Time to get Technical? Revolutionizing the (Deplorable?) System of Internet Governance

This entry to the SCL Student Essay Prize earned Viraj Ananth the runner-up spot. It is a challenging and original take on the set question, which concerned the relative importance of law and ISP action in enforcement on the Internet.

 

Introduction

‘Governments should establish a predictable and simple legal environment based on a decentralized, contractual model of law rather than one based on top-down regulation.’[1]

-Clinton-Gore Administration

Over the last decade, there has been a gradual but ever-present movement from a philosophical grounding of intermediary liability to that of intermediary responsibility, with respect to internet governance and Internet Service Providers (ISPs). This essentially stems from the recent recognition of the unparalleled role an ISP plays in influencing and shaping the internet environment and, consequently, in regulating the behavior of its users within this environment. However, despite the recognition of the exclusive utility that an ISP model of enforcement brings with it, jurisdictions across the globe have remained reluctant to move to such a system. This reluctance is primarily grounded in consumer protection considerations, since such a move would involve entrusting private, profit-driven, self-interested entities with sweeping enforcement powers.

This article argues: first, that the future of internet governance lies in the movement to a system of ISP enforcement action, and secondly, that in order to leverage this importance, we must reconstruct traditional Terms of Service (ToS) as smart contracts. My article then examines the importance of the proposed system through two prominent use cases.

The Case for a Move to an ISP Enforcement System

Let’s begin by contextualizing the current system by which rules are sought to be enforced on internet users. Public law enforcement authorities engage in data collection and surveillance, under the authorization of numerous statutes such as the Malicious Communications Act and the Copyright, Designs and Patents Act, both of 1988.[2] However, despite the existence of numerous statutes regulating the behaviour of internet users, the ground reality is far from satisfactory. Recently, the United Kingdom (UK) Internet Service Providers Association surveyed several major ISPs, 50% of which claimed that their complaints to authorities were occasionally followed up on, while 30% asserted that there was usually no response itself.[3] The results of this survey are indicative of why the global economy continues to lose approximately £266 billion every year through internet crimes.[4]

This failure can be tied to these authorities’ lack of resources, both in terms of knowledge and technical abilities; they lack the concrete ability to directly enforce their rules. ISPs, however, as gatekeepers of the internet, remain in possession of all the information needed to make well-informed decisions.[5] This hapless situation of internet regulation should lead one to question the very appropriateness of statutes and case law to internet enforcement, and weigh the same against the benefits flowing from a system of private contractual relations. Internet regulation requires flexibility and micro-management. It also requires the ability to fine-grain to context and to the specific needs of an online service or technological platform, none of which are achieved through generalized statutes.[6] Moreover, statutes and case law will naturally never be able to fully encapsulate the range of rights and obligations that internet users are entrusted with in the way that contracts can.[7]

This suitability of private contractual regulation must further be viewed in light of how ISPs occupy a unique position in the internet regulatory framework, in terms of enjoying a form of quasi-judicial power.[8] This power flows from their concrete ability to enforce their ToS through technical means, independent of delayed public law enforcement mechanisms. These technical means include internet traffic management techniques and algorithms, which can be used to control data flows and therefore, empower ISPs to control information on the internet.[9]

Issues to be Addressed Prior to Such a Move

Before we make a move to this system of private ISP enforcement, and in order to truly speak of this system being ‘more important’, it is necessary to first address the following issues:

  •        i.          the philosophical grounding for entrusting, or rather, imposing this additional burden on ISPs;
  •      ii.          the position of the consumer in the already prejudiced system, who may be subject to not only unfair and discriminatory terms in the ToS but also to the arbitrary exercise of technical abilities by the ISP.

