Time to get Technical? Revolutionizing the (Deplorable?) System of Internet Governance

July 11, 2018

 

Introduction

‘Governments should establish a predictable and simple legal environment
based on a decentralized, contractual model of law rather than one based on
top-down regulation.’[1]

-Clinton-Gore Administration

Over the last decade, there has been a gradual but ever-present
movement from a philosophical grounding of intermediary
liability
to that of intermediary
responsibility
, with respect to internet governance and Internet Service
Providers (ISPs). This essentially stems from the recent recognition of the unparalleled
role an ISP plays in influencing and shaping the internet environment and,
consequently, in regulating the behavior of its users within this environment.
However, despite the recognition of the exclusive utility that an ISP model of
enforcement brings with it, jurisdictions across the globe have remained
reluctant to move to such a system. This reluctance is primarily grounded in
consumer protection considerations, since such a move would involve entrusting
private, profit-driven, self-interested entities with sweeping enforcement
powers.

This article argues: first,
that the future of internet governance lies in the movement to a system of ISP
enforcement action, and secondly,
that in order to leverage this importance, we must reconstruct traditional
Terms of Service (ToS) as smart contracts. My article then examines the
importance of the proposed system through two prominent use cases.

The Case for a
Move to an ISP Enforcement System

Let’s begin by contextualizing the current system by which rules are
sought to be enforced on internet users. Public law enforcement authorities
engage in data collection and surveillance, under the authorization of numerous
statutes such as the Malicious Communications Act and the Copyright, Designs
and Patents Act, both of 1988.[2] However, despite the
existence of numerous statutes regulating the behaviour of internet users, the
ground reality is far from satisfactory. Recently, the United Kingdom (UK)
Internet Service Providers Association surveyed several major ISPs, 50% of which
claimed that their complaints to authorities were occasionally followed up on, while 30% asserted that there was
usually no response itself.[3] The results of this survey
are indicative of why the global economy continues to lose approximately £266
billion every year through internet crimes.[4]

This failure can be tied to these authorities’ lack of resources,
both in terms of knowledge and technical abilities; they lack the concrete
ability to directly enforce their rules. ISPs, however, as gatekeepers of the internet, remain in possession of all the
information needed to make well-informed decisions.[5] This hapless situation of
internet regulation should lead one to question the very appropriateness of
statutes and case law to internet enforcement, and weigh the same against the
benefits flowing from a system of private contractual relations. Internet regulation
requires flexibility and micro-management. It also requires the ability to
fine-grain to context and to the specific needs of an online service or
technological platform, none of which are achieved through generalized
statutes.[6] Moreover, statutes and
case law will naturally never be able to fully encapsulate the range of rights
and obligations that internet users are entrusted with in the way that
contracts can.[7]

This suitability of private contractual regulation must further be
viewed in light of how ISPs occupy a unique position in the internet regulatory
framework, in terms of enjoying a form of quasi-judicial
power
.[8] This power flows from
their concrete ability to enforce their ToS through technical means,
independent of delayed public law enforcement mechanisms. These technical means
include internet traffic management techniques and algorithms, which can be
used to control data flows and therefore, empower ISPs to control information
on the internet.[9]

Issues to be
Addressed Prior to Such a Move

Before we make a move to this system of private ISP enforcement, and
in order to truly speak of this system being ‘more important’, it is necessary
to first address the following issues:

  •        i.         
    the philosophical grounding for
    entrusting, or rather, imposing this additional burden on ISPs;
  •      ii.         
    the position of the consumer in
    the already prejudiced system, who may be subject to not only unfair and
    discriminatory terms in the ToS but also to the arbitrary exercise of technical
    abilities by the ISP.

