Graham Smith is of counsel at Bird & Bird LLP, based in London. He is one of the UK’s leading cyberlaw experts, with a practice encompassing advisory and contentious work in the internet, IT and intellectual property fields. 

In this edition of the Spotlight Series, Graham discusses the evolution of Internet Law, the Online Harms proposal and remedying ills of the Internet, with a perpetrator-first approach.

1. The 5th edition of your book, Internet Law & Regulation (Sweet & Maxwell, 2019), was recently published, covering a myriad of recent developments in relation to the GDPR, the Investigatory Powers Act 2016 and online intermediary liability. What have been some of the most significant technological developments since the 1st edition, which was published in 1996?

Back in 1996 the opening chapter of the book (‘Overview of the Internet’) was devoted to describing the internet for a non-technical readership, and indeed for traditional IT specialists who were familiar with programming languages and databases but had not grown up with internet and web protocols. 

At that time, explanations of the internet tended to focus heavily on the tools that were then available to use it. The O’Reilly Whole Internet User’s Guide and Catalog (Ed Krol, 2nd ed 1994) allotted a whole chapter to each of telnet, ftp, e-mail, Usenet news, Archie, directory services (including whois), gopher and WAIS. Eventually it reached Chapter 13, the World Wide Web: “the newest information service to arrive on the Internet”.

Whilst fine for general education, this approach would not do for a legal textbook. We had to lay the ground for a discussion of how the law might apply to activities on the internet. Certainly we had to tackle TCP, IP addressing and HTML and, yes, internet e-mail and Usenet. But it was equally important to explain what the various internet players did, enabled by the technology. 

So (with at least half an eye on distinctions that would be crucial for rights such as copyright), we adopted a functional taxonomy of legally significant activities. We separated storage from transmission; we explained pipes, hosting, caching, routing, search, navigation, and others. We described the domain name system. We even tried to avoid using the term Internet Service Provider, on the grounds that it tended to obscure the range of significantly different (from a legal perspective) roles that lay behind the name. 

Perhaps counter-intuitively in the light of the speed of technological advance, of all the chapters in the book the Overview of the Internet has changed least since 1996. But perhaps that is not so surprising. The structure of the chapter distilled the functional and technical fundamentals of the internet, neither of which have changed. We have hung more and more baubles (such as the progression from text to audio, images, video and live streaming) on the tree, while the trunk and branches have proved to be resilient.

That said, we have occasionally had to add new branches. Mobile appeared in the 2002 3rd edition, along with the first suggestions of broadband to the home. An unlamented loss by this time was the so-called Information Superhighway, a piece of deadwood pruned as a political artefact that had never actually existed.

The first major technical addition, peer to peer networking, came in the 2007 4th edition.  The advent of Napster, Grokster and the rest was revolutionary. By this time we were also signalling the arrival of VoIP, instant messaging, streaming audio and video, and B2C ecommerce not only for digital products also for physical goods. 

By the time of the current 5th edition, 12 years later, OTT apps – real time calls and messaging – had first mimicked, then expanded on, network services previously provided by telcos. Content Delivery Networks have appeared. End-to- end encryption is provided by messaging platforms, rather than limited to standalone user software. Tor has made an entrance. And we changed from Internet to internet.

Social media has, in its way, brought us full circle. In 1996 the internet was a radical departure from monolithic messaging and discussion forum platforms such as Prodigy, AOL and CompuServe. 

It ushered in a distributed world of individual websites hosted by many different providers and e-mail transmitted across unpredictable routes. The growth of a relatively small number of  blogging, messaging and social media platforms can be seen as, in part, a reversion to those pre-internet days — albeit one involving a glossy superstructure erected on top of the internet rather than a replacement for it. 

That has, in this latest edition of the book, prompted a change to the opening of the first chapter. No longer ‘What is the Internet?’, but ‘The internet – digging beneath the surface’.

2. Has anything remained relatively the same? 

The technology fundamentals have not changed. 