Entrusting private entities with such sweeping enforcement power (or rather, imposing this additional obligation upon them) is philosophically grounded in the fact that the movement to such a system, simply put, increases compliance with the law. Reiner Kraakman’s gatekeeper theory, which has been significant in influencing early discourse on and shaping initial policies of online intermediaries,[10] provides the necessary justification for the move. According to this theory, if gatekeepers or intermediaries have the ability to successfully reduce infringement, with little room for infringers to circumvent the same then, on utilitarian grounds, the law must choose to conscript such third-parties.[11]

Before we move to such a system, it is important to deconstruct the hierarchical structure within which ISPs interact with their users, and therein re-imagine the relationship between the two parties. It has been found that avoiding liability is a key consideration when ISPs draft their ToS. ISPs often further complicate matters for consumers by distributing rights and obligations across multiple binding documents, which are often further complemented by other informative materials and frequently asked questions.[12] Examples of discrimination are widespread through the ToS of numerous well-established ISPs in the UK. TalkTalk includes a negative opt-out provision, which essentially empowers the ISP to migrate a consumer from one service to another.[13] BT, TalkTalk and GigaClear  have all been found to prescribe the payment of unreasonably high Early Termination Charges.[14] According to the ToS of Virgin Media, if a consumer moves to an unserviceable area, he would have to pay a steep cancellation charge to terminate the contract.[15] A survey conducted by the Center for Technology and Society at FGV Law School and endorsed by the Council of Europe[16] found that, out of 50 key internet platforms studied, 26% lead users to waive their right to initiate class action suits and 34% unilaterally choose the arbiter for the arbitrations that they restrict their consumers to, as the only form of dispute resolution. 13% absolve themselves of the obligation to notify amendments to their ToS to users, irrespective of the significance of the same.[17]

Therefore, at this juncture, what is needed is a complete re-imagination of the relationship between the ISP and the consumer. Over the years, there have been numerous efforts, both legislatively[18] and judicially,[19] to improve the position of the consumer within such private contract-based systems. However, none of these efforts have been successful in bringing about a significant overhaul of the existing power structure.

Smart Contract Integrated ToS as the Road Ahead

This article argues for the integration of the ToS of ISPs into smart contracts, with these smart contracts having to be approved by a concerned governmental regulatory authority, the ISP Handler. A system of smart-contract-enabled private enforcement would not only ensure an overhaul of the said power structure, but would also provide for more efficient enforcement of internet rules. The system envisioned is:

  • ·       ISPs will draft their standard form ToS in natural language and submit the same to the ISP Handler.
  • ·       The ISP Handler is entrusted with the dual function of first, integrating consumer considerations into the natural contract, while coding it into a smart one, and secondly, of subsequently feeding the smart contract with external data flows, or in other words, serving as the smart contract’s information oracle (IO) (an agent that finds and verifies real-world occurrences and submits this information to the blockchain being used by the smart contract, so as to allow the smart contract to self-execute).[20] Moreover, the ISP handler could be charged with the duty of explaining all relevant provisions of the contract to potential consumers, so as to ensure informed consent.
  • ·       The smart contract is designed to encapsulate all rights and responsibilities as well as relevant statutory and case law. It self-executes, on the basis of the information received from the IO, thereby taking away any real power of, or agency for enforcement, from the hands of the ISP; we simply make use of the ISP’s technical capabilities through the self-executing smart contract. The self-executing nature of the smart contract thus eliminates the need for trust between the parties, essentially re-imagining their relationship.
  • ·       Consumer protection considerations can easily be incorporated when the IO converts the natural contract into a smart one. The majority of such considerations, in terms of notices, grace periods, data limitation and minimization, etc, are highly automatable.[21] Moreover, compliance with complex considerations is not to be considered as a major obstacle for smart contracts, since ‘it is merely a question of technological sophistication’.[22] Therefore, if a consumer protection consideration is particularly complex, it is not a permanent hindrance, but merely requires the development of increasingly sophisticated code.

Use Cases

The value addition of the proposed system on the enforcement of internet rules is herein examined through two use cases: copyright infringement/online piracy and illegal pornography.

