Session description: This workshop was organized by the Organisation for Economic Cooperation and Development to assist in defining the responsibilities of Internet intermediaries in regard to the content of or activities of the people who use their platforms and services. The goal was a discussion of good practices that inform consideration of policies involving Internet intermediaries.
VIDEO HIGHLIGHTS: Joe Alhadeff of Oracle says there are unintended consequences of well-intended approaches to solutions and "the more we can move dialogues and interchanges, the better we are to make sure that the unintended consequences don't occur ... and we respect the equities of all sides," 4:37Lilian Edwards, a professor of Internet law, says the system is falling into disarray and "under attack primarily because of concerns of the copyright industries," and "we have significant political drivers towards developing a filtering infrastructure," 4:14Anne-Lena Straumdal of the Norwegian government says you need to know who the intermediaries are and what their goals are, among these are security and trust and ensuring free speech and "ensuring that the Internet remains a nondiscriminatory platform for all types of communication and content distribution," 3:02This clip is from an earlier workshop on a similar issue, and in it Bill Dutton, director of the Oxford Internet Institute, points out that the old models of regulation that were applied for news content providers are not applicable in the Internet age and governments do not have a model to apply to this intermediary perspective, and he suggests that a critical role of the IGF has to be to deal with suggesting ideas for a new model of Internet and intermediaries, 2:05
Evolving influence of agents
September 16, 2010 - Moderator Karine Perset of the directorate for science, technology and industry of the Organisation for Economic Cooperation and Development led off by explaining that the OECD project on Internet intermediaries is meant to help define the functions and benefits of facilitators of Internet transactions.
“Internet intermediaries give access to, host, transmit and index content originated by third parties or in some cases they provide Internet-based services to third parties,” she described as an OECD working definition.
She said OECD has defined the following categories for Internet intermediaries:
“The main question,” Perset said, “is to what extent should Internet intermediaries who own and operate Internet platforms be responsible for content that is originated by third-party users? How far should this responsibility remain with the original content author or provider and how does the answer to this question impact the development of the Internet and the role of the Internet in our economies and societies?”
She noted that imposing liability on or other responsibilities on intermediaries for content created by third parties can raise risks to free speech, privacy, innovation and competition. She said that there is also the question of controlling the dissemination of illegal, undesireable or copyright-infringing content on the Internet.
“The workshop is really about the difficult but critical balancing act needed to protect intermediary functions that are socially, economically or politically valuable while taking into account potentially competing social policy goals such as protecting privacy, security, intellectual property rights and consumers,” she said.
A review of recent history touches on some regulatory efforts
Lilian Edwards, a professor of Internet law at the University of Sheffield, provided an overview of the issue of Internet liability. She said that ISPs have been marked by governments as “the gatekeepers to the Internet,” and that during the initial stages of the Internet boom consumer trust in business transactions online was seen as engendered by placing liability for content on them. “It was unfair to put the burden on them, it was shooting the messenger, there was inherent unfairness,” she said.
Edwards said the areas of content concern for governments have been intellectual property rights, cybersecurity and global fears about access to pornography, hate speech and pro-terror material.
The European Commission’s “Directive on eCommerce,” effective from 2002, and the United States’ “Digital Millennium Copyright Act” also originating at the turn of the century, were established to divide the functions of intermediaries. “What emerged was the idea of limited liability, the idea that the intermediary is not in principle liable. They host it, but if they are put on notice they have a duty to take it down. But since then the system is falling into some disarray and is under attack. The content industry are finding that notice and takedown is not an adequate paradigm.”
She said industries concerned with copyright protection have been lobbying in recent years – with some success in France and the UK – for “notice and disconnection or graduated response, or ‘three strikes you are out.’” In this paradigm “ISPs are put in the position of being copyright cops” she said, explaining that they take an active role in inspecting content using deep packet inspection and then Internet users – third parties – are warned if they are alleged to be infringing copyright and they lose their online access if it is discerned they are still accessing or sharing material in violation of copyright after they have already received two warnings.
Edwards said content industry lobbying and government concerns over hate speech, criminal activity and terrorism are “political drivers towards developing a filter infrastructure – we see that already in the UK, with the Internet Watch Foundation, and we see attempts to introduce such in Australia, which may or may not go ahead – and these have obvious problems in terms of freedom of expression and so forth.”
