Is there any future for the protection of web hosting services liability in the current counter-terrorism era?

By Julie Martinez, LL.M. Candidate, Dickson Poon School of Law, King's College London

*Disclaimer: this is the author's LL.M. dissertation topic
**Note this is from an earlier publication on 3 March 2017

The future of Web Hosting Services (“WHSs”) legal protection has the potential to become darker in the terrorism era. The political willingness to make Internet Intermediaries more responsible in the fight against terrorism challenges Freedom of Expression protection online and may certainly lead to private censorship, raising as well the question of the privatization of public enforcement.

As the UNESCO recognizes it, the Internet provides an unprecedented volume of resources for information and knowledge while opening up new opportunities for Freedom of Expression and Information[i]. This is within this idea that the net neutrality theory, coined by Colombia University Professor Tim Wu[ii] in 2003, has been developed, ensuring that Internet Intermediaries as well as governments regulating the Internet should protect the development of, and treat contents flowing on, the Internet by preventing them to discriminate different users, mode of communications or contents. Indeed, if the Internet has been economically so successful, this is especially because, in its deeper essence, it is defined as a space of Freedoms and equal rights. 

To promote this intellectual and economic dynamic, the European Union has adopted in the 2000s the directive no. 2000/31/EC (the “E-Commerce Directive"), reducing the liability of some Internet Intermediaries for hosting illegal contents of third parties.

The Alleged Liability of Internet Intermediaries for Hosting Third Party’s Harmful Expression or Acts

The E-Commerce Directive regulates Internet Intermediaries liability in the European Union. Internet Intermediaries play a crucial role in the development of the Internet. They perform technical tasks between the sending of data and the final receipt of information. Most of them are therefore often limited to a strictly passive technical role. Their role only consists of the transmission of information and since it is quite impossible for them to have knowledge of all illegal activities and information that transit on their online platforms, public policies chose to lighten the responsibility of Internet Service Providers ("ISPs") and WHSs at the minimum: the E-commerce Directive offered ISPs and WHSs an alleged liability which works like an immunity. This alleged liability can only last until they receive knowledge of the illegal conduct of the third party and when notified, they then have to expeditiously remove the offending information they have been alerted of.

In the particular case of terrorism, this means that they cannot be held responsible for apology of terrorism or incitement to terrorism messages published on their platforms unless they have been alerted; this confirms the necessary requirement to install an option for users to report abuses. It is this alleged liability provision that causes many disputes focusing on the qualification of technical service providers’ activities.

This becomes even more complicated as articles 12 to 15 of the E-Commerce Directive make a distinction between mere conduitcatching and hosting, and thus did not serve for counter-terrorism at all. These vague terms were mainly implemented to fit ISPs, catching activities, WHSs and publishers (with no immunity for publishers since services they perform go beyond the passive technical role to transmit data). The border between WHSs and publishers is therefore one of the most important one to define, since the latter knows no immunity, whereas the former benefits from it.

The Development of Terrorist Contents Online: A Decisive Factor

After Copyright disputes, the development of the Internet as a tool for terrorists has raised new issues related to the responsibility of Internet intermediaries. “Terrorists use the Internet just like everybody else” as Richard Clarke said[iii]. Current terrorism has developed itself online like it has never before and is being used as a core tool for propaganda, organization and preparation of terrorist acts. There has been an exponential mutation in the communication and the recruiting of jihadists, Internet being a core part of this change. Daesh, for instance, has developed its own decentralized communication channels spread through three diverse vectors: (1) their official websites, (2) forums and media organs, and (3) social networks[iv]. Social networks play an increasing role in the contact of pre-radicalized individuals by communicating and sharing content. For example, the video of Amedy Coulibaly claiming responsibility for the attack in Montrouge (France, 2015) was shared more than 3 million times via Facebook e-mail addresses. This use of the Internet, as a tool for terrorist purposes, strengthens the idea that Internet Intermediaries, especially WHSs, need to play a stronger role in the regulation of terrorist content.

