Home Page | About Us | Press Enquiries| Reports | Policy Issues | News Items | Press Releases | Mailing Lists | Bookstore
response to the
Better Regulation Task Force Review of E-Commerce
12 October, 2000
Cyber-Rights & Cyber-Liberties (UK) (http://www.cyber-righs.org), which was founded in January 1997 with the aim of promoting free speech and privacy in regard to the Internet, welcomes the opportunity to make a written submission to the Better Regulation Task Force in relation to review of e-commerce regulation in the UK.
We have addressed the issues related to better regulation and the principles of good regulation of the Better Regulation Task Force in the past in relation to Internet content regulation and the role played by the Internet Watch Foundation (see appendix I).
We have also referred to the principles of good regulation, again in the context of Internet content regulation, in our submission to House of Lords Select Committee on the European Union by Sub-Committee B (Energy, Industry and Transport) on e-Commerce: Policy Development and Co-ordination in the European Union (see appendix II) which was published in the House of Lords Select Committee Fourteenth Report entitled E-Commerce: Policy Development and Co-ordination in the EU, 25 July, 2000.
We have also relied on and referred to the principles of good regulation in relation to the Regulation of Investigatory Powers Act 2000 in a letter sent to the House of Lords on 29 June, 2000 (see appendix III). Lord McNally referred to our letter and the test that we have set up in relation to regulating the Internet. (see appendix IV)
Although your review is much more concerned with e-commerce regulation, we believe you will find our comments useful especially in relation to promoting consumer confidence, and consumer protection in the UK. However, while trying to achieve such confidence and protection, the rights of individual Internet users such as privacy and freedom of expression should also be taken into account. Therefore, such a review of e-commerce regulation should also consider the impact of the Human Rights Act 1998.
So far we believe that the government through the Home Office and the DTI has not fully taken into account the Human Rights Act. We have witnessed the importance given to "business interests" over individual rights in the past and now with the recent publication of the DTI Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 under sections 4(2) and 78(5) of the Regulation of Investigatory Powers Act 2000. In our view, such regulations together with the RIP Act, will NOT contribute to the Government's aim of making the UK the best place for e-commerce by encouraging modern markets and confident consumers. In our view, there is nothing in the Government’s current policy that promotes confidence and trust in the Information Age. If the UK is to become the best place for e-commerce, it should also offer the best protection for individual rights and liberties.
We note the Better Regulation Task Force’s October 1999 Self-Regulation report which states that regulation should be "necessary, fair, balanced and command public support". Your report also identifies five principles against which to test the appropriateness and effectiveness of regulation. They are:
So far you have used these in all your work to judge the standard of existing or proposed regulations. Therefore, we hope you will apply the above principles to the following government regulations:
Electronic Communications Act 2000
Regulation of Investigatory Powers Act 2000
and especially to the self-regulatory Internet content regulation scheme that involves the quasi-regulatory body, the Internet Watch Foundation. Although we believe that self-regulation may have some advantages in this field (we note the Better Regulation Task Force report Alternatives to State Regulation, July 2000), we do not think that the IWF has been open, transparent, and accountable about its policy and policy making process. If bodies like the IWF are to exist, then they must more clearly be subjected to standards of constitutionality and good government. They must also have greater regard to legal standards, especially those standards which serve to protect liberty.
We believe there is an important role to be played by the Better Regulation Task Force in this field and effective government regulation and self-regulation or co-regulation should meet the principles of good regulation.
Written by Mr. Yaman Akdeniz,
Director of Cyber-Rights & Cyber-Liberties (UK),
URL: http://www.cyber-rights.org and http://www.cyber-rights.net
Phone: 0498 865116
Fax: 07092 199011
Postal Address: Centre for Criminal Justice Studies, Faculty of Law, University of Leeds, Leeds LS2 9JT.
From the Cyber-Rights & Cyber-Liberties (UK) report: Who Watches the Watchmen: Part II: Accountability & Effective Self-Regulation in the Information Age, August, 2000/
Better Regulation is the only way forward
It is important to emphasise the importance of some of the fundamental principles to be observed and taken into account while decisions are taken by government and other self-regulatory bodies related to public matters. Although the IWF acts as a private self regulatory body, its actions directly involve public matters and the IWF is involved with the UK government’s policy making process.
Therefore it is important to mention the Nolan Committee principles on good standards in public life, Better Regulation Task Force’s Principles of Good Regulation and the respect for fundamental human rights such as freedom of speech and privacy. Such fundamental rights will in any event become legally binding by the incorporation of the European Convention on Human Rights with the enactment of the Human Rights Bill 1998.
The report will now examine these principles.
