Nominet UK v Diverse Internet Pty Ltd

Judgment (12 paragraphs)

[1]

THE COURT ORDERS THAT: 1. It is hereby declared that the third respondent has infringed the applicant's copyright in the Database and in the WHOIS Database as respectively defined in paragraphs 6 and 7A of the Second Further Amended Statement of Claim. 2. It is hereby declared that the third respondent was knowingly concerned in contraventions by the fifth respondent of ss 10 and 12 of the Fair Trading Act 1987 (WA). 3. The third respondent be, and is hereby restrained from, without the licence of the applicant, copying or reproducing or authorising the copying or reproduction of the whole or any substantial part of the Database or of the WHOIS Database or the information contained in either of them. 4. The third respondent be, and is hereby restrained from, copying, disclosing or using the information contained in the Database and the WHOIS Database or either of them or any copy of the whole or any part of either of them. 5. The third respondent be restrained from publishing or distributing or causing to be published or distributed, any documents in the form of the documents which appear behind tabs 7 to 10 of the Affidavit of Emily Elizabeth Gemma Taylor sworn on 15 August 2003. 6. The third respondent be, and is hereby restrained, from representing, in trade or commerce, in Australia or elsewhere, contrary to fact, that: (a) the fifth respondent was, or was associated with, or had the sponsorship or approval of, the applicant; (b) the fifth respondent was an authorised manager of a central database or an official internet registry or both; (c) the services offered by the fifth respondent were services offered by or with the sponsorship or approval of the applicant; (d) the Registrants to whom the UKIR Notices (as described in the Reasons for Judgment) were addressed had a pre-existing relationship with the fifth respondent; (e) the applicant authorised the fifth respondent to contact Registrants in relation to the registration or hosting of the .com domain name corresponding to the Registrant's .uk domain name; (f) a Registrant's .uk domain name was due to expire or be cancelled for non-renewal; (g) any of the UKIR Notices was a bill, invoice or statement of account due, based upon an existing or prior business relationship between the fifth respondent and the company or business to whom the UKIR Notice was addressed in each case; (h) any UKIR Notice was a notice for the renewal of an existing registered .co.uk domain name of which the recipient was the registrant; (i) the .co.uk domain name to which any UKIR Notice related was due for renewal; (j) the recipient of any UKIR Notice risked losing the registration of its existing registered .co.uk domain name if it did not take steps to have it renewed such as by requesting the fifth respondent to renew the name and by returning the bottom portion of the Notice with payment for the requested sum; (k) the registration of any recipient's existing .co.uk domain name had expired or would expire if payment was not made as requested in the UKIR Notice; (l) the fifth respondent was offering to re-register or renew the registration of the existing .co.uk domain name of the recipient of any UKIR Notice; (m) the recipient of any UKIR Notice would be required to pay the amount mentioned in the UKIR Notice in order to maintain the registration of its existing .co.uk domain name; (n) the recipient of any UKIR Notice had previously registered a .com version of its .co.uk domain name and this registration was due for renewal. 7. The third respondent is to deliver up to the applicant's solicitors all documents, (including but not limited to electronic copies of documents), in the possession, power or control of the third respondent, whether original documents or copies that are directly or indirectly derived from, or which embody any information extracted from, or contained in, the Database or the WHOIS Database. 8. The third respondent is to pay to the applicant damages to be assessed including additional damages or, at the election of the applicant, an account of profits pursuant to s 115 of the Copyright Act 1968 (Cth). 9. The third respondent is to pay to the applicant damages to be assessed pursuant to the Fair Trading Act 1987 (WA). 10. The third respondent is to pay the applicant's costs of the proceedings against the third respondent. 11. The third respondent is to pay interest pursuant to s 51A of the Federal Court of Australia Act 1976 (Cth) to be determined. 12. The applicant has liberty to apply for further or other orders within 28 days. Note: Settlement and entry of orders is dealt with in Order 36 of the Federal Court Rules

