argued that even though iiNet had not taken any steps to facilitate infringement, it should nonetheless be held liable because it had not acted to stop the infringement. They stated:

At the least, such conduct amounted to countenancing the infringements of copyright for the purposes of authorization. Despite its denials of authorization, iiNet permitted the users of its internet service to infringe without interruption or consequence. It did so because it did not believe that it was required to act, because ‘it had no legal obligation to act’.²¹

The question of whether or not iiNet did have an obligation or duty to act was at the core of Justices Gummow and Hayne’s legal analysis. Their Honours referenced several tort law principles in examining the circumstances in which a duty to act to protect another will arise. First, they quoted the following passage from a 1914 article on the tort liability of public authorities:

The cases in which men are liable in tort for pure omissions are in truth rare…The common law of tort deals with causes which look backwards to some act of a defendant more or less proximate to the actual damage, and looks askance at the suggestion of a liability based not upon such a causing of injury but merely upon the omission to do something which would have prevented the mischief.²²

Next, their Honours looked to the separate judgments of Chief Justice Gleeson, Justice Gaudron, Justice Hayne and Justice Callinan in Modbury Triangle Shopping Centre Pty Ltd v Anzil (2000), a personal injury case.²³ They stated that these judgments were “recent affirmations of the general rule of the common law that in the absence of a special relationship one person has no duty to control another person to prevent the doing of damage to a third.”²⁴

Justices Gummow and Hayne dismissed the appeal, finding for iiNet. They held that only in a very attenuated sense did iiNet have the ability to “control” the primary infringements, and that for this reason, iiNet could not be liable for failing to act to stop the infringements.²⁵ Their Honours concluded: “The progression urged by the appellants from the evidence, to ‘indifference’, to ‘countenancing’, and so to ‘authorisation’, is too long a march.”²⁶

The principle relied upon by Justices Gummow and Hayne that it is rare, in tort, to find liability for pure omissions, has existing High Court authority. In Modbury Triangle Shopping Centre Pty Ltd v Anzil (2000), Chief Justice Gleeson said, “[T]he general rule that there is no duty to prevent a third party from harming another is based in part upon a more fundamental principle, which is that the common law does not ordinarily impose liability for omissions.”²⁷

For the law to impose liability for an omission to act, there must first be a duty to act.²⁸ The alleged duty should be specific and clearly articulated.²⁹ In Roadshow Films v iiNet, the appellants claimed that iiNet had a duty to do something to prevent the infringements, but they did not state to the satisfaction of the High Court what this something was or ought to be. This created a problem in determining the scope of the apparent duty that iiNet owed to the appellants. A similar problem arose in the Modbury Triangle case. There, the respondent worked in a video store in a shopping centre owned by the appellant. The shopping centre had a large outdoor car park, in which the respondent had parked his car. The car park was lit until 10 pm. On the night in question, the respondent had closed and exited the video store around 10:15 pm. He walked to his car in the dark, and was assaulted and badly injured by three unknown men. The respondent sued the appellant in tort for damages for personal injury, arguing that the appellant should have acted to protect employees by keeping the car park lights on at least until the last employee had left for the evening. A majority of the High Court found that this did not properly define the scope of the purported duty. It was relevant that the shopping centre had ATMs which were accessible by members of the public all night. Chief Justice Gleeson stated, “If the appellant had a duty to prevent criminal harm to people in the position of the first respondent, at the least it would have had to leave the lights on all night; and its responsibilities would have extended beyond that.”³⁰ Justice Callinan said:

• 
  
  The respondents initially put their submission on the first issue in very broad terms indeed. They said that the scope of the duty of care owed by a landlord in control of commercial premises to employees of its tenants is to minimize the risk of injury to them by criminal acts of third parties, wherever it is reasonably foreseeable that criminal conduct may take place, and the cost of minimizing or eliminating that risk is reasonable.
  
