Senjie Bao

The University of Melbourne

Keywords

copyright; infringement; enforcement; internet; ISP

Background

On 20 November 2008, the Australian Federation Against Copyright Theft (AFACT) representing 34 film companies including Universal Pictures, Sony Pictures Entertainment, Village Roadshow, Warner Bros Entertainment, the Seven Networks, Twentieth Century Fox Film Corporation, and others commenced a lawsuit against one of Australia’s largest internet service providers (ISPs), iiNet, in Federal Court of Australia. AFACT alleged that iiNet had authorized its users to download illegal movies through peer-to-peer network (BitTorrent) and thus should be liable for the copyright infringement.

AFAC had conducted investigations into copyright infringement and sent notices to iiNet from July 2008. The notices did not include AFACT’s detection methodology but requested iiNet to warn, suspend or terminate the internet service of its users to stop the copyright infringement. iiNet did not ast as requested and claiming that it is not iiNet’s responsibility to take actions based on AFACT’s allegations and the offence should have been proven in the courts before iiNet can disconnect its customer’s internet.

This case was finally taken to the High Court by AFACT after iiNet won the lawsuit in the Federal Court. However, the High Court made its decision on 20 April 2012 in favor of iiNet and dismissed AFACT’s appeal. The High Court held that the power that iiNet had to prevent its customer from copyright infringement was indirect as iiNet had no control of torrents file sharing. In addition, the High Court also considered the notice sent by AFACT which did not include its methodology was not sufficient for iiNet to take actions.

ISP’s Responsibility

As a consequence of iiNet’s winning, copyright holders will now hard to prove ISPs are liable for their customers’ copyright infringements which make it more difficult for copyright holders to protect their rights. This raises the issue of whether ISPs should be liable for their users’ copyright infringement.

Copyright Enforcement

From ISPs’ perspective, making service providers responsible for their actual users’ behavior is not fair for them and this argument is generally supported by courts (Kidman 2011). In iiNet’s case, the core factors contribute to iiNet’s winning is its indirect power to prevent the copyright infringement as well as AFACT’s insufficient information on the notices which made the High Court held that it was not unreasonable for iiNet to act as it did (Bushby & Webb 2012). The High Court made this decision based on subsection 101(1A) of the Copyright Act 1968 which determines the authorization liability (Swinn 2012). However, the Chief Justice French, Justices Crennan and Kiefel also noted that this provision was not ready to suit to BitTorrent copyright infringement and needs to be changed (Webb 2012).

Australian ISPs started their engagement in online copyright infringement prevention in 2011 when they were facing ongoing push from the filming industry (Kidman 2011). Five major Australian ISPs including Telstra, Optus, iiNet, Primus, and Internode proposed an online copyright enforcement scheme through Communication Alliance. Very similar to Europe’s “three strike” approach, the scheme was education-based that ISPs will send education and warning notice to their customer who downloads unauthorized files from internet and being detected by copyright owners. Australia’s ISPs agreed on this scheme and started an 18 month trial in 2011 (Colley 2011). However, under this scheme, ISPs will not impose any sanctions against their customers or disconnect their internet access.

Legislative Reform

A lawsuit against ISPs is not an effective way but expensive way for copyright owners to protect their rights (Muir 2012). In iiNet’s case, AFACT was ordered by the High Court to pay iiNet’s legal expenses which was said to be approximately 9 million (iiNet Press 2012). Traditional legal action against individuals is also inefficient and ineffective due to large number of infringers and technically sophisticated internet users.

Thus, copyright owners now turn to government to introduce new policy to force ISPs to be more active in online copyright infringement prevention. Some countries such as UK, New Zealand, and France, are in the process of implementing or have implemented a statutory approach through amending the law. Australian government has also recently released a “Online Copyright Infringement Discussion Paper” which outlines 3 proposals to amend the Copyright Act 1968 (Webb 2014).

1. Propose 1 – Extended Authorization Liability. This amendment is directly derived from iiNet’s case and proposing the court need also taking ISPs’ reasonable steps to prevent online copyright infringement into consideration as well as their power.
2. Propose 2 – Extended Injunctive Relief. This amendment will enable copyright owners to request ISPs to block infringement websites outside Australia.
3. Propose 3 – Extended Safe Harbor Scheme. This amendment extends the application of the safe harbor scheme from carriage provider to all service providers.

