Internet governance: revising the International Telecommunication Regulations

The ITU’s World Conference on International Telecommunications (WCIT) in Dubai in December 2012 could signal a shift in the regulatory paradigm on both the international and national levels.

October 2012. At the conference, the ITRs will be renegotiated and the decisions made by governments will help define the international regulatory environment for the internet and telecoms in the 21st century. EuroISPA strongly believes that any amendment to the ITRs should not undermine the success of the Internet, its open, competitive and innovative nature.

EUROISPA – STATEMENT ON THE INTERNATIONAL TELECOMMUNICATION REGULATIONS REVISION

EuroISPA strongly believes that any amendment to the ITRs should not undermine the success of the Internet, its open, competitive and innovative nature.

EuroISPA recommends that:

  • The ITRs remains a principle-based, high-level, flexible and technology-neutral treaty
  • The ITRs principles comply with the EU acquis and polices, and not impose additional obligation upon operators
  • The scope of the ITRs remains limited to telecommunications and does not extend to ICT/Internet
  • Content issues, data protection and privacy remain outside the remit of the ITRs
  • The role of the ITRs with regard to cyber-security and cyber-crime be limited to endeavor the promotion of international cooperation amongst ITU countries
  • The ITRs refrains from granting the ITU regulatory powers, or making it a dispute resolution forum
  • The ITRs refrains from making ITU recommendations binding
  • The ITRs embraces the multi-stakeholders’ mechanism
  • The ITRs promotes pro-competitive, market-driven principles for telecommunication services
  • The ITRs avoids fragmenting the Internet by regulating internet peering, routing, IP address allocation and IP based QoS
  • The ITRs should not seek to replace the Internet’s interconnection model of voluntarily agreed peering and transit with the regulated “call termination settlement” model used in international telephony

BACKGROUND

The International Telecommunication Union
The international telecommunication union (ITU) established almost 150 years ago, is a specialised agency within the United Nations that focuses on telecommunications. The ITU allocates global radio spectrum and satellite orbits, develops technical standards to promote interconnection and technical interoperability, and works to improve telecommunications access for underserved communities. The ITU has historically disclaimed any authority to regulate domestic telecommunications, clearly recognising in the ITU Constitution the “sovereign right of each state to regulate its telecommunication.”

While the ITU has a limited scope of regulatory authority over international radio-communication issues, it also adopts recommendations on a wide range of topics and facilitates the adoption of international treaties. ITU recommendations do not have the force of law, but rather set forth suggested regulations and requirements for national regulatory authorities. These recommendations address standardisation, economic and technical issues. By distinction, international treaties are generally binding law for all 193 nations that are signatories to the treaty.

The International Telecommunication Regulations
The International Telecommunication Regulations (ITRs) is one of four treaty instruments (Constitution, Convention, Radio Regulations, ITRs) of the ITU. The ITRs were adopted in 1988 to establish general principles relating to the provision and operation of international telecom by facilitating global interconnection and interoperability and promoting efficiency and availability of international telecom services. They also provide a general framework for the accounting and settlement of international voice traffic. Due to significant changes, such as the rapid development of new technology, the development of competitive and largely liberalized markets, and the privatization of national telecom service providers, a review process is underway to consider possible revisions to the treaty. Concerned about the implications of the growth of the Internet for national economies, social structures and cultures, some governments and others are now actively reconsidering the continuing viability of liberalisation and competition-based policies.

What could change at the World Conference on International Telecommunications
The ITU’s World Conference on International Telecommunications (WCIT) in Dubai in December 2012 could signal a shift in the regulatory paradigm on both the international and national levels. At the conference, the ITRs will be renegotiated and the decisions made by governments will help define the international regulatory environment for the internet and telecoms in the 21st century. Some of the 193 member states of the UN would like to see major changes to the treaty, particularly with respect to the Internet as well as wireless, IP-based, and next-generation networks, toward more intrusive economic and other regulation. Other countries, however – notably, the United States – believe instead that the WCIT should adopt only minor changes to the ITRs as necessary to modernise the existing provisions of the treaty, and that new provisions and authorities are unnecessary.

