Downloading Personal liability
Directors and Managers liability for copyright infringement over the
internet.
Grant Hansen, Partner, Holman Webb.
A person who has under his control the means by which
an infringement of copyright may be committed – such as a photocopying machine
– and who makes it available to other persons, knowing, or having reason to
suspect, that it is likely to be used for the purpose of committing an
infringement, and omitting to take reasonable steps to limit its use to
legitimate purposes, would authorise any infringement that resulted from its
use. University of NSW v Moorehouse 133 CLR 1 per Gibbs J (at 13)
Moorehouse was
decided in 1975 at a time when photocopiers were still a novelty (to the best
of my recollection they did one sheet at a time and made gurgling noises) and reproduction of copyright material was
laborious and slow.
In the 21st century the
digital economy is predicated on the transmission - the reproduction – of
information and every business in the
country has “under its control the means by which an infringement of copyright
may be committed”.
So if employees or contractors of a
company use the company’s computers and internet connection to download or
transmit unauthorised copies of copyright material – be that software, music or
film – the individuals in charge are potentially personally liable.
As such directors and managers of
companies need to understand that as individuals they may be personally liable
for secondary infringement by authorisation. This is particularly so given that
a person may authorise an infringement by merely “countenancing” the
infringement..
Authorisation of Copyright Infringement defined
So what does authorisation mean? Courts
have repeatedly found that authorise means to “sanction, approve or
countenance”. See for example the High Court’s decision in University
of NSW v Moorehouse 133 CLR 1 at 12.
Section 36 9(1A) of the Act
identifies the following factors which must be taken into account when
determining whether a person has authorised an infringing act:
a)
The
extent of the person’s power to prevent the doing of the infringing act;
b)
The
relationship between and the person who
did the act;
c)
Whether
the person took reasonable steps to prevent the doing of the act.
iiNet and direct control
In Roadshow Films Pty Ltd v iiNet Ltd
(2012) 95 IPR 29 however, the High Court
adopted a somewhat more permissive approach to authorisation than had been
expected. That case concerned the liability of an ISP for infringements by its
customers. The High Court found that even
if iiNet had encouraged or turned
a blind eye to infringing conduct they still could not authorise it, absent a
direct means of preventing the actual infringement. Disconnecting the erring
customer was not such a direct means. As Gummow and Hayne JJ (at paragraph146) put it:
… iiNet only in an attenuated sense had power to "control" the
primary infringements utilising BitTorrent. It was not unreasonable for iiNet
to take the view that it need not act upon the incomplete allegations of
primary infringements in the AFACT Notices without further investigation which
it should not be required itself to
undertake, at its peril of committing secondary infringement.
But the iiNet decision turned very much on its own facts . The customers of
an ISP stand in a completely different position to employees or contractors who
work under direction. A director or manager may well have the requisite direct
control which iiNet was found to lack.
How much control and knowledge is required for liability to arise?
Earlier decisions such as Universal Music Pty Ltd and ors v.
Sharman Licence Holdings Pty Ltd and ors (2005)65 IPR289 (known as “Kazaa”) and Cooper v
Universal Music Pty Ltd (2006) 71 IPR 1 are still authority for the
proposition that a person with power to prevent infringement, who is aware of
the possibility of infringement, will be taken to have authorised infringement,
if they to do what they can to avoid the infringement.
Indeed, such a person may “countenance”
the infringement without having any specific knowledge of it.
In APRA v Metro on George Pty Ltd 61(1974) IPR 575 the owner of a live music
venue was found to have authorised infringement notwithstanding having no
direct knowledge beforehand of the music being performed and despite its
contract with the promoter containing warranties of no infringement.
Significantly, the owner was on notice that infringement had occurred at its
venue and its standard contract with performers permitted it to terminate
engagements where licencing could not be shown. The owner however, made no
attempt to investigate whether the performances planned were of licenced
material.
