This article is also available in:
Deutsch: ENDitorial: Das „Selbst“ in Selbstregulierung wahren
Businesses, particularly in the Internet environment, fear (and often have good reason to fear) government regulation. Traditionally, therefore, Internet Service Providers have pushed for "self-regulatory" solutions to issues surrounding the management and operation of their own networks - as in the case of spam, for example. Self-regulation often seems to be, and often is, the most effective solution.
There is, however, a growing and insidious trend in self-regulation, where increasing pressure is being put on Internet access and service providers to treat their own customers as potential criminals and to take on, usually unwillingly, policing roles. It is clear that this development has serious risks both to online freedoms and to the democratic controls that citizens would normally be able to rely on to protect them.
Already, with the notable exception of Germany, when ISPs were asked (often under the threat of being portrayed as supporters of child abuse) to introduce "self-regulatory" web blocking, they felt obliged to do so. This activity clearly has little in common with the dictionary definition of "self-regulation". In Germany, the public debate that was provoked by the ISPs' brave and honourable decision not to cave in to moral blackmail lead to the country not taking the first crucial first step towards widespread censorship and an increasingly controlled Internet. Unfortunately, that democratic decision now risks being overturned by the European Commission's populist but profoundly flawed proposal to introduce "blocking" at an EU level.
Last week, the telecoms package was approved by the European Parliament. This contains a new right for Member States to require that providers of e-communications networks and services include obligations in their consumer contracts regarding "unlawful activities" and undefined (and indefinable) "harmful content". Only a few weeks ago, we saw a leaked document related to ACTA explaining the United States' view that "ISPs need to put in place policies to deter unauthorised storage and transmission of IP infringing content (ex: clauses in customers' contracts allowing, inter alia, a graduated response)."
Therefore, on the one hand, we see the telecoms package creating the power for governments to push private companies into using their contracts to restrict their consumers' use of the Internet. This not alone covers "illegal" activities but also legal activities that government or the ISP or a third party might find useful to restrict under the vague heading of the content being "harmful". This trend is neatly encapsulated in the Dutch "Notice and Takedown Code of Conduct" which explains that the "parties involved are also free to decide for themselves which information is considered as 'undesirable', irrespective of the question of it being in conflict with the law. They can deal with this undesirable information in the same way as information that is in conflict with the law". On the other hand, we see the USA proposing, within the context of ACTA, the introduction of "graduated response" via consumer contracts and therefore outside the scope of democratic oversight.
Self-regulatory initiatives are often to promote/protect the interests of ISPs' customers, so self-regulation is neither automatically unwelcome nor negative. However, ISPs and providers of online services are there to do business, so when the cost of defending their users is higher than the cost of fighting pressure from third parties, it is hardly surprising when they take the decision most appropriate to the survival of their business. These activities are, however, outside their normal business practices and, therefore, the trend towards defending third parties and restricting users' rights is also harmful and unwelcome for them. "Self-regulation" risks becoming a way of tipping the cost/benefit balance definitively in favour of third parties and against citizens. The research carried out in 2004 by Dutch NGO Bits of Freedom which assessed the ease with which wholly invalid "notices" of illegal content could cause websites to be taken offline eloquently demonstrates what this trend means for free speech and justice on the Internet.
As a result, we have ISPs being subject to a flurry of invitations to have discussions with international organisations from the European Commission to the Council of Europe to the United Nations with regard to "self-regulation" or "public-private partnership" in the field of intellectual property rights, terrorism, identity theft and various other forms of online activity where private companies are asked to duplicate or participate in policing activities. As long as society continues to be mislead by use of words like "self-regulation" or "partnership", the democratic impact and dangers of this trend will not be understood and freedoms will be undermined.
Bits of Freedom research - The Multatuli Project ISP Notice & take down
(1.10.2004)
http://www.bof.nl/docs/researchpaperSANE.pdf
Dutch Code of Conduct (in Dutch, 10.2008)
http://www.samentegencybercrime.nl/UserFiles/File/,DanaInfo=ex01tp+NTD...
Dutch Notice and Take down Code of Conduct (10.2008)
http://www.samentegencybercrime.nl/UserFiles/File/NTD_Gedragscode_Opma...
ACTA leak (30.09.2009)
http://www.wikileaks.com/wiki/European_Commission_"advance_warning"_summary_on_ACTA_Internet_Chapter%2C_30_Sep_2009
(contribution by Joe McNamee - EDRi)