1.     Copyright Infringement/Online Piracy

Efforts to curtail online piracy have largely remained redundant over the years, with loss to the global economy steadily rising.[23] In the status quo, ISPs first attempt to discover infringing content and then send out notices[24], resulting in significant delay, by which time the infringing content has likely been copied across the internet, frustrating efforts. Moreover, ISPs are naturally unable to discover all infringing content.[25]

In 2014, it was reported that renowned internet intermediary platform, Dropbox, was making use of cryptographic hash functions to detect uploads of copyrighted material. Dropbox verified every hashed file against a blacklist, which essentially contained the hashed values of all copyrighted material.[26] Hashing involves the creation of  unique identifiers for copyrighted material, such that a particular input, if hashed, will always produce the identical output. This property, which is unique to cryptographic algorithms, is known as the avalanche effect.[27]

In case of a smart contract, a database of hashed values of all copyrighted material could be stored on the blockchain and linked to the smart contract ToS. As a result, the minute a user uploads some infringing content, he would automatically be sent a notice. Such a move could largely complement ongoing efforts to combat online piracy, such as the Six Strikes Program of the United States, for example.[28] Under the proposed regime, notice and removal (after the sixth notice) would be immediate and moreover, few cases of infringement would be left un-penalized.

The primary drawback of the above mentioned system is that detection may be circumvented by introducing minor amendments to the copyrighted file. Due to the avalanche effect, the corresponding output would then be completely different[29], thereby frustrating detection efforts. However, this is where the concept of perceptual hashing comes in, which is a form of hashing that is concerned not with the sameness of files but with their broad content and features. Therefore, the perceptual hash functions of two different files may be the same if the ‘features’ of the files are the same.[30] The complementary use of perceptual hashing along with cryptographic hashing to create a smart contract linked blacklist database of copyrighted material would widen the scope of efforts, allowing even for the detection of files which have been altered.

2.     Illegal Pornographic Content

Industry efforts to prevent the spread of child sexual abuse media have continued to be largely futile, over the years, with majority of said action being ex-post in nature, as a result of which, the content is often copied and distributed far and wide, making complete eradication near impossible.[31] PhotoDNA is a technology developed by Microsoft, that uses perceptual hashing technology to compute the hash values of images and videos, subsequently allowing for the identification of similar images and videos. Since the technology allows for detection despite contrast adjustments, skewing or usage of different compressions and formats[32], it has helped in the eradication of a large number of child porn files across the internet.

ISP Smart Contract enforcement mechanisms would also allow for the eradication of the revenge-porn market. Revenge porn, ‘the distribution of sexually explicit images or videos of individuals without their consent’, is an emerging market and there are growing reports of the use of cloud-based networks to store such material.[33]

It is noteworthy that similar technologies are already being used by major industry players, including Facebook and Twitter, for detection of sexually explicit content of children.[34] This article simply argues for a shift of this obligation from such social media sites to the gatekeepers of the internet, as such be grounded in utilitarianism, with the gatekeepers of the internet being able to cover a much wider range of activities.

Limitations and Challenges Moving Forward

One of the most significant challenges arising from a movement to the proposed system, with respect to copyright infringement detection, is the threat to established principles of fair use. Unfortunately, we presently lack the technical abilities to perfectly integrate fair use principles into a smart contract, primarily due to the subjective nature of fair use determination. However, in light of the immense improvement in piracy detection under this system, it may be desirous to reconstruct our fair use principles, from a broad, subjective concept to something which can be coded into a Smart Contract in a Yes/No format. These reconstructions, although not ideal, would reduce the negative externalities on fair use. An example of such reconstruction is implementing a ratio test, that when x% or more of a particular file is infringing, the smart contract will self-execute.

There has been near minimal focus on consumer protection considerations in smart contracts. However, as acknowledged earlier, this is simply a matter of technological sophistication in terms of being able to code natural language provisions in the Yes/No format of the smart contract. For this reason, it may be advisable to extend the Financial Conduct Authority’s Regulatory Sandbox scheme to ISPs, so as to test whether these consumer protection provisions are able to self-execute, and to do the same in a safe, controlled environment.[35]

A third issue is the economics of the system. Movement to such a system brings with it additional costs, such as significant smart contract development costs, which cannot entirely be pushed onto the consumer. The system will, however, significantly reduce the burden on the courts, promote consumer protection and improve enforcement on a large number of former absconders. Hence, it may be justified for government to bear some of this economic brunt and pave the way for the movement to this system.

