The Executive Director,
Internet Industry Association,
Mr Peter Coroneos
via email - peterc@iia.net.au
Dear Mr Coroneos,
Re: Internet Industry Association Code of Practice (3rd draft 2/2/98)
Further to our online discussions, the Board of Electronic Frontiers Australia Inc. has prepared the following response to the abovementioned draft. The progress towards consensus demonstrated by IIA's amendments to version 2 of the draft Code is commendable. EFA seeks further progress over the issues arising from the draft Code's proposed role in content regulation.
The commitment to content regulation which remains central to the IIA draft Code version 3 is not supported by the Internet community, and is opposed by EFA. It is essential for the wellbeing and growth of the Internet in Australia for ISPs to stand firm on the position that they are not content providers. Once it is accepted that ISPs are responsible as publishers for some purposes, it is a slippery slope towards ISP responsibility in any given situation.
This Code can reasonably be expected to address the direct responsibilities of ISPs with regard to the provision of Internet connectivity and support services. It is not a suitable document for regulating the provision of content by commercial or non-profit organisations, or by users generally.
There are some protections of consumer
interest and user privacy, but these should be strengthened if the document
is to meet the needs of the public. User privacy under the draft Code is
restricted to the particular Code Subscriber's customers, and in too limited
a context. There is focus on Vendor obligations, but no provision by the
Industry to act in the event of the collapse of an ISP. There is no administrative
structure to oversee the industry in terms of provision of superior Internet
connectivity and users having rights to minimum standards of service.
Executive Summary
1. The Code wrongly requires compliance with controversial tagging and blocking technologies and does not address reasonable consumer requirements for an industry code.
2. IIA is reminded that the industry requires a recognition that ISPs are not content providers, and the users require protection of their rights to freedom of communication. Any dilution of these aspirations will impact profoundly on the acceptance of the Code by ISPs and users.
3. The Administrative Council is too narrow in composition and the powers of the "independent" Chair are excessive.
4. IIA is urged to consider the catastrophic
effect of deregistration in the context of harsh ABA licencing requirements
or criminal law defences based on Code compliance.
Specific redrafts proposed :
Clause 1.3 seems to imply
that Members of the industry may indicate adoption of the Code by reference
to the use of the Code Compliance
Symbol. However, subsequent clauses make it clear that approval by
the Administrative Council is also
required , as is financial membership of IIA or affiliates.
Obviously IIA has a financial interest in charging every content provider, web page developer and ISP in Australia a membership fee, backed by government regulations prohibiting non-members from competing. It is a policy that IIA may find the subject of litigation and division. If IIA seeks to cover all online businesses, problems may arise in the event Federal authorities registering Industry Codes refuses applications for Code registration from industry members arguably covered by IIA's terms of membership.
If the IIA Code is intended
to address the recommendation of the ABA report on the regulation of online
services that statutary codes of practice be developed for on-line service
providers (being on-line
access providers including those
who offer value added services such as web page
development), the Code should make
that clear.
The ABA's recommendations
queried whether there should be codes of practice for participants in the
on-line environment, other than on-line service providers. EFA cautions
against the development of
an all encompassing code which may
prevent other sectors of the industry from developing and registering codes,
should a need be demonstrated, which may better address matters relevant
to those sectors. EFA questions whether most Australian Internet businesses,
such as web page developers, software
programmers, information vendors,
etc, are aware of the development of this code which appears intended to
regulate their activities.
Clause 2(b) amend to :
"to support the development of resource
discovery schemes such as metadata systems."
Content regulation is not
an achievable end, and its endorsement in this Code is contrary to the
legal interests of ISPs. A recent settlement of a defamation action by
a Melbourne ISP illustrates the dangers in ISPs accepting any liability
for the actions of users. The calls for Internet censorship are best answered
by the Industry developing search-retrieval methods to assist all users
to quickly access appropriate material.
Clause 3(a) amend to:
"the Code attempts to be technology
neutral in determining liability for content."
Obviously it is not possible
to be technology-neutral in relation to web page developers.
Clause 3(d) amend to:
"the responsibility for content
made available on the Internet rests with the relevant Content Providers."
