Supplementary letter from Andrew Cormack
Thank you for an interesting and stimulating
afternoon at the inquiry on Wednesday. Apologies for my confusion
over Lord Harris' question on Internet regulation. I had thought
of the issue in much more general terms so the specific focus
of the question on Ofcom threw me. I hope I may take up the Committee's
invitation to submit follow-up observations to say now what I
had intended to say in my witness evidence.
We already have a number of pieces of legislation
that could be used to regulate Internet activity but, as yet,
very little use of these by the authorities or the courts. I believe
there have been fewer than 100 cases in 17 years of the Computer
Misuse Act 1990, a handful of civil cases against spam under the
Data Protection Act 1999, just two that I know of under the Regulation
of Investigatory Powers Act 2000, and the provisions of the new
Fraud Act and Police and Justice Act are untried. So I would like
to have more experience of the use and effect of these existing
regulatory powers before considering what, if any, additional
regulation might be needed.
This seems particularly important because the
balance of regulatory incentives is so delicate and the risk of
unintended consequences so high. The current notice and takedown
regime for content (implemented as the Electronic Commerce (EC
Directive) Regulations 2002) was criticised by the Law Commission
in December 2002 for encouraging ISPs to remove without question
any and all material that was the subject of a complaint. Current
regulation makes it legally hazardous for the ISP to act in any
other way and a Dutch study did, indeed, discover that the majority
of ISPs responded to bogus copyright assertions by removing the
material from publication without question. As the Law Commission
commented, this is an unhelpful power to restrict freedom of speech
on line.
Any imposition of liability for unusual traffic
would have to be drafted extremely carefully to avoid creating
a similarly one-sided incentive to cut off the Internet any device
that deviated in any way from the normal pattern of traffic. On
JANET we are currently struggling with a research platform called
Planet Lab which allows researchers to experiment with new ways
to use and measure the Internet. Planet Lab hosts frequently trigger
our "hostile traffic" alarms and we spend a great deal
of time investigating what almost always turn out to be beneficial,
but innovative, experiments. A year ago we would have had the
same issues with Skype traffic; some time before that it was the
emergence of peer-to-peer and grid applications that was `unusual,
maybe hostile'. As a Research and Education Network we feel a
moral duty to support innovative use by fully investigating any
anomalies and only disconnecting once they are clearly harmful,
but if this duty were set against a potential legal liability
then it would be very hard to sustain our current practice. "Mere
conduit" status protects experimental applications as well
as ISPs.
Sudden changes in traffic patterns, known as
"flash crowds", have always been a feature of the Internet
and are often a sign of healthy innovation. Regulation that presumed,
by imposing one-sided liability, that all flash crowds were hostile
would run a serious risk of freezing patterns of Internet use
as they are today and making the Internet inimical to the innovative
developments required to create the applications of tomorrow.
20 April 2007
|