The internet works in much the same way as it did in 1996, at least according to the definition that we adopted at that time of publicly available networks glued together by the suite of internet protocols. 

The policy and legal issues that we identified at the outset are also largely the same today. In 1997 we said:

“Governments around the globe have been engaged in a more or less constant debate over content laws, liability of Internet service providers, encryption, digital signatures, competition issues, taxation and many other Internet-related topics. It is to be hoped that the Internet will survive the attentions being lavished upon it.”

20 years later, all these issues (with the possible exception of digital signatures) are at the centre of mainstream debate and the resilience of the internet is being tested as never before.

The major newcomer to the legal scene since the last (2007) edition has probably been interception and surveillance issues, following the Snowden revelations in 2013. Data protection has also assumed greater prominence than it did in 1996. But that is not unique to the internet.

3. The government recently appointed Ofcom as the online harms regulator – how do you see the legal landscape developing in this area? And how effective do you think an online harms regulator would be?

We should separate prediction (what is likely to happen) from aspiration (what one hopes might happen). 

As matters currently stand, the government seems set to continue down the path of imposing a statutory duty (inaccurately labelled a duty of care) in respect of online harm on a wide variety of online intermediaries, ranging from social media platforms to online retailers with customer review sections. 

The government still appears determined to leave the concept of harm undefined (subject to a few specific exclusions).  The statutory duty would be interpreted (in effect, defined) and enforced by a broadcast-style independent regulator, equipped with wide-ranging discretion. The government has said that it is minded to appoint Ofcom as the regulator.

The many problems with the Online Harms proposal — not least, handing to the regulator the de facto power to decide what kind of online speech by individuals amounts to harm — have been well rehearsed. 

They are aptly illustrated by the question posed: “how effective do you think an online harms regulator would be?” Effective in achieving what? 

The pat answer is “in reducing harm”. But harm is undefined and, in the context of speech, subjective. If the regulator were to achieve a veto for the most easily offended user, is that being “effective”? 

Or is that a regulatory failure to respect freedom of speech? If effectiveness cannot sensibly be assessed against an objectively ascertainable baseline, that suggests a fundamental flaw in the plan.

The underlying assumption that the perceived ills of the internet are best addressed by press-ganging online platforms into an online sheriff’s posse, pledged to the cause of rooting out harm, is also problematic. 

In 1999 the eCommerce Directive foresaw the danger that the state might seek to co-opt online gateways and convert them into information gatekeepers. It enacted Article 15 – the prohibition on imposing a general monitoring obligation – for just that reason. 

Article 15 is the stent that keeps the arteries of the internet open.  We constrict them at our peril.

4. In your opinion, what do you think an alternative approach could be?

A ‘law of everything’ approach to individual speech, founded on discretionary regulatory power, is anathema – not least in its challenge to rule of law principles of clarity and certainty. 

The Online Harms White Paper is a compendium of largely unrelated ills that the government considered should be addressed. It would be preferable to take each issue separately and consider, in each case, whether any kind of legislative action is required – if so, aimed at the first instance at the perpetrators of the activity. 

If there is a problem with enforcing existing laws, then there should be a focus on finding practical, scalable ways of obtaining access to justice for online wrongs. 

For some kinds of seriously anti-social online behaviour, one approach could be to make use of procedures for ‘online ASBOs’. These are already available, but the potential for their use against the most egregious disturbers of the online peace has been largely ignored. 

Even the Home Office made no mention of online behaviour in the last (August 2019) revision of its statutory guidance. ASBOs (now called IPNAs) have controversial aspects, but at least have the merit of being targeted against perpetrators and subject to prior due process in court. Thought could be given to extending their availability to some voluntary organisations concerned with victims of online misbehaviour. 

5. The UK left the EU this year on 31st January 2020. If any, what parts of the EU framework do you envisage the UK keeping in its infrastructure for digital rights?

Who would make any predictions right now? Not me.