UK Internet content regulation

There are now many UK institutions that claim a role in takedowns, domain suspensions and other aspects of Internet regulation.

Organisations regulating the UK Internet

This is a list of organisations that regulate Internet content in the UK, along with preliminary information about their governance, transparency, accountability and oversight arrangements.

Crime

CTIRU: produces a single statistic of takedown requests. Appears to lack any formal oversight of their takedown requests and refuses any transparency relating to their work, applying FoI exemptions to everything they do. CTIRU also make requests for domain suspensions to Nominet, again without supervision.

National Police Chiefs’ Council: has a role co-ordinating counter-terrorism police work, including that of CTIRU. The NPCC is not subject to the FoI Act although it does respond to requests.

Home Office: administering CTIRU’s list of websites to block across the public estate, with no oversight of the list or where or why it is applied. No oversight of any potential monitoring or information flow relating to persons making visits to sites on the list. No oversight of relationships with vendors within the programme.

National Crime Agency: does some takedowns, entirely exempt from FoI. Unclear what if any oversight takedown or suspension requests require.

IWF: a private company and charity, lacking FoI obligations but acknowledging they act as a state authority when blocking child abuse material. Unclear what their current presentation of block pages is, and whether this is any help for victims, people thinking about breaking the law or correcting errors.

CPS Prosecutes cases, on basis that can be unclear, despite guidelines.

General

Nominet: a private company, subject to DEA 2010 clauses that allow the government to disempower it in the event of it failing to meet public objectives. Not subject to FoI in relation to these public objectives. Transparent in general terms, but recently reduced transparency about its governance. No transparency surrounding the 16,000 domains suspended via PIPCU and others, except in numerical terms. No longer transparent in terms of governance.

Ofcom: subject to high levels of transparency and accountability, but as of yet no clear policy or accountability around Net Neutrality complaints and violations.

Consumer protection

PIPCU: subject to FoI, have been very co-operative in this regard. No formal oversight of their takedown work. Removing over 13,000 domains annually via Nominet. These are mostly related to trade mark violations, fake goods and fraud.[1]

National Fraud Intelligence Bureau: makes domain suspension requests to Nominet. No formal oversight of these requests.

Veterinary Medicines Directorate of DEFRA: makes domain suspension requests to Nominet. No formal oversight of these requests.

Metropolitan Police Fraud and Linked Crime Online (FALCON): makes domain suspension requests to Nominet. No formal oversight of these requests.

Medicines and Healthcare Products Regulatory Agency (MHRA): makes domain suspension requests to Nominet. No formal oversight of these requests.

National Trading Standards: a private company not subject to FoI or external oversight, which co-ordinates local trading standards’ work. Makes domain suspension requests to Nominet.[2]

Gambling Commission: regulates gambling for the UK, and requires non-UK hosted internet gambling to hold a license, which includes an obligation for age verification.

Intellectual property

IPO: the IPO supports PIPCU’s work and has a role in their governance, as well as having a role in wider IP enforcement. Unclear if e-Commerce advice and policy development for IP takedowns are their remit, or a question for another body.

Court order blocks: these delegate responsibility for identification of duplicate sites for blocking to various private organisations with copyright or trade mark claims, such as the BPI or MPA. No oversight of transparency of the lists of blocked URLs (other than ORG’s detection tools[3]). No transparency over their role in error correction on block pages. Confusing block pages at ISPs.

FACT: FACT, the Federation Against Copyright Theft, have issued domain seizure requests to registrars and redirected domains to a redirect page.

Child protection

ISP Soft blocking: lacking any legal requirements for user choice, error correction or visibility of what is blocked. Probably in violation of net neutrality laws barring ISPs from interfering with Internet traffic.

BBFC: a private company, with statutory duties in different legislation. Acquires new duties for blocking under DEA 2017. Generally reasonably transparent, but not subject to FoI. Provides limited accountability for specific mobile operators’ website blocks, and publishes reasons for decisions about specific complaints.

UK Council for Child Internet Safety: responsible for industry co-ordination, but often tasked with patching up problems generated by government-pushed policy, such as Internet filters. Transparent and subject to FoI, as a government initiative; but unclear in its accountability as its measures generally count as industry self-regulation.

UK Safer Internet Centre

Internet Matters: an industry-led initiative to educate parents in matters of child protection, but also provides advice to website operators about getting sites unblocked.

Legal frameworks

The Open Internet Regulation requires blocking by ISPs to take place within a legal framework, or not at all. Any blocking powers have to be compliant with the Charter of Fundamental Rights which implies that they should be transparent, independently supervised and open to challenge. Rights such as notification should normally be in place.

This may implicate Trade Mark blocking in the Cartier case, as the legal framework is unclear; IWF blocking, which is outside of any legal duty; and ISP filters, which attempt legal cover in the Digital Economy Act 2017, but whose provisions seem incompatible with the regulation.

The DEA 2017 also provides powers for administrative blocking of pornographic websites, where those sites do not implement Age Verification technologies. Questions around necessity and proportionality of using a censorship power to punish websites with legal content may arise. There is likely to be pressure for the number of websites blocked to grow, with increasingly laxer oversight.

The E-Commerce Directive has vague rules for takedowns, requiring them to take place when a service provider or publisher has actual knowledge of a problem. This places the publishers in a very unclear position when they receive any notification, with the safest course of action being to remove any requests they receive. This is leading to problems of patent trolling by Epson at eBay.

Although not yet in force, the next EU Consumer Protection Cooperation Regulation provides a framework for domain seizures, which specifies that consumer regulators should take possession of domains rather than remove them as currently takes place. This would allow transparency, warnings for people who had been defrauded, and opportunities for evidence collection from people who had been affected.

As with website blocking under the Open Internet Regulation, the new regulation spells out that any domain seizures must take place within a legal framework that is compatible with the Charter of Fundamental Rights. It is questionable whether administrative blocking really is compatible with Charter obligations.

Technical standards

Transparency standards

Implications for DNSSEC security standards

See also

References

  1. Suspended .UK Domains Double in a Year, InfoSecurity Magazine 16 November 2017
  2. Annual Report 2016-17, National Trading Standards, page 46
  3. Legal blocks blocked.org.uk