As online freedom comes under attack from big business and governments alike, Jennifer Granick assesses the legal landscape
The decentralised, ungovernable nature of the early internet was an intentional design feature and not a bug. As a result, today’s internet is an open network, where unprecedented creative and economic innovation, art, commentary and citizen journalism flourish.
But child pornography, hate speech and copyright infringement have also thrived, leading to mounting pressures to bring online activity under government control. As nations push for these changes, global interconnectivity and freedom of expression are at risk.
As long as computers speak the TCP/IP protocol, or ‘language’, they can exchange information without centralised controls, standardised operating systems or consideration of geographic location. Users do not need to register or identify themselves. These networks are both simple and robust, and there is no single point of failure.
The laissez-faire design principles of the network are reinforced by the legal regime of its birthplace, the United States. The US allows private, unregulated businesses to connect to and innovate on the network without government permission. The First Amendment guarantees that the vast majority of online communications will not result in governmental sanction. Section 230 of the Communications Decency Act of 1996 (CDA), which states that online platforms should not be treated as if they are the speaker or publisher of user-generated content, ensures that online companies are not required to review user posts in advance to avoid liability, a precaution that would be impossible anyway, considering 72 hours of video are uploaded to platforms like YouTube every minute.
While the founding fathers of the internet weren’t envisioning Facebook or YouTube, the TCP/IP protocol made these innovations possible. Photos of cats, indie music and films from around the world can all be found online, along with fraudsters, Nazi propaganda and videos about how to be anorexic.
Activist and co-founder of the Electronic Frontier Foundation John Gilmore said in 1993: ‘The net interprets censorship as damage and routes around it.’ But in the face of the darker uses of the network, Gilmore’s celebration has become a rallying cry for regulation. Apprehending individuals who behave illegally online can be difficult.
An individual posting illegal content might be pseudonymous and their identity not readily ascertained. Or the user might be based outside the jurisdiction where legal proceedings have been initiated. If one service provider blocks access to content or removes a video or song, another user, or users, will almost certainly repost the material, giving it far more attention than it originally received and far wider distribution.
This phenomenon is so common it has been given a name, the Streisand Effect, based on Barbra Streisand’s extensive but ineffectual legal attempts to stop online publication of photographs of her Malibu, California beach house.
Nevertheless, despite the assertion that technology has outpaced the ability of the law to regulate it, as a result of technological, economic and political changes, online speech on today’s internet is no longer beyond governmental control.
The vast majority of activity is not anonymous – it’s branded with a unique identifier that links details to a particular network account. Internet Service Providers (ISPs) collect and store which IP address information was assigned to what subscriber for billing and operational purposes. Moreover, online businesses increasingly collect IP address information to identify repeat customers, tailor services and target advertising.
These services associate IP address data with other information that can be used to profile, track, physically locate or otherwise identify a user. Governments and civil litigants are learning how to use this information to identify individuals. The old joke was that on the internet, no one knew you were a dog.
Today, everyone knows your breed and what kind of kibble you buy. Not long after the implementation of TCP/IP protocol, its creators decided that easy-to-remember domain names like stanford.edu or facebook. com were better monikers for networked sites than the original IP addresses, which consisted of a long string of numbers.
They set up the domain name system (DNS), a system of databases that translates unique identities into machine-readable addresses. Without accurate and cooperative DNS servers, users cannot find and connect to pages. DNS has become a powerful tool for governments to control the internet.
DNS redirection or filtering, called DNS poisoning, is increasingly common. The Chinese government uses this technique extensively. When a user attempts to connect to sites the government does not want them to access, he or she is simply redirected elsewhere. Domain names themselves are targets for government control.
In 2011, the United States Immigration and Customs Enforcement (ICE) agency automatically shut down over 700 websites for alleged copyright infringement, including the sports streaming sites rojadirecta.com and rojadirecta.org and music site http://dajaz1.com. In many cases, ICE was able to seize these domain names without an adversarial hearing, meaning that website owners were not able to defend their practices in court.
The secrecy of the proceedings was another huge challenge. For both rojadirecta and dajaz1, the government eventually gave the names back, without providing probable cause for the seizure. But the harm was done. In a fast moving economic environment, a business that loses its domain name for even a few months is basically dead.
Governments have also found ways to control online expression by controlling the services people use to connect to the network: electricity providers, ISPs, broadband and cellular providers. Companies that lay power lines or fibre optic wires to users’ homes or operate cellular networks to which internet-enabled devices connect are usually highly regulated and have a cosy relationship with the government. In some countries, these services cannot operate without government approval.
During the 2011 Arab Spring protests, some reports say that the Egyptian governmentsimply shut off power at an important internet exchange point where ISP lines connected to the network outside the country. The government contacted those ISPs that were not directly affected by this move and instructed them to discontinue services or risk losing their communications licences.
Similarly, Syria has only one domestic internet provider and it is owned by the government. So Syrian authorities have a direct avenue for monitoring, filtering and blocking traffic. Authorities in that country have also disconnected the mobile 3G network to prevent access through the phone network; they have been known to disconnect the electricity supply to control citizens during clashes between the military and protesters or rebel forces.
Unable to use normal means of communication, activists have no choice but to give news and footage to those who know how to circumvent bans so that the information gets out to the world. These kinds of wholesale shutdowns obviously produce a lot of collateral damage for ‘innocent’ users of electricity and communications services.
There is a public cost to this kind of obvious, direct censorship. In the case of Tunisia, the tactics were less obvious. There were reports that the government manipulated Facebook login pages to obtain activists’ passwords and delete their accounts, along with pages organising protests. During Iran’s 2009 Green Revolution, the government prevented citizens from accessing popular dissident websites and used DNS blocking to redirect activists attempting to organise protests via Facebook or Twitter. Since much of the data transmitted over the Iranian (and global) network is unencrypted, the Iranian government has an easy time spying on its citizens.
