30 September 1999
To: IIA Code Review Working Group
[email protected]
Dear Sirs
Subject: IIA Code of Practice (Draft Version 5.0)
Electronic Frontiers Australia (EFA) thanks the Internet Industry Association
for the opportunity
to review the latest draft code, and we submit the attached comments.
We would appreciate the opportunity to further discuss the issues raised
in due course.
Yours sincerely
Greg Taylor
Vice-chair
on behalf of the Board
Electronic Frontiers Australia (Inc)
EFA Response
to
IIA Draft Code of Conduct, Version 5.0
(Code URL: http://www.iia.net.au/code.html)
Executive Summary
1. While EFA acknowledges IIA's efforts to implement an alternative
to the more draconian provisions of the Broadcasting Services Act (BSA), the
proposed alternative is vaguely defined, requires users to be
willing participants in a charade, and potentially exposes users
to privatised censorship even worse than the government mandated
regime.
2. The Code wrongly requires ISPs, Content Providers and ordinary users
to adopt controversial and discredited labelling technologies, to "guess"
as to classification categories and to risk losing Code Compliance if they
fail to do so.
3. The Code places unreasonable obligations on users to self-censor
their Internet access, and even their private E-mail, far beyond any requirement imposed by law.
4. The Code places unreasonable obligations on Content Host subscribers
to second guess the likely classification of online material, far
beyond any requirement in law.
5.Further consumer and privacy protections are necessary to promote
Australian e-commerce.
6. Definitions within the Code are careless and vague. The term
"make available" has been used to avoid logical inconsistencies with
the word "publish", but in doing so it has reopened liability on the part
of ISPs for a user's content, and made hyperlinks an offence under
the code.
7. While the composition of the Administrative Council
has been improved, it is inappropriate for both user representatives
to be appointed by the Australian Consumers Association.
8. The Code attempts to cover Internet Access Providers, Commercial
Content Providers, E-Commerce Vendors and Programmers under one Code,
which leads to many inconsistencies.
9. The Complaints mechanism needs to be reviewed so as
propose a more logical sequence of entities or authorities that should
deal with successive escalation of a complaint.
10. The vague term "Relevant Authority" is used indiscriminately
throughout the Code. The intent would be much clearer if the
authority was explicitly named in each case.
11. Although the Code claims to meet the requirements on the
BSA, there are a number of areas where are inconsistencies between
the Code and the BSA requirements.
Introduction
This version of the Code has been prepared in a climate of
self-regulation imposed under threat of Government intervention.
In seeking to absolve
Code Subscribers from the more draconian aspects of the recent amendments
to the BSA, IIA has placed users in a situation
where they become unwilling participants in a self-censorship regime.
The Code is based on a narrow view of the Internet in which users are passive
consumers of content, products or services provided by commercial content
hosts, a view apparently shared by some sectors of government who appear
to view the Internet as a form of pay television augmented
by home shopping facilities.
The mantra of industry assisted user empowerment now being chanted
by IIA perpetuates this view. Users are already empowered, but they
are rapidly being disenfranchised by governments and industry bodies
intent on viewing the Internet solely as a tool for commerce.
The most participatory medium for democracy and freedom of expression the
world has ever
seen is being systematically eroded by increased restrictions imposed under
the guise of self-regulation. Instead of being willing participants
in this destruction, IIA and the government would be better advised to
encourage greater participation, rather than chill creative thought
by the combination of subtle threat, vague references to legal liabilities,
and the charade of privatised censorship inherent in the new "alternative
access prevention" arrangements.
IIA seems to be operating under the sincere but misguided notion that
it should be seen to be out-censoring the censors, since many provisions
in this version of the Code contain baggage from previous versions
that go beyond even the requirements of the BSA.
Notwithstanding the provisions of the BSA, the Federal Government has
indicated in the past that it is Government policy
that material accessed in private homes is not to be subject to censorship
as stringent as that applying in cinemas and public places.
"The hire or
purchase of a video involves a conscious choice by a person. In relation
to denying access by children to unsuitable material so obtained, this
is a matter which falls directly into the area of parental responsibility.
There are definite limits to what Governments can do or be expected to
do in controlling what occurs in individual homes. The fact that some parents
may act in what some may consider to be
an irresponsible manner in this area is not an adequate excuse for
curtailing the availability of material to adults generally (which could
be the case if `R' rated material is to be classified at a higher threshold
for videos) or parents who do act responsibly."
(
Australian Senate Hansard for 2nd July 1998,
Community Standards Committee Report: Government Response)
It is strongly arguable that accessing material on the Internet involves
as conscious a choice in the case of adults, and parents have the option
of password-protecting a home computer against unauthorised access by children
- an option not available for home videos.
Furthermore, it is not Government policy that ISPs should police the Internet. The
Attorney-General, Daryl Williams QC, stated in a letter to The Australian
newspaper printed on the 17th November 1998:
"...it is not the Federal
Government's view that Internet service
providers police the Internet or vet on-line content. Rather, the regulatory
scheme being considered by the Government contemplates that ISPs respond,
within a reasonable time-frame, to complaints made to it [sic] concerning
objectionable material. That does not require any special vigilance on
the part of ISPs, nor does it impute liability for carrying objectionable
material to ISPs where the ISPs have not knowingly created or provided
that content."