There is no "secondary responsibility" , especially in the event that the
industry takes necessary and immediate action to lobby the government to
enact civil and criminal indemnity from the actions of users. Compare the
approach taken in the United Kingdom and the United States, where under
statute ISPs are protected from liability as publishers (refer UK Defamation
Act 1996 and US Telecommunications Act s.230). The US court decision of
AOL v. Zeran gives a compelling legal argument for there
being no "secondary" responsibility for ISPs.
Clause 3(e) amend to:
"the privacy of Internet users'
details obtained by Code Subscribers in the course of business will be
respected."
In the course of operating an Internet Business, a Code
Subscriber may become the possessor of private details of persons other
than customers.
Clause 4
Definitions to be amended:
"content" means all forms
of information uniquely retrieved from the Internet.
The blend of terms suggested in
the draft confuse the issue. The importance of "content" lies in the act
of supplying or retrieving it, not the method of transmission.
"filter" (no longer necessary as below, but if defined "means blocking access to Internet content as required by Court order").
"hit" (no longer required)
"ISPs" stands for Internet Service Providers. Other Acts define the obligations of ISPs in terms of carriage service provision , content provision or supply of online service.
"newsgroup" means an online public discussion forum within Usenet. The draft definition was too vague, and would have included web forums, IRC , mailing lists , chat rooms , among others.
"Illegal Content" means content, the mere possession of which is illegal under the laws applicable in the State or Territory in which the content is stored. It is essential that crimes of possession be defined in terms of location.
"publish" means knowingly
placing and advertising such placement of content on the Internet.
Without making the URL public, no
act of publishing is complete.
"Relevant Authority" means a Court or government agency which lawfully directs the removal of content. It cannot be as wide a definition as the draft suggests without allowing competing opinions as to legality of information, or censorship by decree.
("spamming" needs a thoughtful industry policy before Code requirements should be set. The definition of "spamming" used in the draft Code ("spamming" means the sending of unsolicited and unwelcome advertising material or information to an email address or newsgroup), would unfairly penalise some bona fide messages. It is noted that spamming is most unwelcome when a foreign user uses a false reply-to address to send many thousands of email messages to strangers' email addresses - not a matter addressed under this definition. There is no objective test of "unwelcome" within the Code, yet non-compliance with this clause may lead to deregistration of a Code Subscriber.)
"user" means a person who uses the Internet. If this is to be an Industry document, responsibilities to the general public should not be shirked.
"Unsuitable Content" - ( not needed , no role for ISPs in rating for minors).
"Vendors" means the vendors of products, information and/or services via the Internet other than standard dialup access to the Internet. The TIO has jurisdiction over consumer issues relating to carriage service provision.
"Web Page Developers" means those who make Web Pages for users on a paid consultancy basis. The draft definition included gratuitous services and automated web page creators.
"working day" means any day
excluding public holidays.Customers need not wait until Monday for service
from an ISP.
Clause 5 suffers from being both too broad , and too narrow. Firstly, it is too broad as the Internet Industry will in due course include providers of every sort of service. Is IIA to claim jurisdiction over the whole workforce?
Secondly the definition elevates the importance of Code Compliance for small ISPs. Not many hobbyist ISPs will be members of IIA, but with Federal transmission offences in place the importance of Code Compliance becomes equivalent to the licencing of ISPs. It is submitted that IIA give serious consideration to permitting small ISPs to certify as Code Compliant without membership of IIA or affiliates.
It is submitted that Clause 5 be re-examined with a view to acknowledgement of the dual problems of a monopolist position by IIA and the legal necesssity of obtaining Code Compliance certification.
Proposed amendment to Clause 5 as
follows :
"This Code is intended to cover
ISPs and Web Page Developers. "
In many respects it would be preferable
to sever the obligations of Web Page Developers from those of ISPs, as
the businesses are related but fundamentally different. An ISP merely provides
bandwidth, albeit as a value-added service. A Web Page Developer provides
content, and therefore has responsibilities as author and publisher that
an ISP does not. However, the definition of Web Page Developer has been
modified to restrict the application of the Code to professional firms.
Clause 6(a):
(delete reference to users' obligations
under the Code. Only Code Subscribers have such - in the event that a User
Code becomes necessary it should be developed by a User organisation.)
