Did you notice? When a notice is not a notice under the Notice and Notice regime.


Introduction – the monkey in the middle

The Notice and Notice regime under the Canadian Copyright Act is a made-in-Canada solution to a particular problem, the classic “monkey in middle”. In practical terms, if I am on, say, a university’s network and I, without a legal right to do so, download an episode of a HBO series, if HBO is monitoring internet traffic, all HBO will be able to find out is that an IP address assigned to the university made an unauthorized copy of their copyrighted, dragon-filled, work. But they will not know that it was me.

The university, however, through its own authentication systems, likely does know something about me – it may only be my email address (e.g. if I log on as a guest) or they may know all of my contact information (e.g. if I live in a student residence).

So how does HBO enforce its copyright against me?  The Notice and Notice system under the Copyright Act partially resolves this issue by allowing the content owners to send a claimed infringement notice to the ISP (the university in our example). The ISP is legally obligated to electronically forward the notice to the individual who was using the IP address at the time of the infringement and to retain records for a period to allow the identity of that person to be determined.

The Notice and Notice system differs from a Notice and Takedown system (which is in place in the United States) in that the ISP is not obligated to investigate the infringement and take down (i.e. remove) any allegedly infringing content. Rather, the Notice and Notice system is meant to warn the infringing party that their activity has been noticed (which may prompt them to take down any infringing content they’ve posted online, or delete any content they may have copied).

However, other than any voluntary steps that the recipient of a notice takes, the ball is in the content-owner’s court – they may file an application in court to force the ISP to disclose the identity of the alleged infringer, and upon learning this, commence an infringement action directly against the alleged infringer or infringers.

In the context of Universities, Colleges and Institutes

Many institutions provide internet services for their faculty, staff, students and guests themselves rather than through commercial providers like Shaw, Rogers or Telus. As such, many are therefore considered to be ISPs for the purposes of the Notice and Notice regime.

That means, when anyone on their network makes an unauthorized copy on their network, the institution is the one receiving the claimed infringement notice.

Until Dec 13, 2018, forwarding notices was laborious-enough—as once a notice was received, IT services had to find out which individual(s) to forward the notice to, an exercise that sometimes required accessing several different systems, many of which are not integrated. In addition, due to the record keeping requirements of the regime, they had to ‘retain’ records in the event the content owner sought to compel disclosure, and to pursue the alleged infringers. That means, for some institutions, a technical fix (e.g. automating) is not possible or feasible, and therefore requires considerable person hours.

At least one thing that institutions did not have to do is pre-judge whether a notice could be seen to compel or induce (or coerce) the end-recipient to take any action. The intent of the regime was meant to simply put the recipient on notice and the expectation was that if the content owner wanted to proceed any further (including, for example, reaching a settlement over an infringement), they would go to the next step of seeking disclosure of the recipients identity and pursue the matter through the court system. For this reason perhaps, very little was prescribed as to the content of such notices.

Threats and Demands – The Ugly Side of Claimed Infringement Notices

However, what all ISPs began to see were notices that went beyond what the law required and perhaps intended – and started to see notices using threatening language, making outrageous claims of liability, and making offers of settlement that were excessive and required the recipients disclose their personal information.

In other words, those alleging infringement crossed what many felt were ethical, if not legal, lines. In the higher-ed context, these allegations of illegal activity and threats of litigation were received by students in vulnerable situations (e.g. international students on study permits) who felt that their immigration status would be in danger if they did not pay-up, quickly and in full. Indeed, notices began to be less about allegations of infringement (recall that simply sending or receiving a notice does not prove that any actual infringement occurred—it is just an allegation), but seemed to pre-judge and demand compensation as if a fait accompli.

Unfortunately, even such questionable notices had to be forwarded if they otherwise met the (minimal) requirements of the regime. Many institutions (and ISPs in general) responded to this by writing covering notes to all infringement notices, providing important information and reassurances regarding the Notice and Notice regime, and proving help-lines for distressed recipients.

Score One for Ethics

As a result of what was seen as an abuse of the system, on Dec 13, 2018, the Copyright Act was amended to state that notices of claimed infringement could not contain:

(a) an offer to settle the claimed infringement;

(b) a request or demand, made in relation to the claimed infringement, for payment or for personal information;

(c) a reference, including by way of hyperlink, to such an offer, request or demand; and

(d) any other information that may be prescribed by regulation. [there currently isn’t any—similarly while the Act also already required that the notices be “in the form, if any, prescribed by regulation” and “contain any other information that may be prescribed by regulation”, which could perhaps have earlier dealt with some of this mischief, nothing else had or has been prescribed]

Now, an institution that receives a notice that contains any of these notices, is not legally obligated to forward it (or, by that token, to engage in the record keeping that would allow them to identify the alleged infringer).

Score one for ethics and the Canadian way!

Good…but Practical? A Burden or a Benefit?

The new provisions place the burden of compliance in two places:

  • on the content owners, who are incentivized to write notices that comply with the law, so as to guarantee that they will be forwarded to the alleged infringers and that the ISPs would then keep records to allow the identity of the alleged infringers to be disclosed; and
  • on the ISPs, who may save the effort of forwarding notices (and keeping the associated records) by screening out non-compliant notices.

Note, however, that the law is written so as to empower the ISP to refuse to forward a notice that contains any of the offending content. Should an ISP forward a notice that does contain this content anyway, there does not appear to be any penalty under the Act.

So the question to be faced by each university, college and institute, is whether to invest the time, energy and resources, to screen out the offending notices … or simply continue forwarding all notices?

Screening out the offending notices certainty sounds like the right thing to do, as it will minimize the distress of the recipients and reduce the load on helpdesk resources. But it may also be labour intensive, as there are numerous ways to express offers to settle, and demands for compensation – including by hyperlinking to a website that contains that information. Does that additional labour justify the benefits?

One further “benefit” of the screening could also be that if a notice is found to be non-compliant (and thus not one that has to be forwarded), it would relieve the university, college and institute of perhaps the equally burdensome record keeping requirements.

The other practical consideration, particularly in the higher-ed context, is whether there would also be reputational damage if they forward notices that are not compliant and if a recipient “falls” for a threat and pays-up: while not a legal obligation, some may see such institutional “ISPs” as having a more important oversight role due to their status and relationship with students, faculty and staff.

All told, the changes to the Notice and Notice regime are a move in the right direction in maintaining an appropriate balance between content owners and content users, especially when the internet makes copying of all sorts, legal and illegal, quite easy. However, it does require that the ISP act as a gate-keeper to some degree, which may not be something that is easily automated. While that gate-keeping function may be reasonable to expect as, perhaps, a cost of doing business, it does beg the question of whether it ought to be the ISP’s cost. Perhaps, as contemplated by the Copyright Act but not yet implemented, Parliament ought to allow ISPs to collect a fee for processing notices from content owners, to offset the costs of compliance, so it becomes the cost of the content owner’s business, rather than the monkey’s ISP’s.