Entrusting private entities with such sweeping enforcement power (or
rather, imposing this additional obligation upon them) is philosophically
grounded in the fact that the movement to such a system, simply put, increases
compliance with the law. Reiner Kraakman’s gatekeeper
theory
, which has been significant in influencing early discourse on and
shaping initial policies of online intermediaries,[10] provides the necessary justification
for the move. According to this theory, if gatekeepers
or intermediaries have the ability to
successfully reduce infringement, with little room for infringers to circumvent
the same then, on utilitarian grounds, the law must choose to conscript such third-parties.[11]

Before we move to such a system, it is important to deconstruct the
hierarchical structure within which ISPs interact with their users, and therein
re-imagine the relationship between the two parties. It has been found that avoiding liability is a key consideration
when ISPs draft their ToS. ISPs often further complicate matters for consumers
by distributing rights and obligations across multiple binding documents, which
are often further complemented by other informative materials and frequently
asked questions.[12]
Examples of discrimination are widespread through the ToS of numerous well-established
ISPs in the UK. TalkTalk includes a
negative opt-out provision, which essentially empowers the ISP to migrate a
consumer from one service to another.[13] BT, TalkTalk and GigaClear  have all been found to prescribe the payment
of unreasonably high Early Termination Charges.[14] According to the ToS of Virgin Media, if a consumer moves to an
unserviceable area, he would have to pay a steep cancellation charge to terminate
the contract.[15]
A survey conducted by the Center for Technology and Society at FGV Law School and
endorsed by the Council of Europe[16] found that, out of 50 key
internet platforms studied, 26% lead users to waive their right to initiate
class action suits and 34% unilaterally choose the arbiter for the arbitrations
that they restrict their consumers to, as the only form of dispute resolution. 13%
absolve themselves of the obligation to notify amendments to their ToS to users,
irrespective of the significance of the same.[17]

Therefore, at this juncture, what is needed is a complete
re-imagination of the relationship between the ISP and the consumer. Over the
years, there have been numerous efforts, both legislatively[18] and judicially,[19] to improve the position
of the consumer within such private contract-based systems. However, none of
these efforts have been successful in bringing about a significant overhaul of
the existing power structure.

Smart Contract
Integrated ToS as the Road Ahead

This article argues for the integration of the ToS of ISPs into
smart contracts, with these smart contracts having to be approved by a
concerned governmental regulatory authority, the ISP Handler. A system of smart-contract-enabled private enforcement
would not only ensure an overhaul of the said power structure, but would also
provide for more efficient enforcement of internet rules. The system envisioned
is:

  • ·      
    ISPs will draft their standard
    form ToS in natural language and submit the same to the ISP Handler.
  • ·      
    The ISP Handler is entrusted with the dual function of first, integrating consumer
    considerations into the natural contract, while coding it into a smart one, and
    secondly, of subsequently feeding the
    smart contract with external data flows, or in other words, serving as the
    smart contract’s information oracle (IO)
    (an agent that finds and verifies real-world occurrences and submits this
    information to the blockchain being used by the smart contract, so as to allow
    the smart contract to self-execute).[20] Moreover, the ISP handler
    could be charged with the duty of explaining all relevant provisions of the contract
    to potential consumers, so as to ensure informed
    consent
    .
  • ·      
    The smart contract is designed
    to encapsulate all rights and responsibilities as well as relevant statutory
    and case law. It self-executes, on the basis of the information received from
    the IO, thereby taking away any real power of, or agency for enforcement, from
    the hands of the ISP; we simply make use of the ISP’s technical capabilities
    through the self-executing smart contract. The self-executing nature of the
    smart contract thus eliminates the need for trust between the parties,
    essentially re-imagining their relationship.
  • ·      
    Consumer protection
    considerations can easily be incorporated when the IO converts the natural
    contract into a smart one. The majority of such considerations, in terms of
    notices, grace periods, data limitation and minimization, etc, are highly
    automatable.[21]
    Moreover, compliance with complex considerations is not to be considered as a major
    obstacle for smart contracts, since ‘it is merely a question of technological
    sophistication’.[22]
    Therefore, if a consumer protection consideration is particularly complex, it
    is not a permanent hindrance, but merely requires the development of
    increasingly sophisticated code.

Use Cases

The value addition of the proposed system on the enforcement of
internet rules is herein examined through two use cases: copyright infringement/online piracy and illegal pornography.