The Nolan Committee Principles
The Nolan Committee which dealt with Standards in Public Life established "Seven Principles of Public Life". These are: selflessness, integrity, objectivity, accountability, openness, honesty, and leadership. These principles apply to all aspects of public life and the Committee has set them out for the benefit of all who serve the public in any way. Accountability, effectiveness and openness of the regulatory players involved with the Internet governance is equally important as their respect for fundamental human rights of the UK citizens.
All government and quasi government agencies should be accountable to the public. Therefore, accountability should apply equally to the IWF, the Home Office, and the DTI. No decisions should be taken without proper public consultation and an open and transparent environment should be established for regulatory initiatives in the field of Internet regulation rather than important policies being developed behind closed doors in secrecy. The public has a right to know from the very early stages of a policy making process. So far, both the DTI and the IWF have failed their duties and managed to provide as little information as possible on why certain policies are preferred without the need for public consultation. Apart from being accountable and open, the government and quasi government agencies should be competent in the field of Internet regulation in both technical and socio-legal sense so as to provide the public with effective solutions.
Principles of Good Regulation
Better Regulation Task Force of the Cabinet Office’s (OPS) Better Regulation Unit published the Principles of Good Regulation in January 1998. The Better Regulation Task Force is an independent advisory group and was appointed by the Chancellor of the Duchy of Lancaster in September 1997 to advise Government on action which improves the effectiveness of government regulation by ensuring that it is necessary, fair and affordable, and simple to understand and administer.
The Better Regulation Task Force decided to use the Principles of Good Regulation as a "template - a critic’s guide if you like - for judging the quality of government regulations" in the course of their work years. They hoped others would find it useful, and Cyber-Rights & Cyber-Liberties (UK) indeed found it very useful in the context of an important issue - Internet Regulation.
The Task Force defines regulation " as any government measure or intervention which controls the behaviour of individuals or groups. Government regulation can both promote the rights and liberties of citizens, and restrict the behaviour of citizens" and according to the Task Force "whilst recognising such philosophic differences, governments should be satisfied that regulations are necessary, fair, effective, balanced, and enjoy a broad degree of public confidence."
Therefore the Principles of Good Regulation include the following criteria for regulators: transparency, accountability, targeting, consistency, and proportionality. The Task Force believes that many objectives can be achieved without recourse to state regulation through voluntary self-regulation and through the establishment of code of practices in general but the Task Force also subjects regulatory initiatives to a test. Cyber-Rights & Cyber-Liberties (UK) now will apply this test to Internet regulation by the UK government including the non-governmental Internet Watch Foundation which acts as a quasi-government body.
Test of Good Regulation for the UK Government
Must have broad public support:
According to the Task Force "the Poll Tax was a significant failure due to lack of public support, but the public’s view can change over time." Cyber-Rights & Cyber-Liberties (UK) has seen no support for the activities of the IWF and the rating systems proposed for Internet content by this body from the public. Government support is not enough to justify the development of these systems without proper public consultation. There is not a general public awareness associated with these issues and the current process is therefore not transparent.
Must be enforceable:
According to the Task Force "whilst regulation might have general public support, it might not be enforceable." Cyber-Rights & Cyber-Liberties (UK) believes that this would be the case with the development of rating systems even if there was public support. The Internet is a global medium regardless of frontiers and there is wide objection to the development of these kind of systems elsewhere, especially in the USA where a great amount of Internet content is created.
Must be easy to understand:
According to the Task Force "everyone knows that they must pay a T.V. licence fee because the legislation is straightforward. However, other regulations can be complex." The development of rating and filtering systems involve complex technical issues and Cyber-Rights & Cyber-Liberties (UK) believes that these issues are not truly understood by the public at large and by the members of the Parliament. There need to be more initiatives to promote the good uses of the Internet rather than creating moral panics about the Internet content.
Must be balanced and avoid impetuous knee-jerk reaction:
According to the Task Force, "Ministers are often under pressure to regulate in response to a short-term public concern. Regulations introduced quickly because of an outcry about dangerous dogs were ill-thought out" and this is also true for the Internet content. A moral panic has been created for the availability of illegal and harmful content on the Internet and public and media pressure would result with inadequate and ineffective regulation.
Must avoid unintended consequences:
Burdensome and ineffective regulation and restrictions on Internet content deemed legal would, however, make Britain, a hostile environment for network development or any other high-tech industry and investment. The introduction of rating and filtering systems would also have an impact on individual rights such as freedom of speech protected by the European Convention on Human Rights. The ECHR will have a direct effect within the English Legal System with the enactment of the Human Rights Bill 1998.
