Internet Society of Australia
A Chapter of the Internet Society
ACN 076 406 801
In general, ICHs must be prepared to take down hosted content when notified, and ISPs must attempt to block access to prohibited content when notified.
A core issue of the legislation is defining who is affected by it - who actually is an ISP or an ICH? At first pass this might appear straightforward, but closer examination shows that:
ISOC-AU calls for a revision of the BSA, particularly with regard to ISPs, so that it takes into account the reality and limitations of Internet technologies, the enormous power of control they confer on end-users, and the personal responsibilities of individuals to use the Internet wisely.
This definition expands the potential categories of "hosted" content far beyond the accepted scope. Other content kept on data storage devices and available through an Internet carriage service may include: Usenet News (newsgroups), mailing-lists (one-to-many email distribution, often accessible via the Web), caches (local storage of frequently-requested content), FTP sites (anonymous file transfer), public software and vendor archives, streaming audio and video files, phone-to-Internet messaging systems, personal chat and contact messaging systems, and other "Internet content" that was apparently not taken into account when the legislation was drawn up. Any take-down or blocking systems that are suitable for regulating Web content will not be applicable to these other forms of content.
Another difficulty is that "ordinary electronic mail" is excluded from the category of "Internet content", but the term is not defined, either in the legislation or in real-life usage. Electronic mail is an enormously flexible protocol and it appears that the legislators of the BSA did not understand that almost any Internet content, including Web pages, may be both requested and automatically delivered by email under "ordinary" conditions. The only way to know whether an email is delivering business documents or prohibited content is by examining it, which would lead to major concerns in the area of commercial confidentiality and privacy.
Businesses with their own permanent connections would normally use it on their servers, but even someone with just a PC at home could run it and serve whatever content they wanted to the world. Even individuals or groups who simply use a cable modem rather than a permanent Internet connection can and do provide Internet accessible content.
The implication of the imprecise definitions and lack of understanding of the implementation of the Internet in real terms is that all of these groups and individuals may be regarded as ICHs under the BSA, so are exposed to potential liability under legislation that they probably have no idea would apply to them. They have to be able to be notified by the ABA to take down prohibited content if necessary.
A major education campaign pointing out their responsibilities and potential liability should be implemented as soon as possible by the government.
An Internet carriage service is a "listed carriage service" (under the Telecommunications Act 1997) which enables end-users to access the Internet.
A "listed carriage service" is a carriage service between points in Australia, or with at least one point inside Australia (Telecommunications Act, Sect 16), while a "carriage service" means a service for carrying communications by means of guided and/or unguided electromagnetic energy.
The BSA states that a service is supplied to the public if:
an Internet carriage service is used to supply point-to-multipoint services to end-users, and at least ONE end-user is outside the "immediate circle" of the supplier of the service.
Point-to-multipoint services are defined in the Telecommunications Act as "a carriage service which allows a person to transmit a communication to more than one end-user simultaneously".
In the case of the Internet, many services allow an end-user to transmit a communication to more than one end-user simultaneously. In particular, Web servers, as mentioned above, can supply the same content to thousands of simultaneous Internet users, so may be regarded as point-to-multipoint services.
So it only needs one end-user to be outside the immediate circle of the supplier of the service for that supplier to be regarded as an ISP. By this interpretation, anyone running a Web server whose contents are available to someone outside the immediate circle, such as a business advertising its products via the Internet to the world, becomes an ISP.
If this is so, then every time the ABA needs to notify "ISPs" to block prohibited content, the population they must notify has now expanded to all of the entities in Australia who allow content on their Web sites to be accessed by Internet end-users.
If, on the other hand, the provisions of the IIA Industry Code are accepted, with their apparently less onerous requirement of providing filtering software and blocking blacklists, the task of implementation and compliance is still a massive one which will impose major costs on large and small businesses, none of whom are aware that they are liable as ISPs under the legislation from 1st January 2000. The requirement for the ABA to provide mechanisms to update blocking blacklists to such a large population may also create substantial difficulties.
