Mark Bowman is a JD candidate at Osgoode Hall Law School.

The Court of Justice of the European Communities has ruled that internet service providers (ISPs) cannot be forced to monitor subscriber traffic if doing so impedes on their freedom to conduct their business and if doing so would infringe on the fundamental rights of their customers.

This ruling comes from the recent decision of Scarlet Extended v SABAM, where an ISP (Scarlet) was suing to prevent a previously granted injunction that would force them to install and operate monitoring equipment on their network to prevent any transmission of copyright infringed material managed and licensed by SABAM. This dispute started in 2004 when SABAM served notice of copyright infringement to Scarlet and sought an injunction to force Scarlet to monitor peer-to-peer (P2P) traffic for the infringing material. This request was granted in 2007 after an expert, appointed by the tribunal handling the complaint, determined that “despite numerous technical obstacles” the ability to filter and block the infringing material “could not be entirely ruled out”.

Scarlet’s appeal to this decision was based on the technical issues surrounding the task, existing European Law prohibiting required monitoring by ISPs, and breach of privacy concerns while monitoring subscriber traffic. The ISP argued that the performance and effectiveness of the blocking/filtering systems were unproven and would create issues for their network (such as capacity and latency). ‘General monitoring’, or monitoring their entire subscriber base, is prohibited by Article 15 of the 2000/31/EC Directive which states “Member States shall not impose a general obligation on providers…to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity”. The last point of the appeal was that a filtering system would breach European Union privacy law as filtering a portion of the P2P data travelling over their network would involve the processing of IP addresses, which is considered personal data.

The court sided with Scarlet finding that although an injunction would continue to be acceptable within the current law, the general monitoring nature of the injunction made it “unfair and disproportionate” (as prohibited by Article 8 of the 2001/29/EC Directive) as well as excessively costly, and also that the scope of injunction was a serious infringement into the freedom of the ISP to conduct its business. The court also agreed that the monitoring equipment would infringe on the privacy rights of the ISPs subscribers, specifically the protection of personal data (the IP addresses used to monitor transmissions), but also the freedom to impart and receive information as it is near impossible to tell between lawful and unlawful content when sent via P2P.

P2P traffic has traditionally been stereotyped as solely a method for distributing copyright infringing material. This is an antiquated belief, however as the technology has been successfully adapted in many respected and legitimate systems (such as Skype and the video game ‘World of Warcraft’) and is used in every day functions by your average internet user (sometimes without their knowledge) as an efficient way to broadcast data from a single source to multiple destinations. Canadian ISPs are not known to monitor data sent via the P2P medium, however both Rogers and Bell openly admit to “throttling” P2P traffic to dissuade media sharing and to give priority to other internet uses such as email and web surfing (although it has recently been reported that Bell will stop this practice next year). P2P transmissions fragment the content being transmitted into a large number of smaller pieces (packets), making it extremely difficult to determine if any of the packets involve suspicious contents (encryption makes this even harder); any scheme to analyze network traffic based on the content being transmitted will be very tough to implement and will potentially also filter valid data.

For now, in Europe, the ruling leaves an injunction with a narrower scope still available as a remedy, but removes network-wide monitoring as a possible means for holding ISPs and other communication intermediaries accountable for their subscribers’ actions; technological development could have a part to play as a cheaper and more efficient solution might reopen the issue, satisfying some of the arguments identified by the court for rejecting the order, and would leave only the issue of privacy preventing the type of injunction originally requested by SABAM.

Posted in European Union, Human Rights Issues, Infringement, Internet, Internet Sharing, Privacy, Secondary (ISP) Liability