This is the write-up of a short talk I gave at the Filtering Workshop put on by the Cyberspace Law and Policy Centre at the University of New South Wales last week. I welcome comments, feedback, and criticism!
Filtering Workshop: Implications for ISPs (University of New South Wales, 4 March 2009)
My theme is that the proposed Australian filtering program contemplates a wholesale change in the role of the Internet Service Provider (ISP). This alteration creates a significant risks of undesirable, secondary effects.
ISPs are attractive regulatory targets, especially where enforcement against primary actors such as end users is expensive, uncertain, or problematic due to those actors’ behavior. This may be particularly true in countries such as Australia, the United States, or the United Kingdom, where the network architecture is decentralized. Countries such as China and Saudi Arabia designed their Internet infrastructure to enable centralized control at key choke points, making the involvement of intermediaries in filtering less crucial.
There can be benefits from requiring ISPs to act as enforcers. The application of restrictions is likely to be more uniform than with controls on end users directly, and ISP-based enforcement offers greater immunity against user error or evasion. Filtering at the ISP level is “always on.” In addition, lists of proscribed material are more readily updated since they are deployed at fewer locations on the network.
However, ISP-based restraints create critical challenges. ISPs shift from passing bits to differentiating among them. Power over content decisions shifts from end users at the edge of the cloud to providers, in conjunction with government, at the center. ISPs become regulators with significant power, especially under a system that permits or encourages variation in content blocking. It is not clear, under the current Australian plan, what requirements (if any) ISPs would have to adhere to in terms of transparency about filtering decisions.
Concomitantly, providers may be hesitant about assuming such a role, for they will become enmeshed in heated debates over content. They may be forced into difficult normative judgments, as with decisions regarding fair use versus copyright infringement under the U.S. Digital Millennium Copyright Act (DMCA) or its Australia equivalent. ISPs will quickly face demands for restrictions from a variety of interest groups – consider spam, hate speech, defamation, and illegal drugs sites among others. IP infringement is likely to be the first successor to initial content filtering – note that a requirement for filtering copyrighted material was proposed as a rider to the economic stimulus legislation recently passed in the U.S. ISPs, in short, will be converted to general-purpose watchdogs. The ease with which filtering can be accomplished will tempt interest groups to use it as a way of achieving their goals while minimizing debate or scrutiny. Moreover, ISPs are likely to face varying or inconsistent decisions based on the content at issue (which may be difficult to ascertain without reassembling all of the packets involved in a transaction). For example, U.S. ISPs confront a range of incentives or penalties depending on whether the content at issue infringes copyright, trademark law, bans on child pornography, defamation, or anti-spam statutes.
If faced with these demands to prevent access to content, ISPs may be overdeterred. The threat of liability may cause them to target questionable or even innocent content for blocking. Consider, for example, blog hosts or e-mail service providers in China. Research by the OpenNet Initiative and Rebecca MacKinnon, among others, shows both variation in filtering – suggesting uncertainty about the boundaries of proscribed content – and targeting of seemingly innocent keywords and phrases. In China, and elsewhere, ISPs must consider that failure to prevent access to banned material may lead to draconian or highly visible sanctions as an example to other, similarly situated entities.
Finally, tertiary effects from this role change are likely, but difficult to predict. Data retention efforts or mandates may increase, as governments seek to track who attempts to access banned pages in addition to blocking those efforts. Filtering may substitute for alternative enforcement regimes that are more effective. Consider that in New York, the state attorney general pushed major ISPs into dropping Usenet newsgroups over child pornography concerns while admitting that prosecuting those who produced and distributed the material was infeasible (though probably a more effective way to protect children). An impact on user privacy is nearly certain. ISPs may be required to detect the creation or publishing of banned content, and techniques such as deep packet inspection create risks that can chill communication. Filtering can undercut innovation: it may require blocking protocols such as BitTorrent, or peer-to-peer software more generally, or limiting encryption. It threatens to undercut the end-to-end principle central to the Internet’s design and thus the production of new communications technologies.
Finally, there is the Cylon problem: ISPs may have incentives to filter not just on our behalf, but on their own. For example, the Canadian provider Telus blocked access to the Web site of a labor group involved in an action against it. Similar concerns emerge from the network neutrality debates about ISPs favoring content from partners or subsidiaries. Detecting self-interested measures becomes more difficult in a system where blocking is ubiquitous and mandatory.
In conclusion, ISPs are ground zero in the filtering debate. They may be a necessary component of any blocking system due to the architecture of Australia’s network, but enrolling them as content regulators fundamentally changes the nature of the ISP and raises issues we must address before moving forward.