EFA submits that IIA's plans to censor the Australian Internet is more
restrictive than the legislation recently passed by the Federal Government,
and questions whether IIA considers this necessary, or whether these
provisions are unnoticed leftovers from previous versions of the Code.
Despite the encouraging indications that user-empowerment may be embraced
by the government, the provisions of the IIA Code are more censorious than
any Government could or would enforce - and the requirements of adhering to
the IIA's peculiar fascination with labelling and rating systems would be
onerous to ISPs, Content Hosts and users. Obeying the IIA Code would be at huge
cost for content providers and hosts - not only would there be the need to consult professional
experts to classify content, but also a reduction in business as content
hosts and users go offshore to avoid those requirements.
The Code of Practice would be much more relevant to the needs of the total Internet
community if it addressed rights of users to:
- satisfactory standards of service
- freedom of expression
- commitments to user service
- promotion of Australian content
- security assurances
- verifiable billing methods
- reasonable terms and conditions of access.
EFA calls upon IIA to enter into discussions with privacy advocates,
user groups and consumer organisations to develop Code provisions that
would improve the Code from the user point of view.
One of the principal difficulties of
portions of the Code requiring its ISP subscribers to "encourage" behaviour
on the part of users is that certain ISPs will put tough terms and conditions
into Internet Access contracts with a view to ensuring that they accept
the "encouragement". Thus, a provision that ISP subscriber should "encourage"
users to label content swiftly becomes compulsory when the ISP makes
it a condition of access.
For this reason, EFA must take a firm position against propositions
in the Code which, if vague or ambiguous in an attempt to mollify criticism
from censors and users, may nonetheless be used by ISPs and Government
to justify compulsion. A clause in the Code requiring ISPs to encourage,
advise or persuade users to act in a certain manner may be interpreted
by ISPs or regulatory agencies such as the Australian Broadcasting Authority
as a positive obligation, to be a requirement of the Internet Access contract
terms and conditions.
Essentially, EFA
considers it is time that IIA recognise that labeling technologies are
highly controversial, and should not in any way be compulsory. As such,
much of the Code that relates to ratings, classifications and Prohibited
Content needs extensive amendment.
As the motto of the Internet Society says, "The Internet
is for everyone." EFA shares that view with our colleagues in ISOC.
We invite IIA to consider adopting the same philosophy.
Index to comments on particular sections of the code:
Detailed Comments on the Code
Extracts from the Code are shown throughout this document as indented italic text.
1. PREAMBLE
...
1.4 IIA has also endeavoured to make
this code consistent with the OECD Guidelines on the Protection of Privacy,
and the National Principles for the Fair Handling of personal information,
the Trans-border Flows of Personal Data, the OECD Draft Recommendation
of the Council Concerning Guidelines for Consumer Protection in the Context
of Electronic Commerce (http://www.oecd.org) the UNCITRAL Model Law on
Electronic Commerce (http://www.un.or.at/uncitral/english/texts/ index.htm)
These are lofty statements, but there is no strong evidence of understanding
of the full breadth of the privacy agenda, particularly in relation to
access monitoring and other content restrictions.
The URL for the UNCITRAL model is no longer current.
1.5 In relation to content control,
IIA recognises that the Internet should provide a means to enable control
of access to content while acknowledging it is impractical to filter all
Internet content. Accordingly, IIA endorses methods by which content can
be recognised and possibly excluded by content filter technologies as the
most practical means of empowering responsible adults to control access
to the Internet to determine appropriate controls on content. The present
version of the Code incorporates amendments to bring it into line with
the requirements of the Broadcasting Services (Online Services) Amendment
Act 1999, which amends the Broadcasting Services Act 1992.
The paragraph is contradictory. While acknowledging that filtering isn't
effective, Code subscribers must endorse its use. This central contradiction
has led to ambiguous obligations elsewhere in the Code, which essentially
require ISPs to pretend that labelling and rating technologies are workable.
EFA opposes labelling and rating systems for simple reasons:
(a) They don't work as advertised;
(b) They block 99% of content if used as recommended (blocking non-rated
sites);
(c) They don't block more than a tiny fraction of controversial content
in normal use (blocking by keyword or URL); and
(d) They mislead parents and educators into a belief that supervision
of a child's use of the Internet is unnecessary.
Even if it is a matter of debate that software filters have so far failed
to deliver, there is a considerable body of informed opinion that has determined
this. Unless the IIA is being deliberately divisive, it should acknowledge
that the use of software filters is controversial within the ISP industry
and there are a large number of ethical ISPs who will never recommend to
parents that they delegate parental responsibility to a computer program.
Note also that "all Internet Content" includes material that is not
accessed by web browsers - and to date many filter products ignore
ftp, email or IRC. Concentration on censorship of the Web is likely to
become an anomaly of history as new tools are developed to operate over
the Internet.
