The liability of intermediaries

The internet has radically changed the way people communicate. Technological developments have drastically reduced the costs of creating content and publishing it to a large audience. The rise of blogs, discussion fora, and social media has enabled and empowered individuals to communicate directly with others all around the world. Through effective search engines and social sharing, the content that individuals post also becomes visible and discoverable to a potentially massive audience, sometimes far beyond the intended reach of the primary poster.

This democratisation of speech is something to celebrate. User-generated content and user innovation signal a massive potential step forward in free speech and in economic productivity. When Time Magazine named 'You', the user, as its Person of the Year in 2006, it celebrated a revolution signified by an “explosion of productivity and innovation” that brought “millions of minds that would otherwise have drowned in obscurity […] into the global intellectual economy”.1) Clay Shirky's book 'Here comes everybody'2) captures the sense of optimism that this revolution may liberate and empower amateurs everywhere to participate in the creation and distribution of media. This phenomenon is often seen as a revolution in democracy itself, removing the power to control discourse and influence thought, culture and politics from the hands of a small number of global corporations and redistributing it to ordinary internet users the world over.

At the same time, however, the disintermediation of speech makes legitimate, democratic regulation by states much more difficult. By facilitating direct sharing between users, the internet largely bypasses the gatekeepers of the mass media era: the publishers, broadcasters, and producers who have been the traditional targets of regulation. Laws concerning content standards, sub judice contempt of court, and incitement to crime, for example, have all historically been overwhelmingly applied against print publishers and broadcasters, rather than individuals. In the online environment, by contrast, new intermediaries are usually not legally responsible for determining the content they carry. Individuals are responsible for what they post, but regulating the behaviour of individuals online is extremely difficult. The global nature of online networks, the potential anonymity of speakers, the lack of editorial control, and the sheer volume of communications makes it difficult to enforce the law in direct legal actions against wrongdoers.

Users’ interests

When we consider the regulation of online intermediaries, it is important that we do not focus solely on the technological and financial impacts of regulation on the intermediaries themselves. These are important considerations, but they are not the whole story. It is also critical to ask: whom are these laws really targeting?

Often, the law’s target is not the intermediary itself.

Online copyright infringement provides a useful example: when the content industry and lawmakers attempt to make ISPs responsible for copyright infringement that occurs over their networks, what they really care about is the flow on effect on users. The content industry wants ISPs to take certain actions against their users, such as sending warning notices or suspending accounts. The industry hopes that ISPs will be compelled to do this if they face legal liability for not impeding infringement. The real targets of this regulation, then, are end users.

There are valid reasons for targeting intermediaries rather than suing the end users themselves. On the internet, users are often difficult to identify, contact and bring legal action against. Plus, they are many. Chasing individual users has been described as “a teaspoon solution to an ocean problem”.3) Thus, there are legitimate efficiency reasons for suing just one entity – the intermediary – that might be able to have a real impact on the proliferation of unlawful activity online.

Users have their own interests, however, such as being able to access content for education, self-development and self-expression. Users have interests in being able to creatively play with content to produce remixes, mash up and commentary. They have autonomy interests in being able to view or listen to content at times that are convenient for them. Users have their own speech interests. These interests can be easily forgotten in intermediary regulation, because we are trained to think of legal disputes as two party problems – the plaintiff on one side (in copyright cases, this is the content industry) and the defendant on the other (the intermediary). In this two-party framework, users do not have an opportunity to defend themselves or to present their interests. Often, courts or lawmakers simply presume that the majority of users are acting unlawfully and proceed with regulation on that basis.

This is a concern because, as noted above, regulation can fundamentally impact users and how they are able to interact online. When courts and lawmakers are dictating the terms of the technology that allows people to access and engage with content online, then it is important that they recognise the full social consequences of those decisions. As Mark Lemley and R. Anthony Reese have argued, actions against intermediaries lack the granularity of suits against individuals:4)

For example, in the Grokster case, the Central District of California had to decide either to ban the distribution of software that permits users to connect to the Morpheus [file sharing] network or not to ban it. That essentially binary choice is ill-suited to the realities of the Morpheus network, over which individual end users trade lots of plaintiffs' content, trade some content that either is in the public domain or for which the copyright owner has given permission, trade some files of a type that tends not to be copyrighted at all, and trade significantly more content that might be copyrighted, but whose owner has neither granted permission for its use nor sought its removal by joining in the lawsuit.

