1. ISP responsibilities

Published on 25 October 2011. Last modified on 19 April 2012.

When, if ever, should internet service providers be required to take action when content providers don't comply with Australia's classification laws? Is it reasonable to expect internet service providers to help 'monitor the internet'?

Return to forum dashboard >>

Comments (23)

It depends if you want this

Submitted by Nick on 10 November 2011.
It depends if you want this country's laws to be run by self-appointed, outraged, moral-guardians or not.

According to its comment

Submitted by Lin. on 10 November 2011.
According to its comment below, by "internet service providers" the Commission means to include content providers and hosts along with ISPs. This highlights the difficulty I've been having in trying to work out what is meant by most of the proposals for online content regulation in the Discussion Paper: they state a desired outcome (e.g.: "access to content likely to be R 18+ should be restricted to adults") but then leave out essential detail like who is to be responsible for complying (ISPs, hosting service providers, content producers?), whether enforcement measures are to apply only to material hosted in Australia (the BSA Schedule 7 approach, which regulates a few Australian content services that rely on local infrastructure but just drives most material out of Australia's jurisdiction) or material hosted offshore as well (which would be a jurisdictional and administrative nightmare, and would cause serious problems for Australian content producers trying to license their material for international distribution if they could be punished for breaches by international licensees), how new developments like "cloud hosting" will be dealt with, etc (these are not new issues, and ACMA's Broken Concepts paper gives a good rundown of many of the problems involved in online content regulation: see in particular the discussion of the "broken concept" of "content service" on pages 47 and 79). This detail is vital because each proposed measure would in practice have vastly different effects depending on how these problems are dealt with; a proposal to regulate online content that does not clearly articulate how, on what and against whom it is to be enforced is essentially incoherent. If the ALRC's report is going to be a useful guide to reform it will need to provide justified, workable answers and not just identify issues, and if nobody can work out how a measure could be administered in practice it may be best if the measure is dismissed, with reasons, and not proposed at all.

To go into a bit more detail,

Submitted by Lin. on 10 November 2011.
To go into a bit more detail, say person A (an Australian) produces, on a non-commercial basis, some content that would be likely to be rated R and uploads it to commercial advertising-supported website B, which is hosted overseas and provides content for free without a restricted access system. According to the Discussion Paper (e.g. paragraph 6.2), the content must be restricted to adults. Can the Regulator issue a restrict or classify notice to A? Would A, as an individual creating non-commercial content, be subject to an industry code? What if A asks B to remove the content so that A can comply with a notice from the Regulator and B fails to do so - can A be penalised? Would A have to prove that B was no longer licensed to host the content in order to escape prosecution? (see e.g. s 24(5) of the Commonwealth Classification Act.) What if A had published the content under an open licence that is expressed to be irrevocable, like a Creative Commons licence or the GPL v3, and B was hosting the content under the licence? What if, instead of being an Australian individual, A is a multinational company with a presence in Australia and the content is only available to Australians incidentally to its intended publication to people in another country? If A lives in a State which criminalises the online publication of R material that is not subject to a RAS (e.g. South Australia), should the Regulator's jurisdiction exclude State jurisdiction? (which would seem to be possible under the Commonwealth's telecommunications power.) If the content is a game, does the fact that it is likely to be rated above M mean that it must be classified? (keeping in mind that it has been produced non-commercially, but is being hosted commercially.) If so, how is the requirement for classification to be enforced? None of these problems is particularly unlikely to come up in practice; obviously the ALRC isn't going to be able to address all of them in detail but if it's going to make proposals like "all content likely to be R 18+ must be restricted to adults" it will need to be able to come up with rules, or at least consistent principles, that would be able to apply in most cases without producing unworkable or oppressive results. Developing sensible policy for regulating online content is really hard, and the ALRC will need to put a lot more thought into some of its proposals (many of which have been around for a long time, and have always collapsed as soon as anyone tried to work out how they could be implemented) for them to have any chance of moving from the early thought bubble stage to actual law.

Top marks :-) to Lin's two

Submitted by Irene G on 11 November 2011.
Top marks :-) to Lin's two posts above (dated 10 Nov). I take this opportunity to thank the ALRC for providing this discussion forum. Among other things, it's helpfully serving as a sanity check for me - it's of considerable 'comfort' to know that other people are trawling through the spaghetti in DP77 and finding same and similar problems.