In Cooper the defendant argued that he did
not have the power to prevent infringement and relied on the observation of Lord
Templeman in CBS Songs Ltd v. Amstrad Consumer Electronics [1988] AC 1013
(at paragraph 31):
A person does not authorise an infringement
merely because he or she knows that another person might infringe the
copyright and takes no step to prevent
the infringement
The full court per
Branson J considered what ‘power to prevent meant (at paragraph 32) and
observed:
The following hypothetical situation
may be considered. One person has a vial which contains active and highly infectious
micro-organisms which are ordinarily passed from human to human by the coughing
of an infected person. He or she authorizes another person to break the vial in
a crowded room knowing that this will result in some people in the room
becoming infected with the micro-organisms.
Most people would, I think, regard the first person as having authorized the
infection not only of those in the room, but also the wider group thereafter
directly infected by them, notwithstanding that he or she had no power to prevent those who were in the room from
coughing.
In other words, even though the
‘authoriser’ could not control the persons who were subsequently infected she
will be taken to have authorised that infection because she could control the
person who broke the vial.
Similarly, in APRA
v Jain [1990]FCA 404 the Full federal court found (at paragraph 30):
The judgment of the members of the
High Court in the Moorhouse case establishes that one of the meanings of
the word "authorize" in the context in which it is here used is
"countenance". It may be that not every act which amounts to the countenancing
of something is an authorisation. Every case will depend upon its own facts.
Matters of degree are involved. But the evidence in the present case reveals
... a studied and deliberate course of action in which Mr Jain decided to
ignore the appellant’s rights and to allow a situation to develop and to
continue in which he must have known that it was likely that the appellant’s
music would be played without any licence from it.’
It mattered
not that mr jain had no specific knowledge of the music in fact infringed.
In iiNet the High Court observed:
An alleged authoriser must have
a power to prevent the primary infringements. Australasian Performing Right
Association Ltd v Jain, Tape Manufacturers, Kazaa and Cooper all confirm that
there must be such a power to prevent. So much had been recognised earlier,in
any event, in Adelaide Corporation and Moorhouse. 70.
Implications for Directors and Managers
So what
does this mean for a director of a company where, for example, unlicensed
software is downloaded from the internet by an employee or contractor and used
for a purpose incidental to the business?
Consider
the following examples in small to medium sized proprietary companies: an employed architect downloads a cracked
version of a high end CAD programme because it is better than the one supplied
by his firm; an IT manager for a design firm acting under budget constraint downloads a cracked version
of a suite of design software without consulting the CEO.
In both
instances the firm has a written policy prohibiting such conduct but took no
active steps to monitor compliance. And for the sake of this argument we will
assume that the board of directors was not informed of the specific conduct but
had a general awareness of the risk (as evidenced by their written policy).
In both
cases the members of the board and the relevant line managers are exposed. Jain
and Metro on George are authority for the proposition that once you are
aware or ought to be aware of the potential problem active steps are necessary
to avoid authorisation.
Kaaza and Metro
are also authority for the proposition that token steps to avoid
infringement, whether mere statements of intent on a website (in Kazaa)
or terms in a contract (Metro) are not enough.
In the
above examples, reasonable steps to prevent infringement would mean
demonstrating an active software asset management process which regularly
identified and removed unlicensed software.
In reality
of course, management is rarely completely oblivious as to what is transpiring
under its supervision. If actual knowledge can be established then liability
inevitably follows, regardless of whether the infringement was procured or
directed by management.
Sole Directors and Multi Director Boards
By
definition a sole director of a proprietary company has power to control access
to his or her company’s computers. There is literally no one else and any
delegation of power cannot detract from the directors statute endowed
authority. See Microsoft Corporation v. Auschina Polaris (1996) 36 IPR
225 at 237.
Absent
reasonable steps to prevent the infringement the position of such a director is
highly exposed. It is difficult to imagine any one being able to argue
successfully that they had , to adopt the language of Gibbs J in Moorehouse,
“no reason to suspect” that untrammelled access to computers could result in
infringement.
