The increase in demand for multimedia content, favored by the new lockdown (more or less light depending on the region), has generated an increase in the number of platforms that allow the viewing of pay TV and streaming events free of charge, unlawfully. This growing phenomenon of audiovisual piracy has been strongly challenged by the Italian justice system which, in the last quarter, has been at the forefront of the battle with decisions that are unique in Europe.
Before we analyze the content of the decisions of the Italian Courts, we need to clarify the underlying technical issues.
The Internet Service Agreement and ISP Liability
Let’s start with a quick technical/legal examination of the sector we are dealing with, and specifically that of Internet Service Providers (ISP) which is the means by which audiovisual contents are illegally diffused (in the cases we will analyze) to the public.
The Internet Service Provider contract is the contract whereby one party, the provider, grants another party, the customer, access to Internet and provides further services free of charge or for a fee.
Given this simple definition, the liability regime applied to Internet Service Providers is constantly evolving and is a platform for interesting case law debates.
In Italy, the rules concerning ISPs are contained in Decree 70/2003 (which has implemented Directive 2000/31/EC of the European Parliament, on the subject of Ecommerce), they provide for different degrees of responsibility for the different activities that in practice can be carried out by ISPs.
The differentiation is based on a tri-partition which refers to the technical peculiarities of the Providers, and identifies the following categories:
• Those who carry out the activity of simple data transport, identified as “mere conduit”;
• Those who carry out the activity of temporary storage, identified as “caching”;
• Those who perform the activity of storing (“hosting”) information.
Mere conduit and caching activities have a much lighter liability regime than hosting activities, given the longer period the information remains on the provider’s site.
In each and for all three categories the rule of general protection always applies, accordingly ISPs are not bound to a general obligation to monitor the information and activities they convey, nor do they have an obligation to search for activities that may be potentially unlawful, but merely have to:
• inform the supervisory Judicial Authority or the Administrative Authority ,if they become aware of alleged unlawful activities,
• provide without delay, at the request of the competent Authorities, information in their possession that allows the identification of the recipient of their services, to identify and prevent illicit activities and,
• ISP is liable under civil law if, having received notice from the judicial or administrative authorities, it has not acted promptly to prevent access to unlawful contents, or if, having knowledge of the unlawful nature of an activity carried out through it, it has not informed the competent authority.
The new categories of Internet providers and the evolution of jurisprudence
With the increase in complexity, new categories of Internet providers have emerged that are technically difficult to assimilate to the above-mentioned three typologies, such as, for example, audio and video streaming platforms, wireless Internet service providers, commercial service providers (CSP), providers for the registration of domain names (so called registrar), providers that supply the service for resolving domain names (cd. dns) etc.
The characteristics of these new subjects play a role in the panorama of internet service providers – incompatible with the entities of intermediary expressly regulated by articles 15 and 16 D. Lgs. 70/2003.
Consequently, the evolution of case-law has led to further definitions of ISPs:
• Access providers, i.e. subjects that allow the public access to a Telematics Network;
• Service providers, i.e., entities that offer communication and/or information processing services to users that are intended for the public;
• Content providers, i.e. subjects that provide information intended for the public that passes through the telematic network..
This long, but we believe necessary, premise was intended not only to provide an adequate technical/legal background on the issues addressed, but also to establish a concept of which we are deeply convinced, namely that for computer piracy we can use the same axiom that was used with doping at the time of Armstrong, namely “that doping (in our case computer piracy) is always one step ahead of medical science (in our case the legal remedies) that can do nothing but chase“.
What is common to new case-law on the subject of ISPs is not only the technical/legal interpretation of the Judges but also (and perhaps above all) the high technical competence of the consultants who have flanked the Judges in the various decisions.
Let’s see why.
Content Delivery Network (CDN) and reverse proxy: “pro” piracy allies
The definitions of ISPs used so far together with their different systems of liability were no longer sufficient to stem the system of digital piracy now based on a new technical/legal subject: the so-called Content Delivery Network (CDN).
CDN means a network of servers, connected to each other and used to distribute multimedia content on the network (such as movies or live events); it is a kind of network within the network that aims, through the branching of servers around the globe, to improve the delivery process to the various hubs of the network and consequently to devices (PCs, tablets, cell phones) physically closer to avoid the funnel effect, so it is a perfect system for streaming.
The real problem is that CDNs are often flanked by an additional figure functional to the delivery of the service defined reverse proxy for the protection from cyber attacks and the improvement of the performance of sites: the combination of these two roles nowadays is the best tool to mask the identity of the administrators of pirate platforms.
In 2018, it was already clear to experts that this “new channel” to reach the public was the tool that would be used by hackers to curb prosecution. This because “with this new business model, however, it doesn’t take long to circumvent a judgment, just a few hours and the pirates are back in action again, simply by activating new platforms”.
The orders of the Italian courts on audio-visual piracy
The first decision that sees the change of approach with reference to ISPs’ (specifically CDNs) liability is the order issued by the Court of Rome (Sezione Impresa on June 24, 2019). More recently, we also see order (no. 42163/20) issued by the Court of Milan (Sezione Impresa on October 5, 2020).
In the most recent order the plaintiffs were Sky Italia and Lega Serie A, as owners of the retransmission rights of Serie A football matches. The two plaintiffs sought a court order to prevent several CDNs from providing access to “IPTV THE BEST”, a popular IPTV service that allows its users to watch matches intended for subscribers without paying.
Copyright holders have asked several companies, including the hosting provider OVH and CloudFlare to stop the service and ISPs such as Vodafone, TIM, Fastweb, Wind and Tiscali, to interrupt the connection by blocking at IP level or DNS name resolution of services traceable to the pirated infrastructure.
