Are you an ISP? Don't be so fast to answer 'no'. Under the Commonwealth Government's recently introduced Broadcasting Services Amendment (Online Services) Act 1999 (the 'Act'), your business may be considered an Internet service provider, with potentially significant effects. Much national and international attention has recently been focussed on the Act, often referred to as the Internet Censorship Act. Attention has been concentrated on the merits of one country attempting to impose a censorship regime on the Net, but another issue of concern is the ambiguous way in which those persons regulated by the Act are defined. These definitions expose to regulation many entities which at first glance might not be considered ISPs, and call into question the extent to which the Act can be enforced in practice.
ISPs and hosts who fail to comply with these notices are liable to be fined $27,500 per day in the case of a corporation, and $5,500 per day in the case of other people.
The definitions provided in the Act for ISPs and content hosts provide scope for some unlikely businesses to find themselves on the receiving end of a take-down or access-prevention notice.
A draft Internet Industry Code of Practice (the 'Code'), recently submitted to the ABA for approval, simply adopts the Act's definition of 'Internet content host'. However, the use of the term throughout the Code suggests that the Code's drafters intended the term to refer to entities which provide facilities on which the Internet content of other people can be stored and centrally administered by the host.
The reality of website management these days is quite different from that anticipated by such a definition. These days, many hosts (which are usually ISPs) offer their customers a permanent 'direct' connection to the Internet. While the host supplies the technology which provides the customer with Internet access, the customer sets up and administers its website itself. Alternatively, another common practice is 'telehousing', where a customer's server is located on the ISP's network, but is completely controlled by the customer. The number of Internet users utilising these kinds of arrangements is growing extremely rapidly. Representatives of a large commercial ISP have reported to us a 300% increase in the number of direct connections provided to customers within the last year. Both corporate and non-corporate customers utilise the services.
The Act's ambiguous definition of 'Internet content host' means that these businesses and people who manage the content of their own website may, despite the wording of the Code, be liable to be served with a take-down notice by the ABA. This also raises the issue of what action can be taken by an ISP/host which provides direct Internet access for its clients, if it is served with a take-down notice. In such a situation, a host could only ensure that even a small amount of prohibited material is taken down by taking the drastic action of blocking access to the entire website, preventing any of the customer's material being accessible via the Internet.
Close examination of this definition suggests that some surprising types of entities may be covered by the Act as ISPs.
However, even if a business does not own its own server, it may still be considered to provide services enabling end-users to access the Internet. A business which enters into an agreement with an ISP under which it is provided with access to the Internet, and which in turn permits other people to access the services provided by that ISP, is arguably providing those people with a service enabling them to access the Internet (in much the same way as many companies now offer repackaged telecommunications services, despite not actually owning the telecommunications infrastructure such as telephone wires, etc). On this basis, even businesses which do not own their own servers may, in some circumstances, be considered ISPs under the Act's definition.
Consider, for example, a business which allows its employees to place information on its website, or even to use the business's computers to place information on Internet bulletin boards unrelated to the business. By doing so, the business is arguably providing employees with a service enabling them to access the Internet and communicate simultaneously with many people. As it is possible (and practically inevitable) for at least one of those people to be outside the immediate circle of the business, that business is an ISP under the Act, liable to be served with an access prevention notice.
Companies providing independent contractors with access to the Internet also appear to be ISPs under the Act. Although employees of companies and partnerships are considered to be within the 'immediate circle' of these entities, according to the Telecommunications Act, independent contractors are not included within the 'immediate circle'. By providing independent contractors with facilities on which they can access other people's websites, a company is providing a means for information to be passed over the Internet between 2 end-users outside its immediate circle. It therefore falls within the Act's definition of 'ISP'.
These days, the staff of many businesses are composed of a combination of employees and independent contractors (depending on the basis on which a staff-member is hired and how the continuing relationship between the business and the staff-member is conducted). It is also not uncommon for businesses to provide their staff with relatively unrestricted access to the Internet. On this basis, many businesses could be considered to be ISPs, liable to be served with access prevention notices.
On a similar basis, other entities which appear to fall within the Act's definition of ISP include:
The businesses and people outlined above will also be regulated by the Code, should it be approved by the ABA. The Code adopts a broader definition of 'ISP' than that used in the Act, but includes all entities considered to be ISPs under the Act.
Obligations imposed on ISPs under the Code include not providing access accounts to persons who are under 18 (unless consented to by a responsible adult), and informing 'subscribers' not to obtain prohibited material from the Internet. Most importantly, the Code requires ISPs to make available to 'subscribers' mechanisms which enable restriction of access to particular content. Such mechanisms include filtering software, password controlled limited access systems, and optional differentiated services (ie the provision of access to a limited selection of Internet content, from which undesirable content has been censored).
'Subscriber' is not defined in the Code, and does not appear to describe accurately the basis on which, for example, an employee is provided Internet access by his or her employer. Despite this, such an interpretation may be applied by the ABA or the courts, requiring the types of businesses outlined above to comply with the Code's extensive requirements.
The Commonwealth Government also needs to reconsider how a regime of censorship of the Internet can and should be enforced. Seeking to regulate entities such as those outlined above will impose unwelcome costs on businesses generally using the Internet to facilitate the conduct of their business. Such a course of action will also create such a large number of ISPs that it will become almost impossible for the ABA to enforce the Act effectively. Aside from the issue of how the ABA can effectively monitor the operations of so many ISPs, it is questionable how the ABA will even be able to identify which businesses and other people are ISPs subject to regulation.
With take-down and access-prevention notices capable of being served by the ABA after 1 January 2000, these ambiguities within the Act and apparent inconsistencies between the Act and the Code require urgent resolution by the Commonwealth Government.
Andrew Chalet and Lucas Testro