1.    
Copyright Infringement/Online
Piracy

Efforts to curtail online piracy have largely remained redundant
over the years, with loss to the global economy steadily rising.[23] In the status quo, ISPs
first attempt to discover infringing content and then send out notices[24], resulting in significant
delay, by which time the infringing content has likely been copied across the
internet, frustrating efforts. Moreover, ISPs are naturally unable to discover
all infringing content.[25]

In 2014, it was reported that renowned internet intermediary
platform, Dropbox, was making use of cryptographic
hash functions
to detect uploads of copyrighted material. Dropbox verified
every hashed file against a blacklist, which essentially contained the hashed
values of all copyrighted material.[26] Hashing involves the creation of  unique
identifier
s for copyrighted material, such that a particular input, if
hashed, will always produce the identical
output. This property, which is unique to cryptographic algorithms, is known as
the avalanche effect.[27]

In case of a smart contract, a database of hashed values of all
copyrighted material could be stored on the blockchain and linked to the smart
contract ToS. As a result, the minute a user uploads some infringing content,
he would automatically be sent a notice. Such a move could largely complement
ongoing efforts to combat online piracy, such as the Six Strikes Program of the
United States, for example.[28] Under the proposed
regime, notice and removal (after the sixth notice) would be immediate and
moreover, few cases of infringement would be left un-penalized.

The primary drawback of the above mentioned system is that detection
may be circumvented by introducing minor amendments to the copyrighted file. Due
to the avalanche effect, the corresponding output would then be completely
different[29],
thereby frustrating detection efforts. However, this is where the concept of perceptual hashing comes in, which is a
form of hashing that is concerned not with the sameness of files but with their broad content and features.
Therefore, the perceptual hash functions of two different files may be the same
if the ‘features’ of the files are the same.[30] The complementary use of perceptual hashing along with cryptographic hashing to create a smart
contract linked blacklist database of copyrighted material would widen the
scope of efforts, allowing even for the detection of files which have been
altered.

2.    
Illegal Pornographic Content

Industry efforts to prevent the spread of child sexual abuse media
have continued to be largely futile, over the years, with majority of said
action being ex-post in nature, as a
result of which, the content is often copied and distributed far and wide,
making complete eradication near impossible.[31] PhotoDNA is a technology
developed by Microsoft, that uses perceptual
hashing
technology to compute the hash values of images and videos,
subsequently allowing for the identification of similar images and videos.
Since the technology allows for detection despite contrast adjustments, skewing
or usage of different compressions and formats[32], it has helped in the
eradication of a large number of child porn files across the internet.

ISP Smart Contract enforcement mechanisms would also allow for the
eradication of the revenge-porn market. Revenge porn, ‘the distribution of
sexually explicit images or videos of individuals without their consent’, is an
emerging market and there are growing reports of the use of cloud-based
networks to store such material.[33]

It is noteworthy that similar technologies are already being used by
major industry players, including Facebook and Twitter, for detection of
sexually explicit content of children.[34] This article simply
argues for a shift of this obligation from such social media sites to the gatekeepers of the internet, as such be
grounded in utilitarianism, with the gatekeepers
of the internet
being able to cover a much wider range of activities.

Limitations
and Challenges Moving Forward

One of the most significant challenges arising from a movement to
the proposed system, with respect to copyright infringement detection, is the
threat to established principles of fair
use
. Unfortunately, we presently lack the technical abilities to perfectly
integrate fair use principles into a smart contract, primarily due to the subjective
nature of fair use determination. However, in light of the immense improvement
in piracy detection under this system, it may be desirous to reconstruct our
fair use principles, from a broad, subjective concept to something which can be
coded into a Smart Contract in a Yes/No format. These reconstructions, although
not ideal, would reduce the negative externalities on fair use. An example of
such reconstruction is implementing a ratio
test
, that when x% or more of a particular file is infringing, the smart contract
will self-execute.

There has been near minimal focus on consumer protection
considerations in smart contracts. However, as acknowledged earlier, this is
simply a matter of technological sophistication in terms of being able to code
natural language provisions in the Yes/No format of the smart contract. For
this reason, it may be advisable to extend the Financial Conduct Authority’s
Regulatory Sandbox scheme to ISPs, so as to test whether these consumer protection
provisions are able to self-execute, and to do the same in a safe, controlled
environment.[35]

A third issue is the economics of the system. Movement to such a
system brings with it additional costs, such as significant smart contract
development costs, which cannot entirely be pushed onto the consumer. The
system will, however, significantly reduce the burden on the courts, promote
consumer protection and improve enforcement on a large number of former absconders.
Hence, it may be justified for government to bear some of this economic brunt
and pave the way for the movement to this system.

