UKM Cyberlaw Generations

Introduction
The Internet is a worldwide system of computer networks. Using the same protocol, any one computer can get information from or talk to any other connected computer. It therefore facilitates content and information transmission, sharing and retrieval.


Role of Internet Service Providers
With new technologies and the facilities offered by the Internet, on-line piracy has come about in many ways. In most instances, the Internet service providers are involved. Commercial undertakings have without the authorization of or any payment to copyright owners ripped and made available recorded music for download. Often times, hacking software is posted. It may be used to break copy protection and other technological measures available and embedded in copyright protected materials to prevent unauthorized copy and transmission. They make their money through banner advertising. There are also other sites that provide links to these unauthorized databases.

Peer to peer (“P2P”) networks and systems allows a group of computer users using the same net working program to connect with each other and directly access files from each other’s hard drives. The common software enables users at any time to connect directly with the hard drives of all other users logged onto to Internet. The electronic files of a user are therefore made available to all other users.

There are various participants to a P2P network. They include (i) providers of the P2P software, (ii) intermediaries such as Internet and other service providers, (iii) up loaders and, (iv) down loaders.
The role of the Internet service providers is also important for another reason. Individual items of software held by up-loaders are identified by reference to an Internet protocol or IP address. The address is numeric in form and is allocated to a particular address space in such a manner that an individual computer or a network of individual computers will communicate to the Internet via that address. The IP address but not the identity of the up-loader may be identified. The cross referencing between the IP address and the individual’s details is held by the Internet service provider who provides with interconnectivity to the Internet. Unless the identity of the up-loader is divulged, no effective action can be taken against the up-loader.

In the case of a motion picture, sound recording, musical works, audio visual product and business software, only the person by whom the arrangements for the making of the motion picture or recording can authorize it to be placed or copied onto a website, or transmitted across a network, or performed or downloaded by a computer. These works however contain much underlying works which are themselves individually protected. Such underlying synchronized works would include literary and dramatic works, musical works, artistic works, image rights and so on. The rights of the individual owners of such underlying works should be protected. They should continue to retain their respective rights to take both civil and criminal action against infringers.

Copyright Act 1987
A film is defined to mean the fixation of a sequence of visual images on any material so as to be capable by the use of that material of being shown as a moving picture or of being rerecorded onto some other material. “Fixation” means the embodiment of sounds, images or both or of the representation thereof, in a material form sufficiently permanent or stable to permit them to be perceived, reproduced or otherwise communicated during a period of more than transitory duration.

“Reproduction” means the making of one or more copies of work in any form or version and “copy” means reproduction of a work in written form, in the form of a recording or film, or in any other form. “Infringing copy” in relation to copyright, means any reproduction of any work eligible for copyright the making of which constitutes an infringement of the copyright in the work or, in the case of any article imported into Malaysia without the consent of the owner of the copyright, the making of which was carried out without the consent of the owner of the copyright. These definitions it is submitted, are broad enough to include the down loading of a computer file. It is both a civil and criminal offence if done without the Malaysian copyright owner’s consent. These definitions are also broad enough to protect the copyright of the owners of the under lying works that are embodied in the film or sound recording. The only room for argument is whether the storage of the film or sound recording and the underlying works in a computer or any electronic medium amounts to infringement. It must be so. Accordingly, sections 13 and 41 of the Copyright Act (“Act”) 1987 should be amended to define an unauthorized act or an infringing copy to include “the reproduction or storage in any material or electronic form”.

It is not clear whether the word “makes” includes the act of downloading. Obviously if the downloader subsequently burns in hard copy form a disc of the copyrighted work for downloading, there would an offence. But what if reproductions are made from direct connections to the hard drives of other users logged onto the Internet using the same software. So as to make the act of downloading an offence as well, “downloading or storage of copyright protected work in a computer or on any medium by electronic or other means that will facilitate downloading” should be made an act controlled by copyright. If greater protection were desired, perhaps, downloading or storage of copyrighted work itself if done without authorization would be sufficient to constitute infringement. The purpose for which the downloading or storage is made is not relevant to found liability.

The act of uploading however is presently not a criminal copyright infringement. Therefore, a person who “uploads or stores any work protected by copyright in a computer or on any medium by electronic or other means whether or not for the purpose of making available the work for subsequent downloading, distribution, dissemination or any further dealings in the work” should be guilty of an offence. Such an offence can also form the basis for civil infringement. If adopted in the context of civil infringement, authorization is required for any “distribution, dissemination or in any manner dealing in the work via broadcasting”. “Broadcast” is defined as the transmitting by wire or wireless means visual images, sounds or other information that is capable of being lawfully received by members of the public or is transmitted for presentation to members of the public. It will also include communication of the work to the public that is already an offence.