Balancing Intellectual Property and Other Rights

The government discussion paper shows policy-maker’s effort to support Australia’s copyright industries. It is reasonable for copyright owners to seek government to improve the situation in this digital world. However, a balance between protecting copyrights and basic human rights, such as privacy, should also be taken into consideration (Muir 2012). Muir (2012) points out that the copyright owner’s ability to enforce their rights and Internet user’s rights including privacy, access to Internet and freedom of speech, due process should be balanced.

In Telstra’s response to the government’s discussion paper, it is stated that the extension of authorization liability will significantly shift the balance between copyright holders, Internet users and ISPs’ competing interest which copyright law intend to strike thus is not appropriate (Telstra 2014).

In an Online Copyright Infringement Forum held by Communications Minister Malcolm Turnbull in Sydney also finds out that accessibility, timely, and price of the copyrighted in Australia are also factors contribute to online piracy (Law 2014).

Implications and Conclusion

Traditional remedies for online copyright infringement are hard to address the issue while the more recent approach such as “three strikes” and blocking may also breaking the balance of basic human rights as well as competing interests between all parties (Kiskis 2013). The challenge to implement copyright enforcement scheme is to balance the copyright industry, ISPs, and public interest. Any copyright enforcement measures that are not compatible with human rights may not be successful in the long term (Muir 2012).

(Words count: 1021)

References

Bushby, D., Webb, T. (2012). iiNet wins in high court. Retrieved from http://www.claytonutz.com/publications/videos/iinet_wins_in_high_court_tim_webb.page

Colley, A. (2011). ISPs agree to online copyright enforcement plan. The Australian. Retrieved from http://www.theaustralian.com.au/technology/isps-agree-to-copyright-online-enforcement-plan/story-fn4htb9o-1226206441917

iiNet Press. (2012). iiNet wins landmark copyright case. Retrieved from http://www.iinet.net.au/about/mediacentre/releases/20120420-iiNet-wins-landmark-copyright-case.html

Kidman, A. (2011). Aussie ISPs propose copyright enforcement scheme. Lifehacker. Retrieved from http://www.lifehacker.com.au/2011/11/aussie-isps-propose-copyright-enforcement-scheme/

Kiskis, M. (2013). Novel remedies for intellectual property rights infringement online. Jurisprudence 20(4), 1443-1456. doi: 10.13165/JUR-13-20-4-09.

Law, J. (2014). Online Copyright Infringement forum: can anything stop our nation of pirates. Retrieved from http://www.news.com.au/technology/online/online-copyright-infringement-forum-can-anything-stop-our-nation-of-pirates/story-fnjwneld-1227054171162

Muir, A. (2012). Online copyright enforcement by Internet Service Providers. Journal of Information Science 39 (2), 256-269. doi:10.1177/0165551512463992.

Swinn, M. (2012). Roadshow films v iiNet: the high court of Australia holds that an ISP is not liable for the online copyright infringement. [web log post]. Retrieved from http://www.corrs.com.au/publications/ip-preview/roadshow-films-v-iinet/

Telstra. (2014). Submission to the Attorney-General’s Department Discussion Paper ‘Online Copyright Infringement’. Retrieved from http://www.ag.gov.au/Consultations/Documents/OnlineCopyrightInfringement/OnlineCopyrightInfringement-TelstraResponse.pdf

Webb, T. (2012). iiNet’s High Court win means ISPs must still tread carefully on copyright infringement. [web log post]. Retrieved from http://www.claytonutz.com/publications/news/201204/20/iinets_high_court_win_means_isps_must_still_tread_carefully_on_copyright_infringement.page

Webb, T. (2014). Australian government seeks new ways to limit online copyright infringement in the new discussion paper. Retrieved from http://www.claytonutz.com/publications/edition/07_august_2014/20140807/australian_government_seeks_new_ways_to_limit_online_copyright_infringement_in_new_discussion_paper.page

Senjie Bao

The University of Melbourne

Abstract

Internet has a huge impact on people’s life; however, internet also raises the issue of information privacy issue. This paper examines the impact of internet on its users’ information privacy and what are the major concerns as well as how internet users response to those concerns. As a conclusion, this paper believes internet has invaded users’ privacy and suggests few research areas to provide better understanding of internet privacy concerns and its relationship with user’s response, thus online companies can have better privacy practices.