Conclusion

The utility flowing from a move to a system of ISP private
enforcement is conspicuous, to say the least. ISPs, in terms of knowledge and
more importantly, technical abilities will always be far better placed to
address the fast-paced needs of internet enforcement, when compared to
traditional, public law enforcement agencies. Moreover, the proposed system
will certainly improve enforcement on a large number of previously absconding
users, as examined in the cases of online piracy and illegal pornography.

In order to truly leverage the importance of this system, however,
it is necessary to first reimagine the power structure within which these ISPs
have continued to engage with their users, over the years. For far too long, we
have tried to address this issue through a gaze restricted to law and policy,
paying little attention to the technological aspect. A mechanism of natural ToS
being reconstructed as smart contracts through an ISP Handler, ensures that the delegation of ‘enforcement power’ is
restricted to simply making use of the ISPs technical capabilities
automatically, thereby safeguarding the position of the consumer within the
system and thus, cropping out the primary obstacle to a move to such a system.

Viraj Ananth is a student in II Year at the
National Law School of India University, Bangalore

 

 

 



[1] I. Brown, Research
Handbook on Governance of the Internet 173 (2013).

[2] W. Ashford, UK
government orders review of online laws
, Computer
Weekly
(February 7, 2018), available
at
https://www.computerweekly.com/news/252434567/UK-government-orders-review-of-online-laws
(Last visited on June 1, 2018).

[3] IPSA UK, ISPs
call for law enforcement and Government to raise their game on cyber security
,
(2016), available at https://www.ispa.org.uk/isps-call-law-enforcement-government-raise-game-cyber-security/
(Last visited on June 1, 2018).

[4] R. Williams, Cybercrime
costs global economy $445 bn annually
, The
Telegraph
(June 9, 2014), available
at
https://www.telegraph.co.uk/technology/internet-security/10886640/Cyber-crime-costs-global-economy-445-bn-annually.html
(Last visited on June 1, 2018).

[5] J. Cox, ISPs:
UK Police Need to ‘Up Their Game’ on Following Cybercrime Leads
, Motherboard (September 8, 2016), available at https://motherboard.vice.com/en_us/article/9a3zny/isps-uk-police-need-to-up-their-game-following-cybercrime-leads
(Last visited on June 1, 2018).

[6] L. Bygrave, Contract
versus statute in Internet governance
11, 2012.

[7] Bygrave, supra note
6, at 12.

[8] L. Belli and P. De Filippi, Law of the Cloud v Law of the Land: Challenges and Opportunities for
Innovation
, 3(2) European Journal of
Law and Technology
17, 24 (2012).

[9] L. Belli and J. Venturini, Private ordering and the rise of terms of service as cyber-regulation,
5(4) Internet Policy Review 1, 2
(2016).

[10] G.F. Frosio, Why
Keep a Dog and Bark Yourself? From Intermediary Liability to Responsibility
,
25(1) Oxford International Journal of Law
and Information Technology
1, 5 (2017).

[11] R. Kraakman, Gatekeepers:
The Anatomy of a Third-Party Enforcement Strategy
, 2(1) Journal of Law, Economics & Organization 53,
85 (1986).

[12] L. Belli and J. Venturini, supra note 9, at 6.

[13] Ofcom, Complaint
from BT against Talk Talk about an unfair contract term
, (2005), available at https://www.ofcom.org.uk/about-ofcom/latest/bulletins/competition-bulletins/all-closed-cases/cw_816
(Last visited on June 1, 2018).

[14] Ofcom, Unfair
Terms – Additional Charges
, (2012), available
at
http://www.oecd.org/sti/49261233.pdf (Last visited on June 1, 2018).

