Take a single photograph of a stranger in the street, and a computer algorithm can identify that person’s name, date of birth — even their social security number — with 30% confidence. This was the startling conclusion of Dr Alessandro Aqcuisti, who delivered the introductory keynote at this year’s SCL Policy Forum. Dr Aqcuisti demonstrated several data mining techniques which enable researchers to identify individuals by accretion. Using insights from behavioural economics, he went on to argue that the main assumption underlying European privacy regulation — that people should have control over how their personal information is used and disclosed — is flawed. People tend to make irrational decisions about their privacy due to cognitive biases, limited resources and information asymmetries. (For example, one study found that 52% of participants would not trade an anonymous gift card for a higher-value gift card without anonymity, but just 9% would, when given the higher-value card, choose to swap it for the lower-value card with anonymity. This surprising result suggests that decisions about our privacy are strongly influenced by an endowment effect.) With this provocative challenge to European privacy orthodoxy, the SCL Policy Forum was underway.
Dr Aqcuisti’s engaging lecture opened what was, by all accounts, a highly successful Policy Forum, the major theme of which was ‘The New Shape of European Internet Regulation’. The Forum took place on 15 and 16 September 2011 at the offices of Herbert Smith, which kindly hosted the event. Several themes emerged from the panel discussions, upon which I will comment briefly.
A ‘right to be forgotten’?
Marc Dautlich (Pinsent Masons LLP) opened this panel discussion by enumerating the many practical issues facing such a right. How would it be enforced? Could it ever achieve true technological neutrality? The precise form such a right might take, and whether it is empirically justified, remain open questions. William Malcolm (Google) followed with a systematic exposition of the overlap between a sui generis right of removal and existing rights to control self-published information and tortious publications by others. He explained that, while a technical solution might be preferable, there are many social and behavioural norms that need rethinking. Arnold Roosendaal (Tilburg) pointed out an emerging challenge: behavioural tracking cookies, which can collect information about a person’s web history even when logged out of their social networking accounts. Finally, Kieron O’Hara (Southampton) explored possible technical solutions involving the semantic web, ultimately concluding that they may not be desirable and likening data time-stamping to ‘burning down the library every five years’.
Regulating freedom of expression
TJ McIntyre (UCD) began this lively panel discussion with an overview of current web site blocking technology and self-regulation by ISPs and content intermediaries, such as the Internet Watch Foundation. He argued that existing approaches to blocking suffer from substantial problems of stability, scalability and procedural unfairness. Ian Walden (Queen Mary) then offered several observations about the future of independent regulation in this sector; opt-out and opt-in are both out: instead, blocking will be about making active choices to uphold existing criminal and civil norms. However, Professor Walden warned of threats to the rule of law if future regulatory norms are not legislated but left to private, contractarian mechanisms. This, he said, was the real challenge to freedom of expression: how do we control private entities that may have market incentives to regulate speech in undesirable ways? David Green (Preiskel & Co LLP) closed out this panel with a discussion of recent cases under s 127 of the Communications Act 2003, the uncertain purpose and somewhat amorphous scope of which have seen it applied in several ‘Twitter hoax’ and riot misinformation cases. Mr Green argued forcefully for regulatory neutrality: what is not criminal in the offline world should not be criminal online.
The future of file-sharing regulation
Francis Davey (barrister) observed that the impact of the Digital Economy Act 2010 remains to be seen. The real question, he says, is whether its many social and financial costs are justified by equivalent reductions in copyright infringement. That equation is difficult to compute while implementation costs, evidence quality and various details of the Act’s implementation still remain uncertain. Stuart Hamilton (IFLA) gave an antipodean perspective on graduated response legislation, arguing that New Zealand’s Copyright (Infringing Filesharing) Amendment Act 2011 places libraries and other public institutions in a difficult position. They must now implement systems to monitor their public users’ Internet activities and assume the substantial burden of complying with new notice and disclosure procedures. Hamilton asks: why should libraries bear any enforcement costs if they provide non-commercial access to the Internet?
Meanwhile, Martin Kretschmer (Bournemouth) thought there might still be a role for copyright levies, citing the recent example of Apple Inc’s ‘iCloud’ service and the potential for a private copying exception. Professor Kretschmer advocated reform of the European levy system to prevent rent-seeking behaviour by content owners: a levy should be accompanied by ‘giving something back’ to users. Finally, Frances Lowe (PRS Music) described an innovative ‘traffic light’ system by which licensed and unlicensed music could be flagged to users in search engines. The objective, Ms Lowe argued, is to permit users to make informed choices about their music consumption, and to promote the rise of legitimate sources.
Intermediary liability
Jan-Willem Verheijden (European Commission) announced a new horizontal initiative on notice and takedown, which it is understood will consider problems of sectoral fragmentation, national implementations, and the difficult distinction between ‘passive’ and ‘active’ involvement by intermediaries. However, he ruled out wholesale review of the E-Commerce Directive. Patricia Christias (Microsoft) encouraged a pragmatic view of liability in the Cloud, and praised the Directive for its simplicity and clarity. Such safe harbours, she argued, have permitted efficient notice and takedown regimes to emerge, and reflect a ‘reasonable compromise’ between the interests of intermediaries and content owners. Finally, Dr Daithí Síthigh (UEA) drew our attention to the regulatory vacuum currently enjoyed by gatekeepers of applications. The iTunes ‘App Store’, for example, gives unprecedented control to Apple over third-party developers, and lacks accountability, transparency and proportionality — though this may be what consumers ultimately want.
The future
The Policy Forum closed with a session of regulatory prognostication. Mark Turner (Herbert Smith LLP) expressed concern at the practical difficulties created by new opt-in requirements for cookies, and noted a lack of useful guidance forthcoming from regulators. Becky Hogge (writer) contemplated a dystopian present in which disintermediation has been replaced by a concentration of Internet traffic around a small number of content intermediaries. Ms Hogge envisaged a range of future threats to Internet freedom and network neutrality, including the use of Internet ‘kill switches’ in response to civil unrest. Chris Marsden (Essex) considered that the future of regulation is co-regulation, with many lessons to be learnt from Australia (where telecommunications co-regulation has been the norm for decades). Graeme Smith (Bird & Bird LLP) saw the Hargreaves Review as the start of a new regulatory lifecycle — and perhaps an indication that copyright has reached its high-water mark.
As this summary makes clear, attendees were privy to two days of stimulating debate and a high concentration of insights about Internet regulation. Selected papers and presentation slides will shortly be available on this site.
Jaani Riordan is a DPhil candidate at Magdalen College, Oxford, where his research considers the liability of Internet intermediaries.