The
position is more complex in larger boards and for non-executive directors and
will turn on whether in fact individual directors had any power to avoid
infringement. In such organisations managers may be more exposed because they
have in fact been delegated the requisite authority.
In TS&B Retail Systems Pty Ltd v 3Fold Resources Pty Ltd(2007) 72
IPR 44 one of three individual defendants was found not to have authorised even
though he knew about the infringement because he had no direct connection to
it. He was not a director and did not give any instructions or have any
apparent ability or power to avoid the infringement.
On the other hand, In Microsoft Corporation v PC Club 2005 FCA
1522 Conti J found that directors not directly involved in infringement had
authorized infringement:
208 In the circumstances that Mr Fang had the purported
authority of the office of chief executive director, coupled with his evident
or likely awareness of Mr Lee’s activities…, it was contended by the applicants
that Mr Fang should be inferred to have sanctioned, approved and countenanced
the infringements of copyright of PC Club and Mr Lee’s conduct undertaken on
behalf of the Club in that regard, and hence to have authorised the same within the meaning of that term contained in
s 36 of the Copyright Act… I have difficulty in accepting how it could be
that Mr Fang can avoid any measure of extent of personal responsibility for the
consequences tending to arise from his acceptance of and continuation in office
as a director of PC Club at all material times, irrespective of what may be
readily inferred as to Mr Lee’s dominant personality in relation to PC Club’s
affairs, and as to his dominance in PC Club’s decision-making...
209 Similar adverse implications to those indicated
above in relation to Mr Fang should I think be implied as flowing adversely to
Mrs Lee by reason of the nature and extent of her office as a director of PC
Club and of her apparently full time duties undertaken. She held the office of director of PC Club at the material
times, and the evidence tends to demonstrate that she was as equally actively
involved in the day to day operations of PC Club at Rhodes as Mr Fang.
Significantly even one director in a
multi director board was found to have requisite power to avoid infringement
such that failure to exercise that power could amount to authorisation.
Conclusions
So the question of authorisation will
turn on the analysis of the particular facts. See iiNet per Gummow and Hayne JJ
Roadshow Films Pty Ltd v iiNet Ltd (2012) 95 IPR 29
Some awareness of the possibility of
infringement is necessary. But once that is established the question will be
whether as a director the person concerned could have taken steps to prevent
the infringement.
In most proprietary companies that
will certainly be the case. In such companies directors routinely exercise
their authority without the benefit of a board decision.
Token steps
to prevent infringement will not suffice. In Universal Music Pty Ltd and ors v. Sharman
Licence Holdings Pty Ltd and ors, the Respondents sought to rely on d on
terms in the Respondent’s end user licence
such as:
“Sharman
respects copyright and other laws. Sharman requires all Kazaa users to comply
with copyright and other laws. Sharman does not… authorise you tom infringe the
copyright..of third parties..”
Wilcox J observed
[at 340]: “While I agree with the
applicants that the existing warnings do not adequately convey to users what
constitutes breach of copyright, I am not persuaded it would make much
difference if they did.”
His Honour went on
to find certain respondents in a position to control the use of the Kazaa peer
to peer file sharing system were liable for authorisation of infringement.
Written policies on
internet and social media use are all very well; but if they are not enforced
they do no more than show that management had the requisite knowledge of the
risk of infringement that exposes them to liability for authorisation.
A number of conclusions arise:
1. Once a director or manager is aware of infringement they must take active
steps to prevent it or risk personal liability. Such steps include regular
audits of all computers used in a business with appropriate follow up if
unauthorised material is discovered.
2. Even if not aware of the actual infringement a director can be liable if
aware of the possibility of infringement by means under their control. Sole directors
are most exposed. Unless a sole director has taken real and effective steps to
prevent employees or contractors engaging in copyright infringement eg active
software reviews or insisting on evidence of licencing, they will be exposed.
3. Even directors of multi director boards can only minimise liability by
insisting that policies be put in place that will counteract the risk of
software infringement.
No comments:
Post a Comment