In March last year the European Parliament (EP) approved a directive that allowed harsher sanctions against infringers on the intellectual-property (IP) rights of others. Crucially this directive, known as the Intellectual Property Rights Enforcement Directive (IPRED), was amended to prevent criminal sanctions from being made available in all IP cases.
At the time, a coalition of rightsholder groups said it would continue to press for criminal sanctions at the EU level. Two weeks ago the European Commission announced that it had adopted proposals for a directive that would allow criminal-law provisions to combat infringements of IP rights. The Commission claimed that the proposed measures were merely "to align national criminal law", but some are concerned that the law will go much further and jeopardise open source developers, file sharers and companies using software that infringes intellectual property.
So what does the directive propose? The directive claims that it will apply to "all intentional infringements of an IP right on a commercial scale". The penalties to those caught offending include four years' imprisonment; fines; seizure and destruction of the offending goods; closure of the establishment used to commit the offence; a ban on engaging in commercial activities; and denial of access to legal aid.
The UK already offers criminal sanctions against those accused of infringing trademark or copyright, but not against those accused of infringing patents. The law in the UK is generally used only in cases of large-scale organised crime, while the European directive appears to offer enforcement against any type of IP infringement on a commercial scale.
Richard Penfold a partner at law firm DLA Piper Rudnick Gray Cary, said the proposed directive will "beef up criminal provisions" for those accused of infringing IP in the UK and will make IP infringement a more serious offence in many EU member states. He says the directive is aimed at organised crime but could impact free and open source software and businesses that are using infringing software.
Paul Stevens, a partner at law firm Olswang, says he did not think the law would affect the situation in the UK, as the directive was primarily about harmonisation and the UK justice system is likely to take a reasonable view to minor infringements.
"[UK] courts are quite sensible about these sort of things — they are not going to imprison someone for a marginal thing," said Stevens. "Trading standards [the UK government agency that tackles trademark infringement] are not going to go after someone where the case is marginal. They will go after people who in course of business cynically possess something that is clearly an infringement — someone who is a professional infringer or counterfeiter."
Impact on open source developers
There are two main implications of this directive to free and open source software. Firstly, if a free software developer is found to have infringed intellectual property in the code he has written, he could be subject to criminal charges and may not be granted legal aid to defend himself. Developers of proprietary software in commercial settings would be less affected, as the company they work for would generally be held accountable rather than the individual developer.
"The free software community should be aware of it [the proposed directive] and follow it closely. It is something that they could find themselves at the end of if they're not careful, although the full force of it will be aimed at sophisticated counterfeiting businesses," says Penfold from DLA Piper.
Georg Greve, the president of the European branch of the Free Software Foundation (FSF), says his organisation is worried about the directive, as those who move along "the borders of what is allowed and what is not", which includes some free software developers, now risk criminal punishment.
"Today, these people have to work under threat of financial punishment, in some cases possibly wiping out their financial livelihood. If this new directive comes to pass, they additionally risk going to jail," he says
The second implication of this directive is that if a software product is found to infringe IP, businesses and individuals using the software could be subject to criminal charges. This could dissuade companies from using open source software, due to concerns about the risk of IP infringement, according to Penfold from DLA Piper.
Although those using proprietary software face a similar risk, there has been some scaremongering about the risk of intellectual property infringements in open source code. For example, the City of Munich temporarily delayed its Linux migration due to concerns about patent problems in the open source operating system. Microsoft has also made claims about the risk of IP infringement in Linux, for example, the company's CEO Steve Ballmer said at a conference in Singapore that Linux violates more than 228 patents and that someday "somebody will come and look for money owing to the rights for that intellectual property".
Stevens from Olswang claims it is unlikely that the users of software would be affected by the directive — the organisation that developed the software is a more obvious target, and any company that pursues criminal cases against users is likely to suffer from the bad publicity.
"It's not that often that companies who have IP rights pursue cases against users," he says. "Most IP owners want you to continue buying their product and to continue dealing with them. If they started threatening someone with prison or a criminal record, how do you think their customers will feel?"
But, there is one well-known case where users were prosecuted for using code — the SCO Group's case against car maker Daimler-Chrysler and auto-parts retailer AutoZone over their use of Linux. SCO claimed that AutoZone infringed on SCO Unix copyrights through its use of Linux and that DaimlerChrysler had breached its contract with SCO.
Although the cases have not helped SCO's reputation as a software vendor, the cases are likely to have helped the company sell IP licenses to Linux users, which is one of its business strategies. The company has also received considerable sums of money from Microsoft, which has lead some in the industry to claim that Microsoft is driving SCO's legal battle against Linux.