1.8 This Code is intended primarily
as a business to consumer scheme, recognising that business to business
transactions are generally subject to existing commercial modes of dispute
resolution and redress. Limiting the code in this way is also consistent
with its primary objective which is to raise consumer confidence in the
use of the Internet generally, and for purposes of e-commerce in particular.
Accordingly, the dispute resolution processes are confined to business
to consumer relations. This will not, of course, limit the desirability
of Code subscribers adhering to the relevant principles and processes of
this Code when dealing with other businesses.
Again, by focussing on the Internet purely as a means of conducting
commerce, the Code threatens to alienate a significant proportion of the
Internet user population, e.g. the educational and research communities,
community organisations, NGOs, writers, poets and ordinary users who
utilise the Internet as a publishing medium.
1.9 This Code has been drafted to
provide for the registration of parts (�modules�) as discrete codes with
relevant authorities where applicable. It is the intention of the Code
drafters that the general provisions of the code will apply to all parts
and will apply in addition to the provisions of each module.
This is a curious approach. Admittedly the BSA calls for Codes of Conduct
with a very narrow focus, but IIA will serve the industry poorly if it
supports multiple codes regulated by numerous government agencies.
It seems that IIA is aware of the folly of attempting to obtain
coverage of too many disparate parts of the industry with a single Code.
However, the Code would be more credible if it was split into two
separate Codes, one for ISPs and another for ICHs. The attempt to include
such incompatible groups as Vendors and Web page developers under an
all-embracing code weakens the structure and leads to huge anomalies,
as is pointed out later in this analysis.
2. OBJECTIVES
2.1 The aims of this Code include:
(a) to establish confidence in and encourage the
use of the Internet;
It is unlikely that the public will gain much confidence from a Code which
shares the government's myopia about "unsuitable" content. IIA should
be prepared to take a stand for the proposition that the Internet is an
adult medium with a huge variety of content, and ISPs are not content providers.
The nearest analogy for the Internet is the telephone, not the television. There
are several provisions in this Code where IIA attempts to impose
censorship on users beyond any requirements under Federal or State law,
existing or proposed.
(b) to support systems for - management of access
to content on the Internet including, without limitation, resource discovery
schemes and metadata systems;
Classification of Internet content is an unworkable objective.
It may be highly desirable for IIA to promote
development of search engines, and this is at least an aspiration consistent
with IIA's objects of association.
Existing content classification (rating and labelling) systems
do not assist users to locate appropriate material, they merely block access
after material has been located.
The clause should be changed to limit its scope to development of
resource discovery schemes.
(c) to improve the fairness and accuracy of disclosure
to users of the Internet and the community in general;
As long as the Code continues to deceive users about the practicality of
rating systems, and to unreasonably dictate user behaviour, this objective
will not be achieved. Worryingly, the term "user" is later defined to
be a resident of Australia, a matter which will do little to develop
overseas user confidence in Australian E-commerce.
(d) to provide standards of confidentiality and privacy
afforded to users of the Internet;
The same comment about the definition of "user" applies here. Furthermore,
users can have little confidence that their privacy is respected when later
sections of the code impose unnecessary and unlawful restrictions on material
users may access. This unfortunately raises the alarming prospect of
monitoring of user activity by ISPs.
(e) to provide a transparent mechanism for complaint
handling for the Internet industry and ensure that
complaints against Code Subscribers are handled in a
fair and efficient manner.
IIA will need to work hard to establish sufficient credibility with the
user base as to justify its claims to provide a mechanism for dispute
arbitration. The sections of the code dealing with this issue are
confusing, and appear not to recognise the statutory role of the TIO
in this matter.
(f) to promote positive user relations with the Internet
industry.
A great deal of work needs to be done to this code before this objective
can be realised.
3. PRINCIPLES
...
(a) as far as possible, there should be "electronic
equivalence" i.e. behavior and transactions that can take place in the
real world should be permissible over the Internet without additional requirements
or restrictions;
Voice communications over the telephone,
fax communications and video conferencing are scarcely regulated at all,
as laws of general application cover all conceivable crimes. There is no
reason why Internet data communications should be treated differently.
Furthermore, this lofty principle fails to take account of the reality
of the BSA, which legislates that content that is perfectly legal
to publish in other media is illegal on the Internet.
(e) the responsibility for content made available
on the Internet rests with the relevant Content Providers;
Although the term Content Provider is now defined to include only commercial
providers, a change which EFA supports, this clause still invites a legal
liability on the part of ISPs for the content of users. This is yet
another example of the futility of attempting to force the Internet to
into analogy with broadcast media.
(f) the privacy of users� details obtained by Code
Subscribers in the course of business will be respected.
The definition of "users" as Australian residents is again raised as
a problem in respect of adherence to this principle.
4. TERMINOLOGY
...
"Content" means all forms of information and,
without limitation, includes text, pictures, animation, video and sound
recording, separately or combined, may include software and includes a
"Content Service" within the meaning of the Telecommunications Act,
1997.
