Playing Politics with Section 230 Makes the Internet Weaker, Not Stronger

This opinion piece was originally published in The Hill.

Thursday the president of the United States signed an executive order that aims to address the liability regime of social media companies. A wide variety of reports have highlighted the problems with this move, but there is one problem that we find especially troubling: the danger of politicizing what is fundamentally a legal debate around party lines.

The president needs to stay out of this debate.

The Internet and politics have always had an awkward relationship. There have been numerous attempts to bring the Internet into mainstream politics over the years, most of which have been unsuccessful. The main reason is that the Internet is not a static “thing,” but a model for how networks and computers can interconnect through voluntary collaboration. A key characteristic of this model is that it’s decentralized, which means it doesn’t have a central point of control that dictates how the Internet should evolve. There is no switch that one can turn on and off, and as soon as policymakers or regulators try to impose one they inevitably chip away at the Internet itself. This characteristic has always been its most powerful asset, and the reason it Continue reading

There’s No Duty of Care without Strong Encryption

On 15 May, the Telegraph reported that The Five Eyes intelligence alliance planned to meet to explore legal options to block plans to implement end-to-end encryption on Facebook Messenger. According to the UK-based newspaper, the discussions between the governments of the United States, the United Kingdom, Australia, Canada, and New Zealand would focus on how the “duty of care,” a basic concept found in tort law, could be stretched to force online platforms to remove or refrain from implementing end-to-end encryption. (A duty of care is the legal responsibility of a person or organization to avoid any behaviors or omissions that could reasonably be foreseen to cause harm to others.)

If this is true, this is an attempt to justify their calls for encryption backdoors.

It’s easy to predict what such a strategy might look like – the playbook is familiar. In this case, if duty of care becomes the rationale for banning end-to-end encryption, it could be used as a framework to ban future deployments. Additionally, similar to other legislation, including the Online Harms, there will be an argument that social media companies have a special duty of care to protect vulnerable groups. This is nothing more Continue reading

Intermediary Liability: The Hidden Gem

There is a law in the United States that consists of twenty-six words: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Otherwise known as Section 230 of the Communications Decency Act (CDA), it has been characterized as the law that “created the Internet.”

Only part of this statement is true. Section 230 did not actually create the Internet because the Internet was created through the collaboration of a diverse set of people around the world. What is true, however, is that the intermediary liability regime has undergirded the Internet as we know it. It has been responsible for three primary features of the Internet:

• It has created certainty and predictability: intermediary liability rules have allowed Internet providers (both infrastructure and content) to design compliance strategies based on a limited set of laws and their Terms of Service (ToS). Because of intermediary liability, companies can design businesses that suit their needs.
• It has created good Internet citizens: intermediary liability rules have ensured that the burden of determining whether a business is going to speak in a particular way is Continue reading

Splintering the Internet: The Unintended Consequence of Regulation

In early 2000, two Paris-based, anti-racism groups sued Yahoo on the basis that its auction’s site was exposing French people to more than 1,000 objects of Nazi memorabilia. In May of that year, a French court confirmed the illegal nature of the sale under French law, claiming that the company had offended France’s “collective memory.” More importantly, the judge also ordered Yahoo to identify ways to block French users from its Nazi auction site or other Yahoo sites with content deemed to be racist.

The case attracted significant attention, due to the legal precedent it could set on the right of one country to reach across borders and impose its own laws on online material stored in other countries. At the time, Yahoo’s lawyer expressed his hope that “other countries [wouldn’t] take the same route.”

Fast forward 18 years and today’s Internet is going through an intense phase of regulation with similar effects to those of the Yahoo case. Almost every country in the world is currently in the business of “regulating the Internet.” A clarification is important at this stage. “Internet regulation” is a somewhat loaded and misguided phrase. In reality, what most state actors seek Continue reading

GDPR: Going Beyond Borders

Today, the EU General Data Protection Regulation – or GDPR – comes into effect amid a great deal of anticipation and build-up. For the past few years, companies and policy makers around the world have been preparing for this legislation to come into force. It introduces higher and stricter privacy requirements and heavy fines for noncompliance. The interesting, yet challenging, part of the GDPR is that it applies to all organizations processing the personal data of subjects within the European Union, regardless of their location.

In this sense, the GDPR is an ambitious effort that seeks to fill a gap in the field of Internet privacy. Implementation by organizations around the world has not been easy as the statute is complex and, in many ways, difficult to enforce. This has been particularly so for small and medium enterprises (SMEs) and startups as the costs of ensuring compliance are considerable.

At the Internet Society, we are pleased to see privacy becoming a priority, not just a “nice to have.” As an organization with a global community, operating all over the world, we are among those who have been preparing for the GDPR. Doing privacy well is not easy, but it’s Continue reading