Downloading Personal liability
Directors and Managers liability for copyright infringement over the internet.
Grant Hansen, Partner, Holman Webb.
A person who has under his control the means by which an infringement of copyright may be committed – such as a photocopying machine – and who makes it available to other persons, knowing, or having reason to suspect, that it is likely to be used for the purpose of committing an infringement, and omitting to take reasonable steps to limit its use to legitimate purposes, would authorise any infringement that resulted from its use. University of NSW v Moorehouse 133 CLR 1 per Gibbs J (at 13)
Moorehouse was decided in 1975 at a time when photocopiers were still a novelty (to the best of my recollection they did one sheet at a time and made gurgling noises) and reproduction of copyright material was laborious and slow.
In the 21st century the digital economy is predicated on the transmission - the reproduction – of information and every business in the country has “under its control the means by which an infringement of copyright may be committed”.
So if employees or contractors of a company use the company’s computers and internet connection to download or transmit unauthorised copies of copyright material – be that software, music or film – the individuals in charge are potentially personally liable.
As such directors and managers of companies need to understand that as individuals they may be personally liable for secondary infringement by authorisation. This is particularly so given that a person may authorise an infringement by merely “countenancing” the infringement..
Authorisation of Copyright Infringement defined
So what does authorisation mean? Courts have repeatedly found that authorise means to “sanction, approve or countenance”. See for example the High Court’s decision in University of NSW v Moorehouse 133 CLR 1 at 12.
Section 36 9(1A) of the Act identifies the following factors which must be taken into account when determining whether a person has authorised an infringing act:
a) The extent of the person’s power to prevent the doing of the infringing act;
b) The relationship between and the person who did the act;
c) Whether the person took reasonable steps to prevent the doing of the act.
iiNet and direct control
In Roadshow Films Pty Ltd v iiNet Ltd (2012) 95 IPR 29 however, the High Court adopted a somewhat more permissive approach to authorisation than had been expected. That case concerned the liability of an ISP for infringements by its customers. The High Court found that even if iiNet had encouraged or turned a blind eye to infringing conduct they still could not authorise it, absent a direct means of preventing the actual infringement. Disconnecting the erring customer was not such a direct means. As Gummow and Hayne JJ (at paragraph146) put it:
… iiNet only in an attenuated sense had power to "control" the primary infringements utilising BitTorrent. It was not unreasonable for iiNet to take the view that it need not act upon the incomplete allegations of primary infringements in the AFACT Notices without further investigation which it should not be required itself to undertake, at its peril of committing secondary infringement.
But the iiNet decision turned very much on its own facts . The customers of an ISP stand in a completely different position to employees or contractors who work under direction. A director or manager may well have the requisite direct control which iiNet was found to lack.
How much control and knowledge is required for liability to arise?
Earlier decisions such as Universal Music Pty Ltd and ors v. Sharman Licence Holdings Pty Ltd and ors (2005)65 IPR289 (known as “Kazaa”) and Cooper v Universal Music Pty Ltd (2006) 71 IPR 1 are still authority for the proposition that a person with power to prevent infringement, who is aware of the possibility of infringement, will be taken to have authorised infringement, if they to do what they can to avoid the infringement.
Indeed, such a person may “countenance” the infringement without having any specific knowledge of it.
In APRA v Metro on George Pty Ltd 61(1974) IPR 575 the owner of a live music venue was found to have authorised infringement notwithstanding having no direct knowledge beforehand of the music being performed and despite its contract with the promoter containing warranties of no infringement. Significantly, the owner was on notice that infringement had occurred at its venue and its standard contract with performers permitted it to terminate engagements where licencing could not be shown. The owner however, made no attempt to investigate whether the performances planned were of licenced material.
In Cooper the defendant argued that he did not have the power to prevent infringement and relied on the observation of Lord Templeman in CBS Songs Ltd v. Amstrad Consumer Electronics  AC 1013 (at paragraph 31):
A person does not authorise an infringement merely because he or she knows that another person might infringe the copyright and takes no step to prevent the infringement
The full court per Branson J considered what ‘power to prevent meant (at paragraph 32) and observed:
The following hypothetical situation may be considered. One person has a vial which contains active and highly infectious micro-organisms which are ordinarily passed from human to human by the coughing of an infected person. He or she authorizes another person to break the vial in a crowded room knowing that this will result in some people in the room becoming infected with the micro-organisms. Most people would, I think, regard the first person as having authorized the infection not only of those in the room, but also the wider group thereafter directly infected by them, notwithstanding that he or she had no power to prevent those who were in the room from coughing.
In other words, even though the ‘authoriser’ could not control the persons who were subsequently infected she will be taken to have authorised that infection because she could control the person who broke the vial.
Similarly, in APRA v Jain FCA 404 the Full federal court found (at paragraph 30):
The judgment of the members of the High Court in the Moorhouse case establishes that one of the meanings of the word "authorize" in the context in which it is here used is "countenance". It may be that not every act which amounts to the countenancing of something is an authorisation. Every case will depend upon its own facts. Matters of degree are involved. But the evidence in the present case reveals ... a studied and deliberate course of action in which Mr Jain decided to ignore the appellant’s rights and to allow a situation to develop and to continue in which he must have known that it was likely that the appellant’s music would be played without any licence from it.’
It mattered not that mr jain had no specific knowledge of the music in fact infringed.
In iiNet the High Court observed:
An alleged authoriser must have a power to prevent the primary infringements. Australasian Performing Right Association Ltd v Jain, Tape Manufacturers, Kazaa and Cooper all confirm that there must be such a power to prevent. So much had been recognised earlier,in any event, in Adelaide Corporation and Moorhouse. 70.
