By publishing broadband provider comments about legal advice they may have obtained, the mag could have led them to waive the right to keep the details secret.

It’s vital for CSPs to understand the risk they may create if they publicly refer to legal advice they have received.

The problem

Normally, legal advice obtained by a company is ‘privileged’.  That means that nobody … particularly somebody who is suing it … can demand to see a copy.

But the courts have ruled that by publicly referring to legal advice in certain ways, the company may waive that privilege.  In other words, in a legal case, the other side may be entitled to say, ‘Great.  You claim to have taken legal advice and it says you’re in the clear.  Fine.  Give us a copy.’

Potential disaster

Because lawyers write legal advice for their clients’ eyes only, it often contains material that would do damage if it leaked.  For instance, they might talk about serious weaknesses in their client’s position.  Or they might discuss facts that would not be known to the company’s enemies.

Disclosure could be a first class disaster.

When is privilege waived ?

It’s complicated.  Normally, merely stating that you have obtained legal advice isn’t a problem.  And sometimes it could even be safe to go a little further and indicate the general thrust of the advice.  Or say, ‘We have taken the advice carefully into account in our actions.’

But it is easy to step over the line and waive privilege on all or part of the private advice.

Sound advice from the Victorian Government Solicitor

The Victorian Government Solicitor’s office offers good advice on the subject. 

Making public statements about legal advice

[The] manner in which legal advice is disclosed in public can lead to a waiver of [privilege].

It is less likely that [privilege] will be waived where reference is made only to the fact that legal advice has been obtained. Revealing the substance of that advice should generally be avoided. This includes summarising or describing the conclusion of legal advice, or giving the ‘gist’ of what it says.

If maintenance of the confidentiality of a particular legal advice is important …, advice should be obtained prior to publicly commenting on that legal advice to ensure there is no inadvertent waiver of [privilege].

While the VGS made these remarks in the context of advising Government, they stand true for private companies as well.

A case in point:  iiNet comments

We’ll be interested to see whether iiNet’s nemesis AFACT will try to use a public statement by iiNet to gain access to a copy of advice received from its lawyers about compliance with the copyright ‘safe harbour’ rules. 

iiNet may have obtained legal opinion on the effect of its public statement, and be confident that it does no harm.  Otherwise, it was extremely dangerous ground for the company to be treading on.

What if your company is asked about legal advice ?

What’s in it for you to take any risk ?  Unless there’s a special factor that makes it worth your while, just say that it is company policy not to comment on legal advice that may or may not have been received.

You might still make some general comments on whatever issue is at stake, but nothing that infers that you hold advice, or what its contents or effect may be.

Cutting through the media hype, Peter carefully explained what Facebook really is, why it’s attracting users outside its original student constituency.  He also discussed its limitations as a serious business tool, and when business is better to look for a different rapid deployment solution.

Get a copy of Peter’s speaker notes here.

Online civil liberty group, Electronic Frontiers Australia, reports on a ‘remarkable victory’ by ISPs in New Zealand in relation to what EFA calls ‘guilt upon accusation’ laws.

Sounds promising, we thought, as we followed the link in our RSS reader.

Problem is, when we got there, we couldn’t figure out what was particularly remarkable or victorious.

Apparently, legislators across the Tasman have agreed to hold off implementing s. 92A of the NZ Copyright Act.  That section would have required ISPs to:

adopt and reasonably implement a policy that provides for termination, in appropriate circumstances, of the account with that Internet service provider of a repeat infringer

Sound familiar? It’s almost identical to s. 116AH of the Australian Copyright Act which sets out the safe harbour regime.

The difference, it seems, is that where the words in the Australian legislation set out safe harbour conditions (i.e. conditions under which damages cannot be awarded against an ISP) which can be disregarded (at the ISPs peril of course), the words in the NZ legislation provide a positive duty requiring ISPs to ‘adopt and reasonably implement’ a repeat infringer termination policy.

EFA correctly points out that a NZ ISPs would need some guidance on what such a policy should look like and how to determine who a ‘repeat infringer’ is. It’s just as well then that a draft code of practice has been released. The draft code essentially provides for a ’3 strikes’ policy where:

• copyright owners can serve copyright notices on ISPs where a user is infringing
• provided the notice satisfies the requirements of the code, it is taken as evidence of infringement
• the ISP then notifies the user that a copyright notice has been received
• if the user replies and denies infringement, the user is taken not to have infringed (for the purposes of s.92A)
• if the user doesn’t respond or doesn’t deny infringement and this happens 3 times in 18 months, the ISP should terminate the account

Seems fair enough.  Copyright owners may think that it’s too easy for users to escape termination by simply denying infringement but that’s not really the issue. The issue isn’t how best to enforce copyright – that’s already sufficiently covered by the law. The issue is: what does an ISP have to do to comply with the law and to avoid liability – and is this realistic?

In other words, is a requirement to ‘adopt and reasonably implement a policy that provides for termination, in appropriate circumstances, of the account with that Internet service provider of a repeat infringer’ an unrealistic burden on ISPs?  Does it, as EFA suggests, impose a law of ‘guilt upon accusation’?

The answer, clearly, is no.

The requirement to ‘adopt and reasonably implement a policy’ is achievable. Remember, we’re not talking about a requirement to implement a reasonable policy, or to implement a policy that determines if infringement occurred, or to penalise an ISP for not terminating an account. The requirement is to reasonably implement a policy. We know this is achievable because the draft code provides such a policy. Adopt and follow it and you’ve adopted and reasonably implemented a policy.

