It seems clear to me that the next field of engagement over fundamental rights is going to involve the Domain Name System. The recent skirmishes over SOPA (the proposed Stop Online Piracy Act, recently holed below the waterline by Pres. Obama) seems to confirm this view.
The DNS is the technical system at the heart of what nearly everyone who uses the Internet does.
It enables people and applications to locate things on the Internet. Things such as website addresses, email servers and many other things. Watch the video at youtu.be/lsutsPeCbak.
The DNS is run by a diverse group of people and organisations which evolved from the Internet’s early research within academia. This group includes universities, government agencies and private businesses and is co-ordinated at its apex by a California organisation called the Internet Corporation for Assigned Names and Numbers (ICANN).
A recently hot topic in the DNS world is something called ‘Notice and Takedown’.
That is to say, “someone” (in the British Isles this is most usually the owner of some intellectual property or an organisation such as the Internet Watch Foundation which monitors the Internet for illegal content such as child abuse images or extreme pornography) will send a Notice to an ISP or domain name registrar to inform them that a domain name (or web address) is being used by what is becoming known in the industry as ‘bad actor’.
The recipient of such a Notice is then expected to take the appropriate action; the expectation being that the domain name concerned is blocked, filtered or ‘taken down’.
Much of the activity, as you might expect, in this regard has come from IP rights-owners as well as anti-phishing & anti-spam organisations.
Now your author’s anti-spam credentials cannot be doubted but it is submitted that there are significant dangers in the understandable wish of registrars, ISPs and others to ‘do the right thing’. One insufficiently considered action could pose great reputational or even existential risk to the ISP executing takedown. On the other hand, there are equally significant risks to inaction as well.
There is a certain amoun of protection in Europe law for ‘mere conduits’, for example, under the e-commerce Directive.
But what if a registry (rather than a registra) receives a notice drawing its attention to the fact that a domain name is being used for bad purposes?
Such bad behaviour doesn’t have to be illegal (that is to say, criminal) conduct. It can equally well be an infringment of the civil rights of a third party, such as a defamation.
In England, defamation is a very great risk for any person or organisation that can be said to publish or assist publication. Ask any newspaper editor.
The UK libel laws are archaic and arcane. This basically means that it is extremely risky and extremely expensive to be either a Claimant or a Defendant, whether willingly or unwillingly.
Indeed, it’s no surprise that one of the early cases on the principles of notice and takedown are set out early on in an internet libel case in England .. Godfrey -v- Demon Internet.
The effects of that regime on intermediaries has been ameliorated by subsequent European legislation — the e-commerce Directive but nonetheless, it is clear that not only are there risks to an ISP or registrar or registrar in taking positive action over a domain name that is alleged to be being used for illegal (criminal) or unlawful (civil) purposes, there are risks in NOT taking action.
I predict this debate will continue for several years, and is likely to engage the law enforcement, legislative and judicial authorities in a number of countries at the highest levels.