She said there are human rights implications as state and industry are moving toward prior filtering and “towards dangers of systems where there is a lack of transparency, where there is scope creep, where there is a lack of the due process you’d get in a court system, mandated by the state, making decisions behind closed doors about content.”
The Internet's many complex layers and relationships make it an 'ecosystem'
Joe Alhadeff, vice president for global public policy and chief privacy officer for Oracle Corporation, said communication is becoming so complex that you can really only deal with all of the elements at “the ecosystem level.”
“There are shared responsibilities across the ecosystem,” he said, “and to take a tenet that was involved in the OECD Security Guidelines, each has responsibilities according to their role. That is the concept we have to figure out how to come to grips with, because there is this concept that as you find choke points that’s where you want to exert all of the control.
He noted that the term “best practices” indicates there is only one set of practices that can be applied “across all entities,” and that instead people should be addressing “good practices,” which means that there are “appropriate practices” based on roles. “We have to consider the size of the enterprise, the type of work they’re engaged in and the nature of the information that might be available on that enterprise and in their business role,” he said. “This is what meets the context of the opportunity for them to provide some level of control and to have some level of impact.”
Alhadeff said the term “intermediary” “is now used overbroadly at times and it’s ill-defined.” He said parties are looking at ad hoc agreements to “see how new accommodations can be reached that share the equities across all parties on how to deal with the issues, but in many ways we’re dealing with an area of shifting sands.”
He said he has doubts as to whether there can be complete harmony. “We will continue to see the need for adaptation,” he said. “What we want to see going forward is this constructive dialogue that continues to happen within the community of intermediaries, and from content owners with intermediaries and across the broad ecosystem.”
He said there has to be mutual understanding of problems, solutions and the ways to talk about solutions in the “narrowest terms necessary.” He noted that there are unintended consequences of well-intended approaches to solutions. “The more we can have dialogues and interchanges,” he said, “the better we are to make sure that the unintended consequences don’t occur and that we tailor the solution in an appropriate fashion that doesn’t create undue burden and respects the equities of all sides.”
Common ideas put forth to address issues tied to Internet intermediaries
When Perset asked participants in the panel to list some of the ideas most could agree upon, Alhadeff listed the following:
“There would be dangers in shifting ‘practices’ into ‘requirements,’” he said. “You have to figure out how they are relevant and how they are implemented. Some of the issues – especially those related to cost sharing – may be related more to some types of intermediaries than others, but it’s an important concept to have out there. Understanding innovation and understanding not just risk assessments but other ways to learn how to minimize burden is something that could benefit from more emphasis.”
Edwards said the list is a good start. “We have to look at the costs and benefits,” she said, “at what burdens can realistically be taken by which intermediaries to what effect, because some of the ways of doing this are not sensible. I endorse the idea that we avoid placing the intermediaries in the position of liability, where they have to make decisions, that is not their role. We have to consider the size of the intermediaries. We can’t impose the same expectations on a blogger as we do with Google.”
Kurt Opsahl, a senior staff attorney with the Electronic Frontier Foundation, agreed. “It’s important to recognize that individuals can be intermediaries,” he said. “It could be a café offering WiFi to users. Maybe a blogger has a site and allows comments, or somebody runs a listserv where they forward messages. These are forms of an intermediary that are vital to the free flow of information on the Internet.”
Tensions rise as content providers, others want to exert control
Marc Berejka, senior policy adviser at the office of the Secretary of the US Department of Commerce, noted that US law to this point has allowed for innovation. “As a result, you’ve seen platforms, hosting companies of all sorts grow up and become enormously successful,” he said. “Many of the intermediaries that are among the most prominent in the world are U.S.-based, and in part that may be because of the foundational legal regime.”
He said the content community is asking for change. “The pirates are nimble and fast,” he said. “Nowadays notice and takedown for the content community in the US has proven to be of limited value. The content community is pursuing negotiated agreements with key ISPs to see what they can collectively do to more effectively combat online piracy.
“We appreciate that the pressures ISPs or intermediaries face overseas from other jurisdictions have a greater impact and you have certain countries that are pressuring US-based organizations to engage in censorship. You have other pressures on ISPs to be more involved in fighting pornography. As we look out over the global landscape, what do we do to sustain some notion of a harmonized approach globally, given the tensions? That’s going to be a challenge.”
