The Executive Director,
Internet Industry Association,
Mr Peter Coroneos
via email - [email protected]

Dear Mr Coroneos,

Re: Internet Industry Association Code of Practice (3rd draft 2/2/98)

Further to our online discussions, the Board of Electronic Frontiers Australia Inc. has prepared the following response to the abovementioned draft. The progress towards consensus demonstrated by IIA's amendments to version 2 of the draft Code is commendable. EFA seeks further progress over the issues arising from the draft Code's proposed role in content regulation.

The commitment to content regulation which remains central to the IIA draft Code version 3 is not supported by the Internet community, and is opposed by EFA. It is essential for the wellbeing and growth of the Internet in Australia for ISPs to stand firm on the position that they are not content providers. Once it is accepted that ISPs are responsible as publishers for some purposes, it is a slippery slope towards ISP responsibility in any given situation.

This Code can reasonably be expected to address the direct responsibilities of ISPs with regard to the provision of Internet connectivity and support services. It is not a suitable document for regulating the provision of content by commercial or non-profit organisations, or by users generally. 

There are some protections of consumer interest and user privacy, but these should be strengthened if the document is to meet the needs of the public. User privacy under the draft Code is restricted to the particular Code Subscriber's customers, and in too limited a context. There is focus on Vendor obligations, but no provision by the Industry to act in the event of the collapse of an ISP. There is no administrative structure to oversee the industry in terms of provision of superior Internet connectivity and users having rights to minimum standards of service.

Executive Summary  

1. The Code wrongly requires compliance with controversial tagging and blocking technologies and does not address reasonable consumer requirements for an industry code.

2. IIA is reminded that the industry requires a recognition that ISPs are not content providers, and the users require protection of their rights to freedom of communication. Any dilution of these aspirations will impact profoundly on the acceptance of the Code by ISPs and users.  

3. The Administrative Council is too narrow in composition and the powers of the "independent" Chair are excessive.

4. IIA is urged to consider the catastrophic effect of deregistration in the context of harsh ABA licencing requirements or criminal law defences based on Code compliance.

Specific redrafts proposed :
Clause 1.3 seems to imply that Members of the industry may indicate adoption of the Code by reference to the use of the Code Compliance Symbol. However, subsequent clauses make it clear that approval by the Administrative Council is also required , as is financial membership of IIA or affiliates.

Obviously IIA has a financial interest in charging every content provider, web page developer and ISP in Australia a membership fee, backed by government regulations prohibiting non-members from competing. It is a policy that IIA may find the subject of litigation and division. If IIA seeks to cover all online businesses, problems may arise in the event Federal authorities registering Industry Codes refuses applications for Code registration from industry members arguably covered by IIA's terms of membership.

 If the IIA Code is intended to address the recommendation of the ABA report on the regulation of online services that statutary codes of practice be developed for on-line service providers (being on-line access providers including those who offer value added services such as web page development), the Code should make that clear.
 The ABA's recommendations queried whether there should be codes of practice for participants in the on-line environment, other than on-line service providers. EFA cautions against the development of an all encompassing code which may prevent other sectors of the industry from developing and registering codes, should a need be demonstrated, which may better address matters relevant to those sectors. EFA questions whether most Australian Internet businesses, such as web page developers, software programmers, information vendors, etc, are aware of the development of this code which appears intended to regulate their activities.

Clause 2(b) amend to :
"to support the development of resource discovery schemes such as metadata systems."
Content regulation is not an achievable end, and its endorsement in this Code is contrary to the legal interests of ISPs. A recent settlement of a defamation action by a Melbourne ISP illustrates the dangers in ISPs accepting any liability for the actions of users. The calls for Internet censorship are best answered by the Industry developing search-retrieval methods to assist all users to quickly access appropriate material. 

Clause 3(a) amend to:
"the Code attempts to be technology neutral in determining liability for content."
Obviously it is not possible to be technology-neutral in relation to web page developers.