Thanks, Irene :). Also thanks

Submitted by Lin. on 14 November 2011.
Thanks, Irene :). Also thanks for posting that reference to the "Safety Net? Inquiry into the Classification (Publications, Films and Computer Games) Enforcement Amendment Bill 2001, Final Report: On-line Matters" (June 2002) report from the NSW Parliament Standing Committee on Social Issues in the RAS forum. For those who haven't read the report (it's easily findable online), it considers and rejects a series of measures for Internet censorship quite similar to some of the proposals in the ALRC's discussion paper. It compares the potential for harm to freedom of expression and legitimate business activity against the benefits of maintaining community standards and protecting children (which it finds to be insignificant, partly due to jurisdictional problems), it considers the likely unintended consequences of the measures, and it looks at censorship in terms of Australia's international obligations. I don't agree with all of its conclusions, but it at least provides enough information to work out how it arrived at them. I urge the Commission to read it closely; it will be disappointing if the Commission ends up making proposals similar to the measures considered by the NSW Committee without acknowledging and addressing the very strong arguments made in the report.

It is not reasonable to

Submitted by Oliver Yeudall on 25 October 2011.
It is not reasonable to expect internet service providers to "monitor the internet". The sheer volume of content would make it a logistical nightmare. Even China, who have a veritable army of people to monitor the internet, cannot keep up with the rate of created content. In addition, because the internet is mostly user-driven, so any filtering of legal content will be seen as monitoring personal communications. Good luck trying to get that through legislation! Filtering should not be used for content which does not breach Australian law. A more cost-effective solution would be to target content which is both illegal to create and own. At this point the material becomes a matter for law enforcement, which will be far more effective than mere filtering by shutting down the material at its source.

The internet is a global

Submitted by JOT on 25 October 2011.
The internet is a global construct. Australia's laws should not apply to content on the internet that is hosted overseas. [1] But if you insist on doing a King Canute anyway ... ISPs should never have to take action regarding internet content, nor is it reasonable to expect ISPs to monitor the internet. An ISP is just moving packets of data. An ISP should not be expected to examine that data or interfere with that data (or even to understand that data) other than the bare minimum needed to deliver the packet to its intended destination (IP address). [1] That is not to say that it cannot be illegal to access certain content under Australian law but that is different because an actual crime was committed within Australia i.e. if the person doing the accessing is within Australia. The content itself is outside Australia and should only be subject to the laws of the country of hosting.

It would be helpful to know

Submitted by Irene G on 25 October 2011.
It would be helpful to know what the term "internet service providers" (ISPs) means in this context. Is the ALRC intending to refer to: 1. Internet Access Providers, or 2. Internet Content Hosting Providers, or 3. Online Discussion Forum Hosting Providers, 4. etc.

The ALRC is interested in

Submitted by ALRC legal team on 27 October 2011.
The ALRC is interested in comment on the desirable obligations of both internet service providers who simply provide connections for the transmission of content; and those that provide or host content to which classification (or ‘restrict access’) obligations may apply—and in how to distinguish between them. It is expected that the latter (content providers or hosts, however defined) would be most engaged with any new classification laws on the basis that they have more control over content, and also may benefit commercially from its distribution. The former, as is the case under current Broadcasting Services Act classification provisions, may still have some obligations, but would not normally be expected to classify content or to restrict access.

Re content hosts - who host

Submitted by Irene G on 27 October 2011.
Re content hosts - who host content produced/provided by other persons (their customers) - imo it's reasonable that they have obligations to remove (or disable access to) specified content in some circumstances. However, existing BSA provisions are not reasonable and fair to the actual content providers. This is because the ACMA issues take-down (etc) notices to the content host, who does not have any obligation to notify their customer, nor does the ACMA have to even attempt to notify the actual content provider. Theoretically, pages on e.g. my site could be deleted and I might not discover that for months. Under the BSA process, the actual content provider does not have a clear right to "appeal" a classification decision (only the host does, who typically will not care if a customer's page/s are deleted). Even if the content provider wants to argue that they are an "aggrieved person" for review purposes, they might not discover deletion until after the 30 day limit for lodging a review application. That most content providers could not afford $10K review fee is not relevant. Online publishers should not be treated as second class citizens, they should have the same rights as producers/publishers of offline films, books, magazines etc. It should only be instances where the "Regulator" has made a reasonable attempt to identify and notify the content provider, or that person has failed to comply (within same time frame as existing BSA, approx 1 day), that the Regulator should be allowed to resort to requiring a content host to remove someone else's content. In the relatively recent cases of ACMA issuing deletion notices to the content hosts of Whirlpool and EFA web sites/domains, unless ACMA is incompetent it would have taken them less than 3 minutes to find a working email address for the person actually responsible for those domains. An exception to a requirement to first attempt to notify the content provider could/should apply re CSAM material given most providers of CSAM would be knowingly breaching criminal law, are unlikely to act on a Regulator notice, and such seriously illegal content should be deleted as fast as possible.