REASONS FOR JUDGMENT Introduction 1 Nominet UK is a company limited by guarantee which was incorporated in 1996 by the Internet Industry in the United Kingdom to provide a central registry for UK-based Internet domain names. The company keeps a Register of persons and organisations who use domain names under the UK country code and certain sub-domains or Second Level Domains (SLD) with codes such as .co.uk and .org.uk. Nominet UK also provides a search function using a Database derived from its Register and known as the WHOIS Database. 2 In January 2003, two Australian companies, Diverse Internet Pty Ltd (Diverse Internet) and Internet Payments Pty Ltd (Internet Payments) associated with Bradley Norrish and Chesley Rafferty used sophisticated search techniques of a kind known as 'data mining' to extract and collate names and other details of Registrants on the Nominet UK WHOIS Database. Through another company, (UK) Internet Registry Ltd ((UK) Internet Registry) controlled by Mr Rafferty and incorporated in the Republic of the Seychelles, they sent notices from Western Australia to some 50,000 of those Registrants in the UK. The Notices offered registration of domain names ending in the code .com. 3 Nominet UK commenced proceedings against the three companies and against Messrs. Norrish and Rafferty alleging infringement of its copyright in the Registry Database and the WHOIS Database. The company also alleged that the Notices sent to its Registrants were misleading in various respects. As well as containing a number of false representations, Nominet UK claimed that the Notices conveyed the false impression that (UK) Internet Registry was somehow affiliated with or had some sponsorship or approval from Nominet UK. 4 The proceedings came to trial on 21 June 2004. On that day the Court was informed that they had been settled against all respondents other than Mr Norrish. The other respondents have, in effect, conceded the bulk of the claims made against them by Nominet UK. Various declaratory and injunctive orders were made against them by consent at trial and the question of damages stood over for assessment. Those orders are set out at the commencement of these reasons. 5 Mr Norrish continued to contest his personal liability. For the reasons which I now publish, I find that he infringed the copyright of Nominet UK in its Databases by authorising their infringement by an employee of Diverse Internet, the company which he controls. I find also that the Notices sent by (UK) Internet Registry to Registrants in the United Kingdom were misleading and deceptive and that he was knowingly concerned in their preparation and dispatch. The Internet and Domain Names - Background and History 6 The 'Internet' is a name given to a global complex of connections between computers forming networks which are owned and operated by various organisations. The history of the Internet and role of domain names in it was described, for the purposes of these proceedings, in the unchallenged evidence of William Black, who is the Executive Chairman of Nominet UK and Jay Daley, Nominet UK's Director of Information Technology. 7 The Internet had its beginnings in 1969 in the establishment of a network between the United States Department of Defence, defence contractors and various universities. The network so created was called the 'Advanced Research Projects Agency Network' ('ARPANet'). The setting up of the network involved the creation of domain names or addresses for its users. 8 A domain name identifies a particular computer connected to the Internet. Each networked computer uses a common Internet Protocol which provides a unique numeric Internet Protocol address (IP address) such as 124.57.32.6 for the relevant computer server. Although each IP address is defined by a set of numerals, Internet users have, from the beginning of the Internet, been able to adopt alphanumeric combinations which are more convenient and which are known as 'domain names'. 9 The address naming scheme for ARPANet defined different classes of domain names as users were registered under those names for the purpose of network management. So university users had domain names ending in '.edu'. Commercial corporate users ended in '.com'. Government departments ended in '.gov'. Each particular user would identify itself by an appropriate prefix. So Stanford University was 'stanford.edu'. 10 The United Kingdom and other countries developed networks of computers including defence organisations, universities, commercial organisations and government agencies. The protocols and standards which they developed for communication within these networks were not uniform. In the 1980s it became apparent that it was necessary to provide links between the various nationally-based networks. Unification of their disparate naming schemes was imperative. Generic domain name endings became known as Top Level Domains (TLDs). They describe classes of users or addresses within the Internet. Some of them were independent of any association between the addressee and a particular country. They included '.com', '.org' and '.net'. 11 Country codes were established to identify users of different national origins. So domain names ending in '.uk' identified computer servers in the United Kingdom, '.fr' for France and '.au' for Australia. These end codes became known as country code Top Level Domains (ccTLDs). 12 The assignment of generic address designations was part of the development of the Domain Name System (DNS). That development was described in a 1994 document entitled 'Domain Name System Structure and Delegation' written by Dr J Postel of the Information Sciences Institute of the University of Southern California. The paper was in the form of a memorandum written for the 'Internet community' and is frequently referred to by the alphanumeric designation RFC 1591. 13 In that memorandum, which was exhibited to Dr Black's principal affidavit, Dr Postel succinctly described the DNS thus: 'In the Domain Name System (DNS) naming of computers there is a hierarchy of names. The root of system is unnamed.(sic) There are a set of what are called 'top-level domain names' (TLDs). These are the generic TLDs (EDU, COM, NET, ORG, GOV, MIL and Int), and the two letter country codes from ISO-3166. It is extremely unlikely that any other TLDs will be created. Under each TLD may be created a hierarchy of names. Generally, under the generic TLDs the structure is very flat. That is, many organizations are registered directly under the TLD and any further structure is up to the individual organizations. In the country TLDs, there is a wide variation in the structure, in some countries the structure is very flat, in others there is substantial structural organization. In some country domains the second levels are generic categories (such as, AC, CO, GO, and RE), in others they are based on political geography, and in still others organization names are listed directly under the country code.' Dr Postel observed that each of the generic TLDs was created for a general category of organisations. The country code domains were each organised by an administrator for that country. Those administrators further delegated the management of portions of the naming tree. They performed a public service on behalf of the Internet community. He described the various world wide generic domains. In summary they are as follows: COM - a domain intended for commercial entities EDU - a domain originally intended for all educational institutions but restricted subsequently to universities and colleges NET - a domain intended only for the computers of network providers ORG - a domain intended as the miscellaneous TLD for organisations that did not fit anywhere else and which could include non-government organisations INT - a domain intended for organisations established by international treaties or international databases. 14 Dr Black described the further development of the DNS in his affidavit. DNS now includes a number of generic TLDs and about 250 ccTLDs. A ccTLD is chosen by the local Internet community of organisations using the network in a particular country. 15 Dr Black described the DNS as providing '...a mapping function between a domain name and its corresponding IP address for the computer which hosts that domain name'. He referred to 'nameservers' which are computers permanently connected to the Internet to execute the mapping function between a domain name and its corresponding IP address and vice versa. Information on nameservers for the purpose of the mapping function is stored in a 'zone file'. The nameservers and their zone files are necessary so that users can connect to the Internet by the use of a domain name. The routing machinery on the Internet only needs to pass data packets from computer to computer. The zone files therefore only need to contain the domain names and the corresponding IP address. They do not need to keep all the other data associated with registrants of the names. Registries have to keep such data for legal, billing and other purposes and that extra information is kept in a register database. The register database is securely maintained in one place. Dr Black described the DNS as '... a complex system comprising many nameservers operated by many independent authorities and using intricate systems of protocol and message exchange'. 16 The hierarchy of domain names in the DNS follows a tree structure. All domain names actually end in a '.' (full stop) character. Modern DNS software does not require that the full stop be included. It is implied. It is called the 'root domain'. That is the highest level of the DNS tree. Root nameservers or root servers have information about the nameservers of all the TLDs and ccTLDs. They redirect Internet traffic to the nameservers for the relevant TLDs or ccTLDs as indicated in the domain name. Information in the root servers is necessary so that Internet traffic can locate the registers for each of the TLDs and ccTLDs on the Internet and from those registers find the Internet location which is being sought. 17 The ccTLD for the United Kingdom, ie '.uk', was initially managed by Professor Peter Kirstein of University College London who was appointed for that purpose by the Ministry of Defence in the United Kingdom and university users. In the early 1990s Professor Kirstein passed over the management of the '.uk' ccTLD to Dr Black. That transfer of management was approved by four or five commercial Internet companies which had then been formed in the UK by the Ministry of Defence and by the academic and research community using the Internet at the time. 18 Prior to 1996, Professor Kirstein, and subsequently Dr Black, delegated the operation of nameservers for all the .uk ccTLD names and the process of registration of their users to several Internet Service Providers (ISPs) who undertook those responsibilities as a voluntary contribution to the infrastructure required for the use of the Internet. The ISPs did not receive payment for their services and no formal contracts were in place. The term 'Second Level Domain' (SLD) is used to refer to generic domain designations within a ccTLD which identify the class of organisation whose IP address is being named. So .co.uk refers to a commercial enterprise with a .uk ccTLD. As appears from papers exhibited to Dr Black's principal affidavit responsibility for the adoption of procedures and policies for the management of SLDs and lower level hierarchies of names is delegated to TLD managers. 19 The .uk ccTLD was subdivided into a set of what Dr Black described as 'neutral second level domains' which reflected roughly the same classifications as the 'generic' TLDs. So the SLD '.co.uk' referred to commercial organisations with '.uk' Internet addresses. It was operated by EUNet GB Ltd (EUNet). The designation '.org.uk' was used for not-for-profit organisations and operated by Unipalm PIPEX Limited. The name '.ac.uk' was used by academics and researchers and was operated by UKERNA. 20 By mid-1995, the numbers of applications for domain names had grown to several hundred per month. Because of this and growing pressure to review the voluntary mechanism then in place Dr Black, as the designated manager of '.uk' initiated consultations with the Internet industry in the UK about the reshaping of the domain name registration process in that country. This led to the formation of Nominet UK, the applicant in these proceedings. Dr Black transferred responsibility for management of the .uk ccTLD to Nominet UK by formally announcing it to the local Internet community and arranging for the Internet Assigned Numbers Authority (IANA) to record the change. The IANA is an overarching authority which administers the DNS on a day to day basis. The staff of the IANA have administrative responsibility for the assignment of IP addresses, autonomous system numbers, TLDs and other unique parameters of the DNS and its protocols. 21 Nominet UK was established in 1996 by the Internet industry in the United Kingdom to provide a central registry for domain names in the .uk ccTLD. It has been registered with IANA as the authority to administer the .uk domain and to host .uk ccTLD root name servers from 1 August 1996. The IANA website shows a page under the heading 'Root-Zone Whois Information' which shows Nominet as the sole registry of the .uk ccTLD (Exhibit WB1 p 8). Nominet UK and its Register 22 Nominet UK is a not-for-profit company limited by guarantee. Its objects, which are set out in cl 3 of its Memorandum of Association, are as follows: '3.1 to act as the Network Information Centre for the United Kingdom and manage and control the use of the Internet domain '.UK'; 3.2 subject to all necessary consents, and to the co-operation of the governmental and non-governmental organisations concerned, to manage and control the use of sub-domains under the Internet domain '.UK' (whether directly or by means of sub-contracts, agents or any other means); 3.3 to establish, publish and administer rules for the use of the domain and sub-domains referred to in clauses 3.1 and 3.2; 3.4 to maintain a Register of Internet domain names; 3.5 to establish and implement procedures for authorising changes to the Register; 3.6 to provide facilities for searching the Register; and 3.7 to operate a domain name service; in each case on a commercial basis.' Nominet UK has responsibility for the management of the .uk ccTLD and for the following SLDs namely; .co.uk, .plc.uk, ltd.uk, .org.uk, .me.uk, .net.uk and .sch.uk. These are referred to by Dr Black as the Nominet Domains. 23 The DNS can be used in two ways: 1. As a registration mechanism by which users of the Internet can register their chosen domain names with a set of registers world wide. 2. An operational search mechanism by which Internet users can use software such as Internet Browser or an email tool to enter a domain name and have it automatically translated into the IP address currently associated with that domain name. These uses are reflected in the functions of ccTLD administrators. 24 In aid of its registration function Nominet UK maintains a Database which is called its Register. The Database records each registered UK domain name immediately under the .uk ccTLD and under the SLDs for which Nominet UK has managerial responsibility. It contains information in respect of each holder of a domain name in the Nominet domains including the following: (i) the registered holder of each domain registration; (ii) the registered address for each registrant; (iii) the operational name servers for each domain name; (iv) the identity of the Tag Holder (if any) through which registration was made or is subsequently maintained (see below for discussion of Tag Holders); (v) other information not material for present purposes. Nominet also keeps records of relevant organisations with day to day management of the SLDs in the .uk ccTLD which Nominet does not manage. 