In other words, cases against intermediaries are ill-suited to properly considering the fact that people act in different ways for different reasons – some lawful and some not – often over the same technology. When the decision is as blunt as to shut down a site or not shut down a site, or disconnect a user from the internet or not disconnect them, then we risk sacrificing all the legitimate and beneficial interactions in favour of regulating the unlawful ones.

A divergence from established principles

Much of online regulation focuses on regulation of or through intermediaries. It is important to be aware, however, that this is not the norm in the offline world.

The liberal basis of our legal system means that the law is comfortable with imposing negative duties, such as the duty not to harm others, but is less comfortable with imposing positive duties, such as a duty to affirmatively help others. We see this clearly in criminal law, in the prohibitions against bodily harm and assault, but it is also apparent in tort law, where duties are generally imposed to prevent people acting in ways that harm others (negligently, recklessly). The law will not generally force someone to help another, however. The common articulation of this rule is that there is no general duty to come to the rescue of another.5) There is also no general duty to exercise control over another person in order to prevent harm to a third party.

An important reason that the law does not impose liability for the failure to help someone else is a deep respect within the law for individual liberty. 6) Under common law, individuals are free to act as they choose so long as those actions do not positively harm others. The law will not interfere with a person’s liberty by coercing her to act in aid of another where she has had no role in producing the other’s misfortune. Courts have consistently held that the common law does not impose positive duties to act based simply on one party’s need and another party’s ability to meet that need.7)

An interesting question that arises with respect to internet intermediaries relates to the basis on which we purport to regulate them:

Are we asking intermediaries not to harm, or are we asking them to ‘rescue’ someone from another person’s harm?

If what we are doing is asking intermediaries to come to a person’s aid from third parties who are inflicting harm, then we must recognise that the conceptual legal basis for doing so is not particularly strong.

In tort law, there are some exceptions to the general rule that there is no duty to rescue another. One exception relates to a defendant’s control over a third party who causes the plaintiff harm. Where a defendant has a significant level of control, then we may require them to exercise that control to prevent harm. The law generally recognises only a limited number of relationships giving rise to a duty to control, however; these include relationships between parents and children, school authorities and pupils, and prison wardens and prisoners. It is clear from these examples that the relationships generally involve not only control on one side, but dependence or vulnerability on the other.

Another exception applies where the defendant has had some role in creating the risk from which the plaintiff needs rescuing. Then we can say that the defendant has actually contributed to the harm suffered by the plaintiff. Again, we see the law’s emphasis on personal responsibility at play. One object of tort law is to deter reckless and harmful behaviour. If a defendant has not caused the harm suffered by the plaintiff, then there is no reason to attempt to alter his actions through the imposition of liability; there is no unreasonable behaviour to deter. If, however, he has contributed to the risk of harm, then we can comfortably impose liability to deter that behaviour.

So far as online intermediaries are concerned, plaintiffs will try to argue that the intermediary has the requisite control over end users or that the intermediary has had a role in producing the wrong committed against them. As you proceed through the content on regulating intermediaries with respect to defamation, copyright and other laws, you will see versions of these arguments arise again and again. The questions that continue to arise, the questions that you must ask, and the questions which have still not been satisfactorily answered by the courts are:

  • What does “control” look like and how much is needed to ground liability?
  • Which acts “contribute” to the risk of harm in the online environment and what role must an intermediary play before we compel them to act against their users?

To put this into context, think again of the example of online copyright infringement. Different intermediaries play different roles in copyright infringement. ISPs provide access to the internet over which people download. Other intermediaries provide file-sharing software or websites that enable sharing. Search engines help people to find infringing websites. How do we decide when one intermediary is “contributing” to infringement and another is not? This is what we will be exploring throughout this module on intermediary regulation.

It is the fundamental and overarching question of this module: What behaviour does (and should) make an intermediary liable?