In the civil context causing an infringement to take place is itself an infringement. However, the act is silent on whether authorizing an infringement is itself an infringement. To be guilty of authorizing an infringement, the defendant must have expressly or implicitly sanctioned, approved or countenanced the infringement. That is pre-conditioned on the defendant having the right to authorize infringement. It is questionable whether the up loader by offering his files for download may be said to have authorized infringement. He does not possess the right to authorize in the sense of him having a right to give the necessary sanction, approval or countenance to infringe. This is still so even if he were aware that his P2P peers would infringe or is indifferent as to what they might do. The wrong of authorizing infringement is a very narrow one that is ineffective in practical terms. The term “causing” an infringement in section 36(1) of the Act, appears capable of a wider application. To “cause” must be a question of fact and circumstances. It is not conditioned upon there having to be a right “to cause” (an infringement). Rather, it is premised on the degree of control the up loader has over the creation of and the computer containing the uploaded work. He controls the means, mode and equipment by which infringement is committed and allows the downloader infringer access to these. He in fact is well aware that there would be infringement and actively encourages such infringing. However, the intent and the ingredients for causing infringement should be adequately set out in section 36(1) of the Act. Perhaps it should be provided that “for the avoidance of doubt, a person causes another to do an act, the doing of which is controlled by copyright without the license of the owner of the copyright if he (i) controls or has the ability to control the means, equipments, modes and instruments by which the infringement would be effected; (ii) has knowledge or reason to suspect that such infringement will take place; and (iii) intends, encourages, promotes, assists or enables the use of the means, equipments, modes and instruments to effect an infringement and takes no reasonable steps to limit the use of such means, equipments, modes and instruments supplied to legitimate purposes or takes no reasonable steps to filter or block any infringement”.

The difficulty remaining is whether the wrong of “causing” an infringement can only be sustained if the primary act of infringement is completed. This appears to be likely so. To get away from such rigidity, the law should be amended to provide that causing “an imminent infringement” or if the causative acts make it likely that an infringement will occur, that should suffice. A suitably worded provision would be: “copyright is infringed by any person who does, or causes any other person to do, without the license of the owner of the copyright, an act the doing of which is controlled by copyright under this Act”.

In the context of an offence for copyright infringement, it is an offence to sell or distribute infringing copies. The computer file in data format that is transmitted over the network has no physical existence. It is uncertain whether such an infringing computer file meets the definition of it being an “unlawfully reproduced copy”. As mentioned earlier, by definition, “copy” must be in some material form. Are data packets residing in a computer file in material form? To remove such an uncertainty, perhaps the word “material” should be deleted from the definition of “copy”.

Unauthorized distribution of the copyrighted work by way of sales is an act of infringement. Whether there is such a distribution and sale of the infringing file is questionable. The computer file residing in the host computer is never physically moved to the down loader’s computer. Instead the down loader creates a new file. There may be no monetary gain. Perhaps “transmission of the work to the public by electronic or other means which upon being received results in the copy of the work”.

Pirated works are openly advertised for sales either in the print media or via the Internet. Accordingly the right to advertise copyright protected work should be an act controlled by copyright and advertising for sales, hire or rental of infringing copies of works should be an offence. Any reproduction made including those that are temporary or of transient duration is covered under the right of reproduction. (Examples would be copies of works made in the servers and other computers that are the engines of electronic commerce and digital networks) A person making a temporary pirated copy is no more or no less guilty of infringement than a person making a permanent pirated copy of the work. Under emerging new business models the full economic benefit can be quickly derived by making and using a temporary copy of the work. To allow the making of temporary copies therefore goes against the copyright owners’ exclusive legal entitlement to exploit their creations. It will also unreasonably prejudice the legitimate commercial interests of the copyright owners. Where the making of a temporary or transient copy is necessary for technical reasons as in the case of acts of caching by service providers, any exception should be on condition that the service provider does not modify or edit the contents of the work and does not interfere with the use of technological protection measures. There may be an exception for “the making or reproduction of temporary copies of the work if it is for technical or legal reasons and provided that there shall be no modification or editing of the work or interference with the use of any technological measures by the owner”.

