Intermediaries

Updates

30 Jun 2017

From October onwards, social media platforms with more than two million German users need to remove 'obviously illegal' content within 24 hours or risk a fine that could rise to €50 million. The German parliament voted in favour of this law after months of discussion. In response to the new law, Facebook reconfirmed its commitment to fighting illegal content, but states that 'this law as it stands now will not improve efforts to tackle this important societal problem'. The Internet industry claims that these tight deadlines are 'unrealistic' and can lead to 'accidental censorship'. UN Special Rapporteur on freedom of expression, David Kaye, argued that 'the obligations placed upon private companies to regulate and take down content raises concern with respect to freedom of expression'. 

27 Jun 2017

A new ransomware, named Petya, spread around Ukraine, then Europe and the world, infecting and disabling Windows systems in various industries, from airports and shipping ports, to petrol and the financial industry, to supermarkets and law firms. According to Microsoft, the infection was identified in at least 65 countries, including Belgium, Brazil, Germany, Russia, and the USA. Petya is based on a code of a ransowmare developed in 2016, which locks the master boot records of the disk, effectively rendering the disc and computer dysfunctional until a ransom of USD$300 in Bitcoins is paid. Unlike its older version, the 2017 version – also dubbed ‘notPetya’ by some researchers – spreads like a worm through the infected systems (that is without a need for a user to activate it by opening an infected link or an attachment) by exploiting the same vulnerability that WannaCry did, and for which Microsoft issued a patch in March. NotPetya also uses a range of other tools, such as recovering administrator passwords on the infected systems and gaining top access privileges. While the malware has all the features of a ransomware, it appears the attackers have put relatively little effort in ensuring that payments are received, since there is only one Bitcoin wallet used for all the infected computers (which makes it easier to track and possibly locate the criminals when the funds are eventually withdrawn). In addition, the e-mail address offered for communication with the attackers was hosted on a public platform by German company Posteo, which immediately suspended it after the infection broke out. This is why some experts believe that the malware is not designed to make money, but to spread fast and cause damage, The Register reports.

26 Jun 2017

Facebook, YouTube, Twitter, and Microsoft have announced the formation of a Global Internet Forum to Counter Terrorism. This cooperation includes sharing technical solutions, research to inform their efforts, and working with counter-terrorism experts - including the UN Security Council Counter-Terrorism Executive Directorate and the ICT4Peace Foundation - to establish a knowledge-sharing network. The Forum does not only consist of the large social media companies, but will also include 'smaller tech companies, civil society groups and academics, governments and supranational bodies such as the EU and the UN'.

Pages

Intermediaries play a vital role in ensuring Internet functionality. In several Internet governance areas, such as copyright infringement and spam, Internet Service Providers (ISPs) are considered key online intermediaries. In other areas, such as defamation and the so-called right to be forgotten, the responsibility extends to hosts of online content and search engines.

ISPs main involvement is at a national level in dealing with government and legal authorities, and they are often the most direct way for governments to enforce legal rules online. At a global level, some ISPs, particularly from the USA and Europe, have been active in the WSIS/WGIG/IGF processes individually and through national and regional or sector-specific business organisations such as the Information Technology Association of America (ITAA), and others. Various regional ISP associations have been set up worldwide.

Hosts of online content and search engines typically operate as conduits for content, or bridges between content and Internet users. Although headquartered in one country (some having regional headquarters), their reach and user-base is likely to be global, and as a consequence, intermediaries are often exposed to jurisdiction in multiple countries.

 

 

Intermediary liability is often discussed at IGF meetings and in other fora. The OECD includes the role of intermediaries among its 14 principles for Internet policy-making (‘Limit Internet intermediary liability’), whereas the extent of intermediary liability is often the subject of court judgments (such as the Delfi case).

The following will discuss the role and responsibility of ISPs and hosts with regards to various issues.

Copyright infringement

One of the main issues is intermediary liability for copyright infringement. The international enforcement mechanisms in the field of intellectual property have been further strengthened by making ISPs liable for hosting materials in breach of copyright, if the material is not removed upon notification of infringement. This has made the previously vague IPR regime directly enforceable in the field of the Internet.

The approach taken by the US Digital Millennium Copyright Act (DMCA) and the EU directives is to exempt the service provider from liability for the information merely transmitted or stored at the direction of the users, and demand that the service provider act upon a notice-and-take-down procedure. This solution provides some comfort to ISPs as they are safe from legal sanctions, but also potentially transforms them into content judges and only partially solves the problem, since the contested content may be posted on another website, hosted by another ISP.