Clause 7.1 (a) :
(delete "physical location" and
replace with "postal address"). It is too important to be a Code Subscriber
for a business to be excluded if it does not have a physical address at
which it is prepared to accept customer enquiries. Some people have reasonable
privacy concerns at having their physical address widely published - it
would mean that a person who wished to keep their physical location secret
for lawful reasons could not be an Internet business proprietor. This is
an unnecessary Industry condition, whether or not Governments permit sole
proprietors to trade without a registered business address. While it is
desirable for businesses to have a physical location specified to each
new customer, it should not be mandatory under an Industry code.
Clause 7(1)(b):
(delete - non-ISP Code Subscribers
have no arguable reason to do this, and the Administrative Council has
no experience in preparing Acceptable Use Policies for customers. User
input is needed.)
Clause 7.4(e):
"engage in or assist in the practice
of spamming."
Mere advocacy of spamming ought not be an offence.
Clause 7.5:
(either detail in full here, or
delete)
Clause 7.6:
(delete. Why should ISPs provide
means of contact to Relevant Authorities ? It is up to the Relevant Authorities
to establish email , facsimile and telephone contact facilities, ISPs need
merely provide contact details.)
Clause 8.1(c):
"not sell or exchange the business
records or personal details of a user without the user's consent."
If there is to be an Industry standard of respect for users' privacy , it should
be confirmed that a user's consent is necessary for the exchange of private
details (including credit card details) in every case.
Insert new 8.1 (e):
(e) comply with Privacy Principles
released by the Office of the Privacy Commissioner.
Clause 8.2:
Delete "or implied". This invites
weakening of the whole section relating to privacy.
Clause 9.1(a):
"...relevant and reasonably necessary..."
Some Code Subscribers may have elevated notions of the measures and details
they need for credit control.
Clause 9.1 (b):
"for other legitimate purposes with
the express consent of the user."
Topical consent is not acceptable - the
user ought to be asked to consent to the particular details to be collected.
Clause 9.2(a):
"the Code Subscriber's own billing
and other purposes necessary for the provision of the service, or"
Clause 9.2(c):
(delete, not required due to change
to 9.1(b) ).
Clause 10.1:
"...will not knowingly place content
on the Internet that would be Illegal Content at the place of storage."
There is no escaping the problem that arises wth differing State and Territory
rules as to content provision - "Illegal Content" must mean "illegal content
at place of storage" , otherwise one State or Territory will dictate what
the rest of the Internet can host.
Clause 10.2:
(should be deleted entirely , or
at least limited to:
"Code Subscriber Content Providers
will, where technically feasible, ensure that services which are designed
to cater only for mature adults are:
(a) accompanied by on-screen warnings
as to the type of content available ; or
(b) managed by subscription enrolments
to exclude subscribers under the age of 18 years. )
Clause 10.3:
"A Code Subscriber Content Provider
shall have complied with 10.1 if, on written requirement of a Relevant
Authority to remove the Illegal Content, it does so."
Clause 10.4:
(delete) There is no point in mandating
standards that will never be implemented. If and when satisfactory labelling
schemes are developed, then will be the time to consider setting Industry
standards. The absence of user input into this process is especially regrettable.
Clause 10.5(a):
"Code Subscriber Content Providers
will not knowingly place material in infringement of copyright on the Internet
which would offend applicable laws relating to possession of infringing
copies or unauthorised transmission of copyright material".
Clause 10.5 (b):
"A Code Subscriber Content Provider
shall have complied with 10.5(a) if, on written requirement of a Relevant
Authority to remove the copyright material, it does so."
Clause 12:
(delete 12.1 (b)) ISPs are not content
providers. Users are not IIA members.
(delete 12.2) ACIF has no such Code.
amend 12.3 "A Code Subscriber ISP
will agree with each user prior to engagement..."
amend 12.3(d) an Acknowledgment
that the Code Subscriber ISP must comply with this Code.
If a user is a Content Provider, that user should be in a position to obtain Code Compliance direct. ISPs should not entertain any notion that they may be responsible for user conduct by failure to obtain a signature.
insert new Clause 12.3 (g)
"any limitations on the connectivity
to the Internet or Internet services provided by the Code Subscriber".