  
• 
  
  The submission goes beyond any formulation of the duty to be found in any of the decided cases of this country.³¹

Justice Hayne, similarly, thought that the duty alleged by the respondent was not a duty to light the car park. “The failure to light the car park was no more than the particular step which the respondents alleged that reasonable care required the appellant to take.”³² Justice Hayne emphasised the difference between a duty and reasonable steps taken in furtherance of a duty. This is a distinction that also applies in the context of authorisation liability—It is the difference between “power to prevent” under s. 101(1A)(a) of the Copyright Act 1968 and “reasonable steps [taken] to prevent or avoid [infringement]” under s. 101(1A)(c).

In the iiNet case, while the appellants declined to specify what exactly iiNet would be required to do to avoid authorising infringement, they indicated that, at the very least, iiNet should have sent warning notices to the subscribers identified by AFACT as infringing copyright. This is akin to the Modbury Triangle respondents arguing that the appellant should have prevented the criminal assault at least by leaving the lights on. Like leaving the lights on, sending a warning notice might constitute a step taken in furtherance of a duty, but it is not the duty itself.

In the iiNet case, the primary acts of infringement were committed by third parties whose only relationship to iiNet was a contractual one to acquire internet access. It was not alleged that iiNet helped these third parties to infringe copyright by providing them with the software used to share the digital files or by telling them how to copy and share digital files.³³ iiNet had no connection with or control over the BitTorrent protocol used by the infringing subscribers. Rather, the claim was that iiNet had the power to prevent the infringements under s. 101(1A)(a) but did nothing to stop them. A traditional copyright assessment would look to iiNet’s contractual power to terminate or suspend infringing subscribers’ accounts under the terms of the Customer Relationship Agreement. This, arguably, constitutes a power to prevent the infringements under s. 101(1A)(a). The copyright-based approach is not particularly nuanced, and provides no means of distinguishing between a technical power to prevent infringement of the kind arguable in the iiNet case and the existence of real and actual control over the infringing acts. The concept of actual control has been more thoroughly explored in tort authorities.

Control was a central feature of the tort law cases referred to by Justices Gummow and Hayne in their reasons. In Brodie v Singleton Shire Council, a case dealing with the liability of highway authorities, the court focused on whether the highway authority had control “over the source of the risk of harm to those who suffer injury.”³⁴ In that case, the source of the risk was a faulty bridge that had not been repaired. The court ultimately found that the highway authority did have sufficient physical control over the bridge in question, and so was liable for the plaintiff’s injuries that had occurred when the bridge collapsed. Justices Gaudron, McHugh and Gummow stated, “[T]he factor of control is of fundamental importance.”³⁵

In Modbury, the court emphasised that the defendant must have some (real) control over the actions of the third party who caused the harm before liability will follow. Chief Justice Gleeson stated that the appellant in that case “had no control over the behaviour of the men who attacked the first respondent, and no knowledge or forewarning of what they planned to do.”³⁶ Justice Hayne noted that the appellant’s ability to control the lighting of the car park was central to the respondent’s case. However, this misconstrued the issue of control, which was really about whether the appellant could control the men who assaulted the respondent. Justice Hayne found that the duty asserted by the respondent was a duty “to take reasonable steps to hinder or prevent criminal conduct of third persons which would injure persons lawfully on the appellant’s premises.”³⁷ He held that this amounted to a duty to take steps to affect the conduct of persons over whom the appellant had no control. He concluded, “No such duty has been or should be recognized.”³⁸

Justice Hayne in Modbury highlighted that the ability to control and the ability to hinder are two different things and should not be confused. To hold the appellant liable for failing to take small steps which might have reasonably hindered the offending behaviour would cast the net of tort liability too wide, by holding the appellant responsible for conduct it could not control and where its contribution to the harm was negligible.³⁹ Justice Hayne emphasised that the coherence of tort law depends upon “the notions of deterrence and individual responsibility.”⁴⁰ To hold the appellant liable in circumstances where it had not contributed to the wrong would do nothing to further the goal of promoting individual responsibility for one’s actions.

Chief Justice Gleeson made a similar point in his reasons. He said, “The respondents submitted that the appellant assumed responsibility for the illumination of the car park. That submission confuses two different meanings of responsibility: capacity and obligation.”⁴¹