The story of copyright is a neat illustration of a messy problem common to all attempts to impose restrictions on the flow of information over a decentralised, transnational network of 3+ billion people. Across the breadth of regulatory debates, there is a common set of difficult regulatory trade-offs. There are fundamental conflicts between the efficiency of enforcement mechanisms, the liberty of private actors, the need for certainty in order to encourage investment and innovation, and the rights of individuals.

On the efficiency side, intermediaries are the 'cheapest cost avoiders'.8) Generally speaking, primary defendants are hard to reach – they are too numerous to be worth suing individually, or too poor, or unidentifiable behind layers of anonymity, or simply outside of the jurisdiction. For all of these reasons, intermediaries make attractive targets for liability; they are the focal points of the internet, with real power to influence how people communicate and access information). From the perspective of law enforcement, intermediary liability is not so much about fault as about efficiency and control.

For the telecommunications industry, intermediary liability is about certainty. Online intermediaries are hesitant to take on the responsibility to police the behaviour of users, and reluctant to bear the cost of doing so. Their arguments rest heavily on the need to encourage investment in innovative new technologies, technologies that disrupt or at least unsettle the continued operation of other industries.

As for the 'public interest', the issues are extremely complex. The basic principles of the rule of law require that our laws are enforced in a manner that is regular, transparent, equally and proportionately applied, and fair. In order to ensure that justice is carried out with due process, our constitutional system requires that the law is enforced by an independent judiciary. But delegating some responsibility for upholding the law and social standards to online intermediaries seems to be the only reasonable prospect we have for enforcing them. This can be problematic, since intermediaries may well be unable to effectively make complex judgment calls about the lawfulness of their users' conduct. For citizens, there is a difficult procedural trade-off between the efficacy of the legal system and the safeguards it provides.

These tensions are currently playing out across a range of different legal issues.

ISP Filtering

Consumer ISPs are a key target for regulation. When a user accesses an internet resource (like a website), the traffic necessary flows through their ISP. If it is not possible to easily regulate the user …

Sometimes this is done by explicit statutory schemes; other times,

Section 313

Kaava Watson explains s 313

In Australia, several different forms of pressure have been exercised in recent years to encourage intermediaries to take action to police the actions of their users. The most blunt is direct action by law enforcement agencies, who are empowered to make requests of telecommunications providers under s 313 of the Telecommunications Act. This provision requires carriers and carriage service providers to “do the carrier's best or the provider's best to prevent telecommunications networks and facilities from being used in, or in relation to, the commission of offences against the laws of the Commonwealth or of the States and Territories”, and to “give officers and authorities of the Commonwealth and of the States and Territories such help as is reasonably necessary” to enforce criminal law, impose pecuniary penalties, assist foreign law enforcement, protect the public revenue, and safeguard national security.

The section essentially enables police and other law enforcement agencies to direct ISPs to hand over information about users and their communications. Increasingly, however, it is also apparently used by a number of government actorsto require service providers to block access to content that appears to be unlawful, in cases ranging from the Australian Federal Police seeking to block access to child sexual abuse material to the Australian Securities and Investment Commission (ASIC) blocking access to phishing websites. Even the RSPCA is reported to have used the power, although the details of its request are not clear. There is significant concern over the lack of transparency around s 313(3) and lack of safeguards over its use.9) These came to the fore in 2013 when ASIC asked an ISP to block a particular IP address, not realising that the address was shared between up to 250,000 different websites, including the Melbourne Free University. The operation of s 313(3) is currently under review by the House of Representatives Standing Committee on Infrastructure and Communications.

The Australian Government recently introduced a legislative scheme to enable copyright owners to seek an injunction to require Internet Service Providers to block access to infringing websites and other internet resources.

The Act introduces a new Section 115A, which empowers the Federal Court to order injunctive relief against ISPs on application by copyright owners in respect of an 'online location'. Copyright owners are required to show that “the online location infringes, or facilitates an infringement of, the copyright”, and that “the primary purpose of the online location is to infringe, or to facilitate the infringement of, copyright (whether or not in Australia).”

The Act uses a definition that catches foreign internet sites that 'infringe or facilitate' infringement of copyright. 'Facilitate' is not a defined term in Australian copyright law; there is considerable uncertainty as to the breadth of this test. Presumably, the term is designed to include foreign sites that help people to infringe – for example by providing software or indexing services – but may not necessarily 'authorise' infringement.