Keywords

information privacy; internet privacy concerns; online privacy; privacy protection

Introduction

Information privacy is defined as individual’s ability to control his or her personal information (Westin 1967) and is one of the most discussed issues in the digital age (Culnan and Bies 2003). The advances in information technologies enable companies to provide personalized information and services to consumers based on the consumer’s personal information. On one hand, those personalized technologies can provide consumers much better user experience in using information systems and applications (Toch et al. 2012); however, on the other hand, consumers’ information privacy becomes more vulnerable (Hong and Thong 2013) and the need to collect consumers’ private information becomes a threat to consumer information privacy and may have negative impact on internet usage growth (Dinev & Hart, 2005).

Researchers have found that trust is one of the most important factors affecting consumers’ online purchasing behavior (Dinew & Hart, 2005) and information privacy is another greatest factor influencing the growth of electronic commerce (Son & Kim, 2008). However, internet users’ privacy has been seriously threatened according to several reports. A survey published on BusinessWeek (2000) shows a quarter Americans consider their information privacy was invaded. Another research shows more than three quarters Americans consider information collected by companies about them was actually very important information, but they do not have any form of control on that information which was collected and used by companies (Dinev & Hart 2005).

This paper examines several information systems papers on information privacy concerns and internet user’s privacy protective response to have a better understanding of internet technology’s impact on individuals’ information privacy. The first question this paper trying to answer is “what is privacy”. Given the concept of privacy has existed for more than 100 years; the conceptualization of privacy is still not consistent in academic literatures. Thus, the first question will explore the definitions of privacy and multi dimensions information privacy. The second question in this paper is “what are internet privacy concerns”. In this question, this paper trying to find out what is information privacy concerns in the context of internet environment and the dimensions if internet privacy concerns. The final question this paper trying to answer is “how internet users response to information privacy threats”. A better understanding of internet privacy concerns and how internet users respond to privacy threats can help online companies implement a better consumer privacy strategy which is critical to success in this information age.

Q1: What is privacy? – Multidimensional Definition

The concept of privacy has existed for more than a century in almost all disciplines of social science (Smith et al. 2011). However, academics have not reached a common definition of what is privacy even though numerous attempts have been made to combine all perspectives together. Smith et al. (2011) classified the definitions of privacy from different disciplines into two main categories namely valued-based and cognate-based. The value-based definition considers privacy as part of human rights and was the first definition of privacy. Under this category, privacy is also viewed as commodity when the privacy paradox was noted after applying this concept to consumer behavior. Privacy as commodity view considers privacy not purely as a human right but also an economic factor which can be calculated. The other category of definition of privacy, cognate-based conceptualization, was often used by psychologists focusing on individual’s perceptions and cognition instead of human rights. Under this category, privacy has been defined as a state by Westin (1967) with four sub states respectively intimacy, solitude, anonymity and reserve. Another cognate-based view considers privacy as control and has been developed by information systems researchers (Smith et al. 2011). In addition, Smith et al. (2011) points out that the general privacy concept includes both physical privacy and information privacy. Different from physical privacy which concerns about physical access to one’s surroundings and private places, information privacy concerns about access to one’s personal information.

The conceptualization and meaning of privacy are also dependent on the context. Acquisti (2004) argues that privacy should be defined as a category of multiple perspectives rather than a single concept and its value may different in different contexts. Basal et al. (2008) refers the context to the research discipline, when, where, who, with whom, why which may all affect the meaning of privacy. Based on this, Smith, Dinev and Xu (2011) summarize context types as (1) contextual sensitivity; (2) industry; (3) political context; and (4) technological applications.

In the context of information systems, Belanger and Crossler (2011) reviewed multiple definitions of information privacy in information systems research literature concluding that information privacy typically defined as control over one’s personal information especially the second use of the information.

Besides privacy’s multidimensional attributes, Smith et al. (2011) also argue that privacy is not anonymity, secrecy, confidentiality, security, and ethics. Refer to both Smith et al.’s research and Belanger and Crossler’s research, Pavlou (2011) points out that Belanger and Crossler base their research on a specific definition from information system discipline while Smith et al. focus on developing a cross disciplines definition of information privacy. Nonetheless, both papers are consistent with information systems literatures’ conceptualization of information privacy. However, Pavlou (2011) also noticed the conceptualization of information privacy was not a future research direction which implies there is little work can do to refine the definition of information privacy or the conceptualization of information may be difficult to reach a consensus.

