ORG Response to BEREC consultation on European net neutrality guidelines

ORG responded to the consultation on Draft BEREC Guidelines on implementation by National Regulators of European net neutrality rules. Below we reproduce our response.

Open Rights Group response to public consultation on draft BEREC guidelines on implementation of net neutrality rules

Who are we?

Open Rights Group (ORG) is the United Kingdom’s only digital campaigning organisation, working to protect the rights to privacy and free speech online. With 3,200 active supporters, we are a grassroots organisation with local groups across the UK. We believe people have the right to control their technology, and oppose the use of technology to control people.

European Digital Rights’ response to this consultation

We endorse the response to this consultation made by European Digital Rights (EDRi) – an organisation of which Open Rights Group is a member. EDRi’s response is an excellent, well-considered contribution which has our support. We support BEREC’s effort at producing a broadly balanced set of guidelines that can be further improved with the amendments proposed by EDRi and ORG.

Open Rights Group’s response

We intend to highlight two issues regarding net neutrality which are particularly pertinent to the United Kingdom: a) the Internet Watch Foundation’s blocklists of child sexual abuse content and criminally obscene adult content, and b) the Internet filters used by UK Internet Service Providers intended to prevent children and young people from seeing content that is supposed to be for people over 18.

We focus on paragraphs 73-78 of the draft BEREC guidelines which deal with Article 3(3) third subparagraph of the Regulation. We believe that these paragraphs in the BEREC guidelines should be amended to ensure that they deliver clarity on the status of the Internet Watch Foundation and Internet filters. More specifically, the guidelines should clarify thatArticle 3(3) letter (a) means that the IWF and Internet filters need to be specifically allowed for in European Union or national legislation, and that such legislation should comply with the requirements of the Charter of Fundamental Rights.

Relevant sections of the Regulation and draft Guidelines

We will mainly be dealing with Article 3(3) third subparagraph of the Regulation in this consultation response. For ease of reference we have provided that section of the Regulation and the relevant draft BEREC guidance below.

Article 3(3) third subparagraph of the Regulation states that:

“Providers of internet access services…shall not block, slow down, alter, restrict, interfere with, degrade or discriminate between specific content, applications or services, or specific categories thereof, except as necessary, and only for as long as necessary, in order to:

(a) comply with Union legislative acts, or national legislation that complies with Union law, to which the provider of internet access services is subject, or with measures that comply with Union law giving effect to such Union legislative acts or national legislation, including with orders by courts or public authorities vested with relevant powers;

(b) preserve the integrity and security of the network, of services provided via that network, and of the terminal equipment of end-users;

(c) prevent impending network congestion and mitigate the effects of exceptional or temporary network congestion, provided that equivalent categories of traffic are treated equally.”

Paragraph 74 of the draft BEREC guidelines states:

“In order to safeguard the open Internet, Article 3(3) third subparagraph describes traffic management practices that are prohibited, unless under specific exception. These are practices that, inter alia, are banned in that regard, and can be described by these seven basic principles which should be used by NRAs when assessing ISPs’ practices:

  • no blocking,
  • no slowing down,
  • no alteration,
  • no restriction,
  • no interference with,
  • no degradation and
  • no discrimination

between specific content, applications or services, or specific categories thereof. This is a non-exhaustive list of traffic management measures that are prohibited, and any other measure going beyond reasonable traffic management is also prohibited. Practices not complying with the seven basic principles, or that otherwise go beyond reasonable traffic management, may be used by ISPs only based on the three specific exceptions elaborated below under Article 3(3) letters (a), (b) and (c).”

Internet Watch Foundation

The Internet Watch Foundation (IWF) is a UK-based charity whose remit is to minimise the availability of online sexual abuse content specifically “child sexual abuse content hosted anywhere in the world”, “criminally obscene adult, including extreme pornography, content hosted in the UK”, and “non-photographic child sexual abuse images hosted in the UK”. [1]

The IWF creates a list of web pages which contain content meeting this definition. Internet Service Providers and Mobile Operators voluntarily commit to block access to web pages on that list. [2] We respect that blocking access to child abuse images can serve a legitimate aim so long as it does not serve as a means to deprioritise the actual detection and prevention of the criminal production and distribution of these images. However, the IWF’s system is problematic in a number of respects.

Statutory Status

The IWF is an independent, self-regulatory organisation that is a company limited by guarantee and a registered charity. [3] It relies on a non-legislative Memorandum of Understanding between the UK’s Crown Prosecution Service and the Association of Chief Police Officers for its status as a relevant authority for its work. [4] The IWF also has a code of conduct which outlines the procedure for IWF members who host content in the UK to be given notice of and take down content that the IWF believes “would be capable of sustaining a criminal prosecution if it were to be put before a jury.” [5]

The IWF’s status does not rely on European Union legislation or the UK’s national legislation. We understand that the UK Government has no intention of placing the IWF on a statutory footing.

