The role of internet service providers (ISPs) is under scrutiny as never before. Policy makers have long been tempted by the possibility of tasking ISPs with some form of responsibility for monitoring web traffic as a panacea for illegitimate internet activity, ranging from child pornography to terrorism. Historically, attempts to legitimise or enforce interference by ISPs in web content and web traffic has been ferociously resisted by advocates of net neutrality. They fear that ISPs with vested interests may use their powers to block or discriminate against content or degrade network performance and, indeed, there is some evidence of such conduct. Now, with European-level legislation looking set to be passed, giving network providers the right to manage web traffic and to limit access to web content, and with the government in the UK appearing convinced by the argument that ISPs should take a greater role in preventing illegal peer-to-peer (P2P) file-sharing, the concept of ISPs taking a passive role as a ‘mere conduit’ or host of information appears increasingly compromised.
E-Commerce Directive
The E-Commerce Directive (2000/31/EC) enshrines the principle that internet intermediaries, such as ISPs, are protected from civil and criminal liability1 for information they transmit, cache or host.2 This protection is subject to certain limitations aimed at ensuring that this protection only applies where they have played a passive role in relation to the offending information or until they are placed on notice of the illegality. Complementing this is a prohibition on member states imposing a general obligation on internet intermediaries to monitor the information they transmit or store, or to actively seek facts or circumstances indicating illegal activity.3 Specific and clearly defined monitoring obligations are still permitted.4 These principles were incorporated into English law by the Electronic Commerce (EC Directive) Regulations 2002 (SI 2002/2013).
Technology is, however, increasingly more sophisticated, allowing ISPs to access, inspect and interfere with web traffic in ways that the average web user is unlikely to be aware of. Techniques such as deep packet inspection enable ISPs to inspect ‘packets’ crossing their network according to predefined criteria and to decide what actions to take on the packets. ISPs have the technological means to intercept web traffic and then interfere with it, including redirecting, tagging, reporting or blocking it. The real issues of interest are how, and for what means, ISPs use this technology.
There is no general legislative mandate in the UK for ISPs to inspect or interfere with web traffic, although it may be naïve to believe they do not already do so (albeit at the risk of infringing consumer and data protection laws and customer contracts). Amendments to the Universal Services Directive (USD) (2002/22/EC) that are about to be adopted into European law as part of the so-called Telecoms Package will change this.5
Universal Services Directive
Under the amended USD, ISPs will be required to provide in their customer contracts:
‘…information on any other conditions limiting access to and/or use of services and applications…’
if such conditions are allowed under national law and:
‘… information on any procedures put in place to measure and shape traffic so as to avoid filling or over-filling a network link and on how these procedures could impact on service quality.’6
National regulatory authorities will also be able to compel ISPs to advise customers of changes to their access conditions and to provide information on their traffic management procedures.7
Innocuous enough, perhaps. National governments retain control over whether or not to legislate to permit the limitation of access to services and applications, and any such legislation is likely to have limited scope (at least in the UK). There are certainly plenty of websites, services and applications to which the average law-abiding citizen would agree access should be limited. All the amended USD does in this regard is oblige ISPs to inform their customers of the limitations they implement. Also, with ISPs under increasing pressure from national governments and the public to deliver higher levels of bandwidth, it is surely reasonable for ISPs to manage traffic to meet the promised service levels and to prevent individual users from affecting the wider performance of the network.
But it is not difficult to see why some commentators believe this right to manage traffic, which legitimises the practice of slowing and stopping web traffic, could be relied on by ISPs to implement discriminatory practices against their customers and content providers. Blocking or degrading customers’ access to perfectly legal websites will now be permitted, all in the name of efficient traffic management. Skype, for example, must be a tempting target for any ISP whose interests are compromised by Voice Over Internet Protocol services, as must P2P communications that consume disproportionately large amounts of bandwidth.
European policy makers have addressed the risk of ISPs acting discriminatorily by making ISP traffic management procedures ‘subject to scrutiny’ by national regulatory authorities to ensure they do not restrict competition.8 This said, it is fair to assume that the effectiveness of such scrutiny is likely to be limited given the practical difficulties of detecting improper traffic management practices, let alone establishing that the motives behind such practices are in fact anti-competitive rather than to preserve quality of service.
access rights
Of greater concern to those who advocate unfettered access for all is the possibility that the amended USD will pave the way for tiered access to the internet, where certain customers, services and applications are prioritised, probably based on financial contributions. When considering the amendments, European policy makers certainly contemplated that customers may wish to purchase cheaper, limited services. Ultimately, tiered access may be an unavoidable result of the investment that ISPs need to make in their networks to meet government and public demands for faster networks and more capacity.
Proving just as contentious is the political debate surrounding ISP rights to disconnect or suspend access to the internet if a customer persistently infringes copyright. Under increasing pressure from the beleaguered industries affected by illegal P2P file sharing, national regulators have been considering solutions that include requiring ISPs to suspend the accounts of customers shown to infringe copyright. France has already adopted legislation that allows ISPs to cut off customers accused of repetitive illegal file sharing and the UK government is proposing to give Ofcom the power to require ISPs to suspend accounts of illegal file sharers.9 Against this background, the European Telecoms Council failed to reach an agreement on an amendment (known as amendment 138) that would prevent an ISP suspending customers’ access to the internet without a court order.10 As a result, the entire Telecoms Package is currently going through the conciliation process. The UK does not officially support amendment 138 and its proposal vis-à-vis Ofcom’s powers of suspension is clearly contradictory to it. If amendment 138 is retained, it would force a re-think of the proposed sanctions and represent a serious blow to rights holders.
Underpinning all of these concerns is the more fundamental question of whether the public has a right to unimpeded access to the internet. In reality, this is an ideological concept since all sorts of restrictions already apply in practice and further regulation can be expected and is merited. But by recognising this reality in legislation, policy makers empower ISPs with rights and responsibilities that necessarily erode their status as a ‘mere conduit’ or passive host. This raises some interesting challenges for the courts when considering the ISP defences under the E-Commerce Directive.
By Andrew Shindler, partner, and Gretchen Scott, associate, commercial department, SJ Berwin LLP.
E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it ; This e-mail address is being protected from spambots. You need JavaScript enabled to view it .