Transparency and cooperation of intermediaries seen as a key to harmony
Anne-Lena Straumdal, a senior technology advisor for the Norwegian government, said public policy goals should be centered around free, open communication. “The most important ICT goals are: ensuring security and trust; keeping a resilient infrastructure in place; ensuring freedom of speech, democratic engagement and involvement; ensuring that the Internet remains an open and nondiscriminatory platform for all types of content distribution; and, maybe even more important, to assure innovation and creativity to stimulate growth in accordance with overall democratic goals.”
She noted that businesses are “struggling to find models that help them in achieving their goals,” and that governments are trying to define their roles in the Internet environment. She cited an example.
“Who should you contact when someone is putting a false profile on Facebook in your name?” she asked. “It is impossible to contact certain intermediaries when you want to do that. It is a difficult but important issue, intermediaries in the national policy agenda. Let’s make sure it is on the agenda even though we don’t have all of the answers. It is important to know the issues we’re dealing with, to know the intermediaries, the actors who are responsible for maintaining the Internet as we know it today, to make sure we have actors in place and we are able to have a dialogue with them and – when needed – to make sure we have hard laws in place or in other circumstances to cooperate with the actors.”
New models are being generated to push responsibility to content owners
Pedro Less Andrade, senior policy counsel in Latin America for Google, discussed notice-and-takedown procedures. He said Google has established self-policing online so copyright holders can take steps when they find their content has been misused on YouTube.
“They have a tool to track this content, and they can let the user use it and track the use and they have the option to block it,” he explained. “They have the option to monetize it and say, ‘OK, I have the chance to share revenue and I find a new channel of distribution, and I’ll also benefit.’ This was the idea behind Content ID – give options to the copyright holders and go away from this idea that we have the copyright industry on one side and the Internet industry on the other. They are totally complementary industries.”
Andrade said Chilean copyright law requires a copyright holder to alert an ISP when copyright may have been infringed and the ISP’s only obligation is to forward that notice to the user in question and provide the ISP with the user’s identity.
Australian model measures traffic to detect trends
Brenton Thomas, an assistant secretary in spectrum and wireless policy for the Australian government, talked about the ways in which the government has been working since 2005 to monitor Internet traffic flows through the Australian Internet Security Initiative with no intent to monitor individuals but attention only to traffic in general.
“The purpose was to select in formation about malicious software or botnet behavior,” he said, “and use this to provide daily reports to service providers who could consider what reaction they would take with this information. Now we have 78 organizations that receive the report from the AISI.
“By doing this we’re responding to the growing menace of spyware, etcetera, and it fits our broad objectives as a nation and responds to growing public expectations that their elected officials and their service providers will actually do something about the problems they face in an online environment.”
He said a cybersecurity code of practice was proposed by the ISPs and written by people in the Australian government. “The code allows for some consistency in the messages that get out to customers,” he said. “It goes into effect Dec. 1. In essence, it contains four elements: Notification and management system for compromised computers; standardized resource for end users; a way for ISPs to get the latest information; and a reporting mechanism, in cases of extreme threat, back to the Australian Consumer Emergency Response Team to indicate attack status.”
A goal is to minimize cost and maximize social welfare
Opsahl of the Electronic Frontier Foundation noted that any good practice must consider overall costs.
“There is the overall social cost and externalities, especially the cost to the users, a cost to their freedom of expression, the free flow of information, the cost to user privacy, the cost to innovation, the costs that arise from mistakes or overreaction by the intermediary,” he said.
“The goal is to minimize these costs and maximize social welfare, which includes considering the social benefits,” he said. “This is critical in the development of the Internet. The underlying economics that fund intermediaries are very much dependent upon scale. Internet intermediaries must take into account the cost of determining whether a right is impaired. This is extraordinarily difficult for a third party.”
He said that automated copyright protection or infringement-detection systems exert a “social cost to privacy systems and create the infrastructure for all sorts of reviews beyond the initial purpose” and they are “readily turned to purposes that are dangerous to users.”
He said automated systems can’t determine whether a defamation is true or false and they are unable to detect the fair use of copyright material. “Given the potential cost to the service provider, the economically rational choice is to not host any controversial content and not be a platform for a whole swath of speech,” he said. “We have to make sure we have an open and inclusive Internet.”
The UN's video recording of the session can be found at this link:
The UN's official transcript of the workshop can be found at this link:
- Video recorded from a remote location, captured