The Act introduces a primary limiting factor on this broad 'facilitates' test: the 'primary purpose' of the foreign site must be to infringe or facilitate copyright infringement. Again, this 'primary purpose' test is not defined, but is presumably designed to exclude general purpose services which may be used to infringe. A general purpose search engine, for example, might link to infringing copyright and therefore 'facilitate' infringement, but its 'primary purpose' is to facilitate access to information generally, not to facilitate infringement.

The Federal Court must also take into account any other relevant matters before ordering injunctive relief. There is an enumerated list of the types of things the Court may have regard to in the legislation, and the most significant of these include “whether disabling access to the online location is a proportionate response in the circumstances”; “the impact on any person, or class of persons, likely to be affected by the grant of the injunction;” and “whether it is in the public interest to disable access to the online location”.

Student video topic

Extracts from s. 115A:

(1) The Federal Court of Australia may, on application by the owner of a copyright, grant an injunction referred to in subsection (2) if the Court is satisfied that:

  • (a) a carriage service provider provides access to an online location outside Australia; and
  • (b) the online location infringes, or facilitates an infringement of, the copyright; and
  • ( c) the primary purpose of the online location is to infringe, or to facilitate the infringement of, copyright (whether or not in Australia).

(2) The injunction is to require the carriage service provider to take reasonable steps to disable access to the online location.

(5) In determining whether to grant the injunction, the Court may take the following matters into account:

  • (a) the flagrancy of the infringement, or the flagrancy of the facilitation of the infringement, as referred to in paragraph (1)(c);
  • (b) whether the online location makes available or contains directories, indexes or categories of the means to infringe, or facilitate an infringement of, copyright;
  • ( c) whether the owner or operator of the online location demonstrates a disregard for copyright generally;
  • (d) whether access to the online location has been disabled by orders from any court of another country or territory on the ground of or related to copyright infringement;
  • (e) whether disabling access to the online location is a proportionate response in the circumstances;
  • (f) the impact on any person, or class of persons, likely to be affected by the grant of the injunction;
  • (g) whether it is in the public interest to disable access to the online location;
  • (h) whether the owner of the copyright complied with subsection (4);
  • (i) any other remedies available under this Act;
  • (j) any other matter prescribed by the regulations;
  • (k) any other relevant matter.

The scheme is inspired by UK legislation that enables courts to enjoin ISPs to block certain websites. Similar schemes exist in other jurisdictions - although, notably, other jurisdictions have found that they are disproportionate. The lack of evidence that the schemes worked led the European Court of Justice to strike down website blocking in the Netherlands.10)

Graduated response

Several jurisdictions around the world have introduced 'graduated response' or 'three-strikes' regimes. These are designed to require ISPs to pass on notices of alleged infringement to their users. Rightsholders employ private investigation or monitoring firms to detect the IP address of computers that appear to be filesharing their content, predominantly over the BitTorrent protocol. Rightsholders are able to trace this IP address as far as an ISP. They then send notices to the ISP, and ask ISPs to match the IP address and time details against a particular user account.

Carlie McCulloch and Jonathan Chabowski explain Australia's graduated response

Most graduated response schemes require ISPs to issue warning letters to the subscriber who has been matched in this way. Some schemes go further, and require ISPs to take other actions. The French HADOPI scheme famously required ISPs to disconnect users who received three allegations of infringement – although this was eventually struck down by the French Constitutional Council. The French Scheme was replaced with an administrative regime; several other jurisdictions, including New Zealand and South Korea, have introduced administrative regimes that can impose these types of technical penalties on users, but they have not been widely used.

Other schemes provide for expedited preliminary discovery proceedings once subscribers have received a certain number of allegations of infringement. These procedures variously allow rightsholders to apply to the ISP, a regulatory body, or a court, to reveal the identity of the subscriber. Rightsholders may then proceed to issue warnings, offers to settle, or initiate legal proceedings against the subscriber.

Australia has an industry-negotiated Code of Practice that will govern graduated response here.

