[Manila Principles] Manila Principles draft 0.97 released

[N. Zingales]

Dear Jeremy and all,

congratulations once again for the work put together, which I think can become a useful reference for future legislators, policy-makers and perhaps even judges. My apologies for having failed to give any comment on these principles, so far I had only managed to intervene in the extended background paper. But, well, better earlier than never!  Here my two cents:

1) Principle I.b: “Intermediaries may only be compelled to restrict content [preferably] only by a judicial order issued in a jurisdiction to which the intermediary is subject.

For purposes of this document, I would advise against addressing jurisdiction, since the validity of jurisdiction in international law depends on a series of articulated principles (often involving political/diplomatic considerations) which escape simple treatment. If you really want to establish a bright line rule to avoid any extraterritorial reach, I would place emphasis here on factors other than the mere existence of jurisdiction in and of itself (which is often met by showing the existence of an “effect” in the country in question).  For example, one could opt to choose as a criterion where the intermediary has its establishment or its main (or any) activity, or where it commits serious violations of fundamental rights or important public policies of a State… I am afraid that without specifying this (but which of these criteria?), the principle would result in a very divergent approach across different countries, and thus it would not bring much clarity. 

Maybe you just want to focus on the scope of the request of restriction that can be imposed to an intermediary by a court: in that case, I would replace “issued in a jurisdiction to which the intermediary is subject” with “, and only to the extent to which the content restricted is offered within the jurisdiction where the order is issued” (this would prevent cases like court in Canada ordering Google to globally delist a particular result). This is only slightly repeating principle IV.a, from which it could be derived, but it would still make sense to make this specification, if jurisdiction were to be mentioned at all.

On the issue of PREFERABLY (judicial order): I think it makes sense to allow for some exceptions, for example in case of actual knowledge of obviously illegal activity (for example, in case of child pornography, hate speech or even simply privacy-infringing material where a notice is received and it is obvious both that the claim is well-founded, and that defenses are not applicable). But I understand that this interpretation may be controversial, otherwise people would not criticize so much the existence of a “right to be forgotten” in principle (that is, letting aside the huge problem of implementation and the lack of criteria set out by the Court) for search engines. 

2) Principle I.d: "In the absence of a judicial order, liability of intermediaries is limited to an obligation on those who host content to pass on notices”.  
Here I would only like to note that the existence of liability for content hosts in case of failure to pass on notices (that’s how I read it) would seem to be in contrast with principle II.c

3) Principle I.f and I.g: here I would simply replace “have no obligation to” with “should not”, which is a bit stronger.


4) Principle I.h: "Intermediaries have no obligation to maintain the ability to de- anonymize users or identify past user activities, such as by logging information necessary for such purposes as part of an intermediary liability regime” .
Here I would honestly suggest rephrasing (and shortening): it took me a bit to understand what it means (“maintain the ability” as opposed to when? Perhaps it would be better simply “deanonimize” or just leave “identify”?). More importantly, I would suggest that this principle is problematic because it makes it virtually impossible to catch any crime committed online, absent a prior conservation order.  I understand that this might be controversial too (and I am all in favor for very limited and due process-respecting data retention obligations), but I am skeptical that we can have an effective protection of rights without any data retention. So I would personally not set this as a principle, and focus instead on the procedural protections (e.g. intermediaries should only disclose user identity or give data upon judicial order”) for (I think inevitable) data retention obligations .

5) Principle II.v: replace “support” with “prove”

6) “ Intermediaries who host content may forward compliant requests for content restriction received from complainants, and must forward content restriction orders received by governments, to the content provider”. 
Here I am not sure why we are differentiating between private and governmental requests: if what we want to promote is a notice & notice system, isn’t notice required in both cases?