ISPs should be required to provide
full details in their user contracts about any content filtering mechanisms
they deploy, and any technical limitations such as traffic shaping or download
limits.
Clause 13:
(delete in total)
There is no benefit for the Internet
Industry or Internet Users in attempting to censor through labelling or
rating systems. Software filters are token efforts, and mislead consumers
into the belief that the Internet can be sanitised.
There is no reasonable likelihood that labelling of content using PICS facilitated or similar protocols will become mandatory for content providers worldwide - especially as the United States may find this to be an unconstitutional violation of free speech.
As such, clause 13 is to the detriment
of the Australian Internet Industry as it will make Australian businesses
uncompetitive, is contrary to user interests as censorious and misleads
the public into a belief that the Internet generally adopts such labelling.
Clause 15.1 amend to :
"The Administrative Council shall
be made up of 5 members as follows:
(a) an independent chairperson elected
by Code Subscribers annually.
(b) two representatives from the
Internet Industry elected by Code Subscribers annually.
(c) a user representative nominated
by the Australian Consumers Association.
(d) a legal expert nominated by
the Board of the IIA.
Clause 15.2
(amend terms of office as per 15.1)
Clause 15.4(b)
add "users" to dotpoint four.
Clause 15.6(a)
add "users and the general public"
Clause 15.6(c):
"... to each Code Subscriber and
advertise the proposed amendment publicly."
Clause 15.6(e):
"...from Code Subscribers, users
and the general public."
Clause 15.6(h)
"...to each Code Subscriber and
to the general public."
Clause 15.11:
(delete) The clause is contrary
to justice.
Clause 16.2 (a):
"direct the user to the IIA to determine
whether the complaint can be resolved online or by telephone, post or facsimile
by the IIA, and"
Clause 16.3(d):
"unless the parties agree otherwise,
the mediator shall first attempt to resolve the complaint online or by
use of telephone or facsimile. Should this fail, the mediator shall set
a time and a place reasonably convenient to both parties to conduct a mediation."
Clause 16.3(e):
"unless specifically ordered to
the contrary, the reasonable costs of the mediator will be borne equally
by the parties to the dispute and each party shall bear its own costs,
including legal costs."
Clause 17.1:
(query why definition clause 4 specifies
"approval of Administrative Council" as well. Which is it?)
(see remarks re clauses 1 and 5.
Clause 17.4
(rework whole process. Suggest that
on the receipt of a complaint, the Code Subscriber be required to respond
in a reasonable time to a query from the Chairperson, failing which the
matter goes to the Administrative Council for order to comply with a specified
Notice.)
CONCLUSION
Unless the Code abandons content regulation as an aim, it represents a serious threat to free speech and consumer choice. EFA regards the dangers of private censorship as more of a proximate threat to Internet freedom of expression than the potential for muddle-headed legislation. Accordingly, EFA will be demonstrating the absurdities of reliance upon software filters and campaigning against the use of rating systems as priorities for this year.
EFA believes that it can be demonstrated that software filters are ineffective by any criterion, and will be urging user boycotts of ISPs that censor content. ISPs that censor content are arguably in breach of contract, notwithstanding disclaimers, and EFA will encourage users to exercise their rights of freedom of expression within the law.
Specialist ISPs may choose to offer
filtered access to content, but such specialised obligations
which they may choose to undertake
should not be imposed on all ISPs. In general, a filtered access to content
is not desired by users. More importantly, no ISP can guarantee to filter
all controversial material from a filtered-access account.
It is a matter for IIA as to whether they wish widespread Industry adoption of the Code or not. Other organisations , such as WAIA , SAIA and SPAN already claim coverage of the Industry and have established office-bearers and policies. Organisations such as ISOC-AU and ACS have arguable roles in drafting Industry codes and may not require costly membership fees and such inflexible adminstrative procedures. At very least they will not have a government appointee as the Chair.
EFA calls upon IIA to redraft the Code in terms of the real role of ISPs - to provide connectivity and services to users. The censorship role for ISPs envisaged by some is unachievable and contrary to civil rights - and IIA adopts the role of censor at the risk of its Industry credibility.
Chairperson, EFA
22nd March 1998