Conclusion

The utility flowing from a move to a system of ISP private enforcement is conspicuous, to say the least. ISPs, in terms of knowledge and more importantly, technical abilities will always be far better placed to address the fast-paced needs of internet enforcement, when compared to traditional, public law enforcement agencies. Moreover, the proposed system will certainly improve enforcement on a large number of previously absconding users, as examined in the cases of online piracy and illegal pornography.

In order to truly leverage the importance of this system, however, it is necessary to first reimagine the power structure within which these ISPs have continued to engage with their users, over the years. For far too long, we have tried to address this issue through a gaze restricted to law and policy, paying little attention to the technological aspect. A mechanism of natural ToS being reconstructed as smart contracts through an ISP Handler, ensures that the delegation of ‘enforcement power’ is restricted to simply making use of the ISPs technical capabilities automatically, thereby safeguarding the position of the consumer within the system and thus, cropping out the primary obstacle to a move to such a system.

Viraj Ananth is a student in II Year at the National Law School of India University, Bangalore

 

 

 



[1] I. Brown, Research Handbook on Governance of the Internet 173 (2013).

[2] W. Ashford, UK government orders review of online laws, Computer Weekly (February 7, 2018), available at https://www.computerweekly.com/news/252434567/UK-government-orders-review-of-online-laws (Last visited on June 1, 2018).

[3] IPSA UK, ISPs call for law enforcement and Government to raise their game on cyber security, (2016), available at https://www.ispa.org.uk/isps-call-law-enforcement-government-raise-game-cyber-security/ (Last visited on June 1, 2018).

[4] R. Williams, Cybercrime costs global economy $445 bn annually, The Telegraph (June 9, 2014), available at https://www.telegraph.co.uk/technology/internet-security/10886640/Cyber-crime-costs-global-economy-445-bn-annually.html (Last visited on June 1, 2018).

[5] J. Cox, ISPs: UK Police Need to ‘Up Their Game’ on Following Cybercrime Leads, Motherboard (September 8, 2016), available at https://motherboard.vice.com/en_us/article/9a3zny/isps-uk-police-need-to-up-their-game-following-cybercrime-leads (Last visited on June 1, 2018).

[6] L. Bygrave, Contract versus statute in Internet governance 11, 2012.

[7] Bygrave, supra note 6, at 12.

[8] L. Belli and P. De Filippi, Law of the Cloud v Law of the Land: Challenges and Opportunities for Innovation, 3(2) European Journal of Law and Technology 17, 24 (2012).

[9] L. Belli and J. Venturini, Private ordering and the rise of terms of service as cyber-regulation, 5(4) Internet Policy Review 1, 2 (2016).

[10] G.F. Frosio, Why Keep a Dog and Bark Yourself? From Intermediary Liability to Responsibility, 25(1) Oxford International Journal of Law and Information Technology 1, 5 (2017).

[11] R. Kraakman, Gatekeepers: The Anatomy of a Third-Party Enforcement Strategy, 2(1) Journal of Law, Economics & Organization 53, 85 (1986).

[12] L. Belli and J. Venturini, supra note 9, at 6.

[13] Ofcom, Complaint from BT against Talk Talk about an unfair contract term, (2005), available at https://www.ofcom.org.uk/about-ofcom/latest/bulletins/competition-bulletins/all-closed-cases/cw_816 (Last visited on June 1, 2018).

[14] Ofcom, Unfair Terms - Additional Charges, (2012), available at http://www.oecd.org/sti/49261233.pdf (Last visited on June 1, 2018).

[15] A. Tims, Virgin Media users who move to no-service areas hit with exit fees, The Guardian (January 15, 2018), available at https://www.theguardian.com/money/2018/jan/15/virgin-media-broadband-contract-exit-fee (Last visited on June 1, 2018).

