[This is the approximate text of an internal company talk, which I’ve been asked to make more widely available]
One of the odd things about how people talk about the Internet is that you’ll hear it described both as “the Wild West” where there are no rules and unlawful behaviour is rife and as a “1984” situation where everything we do is monitored and our privacy routinely trampled on. But how can the same thing possibly be both of those?
It seems to me that one of the problems is that the Internet tears up one of the fundamental planks of how we have done laws and regulation in the past: geography! If you look at a map of Europe it is easy to point to the answer to “Where does UK law apply?”. It is also easy to point to the answer to the less obvious question “Where does UK law not apply?”. That’s everywhere else: just hop over to France, Belgium, Netherlands, …
But if you look at a map of the Internet, both those questions become a lot harder to answer. Suddenly there’s nothing we can point at and say “that is the UK”. Nor, since computers physically in the UK can have addresses and connectivity from all over the globe (think of multi-national companies with internal networks) is there anything we can point at and confidently say “that isn’t the UK”. This might explain why both the “Wild West” and “1984” views are prevalent…
If you look at the Internet map and conclude that “UK is nowhere” then you might well conclude that UK law is nowhere too. And if you can’t punish behaviour that breaks your rules, you might be tempted to try to modify the system to make it harder to break those rules in the first place. Thus, for example, courts in the UK, Netherlands, Finland and other countries are ordering ISPs to block traffic from their customers to certain websites that the courts have found to breaching copyright law.
Other parts of the internet infrastructure can also be used to try to prevent law-breaking. Since the .com top level domain is managed from US territory, US law enforcement authorities have been able to order that certain .com domains, considered to be breaching US law, should no longer point to the original websites but to a page warning visitors that they may be acting illegally. Unlike ISP-based blocking, that change applies to users everywhere in the world: there is only one .com. And it turns out that it can also apply to websites all over the world – two of the domains that were transferred belonged to Spanish and Canadian companies, both of which were acting lawfully according to their home courts. So which law should apply to them?
So far domain name suspensions seem to be done manually, at human speed. However a number of content hosting sites now process complaints and remove material automatically. Software has been used for a long time to search the Internet for apparent copyright infringements and to generate reports. If an automated reporting program encounters an automated takedown program then humans may have difficulty regaining control: this seems to have been the problem that interrupted live streaming of a science fiction awards ceremony and the Mars landing, as well as the temporary disappearance of over a million education blogs.
On the other hand you could look at the Internet map and conclude that the disappearance of the English Channel and all other geographical features means that law need no longer be constrained by any real world features. This seems to lead to the “1984” view: that the law can go anywhere. In a number of cases, courts seem to have agreed: French courts found a US company liable under French anti-Nazi law for adverts posted by US users, while an Australian court found another US publisher liable for defaming an Australian businessman even though there seems little doubt that the publication was protected by US laws on free speech. Such extra-territoriality works both ways: American laws against on-line gambling have been used to detain senior executives of companies whose activities are entirely lawful in their European homes. In the real world law enforcement powers have always been strictly contained by geography: dealing with International crime is notoriously difficult as a result. The Internet’s absence of obvious borders seems to be relaxing these rules – it is reported that Dutch police will be allowed to install monitoring software on computers that may be outside the country, while the UK’s draft Communications Data Bill seeks to have overseas providers collect and retain information about e-mails and other forms of communication.
You might hope that the Wild West and 1984 views would cancel each other out, but in fact they seem to reinforce each other through the medium of technology. The effect of the UK court order blocking access to The Pirate Bay appears dramatic: according to a BBC report, traffic to the site dropped by 75% as a result. Apparently UK law can, after all, be enforced against a site based in Sweden. Except that when a similar block was implemented in the Netherlands there was no obvious effect on the volume of peer-to-peer traffic, which is the main way TPB material is distributed. Why this apparent contradiction? It seems likely that blocked sites, and their users, respond by switching to technologies that aren’t affected by the block. For example TPB has recently announced that it will be moving its servers to the cloud, making any block harder to implement and much more likely to affect other, lawful, sites. Even more worrying: if, as seems to have occurred, individuals respond by adopting technologies that get around blocks those technologies are likely to eliminate all blocks, including those implemented by organisations and ISPs to protect people and their computers against serious harm.
So it seems that making laws that work on the Internet, without serious side-effects, is going to be hard at least until we work out the different characteristics of this new space. It’s tempting to leave this to professional law-makers – it’s their job, after all – but the evidence so far suggests that they need help. It is not so long since a European briefing note suggested creating a single European cyberspace with a secure Schengen perimeter. At least there are some signs of recognising that the on-line world is different, though if you are seeking certainty then “online identifiers need not necessarily be considered personal data in all circumstances” may not seem promising! My on-line blog records my activities with Janet, its customers, its peers and law and policy-makers to try to help.
Personally I hope that both the “Wild West” and “1984” views are wrong, and that we can come up with something that works a little more like the real world. There personal and social behaviour, with a bit of law enforcement when needed, means we mostly get along OK.