Must balance risk, cost and practical benefit:
According to the Task Force, "it is not practical for regulators to seek to exclude all risk, particularly when the risk is minimal." The current technology for limiting access to some forms of Internet content is defective and limited and the use of these systems would only create a false sense of security for the concerned citizens.
Must reconcile contradictory policy objectives:
The Task Force believes that environmental protection should be taken into account against economic need when taking planning decisions or that food safety should be taken into account against food supply. Therefore, any regulatory action intended to protect a certain group of people, such as children, should not take the form of an unconditional prohibition of using the Internet to distribute content that is freely available to adults in other media.
Must have accountability:
According to the Task Force, "when things go wrong there must be clear but reasonable accountability without resorting to unfair retribution." Therefore, the IWF, a private body with important public functions should be made accountable to public with an accessible, fair and efficient appeals procedure.. It is wrong for the IWF to take important decisions such as the development of rating systems for Internet content without a general public consultation. The alternative is to give more thought into the "absorption of all current regulatory bodies into one Communications Regulation Commission with overall responsibility for statutory regulation of broadcasting, telecommunications and the communications infrastructure" as recommended by the House of Commons Select Committee on Culture in their report "The Multi-Media Revolution," published in May 1998.
Must be relevant:
According to the Task Force, "conditions change over time, and some regulations become unnecessary" as in the case of Sunday trading restrictions. The current problems associated to Internet content is minimal and there is no need to create the likes of fortress UK on a global medium. The real amount of the current problems should be carefully assessed and examined before taking any regulatory decisions. Alternatives to current available solutions (such as filtering and rating systems) should be considered.
A Submission by Cyber-Rights & Cyber-Liberties (UK) to House of Lords Select Committee on the European Union by Sub-Committee B (Energy, Industry and Transport) on e-Commerce: Policy Development and Co-ordination in the European Union
(1) Cyber-Rights & Cyber-Liberties (UK) (http://www.cyber-righs.org), which was founded in January 1997 with the aim of promoting free speech and privacy in regard to the Internet, welcomes the opportunity to make a written submission to the House of Lords Select Committee on the European Union by Sub-Committee B (Energy, Industry and Transport) on its inquiry into e-Commerce: Policy Development and Co-ordination in the European Union.
(2) We addressed issues relating to the first question of the Select Committee, namely, What needs to be done to create confidence and to stimulate ecommerce?, in a written submission made to the HC Trade and Industry Select Committee on Electronic Commerce Inquiry during last year. The board members of Cyber-Rights & Cyber-Liberties (UK) also gave oral evidence in relation to that inquiry. We pointed out that national government access to encryption keys would undermine and hold back both the development of e-commerce and would be harmful to individual rights of privacy and free speech. The development of the Internet requires the instillation of trust in Internet users and affirmation that their expectation of privacy in correspondence is legitimate. But it seems to be the government which has no trust and instead seeks to develop intrusive surveillance systems. It is also very debatable whether the UK Government’s encryption policy approach is compatible with that of the European Union or with other member states of the European Union.
(3) This submission will concentrate on specific issues which reflect our current research into the protection of individual rights and liberties in the Information Age. Therefore, the submission will deal with the third question of the HL Select Committee, namely, will codes of conduct and co-regulation provide sufficient protection? Is there a case for intervention by national governments and the EU?
(4) Internet content regulation, with an emphasis on the existence of sexually explicit content, remains one of the greatest concerns for governments, supranational bodies and international organisations. The 1990s witnessed the proliferation of the Internet and the current concerns by the regulators mainly concentrate on the existence of illegal content such as child pornography over the Internet, and the access of (mainly) sexually explicit content over the Internet by children. The September 1999 email@example.com, the Cabinet Office report stated that "there are worries about the content of the Internet," and according to the report this remains as one of the major issues that "lead to lack of confidence for the development of e-commerce within the UK."
(5) Therefore, this submission will address this issue in relation to Internet content regulation with specific reference to the availability of illegal and harmful content and the self-regulatory (or co-regulatory) approach that has been adopted by the UK government as the issue is relevant to the overall purpose of the inquiry of this House of Lords Select Committee.
(6) The self-regulatory model that has been adopted and supported by the UK Government is the Internet Watch Foundation scheme ("IWF") - <http://www.internetwatch.org.uk>. This model and the activities of this UK organisation is also supported at the European Union level by the European Commission.
(7) Cyber-Rights & Cyber-Liberties (UK) has been monitoring the activities of the IWF since its inception in September 1996. So far, we have produced two critical reports in relation to the activities of the IWF, namely, Who Watches the Watchmen: Internet Content Rating Systems, and Privatised Censorship, (November 1997); and Who Watches the Watchmen: Part II - Accountability & Effective Self-Regulation in the Information Age, (September 1998).