[16] Council of Europe, Terms of service and human rights: an analysis of online platform contracts, (2018), available at https://www.coe.int/en/web/freedom-expression/home/-/asset_publisher/RAupmF2S6voG/content/terms-of-service-and-human-rights-an-analysis-of-online-platform-contracts?inheritRedirect=false (Last visited on June 1, 2018).

[17] J. Venturini, Terms of Service and Human Rights: an Analysis of Online Platform Contracts 15 (2016).

[18] The Unfair Contract Terms Act, 1977.

[19] Thornton v Shoe Lane Parking [1949] 1 KB 532; CIBC Mortgages plc v Pitt [1993] 4 All ER 433.

[20] Oracle Chain, Oracle Chain Technical White Paper, (2017), available at https://oraclechain.io/files/oraclechain_white_paper_en.pdf (Last visited on June 1, 2018).

[21] Id.

[22] M.H. Grønbæk, Blockchain 2.0, smart contracts and challenges, Lexology (June 16, 2016), available at https://www.lexology.com/library/detail.aspx?g=2fd01ed1-cf8d-41f2-9561-b7259e21cc0a (Last visited on June 1, 2018).

[23] J. Tegner, Piracy Data: From Global View to Macroeconomic Trends, Videonet (May 9, 2018), available at https://www.v-net.tv/2018/05/09/piracy-data-from-global-view-to-macroeconomic-trends/ (Last visited on June 1, 2018).

[24] Center for Copyright Information, Copyright Alert Systems FAQs, (2015), available at http://www.copyrightinformation.org/resources-faq/copyright-alert-system-faqs/ (Last visited on June 1, 2018).

[25] Berkman Klein Center, Who is Vulnerable to Suit?, (1999), available at https://cyber.harvard.edu/property99/liability/main.html (Last visited on June 1, 2018).

[26] G. Kumparak, How Dropbox Knows When You’re Sharing Copyrighted Stuff, Tech Crunch (March 31, 2014), available at https://techcrunch.com/2014/03/30/how-dropbox-knows-when-youre-sharing-copyrighted-stuff-without-actually-looking-at-your-stuff/ (Last visited on June 1, 2018).

[27] H. Feistel, Cryptography and Computer Privacy, 228(5) Scientific American 15, 22 (1973).

[28] Center for Copyright Information, Copyright Alert System Set to Begin, (2013), available at http://www.copyrightinformation.org/uncategorized/copyright-alert-system-set-to-begin/ (Last visited on June 1, 2018).

[29] Y. Lui and Y. Xiao, A Robust Image Hashing Algorithm Resistant Against Geometrical Attacks, 22(4) Radio engineering 1072, 1075 (2013).

[30] pHash, Implementation and Benchmarking of Perceptual Image Hash Functions, (2010), available at http://www.phash.org/docs/pubs/thesis_zauner.pdf (Last visited on June 1, 2018).

[31] Microsoft’s PhotoDNA: Protecting children and businesses in the cloud, Microsoft News (July 15, 2015), available at https://news.microsoft.com/features/microsofts-photodna-protecting-children-and-businesses-in-the-cloud/ (Last visited on June 1, 2018).

[32] pHash, What is a perceptual hash?, available at http://www.phash.org (Last visited on June 1, 2018).

[33] University of Maryland, Criminalizing Revenge Porn, (2014), available at http://digitalcommons.law.umaryland.edu/fac_pubs/1420/ (Last visited on June 1, 2018).

[34] C. Arthur, Twitter to introduce PhotoDNA system to block child abuse images, July 22, 2013), available at https://www.theguardian.com/technology/2013/jul/22/twitter-photodna-child-abuse (Last visited on June 1, 2018).

[35] Financial Conduct Authority, Regulatory Sandbox, (2015), available at https://www.fca.org.uk/firms/regulatory-sandbox (Last visited on June 1, 2018).


Published: 2018-07-12T20:00:00

    0 comments

      This site uses cookies. By using the site you agree to our use of cookies as set out in our Privacy Policy.

      Please wait...