Communications platforms like Gmail, Twitter, Facebook and YouTube are ripe targets for censorship. In September, Google refused to delete the YouTube-hosted video The Innocence of Muslims, which depicted the Prophet Mohammed and insulted many around the world. The video has been widely regarded to be connected to attacks on the US consulate in Libya, in which the US ambassador and three other State Department employees were killed. As word of the video spread, there were violent protests around the world and governments faced demands to remove the video from the internet.
As a result of the protests, Google initially blocked access to the video in Libya and Egypt by blocking IP addresses associated with those countries’ ISPs so that they could not connect to the YouTube server. It also blocked access in India and Indonesia and, in response to government requests, in Saudi Arabia and Malaysia. Google also blocked the video using geographical filtering. Eventually, it restored access in Libya and Egypt. The video continues to be accessible to the rest of the world and people in blocked countries may view the clip by routing requests through non-local IP addresses.
It’s not surprising that the video remains online – the First Amendment and a decentralised network guaranteed that. What’s surprising is that Google actually blocked the video. The company has such considerable international business interests that following local law in the jurisdictions concerned was in its best interests.
A purely US-based company or an online speech platform with no business interests might have chosen to do nothing. But these days it’s rare for an internet platform to ignore international demands for censorship or for user data. Companies have a potentially international user base and in order for them to exploit it, they increasingly give foreign government demands substantial weight, and not only when they have staff or assets on the ground.
When intermediaries like ISPs fail to comply, this doesn’t stop national censorship. Thailand has blocked the entire YouTube site for hosting videos that mock the Thai king. Turkey has blocked access to webpages about evolution. A decade ago, France successfully stopped Yahoo!’s local subsidiary from hosting auctions for Nazi memorabilia and fined its US division for failure to block French users. Today copyright holders are pressuring European ISPs to block The Pirate Bay, a website dedicated to the sharing of copyrighted materials.
Network problems like unwanted spam and malware have encouraged providers to develop tools that can analyse and disrupt traffic. The economic consolidation of network providers and entertainment companies has encouraged conglomerates to look at favouring and disfavouring – essentially blocking – certain content or applications on their networks. Some countries are now asking these providers to block access to certain content, or to collect transactional data about users’ internet access for subsequent monitoring and potential prosecution.
In 2009, a German man convicted of murder sued Wikipedia and various news outlets for posting information about his crime, asserting his ‘right to be forgotten’, which is recognised in Germany. Wikipedia’s German language service removed the entry, but the English language version has so far refused.
In 2010, Italy criminally convicted three Google executives in response to a YouTube video depicting a disabled child being bullied. Though the content was removed within hours of the company receiving notification, the court faulted it for not screening the video prior to posting. And a court in Brazil ordered the arrest of Brazil Google’s senior executive for failing to remove a video critiquing a mayoral candidate, which violates local election laws.
Also in 2010, various US businesses and government agencies took steps to block the WikiLeaks website after it published a classified cache of leaked diplomatic cables. Private companies, including Amazon and PayPal, stopped doing business with WikiLeaks on the grounds that it violated their terms of service, although, according to reports, the US State Department encouraged the decision. Copyright is a particularly salient cause for censorship in the West.
In one you-can’t-believe-it’s-true example from earlier this year, Amazon remotely deleted copies of George Orwell’s 1984 and Animal Farm from Kindle devices because the books had been added to the Kindle store by a company that did not have the rights to distribute them. No censor could ever hope to seize and burn every paper copy of Fahrenheit 451, and yet digital books can easily be disappeared.
Today, our global network is evolving into a parochial one. China already has its own surveilled and monitored internet. Iran is in the process of creating its own domestic network and has started blocking American companies like Google from providing online services to its citizens. As companies block or are blocked in compliance with international assertions of sovereignty from countries around the world, we are in danger of fragmenting the network along national borders.
International efforts to regulate the network are even more frightening. Taking place behind closed doors, the International Telecommunications Union (ITU), a United Nations organisation representing 193 countries, is reviewing international agreements governing telecommunications with a view to expanding its regulatory authority over the internet.
During the meeting, many countries hope to seize power over internet policy, taking it out of the hands of the US. Authoritarian and democratic countries would have equal say. Of those 193 countries, 40 of them currently block or otherwise censor the internet. Voices around the world, including the US Congress and Vint Cerf, one of the creators of TCP/IP, have called for the ITU to keep its hands off the internet.
Under the ITU, the internet would be pushed towards the lowest common denominator, with the potential for rampant civil rights abuses, widespread surveillance and fragmentation of creative and political freedoms. Most experts believe that the days are long gone when internet companies could simply follow US law alone.
Some international legal regulation of the internet is inevitable. Still, it’s important for any changes to be made slowly and incrementally, and to be aware that any major changes applied to internet technology or its network might be hard to reverse. Nations must understand the risk of fragmentation and companies must resolve to restrain sovereign demands.
Multi-stakeholder agreements on how to manage cross-border problems, even without the force of law, may alleviate the urgency of addressing some online crimes. Choices made by communications intermediaries, rather than just governments, will continue to have a disproportionate effect on individual freedoms, so we must be very careful about imposing liability on those platforms for their users’ conduct.
Policy should encourage provider diversity and network neutrality, or else deviation from the internet’s original design as a global, open network will threaten economic growth, creativity and political activism. None of these precautions will be taken, however, until we accept the fact that the law is, indeed, catching up with the internet.