Children's E-Safety Commissioner

Philippa Dryden explains the Enhancing Online Safety for Children Act

The Enhancing Online Safety for Children Act 2015 created the independent Office of the Children’s eSafety Commissioner.11) The Commissioner enforces the 2-tiered scheme as provided for by the Act, which exists for “the rapid removal from social media services of cyber-bullying material targeted at an Australian child.”12) “Cyber-bullying material targeted at an Australian child” is held to the standard of whether a reasonable person would think that it was directed towards an Australian child and whether it would be “seriously threatening, seriously intimidating, seriously harassing or seriously humiliating the Australian child.”13)

Parliament stated their intentions that they expect “each social media service will comply with the basic online safety requirements.”14) The system affects the behaviour of end-users both directly and through intermediaries (social media sites). Social media services are affected on a two tier system, with the essential difference in enforcement being that tier 2 services may have action taken against them by the Commissioner.15). The Act also may be used to target end-users who are deemed to have targeted an Australian child with cyber-bullying material through the use of an end-user notice with a number of consequences including removal of the material, refraining from posting such material and apologising.16)

This section is a stub. You can help WikiJuris by expanding it!

'Follow the Money'

Public and private actors are increasingly seeking to regulate user behaviour by asking payment intermediaries – like Mastercard, Visa, and Paypal – to exercise control over the flow of money.17)

Case study: Shana Webster explains how payment intermediaries attempted to shut down WikiLeaks

In 2010, WikiLeaks partnered with multiple leading newspapers around the globe (such as the Guardian and New York Times) to publish over 250,000 cables between the US Department of State and US Embassies worldwide. These disclosures included highly sensitive information, such as identifying that the American Special Forces had been operating inside Pakistan. As the publication of the information is legal in the US, the Government could not prevent the release. Instead, the State wrote to WikiLeaks, imploring them to cooperate. The letter was strategically penned so as to insinuate illegal operations by WikiLeaks. It alleged that the anonymous source who released the information had broken the law, and so long as WikiLeaks held the material, the violation was ongoing. When WikiLeaks failed to cooperate, the State leaked the letter to the media.

Political Pressure: Influencing the Financial Industry

Within days of publication, most of the major payment providers who were processing donations to WikiLeaks terminated their services to the organisation. These companies included Paypal, MasterCard and Visa. They argued that WikiLeaks had breached use policies by encouraging illegal activity. The intermediaries admitted that the only evidence of unlawful activity relied upon was the leaked US Government letter. However, the illegality insinuated was a reference to an obsolete piece of American legislation that has never been successfully applied. Furthermore, it can be argued that its jurisdiction doesn’t extend to organisations such as WikiLeaks.

The accusations made against WikiLeaks in the US Government letter have never been legally grounded. As such, it is widely believed that it was actually concerted political pressure by the US Government that persuaded the blockade. After the publication, the US Government had made open attempts to convince the public that WikiLeaks was a terrorist organisation. Several congressman had publically called upon private intermediaries to cease services to WikiLeaks, many of which obliged. There were also allegations that several intermediaries were privately pressured by members of parliament. The risks incurred by these companies in cancelling services include legal liability and public upheaval. The question is then, why? It is hard to imagine that a successful, private company would subsume to political pressure without receiving a benefit in proportion to the risk. The benefit may well be the aversion of threats or blackmail, financial payments, legislative favour or protection type agreements.

‘Community’ Internet Regulation & the Importance of Public Consensus

The public reaction was an immense display of the power of community internet regulation. It also highlighted the importance of public consensus relating to intermediary regulation. The hacktivist group ‘Anonymous’ launched Distributed Denial of Service attacks at every business who refused service to WikiLeaks. DDoS attacks work by flooding the website with so many requests that the site becomes inundated and unavailable to those trying to legitimately access it. This made clear that those intermediaries who move to regulate without public support will be held accountable by the online community. It also demonstrates the potential for extremist actions of those who will act in lieu of public support. There is clear potential for private actors to usurp an infrastructural level of governance and control the flow of information to society. In an information society, this is a significant power.

Was the blockade a success?