What are the proposals put forward so far?
Recent proposals for amendments to the ITRs show how many UN members see the Internet as a logical extension to the ITU’s jurisdiction, which has come to be described as Information and Communications Technologies (ICTs) and convergence (telecom, IT, media).  Certain proposals already tabled could comprise significant UN-style intrusion into future commercial and technical flexibility:Expand the definition of telecom to include the processing of information of the Internet

  • Adopt rules on international charging arrangements for Internet services
  • Adopt a framework for cybersecurity
  • Require service providers to disclose routing and other network management information to regulators and/or ITU
  • Enable the ITU to distribute domain names and IPv6 numbers
  • Shift responsibility for Internet standards toward the ITU and away from existing voluntary technical organizations
  • Regulate spam and international roaming
  • Make ITU recommendations and standards binding
  • Establish the ITU as the dispute resolution forum for the recommendations

Those proposals open also the door to legitimate questions as to the future of multi-stakeholder organizations related to the Internet:

  • Should the Internet Governance Forum remain an independent venue for sharing best practices, or come under UN control?
  • Is ICANN effective as a multi-stakeholder organization, or should governments have an enhanced role, and/or certain ICANN functions also be performed by the ITU?
  • Should policies ensuring unimpeded cross-border data flows be a priority in international trade negotiations?

What could change from a political perspective?
Some of the proposed changes to the ITRs could position the ITU as a supra-national regulator and require signatory nations to enact conforming domestic laws. This would interfere with the legislative role of EU institutions and their ability to democratically and transparently decide on the best way to harmonise the European Digital Single Market. A far more negative consequence would result for the Internet industry whose ability to follow and influence Internet-related decision-making will be inevitably restricted as decision will be taken at ITU level.

Who can participate to the ITU process?
Participation will be limited to representatives of national governments. However, private sector entities generally have opportunities to help inform the policymaking in advance of the conference, such as through meetings with individual governments, participation in working groups or preparatory meetings, and appearances before international or regional organisations.

Industry Coalition for Data Protection

Reforming Europe’s Privacy Framework – How to find the right balance.

September 2012. Representing leading business organisations in Europe the Industry Coalition for Data Protection (ICDP) share their key thoughts on the Commission’s proposal for a new EU Data Protection Regulation.

This statement builds on the coalition’s extensive work in May 2011.

Industry acknowledges the opportunity to modernise the European data protection framework. We believe it is in the interest of consumers and businesses alike that the revised EU data protection framework is robust, balanced, effective, relevant and future-proof. By fully harmonising EU data protection rules, the proposed Regulation would bring about increased legal certainty and would mark an improvement for businesses and consumers. In particular, the ICDP welcomes the decision to create a lead Data Protection Authority (DPA) under a “Main Establishment” regime. This approach will bring necessary clarity and reduce burdens for companies operating in multiple EU markets. However, the success of this approach will depend on complete applicable law and jurisdictional clarity and on clear requirements as to which DPA will be responsible.

However, the benefits of greater harmonisation are at risk of being outweighed by the costs of failing to strike the right balance between the protection of Europeans’ fundamental right to privacy and data protection, and the promotion of innovation, competitiveness and growth in the Digital Single Market. If enacted in the present draft form, the Regulation would delay the launch of innovative services in Europe, cause substantial loss in revenues for businesses of all sizes and in a wide range of industries, limit opportunities for new market entrants, strongly increase administrative costs and create legal uncertainty. Although helpful in some cases, certain exceptions for SMEs will not necessarily have the sheltering effect intended as both SMEs and larger companies operate in an ecosystem where compliance of all players is mandatory (to avoid joint liability). As such, the best way for the new rules to protect SMEs appropriately is to ensure a legal framework that is simple, proportionate and easy to comply with. In fact, many of these requirements will not enhance the protection of individuals’ data but simply lead to inefficient processes, overburden data protection authorities and create false expectations for users.

Additionally, the administrative sanctions should be reviewed in a way that ensures striking a fair balance between the protection of personal data of a data subject and the freedom to conduct a business enjoyed by an operator.

Specifically, the coalition feels substantial changes will be required on the following issues in order to strike an appropriate balance:

1. Personal Data definition: The new definitions of “data subject” and “personal data” encompass potentially an unlimited range of information, from anonymised online identifiers to an individual’s full name and address, their medical records and religious beliefs. In order to make this broad definition workable in practice, the Coalition proposes to introduce a context based approach into the definition of personal data and the intentionality of the controller to identify the data subject. Two recitals recognize that context is a relevant factor in this respect, and that data which does not identify a data subject is not personal data. These important limitations should be expressly reflected in the definition of “data subject”. We also believe that while pseudonymous data is covered by the definition of personal data, the Regulation should explicitly recognize its specificities and clarify how the general obligations can be adapted accordingly.

