Does net cut-off plan break EU law?

OUT-LAW Radio, 26/11/2009

One academic has said that the disconnection of open Wi-Fi network operators for other people's actions under the Government's anti-filesharing plan could break EU law.

• Download OUT-LAW Radio 26/11/2009 (10MB, 11 minutes)
• Low quality recording for 26/11/2009 (2MB, 11 minutes)
• Instructions for listening and subscribing to OUT-LAW Radio

A text transcription follows.

This transcript is for anyone with a hearing impairment or who for any other reason cannot listen to the MP3 audio file.

The following is the text spoken by OUT-LAW journalist Matthew Magee.

Hello and welcome to OUT LAW Radio, where we hope to keep you up to date with the latest news and the most fascinating features from the world of technology law.

My name is Matthew Magee, and this week we dive headlong into yet more controversy about the government's plans to disconnect file sharers' internet access. Could the Digital Economy Bill threaten the very existence of open WiFi networks and does that clash with EU law? We talked to one professor who thinks it just might.

But first, here are some of the top stories from OUT-LAW.COM, where you can read breaking technology law news throughout the week.

Advertising industry urge non disruptive interpretations of cookie law

and

UK equality laws are inadequate says European Commission.

A trade body representing advertisers has called on European countries not to implement new EU cookie laws in ways that would 'disrupt' use of the internet.

The World Federation of Advertisers which claims to represent the companies behind 90% of the world's advertising spending, has warned that new EU laws on websites' use of cookies could obstruct people's use of the internet and damage the prospects of advertisers and the web publishers who rely on their backing.

The European Parliament passed a Telecoms Package of reforms this week which included an insistence that the storage of cookie files on a user's computer is only allowed with their knowledge and consent.

This has raised the possibility that people visiting websites for the first time will have to manually approve every cookie stored on their machine. One page can contain multiple cookies, as can adverts on those web pages.

The WFA and Interactive Advertising Bureau Europe have both encouraged countries to choose an interpretation of the rules which would allow consent to be expressed through web browser settings, as is now the case.

Technology law expert Struan Robertson of Pinsent Masons, the law firm behind OUT-LAW, said that while that interpretation makes business sense, it is 'optimistic'.

The UK's equality laws are inadequate, according to the European Commission, which has announced that it has begun legal action against the UK.

The Commission has said that the UK's laws are not compliant with the Equal Treatment Directive. It has begun legal action over the issue because the UK's laws define discrimination too narrowly, have too wide sex discrimination exceptions; poorly defined political exceptions and do not establish the right of associations to support discrimination victims clearly enough.

A government spokesman said it would 'study the reasoned opinions carefully'. The government has an Equality Bill currently passing through Parliament.

Those were some of the top stories from this week's OUT-LAW News.

The government last week published more detail on its plans to cut off the internet connections used by people who the recording industry claims have been engaging in copyright infringing file sharing. Not that much detail, as it turns out, but more of that later.

One eagle-eyed academic has spotted something, though, in what has been published. and not only does it potentially threaten the future of the open, free WiFi networks that dot the country, but it could also put the Government's bill in conflict with European law.

Lilian Edwards is Professor of internet law at the University of Sheffield, and she has noticed that the bill says that 'technical measures', including disconnection, can apply not only to people who are accused of copyright infringement but to those running networks which are used by those people.

The Bill says that action can be taken not just against someone suspected of infringing copyright but also if 'a subscriber to an internet access service has allowed another person to use the service, and that other person has infringed the owner’s copyright by means of the service'.

Edwards said that this could mean that it will be impossible to operate a WiFi network without fear of being on the hook for someone else's alleged copyright infringement.

Lilian Edwards: I think there is a strong likelihood that having unsecured WiFi might well be seen as allowing other people to use your service which means that effectively it looks like you would become responsible for their copyright infringement – if their alleged copyright infringement. But certainly there is nothing in the Bill as I read it right now that says that a rights holder has to in any way discriminate between knowing it is sending a warning to an infringer and knowing it is sending a warning to someone who might just have been running a WiFi network or indeed might just have been taken over by a zombie virus which was using the network to download.

Why is this important? Edwards says because there are people out there who rely on open networks, and it is not just individuals. Organisations like libraries, schools, hotels and cafés all routinely offer free access, something Edwards had thought the Government wanted to encourage.

