Australian Computer Society

to: Select Committee on Community Standards Relevant to the Supply of Services Utilising Electronic Technologies

Submission on the Regulation of Bulletin Board Systems

Attachment 4: Information carrier guidelines

Draft 30 March 1995

Introduction

The purpose of these guidelines is to enumerate what is considered "best practice" for the conduct of information carriers, and what protections the online community believes should be accorded to information carriers. The guidelines have been kept general on purpose, so as not to interfere with the operational procedures of individual information carriers. It is not intended that information carriers be forced to comply with the letter of these guidelines.

Some information carriers prefer to operate their systems as "tin gods" as it were, where they are beholden to no one except themselves. They do not establish any formal complaints or acceptable use procedures, preferring to deal with problems as they arise in a manner which is determined on the spot with few, if any, appeal procedures. User communities do not in general like such administration styles, but it is a valid style seen within online communities.

Other information carriers are more "community-aware", establishing formal procedures and informational documents to inform their users of acceptable behaviour and termination conditions. Depending on the information carrier, a user may either sign a contract at connection time to agree to these conditions, or they may implicitly agree to the conditions by being a staff or student member at an institution or commercial organisation.

To reflect these differing views on system administration, these guidelines provide two levels: basic and community-aware. The basic guidelines give information carriers great lattitude in choosing their administration style, but still provide the necessary protections for circumstances outside of their control. The community-aware guidelines add what is considered "best practice" for the conduct of an information carrier that wishes to be responsive to user concerns. The protections for this level are no stronger or weaker than for the basic level.

Definition of Information Carrier

The term "Information Carrier" refers to any organisation which provides access to information over telecommunications services. The information that is accessible may have originated from one of the following sources:

Information provided directly by the carrier itself.
Information provided by one of the carrier's users.
Information provided by another Information Carrier and which is accessible through the first carrier's system.
Information provided by a user of another Information Carrier and which is accessible through the first carrier's system.

The technology used to provide the information is immaterial: modem, ISDN, FAX, voice, etc, are all valid methods. Examples of Information Carriers include Internet sites, bulletin boards, and commercial information providers such as CompuServe.

The term was derived from "Common Carrier", which is used within the telephone and postal industries. Some attempts have been made in the past to argue that Internet sites and bulletin boards are also common carriers, but there is a general misunderstanding of what a common carrier is.

Common carriers have certain government-imposed obligations to provide service in a universal, non-discriminatory, private, reliable, and timely manner. There are strict rules regarding termination of service, limited mainly to non-payment. As a result of upholding these obligations, common carriers receive freedom from prosecution for the communications that are handled. This enables them to perform their duties without being sued every time a communicant uses the carrier's services to commit a crime, harrass another party, or commit slander or libel. It is the communicant that is held liable for the communication.

The common carrier obligations are, at present, extremely difficult for Information Carriers to uphold due to technical limitations, finiteness of resources, and threats to system integrity. Confusion has arisen because debate has focused mainly on the freedom from prosecution which common carriers enjoy, while not considering the obligations that are necessary to acheive this.

It is argued that Information Carriers need similar protections, or they cannot perform their duties effectively. The purpose of these guidelines is to provide alternatives to the common carrier obligations which are compatible with the technology and compatible with the political environment of information networks such as the Internet.

The Guidelines

This section lists the guidelines for the conduct of Information Carriers. They are very general in nature to permit a range of business practices as seen in the Internet and bulletin board communities. Information Carriers are encouraged to add clauses to these guidelines for local variations.

The guidelines themselves are tempered by certain technical realities. Finiteness of resources dictates that a single carrier cannot provide universal access to every member of the public. Some carriers may wish to restrict access to certain groups; for example, the staff of an organisation, the members of a special interest group, etc. Technical limitations and unforseen circumstances may make reliable and timely delivery of information difficult.

Some hardware and software exists to assist people with disabilities, but technical considerations may still make it difficult for every Information Carrier to provide access to such users. Where an Information Carrier sees some difficulty in providing access, reasons should be given, and if appropriate, suggestions of other Information Carriers that may be able to help.

Definitions

The following terms are used in the sections that follow:

Information Carrier: As defined earlier; abbreviated as "carrier".
User: An individual or organisation which obtains access directly from the Information Carrier.
Access: The facilities provided by the Information Carrier which enable a user to obtain information from the carrier or elsewhere, and which enable the user to inject new information into the carrier's system or the network to which the carrier is connected.
Minor: A child of less than 18 years of age.
Editorial Control: The information over which the Information Carrier exercises direct control in a proactive fashion. This usually does NOT include information injected by the carrier's users or which is provided by remote carriers or remote users.