2. Explicit consent: By requiring a single form of “explicit consent” for all categories of information (from the anonymous to the truly sensitive), the proposal would not allow for any differentiation between asking for people’s consent to placing a cookie, collecting their full name and address, or recording their religious and political beliefs. This risks increasing “consent fatigue” and may lead people to automatically consent to anything, undermining the special care that should be applied in the context of truly sensitive data. We propose a context-based approach to consent, permitting innovators to use different mechanisms to obtain consent that reflect how and in what contexts consent is obtained and data will be used.

3. Administrative burdens: One of the objectives of the review of the Data Protection Framework in Europe is to reduce the administrative burdens This is a worthy ambition and one which harmonisation and deletion of the notification system go some way towards achieving, as noted in the Impact Assessment accompanying the Regulation. Care needs to be taken, however, to ensure that compliance with new provisions and concepts in the Regulation do not simply replace one set of burdens with another, which may be even weightier than the original provisions.

4. Technical mandates: Privacy by Design: Privacy by Design should be considered a process for ensuring that data protection is carefully considered in the design and implementation of products and services and not be based on prescriptive and specific technologies. Imposing design mandates on particular technologies would directly challenge the technology neutrality of the legal framework, would result in significant burdens and would hinder rather than promote user privacy and security, by creating single points of failure.

5. Data processor/data controller: The future legal framework should provide for a clear distinction of the responsibilities of a data controller and a data processor. Blurring these will only bring more uncertainty, will not serve the harmonization objectives of the reform and is not the way to deal with the complexities of Cloud. The relation with data subjects is established and maintained by controllers and this is why the existing legal framework foresees direct responsibilities for controllers whilst the responsibilities of processors are left to be determined bilaterally between controllers and processors, depending on the circumstances. This current approach is well understood and has proven to be workable.

6. Sanctions: The Regulation takes a “one-size-fits-all” approach and applies the same sanctions to all types of violations regardless of their severity/harm and/or impact. This should be addressed. The text should specify that only the lead DPA can impose a single sanction per infringement and that it can be applied only to legal entities at national level or at EU level, rather than focusing on a whole group of undertakings at global level. It should be left to the discretion of the lead DPA to decide whether a sanction should be applied (and at what level), therefore we call for a change from “shall” to “may”.

7. European Data Protection Board: European data protection policy must be formulated in a transparent manner that reflects the views of a broad range of stakeholders. Therefore the new European Data Protection Board (EDPB) should follow the European Commission’s own Better Regulation initiative and be made more transparent and accessible by establishing a consistency mechanism open to other stakeholders’ input (following the BEREC and ENISA example).

Members of the Industry Coalition for Data Protection

The Association for Competitive Technology (ACT AIBSL)

AmCham EU

The Business Software Alliance

DIGITALEUROPE

The European Digital Media Association (EDiMA)

EMOTA, the European Multi-channel and Online Trade Association

The European Publishers Council (EPC)

EuroISPA

The Federation of European Direct and Interactive Marketing (FEDMA)

IAB Europe

Interactive Software Federation of Europe  (ISFE)

Japan Business Council in Europe (JBCE)

TechAmerica Europe

World Federation of Advertisers (WFA)

ACTA: the European Parliament stands against repressive measures for IPR enforcement

Brussels, 4 July 2012- The European Internet Services Providers Association (EuroISPA) welcomes the European Parliament’s decision calling for a more balanced protection of fundamental rights in international negotiations.

July 2012. EuroISPA and its members welcome the European Parliament’s decision to call for a more balanced approach in the protection of the fundamental rights at stake when the EU negotiates international treaties. The European Parliament found that the intended benefits of the Anti-Counterfeiting Trade Agreement (ACTA) were far outweighed by the potential threats to civil liberties and the legal uncertainties about the role of Internet Service Providers in enforcing intellectual property rights.

“EuroISPA believes any international agreement should be negotiated openly, involving all the different stakeholders with the aim of promoting the legal certainties needed by the European Internet industry to develop and compete internationally”, said Malcolm Hutty, President of EuroISPA.

EuroISPA welcomes the growing reflection in Europe that repressive measures are not the right way forward and calls on the EU to support the development of the Digital Single Market as a primary focus. The role of the EU in international negotiations should indeed be to foster the potential economic of the Internet to create jobs and growth, while preserving fundamental rights for citizens and businesses.

