Over the past year we have seen mounting calls for Internet Traffic to be filtered in order to improve cybersecurity, protect intellectual property, tackle terrorism or ensure children are not exposed to adult content. The success of the Internet Watch Foundation is used to support calls for similar approaches to be used to blacklist websites carrying other types of content. Meanwhile we have a new generation of security products and services based on using deep packet inspection to screen out traffic carrying malware and identify those who sent it. We also have the growing deployment of trusted computing technologies to check the physical identity of the devices with which we are communicating and (hopefully) those using them.
Political debate appears to be based on spending billions on filtering technologies that do not stop the technically competent from whatever malpractice they had in mind. Hence the reason for the Conservative Technology Forum meeting that I chaired on Monday with the title “Internet Governance: can you block a website?”
We had the expected consensus that mandating the use of blocking technologies might make politicians and regulators feel good – but would not significantly reduce malpractice. I was, however, agreeably surprised to find apparent consensus on a constructive way forward: clarifying what constitutes “actual knowledge” and therefore removes the “innocent carrier” defence in the e-commerce directive .
I am therefore seeking views on how to clarify and rationalisethe routines for notifying Domain Names Registrars and Internet ServiceProviders that their customers are hosting illegal content or generating undesirabletraffic and that they will be liable if they do nottake action. That action might be to informthem that they will be disconnected for breach of conditions of service unlessthey desist – or clean their machines orwebsites if they are innocent victims.
The means of clarification are not, however, obvious. The means suggestedraise further issues of responsibility and liability, given that US data indicatesthat over 40% of requests to take down websites come from competitors to thoserunning the website whose main objective is commercial disruption, whether ornot the content is illegal or involves disputed intellectual property rights.Then there are the issues of securing action in jurisdictions that are not normally noted for being helpful to western IT companies or law enforcement agencies.
What is clear, however, is that if the UK/EU can produce a better(as in “faster, cheaper and more credible”) notice and take-down regime than the United States, then the resultis worth £billions if it leads to searches and transactions taking place (andbeing taxed) locally instead of being routed via the USA.
The Chancelloris looking for low cost ways of expediting economic recovery and improving UKtax revenues in his next budget. This islikely to have more impact, more quickly than most of the special pleading of ICT players for tax credits, exemptions orregulatory reform.
But how is such “clarification” is best achieved?
Does it need primary or secondary legislation, whether national,pan European or International?
Or is it better done without – perhaps an industryconsortium working under the aegis of a traditional global disputes resolution likethe Centre for Effective Disputes Resolution? If the latter, what should be the role, ifany, of the Internet Governance Forum, Internet Society, ICANN etc.?
If it does require legislative action, who needs to beinvolved? UK Ministers, EU Commission, OECD?
My instinctive answer is that the Chancellor should ask the AttorneyGeneral’s Office to ask the Law Commission to look at what is needed – if anything.
I have never forgotten the EURIM exercise on Electronic Signatures in the late 1990s when our “observer” fromthe Law Commission said that there was no need for Parliament or DTI to doanything. The “Judges Rules”, in that case an article ina Law Journal that our “observer” had been tasked to write, would provide allthe clarification necessary. Indeed it was better that HMG did nothing because the differences between ParliamentaryDraftsman speak, Statutory Instrument speak and Judge speak (let alone EU Community speak) would complicate an area whereexisting law was technology neutral and perfectly capable of handling the changes under way – and probably those yet tocome.
If the main e-commerce players who stand to benefit fromclarity are willing to support EURIM in doing an exercise with the Law Commission and/orthe European Commission that is as similarly simple and successful, then the resultswill be far cheaper and more effective than any amount of spend on blockingtechnologies