Accountability and accuracy

Webpages are sometimes mistakenly placed on the IWF’s blocklist. Problems can arise from both errors in the list, and the systems deployed to block material. When such mistakes are made, it can be hard to understand how to rectify these mistakes, both as an end user, and as a website owner subject to blocking.[6] There is often confusion about whether ISPs or the IWF are responsible for problems.

The IWF and the new Regulation

The BEREC guidelines should clarify the position of the IWF with regards to the net neutrality regulations.

The IWF’s system appears to restrict, block, and interfere with specific categories of content in a way dealt with by Article 3(3) third subparagraph of the Regulation. It is our view that the BEREC guidelines should make clear that the IWF should be placed on a statutory footing and that the relevant legislation should a) comply with the requirements of the Charter of Fundamental Rights, and b) be appropriate, proportionate, necessary, subject to safeguards, and provide for effective judicial protection and due process.

Web filtering in the UK

In 2013, the UK’s four largest Broadband ISPs agreed with the Government to voluntarily introduce network level adult content filtering. Parental controls filtering in the UK was initially promoted as an “active choice” where – first new and then existing – users would be confronted with a decision before blocking took place. This has changed, and the latest iterations of filters by some ISPs are being implemented by default, with users having to explicitly ask for the restrictions to be removed[7]. Most UK Mobile Operators had already implemented network level content filtering by default.

Web filtering and the new Regulation

These network level filters appear to restrict, block, and interfere with specific categories of content in a way dealt with by Article 3(3) third subparagraph of the Regulation.

Network level parental controls implemented by ISPs were explicitly allowed by Ofcom’s Code on the Open Internet, as a reasonable traffic management practice. However, there is broad agreement that network level filtering is not compatible with the new Regulation.[8] At the very least, these kinds of restrictions would need to be legislated on by the UK as made clear by Article 3(3) of the Regulation as discussed above.

ORG has been told by Ofcom officials that the UK Government plans to introduce such legislation, in the form of Statutory Instruments which are secondary legislation, in Autumn 2016.

Recommended changes to the BEREC Guidelines

We are of the view that the BEREC guidelines should make clear that, if they are to continue under the new Regulation, initiatives such as the IWF, and any network level web filtering programmes by ISPs have to be provided for in European Union or national legislation.

Furthermore, it should also be made clear in the guidelines that any such legislation must also be: “appropriate, proportionate and necessary within a democratic society” and “subject to adequate procedural safeguards in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms, including its provisions on effective judicial protection and due process” to quote Recital 13 of the Regulation.

We are concerned that Member States governments may simply mandate restrictions on access to content, applications or services in order to bypass the clear and unambiguous right of end-users to access and distribute (lawful) information and content established in the Regulation.

We believe the guidelines should help clarify those aspects. Among other aspects, any such restrictions should be:

  • Specific. The current parental controls filtering in the UK applies to categories of websites without a clear definition. A rights compliant mandated restriction needs to be specific as to what websites it applies rather than vague categories.
  • Transparent to website owners. The lists of mandated lawful websites under parental control restrictions needs to be publicly available so website producers can see if they are being blocked, and appeal if they disagree. This is not possible at present.
  • Transparent to end-users. End-users should be able to see who imposed a website block, how the block may be removed if it is incorrect, and the legal basis for the block. We propose that the guidelines recommend the use of the standard error code 451 when people visit websites blocked for legal reasons.[9]
  • Predictable. Due to the above factors, it is impossible to predict whether a website will be blocked by a particular UK ISP, and our own research[10] points at huge discrepancies, as each ISP has its own criteria.

Another aspect that the guidelines should help clarify is how to establish user choice. While the establishment of network level parental controls in itself can be mandated by law, the specific process for their operation should also be in line with the spirit of the Regulation. It seems that default filtering would go against the principle of choice that permeates the Regulation.

We can foresee that similar situations will arise elsewhere and it would be useful for the BEREC guidelines to contain some pointers for NRAs having to handle conflicts around what constitutes appropriate end-user choice.

[1]Internet Watch Foundation – About Us

[2]Internet Watch Foundation –  IWF URL List Recipients

[3] Internet Watch Foundation – Charity Information and Donations

[4] Internet Watch Foundation – Internet Watch Foundation Status

[5] Internet Watch Foundation – Code of Practice

[6] BBC News –  Wikipedia child image censored

[7] See for example  “If you’ve recently joined us, your Sky Broadband Shield will be on by default, and set to age rating 13 with Watershed applied.”  

[8] Wissenschaftliches Institut für Infrastruktur und Kommunikationsdienste – Review of the Open Internet Codes

[9] 451 Unavailable

[10] Open Rights Group – Full results per ISP and filter settings