This is poor drafting. Content is surely not intended to include "all
information", nor can content include a "content service".
"Content Provider" means a person who, in
the course of business, makes available the content of a Web Site or database
on the Internet and includes:
....
-
"content service providers" within the meaning of the
Telecommunications Act, 1997,
but not a person who simply provides an automated general-purpose
search engine, catalogue or directory service or similar automated service
This clause can be construed to mean that IIA now claims to provide
coverage for cable television operators etc.
"ISP" stands for Internet Service Provider
and includes:
-
those providing connectivity to the Internet.
-
"carriage service providers" within the meaning of the
Telecommunications Act, 1997 who provide access to the Internet.
-
those persons so defined by the Broadcasting Services
Act, 1992 (as amended).
This is a wider definition of ISP than in the BSA. Does IIA intend
the definition to include schools, universities, computer clubs, user groups,
companies etc. who provide connectivity to the Internet? If so,
there are anomalies
created in respect of the intent of the Code to cover only commercial
activities. It is unlikely that any providers of Internet connectivity
outside the traditional definition of ISP would be candidates as
subscribers to the Code.
"Newsgroup" means a public discussion group
forum within Usenet.
The term does not appear anywhere in the Code, and in any case suggests
a misunderstanding of the scope of Usenet.
"Potentially Prohibited Content" means that
content so defined by the Broadcasting Services Act, 1992 (as amended).
The term defined in the Act is Potential Prohibited
Content.
"User " means a user of the Internet who is
resident within Australia.
As pointed out earlier, this narrow definition places overseas customers
of Australian Code Subscriber sites outside the coverage of consumer
protection and privacy provisions under the Code, surely not a desirable
objective if Australia is be a serious player in global Internet commerce.
This is an example of the type of anomaly created with an all-purpose
Code.
5. SCOPE
5.1 This Code is intended to cover
those who agree to be bound by the Code and whose business is to provide
the products and services that comprise the Internet or who make use of
the Internet to supply or service their customers.
This implies that the Internet comprises only products and services
provided in a business setting. Re-wording is called for.
7. GENERAL CONDUCT OF ALL CODE SUBSCRIBERS
...
7.3 Code Subscribers will:
-
a. not inaccurately represent the benefits of their product
or service.
-
b. not engage in conduct that is misleading or deceptive,
within the meaning of the Trade Practices Act 1974.
-
not engage in conduct that is in all the circumstances
unconscionable, within the meaning of the Trade Practices Act 1974.
These provisions do not add to the law applied through legislation, and
restatement in this Code tends to suggest that other matters will not receive
the sanction of being a breach of the Code. If designed as a primer for
ISPs of matters considered unlawful, it lacks accessibility - but it certainly
does not cover all conduct by an ISP business that may breach the law.
8. COLLECTION AND USE OF USER DETAILS
8.3 Code Subscribers will collect details
relating to a user only:
(a) if relevant to or necessary for the provision
of the service or product that the Code Subscriber is engaged to provide,
This is unacceptable, as the ISP determines what is "relevant and necessary",
and there is no requirement of express user consent. This could lead to
breaches of privacy such as the ISP demanding that users turn on Caller
Line Identification.
8.4 Code Subscribers will take reasonable steps, having regard
to the nature of the information, to ensure that information
collected in relation to a user:
(a) to the extent that it comprises business records
or details in relation to a particular individual, can be checked by a
user.
All information collected in relation to a user should be capable of being
checked.
9. CONDUCT OF CONTENT PROVIDERS
9.1 Code Subscriber Content Providers
will not knowingly place on the Internet, or allow to remain in an area
over which they have control and the technical ability to remove, Prohibited
or Potentially Prohibited Content.
Whether intended or not, this suggests that Content Providers must make
judgements about future classification decisions of the OFLC. Under the Act,
Prohibited Content refers only to material that has been
classified by the OFLC. Potential Prohibited Content requires a value
judgement that Content Providers should not be called on to make.
On the other hand, the wording of the following clause 9.2 suggests that
9.1 is included so as to comply with Section 30 of the BSA Bill. If that is so, clause 9.1 misreads the
intent of the legislation. Content Hosts are only required to remove
Potential Prohibited Content following a complaint to the ABA,
and then only if the ABA determines that the content
is likely to be classified X or RC. Potential R-rated material is not
required to be taken down until after the classification decision confirms
the ABA's opinion. Even then, the material may remain online if
a restricted access system is subsequently implemented.
This clause needs to be re-written. As it stands, Content Providers
are required to make value judgements to determine
if their content may be Potentially Prohibited Content. EFA contends
that clauses 9.1 and 9.2 are redundant, since obligations in relation
to content are now covered by the BSA and there is no longer any
justification, if indeed there ever was, for IIA to require its Code
Subscribers to self-censor.
The intent of Clause 9.1 is made more obscure by the use of
both terms Content Provider and Internet Content Host in the Code.
Only the latter term is used in the legislation, and it is
therefore unclear why a Content Provider would be
the subject of take-down notices unless these terms are
interchangeable.