Clause 3(d) amend to:
"the responsibility for content made available on the Internet rests with the relevant Content Providers."
There is no "secondary responsibility" , especially in the event that the industry takes necessary and immediate action to lobby the government to enact civil and criminal indemnity from the actions of users. Compare the approach taken in the United Kingdom and the United States, where under statute ISPs are protected from liability as publishers (refer UK Defamation Act 1996 and US Telecommunications Act s.230). The US court decision of AOL v. Zeran gives a compelling legal argument for there being no "secondary" responsibility for ISPs.

Clause 3(e) amend to:
"the privacy of Internet users' details obtained by Code Subscribers in the course of business will be respected."
In the course of operating an Internet Business, a Code Subscriber may become the possessor of private details of persons other than customers. 

Clause 4
Definitions to be amended:
"content" means all forms of information uniquely retrieved from the Internet.
The blend of terms suggested in the draft confuse the issue. The importance of "content" lies in the act of supplying or retrieving it, not the method of transmission.

"filter"  (no longer necessary as below, but if defined "means blocking access to Internet content as required by Court order").

"hit" (no longer required)

"ISPs" stands for Internet Service Providers. Other Acts define the obligations of ISPs in terms of carriage service provision , content provision or supply of online service.

"newsgroup" means an online public discussion forum within Usenet. The draft definition was too vague, and would have included web forums, IRC , mailing lists , chat rooms , among others.

"Illegal Content" means content, the mere possession of which is illegal under the laws applicable in the State or Territory in which the content is stored. It is essential that crimes of possession be defined in terms of location.

"publish" means knowingly placing and advertising such placement of content on the Internet.
Without making the URL public, no act of publishing is complete.

"Relevant Authority" means a Court or government agency which lawfully directs the removal of content. It cannot be as wide a definition as the draft suggests without allowing competing opinions as to legality of information, or censorship by decree.

("spamming" needs a thoughtful industry policy before Code requirements should be set. The definition of "spamming" used in the draft Code ("spamming" means the sending of unsolicited and unwelcome advertising material or information to an email address or newsgroup), would unfairly penalise some bona fide messages. It is noted that spamming is most unwelcome when a foreign user uses a false reply-to address to send many thousands of email messages to strangers' email addresses - not a matter addressed under this definition. There is no objective test of "unwelcome" within the Code, yet non-compliance with this clause may lead to deregistration of a Code Subscriber.)

"user" means a person who uses the Internet. If this is to be an Industry document, responsibilities to the general public should not be shirked.

"Unsuitable Content" - ( not needed , no role for ISPs in rating for minors).

"Vendors" means the vendors of products, information and/or services via the Internet other than standard dialup access to the Internet. The TIO has jurisdiction over consumer issues relating to carriage service provision.

"Web Page Developers" means those who make Web Pages for users on a paid consultancy basis. The draft definition included gratuitous services and automated web page creators.

"working day" means any day excluding public holidays.Customers need not wait until Monday for service from an ISP.

Clause 5 suffers from being both too broad , and too narrow. Firstly, it is too broad as the Internet Industry will in due course include providers of every sort of service. Is IIA to claim jurisdiction over the whole workforce?

Secondly the definition elevates the importance of Code Compliance for small ISPs. Not many hobbyist ISPs will be members of IIA, but with Federal transmission offences in place the importance of Code Compliance becomes equivalent to the licencing of ISPs. It is submitted that IIA give serious consideration to permitting small ISPs to certify as Code Compliant without membership of IIA or affiliates.

It is submitted that Clause 5 be re-examined with a view to acknowledgement of the dual problems of a monopolist position by IIA and the legal necesssity of obtaining Code Compliance certification.

Proposed amendment to Clause 5 as follows :
"This Code is intended to cover ISPs and Web Page Developers. "
In many respects it would be preferable to sever the obligations of Web Page Developers from those of ISPs, as the businesses are related but fundamentally different. An ISP merely provides bandwidth, albeit as a value-added service. A Web Page Developer provides content, and therefore has responsibilities as author and publisher that an ISP does not. However, the definition of Web Page Developer has been modified to restrict the application of the Code to professional firms.

Clause 6(a):
(delete reference to users' obligations under the Code. Only Code Subscribers have such - in the event that a User Code becomes necessary it should be developed by a User organisation.)

