Internet Realities Watch, vol. 4

Trust Architecture, Content Blocking, and Guiding Principles
Blog Post
March 13, 2019

This is the fourth blog in our Internet Realities Watch series, where we use our Idealized Internet vs. Internet Realities framework to track changes to the internet reality around the world. Read the previous post here.

Governance Tier Element Changes
Laws & Regulations 9
Social Norms 0
Standards 0
Markets 3
Architecture Tier Element Changes
Content 9
Application & Presentation 1
Session 0
Transport 1
Network 1
Data Link 0
Physical 0

Australia: A coalition of civil society organizations, trade associations, and tech companies—including Facebook, Apple, Google, Twitter, and Microsoft—warned that the Australian government’s December 2018 law on encrypted data access could create dangerous backdoors. The Internet Architecture Board has issued comments stating that the result of the bill could threaten to undermine the trust architecture of the internet, as the bill could impact the security of endpoint devices and therefore the confidentiality of content sent over the internet.

France: Laetitia Avia, a French lawmaker, is reportedly going to present a draft of a bill to punish social media platforms that don’t take down hate speech at the government’s request. “Avia told BuzzFeed News that the law will be based on legislation adopted by Germany in 2017 known as NetzDG. Under the law, fines of up to $60 million can be imposed on platforms that fail to take down hate speech or other illegal content within 24 hours.” This would impact content online by to adding regulatory pressure on social media companies to comply with government content takedown requests.

Iraq: Parliament is considering a draft cybercrime law that critics say would give carte blanche for security and intelligence services to repress free expression online and undermine the privacy and anonymity of internet users. For instance, its article 3(a) carries a sentence of life in prison for using a computer device or an information network “for the purpose of undermining the independence of the country, its peace, or its economic, political, military, or security interests.” The draft law would affect the content element of the internet.

Ireland: The country’s Data Protection Commissioner is investigating Twitter, LinkedIn, and Apple, as well as Facebook and its subsidiaries WhatsApp and Instagram, for possible GDPR violations with respect to personal data processing and transparency of information. Its Communications Minister has also announced a proposal for an Online Safety Act that would allow a cyber safety commissioner to take action against platforms that host harmful online content (i.e., threatening, intimidating, or harassing content), including fines and prosecution for those services which refuse to comply with removal requests. This proposal would impact the content element of the internet.

Philippines: Members of the news website Rappler, including its CEO and Executive Editor, have been arrested under the government’s claim that a cybercrime law—itself controversial—amends the libel statute of limitations from one year to twelve. Several organizations, including Reporters Without Borders and Amnesty International, have condemned the arrest. It remains undetermined whether “cyber libel” should be distinguished from the libel definition already in the Philippines’ Revised Penal Code. This concerns how content is regulated online.

Russia: Roskom, Russia’s internet regulator, is blocking access to encrypted email platform ProtonMail by manipulating the Border Gateway Protocol (BGP), which routes internet traffic, to reject internet traffic instead of routing it to the correct endpoint. This manipulation of the internet’s network architecture impacts both content sent along the internet (by denying access to emails) and applications used on the internet (by denying access to the encrypted email itself). However, ProtonMail reports it has implemented temporary measures to minimize the impact of the block.

South Africa: The incoming Cybercrimes Bill will require electronics communications service providers and financial institutions in South Africa to report any of a new list of cyber offenses committed on their systems within 72 hours after discovery. New offenses under the bill include the distribution of intimate messages (likely targeting revenge porn), infringing copyright through peer-to-peer sharing, and disseminating data messages that advocate, promote, or incite violence or discrimination. These all impact content posted or distributed online. Internet Service Providers (ISPs) interviewed by the media generally have positive reactions to the bill, with one entity highlighting its non-violation of existing net neutrality—preserving network openness.

South Korea: The Korea Communications Standards Commission (KCSC) blocked access to 895 overseas sites with “harmful” content—primarily websites with child pornography and pirated media, as well as gambling websites. On its face, this impacts internet content, but there are other interesting implications for governance and architecture for the internet as well, including via how the KCSC is blocking the websites. For a detailed analysis of the policy change, see our forthcoming Internet Realities Analysis post. The filtering technique targets the transport element of the internet’s architecture.

Thailand: Thai legislators passed the controversial Cybersecurity Act that would allow the government to search, seize, infiltrate, and copy systems and information without a warrant. The law, which lacks adequate rule of law protections like court orders or reviews, does not fundamentally alter any internet infrastructure, but could have a chilling effect on how freely Thai people use the internet. Activists strongly rebuked the law when it was proposed in 2018.

United Kingdom: A report from the House of Lords’ Select Committee on Communications, titled “Regulating in a digital world,” recommends the creation of a “new Digital Authority to oversee… regulation with access to the highest level of the Government to facilitate the urgent change that is needed.” The Committee recommends ten guiding principles for internet regulation, including:

  • Parity, or the notion that individuals deserve “the same level of protection… online as offline”;
  • Respect for human rights and equality;
  • Openness, or the principle that “the internet must remain open to innovation and competition”; and
  • Democratic accountability.

This could impact many elements of the internet’s architecture and governance, including (to address some mentioned here) freedom to access content, network openness, and market competitiveness online.

United States: One of the President’s advisors suggested in January that it might be time to amend Section 230 of the Communications Decency Act, which essentially frees internet companies from the responsibilities of traditional publishers, like moderating content. This has generated more concern in the weeks since. “It’s not crazy to consider amending the provision, no matter the trillions of dollars resting on it,” says Joshua Geltzer. “But the law itself is being mischaracterized and therefore misunderstood—including by the very legislators who’d be responsible for amending it.” Amending the law could force content platforms, like social media platforms, to moderate the content on their websites.

In holistic trend analysis, see Justin’s Foreign Policy article on how democracies need to find a better balance between internet openness and internet control that protects citizens from cyber harms while still preserving the benefits of a global and open internet. Read this piece on Chinese users leveraging the blockchain to fight government censorship. And in Just Security, read Faiza Patel’s analysis of recent online free speech laws in the European Union.