Subject to satisfactory explanation of this problem, Clause 9.1 could be
made acceptable only by removing reference to "Potentially Prohibited
Content".
Classification issues
9.2 A Code Subscriber Content Provider
shall have complied with Clause 10.1 if, on being advised in writing by
a Relevant Authority, that Prohibited Content exists or remains at a Web
Site or other content database within its control, it removes that content.
Presumably the reference to 10.1 should read 9.1. As explained above,
this clause is redundant. It also misreads the intent of the BSA
since Prohibited Content that has been classified R may legally remain
online if subject to a restricted access system. If IIA insists on
restating obligations under the BSA, it should
include the further requirement that Potential Prohibited Content
must be removed if an Interim Take-Down Notice is issued by the ABA,
which will occur if the ABA believes the material is likely to be
classified X or RC.
9.3 Code Subscriber Content Providers
will not knowingly place invitations or directions (including hyperlinks)
to Prohibited Content. However, Code Subscriber Content Providers are not
required to restrict or filter the results presented by automated general-purpose
search engines, catalogues or directories.
This is a wholly unnecessary and unjustified ban on links.
IIA should consider the "slippery slope" of making Content Providers
responsible for hyperlinks. Links to active or changing material
may result in liability under the Code where none would exist in criminal
law, and "links to links" would invite liability based on an arbitrary
degree of separation. There is no prohibition under the BSA against
hyperlinking to all classes of Prohibited Material and it is
unreasonable for IIA to impose unnecessary and onerous restrictions
that are not required in law.
It is an offence to advertise Child Pornography under laws of general
application, and criminal law provides the best means of establishing whether
a link has that effect. This clause should be deleted in its entirety -
it exceeds legal liability for similar "references" in an offline context.
9.4 Code Subscriber Content Providers
will not use inaccurate or misleading descriptors
in their metatags, or other coding by which means their pages can be located
by automated general-purpose search engines, so as to misrepresent the
Content contained on the relevant page or pages to which the metatags or
coding applies.
This is a broad requirement, and would require Content Providers and ISPs
to make judgments as to whether a meta-tag is "misleading". There is no
established principle of law that misleading a search engine is an offence.
The real problem with
this clause is that, whatever the motivation, it imposes a burden of content
classification that is too broad to be implemented.
Worse, the clause invites the Government to criminalise mis-rating of
web pages - obviously a compulsory rating system will only work if mis-rating
is strongly discouraged. It is beyond the capacity of the average
Content Provider to determine whether a rating is precisely correct
when fine gradations of rating may well be a matter of opinion. Effectively
this clause would result in web pages having to be rated by experts, and
at considerable cost.
9.6 Code Subscribers Content Providers
will take reasonable steps to ensure that any services providing Content
in an area over which they have control will support appropriate ratings
technologies and are encouraged to classify and label Content in accordance
with the system or systems recommended by the Administrative Council or
the IIA from time to time.
This clause should be deleted.
Ratings systems have failed dismally, and there is too much content
already unrated on the Internet to ever classify manually. Content Providers
such as news services are never going to be in a position to rate active
content.
The Administrative Council should not be given the power to enforce a
failed technology at its own whim.
Whether or not services providing content support rating technologies
depends on technological development, not on content providers. Reasonable
steps should therefore be defined. It is inappropriate for the Code to
restrict Code Subscriber Content Providers to providing content only by
means which support rating technologies. For example, it is not technologically
possible to embed rating labels in web pages dynamically generated from
databases, nor in PDF documents and other documents created to be securely
verifiable. As evidenced by Government web sites, documents which do not
support rating systems are an increasingly common means of providing content. While
it is possible to associate labels with such content, specialised software
is required to be installed on servers, there are few products available,
cost is a significant issue and installation is outside the control of
most content providers.
An example is the law service Austlii
- it contains a massive database of legal materials, including judgments
from criminal law cases and family law cases. Some of the material is unsuitable
for children, some is actually Refused Classification - but as the material
is released from the Attorney-General's Department without content rating
or labels it is beyond the resources of a sponsored organisation to have
it rated by a third party. If a requirement for content rating is made
compulsory, public resources such as Austlii would be at risk.
Content Provision on the Internet is a series of niche markets, each
with its own dynamics and consumer issues. By trying to lump all Content
Providers together, IIA attempts to have rules covering sites which have
no controversial content (but high privacy and e-commerce considerations)
as well as those that have controversial content with or without commercial
considerations. It would be far preferable for IIA to focus on the role
of Carrier Service Providers rather than Content Providers, as the latter
have a more diverse market and wholly differing consumer issues.
10. CONDUCT OF VENDORS
...
10.11 Code Subscriber ISPs are encouraged
to include in an acceptable use policy or other like document a requirement
that subscribers refrain from sending Unsolicited Email, nor provide any
Content or service that relies on Unsolicited Email, subject to the whatever
penalties apply for breach of the ISPs policy.