To fight this new situation, there has been a political movement to counter terrorism online. Several Member States, like France and the UK[v], have passed legislations to make ISPs and WHSs cooperate when a terrorist illegal content is found online by the Administration. In the same movement, the European Parliament also approved a provisional agreement last February regarding a new directive (the “Terrorism Directive”)[vi], which allows Member States to develop new obligations falling on WHSs and ISPs in the fight against terrorism.

Parallel to this growing political willingness to ask for more and more cooperation from the Internet Intermediaries in the fight against terrorism (some politicians and scholars would even like them to be proactive in the search for terrorist content from third parties[vii]), we witness a progressive judiciary movement to shrink WHSs immunity by redefining WHSs activities[viii].

Cumulating both movements, and after 20 years of what could be considered as a “golden age” for Internet Intermediaries, is the settlement of Internet Intermediaries liability still accurate today? What is the future of WHSs protection?

I.                    The Intrinsic Turning Point: the Shift in the Internet Intermediaries Liability

Intrinsically, both the rationale behind the Directive’s enactment and the development of new Internet Intermediaries, question the accuracy of the liability framework as it had been settled in 2000 by the E-Commerce Directive. The gradual shrinking of the WHSs immunity’s sphere by court decisions intrinsically questions the future of their protection as well.

A.       The Shift in the E-Commerce Directive’s Rationale and the Development of New Internet Intermediaries

The digital technology, as it allows the exchange of information between the individuals all around the world, must be protected as a place of expression without however, becoming a non-right zone. It was due to this concern that, as discussed previously, the E-Commerce Directive laid down the principles of limited liability for WHSs. The rationale behind it was to promote the free development of communications, which has a huge economic value. Almost twenty years later, the growing mass of online content and new usages of web 2.0 have overthrown this established legal framework without clarifying the new role of the WHSs. The development of new Internet services has raised huge questions regarding their status: content publishers or simple WHSs? This distinction seems nowadays inadequate. The Internet as it existed at the time when the E-Commerce Directive was enacted did not know the development of services we know today. For example, the development of social networks raises such an issue of qualification since they are nowadays used for terrorist propaganda. Many platforms no longer simply store online content: they organize them by indexing or making personalized recommendations to Internet users, while continuing to take advantage of the status of WHSs.

B.       The Gradual Shrinking of the Immunity Sphere by Court Decisions

European courts are gradually shrinking WHSs’ immunity sphere by moving the shapes of their activities and excluding some factual situations from the protected category of WHSs. WHSs are businesses that provide the services needed for websites to be viewed in the Internet by hosting them and acting as passive technical services by benefitting from the alleged liability as provided by Article 14 of the Directive. 

In 2015, the Grand Chamber of the European Court of Human Rights (“ECtHR”) in the controversial Delfi AS v. Estonia case[ix] ruled on the liability of an online news portal regarding the offensive comments posted by readers below an article that had been published. Although the online news portal prohibited the filing of comments with illegal content, commentators could not amend or delete them after they had been posted on the portal: only the portal had the technical means to do so. For the Court, the role played by Delfi exceeded that of a passive provider of purely technical services.
This considerably reduced the hosting protection as it was originally envisaged in the E-Commerce Directive: while the publisher posts content, active intermediaries like Delfi normally have no direct control over the individual who drops the message. Moreover, the individuals commenting usually are not the publisher’s employees and, as in most cases, their identity is not known to the publisher itself. Thus, the level of knowledge and control differs significantly[x]. Finally, the obligation to remove abusive comments without actual knowledge of their existence and immediately after their publication presupposes that the intermediary is required to exercise a general obligation to monitor information... which the E-Commerce Directive totally excludes[xi].

Even if controversial, this case follows the current political willingness to strengthen the responsibility of the WHSs in the counter-terrorism context.

II.                  The Extrinsic Turning Point: the Current Necessity to Fight Against Terrorism Online

The future of hosting protection is also currently issued by the necessity of several European countries to fight against terrorist content online.