(8) We believe fundamental principles should be observed when decisions are taken by government and other quasi-regulatory bodies relating to public matters especially if the IWF scheme will be part of the self-regulatory (or co-regulatory) approach that has been adopted and supported by the UK Government. Therefore, it is important to consider the good governance/regulation principles in relation to regulators and quasi regulators based upon the Nolan Committee principles on good standards in public life and the Cabinet Office Regulatory Impact Unit’s principles of good regulation.
(9) In general principles for a good regulatory action should:
be based on clearly defined policy objectives and should be easy to understand,
be the minimum necessary to meet those objectives,
further enhance legal certainty in a dynamic market,
aim to be technologically neutral,
have broad public support,
be enforceable, and transparent
be balanced and avoid impetuous knee-jerk reaction
avoid unintended consequences
balance risk, cost and practical benefit
reconcile contradictory policy objectives
(10) However, we have not witnessed these principles being adequately observed by the Internet Watch Foundation since its inception, even though it remains a "private organisation" with important public duties; namely, (a) acting as a hotline for reporting Internet content deemed to be illegal, and (b) as a policy setting body in relation to the availability of Internet content which may be considered as harmful or offensive but not illegal. Transparency, openness and more importantly "accountability" are important features of a healthy society. Without "accountability", the IWF will never become a transparent policy-making organisation. Therefore, if this is the way forward for the future of "Internet content regulation", then the mechanics of this system should observe the above principles.
(11) Furthermore, procedures can only be properly designed within a legal context which take due account of individual rights and liberties (especially freedom of expression within this context). Such procedures are a matter of legitimate public interest, especially to Internet users. It should not be forgotten that the European Convention on Human Rights is now part of the UK legislation through the enactment of the Human Rights Act 1998. As the European Court of Human Rights stated "... freedom of expression constitutes one of the essential foundations of a democratic society, one of the basic conditions for its progress." The result of the incorporation should be "the beginning of the strong development of a human rights culture in this country," rather than the development of a privatised cyber-censorship culture.
(12) In January 2000, the IWF announced that it will try to apply its self-regulation (hotline and illegal content activity) approach to racism on the Internet. Removal of objectionable though legal content from the Internet without due process would certainly amount to censorship and this may be the case in relation to hate speech on the Internet. Although it is an offence to use threatening, abusive or insulting words or behaviour intended or likely to stir up racial hatred under Part III of the Public Order Act 1986, (section 18) or to publish such materials, by written materials, in theatre plays, by video or in a cable broadcast (sections 19 to 22) or to possess such materials (section 23), "No proceedings for an offence under this Part may be instituted in England and Wales except by or with the consent of the Attorney General" according to section 27(1). So, it is very much doubtful whether the IWF should be in a position to make these judgments without due process. Privatised policing organisations are not acceptable bodies to judge the suitability or illegality of Internet content and there is a serious risk that hotline operators will act as "self-appointed judges" and that the hotlines will "violate due process concepts that are also enshrined in international, regional, and national guarantees around the world."
(13) If the UK is to become the best place for e-commerce, it should also offer the best protection for individual rights and liberties. If bodies like the IWF are to exist, then they must more clearly be subjected to standards of constitutionality and good government. They must also have greater regard to legal standards, especially those standards which serve to protect liberty. Furthermore, any co-ordinated policy initiative at a supranational level (e.g. the European Union or within the Council of Europe in relation to the adoption of the draft Convention on Cyber-crime), or at an international level (e.g. within the OECD) should also offer the best protection for individual rights and liberties.
A Further Open Letter to the House of Lords from Cyber-Rights and Cyber-Liberties (UK) concerning The Regulation of Invetigatory Powers Bill, 29 June, 2000
3. A Proportionate and Effective Response?
We recognise and support the need to counter criminal use of the Internet. Moreover, we also recognise that in countering such use it may sometimes be necessary to infringe the rights of honest Internet users in order to secure the prosecution and conviction of guilty parties.
But in considering such action we believe that it is necessary to apply the following tests to any proposals that are made:
1) That they provide clear net benefit for society. That is, the benefits are clear and are achievable by the measures proposed, with a detrimental impact on the rights of honest citizens that is as small as possible and one that is widely accepted as tolerable in the light of the gains secured.
2) That the measures proposed discriminate effectively between criminals and honest, law abiding citizens. Therefore, they should be balanced and should not, in an impetuous desire to counter crime, expose all honest Internet users to the risks of key seizure.