Clause 7.1 (a) :
(delete "physical location" and replace with "postal address"). It is too important to be a Code Subscriber for a business to be excluded if it does not have a physical address at which it is prepared to accept customer enquiries. Some people have reasonable privacy concerns at having their physical address widely published - it would mean that a person who wished to keep their physical location secret for lawful reasons could not be an Internet business proprietor. This is an unnecessary Industry condition, whether or not Governments permit sole proprietors to trade without a registered business address. While it is desirable for businesses to have a physical location specified to each new customer, it should not be mandatory under an Industry code.

Clause 7(1)(b):
(delete - non-ISP Code Subscribers have no arguable reason to do this, and the Administrative Council has no experience in preparing Acceptable Use Policies for customers. User input is needed.)

Clause 7.4(e):
"engage in or assist in the practice of spamming."
Mere advocacy of spamming ought not be an offence.

Clause 7.5:
(either detail in full here, or delete)  

Clause 7.6:
(delete. Why should ISPs provide means of contact to Relevant Authorities ? It is up to the Relevant Authorities to establish email , facsimile and telephone contact facilities, ISPs need merely provide contact details.)

Clause 8.1(c):
"not sell or exchange the business records or personal details of a user without the user's consent."
If there is to be an Industry standard of respect for users' privacy , it should be confirmed that a user's consent is necessary for the exchange of private details (including credit card details) in every case.

Insert new 8.1 (e):
(e) comply with Privacy Principles released by the Office of the Privacy Commissioner.
Clause 8.2:
Delete "or implied". This invites weakening of the whole section relating to privacy. 

Clause 9.1(a):
"...relevant and reasonably necessary..."
Some Code Subscribers may have elevated notions of the measures and details they need for credit control.

Clause 9.1 (b):
"for other legitimate purposes with the express consent of the user."
Topical consent is not acceptable - the user ought to be asked to consent to the particular details to be collected.

Clause 9.2(a):
"the Code Subscriber's own billing and other purposes necessary for the provision of the service, or"

Clause 9.2(c):
(delete, not required due to change to 9.1(b) ).

Clause 10.1:
"...will not knowingly place content on the Internet that would be Illegal Content at the place of storage."
There is no escaping the problem that arises wth differing State and Territory rules as to content provision - "Illegal Content" must mean "illegal content at place of storage" , otherwise one State or Territory will dictate what the rest of the Internet can host.

Clause 10.2:
(should be deleted entirely , or at least limited to:
"Code Subscriber Content Providers will, where technically feasible, ensure that services which are designed to cater only for mature adults are:
(a) accompanied by on-screen warnings as to the type of content available ; or
(b) managed by subscription enrolments to exclude subscribers under the age of 18 years. )

Clause 10.3:
"A Code Subscriber Content Provider shall have complied with 10.1 if, on written requirement of a Relevant Authority to remove the Illegal Content, it does so."

Clause 10.4:
(delete) There is no point in mandating standards that will never be implemented. If and when satisfactory labelling schemes are developed, then will be the time to consider setting Industry standards. The absence of user input into this process is especially regrettable.

Clause 10.5(a):
"Code Subscriber Content Providers will not knowingly place material in infringement of copyright on the Internet which would offend applicable laws relating to possession of infringing copies or unauthorised transmission of copyright material".

Clause 10.5 (b):
"A Code Subscriber Content Provider shall have complied with 10.5(a) if, on written requirement of a Relevant Authority to remove the copyright material, it does so."

Clause 12:
(delete 12.1 (b)) ISPs are not content providers. Users are not IIA members.
(delete 12.2) ACIF has no such Code.
amend 12.3 "A Code Subscriber ISP will agree with each user prior to engagement..." 
amend 12.3(d) an Acknowledgment that the Code Subscriber ISP must comply with this Code.

If a user is a Content Provider, that user should be in a position to obtain Code Compliance direct. ISPs should not entertain any notion that they may be responsible for user conduct by failure to obtain a signature.

insert new Clause 12.3 (g)
"any limitations on the connectivity to the Internet or Internet services provided by the Code Subscriber".
ISPs should be required to provide full details in their user contracts about any content filtering mechanisms they deploy, and any technical limitations such as traffic shaping or download limits.