25 To support the search mechanism, Nominet UK provides operational nameservers which contain a 'zone file' for the Nominet domains. It will be recalled that information on a nameserver that enables it to execute the mapping function between the domain name and its corresponding IP address is stored in a 'zone file'. The zone files only contain domain names and the corresponding IP addresses. It is not necessary that they maintain all the other data associated with registrants. 26 All Internet traffic for .uk domain names is routed in accordance with the Nominet UK zone file. The zone file directs traffic to the nameservers responsible for the highest level of the domain name not controlled by Nominet UK. Where Nominet UK operates the relevant SLD, eg .co.uk, the name server will rout the traffic to the computer which the Registrant specifies on the Register for registration at the third level. Where Nominet UK does not operate the relevant SLD, eg .ac.uk, the nameserver routs the traffic to the nameserver organisation that does operate it. The Nominet UK zone file is created anew from the Register each day and placed on Nominet UK's nameservers for Internet traffic direction. These nameservers are hosted by third parties under contract from Nominet UK. 27 Dr Black describes the Register as '... the single repository of information required for the operation of the .uk ccTLD'. He refers to the Register as Nominet UK's 'principal asset' and says that the primary reason for the existence of the company is to manage and maintain the Register accurately in the interests of, but not as an agent of, the UK Internet community. 28 The Nominet UK Register is a compilation Oracle database which is maintained on a Unix platform at Nominet UK's premises in Oxford. It is protected in various ways. There is a security system which uses both hardware and software to protect the network from intruders or hackers. The Register database host is located in a restricted area on Nominet UK's premises and only authorised technical staff are permitted access to it. Access is on a login basis limited to authorised technical staff. Login access to the database host is permitted only by secure shell, a program which uses powerful authentication and encryption. Essential backup tapes of the Register Database are stored in a safe on the premises and access to them is restricted to authorised technical staff. Staff monitor entry to the premises 24 hours a day and the area surrounding the building is monitored by a close circuit television system. Electronic locks controlled by identification cards restrict entry to the premises and access to high security areas inside the premises to people holding appropriate identification cards. 29 Dr Black said that a full copy of the Register database has only been allowed outside Nominet UK's premises in limited circumstances. These were the off-site storage of backups for security purposes which are transported in unmarked vans to an underground private vault. They have also been allowed off the premises to conduct statistical analysis on registration and renewal trends. They have also been allowed off premises for the purpose of discovery in these proceedings. Partial copies of the Register have been distributed for the purposes of a Public Register Subscription Service (PRSS) but only on the contractual condition that direct marketing using the PRSS is prohibited. It contains information for the administration, billing and technical contacts but not registration information fields. 30 As at 1 February 2003, the Register contained records of about 3,800,000 domain names in the Nominet domains. About 3,458,000 of these or 91% of the Register related to domain names in the '.co.uk' SLD. Dr Black summarises the primary purposes of the Register thus: '(a) provision of a record of the details of Registrants, etc for each of the domain names in the Nominet Domains; (b) generation of operational zone files for the Nominet Domains; and (c) provision of a public reference for identifying who has registered given domain names in the Nominet Domains.' 31 The software system used by Nominet UK's predecessors until early 1996 to compile and maintain information on the Register was known as the First Automaton. It was developed during the period that EUNet was managing the .co.uk SLD on a voluntary basis. Early in 1996, the First Automaton was replaced by an improved system called the Second Automaton which was used until July 2000 by Nominet UK to compile information for the Register. 32 From 1 July 1996, Nominet UK used a sub-contractor to manage and operate the Register as part of a phasing in program until it had recruited staff and established its own nameservers. From 1 July 1997 until 1998 or 1999 that agreement was reduced to one of simple leasing by Nominet UK of the computer system on which the Second Automaton and other software operated and which held the Register. From that time employees of Nominet UK maintained the Register and used the Second Automaton on Nominet UK's behalf. 33 Nominet UK formally took control of the Register and began charging a fee for each domain name registration on 1 August 1996. 34 None of the code associated with the Second Automaton has been used by Nominet UK since July 2000. At that time it was replaced by a program called the Third Automaton. The Register then contained a little over 2 million registrations of .uk domain names. The change to the Third Automaton involved a complete rewriting of the code of the Second Automaton using a different programming language. This was done by an external consultant, Tessella Support Services. 35 Dr Black describes the Third Automaton, like the programs before it, as '... in essence a computer software tool maintained and used by Nominet for the purpose of maintaining the Register'. It includes the collection of information for inclusion in the Register and its collation and placement in the Register when new domain names are registered as well as the updating and modification of information relating to existing registrations. 36 The term 'Internet Service Provider' (ISP) refers to a body that provides individual and/or other organisations with access to the Internet and other related services. One category of ISP is called a Tag Holder. These are bodies which provide registration services to their customers and have a tag from Nominet UK which enables them to interface with the Third Automaton on behalf of their customers. A tag is a term for a unique alpha-numeric identifier which is allocated to a Tag Holder and is to be used when communicating with the Third Automaton to enable Nominet UK to identify the source of messages sent to the Third Automaton. 37 The Tag Holders send email messages to Nominet UK regarding new or existing domain name registrations in the Nominet domains. The Third Automaton receives those messages and checks and processes the information contained in them. Domain name applications are processed by the Third Automaton in a matter of seconds. In the period from 1 August 2003 to 31 December 2003, Nominet UK processed a total of 2,105,671 requests through the Third Automaton. This represented an average of 17,845 requests per day. 38 The Third Automaton runs continuously. It is maintained and operated by Nominet UK staff and by contractors of Tessella on behalf of Nominet UK. As at January 2003, its operation was overseen by a senior systems administrator, two further administrators and a software developer. That team was in turn supervised by Nominet UK's Director of Information Technology, Jay Daley and its Chief Technical Adviser, Mr Geoff Sisson. Since February 2003, an additional two systems administrators have been employed to oversee the operation of the Third Automaton. 39 The cost of maintaining and operating the Register and Third Automaton is fully funded by Nominet UK. It raises the majority of the necessary funds by charging registration fees to each Registrant. 40 All of the individuals involved in the maintenance and operation of the Third Automaton are employees of Nominet UK and residents of the UK. Their work is performed at the company's premises in the UK using its equipment and resources and generally during ordinary business hours. 41 A person or organisation wishing to register a domain name with Nominet UK can do so in one of two ways. It can do so directly through Nominet UK or through a Tag Holder. It is unusual to register a domain name directly because to do so requires specialist technical knowledge and equipment. A potential registrant must provide the IP addresses of at least two nameservers permanently connected to the Internet. Registrations through Tag Holders are far more common and usually less expensive for Registrants. Nominet UK charges Tag Holders, who are members of Nominet UK, discounted registration fees for each domain name they register on behalf of a Registrant. Tag Holders are required to obtain a Pretty Good Privacy Key (PGP Key) which is a commonly used software security mechanism based on digital signature technology. They are required to provide Nominet UK with details of the Key. This enable it to authenticate messages which Tag Holders sent to the Third Automaton. 42 Where information sent to the Third Automaton from a Tag Holder relates to an application for a new registration, the Third Automaton will check whether the domain name is the subject of an existing registration. If it is not, the Third Automaton checks to see whether all requisite information has been provided and, if so, creates a new database entry for the domain name sought. If the information concerns a request to modify fields in an existing registration, the Third Automaton will check to see whether the Tag Holder requesting the change is the Tag Holder nominated by the relevant Registrant to maintain the registration. If the answer to that question is in the affirmative, it will then check whether the requested modification is acceptable and able to be completed by a Tag Holder. If it is, the registration for the domain name will be registered. 43 Tag Holders can apply to register new domain names for potential Registrants in any of the SLDs which Nominet UK manages using the REQUEST operation. They can request modifications to an existing domain name registration using the MODIFY operation. They can hand over administration of a domain name to another Tag Holder by using the RELEASE operation. They can apply to renew a domain name on the Tag Holder's tag during the renewal period by using the RENEW operation. They can also apply to check details held by Nominet UK on a domain name registration by using the QUERY operation. Tag Holders can seek cancellation of an erroneous domain name registration before the first invoice has been issued by using the DELETE operation. They can request a list of registrations on the Tag Holder's tag by using the LIST operation and they can request that the Tag Holder's tag be removed from a domain name registration to indicate a permanent end to the Tag Holder's relationship with the relevant Registrant. This is done using a RELEASE operation. Nominet UK can perform equivalent functions directly to the Register. 44 There is a number of functions relevant to the operation of the Register which can only be undertaken by Nominet UK. No Tag Holder can modify the 'registered for' field of a domain name registration. Only Nominet UK can cancel a domain name registration after the first monthly invoice is issued. A Tag Holder can only amend and update the Register Database in relation to domain names currently bearing its tag. It does not have power to make amendments across the entire Database. Only Nominet UK holds and has access to the whole Register. It also provides and updates the instructions for the various Tag Holder operations referred to above. It provides technical support and training to Tag Holders in connection with the use of the Third Automaton. It can override any Tag Holder's ability to make changes. At a Registrant's direct request, it will perform updates or move a domain name to a new tag regardless of whether the existing Tag Holder consents to such amendments. Nominet UK can delete or suspend a Tag Holder's tag. It is the body registered with the UK Information Commissioner in respect of the personal data on the Register. Only Nominet UK can make copies of the Register openly, unchallenged and without asking permission from a third party. If it is notified that there is incorrect information on the Register which invalidates a registration it will delete the domain name. It has engaged in certain 'data cleaning' exercises which include the location of domain name registrations with obviously incorrect data. 45 Since about September 2002, Nominet UK has been conducting an ongoing review of the records of approximately 26,000 Registrants who were registered before it acquired the direct maintenance of the Register. It seeks to identify the Registrant because the information provided to Nominet UK on its formation was frequently incomplete or inaccurate. It attempts to contact the Registrant and requests that the Registrant sign Nominet UK's terms and conditions. If a Registrant cannot be contacted or if a company has been wound up or if it does not agree to the terms and conditions, then Nominet UK will cancel the registration of that domain name. The WHOIS Database 46 Information about domain name registrations held by generic TLD registries and many ccTLD registries is available through WHOIS services accessible free of charge on the Internet. The availability of such services reflects a commitment by the Internet industry to open access to the identities of Registrants of domain names. This commitment is reflected in a paper published by the Council for European National Top Level Domain Registries (CENTR) on 31 July 2001 in which it was said: 'The members of CENTR consider that their duties involve a public trusteeship, bringing with it the obligation to provide open information on the identifies of the Registrants of Domain Names. The CENTR members, therefore, support a comprehensive Whois service, which provides (in addition to the technical information required to operate the Internet) the name and postal contact address of the Registrant of the Domain Name as a minimum.' The policy is supported by the World Intellectual Property Organisation as reflected in a paper dated 20 June 2001, 'ccTLD Best Practices for the Prevention and resolution of Intellectual Property Disputes' and by the Organisation for Economic Co-operation and Development - see paper entitled 'Consumer Policy Considerations on the Importance of Accurate and Available WHOIS Data', published on 2 June 2003. 47 Nominet UK provides a WHOIS service. One of the objects for which the company was established, set out in its Memorandum of Association, is to 'provide facilities for searching the register'. One of its stated core functions includes making information about the Database publicly available. 48 Nominet UK's standard contract with Registrants provides that personal data submitted by a Registrant will be posted to the WHOIS Database. Access to the WHOIS Database is provided on Nominet UK's website and through direct queries to its WHOIS servers. These mechanisms are provided free of charge. The system has been used for all WHOIS queries in the past but is currently intended for use by those making queries on their own behalf. A newer service called WHOIS2 allows members of Nominet UK to provide an interface to the WHOIS service from the member's own website. It is intended for use by those relaying queries by third parties to Nominet UK. Nominet UK has given access to the WHOIS2 software to many of its members on an informal and undocumented basis. 