A.      New Obligations Falling on WHSs

Like several other European Member States, France and the UK have enacted new Acts to help countering terrorism online. WHSs’ obligations to cooperate with authorities have intensively increased. The injunctions against them have substantially changed their liability, since they can now be sanctioned to high penalties and, in some cases, even incur a prison term if they do not comply. Since both Loi sur le Renseignement (Intelligence Act) in France (2015) and the Investigatory Powers Act (2016) in the UK, WHSs have had the obligation to obtain and retain metadata up to a year (i.e., communications data) about users, which includes browsing histories. Then, they should communicate the data to the relevant authorities as soon as they are requested to. They also must delete content which is found to be illegal (e.g., incitement to terrorism) within 24 hours from the moment they receive an administrative injunction to do so. Should WHSs refuse to remove this content, Administrations require ISPs to block its access without warning.

B.      A Growing Willingness To Make WHSs Even More Proactive

Should WHSs even be proactive in the search of terrorist content, should they scrutinize their interfaces[xii]? This is a highly challenging issue raised nowadays, as the visit of Bernard Cazeneuve to the United States asking Internet giants for help in fighting online terrorism propaganda showed[xiii]. Facebook and Twitter’s representatives clearly explained they want to do everything to block materials inciting violence, but did not expressly endorsed the political wish for their direct cooperation with French authorities. Some politicians would indeed like to rely on recital (48) of the E-Commerce Directive to justify why WHSs should go further: “This Directive does not affect the possibility for Member States of requiring service providers, who host information provided by recipients of their service, to apply duties of care, which can reasonably be expected from them (…) in order to detect and prevent certain types of illegal activities”. The willingness to make WHSs proactive considerably challenges the online protection of Freedom of Expression and raises the question of privatization of public enforcement.

It is now the responsibility for European policy-maker to find an appropriate balance in order to both safeguard the Internet as a place of freedoms but also to prevent it from falling into darkness.

[i]               See http://www.unesco.org/new/en/communication-and-information/freedom-of-expression/freedom-of-expression-on-the-Internet/.

[ii]             Tim Wu (2003), "Network Neutrality, Broadband Discrimination", in Journal on telecom and high tech law. (Retrieved 23.04.2014).

[iii]            White House cyber security chief during the tenures of both Bill Clinton and George W. Bush.

[iv]            As Philippe Chadrys exposed it. He is the current assistant director in charge of counter-terrorism at the French Central Directorate of the Judicial Police, which responsible for investigating and fighting serious crime.

[v]             See the French “Loi sur le renseignement” (2015), and the recent Investigatory Powers Act (2016) in the UK.

[vi]            European Parliament legislative resolution of 16 February 2017 on the proposal for a directive of the European Parliament and of the Council on combating terrorism and replacing Council Framework Decision 2002/475/JHA on combating terrorism (COM(2015)0625 – C8-0386/2015 – 2015/0281(COD)) (Ordinary legislative procedure: first reading).

[vii]           See Bernard Cazeneuve French Prime Minister’s work trip to the USA to ask GAFAM to cooperate more with authorities, after Paris 2015 attacks. See as well, "Confronting the Internet’s dark side, moral and social responsibility on the free highway", Raphael-Cohen Almagor, Woodrow Wilson Center Press with Cambridge University Press, 2015.

[viii]            See below the Delfi judgement (Delfi AS v. Estonia, application no. 64569/09 - 16.06.2015), in which the European Court of Human Rights held a new site liable for the comments of Internet users.

[ix]            Delfi AS v. Estonia (European Court of Human Rights, application no. 64569/09, 16.06.2015).

[x]             http://www.village-justice.com/articles/CourEDH-tient-site-actualites,20211.html.

[xi]             See "Article 15 - No general obligation to monitor: 1. Member States shall not impose a general obligation on providers, when providing the services covered by Articles 12, 13 and 14, to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity".

[xii]           See Confronting the Internet’s dark side, moral and social responsibility on the free highway, by Raphael-Cohen Almagor, in which the author takes the point of view that Internet Intermediaries should take at least social responsibility to delete such content.

[xiii]           http://www.france24.com/en/20150221-france-Internet-google-twitter-facebook-fight-terrorism-extremism-propaganda-cazeneuve.