Internet blocking: frequently asked questions

In recent years, Internet blocking technologies for different categories of contents (i.e. intellectual property rights enforcement, child sexual abuse material, online gambling, etc.) have been discussed at national, European and international.

September 2012. However, many questions have been raised on both the effectiveness and proportionality, and its suitability in relation to unintended consequences on the protection of fundamental freedoms and cultural expression online. These Frequently Asked Questions (FAQ) aim at providing a non-exhaustive overview of what Internet blocking is.

They primarily focus on the most widely promoted blocking techniques available to Internet Access Providers to restrict access to a webpage or content: Domain Name Server (DNS) blocking, IP blocking and hybrid blocking.

Q: What is Internet blocking?
A: The Internet was designed to ensure that a communication goes from one point to another without being stopped, offering multiple routes to access the same content. As a result, it is only possible to restrict access to content on the Internet rather than “blocking” it completely. Internet blocking is a technical measure intended to restrict access to information or resources typically hosted in another jurisdiction. Its primary objective is to prevent specific content from reaching customers’ device connected to the blocking ISP. This is possible by means of hardware or software products that block specific targeted content from being received or displayed.

Q: How efficient are blocking mechanisms?
A: Blocking, depending on the mechanism used, can be more or less easily circumvented from a technical perspective. Since the Internet was designed to provide an open flow of communication, a user can access content blocked by an access provider in its country via other means such as using foreign proxy-servers to bypass the local block; using tunneling software that encrypts online searches and prevents blocking software from seeing the web request; or by simply switching to another name server. IP blocking and hybrid blocking can also be circumvented by changing the website configuration to a different address. In addition to be easily circumvented, blocking technologies always bring about risks of over-blocking (unintentionally preventing legal material from being distributed) or under-blocking (not preventing illegal material from being distributed) and have varying associated costs.

Q: What is DNS blocking?
A: Domain names are used to identify resources in the Internet, such as websites or services. When a user is looking for a specific website and types the name in a browser it is resolved by the domain name system (DNS) to the numerical IP address used by computers to communicate. To block access to a specific website, an Internet Access Provider, responsible for carrying out users’ requests, needs to interfere with the DNS tables under their control to prevent the user’s request from reaching the requested website. DNS blocking is a very blunt instrument that should be used cautiously as it will affect all information and services provided from the affected domain. All web pages in the domain – both legitimate and non-legitimate – will become invisible, it may be impossible to send or receive e-mails, and any subdomains are also likely to be affected.

Q: What is IP address blocking?
A: IP address blocking prevents connections being established between a server/website and the targeted IP addresses. IP blocking targets either IP addresses of the relevant content to hinder user access (typically carried out by an access provider), or IP address(es) of a set of users to hinder their access to a given piece of content – which remains directly accessible to all users outside the targeted group (typically carried out by a web site or content provider or government censorship agency). For the purposes of this document, the term “IP blocking” refers to the first category targeting the IP address of the relevant content with the intention of preventing the access provider’s customers from reaching content.

Q: What is Hybrid Blocking?
A: Hybrid blocking is a combination of IP and a form of DNS blocking which was designed to overcome some of the over-blocking issues of each. However, it is much more complex and requires additional equipment and routes to be added into the blocking provider’s network (though sometimes this is sub-contracted to specialized blocking providers). It also requires a very detailed and specific URL list to be maintained. Hybrid blocking can be circumvented in the same way as IP blocking. It is less scalable as more IP addresses are flagged that have to be routed to the blocking equipment which checks the request against specific URLs and can result in considerable response time impact in serving the legal content that resides at these locations.

Q: What is the difference between DNS and IP blocking?
A: DNS and IP blocking are two different ways to try to prevent access to Internet content. As previously pointed out, DNS blocking is easy to circumvent including through encryption. The circumvention of IP blocking, on the other hand, is somewhat more burdensome. This can be done mainly through ‘tunneling’ and ‘virtual private network (VPN)’ tunneling techniques. Tunneling allows users to create an encrypted “tunnel” to a different machine on the Internet which is not subject to the authority requiring the ISP to block, so preventing the blocking software from seeing web requests. VPN tunnels are invariably encrypted and thus not susceptible to interception. Therefore, both techniques risk promoting the encryption of networks and thus pushing illegal activities into even more clandestine modes of operation.