[15] A. Tims, Virgin
Media users who move to no-service areas hit with exit fees
, The Guardian (January 15, 2018), available at https://www.theguardian.com/money/2018/jan/15/virgin-media-broadband-contract-exit-fee
(Last visited on June 1, 2018).

[16] Council of Europe, Terms of service and human rights: an analysis of online platform
contracts
, (2018), available at https://www.coe.int/en/web/freedom-expression/home/-/asset_publisher/RAupmF2S6voG/content/terms-of-service-and-human-rights-an-analysis-of-online-platform-contracts?inheritRedirect=false
(Last visited on June 1, 2018).

[17] J. Venturini, Terms
of Service and Human Rights: an Analysis of Online Platform Contracts 15
(2016).

[18] The Unfair Contract Terms Act, 1977.

[19] Thornton v Shoe
Lane Parking
[1949] 1 KB 532; CIBC
Mortgages plc v Pitt
[1993] 4 All ER 433.

[20] Oracle
Chain, Oracle Chain Technical White Paper,
(2017), available at https://oraclechain.io/files/oraclechain_white_paper_en.pdf
(Last visited on June 1, 2018).

[21] Id.

[22] M.H. Grønbæk, Blockchain
2.0, smart contracts and challenges
, Lexology
(June 16, 2016), available at https://www.lexology.com/library/detail.aspx?g=2fd01ed1-cf8d-41f2-9561-b7259e21cc0a
(Last visited on June 1, 2018).

[23] J. Tegner, Piracy
Data: From Global View to Macroeconomic Trends
, Videonet (May 9, 2018), available
at
https://www.v-net.tv/2018/05/09/piracy-data-from-global-view-to-macroeconomic-trends/
(Last visited on June 1, 2018).

[24] Center for Copyright Information, Copyright Alert Systems FAQs, (2015), available at http://www.copyrightinformation.org/resources-faq/copyright-alert-system-faqs/
(Last visited on June 1, 2018).

[25] Berkman Klein Center, Who is Vulnerable to Suit?, (1999), available at https://cyber.harvard.edu/property99/liability/main.html
(Last visited on June 1, 2018).

[26] G. Kumparak, How
Dropbox Knows When You’re Sharing Copyrighted Stuff
, Tech Crunch (March 31, 2014), available at https://techcrunch.com/2014/03/30/how-dropbox-knows-when-youre-sharing-copyrighted-stuff-without-actually-looking-at-your-stuff/
(Last visited on June 1, 2018).

[27] H. Feistel, Cryptography
and Computer Privacy
, 228(5) Scientific
American
15, 22 (1973).

[28] Center for Copyright Information, Copyright Alert System Set to Begin,
(2013), available at http://www.copyrightinformation.org/uncategorized/copyright-alert-system-set-to-begin/
(Last visited on June 1, 2018).

[29] Y. Lui and Y. Xiao, A Robust Image Hashing Algorithm Resistant Against Geometrical Attacks,
22(4) Radio engineering 1072, 1075
(2013).

[30] pHash, Implementation
and Benchmarking of Perceptual Image Hash Functions
, (2010), available at http://www.phash.org/docs/pubs/thesis_zauner.pdf
(Last visited on June 1, 2018).

[31] Microsoft’s
PhotoDNA: Protecting children and businesses in the cloud
, Microsoft News (July 15, 2015), available at https://news.microsoft.com/features/microsofts-photodna-protecting-children-and-businesses-in-the-cloud/
(Last visited on June 1, 2018).

[32] pHash, What is
a perceptual hash?
, available at http://www.phash.org
(Last visited on June 1, 2018).

[33] University of Maryland, Criminalizing Revenge Porn, (2014), available at http://digitalcommons.law.umaryland.edu/fac_pubs/1420/
(Last visited on June 1, 2018).

[34] C. Arthur, Twitter
to introduce PhotoDNA system to block child abuse images
, July 22, 2013), available at https://www.theguardian.com/technology/2013/jul/22/twitter-photodna-child-abuse
(Last visited on June 1, 2018).

[35] Financial
Conduct Authority, Regulatory Sandbox,
(2015), available at https://www.fca.org.uk/firms/regulatory-sandbox
(Last visited on June 1, 2018).