Clause 13:
(delete in total)
There is no benefit for the Internet Industry or Internet Users in attempting to censor through labelling or rating systems. Software filters are token efforts, and mislead consumers into the belief that the Internet can be sanitised.

There is no reasonable likelihood that labelling of content using PICS facilitated or similar protocols will become mandatory for content providers worldwide - especially as the United States may find this to be an unconstitutional violation of free speech.

As such, clause 13 is to the detriment of the Australian Internet Industry as it will make Australian businesses uncompetitive, is contrary to user interests as censorious and misleads the public into a belief that the Internet generally adopts such labelling.

Clause 15.1 amend to :
"The Administrative Council shall be made up of 5 members as follows:
(a) an independent chairperson elected by Code Subscribers annually.
(b) two representatives from the Internet Industry elected by Code Subscribers annually.
(c) a user representative nominated by the Australian Consumers Association.
(d) a legal expert nominated by the Board of the IIA.

Clause 15.2
(amend terms of office as per 15.1)

Clause 15.4(b)
add "users"  to dotpoint four.

Clause 15.6(a)
add "users and the general public"

Clause 15.6(c):
"... to each Code Subscriber and advertise the proposed amendment publicly."
Clause 15.6(e):
"...from Code Subscribers, users and the general public."
Clause 15.6(h)
" each Code Subscriber and to the general public."
Clause 15.11:
(delete) The clause is contrary to justice.
Clause 16.2 (a):
"direct the user to the IIA to determine whether the complaint can be resolved online or by telephone, post or facsimile by the IIA, and"
Clause 16.3(d):
"unless the parties agree otherwise, the mediator shall first attempt to resolve the complaint online or by use of telephone or facsimile. Should this fail, the mediator shall set a time and a place reasonably convenient to both parties to conduct a mediation."

Clause 16.3(e):
"unless specifically ordered to the contrary, the reasonable costs of the mediator will be borne equally by the parties to the dispute and each party shall bear its own costs, including legal costs."
Clause 17.1:
(query why definition clause 4 specifies "approval of Administrative Council" as well. Which is it?)
(see remarks re clauses 1 and 5.
Clause 17.4
(rework whole process. Suggest that on the receipt of a complaint, the Code Subscriber be required to respond in a reasonable time to a query from the Chairperson, failing which the matter goes to the Administrative Council for order to comply with a specified Notice.)

Unless the Code abandons content regulation as an aim, it represents a serious threat to free speech and consumer choice. EFA regards the dangers of private censorship as more of a proximate threat to Internet freedom of expression than the potential for muddle-headed legislation. Accordingly, EFA will be demonstrating the absurdities of reliance upon software filters and campaigning against the use of rating systems as priorities for this year.

EFA believes that it can be demonstrated that software filters are ineffective by any criterion, and will be urging user boycotts of ISPs that censor content. ISPs that censor content are arguably in breach of contract, notwithstanding disclaimers, and EFA will encourage users to exercise their rights of freedom of expression within the law.

Specialist ISPs may choose to offer filtered access to content, but such specialised obligations
which they may choose to undertake should not be imposed on all ISPs. In general, a filtered access to content is not desired by users. More importantly, no ISP can guarantee to filter all controversial material from a filtered-access account.

It is a matter for IIA as to whether they wish widespread Industry adoption of the Code or not. Other organisations , such as WAIA , SAIA and SPAN already claim coverage of the Industry and have established office-bearers and policies. Organisations such as ISOC-AU and ACS have arguable roles in drafting Industry codes and may not require costly membership fees and such inflexible adminstrative procedures. At very least they will not have a government appointee as the Chair.

EFA calls upon IIA to redraft the Code in terms of the real role of ISPs - to provide connectivity and services to users. The censorship role for ISPs envisaged by some is unachievable and contrary to civil rights - and IIA adopts the role of censor at the risk of its Industry credibility. 

Kimberley Heitman,

Chairperson, EFA

22nd March 1998