Implications for Directors and Managers
So what does this mean for a director of a company where, for example, unlicensed software is downloaded from the internet by an employee or contractor and used for a purpose incidental to the business?
Consider the following examples in small to medium sized proprietary companies: an employed architect downloads a cracked version of a high end CAD programme because it is better than the one supplied by his firm; an IT manager for a design firm acting under budget constraint downloads a cracked version of a suite of design software without consulting the CEO.
In both instances the firm has a written policy prohibiting such conduct but took no active steps to monitor compliance. And for the sake of this argument we will assume that the board of directors was not informed of the specific conduct but had a general awareness of the risk (as evidenced by their written policy).
In both cases the members of the board and the relevant line managers are exposed. Jain and Metro on George are authority for the proposition that once you are aware or ought to be aware of the potential problem active steps are necessary to avoid authorisation.
Kaaza and Metro are also authority for the proposition that token steps to avoid infringement, whether mere statements of intent on a website (in Kazaa) or terms in a contract (Metro) are not enough.
In the above examples, reasonable steps to prevent infringement would mean demonstrating an active software asset management process which regularly identified and removed unlicensed software.
In reality of course, management is rarely completely oblivious as to what is transpiring under its supervision. If actual knowledge can be established then liability inevitably follows, regardless of whether the infringement was procured or directed by management.
Sole Directors and Multi Director Boards
By definition a sole director of a proprietary company has power to control access to his or her company’s computers. There is literally no one else and any delegation of power cannot detract from the directors statute endowed authority. See Microsoft Corporation v. Auschina Polaris (1996) 36 IPR 225 at 237.
Absent reasonable steps to prevent the infringement the position of such a director is highly exposed. It is difficult to imagine any one being able to argue successfully that they had , to adopt the language of Gibbs J in Moorehouse, “no reason to suspect” that untrammelled access to computers could result in infringement.
The position is more complex in larger boards and for non-executive directors and will turn on whether in fact individual directors had any power to avoid infringement. In such organisations managers may be more exposed because they have in fact been delegated the requisite authority.
In TS&B Retail Systems Pty Ltd v 3Fold Resources Pty Ltd(2007) 72 IPR 44 one of three individual defendants was found not to have authorised even though he knew about the infringement because he had no direct connection to it. He was not a director and did not give any instructions or have any apparent ability or power to avoid the infringement.
On the other hand, In Microsoft Corporation v PC Club 2005 FCA 1522 Conti J found that directors not directly involved in infringement had authorized infringement:
208 In the circumstances that Mr Fang had the purported authority of the office of chief executive director, coupled with his evident or likely awareness of Mr Lee’s activities…, it was contended by the applicants that Mr Fang should be inferred to have sanctioned, approved and countenanced the infringements of copyright of PC Club and Mr Lee’s conduct undertaken on behalf of the Club in that regard, and hence to have authorised the same within the meaning of that term contained in s 36 of the Copyright Act… I have difficulty in accepting how it could be that Mr Fang can avoid any measure of extent of personal responsibility for the consequences tending to arise from his acceptance of and continuation in office as a director of PC Club at all material times, irrespective of what may be readily inferred as to Mr Lee’s dominant personality in relation to PC Club’s affairs, and as to his dominance in PC Club’s decision-making...
209 Similar adverse implications to those indicated above in relation to Mr Fang should I think be implied as flowing adversely to Mrs Lee by reason of the nature and extent of her office as a director of PC Club and of her apparently full time duties undertaken. She held the office of director of PC Club at the material times, and the evidence tends to demonstrate that she was as equally actively involved in the day to day operations of PC Club at Rhodes as Mr Fang.
Significantly even one director in a multi director board was found to have requisite power to avoid infringement such that failure to exercise that power could amount to authorisation.
So the question of authorisation will turn on the analysis of the particular facts. See iiNet per Gummow and Hayne JJ Roadshow Films Pty Ltd v iiNet Ltd (2012) 95 IPR 29
Some awareness of the possibility of infringement is necessary. But once that is established the question will be whether as a director the person concerned could have taken steps to prevent the infringement.
In most proprietary companies that will certainly be the case. In such companies directors routinely exercise their authority without the benefit of a board decision.
Token steps to prevent infringement will not suffice. In Universal Music Pty Ltd and ors v. Sharman Licence Holdings Pty Ltd and ors, the Respondents sought to rely on d on terms in the Respondent’s end user licence such as:
“Sharman respects copyright and other laws. Sharman requires all Kazaa users to comply with copyright and other laws. Sharman does not… authorise you tom infringe the copyright..of third parties..”
Wilcox J observed [at 340]: “While I agree with the applicants that the existing warnings do not adequately convey to users what constitutes breach of copyright, I am not persuaded it would make much difference if they did.”
His Honour went on to find certain respondents in a position to control the use of the Kazaa peer to peer file sharing system were liable for authorisation of infringement.
Written policies on internet and social media use are all very well; but if they are not enforced they do no more than show that management had the requisite knowledge of the risk of infringement that exposes them to liability for authorisation.
A number of conclusions arise:
1. Once a director or manager is aware of infringement they must take active steps to prevent it or risk personal liability. Such steps include regular audits of all computers used in a business with appropriate follow up if unauthorised material is discovered.
2. Even if not aware of the actual infringement a director can be liable if aware of the possibility of infringement by means under their control. Sole directors are most exposed. Unless a sole director has taken real and effective steps to prevent employees or contractors engaging in copyright infringement eg active software reviews or insisting on evidence of licencing, they will be exposed.
3. Even directors of multi director boards can only minimise liability by insisting that policies be put in place that will counteract the risk of software infringement.