Parliament and the Internet: ISPs in the content driven era

So I’m here at the Parliament and the Internet Conference, which is being held at Portcullis House and which has been put together by the All Party Parliamentary Internet Group (APIG). There are some 200 delegates here, and the day looks like a very intensive examination of a whole number of issues around the internet. The first session is about ISPs’ ‘mere conduit’ status as set out in the EU ECommerce Directive and affected by the Terrorism Act, and what their role and responsibilities should be in what they are calling a ‘content driven era’. Note: There are many speakers and I have not indicated who said what as it’s just a bit too difficult to keep track. ‘Mere conduit’ status means that ISPs are not responsible for the traffic going over their network when they are not aware of the content. Copyright material, for example – if an ISP is hosting infringing material then they can be put on notice and must remove that material. The ECommerce Directive doesn’t go into what the methodology for notice and take down should be. Another example is P2P. ISPs act as intermediaries between user and content, they don’t host it. They are ‘mere conduit’s. Arguments: rights holders need to be able to pursue infringement, and as the ISP ‘has the power’ to pull the plug on hosting and traffic, then they should do more. We’ve seen lawsuits against P2P infringers, and different ISPs react differently to notices. Issues around how copyright is affected on the internet. Broadband take-up is being driven by illegal downloading of movies and music etc., and the content industry is pushing for action on this. But issues around losing ‘mere conduit’ status, it could be damaging as people will route round the problem as if ISPs start blocking content then there will be other ways round it. Without ‘mere conduit’, ISPs face legal action over traffic that’s outside of their control. Could drive ISPs out of business or drive customers out of the EU to ISPs based elsewhere. The issue of justifying the status: it’s great for ISPs to have mere conduit, but why should society grant that status. Key reason is the innovation argument. ‘Mere conduit’ says that ISPs are not liable for traffic that goes over their network. If ISP did have liability, they would have to ensure they were protected through some means? How would ISPs implement that? They would have to make judgements about whether traffic is good or bad (or unknown). Unknown traffic is all the innovation, all the stuff the ISP hasn’t seen yet, some guy’s knew project, that would be seen as ‘bad’ because you can’t judge what it is. The protocols that make up the traffic were created after the basic internet protocol, in 1980. Email was then invented… then the web, IM, voip… lots of new things that have been invented which could never have been predicted. Do we want to freeze innovation where we are now, and say ‘everything that can be invented has been invented’ and stop development. Or do we want to support innovation? The original rationale for mere conduit was linked to the notion of the internet as a common carrier. The idea of a platform lie the Post Office who create an opportunity for any-to-any communication. Once you start interfering with the mere conduit principle, you end up on a slippery slope that moves towards a walled garden approach where any-to-any doesn’t exist and you undermine the whole social and economic value of the platform. A bit more about complaints. The originators of the complaints only have the internet address of where the content is, and only the ISP can match that address to a physical name and address. There is a data protection issue here too – ISPs will not give out that name and address without a court order. They have a duty to protect their customer’s data. At an EC level it’s difficult – attitudes are different from country to country. The challenge is obvious, it’s the balance between this concept of mere conduit, which in a way is intuitive, with the genuine concern of IP rights holders. Or if we look at security matters, and want to make the internet safer, what responsibility shoudl ISPs have? That balance is key for policy makers. Internet is still new, so we shouldn’t jump to conclusions. It’s still developing rapidly. DTI might say that we should try and find solutions that all parties agree with. [But this speaker, Jean-Jacque Sahel from the DTI ignores the public and rules out ‘those people who infringe copyright’.] I brought up the issue that the public/consumers aren’t being involved in this conversation. Mr Sahel challenged me to say ‘should the infringers be part of the conversation’ to which I would argue, yes, absolutely. If you don’t know why they infringe, how can you tell if you are moving towards the right policy? The aim, after all, is to bring everyone into the fold, and ignoring those who infringe does nothing to help create a climate in which it becomes easy for them to change their behaviours to more law abiding ones. Also need more of a dialogue between the public and ISPs about what the public expects. In