Both DNS and IP blocking carry the risk of over-blocking. Over-blocking harms innocent websites, harms users attempting to access innocent websites, generates costs to ISPs in addressing complaints about over-blocking, and harms the reputation of ISPs in the market place. On the one hand, IP blocking unavoidably leads to a large amount of legal content being blocked, because multiple, different websites often share the same IP addresses. Therefore, the blocking of an IP address would almost automatically block large numbers of other (legal) websites and not only the illegal one. DNS blocking, on the other hand, implies blocking an entire domain name (i.e. website) at the level of a DNS server. This means that if illegal content is hosted on a subdomain of a domain name, all other (legal) subdomains that have the same parent domain will be blocked as well. This is particularly problematic when user generated content (UGC) is involved in large social networking or media sharing services. For example, if content which an authority wishes to block is placed on one profile of a social networking service, DNS blocking will result in the entire social networking site being blocked to all customers of the access ISP.

This has a direct impact on the freedom of communications because the existence of additional subdomains may not readily be apparent and raises concerns as to the proportionality of the measure compared to less restrictive alternatives. Indeed, there is the added risk of over-blocking both from a domain name perspective (blocking sub-domains legal sites) and geographic perspective for operators whose networks have a pan-European coverage (depending on the location of servers an ISP may end up over-blocking sites in another jurisdiction).

Q: Can measures that are used to block child sexual abuse material also be used to block other kinds of content?
A: Child pornography is universally condemned and recognised as a criminal act. Despite investments in the EU to block such illegal content coming from third countries, these initiatives have never proved to have any measurable impact. On the other hand, there is anecdotal evidence which suggests that blocking removes political pressure to engage in effective international cooperation to have the content removed at its source (be it within the EU or outside) and to find, and prosecute, the criminals behind the sites. Instead of blocking, removal of content at source, fostering international cooperation in the deletion of illegal content and strengthening cooperation between police forces would contribute considerably to address this phenomenon within the EU and abroad – creating a deterrent effect that is currently missing.

Q: Why is blocking of hate speech, xenophobia or terrorism so difficult?
A: There are numerous examples of individuals and even countries categorised by authoritative sources as being terrorist [1] and racist [2].  Attempts to block hate speech, xenophobia or terrorism, therefore, proves to be difficult, because such content is not obviously illegal. Disparities already exist between Member States in this regard. Without a judicial order determining the illegality of such specific content, the risk exists that blocking would amount to censorship of perfectly legal opinions, thus harming the online right to freedom of expression and lessening legal certainty for the Internet industry.

[1] Mandela’s African National Congress was seen as a typical terrorist organisation by Margaret Thatcher.
[2] UN Resolution 3379 referred to Israel as a “racist” State.

Q: Is action to block spam the same as that of blocking other kinds of content?
A: The term “spam” describes the circulation of unsolicited messages (i.e. email spam). As many as 85 to 90{326604f503d13f2b703ea6d6d6f2aff95b8843509e3b22769667493fe00ca42d} of all emails sent are spam. Spam is not only an obstacle to the smooth functioning of online communications, to the freedom of correspondence of users of the service but also a security threat because it is often used to disseminate malicious software.
In itself spam is not necessarily illegal content but can lead to illegal actions, such as installing a Trojan programme in the user’s computer to hack it. Other differences lie on the fact that spam e-mails are stored on the servers of the ISP until it is downloaded by the consumer while other kinds of allegedly illegal content could be directly exchanged between users. Secondly, by filing complaints on spam material, consumers’ help create filters based on the origin of the spam, which does not always occur with other kinds of allegedly illegal content. Thirdly, e-mail coming from an IP address that is not the IP address of a known e-mail server can be suspected of being spam. Finally, “spam” blocking is a security measure that ensures customers’ safe and efficient use of the Internet infrastructure. On the other hand, “content” blocking relates to a phenomenon which has less impact on ISP networks.