Ross Anderson, the chair of the Foundation for Information Policy Research (FIPR), says that the proposed directive could help SCO and other companies in future IP infringement cases against open source software.
"In future somebody like SCO will have another course of action open to them — the threat of criminal charges. This threat would enable SCO to cast a larger legal cloud. Once you make something a crime, respectable, middle-aged executives are less happy to do it," says Anderson.
Penfold from DLA Piper agrees that the proposed directive could "quite possibly" allow the imprisonment of the boss of a company that is using infringing software, although it will depend on whether the defendant can argue that it was unintentionally infringing. "How will the directive differentiate organised crime from a business that is unknowingly infringing? — We'll have to see," he says.
FSF Europe is also worried about SCO using the directive to its advantage. Joachim Jakobs from FSF Europe says that not only could companies face being tried in a criminal court, but SCO could also be allowed to join the criminal investigation — the directive calls for "Joint Investigation Teams", where the holder of the IP rights can assist the criminal investigation.
At present, some open source and proprietary software products are covered by IP indemnification policies, which cover products if they are found to infringe a third parties IP. These policies would not cover companies against criminal action, according to Penfold from DLA Piper. "If an infringement is a crime then the infringer is clearly liable to be found guilty of a criminal offence if prosecuted," he says. "An indemnity covers the monetary loss a party sustains due to a breach of contract — it would not cover criminal conviction."
As the directive only covers IP infringements on a "commercial scale", file sharers may be exempt from this directive. "It covers infringement on a commercial scale so would not cover the private individual downloading unlicensed music unless he or she were selling it on," says Penfold from DLA Piper.
The proposed directive does not yet define what is meant by 'commercial', however, and this definition will impact whether file sharers are excluded from the directive. In the IPR Enforcement Directive, commercial was defined as "anything which creates a direct or indirect economic advantage". This definition could include file sharers, according to Ian Brown from the Foundation for Information Policy Research in an earlier interview. "You could argue that a file-sharer gets an economic advantage by downloading a song," he said.
Current UK law does not offer criminal sanctions against those accused of infringing patents, but the proposed directive claims to cover "all intellectual property".
Penfold says it would be difficult to justify criminal action against those accused of patent infringement due to the complexity of patent lawsuits. "Patent infringement is very complex and can take a number of years to resolve in court. You're unlikely to see the police impounding things which are infringing patents," he says.
Hartmut Pilch of campaign group the Foundation for a Free Information Infrastructure (FFII), does not think many people in the industry will support the criminalisation of patent infringements, including lobby groups acting on behalf of big businesses. "A year ago we agreed with [pro-patent lobby group] EICTA that patents should stay out of that scope," he says. "The copyright lobbies who were behind the IPRED also weren't keen on having patents in it. Thus the Commission seems to be moving against a rather large consensus this time."
Anderson from the FIPR, says groups that are lobbying for the criminalisation of IP infringement are trying to crack down on legal activities such as grey market trading, rather than counterfeiting.
Grey market trading is a legal form of trading where companies or individuals circumvent the authorised channels of distribution to sell goods at a lower price than intended by the manufacturer in a certain market. For example, a company may take advantage of a software vendor setting particularly high prices for its products in one country by reselling legitimate copies purchased in a market where prices are lower.
"There is a lot of noise being made about how this [directive] is to crack down on piracy. But it's actually around controlling value chains — preventing companies from selling products or spare parts at a cheaper price," says Ross.
Penfold from DLA Piper said the law would not affect products bought and resold within the EU as it is a common market, but would impact the resale of products bought outside the EU. He did not think the full force of the law would be used against companies that resell products outside their jurisdiction. "These criminal penalties are not aimed at parallel importers — they are aimed at counterfeiters," he says.
Overall, Penfold cautioned that the law must be "carefully drafted" to ensure that it treats criminal organisations differently from file sharers, free-software developers and companies using infringing software they do not know to be infringing. "I would find it strange if an organised crime boss gets four years, and an 18 year old in his home downloading music gets the same," he says.
Although it is not yet clear to what extent the proposed directive will impact free software, file sharers and those accused of patent infringement, the fact that the EC has proposed this directive just over a year after the European Parliament rejected proposals to criminalise IP infringements, raises questions about the interaction between the executive and parliamentary institutions in the EU — should the EC be able to propose a similar law so soon after it has been rejected by a clear majority?
Civil rights campaigners, such as the FIPR, are now gearing themselves up to fight the EC's latest attempt to criminalise IP infringements. Anderson from the FIPR called on individuals and computer companies to contact their MEPs and consumer groups. "It's now down to concerned geeks and computer companies to make a fuss in Brussels," says Anderson.