many ways, we have to ask what the ISPs should be doing, and what should be done. It’s more ‘something should be done’, and we have to ask who should do it? Society at large should also be involved. Businesses, in a matter of self-interest will find ways around problems, but with the TV Without Frontiers Directive, it will undermine their ability to do that. Better to have a self-regulatory regime that allows companies to publicise their conformity with a set of objective standards than to have a set of legal rules that apply in principle to all providers but can’t be effectively enforced. The advantage of a self-regulatory regime is that it would allow consumers to make informed choices. More than price and business model. The Adelphi Charter makes the point that extending IP law does no one any favours. But is data protection a bigger problem than extension of IP law? Yes, Data Protection Act is currently more important to ISPs than the ECommerce Directive. Public has an expectation that ISPs will take action about security, abuse, spam, etc. One of the problems of this IP debate is that it detracts us from working on more important issues that feel into this debate, such as detecting zombie computers. Is attempting to locate zombies going beyond the mere conduit? These are things we want to do but fear opening the floodgates. The Government expects ISPs more and more to do things that are not in ‘mere conduit’ status. With abuse, customers are increasingly expecting ISPs to be involved in their own computer security which requires inspecting traffic. Just looking at copyright root is restricting us from looking at other issues and their implications. Need to do a better job of telling people about the good work ISPs are doing, but in some areas if we are not doing good work politicians will want to act. We can achieve more without punitive regulation. Self-regulation is important, and child-saftey is at the top of that. We have a good story to tell about that and we should. Need to ensure that people understand parent control and how to use it. It’s a challenge we have to rise to, and we need to talk about it more so that we can avoid regulation first. Have to think about how we present our position to politician. Unfortunate that we aren’t talking more about content. ISPs use mere conduit to hide behind for illegal content, whether it’s pornography or infringed copyright. Illegal content does us no good. I was hoping we’d have a discussion about what ISPs could to to help. In response, have to review the point about business models. There’s limits to what you can achieve with legal action. Just to be a bit controversial, I remember a discussion with music industry representatives and I was told ‘there guys are breaking the letter of the law and destroying your business, why don’t you sue their arses off?’, but no business model has a divine right to exist forever. The reflex is always to try to use the law rather than develop new business models that work with the grain of reality, and that’s a problem. There is perplexity in the current policy debate, between ISPs status of mere conduit and their ability to actually manage traffic. Some would argue their ability to manage traffic should be constrained by some sort of net neutrality legislation. In the US at least, it is the ISPs who say they need to be able to actively manage traffic, and the activists say that’s inappropriate. So is there a tension between ISPs saying they need to give priority to some traffic and not others, but at the same time saying they are mere conduits. Rights holders say ISPs have the technical ability to pick out, say, P2P traffic and x% is infringing so why not block it. But if that was a bill in front of Parliament there’d be a vigourous debate. Copyright is important, but at the same time blocking of innovation or outlawing of technologies which have uses which are illegal – P2P is not *inherently* illegal. So which considerations outweight the others? But it’s not for BT or other IPSs to unilaterally block P2P traffic. The damage to us would be huge, it’s nothing to do with the money we make out of P2P traffic – we actually don’t make any money out of it. That’s a claim that’s made, that we have a duty to do something because we make money. But the minority heavy users cost us money, they don’t make us money. Also, you can’t directly import the discussion from the US to the UK of net neutrality. It arose in the US out of the specifics of the marketplace. That gave rise to specific legislative proposals which caused concern, so I don’t think there’s a direct comparison. No conflict between differential pricing, say, and mere conduit. So long as you have a possibility for any-to-any communication then there’s compromise of mere conduit status. Murmurs around the table afterwards were that the discussion had been oversimplified. It’s not just about rights holders and ISPs. It’s important to remember, after all, that law is here to protect the public good, not to protect business models, and this discussion appears to be mainly between those parties with the biggest sticks.