Lilian Edwards: A lot of people do have WiFi networks and a lot of people secure them but some people do not either because they do not know how or because they actually think it is nice to give that service to their neighbourhood. And there are actually no technical reasons why you should not do that as long as you take other forms of security such as firewalls.

Matthew Magee: So would you advise people once this becomes law to close their WiFi networks?

Lilian Edwards: I suppose I would rather reluctantly. It will make life very difficult for not just domestic consumers but institutions who often offer the public WiFi – unsecured WiFi; hotels, cafés. You know these are all part of the social glue, that may all have to go because it will all have to be locked down so these people can avoid copyright liability. And that seems quite a sad loss because that points against other policy goals like digital inclusion for example.

There is something of a caveat here though: we cannot be sure exactly what the Bill means because it is so vague, with so much being left to be specified in the Code of Practice governing disconnection. This in itself could be a problem.

Lilian Edwards: All the detail of this as to standards of proof and standards of evidence remains to be seen. It is to be put into the Code. It may or may not be put into the Code. Modern legislation tends to be very complicated and a great deal of it is often left to be made by statutory instruments as they call them. That is the delegated legislation. The problem there is partly yes that making law that way makes it very difficult to understand, and at this stage when it has just been introduced, when all you have is the primary legislation, it makes it very, very hard to scrutinise it; to say well this will be unfair, this will be a breach of human rights, this will be in breach of due process, because the response from the Government over and over again tends to be oh it will be alright, it will be in the Code of Practice but you cannot know that right now. So I think it has got quite serious constitutional, democratic implications especially when you are dealing with something like this which is imposing a sanction in the end which is almost like a criminal sanction. They are saying it is not but it seems to me that disconnection from the internet is at least quasi punitive.

If Edwards is right the Bill could be in a spot of bother in Brussels. The E-commerce Directive protects people who run networks from liability for the actions of the network's users. The Directive, which became UK law as The E-commerce Regulations, says that until a network operator is told about somebody's actions they have no responsibility for them, and nor do they have to monitor networks to actively seek illegal behaviour.

Lilian Edwards: This legislation is potentially in breach of the Electronic Commerce Directive; Articles 14 and 15 particularly, in which Europe has said, yes, that hosts and service providers are not to be liable for the acts of others who basically are the end users of their services. Right? And it is designed to protect people like ISPs. I think it has not been fully thought through quite honestly in this legislation whether that might be a competing principle but certainly, yes, if you take the WiFi example it is a good example. Is that person, the WiFi provider, not meant to be protected against the illegal acts of others over whom he has no real effective control? And you can say back to that; well maybe the answer is that he has to secure his WiFi but if that is so you are making that the new law and I think that is a big issue.

Now this clash depends on individuals and libraries, schools and cafés and the like being deemed to be network operators within the terms of The E-commerce Directive. Edwards said that the UK courts have already ruled in a case involving Google that they would be likely to fit this definition.

Lilian Edwards: There has been a lot of discussion about the vis-à-vis Google for example, how Google, an information service provider as the ECD puts it, when they do not actually charge money for their services and the general opinion has been yes they are because they provide a service of a kind that people could charge money for, that people might normally charge money for. That has been the general interpretation and indeed very recently that interpretation has actually been upheld in UK law, in a recent libel case involving Google. So I think, yes, a non commercial host or service provider does fall within that protection.

The Department of Business, Innovation and Skills told us that anyone who believed that they should not have been disconnected could appeal. What is not clear is what the basis of that appeal would be if the law says as Edwards contends that it is an offence to allow someone else to use the network to infringe copyright.

The Department said that operators could use software to monitor the network. This, though, risks pitting the law even more severely against The E-commerce Directive, which specifically absolves network operators of the responsibility to monitor people's use of the network.

The Department said that it believed the law was compliant with all EU rules and regulations. Edwards maintains that though the Government has arguably not given us enough information on which to base a detailed legal argument, it looks as though the days of open WiFi may be numbered, but that that could bring London into direct conflict with Brussels.

That's all we have time for this week, thanks for listening. Why not get in touch with OUT-LAW Radio? Do you know of a technology law story? We would love to hear from you on radio@out-law.com. Make sure you tune in next week; but for now, goodbye.

OUT-LAW Radio was produced and presented by Matthew Magee for international law firm Pinsent Masons.