10.12 Code Subscribers ISPs are encouraged
to provide a means by which the sending of Unsolicited Email can be notified
to the relevant ISP for investigation and possible action under the acceptable
use policy
10.13 Code Subscriber ISPs are encouraged
to install relay protection on their mail servers, so that the senders
of Unsolicited Email cannot disguise the origin of that email so as to
escape detection or penalty where applicable.
These clauses relate to ISP responsibilities.
An industry-wide policy protecting
user privacy and reducing the exploitation of email facilities by mass
commercial mailouts is necessary. This clause purports to affect the
conduct of commercial interests, but does not define the problem or
recommend suitable policy.
11. GENERAL CONDUCT OF CODE SUBSCRIBER ISPs
11.1 Prior to entering into an agreement
to supply Internet services, Code Subscriber ISPs will make available to
each user:
(b) an acceptable use policy identifying unacceptable
conduct that may lead to:
-
requiring the Code Subscriber ISP to take remedial action
under this Code, including removal of unacceptable Content, or suspension
or cancellation of the user's account; or
The term "unacceptable content" is not defined, and a condition of this
nature appears designed to intimidate users into self-censorship. An open-ended
policy condition gives the ISP free reign to censor material without
reference to established guidelines.
12. ISP OBLIGATIONS IN RELATION TO ACCESS TO CONTENT
[Content regulation modules]
EFA notes that this section refers to "ISP" rather
than "Code Subscriber ISP". Presumably there is deliberate intent
that this section of the Code might apply to all ISPs under an ABA
declaration. Given broad definition of the term "ISP" in the Code,
careful consideration must be given to potential problems in this section,
especially as it may assign obligations to groups such as schools, universities
and corporate entities.
12.1 This part comprises two sections or �modules� (sections
12A and 12B) dealing with domestic and international Internet access. Each
is intended as a discrete code for the purpose of registration with the
ABA and has been drafted to comply with the requirements of the Broadcasting
Services Act 1992 (as amended) applying to ISPs.
The proposition that separate codes should apply to domestic and international
access is at variance with the express intent of the BSA, and makes no
sense in terms of ISP obligations or user experience. Users do not
necessarily know the location of a particular website, and the distinction
between domestic and overseas content, while of jurisdictional importance
under the BSA, does not warrant discrete codes for the purpose of
registration. These sections should be amalgamated into one code module,
with redundant clauses omitted.
12A ISP Obligations in Relation to Access to Content Hosted Within Australia
...
12A.2 ISPs will take reasonable steps to ensure that Internet
access accounts (�access accounts�) are not provided to persons under the
age of 18 years without the consent of a parent or responsible adult. For
the purposes of this obligation, reasonable steps shall be taken to mean
either:
(a) limiting the opening of access accounts by means of a valid credit
card; or
(b) by requiring any application to open an access account to be accompanied
by some other from of identification by which the age of the person wishing
to open the access account can be reasonably ascertained.
Given the broad definition of the term ISP as referred to previously,
and the potential for the schools and universities to offer Internet
access to students under 18, this is an unworkable restriction.
An absolute prohibition on minors obtaining an internet account without parental
or guardian's approval is not required by the Federal law, and has only an
incidental relationship with minors accessing unsuitable material or
minors accessing material illegal to Australian adults. IIA needs to
justify why a minor should not be able to use the Net without parental
permission.
12A.3 ISPs will encourage those of their subscribers
who are Content Providers to use appropriate labelling systems, in respect
of Content which is likely to be considered unsuitable for children according
to the National Classification Code, though not Prohibited or Potentially
Prohibited content.
This suggests a poor understanding of the National Classification Code. The
definition of "child" is any person under the age of 18. Given that
the definition of Prohibited Content includes R-rated material, there is
no scope for any other material that could be deemed "unsuitable for children".
Arguments presented previously about the unreasonableness of encouraging
undefined "appropriate labelling systems" also apply here.
12A.5 Upon written request from the ABA, an ISP will take reasonable
steps to assist the ABA in advising an Internet Content Host with whom
the ISP is connected, that they may be hosting Prohibited Content.
The ABA's obligations are to deal
with Content Hosts, not ISPs. The BSA doesn't permit a breach of user
privacy by an ISP, but this Code makes it a compliance issue.
12A.6 ISPs will take reasonable steps, for example through the
inclusion of a relevant term of the contract of supply of Internet services
or acceptable use policy, to inform subscribers not to place on the Internet,
obtain through the Internet or transmit using the Internet, Prohibited
Content or Potentially Prohibited Content.
This is an outrageous requirement. It is not an offence for
an Australian ISP customer to "obtain" Prohibited Content or Potential Prohibited
Content, except for a narrow class of material in the RC category
(child pornography) that is illegal to possess. Similarly,
the "transmit" restriction could be interpreted, for example,
as making sexually explicit private E-mail between consenting adults grounds
for a breach of an ISP's Terms and Conditions.
This entire clause should be deleted. It has no place in a
Code of Practice.
12B ISP Obligations in Relation to Access to Content Hosted Outside Australia
...