49 According to Dr Black, Nominet UK provides the WHOIS and WHOIS2 services to allow end users to make specific inquiries about the availability or registration of particular domain names within the Nominet Domains. It has not given permission to any person to reproduce, store or transmit the whole or any part of the WHOIS Database or the Register. In 2002, Nominet UK decided that the following notice would be automatically included at the end of every WHOIS and WHOIS2 result message: '(c) Nominet UK For further information and terms of use please see http:/www.nic.uk/whois Nominet reserves the right to withhold access to this service at any time.' 50 The terms of use of Nominet UK's WHOIS service include the following statements: 'You are not allowed to reuse, compile, store or transmit any or all of the WHOIS records unless you have our prior written consent. You are not allowed to conduct automated queries or use this service for advertising or similar activities... By conducting a WHOIS search you agree to be bound by these terms.' 51 Before October 2002, the public WHOIS did not contain address information. From October 2002, Nominet UK started to phase in the address field beginning with commercial organisations. 52 Dr Black says that on average the WHOIS service is queried about 21 million times for .uk domain names each month. Not all the queries relate to domain names actually on the Register as WHOIS is also used to establish whether a domain name is registered or not prior to making an application. Nominet UK creates from the Register a wholly derived WHOIS Database which contains only the fields displayed for a domain name in the results of a WHOIS search. These are the domain name, the identity of the Registrant, the Registrant's address, or a notice that the address is withheld, the date of registration and any modification and renewal and nameserver and agent details. 53 The WHOIS Database is periodically renewed from the Register to ensure that it remains up to date. It is hosted on Nominet UK's machines in London. The database software currently in use was written in 1997 by an employee of Nominet UK and totally rewritten in December 1999. The software automates the updating process so that changes to the main Register are mirrored in the WHOIS Database after a short time delay. Technical staff employed by Nominet UK also make manual corrections or general updates from time to time where it is shown that an error may have arisen. They also monitor abuse of WHOIS by those who make too many queries or make them so fast that the WHOIS system cannot process and respond to them satisfactorily. 54 Dr Black says, and it is not contested, that, as is the case with the Register and the Third Automaton, all of the individuals involved in the maintenance and operation of the WHOIS Database on behalf of Nominet UK are and have been, since the WHOIS Database was established, employees of Nominet UK resident in the United Kingdom. Their work is performed using Nominet UK's equipment and resources and is within the scope of their employment by Nominet UK. Nominet UK's Reputation 55 In Dr Black's principal affidavit of 15 January 2004 he says, and it is unchallenged, that the development of the DNS and its tree structure means that there could only be one registry organisation for the .uk ccTLD. Nominet UK has been the sole .uk ccTLD registry since 1996 and has compiled and maintains the .uk Register. 56 Although Nominet UK does not promote sales of .uk domain names registration it has taken active steps to communicate with the UK Internet community and to establish itself as an educator and expert on the DNS and the Internet. Since June 1997, the company has used media consultants to promote press coverage of it by the distribution of press releases, the cultivation of contacts with industry journalists and the organisation of limited press events. 57 In early 1998, Nominet UK launched an advertising campaign in the UK national broadsheet press under the slogan 'Is your .uk OK?'. The purpose of the campaign was to educate and remind registrants of the need to renew in order to keep their registrations. Leaflets for registrants were also included with invoices and an advice booklet was written for Tag Holders. The company's website contains a great deal of information about, and regarding, the Register, Nominet UK's operations and the WHOIS service. 58 In an affidavit sworn on 6 April 2004, Dr Black exhibited various publicly available documents to demonstrate that there is widely available information about the existence of domain registries and to illustrate the use of the term 'registry' in the context of the Internet and the DNS. The documents exhibited included printouts from the websites for the German and Japanese ccTLD administrators. These referred respectively to the organisations DENIC and JPNIC as 'the central registry for all domains' under the TLD and 'the National Internet Registry in Japan'. The glossary for Versign, including references to its COMNET Registry and a printout from a question and answer page for the Irish Registry of the .ie ccTLD were also exhibited. 59 Publications exhibited to Dr Black's April affidavit included a section of the US Government White Paper entitled 'Management of Internet Names and Addresses', a Decision dated 21 May 2003 of the Commission of the European Communities on the Designation of the .eu TLD Registry and the Report from the Australian ccTLD Manager, .au.domain Administration Ltd (auDA) dated June 2001. That report was entitled 'Competition Model for the .au Domain Space'. Dr Black also exhibited a printout from websites for ICANN and Inforserve Media and for the Canadian organisation, Canada Web Hosting. 60 Dr Black said that in the case of domain names the term 'registry' refers to the entity which holds the authoritative register of domain names and their proprietorship for a specific TLD and which makes the information available in the standard DNS format. He disagreed with the proposition that the word 'registry' is often used in connection with companies or businesses that offer to facilitate the registration of domain names as distinct from those that maintain a certain registry. There was no challenge to this evidence. 61 I see no reason not to accept Dr Black's uncontroverted testimony which derives from extensive experience and knowledge of the DNS and of the operations of Nominet UK, that there is a large amount of publicly available and readily accessible information concerning national domain name registries and the existence of organisations which operate those registries. While it would be going too far to find that most domain name users know of the existence and identity of the administrator of their national ccTLD in the UK, I find, on the balance of probabilities, that there is a significant number who do even if they may be in a minority. That finding is based on the amount of information publicly available and the publicity campaign conducted by Nominet UK. There is, in my opinion, a further number of domain name registrants who, even if unaware of the existence of Nominet UK, would be aware of the existence of a single administrator responsible for the register of domain names on which they are registered. Data Mining by Third Parties 62 In an affidavit sworn on 6 April 2004, Jay Daley, the Director of Information Technology for Nominet UK, discussed the basis upon which the WHOIS service may be accessed. He reiterated that the WHOIS service only allows a user to conduct a search of the WHOIS Database by reference to a specific domain name. It is not practicable for third parties to obtain large amounts of information from the WHOIS Database by manual queries. It is possible however for third parties to use computer programs to automate the querying process so that a large number of queries for different domain names can be made in a systematic way. Third parties can then obtain significant amounts of information in the WHOIS Database over a period of time. The third party must have a list of domain names to be used in the queries. Such names can be randomly or systematically generated or obtained from an existing source such as a directory of email or website addresses. The use of automated requests and the extraction of information from databases by repeated requests is known in the Internet industry as 'data mining'. 63 Because they involve a large number of requests, data mining practices create a 'large amount of traffic' into the Nominet UK WHOIS server resulting in its noticeable slowing and an occasional failure. According to Mr Daley, to protect its copyright and information in the Register and the WHOIS Database and to ensure that the WHOIS service operates properly, Nominet UK monitors the activity of the WHOIS server using an automatic system known as CHASM. If this system determines that the WHOIS service is being abused, it contacts the duty member of the systems administrator's team within the IT Department at Nominet UK so that remedial action can be taken. Staff employed within the IT Department also sometimes manually monitor WHOIS traffic. 64 If a particular IP Address is identified as making excessive queries of the WHOIS service, it is Nominet UK's practice to block that IP Address from accessing the system in question. That is done by adding the IP Address to a 'block list' contained in a file in Nominet's computer system. The system then operates to block queries originating from IP Addresses included on the block list. In early 2003, when events relevant to the present proceedings occurred, the block of particular IP addresses in this way was the only mechanism for limiting access to the WHOIS service other than by completely suspending it for all Internet users. Data Mining in January 2003 65 Jay Daley in his affidavit described data mining events that occurred in January 2003. On or about 8 January 2003, he became aware of high volume queries detected by Nominet UK's monitoring procedures. These automated queries were investigated by staff in the IT Department under his supervision. They appeared to be being made in strict alphabetical order according to the domain names which were the subject of the queries. IT staff looked for queries which appeared to be connected to each other on that basis. Their investigations confirmed that a very high volume of systematic queries was being made. The alphabetic pattern of the queries indicated that they originated from a single external source or a co-ordinated set of sources. The volume of the queries was consistent with a series of automated queries being made by a third party to obtain information from the Register or the WHOIS Database. Mr Daley said that, given the sheer volume of the queries, they must have been facilitated through the use of a computer program. In the light of the evidence and the admissions made in this case, I accept that opinion as correct. 66 Nominet UK's investigations indicated that a number of proxies, computers which pass on queries from one computer to another, were being used to make the queries. During the initial stages, a 'probe' query for the domain name 'michael.co.uk' would be received from numerous proxies. Subsequently a large number of WHOIS queries for different names were received from each of those proxies until Nominet UK blocked access for the IP addresses of those proxies. The pattern was distinctive and after a time any proxy that conducted a WHOIS search for the domain name 'michael.co.uk' was blocked as soon as the search was conducted and before the proxy was able to make further WHOIS searches. The use of michael.co.uk continued even after the third party behind the automated queries stopped following strict alphabetical order. 67 In spite of the initial blocking action, a high volume of queries continued from 8 January 2003 to 23 January 2003. Nominet UK staff added more than 500 IP addresses to the block list to prevent them from accessing WHOIS Database. Some proxies were blocked more than once if the third party which operated the proxy complained that it was unable to access the WHOIS service. Once Nominet UK was satisfied that the high volume automatic queries were no longer being attempted from that address, the block was removed only to be reimposed if the proxy began to make high volume automated queries again at a later stage. 68 The January 2003 data mining episode differed from those previously experienced by Nominet UK in relation to the WHOIS service by virtue of the large number of proxies being used from a wide range of networks. Mr Daley was not aware of any technical reason why such a large number would be used to make queries in this way other than to enable those responsible to avoid detection or to enable a gathering of information from the WHOIS database more quickly by making automated requests through several proxies at one time. 69 The pattern of data mining changed on the morning of 21 January 2003. The repeated use of a range of proxies ceased and instead a very high volume of queries was received by Nominet UK from three IP addresses in a period of less than one hour. The staff of the IT Department were able to identify those addresses. They were source IP addresses and not proxies. Mr Daley was confident of that conclusion because the IP distribution and domain names were characteristic of users of one ISP, in this case Telstra Bigpond, as opposed to network machines such as website proxies. Moreover the addresses were very similar to an IP address which had been referred to Nominet UK by the operators of three different proxies which had previously been blocked. 70 All pre-existing blocks were removed on 21 January 2003 except on two addresses which continued to make high volume automated queries and on certain groups of addresses operated by Telstra Bigpond. A complaint was sent to Telstra Bigpond and emails subsequently exchanged with the Manager of Online Security at that ISP. 71 On the evening of 23 January 2003, the pattern of queries changed yet again. Direct queries made from the three identified IP addresses ceased and the use of proxies resumed. That use resumed at such a high level that at about 11pm on 23 January 2003, Mr Daley decided to disable the WHOIS service in its entirety. It was disabled until 7.45am on 24 January 2003. He described this as 'a drastic and unprecedented step for Nominet'. Nominet UK had never suspended the WHOIS service for that reason previously. 72 Mr Daley was not aware of any further automated queries related to those which had occurred between 8 and 23 January 2003 being conducted once the WHOIS service was resumed on 24 January 2003. He said it was possible that further automated requests of the WHOIS service were conducted at a lower rate, not detected by Nominet UK's systems or staff. 73 I find in the light of the unchallenged evidence and the admissions in the pleadings referred to below, that the data mining of Nominet UK's Database and the WHOIS Database was conducted by and on behalf of Diverse Internet and Internet Payments, the first and second respondents. The UKIR Notices 74 It is established by admissions on the pleadings that following the data mining exercise, the information obtained from the Database and the WHOIS Database was used to create at least 50,000 documents (UKIR Notices) prepared in Australia by Zipform Pty Ltd (Zipform) and each containing the following information:

The name of a Registrant in the database.
The Registrant's address. 3. A .uk domain name which was current as at 20 February 2003 in the name of that Registrant. Nominet UK alleges in its statement of claim that all the respondents were engaged in creating those documents. Mr Norrish denies this and says it was Mr Rafferty who arranged for the documents to be prepared by (UK) Internet Registry. He denies that Mr Rafferty acted on behalf of anyone other than (UK) Internet Registry. 75 The Notices were each headed up 'UK Internet Registry' above an address, '33 St James's Square London SW1Y 4J5' and an online address 'www.ukinternetregistry.com'. 76 Mr Norrish admits in his defence, the following features of the UKIR Notices pleaded in par 12 of the statement of claim. He does not admit that he was responsible for them or that they were prepared on his behalf or with his authority. The admitted features were:
1. Each UKIR Notice was entitled 'UK Internet Registry' and referred to registration or hosting of domain names with UK Internet Registry.
2. Each UKIR Notice had the style and presentation of an invoice for services that had been solicited by the Registrant named in it.
3. Each UKIR Notice used the word 'UNREGISTERED' near a reference to a .co.uk domain name from the infringing copy.
4. Each UKIR Notice had a payment slip for an amount that had not been agreed with the Registrant to be included in it.
5. Each UKIR Notice referred to an address in London. Mr Norrish also admits the documents were collected in Australia by G3 Worldwide Mail (Australia) Pty Ltd, an Australian company, from Zipform and were processed and delivered by G3 Worldwide Mail to the Royal Mail for distribution in the United Kingdom. It is alleged and admitted by Mr Norrish that payments were received by (UK) Internet Registry in Australia from Registrants in response to the UKIR Notices. Further, while denying any personal involvement in the preparation or sending of the Notices, Mr Norrish admits that those things were done without the licence or approval of Nominet UK. 77 As appears from the UKIR Notices in evidence each of them contained a statement to addressees as follows: '[Registrant's name].CO.UK REGISTRATION ADVICE Your.com domain corresponding to your registered .com.uk domain is currently UNREGISTERED. It is important today to have your .com and .co.uk domain names registered, secure your domain for a two year period by providing payment with the slip below.' There then appeared the following: 'Description Amount Registration of [Registrant name].com for 2 year period ₤[amount] Web, URL and email forwarding →[Registrant Name].co.uk ₤[amount] Total ₤[amount]' There then followed the statement: 'Thank you for registering with UK Internet Registry Ltd.' Below that statement was the heading 'Register your domain for the following:'. This heading preceded a list of reasons for registering a .com domain. They included common confusion by Internet users between '.co.uk' and '.com' extensions for domains. 78 The 'PAYMENT SLIP' appeared at the bottom of the Notices and contained provision for payment by cheque or credit card. 79 On the basis of Mr Norrish's admissions and the documentary evidence of the existence and content of the UKIR Notices, I find that they were created and sent as alleged in par 12 of the statement of claim and that their contents were as set out in the statement of claim. 80 Mr Norrish admits, as alleged in par 15(e), (h) and (j)-(q) of par 15 of the statement of claim, that the UKIR Notices referred to in the statement of claim as UKIR invoices, falsely represented that:

107 Nominet UK says in its statement of claim that the database and the WHOIS database are and were at all material times literary works in which copyright subsists and that it is the owner of that copyright. Those contentions are not disputed. They are supported by the unchallenged evidence which has been referred to above. I accept them and so find. 108 Nominet UK also alleges that in and from January 2003, the respondents obtained access to and made a permanent copy or copies in a material form of substantial parts of the Database and the WHOIS Database. It says that they used a computer program to make at least 800,000 automated requests on the WHOIS Database between 8 January 2003 and 23 January 2003. As a result of that program, they are said to have obtained access to and to have copied the domain names, Registrant names and Registrant address details in relation to at least 50,000 domain name registrations on the Database and the WHOIS Database. 109 The respondents are said to have used the material so obtained to create the UKIR Notices which are referred to in the statement of claim as UKIR Invoices, and to have sent them to addressees in the United Kingdom. 110 Nominet UK says that the respondents' conduct in relation to the data mining constituted infringement of its copyright in the Database and the WHOIS Database. It says that the conduct in sending the Notices was in contravention of the Trade Practices Act 1974 (Cth) and the Fair Trading Act (WA). It claims to have suffered loss and damage by reason of these infringements and contraventions. It claims declaratory and injunctive relief against the respondents together with damages including additional damages or an account of profits and costs. Orders Made at Trial 111 Nominet UK has resolved the proceedings against all but Mr Norrish. Orders were made by consent at trial against the other respondents. The proceedings against Diverse Internet, Internet Payments and Mr Rafferty were settled shortly prior to trial and those against (UK) Internet Registry were settled on the second day of the trial. Declarations have been made against Diverse Internet, Internet Payments and Mr Rafferty that they infringed Nominet UK's copyright in the Database and the WHOIS Database. A declaration was also made that Mr Rafferty aided, abetted, counselled, procured and was directly knowingly concerned in, and party to, contraventions by (UK) Internet Registry of s 52 of the Trade Practices Act, s 10(1) of the Fair Trading Act (WA) and s 9(1) of the Fair Trading Act (Vic). In addition, Mr Rafferty is said to have himself engaged in conduct that was misleading or deceptive in contravention of the Fair Trading Acts of Western Australia and Victoria by Notices sent to 50,000 persons in the United Kingdom in February 2003. 112 The misleading Notices are said to have falsely represented that: '8.1 the persons to whom the notices were addressed had a pre-existing relationship with [(UK) Internet Registry Ltd]; 8.2 the .uk domain name of the persons to whom the notices were sent were due to expire or be cancelled for non-renewal; 8.3 the notices were a statement of account due based on existing or prior business relationship between [(UK) Internet Registry Ltd] and the person to whom the notice were sent; 8.4 each UKIR invoice was a notice for the renewal of an existing registered .co.uk domain name of which the recipient was the registrant; 8.5 the .co.uk domain name to which each UKIR invoice related was due for renewal. 8.6 the recipient of each UKIR invoice risked losing the registration of its existing registered .co.uk domain name if it did not take steps to have it renewed such as by requesting the Respondents to renew the name and returning the bottom portion of the notice with payment for the requested sum; 8.7 the registration of the recipient's existing .co.uk domain names had expired or would expire if payment was not made as requested in the UKIR invoice; 8.8 the respondents were offering to re-register or renew registration of the existing .co.uk domain name of the recipient of each UKIR invoice; 8.9 the recipient of each UKIR invoice would be required to pay the amount mentioned in the UKIR invoice in order to maintain the registration of its existing .co.uk domain name; and 8.10 the recipient of each UKIR invoice had previously registered a .com version of its .co.uk domain name and this registration was due for renewal.' 113 Injunctions were ordered against Diverse Internet, Internet Payments and Mr Rafferty. They were required to deliver up for destruction all documents in their possession, power or control directly or indirectly derived from or embodying information extracted from the Database or the WHOIS Database. An order was also made for damages against them to be assessed. 114 A separate order was made against (UK) Internet Registry at the hearing. The Court declared that, that company, by Notices sent to 50,000 persons in the United Kingdom in February 2003 engaged in conduct that was misleading or deceptive in contravention of s 10(1) of the Fair Trading Act (WA) and of s 9(1) of the Fair Trading Act (Vic) by making the various false representations already referred to in the earlier order. A delivery up order was made against the company. It was also the subject of injunctive relief and an order that damages against it be assessed. 115 The result of the preceding orders was that the only aspect of the proceedings that remained on foot, apart from the assessment of damages against the first, second, fourth and fifth respondents, was the liability case against Mr Norrish and, if liability be found, the assessment of damages which will be done separately. The Case Against Mr Norrish 116 The case against Mr Norrish reduces to the following issues: 1. Whether Mr Norrish infringed Nominet UK's copyright in the Database and the WHOIS Database by authorising the infringing acts of Diverse Internet. 2. Whether Mr Norrish was a 'person involved' in, and therefore liable for, the contraventions by (UK) Internet Registry of ss 10(1) and 12(1)(e) and (f) of the Fair Trading Act (WA) and ss 9(1) and 12(e) and (f) of the Fair Trading Act (Vic) relating to misleading or deceptive conduct and cognate conduct: (i) in respect of the representations which he admits were conveyed by the payment notices; (ii) in respect of the representations which he does not admit were conveyed by the payment notices. 3. Whether Mr Norrish was 'a person involved' in, and therefore liable for, contraventions by (UK) Internet Registry of s 29(2) of the Fair Trading Act (WA) and s 24 of the Fair Trading Act (Vic) on the basis that the payment notices issued by (UK) Internet Registry asserted a right to payment from persons, namely the Registrants for unsolicited services being the registration and/or hosting of the domain name, in circumstances where there was no right to payment and no reasonable cause to believe that there was a right to payment. In relation to the contravention of the Fair Trading Acts referred to in 2 and 3 above, the only case made against Mr Norrish is one of accessorial liability. The Copyright Case Pleaded Against Mr Norrish and his Admissions 117 The identities, origins and location of the various respondents which has already been set out is not in dispute between Nominet UK and Mr Norrish. Nor is the existence of the database comprising the Register and the WHOIS Database. Mr Norrish admits that the Database and the WHOIS Database are original literary works in which copyright subsists and that Nominet UK is the owner of that copyright. 118 Mr Norrish denies that he obtained access to or made copies of substantial parts of the Database and the WHOIS Database. His positive defence in par 11 of his consolidated further amended defence, however, makes a number of admissions: '11.1 At all material times, Michael Gusenzow (Gusenzow) was an employee of [Diverse Internet] and his actions as pleaded in this defence were within the scope and course of his employment by [Diverse Internet]; 11.2 At all material times, Zoltan Olah (Olah) was an employee of [Internet Payments] and his actions as pleaded in this defence were within the scope and course of his employment by [Internet Payments]. 11.3 [Chesley Rafferty]: 11.3.1 at all material times, was a director of [Internet Payments]; and 11.3.2 acted as pleaded in subparagraphs 11.5 to 11.9 below within the scope of his authority as a director of [Internet Payments]. 11.4 [Bradley Norrish], in his capacity as a director of [Diverse Internet]: 11.4.1 authorised [Rafferty] to give instructions to Gusenzow in Gusenzow's capacity as an employee of [Diverse Internet]; and PARTICULARS The authorisation was oral and was given in or about late 2002. 11.4.2 instructed Gusenzow to accept instructions from [Rafferty]. PARTICULARS The instruction was oral and was given in or about late 2002. 11.5 In about November 2002, pursuant to oral instructions from [Rafferty] given on or about that date, Gusenzow, acting within the scope and course of his employment by [Diverse Internet]: 11.5.1 developed a computer program to identify and compile from the world wide web a list of domain names that were registered in the United Kingdom (UK domain names); 11.5.2 obtained from the internet a file containing a list of approximately 1,500,000 UK domain names; 11.5.3 using the program identified in subparagraph 11.5.1 and the list of domain names referred to in subparagraph 11.5.2, compiled a list of approximately 2,200,000 UK domain names (UK domain name results); 11.5.4 compiled a list of websites that had the facility to conduct searches to identify the names and addresses of the owner of that domain name for a domain name registered in the United Kingdom (UK registrant details); and 11.5.5 collated a list of proxy servers to carry out the searches for the UK registrant details using the websites identified in the manner referred to at paragraph 11.5.4 above. 11.6 In about December 2002, pursuant to oral instructions from [Rafferty] given on or about that date, Olah, acting within the scope and course of his employment by [Internet Payments], developed a computer program to make automated requests for the UK registrant details using the UK domain name results from the websites and using the proxy servers pleaded at paragraphs 11.5.4 and 11.5.4 (sic) above respectively. 11.7 In about January 2003, pursuant to oral instructions from [Rafferty] given on or about that date, Olah, acting within the scope and course of his employment by [Internet Payments]: 11.7.1 caused the program designed by him as pleaded at paragraph 11.6 above to make automated requests for the UK registrant details (Searches); 11.7.2 as a result of the Searches, obtained UK internet registrant details in 'HTML format', of which: (a) some were domain names with registrant names for each of those domain names; and (b) others were domain names with addresses as well as registrant names for each of those domain names (UK registrant search results). 11.8 In or about January 2003, pursuant to oral instructions from [Rafferty] given on or about that date, Gusenzow, acting within the scope and course of his employment by [Diverse Internet], developed a computer program to review the UK registrant search results and extract from the UK registrant search results: 11.8.1 domain names; 11.8.2 the name of the registrant of the domain names; and 11.8.3 the address of the registrant of the domain names. 11.9 In about January or February 2003, pursuant to oral instructions from [Rafferty] given on or about that date, Gusenzow, acting within the scope and course of his employment by [Diverse Internet], using the computer program designed by him as pleaded at paragraph 11.8 above extracted from the UK registrant search results, the name and address of the registrant of each domain name the subject of the search and stored it as text in a database. 