 7) Principle III.a: replace “emergency situations” with “exceptional circumstances”.  Emergency situations in law is used as a term of art to refer to cases for really extraordinary cases (such as war, natural disasters or other serious threats to the life of a nation) where the traditional guarantees are suspended and thus derogations to the application of certain human rights (or specific constitutional rights) is admitted.   These situations are usually declared by the executive, and must be notified to other States.  Is it really what you mean? In contrast, “exceptional circumstances” refers to less dramatic situations that can be defined by law in advance, for example for cases of obvious privacy infringement, defamation or hate speech mentioned above in my comment n. 1.

8)  Principle III.f: remove “at a rate provided by law” (or replace it with more specific terms). Frankly, I am not sure that the law can set in advance the exact rate to be paid in all types of circumstances. It is usually preferable to have some defining criteria (for example, a specific formula for F/RAND terms) and leave the exact characterization to judges, which can evaluate the various circumstances that the intermediary and the defendant can bring to its attention for a fair determination. For an illustration about how hard it can be to find acceptable solutions at the legislative/regulatory level, see the protracted fight in the UK between ISPs and copyright holders on the cost-splitting  for the implementation of the Digital Economy Act, proving the near impossibility of finding consensus.

9) Principle V.c: “government request issued by government”.  One of the two governments is redundant.

10) Principle VI.a: “ Governments and intermediaries must give all those affected, including citizens…”
Citizens of which country? Consider putting “non-user citizens”, to clarify that this is a concept that goes beyond users.

Hope this is of some use to you.
Best regards,

Nicolo


--

________________________________________
From: ManilaPrinciples [manilaprinciples-bounces+n.zingales=uvt.nl at eff.org] on behalf of Jeremy Malcolm [jmalcolm at eff.org]
Sent: Monday, March 09, 2015 7:57 PM
To: manilaprinciples
Subject: [Manila Principles] Manila Principles draft 0.97 released

The attached version 0.97 of the Manila Principles, taking into account comments made over the last few weeks, takes us a step closer to the version that we will approve in Manila.  Most of the areas of difference have crystallised very clearly by now.  There are a few points where further discussion is still needed, which are worth highlighting:

1. There continues to be disagreement about whether only a judicial order can justify the restriction of content by an intermediary.  In the latest draft, we remain committed to a judicial order only - but one option for compromise (the word "preferably") is given in square brackets, and further discussion is invited.

2. We still need to come up with a better term than "content provider" to refer to users who upload content.

3. Principle II(c) says "Intermediaries who host content may forward compliant requests for content restriction received from complainants ... to the content provider".  It was correctly pointed out that this can lead to abuse - although we do also say later that "Governments may sanction content restriction requests that are issued with no reasonable legal justification or basis" and we also say that "Intermediaries should be allowed to charge private party complainants on a cost recovery basis for the time and expense associated with processing their
content restriction requests", and it is suggested in the latest draft that we add "at a rate provided by law". Are these sufficient safeguards?  Or do we need more?  We don't however want to place intermediaries in the
position of judges who have to make a legal determination that a content restriction request is prima facie valid - both because of the burden that this places on them, and also because they are not qualified and could make dubious judgments or come under pressure to do so.

You can also find an online version of the 0.97 draft at https://docs.google.com/document/d/1xJ-jjaaSGN7ZQfjuGftgwnWaPeK5JBZeaVA3-oiNAk4/edit#heading=h.2s8eyo1 (but unlike the attached version, it doesn't show the amendments since version 0.96).

--
Jeremy Malcolm
Senior Global Policy Analyst
Electronic Frontier Foundation
https://eff.org
jmalcolm at eff.org<mailto:jmalcolm at eff.org>

Tel: 415.436.9333 ext 161

:: Defending Your Rights in the Digital World ::

Public key: https://www.eff.org/files/2014/10/09/key_jmalcolm.txt
PGP fingerprint: FF13 C2E9 F9C3 DF54 7C4F EAC1 F675 AAE2 D2AB 2220
OTR fingerprint: 26EE FD85 3740 8228 9460 49A8 536F BCD2 536F A5BD

Learn how to encrypt your email with the Email Self Defense guide:
https://emailselfdefense.fsf.org/en