An exception to a requirement

Submitted by cw on 12 November 2011.
  • An exception to a requirement to first attempt to notify the content provider could/should apply re CSAM material given most providers of CSAM would be knowingly breaching criminal law, are unlikely to act on a Regulator notice, and such seriously illegal content should be deleted as fast as possible.
  • That does raise an interesting question, in the cases where the CSAM is published by hijacking an insecure website/domain? Who would be considered the content provider? If you consider the "owner" of the website the content provider then I think you would see the fastest response times by notifying them.
  • Take the "Queensland Dentist debacle", I don't think a business or an individual would willingly host CSAM and not removed it as soon as it comes to their attention if it was the result of hijacking ie "cuckoo content". It is fair to assume the content provider would delete any such material as soon as they become aware of it, even if that discovery is not accompanied by an "official notice".
  • The ability of the law enforcement agencies to investigate complicates the issue slightly, but if I was the content provider I would not be waiting to delete the material as I have no desire to be associated with it.
PS: Any chance of enabling the < p > tag or auto paras (on collapsed newlines)? I felt a little dirty abusing the < ul > tag :)

Also, there is an problem

Submitted by Irene G on 15 November 2011.
Also, there is an problem with issuing take-down notices to non-commercial content providers and making them liable for not taking prompt action. The content provider could be away on holiday or in hospital, etc, and therefore not even receive the notice in timely fashion. Currently content hosting service providers are obligated to take content down by 6 pm the next business day after assumed receipt of the notice. Penalty for non-compliance is up to $11,000 per day for each day during which failure to comply continues. ALRC proposes that penalties under its proposed shiny new censorship enforcement regime be "similar" to those in Sch 7 of the BSA. Businesses can reasonably be expected to have someone working on the next business day who could take the required action. Non-commercial content providers can't be, at least not under fair and just legislation.

cw writes: "...cases where

Submitted by Irene G on 15 November 2011.
cw writes: "...cases where the CSAM is published by hijacking an insecure website/domain..." Yeah, I agree there's probably numerous instances where the web site provider would be extremely pleased to be promptly notified so they could get rid of it. I said "could/should" about exceptions to notifications to avoid any perception that I was suggesting such content not be removed as fast as possible and because I couldn't be bothered to try and explain the ocean of issues that exist about trying to define who is the "content provider" in any particular instance. Issues that have been discussed and discussed over the last 15 years, but which the ALRC just leaves to some future legislative drafters and politicians to try to work out - if anyone tries to implement the ALRC proposals (a frightening prospect). ..........para......... Also I've pretty much changed my mind about what I said before - that content providers should be notified, not treated like second class citizens. It's since become abundantly apparent to me that under ALRC proposals, non-commercial content providers would be treated much worse than they are under the existing C'th Net censorship regime, i.e. frightened into self-censorship else prosecuted etc. (well, those who know what the law says). ..........para......... So, I'd much rather that no changes be made to sch 7 of the BSA, because it doesn't treat average everyday Australian content providers as if they are criminals because they can't know things that are necessary to know to comply with classification and censorship law..

Another flaw with the current

Submitted by JOT on 28 October 2011.
Another flaw with the current takedown system is link takedown. It works like this. --- 1. The ACMA blacklist is secret. --- 2. So you don't know which URLs are on it and which URLs are not on it. --- 3. You post a link where the URL, unknown to you, is on the blacklist, or, unknowable to you, becomes so in the future. --- 4. Your hosting provider gets a link takedown notice and various dire consequences are threatened if the provider does not act immediately. --- This reads like something that would be more at home in China.

Re ISPs who simply provide

Submitted by Irene G on 27 October 2011.
Re ISPs who simply provide connections for the transmission of content, they should be treated as "mere conduits", i.e. have no responsibility for monitoring or controlling access, except on receipt of a warrant issued under the Telecommunications Interception and Access Act (e.g. police may obtain a warrant requiring an ISP to intercept etc. the communications of one of their customers reasonably suspected of distributing or accessing child sexual abuse material (CSAM), or of other offences specified in the TIAA). Also, the existing Cth Crim Code obligation on ISPs to notify the AFP of online CSAM that they incidentally become aware of (without any obligation to look for it) is reasonable.

Hi Irene, The Classification

Submitted by Web Manager on 26 October 2011.

Hi Irene,
The Classification legal team are out and about today on various consultations. We'll try and get you some clarification around this tomorrow.

Will we get to find out who

Submitted by The_AL_360 on 2 November 2011.
Will we get to find out who those various consultations are with?

Certainly. You can find a

Submitted by Web Manager on 2 November 2011.

Certainly. You can find a list of the organisations consulted with up until 30 September in the Discussion Paper. This will be updated in the Final Report to include consultations conducted since then.