3) That of all the options available they are the best in the sense that they are the most effective in countering criminals while having the least impact on honest citizens and the lowest costs for taxpayers and businesses.
4) They should be based on clearly defined policy objectives which citizens understand and which command widespread public support.
5) They should be enforceable, transparent, and accountable.
It is our considered opinion that the powers for key seizure and Internet interception in this legislation fail every one of these tests and also fail the Cabinet Office Regulatory Impact Unit’s principles of good regulation.
Firstly, the Government has not shown these powers to be either necessary or effective in countering criminal misuse of the Internet. Most experts agree that they will not be effective against serious criminals. Moreover, other countries such as Germany (a partner of the UK within the European Union) have considered and rejected such measures as (a) unnecessary, (b) ineffective, and (c) detrimental to the safety, security and privacy of honest citizens and businesses who make use of the Internet.
Secondly, these measures are indiscriminate and make no distinction between the keys and information owned by criminals and those owned by honest citizens. They are technically ineffective and easy to circumvent from a criminal perspective and yet create potential risks for honest citizens and businesses that are more than sufficient to undermine confidence in Internet use in the UK.
Lastly, and most importantly, they represent a poor choice in terms of value for money for UK taxpayers and industry when compared with other ways of countering criminal misuse. The costs of the technical measures needed to provide for key seizure and Internet interception are subject to fierce debate but very few experts put these below £30m per annum. If the UK were to spend as little as one third of this sum, it would be possible to recruit more than 100 experts to support UK law enforcement authorities in the pursuit of criminals, paedophiles and others who misuse the Internet.
In our view such an approach would be much less costly and infinitely more effective in countering criminal misuse than any of the measures embodied within the proposed legislation for this purpose. The Government’s proposals are technically naive and cannot succeed against serious criminals who will find the measures easy to circumvent. In contrast a substantial body of expert technical assistance in support of UK law enforcement authorities would provide a major deterrent for Internet crime and hence a sound basis for the development of confidence in the safety and security of the Internet, a confidence which is vital if electronic commerce is to develop in the way that the Government desires.
We remain convinced that there are far more effective ways of countering criminal misuse of the Internet.
We conclude that the RIP Bill is seriously deficient in that it contains provisions that will undermine important rights that exist to protect the innocent without having the intended impact on criminals.
The measures are indiscriminate and not effectively targeted at criminals with the result that they undermine the confidence of honest Internet users in the safety, security and privacy that they will obtain when they use the Internet.
These proposals are also an ineffective investment of taxpayer’s money when compared with alternative ways of countering criminals that will be less costly and much more effective.
We hence urge the House of Lords to reject this legislation and to seek major changes in the Government strategy for countering criminal misuse of the Internet.
Even with the proposed changes, we conclude that the RIP Bill remains seriously deficient.
GAK powers remain intact and the new clauses have not changed the inadequate commitment to the protection of seized keys in any way. This means that the personal and business keys on which the safety and security of the Internet depend are still at serious potential risk. This in turn will continue to undermine confidence in the UK as an Internet and e-commerce friendly country.
We see nothing in the Government’s amendments that changes our fundamental objection to the introduction of GAK powers for which the Government has failed to provide any sound justification. In our view the GAK powers in this Bill are seriously flawed and should be rejected by the House of Lords. It simply makes no sense to seriously curtail the rights of all honest personal and business users of the Internet while achieving nothing of significant value in the fight against criminal misuse.
Lords Hansard text for 28 Jun 2000 (200628-13)
All noble Lords concerned with the Bill know that a great deal of briefing has been submitted. One piece sent from the Cyber-Rights and Cyber-Liberties Group (UK) caught my eye because it summed up very well the thinking that lies behind these amendments. The group sets out five hurdles that should be cleared before the powers are used.
First, that the action will provide a
"clear net benefit for society. That is, the benefits are clear and are achievable by the measures proposed, without a detrimental impact on the rights of honest citizens ... and one that is widely accepted as tolerable in the light of the gains secured".
"That the measures proposed discriminate effectively between criminals and honest, law-abiding citizens. Therefore, they should be balanced and should not, in an impetuous desire to counter crime, expose all honest Internet users to ... risks".
"That of all the options available they are the best in the sense that they are the most effective in countering criminals".
"They should be based on clearly defined policy objectives which citizens understand and which command widespread public support".
"They should be enforceable, transparent and accountable".
Those principles could easily apply to other parts of the Bill, but I believe that they apply particularly well to Clause 30. In essence these amendments are an exercise in wing-clipping. It is intended that the Minister should respond wherever he feels that those wings should not be clipped. I beg to move.