11.10 [Norrish] otherwise denies each and every allegation in paragraph 11 of the statement of claim in so far as it relates to him.' 119 Counsel for Nominet UK submitted that the question to be determined in the copyright case against Mr Norrish was whether his conduct constituted the authorisation by him of infringing acts by Mr Gusenzow. The Nominet UK case relied upon Mr Norrish's conduct as expressly pleaded at par 11 of the defence. His counsel submitted at trial that Nominet UK could not rely upon that element of the defence to support its authorisation case because the facts pleaded in par 11 were not admitted by Nominet UK in its reply. Counsel for Mr Norrish argued that the pleading in par 11 of the defence amounted to no more than 'averments' and could not be treated as 'admissions' for the purpose of Nominet UK's case. These contentions were rejected at trial. In my opinion, a formal pleading of Mr Norrish's conduct in his defence may be relied upon as an admission for the purposes of the case against him. 120 I find as a fact that Mr Gusenzow was at all material times an employee of Diverse Internet of which Mr Norrish was a director and 50% shareholder. I find that Mr Norrish authorised Mr Rafferty to give instructions to Mr Gusenzow and instructed Mr Gusenzow to accept instructions from Mr Rafferty. I find that acting on instructions from Mr Rafferty, Mr Gusenzow developed a computer program to identify domain names registered in the United Kingdom and compiled a list of approximately 2,200,000 UK domain names using that program. I find that he compiled a list of websites with the facility to conduct searches to identify the names and addresses of the owners of the domain names for domain names registered in the United Kingdom and collated proxy servers to carry out searches for the UK Registrant details using websites which had been identified by him. These results were used by Mr Olah in the application of his computer program which made the automated requests for UK Registrant details. I find also that Mr Gusenzow, acting within the scope and course of his employment by Diverse Internet, developed a program to review the UK Registrant search results and extract from those results domain names, the name of the Registrant in each case and the address of the Registrant. I find also that Mr Gusenzow, using the computer program so designed, extracted from the UK Registrant search results the name and address of the Registrant of each domain name the subject of the search and stored it as text in a data base. 121 It is not in dispute that Mr Gusenzow's conduct constituted an infringement of Nominet's copyright in the Database and the WHOIS Database - See eg Desktop Marketing Systems Pty Ltd v Telstra Corporation Ltd (2002) 119 FCR 491 (at 593 [409]) where Sackville J said (Black CJ agreeing): 'Where originality in a factual compilation is found, in whole or in part, in the compiler's labour or expense required to collect the information, infringement depends on the extent to which the collected information has been appropriated by the alleged infringer.' 122 The question for this case is whether Mr Norrish's admitted conduct itself amounted to an authorisation of Mr Gusenzow's infringing conduct. That question has to be considered by reference to the concept of 'authorisation' in the Copyright Act, Mr Norrish's admissions and the other evidence of his involvement with the events surrounding the data mining process. Statutory Framework - Copyright 123 Copyright subsists in an original literary work which satisfies the requirements of the Copyright Act 1968 (Cth) s 32(1)). Literary works include compilations (s 10(1)). Under its primary application to literary works the Act provides that copyright subsists in published literary works if, but only if, the first publication of the work took place in Australia and the author of the work was a qualified person at the time the work was first published. A qualified person means an Australian citizen, an Australian protected person or a person resident in Australia (s 32(2) and (4)). 124 The application of the Act is extended to works first published in a Berne Convention country and whose author is a citizen or national of that country. The application of the Act to bodies incorporated in Australia is also extended to bodies incorporated under the laws of a Berne Convention country - Copyright (International Protection) Regulations 1969 - reg 4(1), (3) and (5). A Berne Convention country is a country that is a party to the International Convention for the Protection of Literary and Artistic Works concluded at Berne on 9 September 1986 (reg 3(1)). The United Kingdom is a Berne Convention country. There is no dispute that, by reason of that extended application and the character of the relevant databases as compilations, copyright in the Database comprising the Register and the WHOIS Database subsisted at all material times in Nominet UK. 125 Section 31 of the Copyright Act sets out the exclusive rights which comprise copyright and which include, in respect of a literary work, the right to reproduce the work in a material form (s 31(1)(a)(i)). The concept of reproduction of a work in a material form is explained in s 14 of the Act which provides: '14(1) In this Act unless the contrary intention appears: (a) a reference to the doing of an act in relation to a work or other subject - matter shall be read as including a reference to the doing of that act in relation to a substantial part of the work or other subject-matter; and (b) a reference to a reproduction, adaptation or copy of a work shall be read as including a reference to a reproduction, adaptation or copy of a substantial part of the work, as the case may be.' Section 14(2) is not material for present purposes. 126 Section 13(1) refers at a greater level of generality to the content of the exclusive rights which comprise copyright: '(1) A reference in this Act to an act comprised in the copyright in a work or other subject matter shall be read as a reference to any act that, under this Act, the owner of the copyright has the exclusive right to do. (2) For the purposes of this Act, the exclusive right to do an act in relation to a work, an adaptation of a work or any other subject-matter includes the exclusive right to authorize a person to do that act in relation to that work, adaptation or other subject matter.' 127 Section 36 concerns infringement of copyright by doing the acts comprised in the copyright and provides as follows: '(1) Subject to this Act, the copyright in a literary, dramatic, musical or artistic work is infringed by a person who, not being the owner of the copyright, and without the licence of the owner of the copyright, does in Australia, or authorizes the doing in Australia of, any act comprised in the copyright. (1A) In determining for the purposes of subsection (1) whether or not a person has authorized the doing in Australia of any act comprised in the copyright in a work, without the licence of the owner of the copyright, the matters that must be taken into account include the following: (a) the extent (if any) of the person's power to prevent the doing of the act concerned; (b) the nature of any relationship existing between the person and the person who did the act concerned; (c) whether the person took any reasonable steps to prevent or avoid the doing of the act including whether the person complied with any relevant industry codes of practice.' Section 36(2) is not material for present purposes. 128 The word 'authorise' is not otherwise defined in the Act. Whether Mr Norrish Authorised the Infringement of Nominet UK's Copyright by Mr Gusenzow 129 The dictionary meanings of the word 'authorise' which appears in s 36(1) of the Copyright Act include 'give formal approval to; sanction, countenance' - Shorter Oxford English Dictionary, 5th Edition (2002). It was interpreted in that sense in University of New South Wales v Moorhouse (1975) 133 CLR 1 at 20-21 (Jacobs J, McTiernan ACJ agreeing) and at 12 (Gibbs J). Authorisation may be inferred. Indeed it may be inferred from indifference of a sufficient degree. In each case it is a question of fact - Moorhouse at 21. As Gummow J said of the Moorhouse decision in WEA International Inc v Hanimex Corporation Ltd (1987) 17 FCR 274 at 286, the construction there adopted: '... meant that express or formal permission or active conduct indicating approval was not essential to constitute an authorisation.' It is necessary that the person said to authorise an infringement has the degree of control and power sufficient to prevent the infringement - Australian Tape Manufacturers Association Ltd v The Commonwealth (1993) 176 CLR 480 at 498. But as Sackville J said in Nationwide News Pty Ltd v Copyright Agency Limited (1996) 65 FCR 399 at 422 (Jenkinson and Burchett JJ agreeing): 'Nonetheless, a person does not authorise an infringement merely because he or she knows that another person might infringe the copyright and takes no step to prevent the infringement.' 130 In Australasian Performing Right Association Limited v Jain (1990) 26 FCR 53, musical works were performed publicly in an hotel owned by a company. The company's chief executive officer, who was also a director of it, did not involve himself in the day-to-day operations of the hotel. Bands were selected and performances arranged by an employed manager. No licence to perform copyrighted musical works was obtained from the Australian Performing Rights Association. In subsequent proceedings the director was held, on appeal, to have authorised the infringement of copyright involved in unlicensed public performances of musical works in which copyright subsisted. The Full Court held that the question of authorisation by the director was one of fact and said at 61: 'The judgment of the members of the High Court in the Moorhouse case establishes that one of the meanings of the word "authorise" in the context in which it is here used is "countenance". It may be that not every act which amounts to the countenancing of something is an authorisation. Every case will depend upon its own facts. Matters of degree are involved. But the evidence in the present case reveals, in our opinion, a studied and deliberate course of action in which Mr Jain decided to ignore the appellant's rights and to allow a situation to develop and to continue in which he must have known that it was likely that the appellant's music would be played without any licence from it. It was within his power to control what was occurring be (sic) he did nothing at all. In those circumstances we have reached the conclusion that the appellant established that Mr Jain authorised the infringement of copyright in question contrary to s 36 of the Act.' 131 The principal relevant facts in the present case are those found on the basis of Mr Norrish's admissions to which I have already referred. It was within his power to prevent the infringement by Mr Gusenzow. Mr Gusenzow was an employee of Diverse Internet, of which Mr Norrish was a director and 50% shareholder. Mr Norrish took no reasonable steps to prevent or avoid the doing of any infringing act by Mr Gusenzow. I also have regard to the operational relationship which existed between the three corporate respondents in an integrated scheme to 'mine' the databases held by Nominet UK and to send the UKIR Notices to the Registrants so discovered. It lies beyond the limits of credulity to suppose that Mr Norrish, in telling Mr Gusenzow to act according to Mr Rafferty's instructions, had no idea of what Mr Gusenzow was going to do. Mr Norrish was not operating at arms length from Mr Rafferty. He knew what Mr Gusenzow was to do. He was in the scheme with Mr Rafferty and I am satisfied that he authorised the infringements committed by Mr Gusenzow. Mr Norrish has thereby infringed Nominet UK's copyright in its databases as alleged. Statutory Framework - Fair Trading Acts 132 It is next necessary to consider whether Mr Norrish was involved in contraventions of the Fair Trading Act (WA) and/or the Fair Trading Act (Vic) as alleged. Before turning to that question, it is convenient to set out the relevant provisions of the Fair Trading Act (WA) which are also reflected in the Victorian Fair Trading Act, both of which are derived from the Trade Practices Act 1974 (Cth). 