The Provider’s defence has always been based (and here we come back to what has been illustrated above) on the argument that the memorization or even the temporary memorization (if not the mere conduit…) of contents, even if later proved to be illicit, cannot be qualified as illicit.
Last September the Court of Milan issued a preliminary injunction ordering Companies to stop working with the IPTV provider, regardless of the domain name or IP address used.
Despite CDNs’ fierce defence, which prolonged the case for over a year, the court did not change its position.
The important jurisprudential news
It is precisely here that the Milan Court goes beyond old jurisprudence by stating that what matters, regardless of the given definition of ISP is the consequence that the behavior facilitates the illegal activity of infringing intellectual property rights.
The Order also specifies how the definitions given in the European directive on electronic commerce (2000/31/EC) are irrelevant in cases such as these.
Further the order states that CDN services must be inhibited because they contribute to allowing a third party to carry out an unlawful act, even if there is no data storage by the CDN.
The injunction is only effective against Italian CDNs but, in theory, there are reasons to apply the same concepts throughout Europe or even worldwide.
The motivation and the technical/legal criteria have already been followed in other proceedings and recently by the Court of Milan’s Decree (Proceeding n. 39846/20) of 20 November 2020 In this proceeding, the “usual” plaintiffs Sky Italia and the Lega Nazionale di Serie A, complained that a series of “pirated” services were currently available on the Internet for the illicit enjoyment, live, of all the matches of the Serie A League and that the phenomenon of the so-called “IPTV” services was spreading.
These showcase sites were attributable to various hosting service providers who had already been formally warned against allowing users access to the aforementioned IPTV services. Moreover, the plaintiffs had also informed the main Italian connectivity service providers, identified as “mere conduits”.
All the resisting parties defended themselves claiming to have complied with the provisions of Legislative Decree 70/2013 by reporting to the competent Authority but that it was impossible for them to proceed with the inhibition in the absence of a specific judicial order.
The Judge, in the light of the above, ordered all the ISPs resisting “to immediately adopt the most appropriate technical measures in order to effectively inhibit all recipients of their services from accessing a series of IPTV showcase sites, again emphasizing that” there is a presumption of sufficient legal basis “in the alleged violations so that they must be considered to exist, and the position of the resistin ISPs – abstractly not responsible for these offenses pursuant to art. 14 Legislative Decree no. 70/03 – is relevant in relation to their role as intermediaries, which in any case justifies the adoption of an injunction against them, regardless of the existence of fraud or negligence in relation to the alleged violations“.
Case-law confirms with this recent decision how the definitions of ISPs contained in the European Directive (implemented in Italy by Legislative Decree 70/03 ) lose value when you consider the protection of a more important principle such as the protection of intellectual property rights that cannot consider as an exemption their qualification of mere intermediaries.
We are certain that these decisions will be the new pivotal points of jurisprudence in the field of ISPs for the next few years (or maybe months, or maybe days given the evolution of piracy).
1) When we talk about Providers and their liability , we must consider that the subjects involved in this legal relationship are always at least three: a) the subject who makes the service available, the Provider, precisely, who acts as provider of the Internet service; b) the users who, in any form, use the service, that is the Internet Network; c) the subjects who may see their rights violated as a result of the use of the Internet Network.
2) Already dealt with in “La responsabilità dell’ISP per la violazione del diritto d’autore: dal caso RTI/YOUTUBE alla delibera AGCom. In CASSANO, Giuseppe, SCORZA, Guido, VACIAGO, Giuseppe (edited by). Internet law. Operating manual. Cases, legislation, case law”. Padua, CEDAM, 2012. Page 425
5) Liability could therefore be excluded for those carryin out hosting activities when: a) the provider is not aware of the fact that the activity carried out is illicit (with reference negligence actions , the concept of knowledge is reduced to the concept of manifest illicitness of the activity) , b) measures are immediately taken to remove the illicit activities as soon as the host becomes aware of them.
6) We think that it was the Court of Bologna (Trib. Bologna 14.6.01, in Dir. Aut., 2002, 332) that provided a different legal qualification of the operators of the Internet
8) Articles 14, 15 and 16 of Legislative Decree no. 70 of April 9, 2003, “Implementation of Directive 2000/31/EC on certain legal aspects of information society services in the internal market, with particular reference to electronic commerce”
10) In Italy we have had other measures that have already followed this one and in fact an operation conducted by the Public Prosecutor’s Office of Naples has led to the obscuration of about 700 Web sites and more than 300 pirated IPTV platforms during the match Cagliari – Sampdoria of November 7 last year, with the aggravating circumstance that during the match to the “illegal” spectators appeared a message of the following tenor: “This illegal streaming service has been subjected to seizure” that continued with “The access data constitute evidence available to the judicial authority”, with the specter of a future judicial action against the viewers ↑.
11) Art. 14 (Liability for the activity of mere transportation – Mere conduit-) 1. In the performance of a service of the information society consisting in the transmission, over a communication network, of information provided by a recipient of the service, or in the provision of access to the communication network, the provider is not liable for the information transmitted provided that: a) he/she does not originate the transmission; b) he/she does not select the recipient of the transmission; c) he/she does not select or modify the information transmitted. 2. The activities of transmission and the provision of access referred to in paragraph 1 include the automatic, intermediate and transient storage of the information transmitted, provided that this serves only the transmission on the communication network and that its duration does not exceed the time reasonably necessary for that purpose. 3. The judicial authority or the administrative authority with supervisory functions, may require, even as a matter of urgency, that the provider, in the exercise of the activities referred to in paragraph 2, prevents or terminates the violations committed.