Our online privacy is constantly under threat. Our activities on the internet are monitored for a variety of reasons and our human right of privacy is often pitted against other human rights like freedom of expression.
Picture: Getty Images/Christopher Polk
Such situations require an appropriate balance to be struck, and there are signs of privacy gaining ground. But there is one interest that always seems to trump privacy: the financial interest protected by copyright.
Earlier this week the Federal Court of Australia ruled that a group of internet service providers (ISPs) are required to disclose details of almost 5,000 of their account holders to a Hollywood studio. The individuals in question are alleged to have illegally downloaded the movie Dallas Buyers Club over the internet without permission.
The case is being discussed as a landmark “anti-piracy” case. However, for most Australians, it is more importantly a landmark “anti-privacy” case.
The dispute arose when the copyright holders of Dallas Buyers Club, Voltage Pictures, hired a German firm to identify individuals illegally sharing the film online. They subsequently identified 4,726 Australian IP addresses they associated with the sharing of the movie via BitTorrent.
To link those IP addresses to real people — who can be made to pay for the alleged copyright violations — the copyright owners needed the help of the Australian ISPs that had distributed those IP addresses to their users. That is, only the ISPs can provide the necessary link between the infringing IP address and the account holder who was assigned that IP address at that particular time.
When a group of Australian ISPs refused to disclose the personal details of their users to the US copyright owners, the copyright owners sought the assistance of the courts by filing a “discovery application”, a tactic previously applied in other parts of the world.
The rules about legal ‘discovery’
A key issue in the case was the fact that, in many circumstances, several people share the same internet connection. Consequently, in such situations the actual offender may not be the account holder. In essence, what the copyright owners wanted was for the ISPs to be forced to reveal the identity of the account holders so that the account holders could be forced to identify the actual offenders.
This issue went to the heart of the court proceedings. The judge — Nye Perram — acknowledged that, to meet the requirements of the relevant provision of the law (Federal Court Rules 7.22), it was necessary for the copyright owners to satisfy the court that the ISPs know or are likely to know the identity of the prospective respondent. Ostensibly, this is the person or persons who infringed copyright.
Given the ISPs can only identify the account holders, not the actual offenders, the law does not seem to support the copyright owner’s application to be provided with the personal information of the account holders.
However, through what can only be described as a legal contortionist show, justice Perram managed to read the relevant law to mean something different to what it says, so that the discovery sought by the copyright owners could be allowed after all.
The problem is obvious: where the law is bent and twisted to such a degree, it will never be straight again. And where the law does not mean what it says, it is a failure.
The potential difference between account holders and actual copyright infringers is relevant also when it comes to one of the privacy concerns the case gives rise to. After all, if the copyright infringer and the account holder are different people, then a notice containing a description of the content that is alleged to have been downloaded may disclose sensitive personal information about the alleged infringer to the account holder.
Such handling of personal information is only lawful where it is authorised under the Privacy Act 1988. Yet this matter was not even mentioned in the judgement.
Instead, justice Perram saw the privacy aspect as properly disposed of merely by imposing a condition that the copyright owners only would be allowed to use the personal details of the relevant 4,726 Australians for the purpose of recovering compensation for the infringements.
As this restriction does not require anything that is not already required under the Privacy Act 1988, it does not really soften the blow to privacy that this decision represents.
Other privacy concerns relate to questions such as:
- How will the copyright owners choose which internet users they place under surveillance?
- Is there a risk that the personal information collected by the copyright holders will attract hackers as happened in France?
- Are there any privacy risks stemming from the fact that the surveillance of Australian internet users is carried out from abroad, and from the fact that personal information about Australian internet users is at risk of being exported to copyright owners overseas?
The groundwork for a judgement hostile to privacy like this was laid down already in 2011 by the High Court of Australia in another anti-piracy dispute. In the context of that case, the Australian Privacy Foundation had filed a “friend of the court” brief (amicus curiae) seeking to draw attention to the considerable privacy concerns that arise where ISPs are forced to reveal customer information to copyright owners. However, the High Court took no interest in the privacy angle.
The concern for the future is obvious. With a precedent like that set by justice Perram, monetary copyright interest are given a carte blanche to continue to trump our fundamental human right of privacy, with increased online surveillance as the tragic consequence.
Dan Jerker B. Svantesson is Co-Director Centre for Commercial Law at Bond University.