What internet-shattering law were they fighting against in NZ again?

Turning to the Australian context, the EFA has this rather interesting thing to say:

The delay in the NZ law is a good sign, but there are still many more problems. The current case before the Federal Court between AFACT and iiNet will examine what responsibility ISPs have under Australian law, which already includes a provision requiring termination of repeat infringers.

The text in bold is pretty close but does not reflect the key point of the safe harbour provisions.

There is no direct requirement for an Australian ISP to terminate repeat infringers. There is no requirement in Australia for ISPs to even adopt and reasonably implement a repeat infringer termination policy. ISPs do so to bring themselves into safe harbour.

We think an ISP who doesn’t do so is crazy – it’s an insurance policy that limits the damage if things go wrong. But taking out such insurance isn’t mandatory.

View today’s court orders.

Trial dates can be moved for a variety of reasons, but the judge has previously indicated an intention to get the case resolved promptly.

There will also be a Directions Hearing on 29 July to deal with any further matters that are required before trial. 

In the meantime, iiNet has approached the copyright owners with a suggestion that they sit around a table with a mediator and attempt to negotiate an outcome.  We’re not surprised that the company’s gung ho attitude to a court battle has softened.  The copyright owners have said they’ll think about it, but won’t agree to anything that delays the formal trial.

More information and expert analysis to follow.

CSP Central recently analysed notices received by some Australian ISPs and found that the majority were legally invalid.  Copyright owners and representatives are simply getting it wrong.

What the notices are about

An ISP is protected by the safe harbour rules if it satisfies certain conditions.

One of the conditions is that it must follow certain take down procedures if it receives a notice in official form.  There are actually several procedures, and each one is triggered by its own kind of notice.

• Notice A applies to one kind of case and triggers Procedure A.
• Notice B applies to another kind of case and triggers Procedure B.
• And so on …

So remember, each notice triggers a different, specific procedure.

There’s no ‘peer to peer’ notice or procedure

It’s important to understand that none of the official notices or procedures applies to P2P.  There are notices for cases where the ISP is actually hosting copyright material on its own servers, and notices where it is caching copyright material, but none for P2P.

Remember that, too. P2P has nothing to do with any of these notices.

To be valid, a notice must be in the ‘prescribed form’

That means the official form set out in the Copyright Regulations.  It doesn’t have to be 100% exactly identical.  It just has to be ‘in accordance with, or substantially in accordance with, the form prescribed’.

Many of the notices we have seen:

• are not in the form prescribed, and
• are not substantially in accordance with it.

That’s despite the fact that their heading ‘Commonwealth of Australia’ clearly shows that they are intended to be official notices.

What do they get wrong ?

We saw three common problems, each of which (in our opinion) invalidates a notice.

Mixed notices

Many of the notices combine two of the official forms.  Remember we said that:

• Notice A applies to one kind of case and triggers Procedure A.
• Notice B applies to another kind of case and triggers Procedure B.

Well, many notices are in the form of ‘Notice A + B’.  The problem is that there is no ‘Procedure A + B’ or ‘Procedure ‘A or B’ or ‘Procedure A and / or B’.  The combined form of notice does not clearly and unambiguously trigger one official procedure.

We consider that is a substantial variation from the official form.

Imagine we instruct you. ‘If we leave out mince meat, cook hamburgers for dinner.  If we leave out chicken cook a casserole.’   And you come home to find we have left out mince and chicken.

Even if you say, ‘Well, I’ll work it out.  I’ll choose between them, since I think the instructions entitle me to,’  or ‘I’ll play it safe and cook both’  my instructions are substantially different from what you had been told to expect – mince or chicken – and you have had to invent a solution.

The safe harbour rules do not call on ISPs to work out what to do in response to a notice.  They simply say:

• Notice A applies to one kind of case and triggers Procedure A.
• Notice B applies to another kind of case and triggers Procedure B.
• And so on …

That’s why we consider these notices are substantially different from the official ones.

Other notices include P2P allegations

Remember there is no notice applicable to P2P allegations.  But that doesn’t stop many rights holders including such allegations in their notices.

In fact, many we saw are in the form of ‘Notice A + B’ and don’t in fact allege type A or type B infringements … they solely contain P2P allegations.

P2P has no place in the official notices.  By including P2P allegations, the sender is using a form that is substantially different from the official ones.

Other notices ask for ‘non-official’ responses

Remember that:

• Notice A applies to one kind of case and triggers Procedure A.
• Notice B applies to another kind of case and triggers Procedure B.
• And so on …

The procedures are laid down in great detail by the Copyright Regulations.  You get the notice, you check the procedure, you follow the procedure, you’re in the safe harbour.

We saw many notices that had been changed to request that the ISP follow a quite different procedure.  They say (in effect) ‘This is an official notice to trigger Procedure A.  But we actually ask you to follow another procedure that we like better as follows …’

We consider that this alteration to the official form of notice is substantial, and invalidates the notice.

We sampled a tiny proportion

Millions of supposedly ‘official’ notices are issued every month.  Our survey was a tiny proportion.  But over 80% of notices we saw were invalid in our opinion.

They simply do not trigger the safe harbour procedures or require the ISP to initiate any safe harbour response.