Meet the regulators

Unless it finds a way to control itself, the internet could be overwhelmed by oppressive laws. Bill

There is a myth that the internet is an anarchy, with no regulation, no rules and no law. But the world behind our computer screens doesn't live outside the legal framework, immune from legislative control. Norwich Union found this out in 1997, when it paid out £450,000 in damages to Western Provident after libellous comments about the competitor were posted on an internal Norwich Union mailing list.

Demon Internet settled out of court, rather than face a judge in the libel case brought over messages placed in newsgroups by Lawrence Godfrey. And the owners of the Sealand data haven, located on an abandoned military fortress three miles off the Suffolk coast, are unlikely to find themselves exempt from Jack Straw's Regulation of Investigatory Powers Bill when it comes into force in October. The internet is firmly in the real world, at least as far as the legal system is concerned.

In fact, the internet has always been heavily regulated and controlled. On a technical level, it has to be regulated; the network protocols and standards that make it possible to connect 50 million computers together have to be stuck to. So organisations such as the Internet Society, the Internet Engineering Task Force (IETF) and the Internet Assigned Numbers Authority have always wielded great power.

But because internet users - especially the technically minded who made up the vast majority of the net population until about five years ago - realised that there had to be clear standards, this was never a contentious issue. The relevant bodies were as open as they could be, to the point where anyone who wanted to was invited to turn up at IETF meetings or join standards working groups. The sense that the net was of the geeks, built by the geeks and for the geeks permeated every aspect of its technical development.

When the internet was an academic/government network, only those who had a legitimate interest could join: commercial activity was prohibited. There seemed little need for legal restraint. That is no longer the case.

The net has become the driving force behind a radical realignment of global capitalism, and it underpins a shift in the way society functions. The ways we work, shop, find entertainment, meet lovers and stay in touch with family and friends are all being changed. Finding a way to exert the same sort of control over what happens online as we expect to have over what happens in our homes, offices or public spaces has become a priority for lawmakers and internet users alike.

Most internet users today are not skilled systems administrators, but people who see the net as a computer-mediated extension to their daily lives. They expect it to be reasonably safe, reasonably predictable and reasonably well policed. At the moment, it is none of those things.

E-mail accounts are randomly swamped with invitations to get rich quick or visit pornographic websites. Viruses propagate unchecked and damage hard disks and reputations. Credit card numbers are manufactured and used to buy goods and services without the knowledge and consent of their owners. Sexually predatory adults and race-hate groups use the internet freely, and the law- enforcement agencies can't stop them. In an attempt to control this free-for-all, legislators have come up with unworkable, illiberal and damaging legislation such as the Regulation of Investigatory Powers Bill, while ill-informed campaigners such as John Carr of NCH Action for Children ask for the whole net to be sanitised to protect younger users. And in the midst of this chaos sit the regulators.

If we disregard the technical aspects of the internet, which by and large look after themselves, regulation today falls into two main areas. First, there are groups that attempt to control the commercial use of the internet, making sure that the dominant players don't exercise monopoly power. Here, the main UK regulator is Oftel, the telecoms watchdog.

Oftel acquired its internet role more by accident than design. In the early 1990s, the internet service providers (ISPs) such as Demon, Pipex and Easynet bought their network connectivity from telecommunications providers such as BT. The telecoms providers saw the internet as a challenge to their own high-cost private network services business, and were less than helpful; so the ISPs lobbied Oftel to force the telcos to open up their networks to data traffic. Now most big ISPs are also licensed telecoms providers, and Oftel's role is more to do with creating a level playing-field.

Second, there are groups concerned with how the internet is used and the sort of content it carries. Here, the main UK groups are the Internet Service Providers Association (ISPA) and the Internet Watch Foundation (IWF), both non-statutory voluntary organisations trying to ensure that some form of self- regulation is maintained as the net grows. And then there are the police, whose internet skills are now quite advanced.

