The Wild West web

Jag Bahra on the rule of law online and the importance of due process

Image: CC-AT-NC Flickr: tarotastic (Taro Taylor)

As the internet continues to become a more significant part of everyone's lives it presents new legal challenges. Due to the slow legislative process the law has continued to stumble several steps behind as the web has matured and flourished in the 21st century. 

The decentralised nature of the internet also means that the enforcement of laws such as copyright, defamation and privacy has become increasingly difficult. Individual culprits are difficult or impossible to track down – and often when they are found it is pointless taking them to court as the aggrieved party is unlikely to obtain any real damages from them.

Consequently we are beginning to see legislators, law enforcement and litigants turn their attention to intermediaries – such as ISPs, domain registrars, and online services such as Twitter and Facebook – in order to enforce the law online. Of course it is pointless to argue that enforcement measures should not be available on the internet - the law needs to be upheld just as it would in the real world. 

However bullying intermediaries into acting at the drop of a hat is not the way to do it. We need to think carefully about where we should draw the line, and adequate safeguards must be put in place to ensure that innocent users are not affected.

Intermediaries – whether ISPs or services such as Twitter – are the gatekeepers of the online world. They play an increasingly important role in the flow of ideas and information. As regulation inevitably becomes more commonplace it is of paramount importance that due process is followed. If it is ignored then the internet will become shaped by threats of litigation and scary letters from expensive lawyers.

An ISP may be liable for secondary copyright infringement under s.23 of the Copyright, Designs and Patents Act 1988, however some protection is afforded by the Copyright in the Information Society Directive 2001 and E-Commerce Directive Regulations 2002. These essentially exclude liability where the ISP makes a copy of a protected work as an intermediary and as part of a technical process (such as caching and hosting).

The protection for hosting is subject to the requirement that the ISP acts expeditiously to remove the content on obtaining knowledge that that content is unlawful. American law offers ISPs a similar protection thanks to the 'safe harbour' provisions of the DMCA.

The anti-piracy measures of the Digital Economy Act create significant obligations for ISPs, who will be forced to play an important role in enforcement. When the Act eventually comes into force ISPs will have to notify users of infringement reports, provide rights-holders with infringement lists whenever required, and may be compelled to impose the dreaded 'technical measures' such as limitation of bandwidth and account suspension. Failure to adhere to these obligations could result in the imposition of a fine of up to £250,000.

Over the last few years some ISPs have entered into voluntary 'self-regulation' schemes in which they will comply with requests to remove content in order to be absolved from liability. This may be as a measure against copyright infringement (as in the case of Irish ISP Eircom). But more commonly, self-regulation schemes are put in place in order to block access to child pornography. The UK's major ISPs operate under such a system in conjunction with the Internet Watch Foundation (IWF). Finnish ISPs were bullied into voluntary blocking by politicians who threatened to legislate if they did not comply. (For more details see my previous article on web blocking.)

There has been recent debate over the position of Nominet - the registry for .uk domain names. To date 2,667 domains have been suspended, mostly for the purposes of protecting consumers from counterfeit goods, phishing, and fraud. They are currently in a state of ad-hoc self-regulation, taking instructions from the Police Central e-crime Unit and the Serious Organised Crime Agency.

There is no formal procedure in place and the police have no specific powers of suspension. Nominet are asked – not ordered – to take material down, but the police have threatened that by failing to comply Nominet may leave themselves open to civil or even criminal liability as an accessory to the offence. No such case has yet been brought as Nominet always co-operate.

ISPs can be held liable for defamatory postings made by their users, but again may find protection in the E-Commerce Directive Regulations 2002, as in the case of Bunt v Tilley (2006). AOL, Tiscali and BT were sued for defamatory remarks that were made by internet users in chat rooms. It was ruled that "an ISP which performs no more than a passive role in facilitating postings on the internet cannot be deemed to be a publisher at common law." All three ISPs were found to be not liable for the defamatory comments made.

However the Court went on to say that "if a person knowingly permits another to communicate information which is defamatory, when there would be an opportunity to prevent the publication, there would seem to be no reason in principle why liability should not accrue." The ruling therefore follows the 2002 Regulations, indicating that an ISP will face liability if it receives notification of the defamatory statements and takes no action to remove them.