12B.2 ISPs will take reasonable steps to ensure that Internet
access accounts (�access accounts�) are not provided to persons under the
age of 18 years without the consent of a parent or responsible adult. For
the purposes of this obligation, reasonable steps shall be taken to mean
either:
(a) limiting the opening of access accounts by means of a valid credit
card; or
(b) by requiring any application to open an access account to be accompanied
by some other from of identification by which the age of the person wishing
to open the access account can be reasonably ascertained.
This is a repetition of Clause 12A2. Users do not sign up separately for
domestic and international access. It makes no sense to impose an
artificial separation arising from legislative jurisdiction for content
regulation purposes to all aspects of ISP obligations.
12B.3 ISPs who provide Internet access to subscribers resident
within Australia will make available to those subscribers, whether for
a charge or otherwise, at least one of the facilities, products or services
as set out in Schedule 1 of this Code.
[Schedule to be entitled "SCHEDULE 1: Content Control Options". This
schedule will include a list of alternative content control measures including
client side filtering, optional differentiated services, password controlled
limited access systems and other like products or services, provided that
those measures are capable of periodical updates so as to cause the exclusion,
where practicable, of Prohibited Content, according to information provided
in confidence to the suppliers of such measures by the ABA.]
This clause is expressed in extremely vague language, and invites
speculation that this is deliberate. What is meant by the term "make
available"? It is of vital importance that IIA explains whether this is
meant to imply mandatory use of filtering, or if the decision to filter
content is left entirely up to the user. If the decision is entirely
up to the user, the following clause 12B.4 becomes redundant.
It is unreasonable for IIA to issue this draft for comment before Schedule 1
is released. The detail is vital to any responsible debate on the proposed
mechanism for implementing alternative access prevention methods.
12B.4 The preceding Clause shall have no application in
respect of the supply of Internet access services by an ISP to the following
classes of users:
(a) commercial users who already have in place some form of Content
filtering or control, whether by means of firewall technology or otherwise,
such as is likely to make the use of the measures listed in the Schedule
unnecessary or redundant;
(b) schools, educational or other institutional users similarly protected;
or
(c) any other user who has advised their ISP that he or she already
has installed and has operational a Content filtering or other control
measure listed in Schedule 1 of this Code.
This clause is central to the controversial question of whether Australian
Internet users are to be subject to mandatory filtering or are free to
exercise discretion about whether to filter content. The
clause implies that ISPs will impose filtering on all users who have not
advised the ISP that they have alternate filtering arrangements in place.
The Code therefore invites users to lie in order to exercise their freedom
of choice. Users should not have to resort to subterfuge and deceit
in order to dance around the law.
This preposterous charade requires unambiguous explanation. If IIA
has genuinely managed to obtain a concession from government empowering
users to make their own decisions about filtering, in the absence of
mandatory blocking, that needs to be
clearly stated.
Alternatively, if mandatory filtering is to be imposed on all Australian
Internet users who are not prepared to lie about client-side filtering
arrangements, this implements a privatised censorship regime that goes
far beyond the complaints-based regime proposed by the Government.
EFA draws IIA's attention to Section 60 of the BSA Bill:
60 (4) An industry code developed by a body or association must not declare that a specified arrangement is a designated
alternative access-prevention arrangement for the purposes of the application of this clause to one or more specified
end-users unless the body or association is satisfied that the arrangement is likely to provide a reasonably effective means
of preventing access by those end-users to prohibited content and potential prohibited content.
Clearly IIA has an obligation to provide more information on how it proposes
to meet this requirement.
The importance of a clear statement on this matter cannot be overstated.
It goes to the very heart of the rights of users to make their own
decisions about censorship. EFA strongly urges IIA to completely reword these
two clauses so as to remove all vagueness and ambiguity about the intent
and the manner in which the requirements of the BSA might be satisfied.
12B.5 ISPs must take reasonable steps, for example through
the inclusion of a relevant term of the contract of supply of Internet
services, acceptable use policy or notice on their Home Page, to inform
their subscribers:
(a) not to place on the Internet, obtain through the Internet or transmit
using the Internet, Prohibited Content or Potentially Prohibited Content
The comments made in respect of Clauses 12.1 and 12A.2 apply equally here.
13. INTERNET CONTENT HOST OBLIGATIONS
IN RELATION TO HOSTING OF CONTENT WITHIN AUSTRALIA
13.3 Internet Content Hosts must take reasonable steps,
for example through the inclusion of a relevant term of the contract for
Content hosting or acceptable use policy, to inform customers not to place
on the Internet, obtain through the Internet or transmit using the Internet,
Prohibited Content.
The comments made in respect of Clause 12A.2 apply equally here.
Furthermore, the meaning of the term "obtain" in relation to Internet Content
Hosts is obscure. Perhaps this clause has been copied from clause
12A6 without considering the difference in services offered
by an ISP and an ICH.
13.4 When an Internet Content Host is notified by the ABA
that it is hosting on a web server or other content database within its
control, material which is deemed by the ABA to be Prohibited Content or
Potentially Prohibited Content
(a) the Internet Content Host must promptly remove that Content from
the Web Site or database;
The ABA cannot "deem" material to be Prohibited Content. That determination
can only be made by the OFLC. Furthermore, the BSA requires that the ABA
issue take-down notices under threat of severe penalties, not merely
"notify" Content Hosts.