133 The application of the Fair Trading Act (WA) is dealt with in s 4 of the Act. In particular, s 4(2) provides: 'This Act extends to the engaging in conduct outside Western Australia by bodies corporate incorporated, or taken to be registered, in Western Australia or carrying on business within Western Australia, or by persons ordinarily resident within Western Australia.' Subsection 4(4) provides that the Act is not intended to exclude or limit the concurrent operation of any law of the Commonwealth or of another State or a Territory. 134 Section 10 of the Act replicates the relevant provisions of s 52 of the Trade Practices Act: '(1) A person shall not, in trade or commerce, engage in conduct that is misleading or deceptive or is likely to mislead or deceive. (2) Nothing in this Part shall be taken as limiting by implication the generality of subsection (1).' 135 Section 12 of the Act deals with specific aspects of misleading or deceptive conduct and, relevantly for present purposes, provides: '(1) A person shall not, in trade or commerce, in connection with the supply or possible supply of goods or services or in connection with the promotion by any means of the supply or use of goods or services - ... (e) represent that goods or services have sponsorship, approval, performance characteristics, accessories, uses or benefits they do not have; (f) represent that the person has a sponsorship, approval or affiliation the person does not have;' 136 Section 29 of the Act deals with claims for payment for unsolicited goods or services and reflects the provisions of s 64 of the Trade Practices Act. Relevantly it provides: '(2) A person shall not, in trade or commerce, assert a right to payment from another person for unsolicited services unless the person asserting the right has reasonable cause to believe that there is a right to payment.' 137 Evidentiary provisions relating to s 29 are to be found in s 30. Section 30(1) provides, inter alia: '(1) For the purposes of section 29, a person shall be taken to assert a right to payment from another person for unsolicited goods or unsolicited services, or of a charge for the making of an entry in a directory, if the first- mentioned person - ... (e) sends any invoice or other document stating the amount of the payment or setting out the price of the goods or services or the charge for the making of the entry and not stating as prominently (or more prominently) that no claim is made to the payment or to payment of the price or charge, as the case may be. ... (3) For the purposes of section 29, an invoice or other document purporting to have been sent by or on behalf of a person shall be deemed to have been sent by that person unless the contrary is established. (4) In a proceeding against a person in respect of a contravention of section 29 - (a) in the case of a contravention constituted by asserting a right to payment from another person for unsolicited goods or unsolicited services - the burden lies on the defendant of proving that the defendant has reasonable cause to believe that there was a right to payment; or ...' 138 'Unsolicited services' are defined in s 5(1): '... means services supplied to a person without any request for the services being made by, or by the authority of, the person;' 139 Part VII of the Fair Trading Act (WA) dealing with enforcement and remedies includes remedial provisions reflecting those in the Trade Practices Act and like provisions relating to accessorial liability as are found in s 75B (see ss 68, 76 and 77 of the Fair Trading Act (WA). Comparable provisions are to be found in the Fair Trading Act (Vic)). Whether Mr Norrish Was Involved in Misleading or Deceptive Conduct in Contravention of the Fair Trading Act 1987 (WA) and/or the Fair Trading Act 1999 (Vic) 140 The statement of claim alleges contraventions by Diverse Internet and Internet Payments of ss 52, 53 and 64(2A) of the Trade Practices Act. It alleges accessorial involvement in those contraventions by Messrs. Norrish and Rafferty. It asserts contraventions by Messrs. Norrish and Rafferty and by (UK) Internet Registry of the corresponding provisions of the Fair Trading Act (WA) and the Fair Trading Act (Vic). It also pleads accessorial involvement by Messrs. Norrish and Rafferty in contraventions of the Fair Trading Acts by (UK) Internet Registry. 141 The case now made against Mr Norrish, as set out in a 'Statement of Outstanding Points of Claim' handed up in Court on 22 June 2004, alleges only his accessorial liability by reason of involvement in contraventions by (UK) Internet Registry of the Fair Trading Acts. No express reliance is placed upon the Trade Practices Act although I was informed that a ministerial consent was obtained for its extra-territorial application. 142 In order to establish accessorial liability on the part of Mr Norrish on the part of (UK) Internet Registry it is necessary to show that the conduct of that company contravenes either or both of the Western Australian and Victorian Fair Trading Acts. The relevant conduct is the sending of the UKIR Notices to persons in the United Kingdom. 143 The connection between (UK) Internet Registry and the State of Western Australia arises out of the fact that Mr Rafferty, as admitted by Mr Norrish in his defence, is a natural person ordinarily residing in Western Australia and was at all material times the sole director of (UK) Internet Registry. The arrangements for the establishment of the virtual office and the sending of the UKIR Notices all appear to have been made out of Western Australia. On Mr Norrish's admission the UKIR Notices were prepared in Australia by Zipform, collected in Australia from Zipform by G3 Worldwide Mail (Australia) and delivered by that company to the Royal Mail for distribution in the United Kingdom. It is also admitted by Mr Norrish that payments were received by (UK) Internet Registry in Western Australia in response to the UKIR Notices. 144 When (UK) Internet Registry was incorporated in the Seychelles in February 2003, Mr Rafferty's address was shown in the company documents as an address in Southbank, Victoria. His emails at all times emanated from Australian email addresses. On 25 February 2003, Ms Adams of HQ Global Workplaces sent a fax to Mr Rafferty confirming that mail received at 33 St James's Square, London would thereafter be sent to Internet Registrations at PO Box 6122, East Perth 6892 in Western Australia. Notice of the termination of the virtual office arrangement was sent to that address. 145 In the circumstances I find that (UK) Internet Registry conducted a substantial part of its activities through persons resident in Western Australia and also possibly through a person resident in Victoria. I find for the purposes of the Fair Trading Act (WA)that the company was carrying on business within Western Australia. 146 On the facts that I have already found (UK) Internet Registry engaged in conduct contravening ss 10 and 12 of the Fair Trading Act (WA) as alleged in par 15 of the statement of claim. Mr Norrish was knowingly concerned in all of that conduct and so attracts accessorial liability under the Act. 147 It was submitted for Mr Norrish that he could not be found to be liable as a person knowingly concerned in the full range of contraventions alleged against (UK) Internet Registry because Nominet UK had settled for orders covering a narrower range of contraventions against that company. 148 The consent orders made against (UK) Internet Registry do not, in my opinion, preclude the Court from finding, in the proceedings against Mr Norrish, that the company in fact engaged in a wider range of contravening conduct. The consent orders reflected a compromise. They do not reflect any determination that (UK) Internet Registry did not engage in the full range of the conduct pleaded against it. Whether the UKIR Notices Asserted a Right to Payment Contrary to Section 29 of the Fair Trading Act (WA) 149 The question whether a person asserts a right to payment for unsolicited services is not a matter of impression. It is a matter of construing the impugned communication. This is however subject to the evidentiary provisions of s 30 of the Act. The equivalent provisions of the Trade Practices Act are found in s 64 of that Act. 150 The operation of s 64 of the Trade Practices Act was considered by the former Australian Industrial Court in Wells v John R Lewis (Industrial) Pty Ltd (1975) 25 FLR 194. The offending assertion in that case was contained in a document inviting its recipients to subscribe to a directory. The invitation to subscribe was on the reverse side of the document. The front side was presented as an 'invoice/statement'. The inclusion of a statement on the form that the amount for the subscription was the 'total due', the use of the words 'contract and invoice terms overleaf' and the absence of any disclaimer of a right of payment brought the document within the section. 151 In Rizzo v Wall (unrep Fed Court, Pincus J, 25/11/87), Pincus J found that the true construction of the equivalent provision in s 64(2A) of the Trade Practices Act was 'not such as to catch cases ... where the complaint is that there was an assertion of a right to payment for services in the future - to be supplied in the future'. His Honour did not reach a concluded view in that case as he held that there was no evidence that the relevant services were unsolicited. Pincus J returned to s 64 in Rizzo v Fitzgerald (1988) 19 FCR 175 and decided that the provisional view he had formed in Rizzo v Wall was wrong. He said (at 178): '... it is difficult to see any reason why an assertion of a right to payment for services which have not been requested should be lawful if the services are not only unrequested but unsupplied.' More recently in .au Domain Administration Ltd v Domain Names Australia Pty Ltd [2004] FCA 424, in which Mr Rafferty and one of his companies were respondents, Finkelstein J considered the application of s 64(2A) to notices issued by the company to prospective registrants of domain names. The applicants, who included the ACCC, contended that the notices claimed the right to receive from their addressees a fee for registration of their existing domain names. 152 Finkelstein J held that s 64(2A) of the Trade Practices Act had no application to services which had not been provided. This was contrary to the conclusion reached by Pincus J in Rizzo v Fitzgerald. Counsel for Nominet UK submitted that I should decline to follow Finkelstein J's decision in this respect. His Honour's conclusion about the operation of the section was based upon the definition of 'unsolicited services' in s 4 of the Trade Practices Act which is substantially the same as its definition in the Fair Trading Act. In the Trade Practices Act it means 'services supplied to a person without any request made by him or her or on his or her behalf'. That definition carries with it the limitation that the services are 'supplied'. It could not therefore accommodate the definition of 'services' in s 4 which includes 'rights ... benefits, privileges or facilities that are, or are to be provided,granted or conferred'. His Honour made the further point that the application of the section to unprovided services would introduce an inconsistency with its application to goods as there is no extended definition of goods to include those not provided. 153 In my opinion, I should not decline to follow his Honour's considered judgment on this question unless satisfied that it is plainly wrong. The construction favoured by his Honour may be debatable but it is clearly open. I do not think that I should depart from it. That is sufficient to dispose of this aspect of the case as the services to which the UKIR Notices related were not services which had been provided. Conclusion 154 For the preceding reasons, I find that Mr Norrish has infringed Nominet UK's copyright in its databases. I also find that he was involved in the misleading or deceptive conduct of (UK) Internet Registry by reason of the sending of the UKIR Notices to addressees in the United Kingdom. Nominet UK is entitled to declaratory and injunctive relief and damages against him. It is also entitled to its costs.

At a glance

Court

Decision date

Before

Source

Judgment (12 paragraphs)

Parties

Legislation Cited (5)

Cases Cited (12)

Cited By (2)