ENDitorial: Keeping the "self" in self-regulation

By EDRi · December 2, 2009

This article is also available in:
Deutsch: [ENDitorial: Das „Selbst“ in Selbstregulierung wahren| http://www.unwatched.org/node/1616]

Businesses, particularly in the Internet environment, fear (and often have
good reason to fear) government regulation. Traditionally, therefore,
Internet Service Providers have pushed for “self-regulatory” solutions to
issues surrounding the management and operation of their own networks – as
in the case of spam, for example. Self-regulation often seems to be, and
often is, the most effective solution.

There is, however, a growing and insidious trend in self-regulation, where
increasing pressure is being put on Internet access and service providers to
treat their own customers as potential criminals and to take on, usually
unwillingly, policing roles. It is clear that this development has serious
risks both to online freedoms and to the democratic controls that citizens
would normally be able to rely on to protect them.

Already, with the notable exception of Germany, when ISPs were asked (often
under the threat of being portrayed as supporters of child abuse) to
introduce “self-regulatory” web blocking, they felt obliged to do so. This
activity clearly has little in common with the dictionary definition of
“self-regulation”. In Germany, the public debate that was provoked by the
ISPs’ brave and honourable decision not to cave in to moral blackmail lead
to the country not taking the first crucial first step towards widespread
censorship and an increasingly controlled Internet. Unfortunately, that
democratic decision now risks being overturned by the European Commission’s
populist but profoundly flawed proposal to introduce “blocking” at an EU

Last week, the telecoms package was approved by the European Parliament.
This contains a new right for Member States to require that providers of
e-communications networks and services include obligations in their consumer
contracts regarding “unlawful activities” and undefined (and indefinable)
“harmful content”. Only a few weeks ago, we saw a leaked document related to
ACTA explaining the United States’ view that “ISPs need to put in place
policies to deter unauthorised storage and transmission of IP infringing
content (ex: clauses in customers’ contracts allowing, inter alia, a
graduated response).”

Therefore, on the one hand, we see the telecoms package creating the power
for governments to push private companies into using their contracts to
restrict their consumers’ use of the Internet. This not alone covers
“illegal” activities but also legal activities that government or the ISP or
a third party might find useful to restrict under the vague heading of
the content being “harmful”. This trend is neatly encapsulated in the Dutch
“Notice and Takedown Code of Conduct” which explains that the “parties
involved are also free to decide for themselves which information is
considered as ‘undesirable’, irrespective of the question of it being in
conflict with the law. They can deal with this undesirable information in
the same way as information that is in conflict with the law”. On the other
hand, we see the USA proposing, within the context of ACTA, the introduction
of “graduated response” via consumer contracts and therefore outside the
scope of democratic oversight.

Self-regulatory initiatives are often to promote/protect the interests of
ISPs’ customers, so self-regulation is neither automatically unwelcome nor
negative. However, ISPs and providers of online services are there to do
business, so when the cost of defending their users is higher than the cost
of fighting pressure from third parties, it is hardly surprising when they
take the decision most appropriate to the survival of their business. These
activities are, however, outside their normal business practices and,
therefore, the trend towards defending third parties and restricting users’
rights is also harmful and unwelcome for them. “Self-regulation” risks
becoming a way of tipping the cost/benefit balance definitively in favour of
third parties and against citizens. The research carried out in 2004 by
Dutch NGO Bits of Freedom which assessed the ease with which wholly invalid
“notices” of illegal content could cause websites to be taken offline
eloquently demonstrates what this trend means for free speech and justice on
the Internet.

As a result, we have ISPs being subject to a flurry of invitations to have
discussions with international organisations from the European Commission to
the Council of Europe to the United Nations with regard to “self-regulation”
or “public-private partnership” in the field of intellectual property
rights, terrorism, identity theft and various other forms of online activity
where private companies are asked to duplicate or participate in policing
activities. As long as society continues to be mislead by use of words like
“self-regulation” or “partnership”, the democratic impact and dangers of
this trend will not be understood and freedoms will be undermined.

Bits of Freedom research – The Multatuli Project ISP Notice & take down

Dutch Code of Conduct (in Dutch, 10.2008)

Dutch Notice and Take down Code of Conduct (10.2008)

ACTA leak (30.09.2009)

(contribution by Joe McNamee – EDRi)