It's not that we're necessarily liable for it in any way, since we're required by law to pass it on. The sort of thing I'm talking about there is the personalized links that appear in those notices.
The notice we receive will tell the end-user to “click here to confirm that you have received this notice”, and then it will have a link. It's not just a link to a website; it's a link with variable tags that identify which notice it was. What it means is that when the end-user gets that notice and clicks the link, the sender now has the IP address and other information about the person's computer and browser that they can associate with that notice. They have information about the individual that they didn't have before.
By passing that on, we're making our end-users vulnerable in a way that doesn't feel like it serves the purposes of the notice-and-notice regime. The end-user, in turn, gets that message from TekSavvy or from the ISP, not from the rights holder. We write some information as sort of an envelope around the notice that explains to the user that it is not from us, that we are just passing it on, and that we're required to pass it on, and all that sort of information. But then we have to provide the notice as it's given to us, including advertising for a potential competitor of ours. That puts us in a difficult position, and it's completely extraneous information.