Q: Can self-regulation be a valuable mechanism to tackle the problem of illegal content online?
A: Self-regulation is a flexible tool used by industry to address security issues on their networks (eg. spam). When dealing with security issues, the ISP has full technical control over harmful content allowing the ISP to set internal processes on a self-regulatory basis. However, when it comes to other, non-security related allegedly illegal content, the ISP has no control on the content or processes because it is not supposed to know about the nature of the communications carried on its network. For some specific content (i.e. child sexual abuse material), self-regulation is  a good tool to address the problem in cooperation with entities, such as hotlines and law enforcement, who have the relevant training and expertise to assess the content and, when necessary, advise the ISP to take action to remove the illegal material. However, with regard to other categories of alleged infringing content (i.e. unauthorised circulation of copyrighted material, online gambling, defamation, terrorism, etc.), self-regulation may not be the most effective solution. The ISP is not in a position of making a value judgment on the legality/illegality of such content. In this case self-regulation could set procedures to report such content to competent public authorities for them to assess, but not to force ISPs into a position to evaluate the legal validity of an alleged infringement. Finally, self-regulatory measures need to avoid restricting a variety of fundamental rights defended by the Charter of Fundamental Rights (i.e., freedom of expression and information). As also stated in the 2003 Inter-institutional Agreement between the European Commission, European Parliament and Council, “Self-regulation is always consistent with Community law” and “These mechanisms will not be applicable where fundamental rights are at stake”. Again, when an ISP is asked to block access to a website, to cut access to an Internet connection and, as a consequence, deliver personal data of an alleged infringer, a judicial order is always necessary.

Internet governance: the Commission presented a European vision at EuroDIG

Internet Governance: Neelie Kroes, Vice-President of the European Commission presented “A European vision for Internet governance” at the European Dialogue on Internet Governance (EuroDIG) in Stockholm on 14 June 2012.    

June 2012. On 14th June, Vice-President Neelie Kroes presented “a European vision for Internet governance” to the audience of the EuroDIG forum. “Europe today faces many challenges. The Internet can help us resolve them”, she stressed, while confirming that the European Commission was a strong supporter of the multi-stakeholder approach, because , she said, dialogue, participation and cooperation at all levels are the best tools for the best Internet.

The Commissioner would like to apply that cooperative approach to the EU level to ensure Europe really pulls its weight in the Internet Governance Forum – because Europe has the potential to lead the next digital revolution.

To work together, with all stakeholders involved, to map out more clearly where stronger cooperation or coordination is needed, and what structures will give us truly multilateral decision-making. Either way, I believe that the best way to support the Internet is to have faith in our European values: and have faith that they can deliver online, too.”

Read more

The Commission proposes the establishment of a European Cybercrime Centre

On 28 March, the Commission proposed to create a European Cybercrime Centre to help protect European citizens and businesses against cyber-threats by organised crime networks.

May 2012. The missions of the Centre will include to work on preventing cybercrimes affecting e-banking and online booking activities, the protection of social network profiles from e-crime infiltration, the help to fight against online identity theft and will focus on cybercrimes which cause serious harm to their victims, such as online child sexual exploitation and cyber-attacks affecting critical infrastructure and information systems in the Union.

A review of Europol mandate will be necessary. The Centre will be incorporated within the European Police Office, Europol, in The Hague.

Read more in the EU Commission’s Press Release

Internet Industry concerns on the Anti-Counterfeiting Trade Agreement

April 2012. The signatories of this statement (ECTA, ETNO, EuroISPA, GSMA Europe) believe that, with ACTA, the European Parliament will have a leading role in identifying the most balanced outcome for European businesses and citizens. However, while the signatories recognise that copyright infringement and counterfeiting online are unacceptable, we also believe that jeopardising the economic potential of the Internet to create jobs and growth is equally unacceptable, as are enforcement models that undermine fundamental rights for citizens.

Our pan-European organisations, ECTA, ETNO, EuroISPA and GSMA Europe represent the European electronic communications industry that consists of both national and pan-European fixed and mobile telecoms operators, Internet service providers and cable companies. Our European industry plays a crucial part in connecting European citizens and businesses to information, business tools news, entertainment, social media, cultural content and other public interest content.

With ACTA, the European Parliament will have a leading role in identifying the most balanced outcome for European businesses and citizens. However, while the signatories recognise that copyright infringement and counterfeiting online are unacceptable, we also believe that jeopardising the economic potential of the Internet to create jobs and growth is equally unacceptable, as are enforcement models that undermine fundamental rights for citizens.

Over the last 15 years, our industry has delivered half of European productivity growth and we want to stress the fact that, notwithstanding the economic crisis, our industry continues to invest and to enable European businesses to grow and compete at a national and international level. ACTA, as it stands, does not bring the legal certainty needed by the European Internet industry to develop and compete internationally.