Legal protection and remedies
Adequate legal protection and effective legal remedies are provided against the circumvention of effective technological measures that copyright owners use to restrict acts in respect of their works which are not authorized by the authors concerned or permitted by law. In this respect, the law should prohibit the business of providing circumvention tools and services. What must be suppressed is the providing of, manufacture, importation, supply, distribution and sales of decryption devices and other devices and services which are intended to gain access to, or the use of copyrighted material. The factors for determining whether a given tool is a circumvention tool may include those set out in the US Digital Millennium Act 1998 which are (i) the way the devices and services are designed and/or produced; (ii) whether the way the devices and services are marketed has any significant commercial purpose or are they marketed for use primarily for the purpose of circumvention; and (iii) whether the manufacturer or marketer of the devices are acting in concert with the user who to his knowledge is using the devices for circumvention purposes. The test has to be an objective one.
A balance must be maintained and exceptions and limitations to the prohibitions be provided particularly in the face of countervailing national interests such as when copyright owners totally deny access to their works by customers from the non profit sector such as educational institutes, libraries and research organizations or where law enforcement and national security interests or where access to copyrighted material is required to achieve interoperability of computers.

Copyright owners have the exclusive right to control retransmissions over the Internet. They must retain the absolute right to authorize or prohibit the retransmissions of their works. The value of audiovisual work will drastically reduce if unauthorized Internet retransmissions were easily available. There would be considerable practical difficulty in the collection of any remuneration due. Program suppliers usually license their programs by geographic regions. If unauthorized programming becomes available online via the Internet, such global marketing structure would be displaced and the value of such geographically limited licenses is lost. Where authorization for retransmission is given, copyright owners must have an equal and absolute right to impose the terms and conditions for the retransmission. Territories of the world market are targeted differently; for instance, it is an essential requirement in the case of audiovisual works in the form of films. Worldwide distribution of content over the Internet seriously impacts on local release patterns.
It is the object of copyright laws to provided copyright owners with effective action and expeditious remedy against any form of infringement. It is against this aim that the liability of service providers must be considered. As providers of on line services they are directly and intimately involved in transactions dealing with copyright materials and other forms of intellectual property.

The Communications and Multimedia Act 1998 and the Malaysian Communications and Multimedia Code
Service providers in Malaysia are licensed operators under the Communications and Multimedia Act (“CMA”) 1998 and their licenses are subject to conditions that they must adhere to. Their activities are also subject to the provisions of the CMA. The Malaysian Communications and Multimedia Code (“Code”) requires Internet Access Service Providers “to comply with and incorporate terms and conditions in the contracts and legal notices as to terms of use with subscribers of their service”. The following terms shall be included, namely (i) subscribers shall comply with the requirements of Malaysian law including, but not limited to the Code, and shall not provide prohibited contents or any content in contravention of Malaysian law; (ii) the Internet Access Service Provider shall have the right to withdraw access where a subscriber contravenes what is stated in (i); and (iii) the Internet Access Service Provider shall have the right to block access to or to remove such prohibited content provided such blocking or removal is carried out in accordance with the complaints procedure set out in the Code. By Section 98(2) of the CMA “compliance with a registered voluntary industry code shall be a defense against any prosecution, action or proceeding of any nature whether in court or otherwise regarding a matter dealt with in the Code”. Whether copyright infringing material or content is to be regarded as “prohibited content or content in contravention of Malaysian law” is a matter for interpretation. If it is to be so regarded and the Internet Access Service Provider withdraws access to the subscriber or blocks access to or removes such content, then, the objective of the copyright owner is achieved. What if the Internet Access Service Provider refused on the ground that it is not the adjudicating tribunal to decide on whether the contents complained of are indeed infringing?

In the event the Code is not intended to deal with infringing copyright content, a new part would have to be included in the Act dedicated to controlling the activities of service providers that relate to and govern the manner they are to deal with the transmission of infringing materials over their networks. Operating within the scope of their licenses and the provisions of the CMA, it must be acknowledged that in relation to the electronic copy of the work, they are entitled to deal with it incidentally in the course of their providing the technical means to enable users of the network or other networks to access the work for listening, viewing or any other form of legitimate utilization. Such incidental dealings in the electronic copy of the work would include storing, transmitting, routing or providing connections to the work on their own primary or other networks. This obviously is a necessity and network users would expect such services and that it is within the intent of the CMA that such services be provided by the network service providers.