Child online protection

As with all other stakeholders involved in protecting children online, ISPs and hosts are instrumental in filtering certain types of illegal content (most notably, child sexual abuse images) as soon as they become aware of it. There are generally two main processes leading to the removal of illegal content:

  1. Via notice-and-take-down measures, which are typically the first line of defence. As soon as providers, such as ISPs, domain registrars, and web hosts are alerted that their services being used to host such content, many go on to remove it or close down the user’s account, within a short period of time.
  2. Via hotline reporting, through which ISPs can be notified of illegal content by its customers, members of the public, law enforcement, or hotline organisations. ISPs generally work hand-in-hand with law enforcement to ensure that the content is verified, and that steps are taken to identify and locate the criminals.

Other technical options may help prevent illegal content from being accessed. For example, a number of intermediaries around the world, including ISPs and search engines, restrict access to lists of URLs confirmed to contain illegal content.

In the above cases, the extent of ISPs' and hosts' liabilities may vary from country to country. In some frameworks, a legal obligation is imposed; in many other cases, ISPs and hosts voluntarily develop and adopt processes to help protect children online.

Spam

ISPs are commonly seen as the primary entities involved with anti-spam initiatives. Usually, ISPs have their own initiatives for reducing spam, either through technical filtering or the introduction of anti-spam policy. The ITU’s report on spam states that ISPs should be liable for spam and proposes an anti-spam code of conduct, which should include two main provisions:

  • An ISP must prohibit its users from spamming.
  • An ISP must not peer with ISPs that do not accept a similar code of conduct.

Content policy

Under growing official pressure, ISPs, hosts and search engines are gradually, albeit reluctantly, becoming involved with content policy. In doing so, they might have to follow two possible routes. The first is to enforce government regulation. The second, based on self-regulation, is for intermediaries to decide on what is appropriate content themselves. This runs the risk of privatising content control, with ISPs taking over governments’ responsibilities.

In recent months, the courts have also imposed rules on intermediaries, most notably with respect to the right to be forgotten, and in respect of comments posted on online portals.

Right to be forgotten

In 2014, following the decision of the Spanish data protection authority to uphold a Spanish citizen’s request for the removal of the links from Google search results, the Court of Justice of the European Union imposed upon search engines the obligation to consider all right-to-be-forgotten requests.

Although many argued that this right represents only a right to be de-listed, the obligation imposed upon search engines – and not only to Google, as claimant in the case Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González – triggered major debates.

Offensive comments posted on news portal

In 2013, the European Court of Human Rights confirmed a ruling by the Estonian courts which found the news portal Delfi liable for offensive comments posted on its website. In June 2015, the Grand Chamber of ECHR confirmed the 2013 judgment: the Estonian courts’ decision was justifiable and proportionate, as the comments were extreme and had been posted in reaction to an article published by Delfi on its professionally managed news portal run on a commercial basis. (The judgment does not however concern other online spaces where third-party comments can be disseminated, such as an Internet discussion forum, a bulletin board or a social media platform.)

Each of the topics above are explained in more detail on dedicated sections: copyrightchild safetyspam, and content policy.

Events

Instruments

Judgements

Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González Case - Court of Justice of the European Union (2014)

Recommendations

Other Instruments

Resources

Publications

Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)

Papers

Jurisdiction on the Internet: From Legal Arms Race to Transnational Cooperation (2016)
Encouraging the Participation of the Private Sector and the Media in the Prevention of Violence Against Women and Domestic Violence: Article 17 of the Istanbul Convention (2016) (2016)
Comparative Analysis on National Approaches to the Liability of Internet Intermediaries for Infringement of Copyright and Related Rights (2014)

Reports

One Internet (2016)
2015 In Retrospect (Vol. 4) (2016)
OECD Digital Economy Outlook 2015 (2015)
The Impact of Online Intermediaries on the EU Economy (2013)
Study on the Liability of Internet Intermediaries (2007)

GIP event reports

Realizing Rights Online: From Human Rights Discourses to Enforceable Stakeholder Responsibilities (2017)

Other resources

Harmonizing Intermediary Immunity for Modern Trade Policy (2014)

Processes

IGF 2016 Report

 

Several sessions at IGF 2016 explored who should bear responsibility for dealing with illegal or harmful online content: governments, or rather the intermediaries whose platforms are used for dissemination? While there was no definitive answer to this question, it was underlined that, unwillingly, Internet companies are increasingly taking a juridical role. Google, for example, accepts approximately half of the requests for the right to be forgot- ten. Among other – refused – requests, there are some that could open many legal Pandora-type boxes: procedural matters, basis of judgement, right to appeal, etc. (The 'Right to Be Forgotten' and Privatized Adjudication - WS28). 

 

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top