Q2: What are the information privacy concerns about internet? – Internet privacy concerns

Information privacy concerns

Information privacy concerns are one of the most important research areas on privacy. Researchers usually try to explain different levels of information privacy concerns or to identify the impact of information concerns on several attributes such as the willingness to purchase online or provide personal information (Belanger & Crossler, 2011). Some academics define information privacy concerns as individuals’ concerns about organizations’ information privacy practices (Smith et al. 1996). Researchers have found that information privacy concerns can have influence on individuals’ decision making and preferences or willingness to provide personal identifiable information (Milberg et al. 2000) as well as individual’s willingness to adopt certain technologies such as using internet purchase.

Most researches on information privacy concerns focusing on two main streams: general information privacy concerns and internet privacy concerns (Belanger & Crossler, 2011). General information concerns were discovered before internet privacy concerns and have four dimensions, specifically, collection of data, errors in data, improper use of data, and unauthorized second use of personal information (Smith et al. 1996). The internet privacy concerns were developed few years later than general information privacy concerns and contain three dimensions namely data collection, information control, and privacy awareness (Malhotra et al. 2004). The later developed internet privacy concerns are more focusing on individuals’ willingness to transact but been less referenced in majority research as most researches are more related to initial information privacy issues rather than in the context of internet.

Internet Privacy Concerns

Internet privacy concerns (IPC) are a subclass of information privacy concerns and are representations of individuals’ perception on the personal information they provide through internet (Dinev & Hart 2006). Internet users now are having more knowledge on information technology and becoming more aware of their privacy on the internet. A report shows only 6 percent of Americans trust the websites could process their personal information and protect their data securely (Carroll 2002) while the internet is becoming a much more significant channel for companies to collect and transmit consumer personal information. Therefore, a better understanding of internet users’ information concerns is one of the fundamental factors to success in this information age.

There are many researchers attempted to conceptualize IPC; however, the conceptualizations of IPC are not consistent and the definitions and operationalization of the first-order factors are barely agreed (Hong & Thong 2013). For example, similar dimensions of IPCs can be defined and named differently from case to case. In addition, the measurement for IPC and information privacy concerns is significantly different (Hong & Thong 2013). The differences in measurement may bring difficulties to consolidate prior research findings. Thus, it is critical to develop a consistent perspective in measuring IPC in future research to resolve inconsistency and consolidate findings of prior research.

In a recent research, Hong and Thong (2013) conclude the dimensions of IPC as data collection, secondary use of personal information, information errors, unauthorized access to personal information, control over one’s personal information, and awareness of companies’ information privacy practices. Other relevant concerns but not directly related to IPC include individuals’ fear of being monitored or tracked when browsing the internet, identity issues, legal issues, application issues, and security issues.

Q3: How internet users respond to IPCs? – Information Privacy-Proactive Responses

Having analyzed internet privacy concerns, it is also critical to understand how internet users response to those IPCs. The concept of information privacy-proactive responses (IPPR) is recently been used by academics to define internet users’ response to internet information privacy threats and concerns which are caused by companies’ information practices. Internet users have IPCs when they are asked to provide personal identifiable information to companies through websites or applications. Under this situation, internet users may have several responses to IPC. Specifically, IPPR consists of three main categories of behavior that internet users may have which are: information provision, private action, and public action (Son & Kim, 2008). When internet users have some IPCs, their most possible way to response for protection of personal information is to decline to provide personal information and they can be classified into above categories based on how they respond to online companies’ mishandling their person information.

Information Provision

When having some online activities, most websites requires internet users to register and provide some personal information in the registration form. However, if the internet users are concerned about IPC, they usually refuse to provide personal information or provide incorrect information. Some personal information can also be collected by companies using analytic tools to analyze internet users’ online behavior without awareness of the users themselves. They may realize this only when they received targeted advertisements from online companies. Thus, internet users may reluctantly to provide personal identifiable information for online companies and two forms of response internet users may have are refusal and misrepresentation.

Private action

Research suggests that some consumers may often have some forms of private action including a boycott of a website or online company as well as share one’s negative experience with friends and relatives when they found their personal information was mishandled by the online company. Examples of this lost control of personal information various from receiving junk e-mail to online companies tracking users’ online activities and selling to other companies. Therefore, one form of private actions that internet users may take is removal from online companies’ database. Another form is to share negative experience which is expected to reduce the company’s sales and damage its reputation.