While the financial blockade was not successful in shutting down WikiLeaks, it managed to cause substantial damage to the organisation’s operational value. It destroyed 95% of its revenue and forced the company to cease publications for several years. In 2014, WikiLeaks was victorious in a lawsuit against one of the intermediaries for breach of contract. A tumble effect followed, with most major intermediaries reinstating services. As it stands today, all financial intermediaries aside from the Bank of America have reinstated WikiLeaks services.

The Ongoing Privitisation of Internet Governance

The payment blockade raised valid concerns as to the ongoing privatisation of internet governance. The intermediary action demonstrates that private actors who own critical internet infrastructures are willing to deny services to individuals without proven legal cause. There is an argument that intermediary regulation is the most viable option at present, given the substantive jurisdictional issues surrounding internet governance. However, these private organisations are absorbing a significant amount of power due to infrastructural design as opposed to legal capacity or appointment. It is not realistic to assume that they have the ability to remain objective and resilient in the face of political pressure.

Further reading

For those interested in further reading, please see:

BitCoin and other decentralised currencies

Help needed! This section is a stub. Please help out by filling in some details.

The regulatory pressure that can be imposed by payment gateways and providers has led some people to move to decentralised cryptographic currencies - like Bitcoin.

Madeline Menzies - Miha and Jen Singleton explain Bitcoin and the regulatory challenges it presents


1)
Lev Grossman, ‘You — Yes, You — Are TIME’s Person of the Year’ [2006] Time http://content.time.com/time/magazine/article/0,9171,1570810,00.html
2)
Clay Shirky, Here Comes Everybody: The Power of Organizing without Organizations (Penguin Press, 2008).
3)
In Re Aimster Copyright Litigation, 334 F.3d 643, 645 (7th Cir. 2003) (Posner CJ, quoting Randal C. Picker, ‘Copyright as Entry Policy: The Case of Digital Distribution’ (2002) 47 Antitrust Bulletin 423, 442).
4)
Mark A. Lemley and R. Anthony Reese, ‘Reducing Digital Copyright Infringement Without Restricting Innovation’ (2004) 56 Stanford Law Review 1345, 1379-1380.
5)
Dorset Yacht Co Ltd v Home Office [1970] AC 1004, 1027 (Lord Reid).
6)
John Stuart Mill, On Liberty (Start Publishing LLC, 2012), Chapter IV: Of the Limits to the Authority of Society Over the Individual.
7)
See, for example, Dorset Yacht Co Ltd v Home Office [1970] AC 1004; Smith v Littlewoods Organisation Ltd [1987] A.C. 241.
8)
See, for example, Guido Calabresi, ‘Some Thoughts on Risk Distribution and the Law of Torts’ (1961) 70 The Yale Law Journal 499; Harold Demsetz, ‘When Does the Rule of Liability Matter?’ (1972) 1 The Journal of Legal Studies 13.
9)
See, for example, Alana Maurushat, David Vaile and Alice Chow, ‘The Aftermath of Mandatory Internet Filtering and S 313 of the Telecommunications Act 1997 (Cth)’ (2014) 19 Media and Arts Law Review 263.
10)
​REIN v ZIGGO (​2012), translation provided by h​ttp:pirateparty.org.au/media/documents/ECLINLGHDHA201488ENGZiggo_v_BREIN.pdf)) An order to require ISPs to block access to The Pirate Bay was overturned on appeal, and the Court noted that rates of infringement had actually increased following the imposition of the block. The inference drawn by the court was that the measure could not have been proportionate, since it necessarily imposed a cost on freedom of speech for little ascertainable benefit.
11)
Enhancing Online Safety for Children Act 2015, s 14.
12)
Ibid, s 20
13)
Ibid, s 5
14)
Ibid, s 22
15)
M do Rozario and A Kogekar, Australia’s New Cyber-Bullying Watchdog (17 April 2015) Corrs Chambers Westgarth http://www.corrs.com.au/publications/corrs-in-brief/australias-new-cyber-bullying-watchdog/
16)
Enhancing Online Safety for Children Act 2015, s 41.
17)
See, for example, Mark MacCarthy, “What Payment Intermediaries are Doing About Online Liability and Why it Matters” (2010) 25(2) Berkeley Technology Law Journal 1139.
  • cyberlaw/intermediaries_general.txt
  • Last modified: 4 weeks ago
  • (external edit)