Many businesses provide their Web services from their own machines with a permanent connection to the Internet - industry estimates put the existing numbers of permanent connection at around 16-20,000, with three times that number expected to be installed over the coming year at current rates. This suggests that right now up to 20,000 entities could be ISPs under the BSA, and as many as 60,000 may be in a year's time.
However, should the point-to-multipoint definition not hold, we are left with a further paradoxical situation. In this case, the entities who offer Internet access to only their immediate circle are not ISPs, and have no obligation to block access to overseas prohibited content. However, a large proportion of these groups have direct access (permanent connections) to the Internet, their traffic is normally not filtered in any way by upstream ISPs, so the responsibility for blocking access does not rest with any other entity.
So under two definitions of "ISP" the legislation forces some very unexpected organisations into that category with its associated penalties, but if one of these definitions does not hold, the legislation then permits many other organisations to avoid its requirements altogether, which is presumably not the intended outcome.
In the case of prohibited content hosted outside Australia, the ABA must notify ISPs to take steps to prevent end-users from accessing the content, either by written notice (clause 40) or by unspecified electronic means (clause 51). Revocation notices (44) must be by means of a written notice.
If the ICH or ISP does not comply with a take-down notice by the end of the next business day, the financial penalties are severe. The implication is that all of the above businesses, organisations, clubs, institutions, as well as anyone running software that provides Internet access to content upon their computer, must:
This does not address the requirement of the ABA to notify ICHs and ISPs by means of a written notice. It does not address the sheer diversity and enormous range of Australian entities that are ICHs or ISPs under the loose definitions of the legislation. It does not address the need for those entities to set up administrative and technically viable procedures for them to be able to respond to ABA notices by the 1st January 2000. It appears likely that the remaining time available at this stage will not be enough for compliance to be achievable.
Given that the range of public and private entities who are categorised as ICHs and ISPs under the legislation appears to comprise a large proportion of all Internet users in Australia, including but not limited to most e-commerce initiatives, this will be a major planning, logistical and procurement problem, and will probably have a significant impact on the fastest-growing component of the Australian economy.
It is the government's expressed intention to bring about industry self-regulation through voluntary Codes of Practice. When the industry was estimated to comprise around 650 ISPs, this was a perfectly achievable goal. However, in the case of 20,000 entities now classified as ISPs, some problems arise:
The BSA has two main areas of application: ICHs and ISPs. While they are both Internet activities, in some respects this is their only similarity - in fact, bundling them together in the same legislation means that the useful aspects of the Act have been overwhelmed by the anomalous ones.
The legislation on ICHs refers to hosting content within Australia, and seeks to bring it under the same controls as TV and video classification. In general, most people would agree that content hosted within this country should be under legislative control like any other content so long as this is consistent with the requirements of our society, although questions remain about whether these are the most appropriate classifications.
The legislation on ISPs, however, is where the BSA is greatly flawed. The technology of Internet connectivity and world-wide packet flow means that trying to classify and restrict particular components of this flood, which is quadrupling in volume every year, is as futile as trying to classify the electrons in a high-tension power line.
Analogies are always imperfect, but what we must never lose sight of is that the transport of Internet traffic is very like the delivery of electricity, expect that it's simply ones and zeros being delivered. Content does not exist except in the hands of content suppliers and end-users: in between there is only the transmission of data packets.
There is no content until these are re-assembled at the end-point of a network, at the display where a human being can observe and make a judgement. That is the stage at which responsibility and care must be exercised - by the end-user. With electrical technology we appreciate that that there are dangers involved, but we teach our children responsible usage at the levels at which we can have control: the personal, the family, the school. Users must be trusted, just as they are trusted with the life-and-death power of electricity, to make appropriate choices, and to to educate their children about those choices.
On the other hand, ISPs, whether the 650 businesses first assumed, or the 20,000 potentially affected under the legislation, should not be forced to try to implement something that simply cannot be implemented at their level of operation.
ISOC-AU calls for a revision of the BSA, so that the legislation that applies to ISPs is removed or substantially altered, so that it takes into account the reality and limitations of the multitude of Internet technologies, the enormous power of choice and control they confer on end-users, and the personal responsibilities of individuals to use the Internet wisely.