In this context, we would like to reiterate the main concerns we have in relation to the text of the agreement:

Injunctions (Article 8): In the Civil Enforcement Section, ACTA allows judicial authorities to issue an order (injunction) against a party, or a third party, to “prevent infringing goods from entering into the channels of commerce”. This injunction power is far broader than the one foreseen in the EU acquis (i.e. Intellectual Property Rights Enforcement Directive, 2004/48/EC). The current European Directive allows injunctions “to prevent any imminent infringement.” In addition, third parties need to be involved in the infringement to be potentially subject to the judicial authority order (“against an intermediary whose services are being used… to infringe”). ACTA removes any notion of a threshold for prevention, de facto amending substantially the existing EU acquis.
Finally, we are currently in the process of reviewing the Intellectual Property Rights Enforcement Directive. Supposing that ACTA is in line with the “existing” EU acquis on this point, we do not and cannot know the impact of the forthcoming legislative proposals nor how these proposals are  going to impact or restrict the decision making process in the European Parliament.

Criminal sanctions (Article 23): This Section mandates each signatory Party to adopt legislation for criminal procedures for copyright infringements, something which we currently do not have at EU level. Despite statements claiming that the provision would not require any additional EU legislation, the wording of Article 23.1 is clear – it states that Each Party signing ACTA shall provide for criminal procedures and penalties. If it is the case that this does not apply to the EU, this should be clarified. We believe that Article 23 will have consequences which limit the future decision making freedom of MEPs and will force MEPs to stick to what ACTA establishes without any possibility to amend definitions or procedures and sanctions as introduced by the agreement. This will prevent EU policy makers from tailoring any legislative initiative to the European social and economic scenario.

Cooperation between businesses (Article 27.3): The Enforcement provision in the Digital Environment Section states, “Each party shall endeavor to promote cooperative efforts within the business community to effectively address” copyright infringements. This text would enable implementation of EU-wide cooperation obligations such as an extra-judicial ‘graduated response’ mechanism, as the result of an obligation (“shall”) on the ACTA signatories  to “effectively address” infringements. This wording does not comply with the EP Resolution on ACTA of March 2010, which explicitly excludes such cooperative efforts. Furthermore, it contradicts the Commission’s repeated statements that graduated response is not an outcome sought by the ACTA.
In addition, the article (in footnote 13) gives a strong priority to the “legitimate interests of rights holders” without seeking to strike a balance with the equally important legitimate interest of intermediaries to conduct their business as underlined in Article 16 of the Charter of Fundamental Rights and as explicitly explained in the recent rulings from the European Court of Justice in Scarlet Extended and Sabam/Netlog.Finally, article 27.3 also introduces amongst the list of fundamental rights the “fair process”. However, the Charter of Fundamental Rights does not mention this concept nor is the EU acquis familiar with it. In the absence of any impact assessment on ACTA, we do not know what the consequences could be of introducing such a concept within the existing European framework.

Disclosure of information to rightsholders (art.27.4): This article provides that the competent authority (not necessarily the judicial authority) should have the power “to order an online service provider to disclose expeditiously to a rightsholder information sufficient to identify a subscriber whose account was allegedly used for infringement”. However, it does not bring with it the needed judicial safeguards contained within the EU framework. References such as the “sufficient claim” from a rightsholder that the account of the subscriber “was allegedly used for infringement” risk lowering rather than increasing the level of legal protection afforded by the EU acquis.

ACTA Committee (Article 36): The agreement creates a new body, the ACTA Committee, with the power to interpret the agreement. However, due the vagueness of the provisions of ACTA, an interpretation from the Committee could have the effect of bringing changes to the EU acquis, including in the way it is applied and understood, outside the European democratic decision making process. Should the EP approve ACTA, it will effectively agree that the ACTA Committee can in the future re-introduce stringent provisions or additional obligations, even if not in line with the EU acquis, without any possibility for the EP to have a say in this regard.

As it stands, ACTA would inevitably hamper the efforts of the European Internet industry to develop the European Information Society. If we want to achieve the targets of the Digital Agenda and the EU2020 Strategy, we need to ensure that the European industry works within a balanced and efficient legislative framework. ACTA, as it stands, does not provide any legal certainty for European businesses and instead will have a negative impact on European innovation.

