[Manila Principles] Manila Principles draft 0.97 released

Jeremy Malcolm jmalcolm at eff.org
Thu Mar 12 15:21:44 PDT 2015 

Thanks for your excellent comments Nicolo.  As we near the home stretch,
it will be VERY helpful if others can also respond with their thoughts
on what you have written.  This also applies to the thoughts others have
recently posted including those of Rishabh a few days ago, and those
that various people have made online at
https://docs.google.com/document/d/1xJ-jjaaSGN7ZQfjuGftgwnWaPeK5JBZeaVA3-oiNAk4/edit#.

My personal responses to your comments follow below inline:

On 11/03/2015 4:11 pm, N. Zingales wrote:
> 1) Principle I.b: “Intermediaries may only be compelled to restrict content [preferably] only by a judicial order issued in a jurisdiction to which the intermediary is subject.
>
> For purposes of this document, I would advise against addressing jurisdiction, since the validity of jurisdiction in international law depends on a series of articulated principles (often involving political/diplomatic considerations) which escape simple treatment.

Thanks, it's a good point that some jurisdictions purport to extend a
longer arm over intermediaries than others do.  I think we're in
agreement on the intention here: that intermediaries are only bound by
what is legally enforceable against them.

> Maybe you just want to focus on the scope of the request of restriction that can be imposed to an intermediary by a court: in that case, I would replace “issued in a jurisdiction to which the intermediary is subject” with “, and only to the extent to which the content restricted is offered within the jurisdiction where the order is issued” (this would prevent cases like court in Canada ordering Google to globally delist a particular result). This is only slightly repeating principle IV.a, from which it could be derived, but it would still make sense to make this specification, if jurisdiction were to be mentioned at all.

That works for me, though it is a bit verbose (unavoidably, probably). 
Another option would be to skirt the issue and just end the sentence at
"judicial order", and acknowledge the issue of jurisdiction in the
background paper.  Interested in others' views on that.

> On the issue of PREFERABLY (judicial order): I think it makes sense to allow for some exceptions, for example in case of actual knowledge of obviously illegal activity (for example, in case of child pornography, hate speech or even simply privacy-infringing material where a notice is received and it is obvious both that the claim is well-founded, and that defenses are not applicable). But I understand that this interpretation may be controversial, otherwise people would not criticize so much the existence of a “right to be forgotten” in principle (that is, letting aside the huge problem of implementation and the lack of criteria set out by the Court) for search engines.

Yes.  Ultimately we have to make a call on this.  It may come down to a
show of hands in Manila.

> 2) Principle I.d: "In the absence of a judicial order, liability of intermediaries is limited to an obligation on those who host content to pass on notices”.  
> Here I would only like to note that the existence of liability for content hosts in case of failure to pass on notices (that’s how I read it) would seem to be in contrast with principle II.c

It's not necessarily inconsistent, because although I.d authorises the
government to require hosts to pass on notices, it doesn't require them
to do so.  And the latest revision of II.c (unlike in the previous
revision) says only that intermediaries MAY rather than SHALL forward
notices, which leaves it ambiguous about whether they have a completely
free choice about whether to do so or not.  Obviously this would depend
on whether the government required them to do so, per I.d.

I propose that we clear this up by making changing paragraph I.d
(merging it with the proposed I.b) to say "In the absence of a judicial
order, intermediaries must not be required to substantive evaluate the
legality of third-party content nor be made liable for content that is
unlawful".  The following paragraph deals with lawful content and strict
liability, and doesn't need to change.

Then IIc. could be amended to "Intermediaries who host content may be
required by law to forward compliant requests for content restriction
received from complainants, and content restriction orders received by
governments, to the content provider".  This would not limit them from
voluntarily forwarding notices in the absence of a legal mandate, but we
don't need to spell that out.

> 3) Principle I.f and I.g: here I would simply replace “have no obligation to” with “should not”, which is a bit stronger.

Sure, someone else made a similar suggestion in Google Doc edits.

> 4) Principle I.h: "Intermediaries have no obligation to maintain the ability to de- anonymize users or identify past user activities, such as by logging information necessary for such purposes as part of an intermediary liability regime” .
> Here I would honestly suggest rephrasing (and shortening): it took me a bit to understand what it means (“maintain the ability” as opposed to when? Perhaps it would be better simply “deanonimize” or just leave “identify”?). More importantly, I would suggest that this principle is problematic because it makes it virtually impossible to catch any crime committed online, absent a prior conservation order.  I understand that this might be controversial too (and I am all in favor for very limited and due process-respecting data retention obligations), but I am skeptical that we can have an effective protection of rights without any data retention. So I would personally not set this as a principle, and focus instead on the procedural protections (e.g. intermediaries should only disclose user identity or give data upon judicial order”) for (I think inevitable) data retention obligations .

I am in not against deleting this paragraph; it is somewhat out of
scope.  This has been raised before.  What do others think?  I'm marking
it with square brackets for now.

> 5) Principle II.v: replace “support” with “prove”

The reason for not saying that is that we don't want the intermediary to
have to make a legal determination.  Better to keep it as "support",
which was the result of a previous compromise in response to someone
else's comment.

> 6) “ Intermediaries who host content may forward compliant requests for content restriction received from complainants, and must forward content restriction orders received by governments, to the content provider”. 
> Here I am not sure why we are differentiating between private and governmental requests: if what we want to promote is a notice & notice system, isn’t notice required in both cases?

See above, this is covered in the language I'm suggesting.

>  7) Principle III.a: replace “emergency situations” with “exceptional circumstances”.  Emergency situations in law is used as a term of art to refer to cases for really extraordinary cases (such as war, natural disasters or other serious threats to the life of a nation) where the traditional guarantees are suspended and thus derogations to the application of certain human rights (or specific constitutional rights) is admitted.   These situations are usually declared by the executive, and must be notified to other States.  Is it really what you mean? In contrast, “exceptional circumstances” refers to less dramatic situations that can be defined by law in advance, for example for cases of obvious privacy infringement, defamation or hate speech mentioned above in my comment n. 1.

Thanks for the information.  Does anyone disagree with this?

> 8)  Principle III.f: remove “at a rate provided by law” (or replace it with more specific terms). Frankly, I am not sure that the law can set in advance the exact rate to be paid in all types of circumstances. It is usually preferable to have some defining criteria (for example, a specific formula for F/RAND terms) and leave the exact characterization to judges,

It is square-bracketed anyway, so removing it is probably fine depending
on whether others hold strong opinions.

> 9) Principle V.c: “government request issued by government”.  One of the two governments is redundant.

Yes, good catch.

> 10) Principle VI.a: “ Governments and intermediaries must give all those affected, including citizens…”
> Citizens of which country? Consider putting “non-user citizens”, to clarify that this is a concept that goes beyond users.

Also a good point.

-- 
Jeremy Malcolm
Senior Global Policy Analyst
Electronic Frontier Foundation
https://eff.org
jmalcolm at eff.org

Tel: 415.436.9333 ext 161

:: Defending Your Rights in the Digital World ::

Public key: https://www.eff.org/files/2014/10/09/key_jmalcolm.txt
PGP fingerprint: FF13 C2E9 F9C3 DF54 7C4F EAC1 F675 AAE2 D2AB 2220
OTR fingerprint: 26EE FD85 3740 8228 9460 49A8 536F BCD2 536F A5BD

Learn how to encrypt your email with the Email Self Defense guide:
https://emailselfdefense.fsf.org/en


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 244 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/manilaprinciples/attachments/20150312/f5776065/attachment.sig>

More information about the ManilaPrinciples mailing list