Public action

In addition to information provision and private action, internet users may also take public actions as a response to internet information threats. The main purpose of taking a public action is to find a way to remedy for information privacy threats. Two forms of public actions can be taken by internet users: direct complain to the online company and indirect complain to a third party. Internet users usually complain to third party only when they cannot get satisfactory redress from the online company.

Son and Kim (2008) developed a nomological model to understand how antecedents including IPC, perceived justice and social benefits from complaining affect IPPR. Their research result shows a different level of association between antecedents and IPPR which can provide a theoretical foundation for recommendations for online companies’ managers to take proactive actions. The study shows a general IPC association with six types of IPPR which confirms IPC can causing IPPR; however, the associations between each dimension of IPC and sic types of IPPR are not clear and need future research.

Conclusion and Future Research

Having answered the above three research questions, it can be concluded that the wide spread of internet technology has invaded internet users’ information privacy which causing internet user’s information privacy concerns. The definition and conceptualization of information privacy are various from discipline to discipline. In the information systems literature, information privacy often defined as individual’s control over his/her personal information. As a subclass of information privacy concerns, internet privacy concerns are also a multidimensional concept but research definitions were not consistent which may require future research. The third question answered how internet users may respond to information threats under certain circumstances. However, future research should also be performed to understand the relationships between dimensions of IPCs and types of IPPR to understand in a specific context, which type of IPPR might be adopted by internet users.

(Words count: 2120)

References

Acquisti, A. (2004). Privacy in electronic commerce and the economics of immediate gratification. Proceedings of the 5th ACM Electronic Commerce Conference, New York: ACM Press, 21-29.

Bansal, G., Zahedi, F. & Gefen, D. (2008). The moderating influence of privacy concern on the efficacy of privacy assurance mechanisms for building trust: a multiple-context investigation. Proceedings of 29th International Conference on Information Systems. Paris, France, December 14-17.

Belanger, F. & Crossler, R. E. (2011). Privacy in the digital age: a review of information privacy research in information systems. MIS Quarterly 35(4), 1017-1041.

BusinessWeek. (2000, March 20). Business week/Harrie Pool: A growing Threat. Retrieved from: http://businessweek.com/2000/00_12/b3673010.htm

Carroll, B. (2002). Price of privacy: selling consumer databases in bankruptcy. Journal of Interactive Marketing 16(3), 47-58.

Culnan, M. J. & Bies, R. J. (2003). Consumer privacy: balancing economic and justice consideration. Journal of Social Issues 59(2), 323-342.

Dinev, T. & Hart, P. (2005). Internet privacy concerns and social awareness as determinants of internet to transact. International Journal of Electronic Commerce 10(2), 7-29.

Dinev, T. & Hart, P. (2006). An extended privacy calculus model for e-commerce transactions. Information Systems Research 17(1), 61-80.

Hong, W. & Thong, J. Y. L. (2013). Internet privacy concerns: an integrated conceptualization and four empirical studies. MIS Quarterly 37(1), 275-298.

Malhotra, N. K., Kim, S. S. & Agarwal, J. (2004). Internet users’ information privacy concerns (IUIPC): the construct, the scale, and a causal model. Information Systems Research 15(4), 336-355.

Milberg, S. J., Smith, H. J. & Burke, S. J. (2000). Information privacy:corporate management and national regulation. Organizational Science 11(1), 35-57.

Pavlou, P. A. (2011). State of the information privacy literature: where are we now and where should we go. MIS Quarterly 35(4), 977-988.

Smith, H. J., Dinec, T. & Xu, H. (2011). Information privacy research: an interdisciplinary review. MIS Quarterly 35(4), 898-1015.

Smith, H. J., Milberg, S. J. & Burke, S. J. (1996). Information privacy: measuring individuals’ concerns about organization organizational practices. MIS Quarterly 20(2), 167-196.

Son, J. Y. & Kim, S. S. (2008). Internet users’ information privacy-protective responses: a taxonomy and a nomological model. MIS Quarterly 32(3), 503-529.

Toch, E., Wang, Y. & Cranor, L. F. (2012). Personalization and privacy: a survey of privacy risks and remedies in personalization-based systems. User Model User-Adap Inter 22, 203-220. doi: 10.1001/s11257-011-9110-z.

Westin, A. F. (1967). Privacy and Freedom, New York: Atheneum.