May 11, 2012
The new Defamation Bill promised in the Queen’s Speech has now been published. Although it also contains changes to what statements can give rise to liability for defamation, the most interesting part for network operators is likely to be the new provisions on liability for those who host third party content on web sites and blogs.
Section 1 of the current Defamation Act 1996 essentially gives hosts two options when they receive a complaint that a statement on their site is defamatory:
- remove or modify the statement promptly, and be sure that they cannot incur liability for the defamation;
- leave the statement untouched and risk being found liable for publication if it is subsequently found to be defamatory.
Paragraph 5 of the Bill would create two more options:
- If it is possible for the claimant to identify the person who posted the statement, then the host is protected from liability and does not need to do anything;
- If it is not possible for the claimant to identify the poster, then the host is protected from liability so long as they follow a process or processes that will be specified in a subsequent Statutory Instrument.
While the new options are welcome, the current wording creates three obvious questions:
- What is included within the scope of “website”? And how will this affect future publication technologies that haven’t yet been invented?
- Is the “operator” of a website the person that runs the server, the website software, the main author of a blog, etc.? I would hope that at least those three are covered.
- What is meant by “identifying” the person who posted the statement? This posting says that it was written by “Andrew Cormack”, but searching the web reveals several individuals with that name. Or is it sufficient that a complainant could request a Norwich Pharmacal Order against the operator of this site and discover which of them it is? I would imagine that a website operator would want to be very sure that the poster was indeed sufficiently “identifiable” before they left an allegedly defamatory statement untouched.
Section 5(4) of the Bill also specifies what needs to be in a notice in order to trigger this process: a welcome clarification.
During the consultation process that led to this Bill, it was also suggested by the Joint Parliamentary Committee that it might change the current legal position that encourages a website operator to wait for complaints rather than proactively checking for defamatory statements. This Bill doesn’t seem to do that. [UPDATE: I've a feeling that the double negatives in the Bill do actually have that effect, but I need to study them a bit more to be sure. If so, as noted below, this would only apply to proactive checking for defamatory statements, not to other types of unlawful publication].
The consultation also suggested that there might be a process to allow a website operator to ask for a judicial ruling on whether an anonymous posting was defamatory, if it felt that there was good reason not to remove it (for example because of the statutory duty on universities and colleges to promote free speech). That doesn’t seem to be in the Bill, but it could still be included in the Regulations.
And, of course, this Bill only affects liability for defamation, not for other types of civil or criminal illegality, such as copyright breach. Those will continue to be covered (by default) by the notice and takedown procedures in the eCommerce Directive.
May 10, 2012
According to the Dutch digital rights organisation, Bits of Freedom, the Netherlands has just passed a new Network Neutrality law. Their unofficial translation into English suggests that Public Electronic Communications Service Providers will only be permitted to throttle or block traffic on their networks if this is necessary:
a. to minimize the effects of congestion, whereby equal types of traffic should be treated equally; [or]
b. to preserve the integrity and security of the network and service of the provider in question or the terminal of the enduser; [or]
c. to restrict the transmission to an enduser of unsolicited communication as refered to in Article 11.7, first paragraph, provided that the enduser has given its prior consent; [or]
d. to give effect to a legislative provision or court order.”
Items B and D on that list seem relatively uncontroversial, but it seems to me possible that C and A may prohibit desirable services. C appears to allow an ISP to offer a spam-blocking service to users, but to prohibit offering services (either opt-in or opt-out) that filter any other kinds of unwanted material. The effect of A seems to depend on what is meant by “equal types of traffic should be treated equally”. If it means that a network operator can only apply controls at the level of an IP address or range then it seems to prohibit treating time-critical services (such as audio and video) differently from other things like e-mail; but if that sort of discrimination in favour of real-time services (which may be necessary to deliver acceptable performance even on uncongested networks) is permitted then it may also allow the discrimination against peer-to-peer and VoIP traffic that was recently identified by European regulators.
It will be interesting to see how those issues are resolved, particularly as the Netherlands appears to be the first country in the world to try this approach. I understand that the Dutch telecoms regulator has indicated that ISPs will be given an opportunity to develop practical implementations before the law is enforced.
May 10, 2012
Yesterday at the State Opening of Parliament the Queen’s Speech announced the Government’s plan for legislation in the next year. A couple of the proposed Bills seem likely to affect network operators.
First is a Defamation Bill, which was the subject of a consultation last year. Although the Internet isn’t the main focus of the legislation, the consultation did recognise that there were problems with the current system of liability for hosting providers, which encourages them to remove any comment that is the subject of a complaint, without considering whether the complaint is justified. A posting by Julian Huppert MP on the Liberal Democrat Voice blog suggests that the draft legislation may be published as soon as tomorrow.
[UPDATE: he was right, see http://services.parliament.uk/bills/2012-13/defamation.html - more when I've had a chance to study it]
Second is the Communications Bill, in which the Government intends “to maintain the ability of law enforcement and intelligence agencies to access vital communications data under strict safeguards”. At the moment ISPs are required by the Data Retention Regulations 2009 to keep information about e-mails and phone calls sent using their services; law enforcement agencies can then use powers in Part 1 Chapter 2 of the Regulation of Investigatory Powers Act 2000 to access that information. The Government doesn’t seem to have published any information about this, so it’s not clear whether one or both of these Acts will be changed by the new Bill. Julian Huppert’s blog suggests that a draft bill will be published for consultation before a final version is considered by Parliament.
May 4, 2012
Given the outcome of previous hearings on copyright infringement, the court’s conclusion this week that the UK’s major ISPs should be ordered to block access to The Pirate Bay was no surprise. However the judgment raises an interesting technical issue. In a previous hearing, it had been pointed out that there was a way to get around blocks on individual web pages that would not be possible if the block instead referred to the IP address of the website as a whole. IP address blocking is recognised as carrying the highest risk of blocking legitimate material (“overblocking”) but it seems that the current IP address of The Pirate Bay is only used by the site, so the judge was prepared in this case to permit blocking of all access to those addresses.
However there are many other evasion techniques that get around both URL and IP blocks and the legal action against The Pirate Bay has been accompanied by a lot of publicity for those. According to a BBC report, there has been a significant increase in their use by young people in recent years. Unfortunately such techniques don’t just open up access to sites blocked for copyright reasons, they inevitably evade all other filters implemented by ISPs as well. So those using them may well increase their risk of exposure to images listed by the Internet Watch Foundation (earlier orders explicitly required ISPs to use the same systems to block copyright and IWF material), malicious code, and phishing sites that steal banking and other passwords. ISPs can no longer protect these users by filtering: all that will be left is any protection that may be implemented on the individual’s computer, smartphone, etc. Techniques such as the Virtual Private Networks described by the BBC also mean that the VPN operator can see all the user’s Internet traffic, creating a significant privacy threat if the operator, or their country, doesn’t protect that information as the user expects.
Such a significant risk to individuals, their computers and – by hindering attempts to control the spread of malicious code – the rest of the Internet seem a high price to pay for free music 