Internet Governance: Council of Europe Strategy

The Council of Europe recently published its Internet Governance Strategy, identifying priorities and goals for the period of 2012-2015.

April 2012. On 15th March, the Council of Europe published its Internet Governance Strategy, identifying priorities and goals for the period of 2012-2015.

On 15th March, the Council of Europe published its Internet Governance Strategy, identifying priorities and goals for the period of 2012-2015, including: protecting the Internet’s universality, integrity and openness; maximising rights and freedoms for Internet users; advancing data protection and privacy; enhancing the rule of law and effective co-operation against cybercrime; maximising the Internet’s potential to promote democracy and cultural diversity; protecting and empowering children and young people.

Read more about the COE Strategy here

EU institutions adopt directive on child sexual exploitation

December 2011. The European Internet Services Providers Association (EuroISPA) welcomes the adoption of the Directive and the removal of child sexual abuse material at the source as the most effective technical measure to fight child abuse material online.

BRUSSELS – EuroISPA and the ISPs welcome the adoption of the Directive by the Council of the EU. We have always called for the most effective action possible to be applied, so that such illegal material could be removed permanently at the source, and are actively committed in this regard.

Malcolm Hutty, President of EuroISPA, stated that “by requiring the mandatory removal of child sexual abuse material at the source as the single most effective technical measure to combat its distribution online and, by fostering international cooperation against illegal content hosted in third countries, we believe the adoption of the Directive will achieve a positive step forward in the fight against this illegal content in the EU and globally.”

In addition, EuroISPA welcomes, and fully supports, the reference to professional, industrybacked hotlines. Hotlines provide an anonymous reporting service to Internet users who accidentally uncover child sexual abuse material on the Internet. Trained professionals evaluate it and immediately notify law enforcement authorities and ISPs for immediate and effective removal from the Internet.

BACKGROUND

The Directive on sexual abuse, sexual exploitation of children and child pornography repealing Framework Decision 2004/68/JHA was submitted by the Commission in March 2010. The European Parliament and the Council of the EU adopted a compromise text that favored a first reading adoption of the legislative proposal.

Scarlet extended case: the European Court of Justice’s clarification will foster innovation and growth

Brussels,  24 November 2011- The European Internet Services Providers Association (EuroISPA) welcomes the Court of Justice’s ruling that network providers cannot be required to engage in large scale filtering of all users’ communications.

November 2011. EuroISPA and its members welcome the Court of Justice’s clarification in the Scarlet extended case that existing EU law preclude network providers from implementing systems for large scale filtering and blocking of users’ electronic communications. This ruling guarantees the protection under EU law  of fundamental rights and the freedom  of a network provider to conduct  its business. Intellectual property rights should be respected but are  not inviolable, and disproportionate technical enforcement that infringes on the rights of others is contrary to EU law.

The court ruled that requiring Internet Service Providers to conduct general filtering of Internet traffic to prevent copyright infringement is incompatible with the Electronic Commerce Directive and with fundamental rights.  Requiring an ISP to install  such a complicated, costly computer system at its own expense is a serious infringement of the freedom to conduct business. What is more, such systematic analysis of all  content passing through the network undermines both the customers’ right  to protection of their personal data and their right to receive and impart information.

The ruling from the Court of Justice of the EU will have serious implications for content blocking systems imposed on ISPs in other Member States, especially where these are also maintained at the ISP’s expense.

“The Internet industry  plays  a  crucial  part in connecting  European citizens  and  businesses  to  information,  news, entertainment, social media, cultural content and other public interest content. This ruling is therefore of fundamental importance for the future of the Internet and the development of a strong Digital Single Market,” said Malcolm Hutty, President of EuroISPA

“Considering the major contribution that the Internet  industry can make to the economic recovery, it was indeed not the time to put  the  innovation  of the Internet  at risk, and it is of fundamental importance for the future of the Internet that the principles reaffirmed in the ruling are respected”, he continued.

Background

By a judgment on 29 June 2007, the Belgian ISP Scarlet was ordered to install a filtering system to monitor all peer-to-peer traffic on its network and  to  block  the exchange of  files which were included in the repertoire of collecting society SABAM. Scarlet appealed against that judgment to the  Court of Appeal of Brussels, which must  now  decide whether to uphold the measure adopted against Scarlet. In that context, the Court sought a ruling from the Court of Justice on whether EU law permits national courts to order ISPs to install a system for filtering and blocking electronic communications.