Twitter has been making headlines after many of its users breached a privacy injunction taken out by Ryan Giggs to stop the media reporting his indiscretions. This seems to have sparked a panic among politicians, furthering the idea that the internet is currently some sort of lawless 'Wild West' that needs to be tamed. Last week the Attorney General warned that Twitter users who continue to breach privacy injunctions could be held in contempt of court, stating that he would intervene in proceedings if necessary.

Twitter has also recently been the subject of much controversy for disclosing the personal details of its users in connection with libel proceedings. South Tyneside Council went all the way to the Californian Court in order to obtain an order which required Twitter to release the details (IP addresses, email addresses, names, telephone numbers) of the user accounts which had tweeted links to a blog which contained allegations that Councillors had been involved in various forms of misconduct.

Despite receiving criticisms for its action, Twitter actually acted as fairly as it could given the circumstances. The court order could not be ignored. Instead Twitter contested it so that it could be 'unsealed' – allowing the relevant users to be notified of the impending action and mount a defence should they choose to do so (users connected with Wikileaks are currently defending their own case in the Californian court.) By contrast, Google and Facebook, who regularly receive and comply with such requests in volume, do not bother to do this.

Twitter made their position clear at the e-G8 Summit in France, where Tony Wang stated that "Platforms have a responsibility, not to defend that user but to protect that user's right to defend him or herself". He went on to announce that Twitter would generally hand over details when required by law, but would continue to notify concerned parties of any disclosure of details.

So why should we be concerned with all of this? Online services are subject to the rule of law just like everybody else. But as the facilitators of communication it is essential that they are not regulated in a way which will impede lawful use. An unbalanced, overzealous approach could have dangerous implications for freedom of expression.

For example, as far as copyright infringement and libel are concerned, ISPs clearly do not have the time or resources to consult a lawyer every time they receive a takedown request. There is little incentive to thoroughly investigate whether or not an allegation of infringement or libel has any merit. If faced with liability, they will seek to block or remove content quickly, and as a result some content will inevitably be taken down whether or not it is in fact unlawful.

We have already seen examples of innocent websites suffering in this way. In 2007 a libel dispute arose between Uzbek millionaire Alisher Usmanov and human rights activist Craig Murray. Murray made supposedly defamatory comments on his blog, claiming Usmanov had a criminal past. The administrator of the blog refused to remove the content, so the hosting company Fasthosts terminated the administrator's account, taking down all of the administrator's websites. These happened to include the website of Boris Johnson, who was reportedly furious and declared "We live in a world where internet communication is increasingly vital, and this is a serious erosion of free speech."

Many websites that suffered obviously had nothing to do with the dispute, making clear the potential for collateral damage in a system in which takedowns are effected without any real consideration. With regard to libel, it is also clear that the system may be abused by parties who wish to protect their own reputations at the expense of free speech or honest reporting by others.

Individuals or corporations could potentially 'cry defamation' whenever any legitimate criticisms are made. ISPs would remove the posting for fear of leaving themselves open to liability, and all criticism would be silenced. This presents serious potential for a chilling effect on freedom of speech.

It is clear that proper procedures with judicial oversight must be put in place. Nominet's current system of informal self-regulation allows the Police to suspend websites without even proving that a crime has been committed. For example see the suspension of the Fitwatch website after the student protests in November 2010.

Do we really want to create a situation in which intermediaries are forced to remove content on the basis of accusation, regardless of whether any offence has actually been committed? This would certainly undermine the fundamental right to a fair trial. The need for a court order would afford at least a minimum standard of protection to internet users, and give accused parties the chance to fight their corner.

Regulation of what happens on the internet will always be tricky, but this should not be an excuse to disregard basic rights and principles. If we get this wrong, the internet could cease to be the bastion of free speech that it currently is - and this would be a disaster for all of us.


Jag Bahra is a law graduate, civil liberties & copyleft enthusiast

Share this article

Google+ Delicious Digg Facebook Google LinkedIn StumbleUpon Twitter Reddit Newsvine E-mail


Comments (0)

This thread has been closed from taking new comments.

By Jagdeep Bahra on Jun 20, 2011

Featured Article

Schmidt Happens

Wendy M. Grossman responds to "loopy" statements made by Google Executive Chairman Eric Schmidt in regards to censorship and encryption.

ORGZine: the Digital Rights magazine written for and by Open Rights Group supporters and engaged experts expressing their personal views

People who have written us are: campaigners, inventors, legal professionals , artists, writers, curators and publishers, technology experts, volunteers, think tanks, MPs, journalists and ORG supporters.

ORG Events