(b) upon doing so, the Internet Content Host must inform the customer
that the customer�s conduct is a breach of the customer�s service conditions
and, if applicable, an offence under law, and further, that a repeat occurrence
will result in the termination of the customer�s account;
Given the arbitrary nature of some of the classification requirements
under the BSA, this is an excessively overbearing requirement. It is not
necessarily an offence to host controversial content that
has not yet been deemed Potential Prohibited Content by the ABA. An offence
is only committed if the content is not removed in response to an ABA
request. Customers of Internet Content Hosts should not be required
to classify their material in advance of any complaint to the ABA or the
issuance of a take-down notice, either in response to a complaint or following
classification by the OFLC.
13.6 Prior to engagement, Code Subscriber Internet Content
Hosts will take reasonable steps to inform users, whether by contractual
notice or otherwise, that the user should obtain legal advice about the
potential liability for the consequences of the publication of material
on a Web Site or content database.
This is a totally unnecessary requirement that can only serve to intimidate
users and chill their freedom of speech. It also invites users to
take the safe path and host their content overseas, an unfortunate
consequence for the Australian industry.
14. CONDUCT OF WEB PAGE DEVELOPERS AND PROGRAMMERS
This section appears to be a token attempt by IIA to obtain coverage
of a section of the industry that has little in common with IIA's
main constituency. The ethical obligations of this group are better left to
professional bodies such as ACS.
15. ADMINISTRATIVE COUNCIL
15.1 The Administrative Council shall be made up of 5
members as follows:
(a) an independent chairperson by the nominated by consensus from
among the industry and user representatives of the Administrative Council
and approved by the Board of the IIA;
Note grammatical error in first line.
(b) two representatives from the Internet industry nominated by the
Board of IIA; and
(c) two user representatives nominated by the Australian Consumers Association.
Notwithstanding the excellent work of the Australian Consumers Association,
this proposal perpetuates the notion that all ISP customers are mere passive
consumers. Furthermore, the ACA does not have a high profile
as a representative of the interests of Internet users.
It is recommended that the two user representatives
be nominated jointly by ACA, ISOC-AU, the Australian Computer Society, ATUG and
EFA. It should not be beyond these groups to develop an appropriate
mechanism for reaching consensus on the nominations.
(e) report to the Relevant Authorities any matters that come to its
attention which in its opinion may be breaches of the law
This may incur upon the Council liability for defamation or breaches of
section 276 of the Telecommunications Act, while the definition of "Relevant
Authorities" remains so vague.
15.12 Each member of the Administrative Council is indemnified
from the funds of the Administrative Council against any liability they
may incur or claim that might be made against them arising from the performance
in good faith of their duties of office.
This is far too broad, and invites irresponsibility and intransigence on
the part of the Council.
15.13 Code Subscribers agree and each person lodging a
complaint under the Code must agree not to make any claim or commence any
action against the IIA, its Board, or any member of the Administrative
Council in relation to any matter related to their complaint.
This is far too broad, and invites irresponsibility and intransigence on
the part of the Council. Attempts to make an ISP's struggle to stay Code
Compliant non-justiciable are unlikely to impress the Courts.
16. HANDLING OF DIFFICULTIES AND COMPLAINTS
16.2 Where complaints cannot be resolved to the satisfaction
of the user within a reasonable time, having regard to the time frame set
out in paragraph 16.1, Code Subscribers will:
(a) direct the user to a Relevant Authority with the statutory jurisdiction
to resolve the complaint; or
Advice to complainants as to complaints procedures
is the task of IIA, not the Code Subscriber under complaint. Again, the
poor definition of "Relevant Authority" makes the operation of the clause
especially problematic.
(b) to the relevant industry dispute resolution scheme with jurisdiction
to deal with the complaint; or where no such body or scheme exists
(c) inform each user who expresses dissatisfaction with the response
of the Code Subscriber to a difficulty or complaint that they may ask for
the matter ("dispute") to be arbitrated pursuant to this Code.
This section appears to imply that the Code Subscriber and the Administrative
Council should be the last resort in cases that are unresolved by complaint
to the TIO.
Given the degree of ISP dissatisfaction with the TIO's dispute resolution
procedures IIA would be better advised to establish a structured
dispute resolution scheme, with escalation leading to a complaint
to the TIO as the last resort, rather than the first resort as this
section implies.
16.4 As a last resort, and in respect of disputes involving
matters within the jurisdiction of a Relevant Authority to adjudicate,
Code Subscribers agree to submit to the jurisdiction of that Authority
for the final resolution of disputes arising under this Code.
This begs the question of what Relevant Authority is intended in
section 16.2(a). This whole section needs to be redrafted to remove
the confusion over multiple Relevant Authorities. The ambiguity
might be also remedied by naming the intended Relevant Authority in every
case where this unfortunate term is used throughout the Code.