Both the ISPA and the IWF developed from the internet industry's desire to be self-regulating. The ISPA was formed in 1995 by several of the biggest ISPs to represent their views to the government and Oftel.

The IWF was set up in 1996 by Peter Dawe, the former head of the ISP Pipex, in frustration at the failure of the ISPA to address the issue of removing illegal content from the web. The IWF continues to provide a hotline service for the reporting of child pornography, so that ISPs can be notified of illegal material and remove it from their servers before they are prosecuted. With government support, the IWF is also investigating ways to control legal but objectionable material, a step that many feel crosses the line between the acceptable removal of patently illegal material and a form of censorship.

At a global level, there are a number of separate initiatives. The World Health Organisation has a working group looking at the sale of prescription medicines over the net, and the World Intellectual Property Organisation has set up a mediating body to deal with the increasing number of disputes over domain names. The number of working groups, committees and regulators seems destined to increase as the internet touches more and more areas of our lives.

The desire for effective control of the internet is largely due to the increased economic importance of e-commerce. When the net was just a toy for the few, it didn't really matter who was doing what, but the commercial interests behind online retail and business to business are concerned that an unregulated internet will damage consumer confidence and hence damage sales. So the laws that govern the net are being drafted to reflect the interests of big business, rather than the needs of net users who may value freedom of expression over freedom to shop.

At governmental level, the European Commission has not been afraid to legislate to control the internet. The Data Protection Directive, the Directive on Distance Marketing and the Database Directive all directly address issues of profound importance online, and they are now being written into national law.

The British government talks about taking a soft-touch approach, with measures such as the Electronic Communications Act, which for the first time gave legal weight to digital signatures, or its support for a Europe-wide rating and filtering system (INCORE), which would leave control of content in the hands of end-users, rather than with a regulatory body.

There is a general view - often put forward by the e-minister, Patricia Hewitt - that the legal system should try to make existing law work online before calling for new primary legislation. Obscenity, race hatred, child pornography and defamation laws have all been successfully applied to online material, the argument goes, so there is little need for new law. With the new Data Protection Act in place to control the use and transmission of personal information, all would seem to be well.

This ignores one of the major issues facing the regulation of the net: the ability of data to cross national boundaries with ease. The core question facing the net is a simple one: does the law of the country or region in which the data is stored apply, or should it be the law of the place where it is accessed? In 1994, Robert and Carleen Thomas of Milpitas, California, were successfully prosecuted in Tennessee because their pornographic images, perfectly acceptable under the law in California, where their server was located, were visible in the less "liberal" state.

Under this principle, the editor of the New Statesman could find himself in serious trouble if visiting a country that objected to the content of one of his more trenchant editorials. But the reverse view is equally unacceptable, making it impossible for Germany to prosecute Holocaust denial websites hosted in the US. While different standards of public decency, different definitions of hate-speech and different standards for defamation apply around the world, the regulation of the internet will remain problematic.

This is just one of the many issues facing internet regulators as the digital revolution takes hold. There are no clear guidelines in this new world, and existing regulators seem woefully unequipped to deal with its complexity. We may need to find new ways to control what happens online, or accept that it's fundamentally out of our control.

Bill Thompson has been online since 1986 and has been writing and talking about the internet and its implications for about as long. He writes for Internet Magazine. His book Your Own Chat Room: a guide to chat for 10- to 14-year-olds, will be published this autumn

Where to find them

Each regulatory body has its own website, and this is the best place to find out more about them. Aside from Oftel and the Data Protection Registrar, the statutory basis for these regulators is uncertain, to say the least: the members of the ISPA may enforce terms and conditions in their contracts of service, but these are not legal requirements.

The regulators

Oftel at

Internet Watch Foundation at


DTI at


Data Protection Registrar at

The technical people can be found via the Internet Society at

This article first appeared in the 10 July 2000 issue of the New Statesman, Education, education, profit