Network Service Providers
Ordinarily, network service providers cannot be liable for infringement. In a P2P file sharing context, they are just intermediaries. They are not involved in any way in the infringement. They merely provide the technical infrastructure infrastructure or connectivity that facilitated the exchange of infringing files by P2P peers. The network service providers may however be made answerable for the infringement. Any laws to provide for the legal responsibility and liability of these providers must provide incentives and encouragement to join the copyright owners, enforcement agencies and consumers to take all steps necessary to deter the use of the digital networks for copyright piracy, detect and eliminate copyright infringements that take place over the networks and identify and pursue the infringers and instigators of infringements. Such incentives and encouragement would be in the form of the remedies for infringement that would otherwise be available against the service provider being limited or reduced. This is the approach adopted by the US Digital Millennium Copyright Act 1998 and the E.U. Electronic Commerce Directive (2002).

To fix or impute the service providers with liability, the law must legislate against these network service providers primary infringement as well as secondary or indirect infringement activities such as authorizing or causing infringement, joint liability, contributory or vicarious infringement etc. In so far as the transmission of an electronic infringing copy of the work is concerned, it is submitted that the network service providers are already liable as primary infringers and offenders under the amendments suggested above. For instance, the service provider would be regarded as an infringer in relation to the electronic copy of the work transmitted via their networks, they become aware or ought to be aware of infringing materials or activities on their systems and do nothing to remove or cut off access to the offending material. It is not necessary that the service providers be notified of the presence of infringing materials and activities on their systems, but if notified, then, the defense of lack of awareness cannot avail itself to them. They should then be imputed with notice. It would be preferable if “a network service provider is made liable for infringement for transmitting electronic infringing copies of work to the public if (i) it is aware or have knowledge of or ought to be aware or have knowledge of the electronic copy of the work that is transmitted through its network systems is an infringing copy; or (ii) it receives a statutory declaration (from the copyright owner or his authorized representative?) that provides in his belief in good faith, an act which constitutes infringement has occurred in the course of making available an electronic copy of the work on the network to which the network service provider provides access and the grounds of his belief and neglects or fails within a reasonable time to take the necessary action to remove or disable access to the work that is infringing. This approach is entirely consonant with the requirements of the CMA and the Code. There must be safeguards. A person who knowingly misrepresents or suppresses relevant and essential facts just to assert infringement must be liable in damages.

Also relevant, is whether network service providers must disclose identifying information in their possession with regard to an on line infringer where a request for the information is made by copyright owners or their legal representatives. A time limitation within which to respond must be provided. These are information and particulars that are readily available. One significant tool for Internet anti-piracy enforcement is the availability of and access to data about Internet users and website operators after identification of their IP addresses in order to identify copyright infringers. The most significant sources of these data are the WHOIS databases and the subscriber and traffic data stored by the service providers. The data will assist in the real time identification of the registrant of the domain name and the server where the related website is maintained. Accordingly, a network service provider should be liable for infringement if it refuses to disclose to the copyright owner or his authorized representatives, information relating to the identity of the infringer, his contact details, specified or other information and documents that are useful for the purpose of protecting the owner’s copyright. To ensure the integrity and accuracy of the data, the law must make it an offence to fraudulently misrepresent or suppress essential information in the registration process. The network service providers must in their agreement with subscribers ensure that this is spelt out for otherwise, the information even if provided by them would be of little use to copyright owners.

Conclusion
Whether providers of file sharing software and services can be fixed with liability for copyright infringement depends on the role they play and the degree of control they exert over the file sharing process. If the infringing files are stored on their servers (referred to at times as the site and facility) and made available for download, then their position would be as that of the up loader. It should not matter where their servers are located. They may even be located outside of Malaysia but so long as they have control over the same, they should be guilty of infringement. The law should provide that “a person shall be guilty of infringement if he stores or causes to be stored any recording or reproduction of an infringing work on servers or other storage or retention facilities or means wherever located knowing that or under circumstances which render him likely to know that the infringing work may at any time subsequently be reproduced or accessed or dealt with in a manner that is prejudicial to the interest of the owner of the copyright by the public”. Such infringement is of course in addition to and not an alternative to the direct infringement of having unlawfully reproduced the copyright protected work. Substituted for the requirement for control over the servers, is the requirement for knowledge or presumed knowledge that there will be subsequent infringements made from the unlawfully reproduced file that is held in storage. Implicit in the proposed provision is the presumption that the provider must have control over the site and facility.