The list in DP77 of

Submitted by Irene G on 10 November 2011.
The list in DP77 of organisations consulted with consists entirely of representatives of governments and statutory bodies, businesses, religious lobby groups, one lobby group focused on protection of children, a couple of lawyers (who are unlikely to be criminal defence lawyers) and a few academics. That is not a good look for a Commission proposing to extend legislation to place onerous new requirements, and penalties for non-compliance, on non-commercial content providers including average everyday Australians who use the Internet to publish information, commentary and opinions.

I seem to recall mention

Submitted by Amy Hightower on 10 November 2011.
I seem to recall mention being made at some point of 'community consultations' beyond the issues paper. Or was that just the 'community standards review groups' intended to be a proof-of-concept for proposal 9-5? And, while we're on the subject (sorry!), do we have a timeframe for when we'll hear about the results of those groups?

It is completely unrealistic

Submitted by JDNSW on 25 October 2011.
It is completely unrealistic to expect ISPs to monitor content other than that hosted on their servers - exactly the same as if we expected Australia Post to monitor content sent by mail. Even for content hosted on their own servers, the volume of this is likely to make any proactive monitoring utterly impossible. The best that could be expected is to respond to complaints, and even in this case it is very likely that if content is removed as a result, the content provider will simply move offshore, so the whole exercise is simply a waste of effort and money, ultimately paid for buy the consumer.

Is a Taxi driver responsible

Submitted by Fred on 25 October 2011.
Is a Taxi driver responsible for where their fare wishes to go? Is Australia Post responsible for the content sent through the post, OR where the letter is delivered. Is Telstra responsible for what phone number a customer dials (local or international). Or is Telstra responsible for what laws are broken by the customer Similarly the ISP has no responsibility for controlling the requests of the customer. The customer is responsible for what content they request, and any laws they break in the process. If any want to have some system to "protect" them from content that may be illegal, unsavoury or unwanted then they can obtain any number of free filtering systems to install on their own computer. Or they could utilise the services of an ISP that specifically provides filtered internet, such as WebShield. And another option is to use OpenDNS which provides a much better filter than what Telstra or Optus are providing in the AFP inspired "voluntary" filter system

Exactly. It is only

Submitted by Arved von Brasch on 29 October 2011.
Exactly. It is only reasonable to hold Telstra responsible for the content going through its servers, if the government is also prepared to hold Country Energy responsible for any electricity used to grow illegal drugs. Internet access is a utility. Utilities are not responsible for the actions of their clients. It is extremely unreasonable to hold ISPs responsible for content. The only people who you can reasonably be held responsible for content are those who create and distribute illegal content (this may not be the same as the provider, if for example, a website is hacked), and the people who, with intent, seek out illegal content. Making anyone else responsible would inherently be incomplete. It is never going to be full responsibility anyway. Even if ISPs were required to filter content, when some user easily bypasses the filtering and deliberately accesses something illegal, the ISPs are never going to be held legally responsible, because to do so would be completely absurd and would be laughed out of court. Holding ISPs responsible is only ever going to be applicable in a "best attempt" sense. That inherently sets up a scenario that is by definition incomplete and can easily be bypassed. How bad it is depends on what the goal of the system is, and just how far that 'responsibility' is going to be taken. If the goal is to prevent allowing an 8 year old downloading MA15+ content, then that is simply impossible. There is far too much MA15+ content for this to ever be practical. It also will create a false sense of security in parents, as this will be advertised as making the Internet "safe", meaning more parents will leave their children with unsupervised access. It can only violate privacy rights of Australians, as to implement this would require all people accessing the Internet in Australia to continuously prove their identity through some sort of biometric system. Invasive and impractical. If the goal is to prevent people from accessing illegal content, then it is also impractical. Accessing illegal content, which for our purposes is pretty much synonymous with child pornography, is already widely understood to be an illegal activity. Those who do access such material already take steps to anonymous themselves, bypass content restrictions, or, more likely, use services other than HTTP. If the goal is to prevent people from accidentally stumbling across illegal content, then this suggests a mismatch of solution with problem. First, it would have to be demonstrated that accidental exposure to illegal content is actually common. Secondly, it means that illegal content is known about by government, and presumably law enforcement, but little to no attempt is made to take it down. No company supports child abuse, and all are quick to act on notifications of illegal content. Indeed, many hosting companies are so quick to act on notifications that take down of legitimate content on malicious notifications is a serious problem. There is no use-case where making ISPs responsible is the best, or even a good, response to a described problem. A big part of the issue is that problems and solutions are so poorly defined. Would it be good if there was no child abuse content on the Internet? Of course! Is the best solution in a liberal democracy to begin by assuming everyone is a potential criminal, and needs to be monitored by agents of the State? No way! And that doesn't even get into the definition of illegal content and associated problems (like treating a pair of 16 years olds in a relationship like child molesters because they share nude pictures with each other).