An analysis of the potential repercussions of the proposed Internet Service Provider Liability Act.

Recently, The Star reported that the Malaysian Parliament will be tabling the ISP Liability Act (“Act”). According to The Star, the Act makes internet service providers (ISPs) responsible for curbing online piracy. The ISP will be fined if they don’t take action against illegal downloaders.

The ISP will send two warning letters to illegal downloaders. Should the downloaders persist, their internet access will be suspended or even terminated.

It is unclear at this juncture on how far-reaching the Act would be. Will it cover all methods of downloading copyrighted materials, such as music and movies, or only through P2P file sharing software? If a user streams videos or music through a website, would they be caught under this Act? Technically in such case, there is a download of copyrighted materials into a user’s computer.

It is also unclear at this juncture on how the Act would require ISPs to monitor their users’ activities. Are they compelled to keep track of all their users’ internet activities? Or would there be a need for active participation of intellectual property rights (IPR) holders to tell the ISPs that certain IP addresses are infringing their rights, so that the ISPs can reveal the users’ details?

How it works

Making ISPs responsible for their users’ actions is not something common. Jurisdictions such as United States of America and United Kingdom have laws in place to compel ISPs to take action their users.

In some jurisdictions, IPR holders would engage a third party to monitor the internet to see whether anyone is sharing copyrighted files online. If they detect someone, they will obtain the IP address, and thereafter pass it to the relevant ISPs for them to take action against their user. If the user persists notwithstanding that warning letters have been issued, the ISPs may suspend or terminate the user’s internet access.

This is also commonly known as graduated response, or in another words the “three strikes rule”.

Repercussions

It is argued that such a law would curb online piracy. Thousands of people are dependant on the music and movie industries, and online piracy is affecting these industries severely. I do not deny that online piracy has affected these industry, but the objective of this article is to show that the repercussions of such a law are severe to internet users.

What has happened in jurisdictions containing such a law is a good indication on where the implementation of such a law will take us.

In many cases, IPR holders take additional steps against alleged online infringers. IPR holders would normally request for the identity of the internet user (normally after obtaining a Court order) from the ISPs. Some ISPs are ready to divulge such information, whereas some ISPs put up a fight. Once the identity of the user is revealed, the IPR would initiate action against the user and such active enforcement has caused terrible impact on users.

In the United Kingdom, it was reported that IPR holders will send a letter to illegal file sharers demanding payments of between GBP500 and GBP700, failing which the file sharer will be brought to Court. In the United States, a lady decided to fight it out with the recording industry instead of settling out of Court after being accused of encouraging the illegal sharing of songs. She lost the case, and was fined US$220,000. It is a classic case of David against Goliath.

Such a law will also affect internet users who do not know that their internet connection has been piggy-backed by third parties. There are many cases where users do not know that someone has used their internet connection — especially those with unsecured Wi-fi connection — and subsequently receive a demand letter for an offence they did not commit. This happened to a 78 year old man in the United Kingdom, who received a demand letter from a lawyer accusing him of downloading pornography. The 78 year old man didn’t even know what file-sharing was!

At this juncture, we do not know whether the Act would provide for a defence of innocent infringement. But the fact that one can receive a demand letter from lawyers for something that one has not done is quite frightening.

Children are now exposed to the internet at very young age. They may not know that their act of sharing and downloading music or videos will cause serious repercussions to them. A child would obviously choose to download the latest single of Justin Bieber from the internet instead of begging and pleading with his or her parents to buy it. One would argue that we ought to teach our children against online piracy. But all parents know that not all of their advice is always heeded.

In Singapore, it was reported that Odex Pte Ltd, a distributor of Japanese anime in Singapore, had issued demand letters to children as young as 9 years old accusing them of illegal downloads. Further, in the United States, 16 year old Whitney Harper was sued by the recording industry after she was found sharing music via a P2P file sharing program. She claimed that she didn’t know the program she used was taking songs from the internet illegally. Notwithstanding that, judgement was entered against her.

The enactment of the Act would also be another deterioration of our (almost non-existence) privacy rights. Malaysian laws do not recognize invasion of privacy rights as an actionable wrongdoing (see Ultra Dimenson Sdn Bhd v. Kook Wei Kuan [2004] 5 CLJ 285; Dr Bernadine Malini Martin v MPH Magazine Sdn Bhd & Ors and Another Appeal [2010] 7 CLJ 525; and Lew Cher Pow @ Lew Cha Paw & 11 yang lain lwn. Pua Yong Yong & Satu Lagi [2009] 1 LNS 1256) except in very limited circumstances (Maslinda Ishak v. Mohd Tahir Osman & Ors [2009] 6 CLJ 655).

ISPs are the “guardians” of our rights of privacy. They hold the key to our identity in the internet. Our identity, surfing habits and internet activities are our personal data and ISPs ought to give priority of such data over commercial interest of others.

By giving access to our personal data to third parties, our privacy is at risk, and such a risk is real. Recently, ACS:Law, a law firm specialising in taking action against file sharers in the United Kingdom, had accidentally divulged information of thousand of broadband users who were accused of illegal file sharing. The information that was leaked were unencrypted Excel spreadsheets, listing the names and addresses of people that ACS:Law had accused of illegally sharing media. One contained details of customers whom they had accused of illegally sharing pornography!

FCL1

In light of the ACS: Law case, some ISPs in the UK resist efforts to divulge customer details to IPR holders. I urge the same is followed by our local ISPs in order to protect internet users’ privacy.

It should be remembered that customer data is protected under the upcoming Personal Data Protection Act 2010, which provides for a fine or imprisonment or to both in the event of a breach.

Lawyers appointed to act for IPR holders should also be vigilant when dealing with internet users. Solicitors who had been representing IPR holders were subject to public humiliation and harassment by internet users.

A partner of ACS: Law, one of the main targets.
A partner of ACS: Law, one of the main targets.

Assuming that the Act would push through in any event, I urge our local ISPs to only take action or to provide customer information to IPR holders if they are satisfied that —

  1. there is strong evidence to show infringing act has been committed by user, if possible only provide information if infringement is on a large or commercial scale or for commercial gain;
  2. the requester’s storage system is secure, and they have given an undertaking that information will be kept securely e.g. encrypted;
  3. the requester will only use that information for the purpose of pursuing legal action only and not to published it anywhere else; and
  4. the requester is compelled to give access to the information obtained from ISPs to customers to ensure that a fair case can be fought.

Closing

I am not a file sharing advocate, and I do not condone internet piracy. I am only seeking to raise awareness of the repercussions of such a law. I hope what I have mentioned above is considered by the law and policy makers.

I would like to express my gratitude to David Wang of Blogjunkie.net for raising this issue on his blog.

Cheng Leong is a blogger pretending to be a lawyer, and a lawyer pretending to be a blogger. When not earning money blogging at xes.cx, he picks up pocket money as an information technology / intellectual property lawyer. He tweets @xescx.

Foong Cheng Leong is a blogger pretending to be a lawyer, and a lawyer pretending to be a blogger. He blogs at xes.cx and foongchengleong.com, and tweets at @xescx and @FCLCo.