Obligations - Basic Level

An Information Carrier shall:

Respect the privacy of users and not divulge private information to a third party without a proper court-authorised warrant.
Respect any Copyright that is prevailing on messages and files stored on the carrier's system or in user directories. In particular, unless there is some prior arrangment, a user's messages are implicitly Copyright'ed by them even if no Copyright notice is attached.
Provide the best available facilities for users to individually block information which they find offensive.
Take reasonable precautions to protect the carrier's system from unauthorised intrusions.
Inform users of any monitoring of activities that is performed.

Discretionary Powers - Basic Level

An Information Carrier has the discretion to:

Terminate the access of a user at any time for any reason.
Remove any information from the carrier's system at any time for any reason.
Decide the appropriate action to take when presented with a complaint about a user's behaviour, including taking no action.

Although the first two points may sound harsh, sometimes information carriers feel they need this level of discretion. "I own this system and I will do what I want with it" is one justification. In some cases, a carrier could be sued by outside agents if they do not terminate the access of a user or remove objectional material. On the other hand, they could be sued by the user if they do terminate the access or remove objectional material. This no-win situation must be resolved, and so some carriers prefer the above level of discretion even though they exercise it very rarely.

Unlike the telephone system, competition at the local level is fierce in the information carrier industry. If a user is ejected from one carrier's system, there are plenty of others that they can turn to. This is not expected to change within the near future. It is possible that a small group of information carriers may dominate in the medium to distant future, but they are likely to adhere to the "community-aware" level of information carrier and so the above tough discretionary powers will not be a problem.

Obligations - Community-Aware Level

In addition to the basic obligations, an Information Carrier shall:

Establish an acceptable use policy and make users aware of it.
Establish a list of what information is covered by the carrier's editorial control policy, and explicitly disclaim responsibility for whatever remains.
Provide advice to parents and guardians about what those in their care may have access to and how to effectively supervise that access.
Respond to complaints about a user's behaviour in a timely manner.

Discretionary Powers - Community-Aware Level

An Information Carrier has the discretion to:

Terminate the access of a user who contravenes the acceptable use policy, and after fair warning has been given.
Remove information after the fact which is within the editorial control of the carrier or which was posted by one of the carrier's users, and which is inappropriate, contravenes the acceptable use policy, or contravenes laws on obscenity in the jurisdiction in which the Information Carrier is physically located.
Decide the appropriate action to take when presented with a complaint about a user's behaviour, including taking no action.

Protections - Both Levels

Unless there is substantial evidence of conspiracy, it is unreasonable to hold an Information Carrier responsible for:

Information available either directly or indirectly on the Information Carrier's system, yet outside of the editorial control imposed by the carrier.
Information available either directly or indirectly on the carrier's system, which is legal in the jurisdiction in which the carrier resides, yet is illegal in another jurisdiction from which the carrier may be accessable.
Information made available by another carrier or another carrier's users which is legal in the remote jurisdiction, yet is illegal in the first carrier's jurisdiction and accessible indirectly through the first carrier's system.
Information about which the Information Carrier is not currently aware.

The protections include a special category on accesses by minors. It is unreasonable to hold an Information Carrier responsible for access to "adult" information by a minor if:

There are no reasonable facilities available to limit access based upon age.
The Information Carrier does not have an accurate age indication, or is not aware that false age information has been supplied.
An undertaking has been obtained that parents or teachers will carry out supervision duties and will not hold the carrier responsible for failure of that supervision.

Note that information carriers that monitor activities should not be automatically assumed to be exercising editorial control over users' activities. Such monitoring is usually performed for security reasons, not for editorial control reasons. It is also impossible for an information carrier to monitor everything that occurs on their system all the time. Assuming editorial control would place a restrictive burden on the carrier.

What these guidelines should and should not be used for

These guidelines are NOT to be used as a basis for licensing. It is important that any individual be able to set up their own information carrier at any time without needing to first get permission from a regulatory body. This is a valuable source of the fierce competition mentioned above. Licensing carriers would be tantamount to licensing the use of modems and communications software or licensing individual freedom of expression. Such moves are not popular with the online community and would result in a backlash against any government that attempted to introduce such licensing.

Any system which comes within the bounds of the definition of information carrier given earlier should automatically be assumed to be covered by the specified protections, even if no formal compliance notice has been given. This is to prevent nuisance suits against systems that are not yet aware of these guidelines, and to provide a minimum level of protection for those individuals who may not agree with other aspects of these guidelines.

These guidelines are intended to send a clear message to the law enforcement and legal communities as to where their efforts are best focused. It should be assumed that editorial control over a user's actions does NOT exist unless explicit evidence has been produced to the contrary. This includes users who are employed by the information carrier, who may hold views which do not necessarily agree with corporate policy.

The efforts of the aforementioned communities should be focused on the user's actions, and only widened in focus when further evidence comes to light. This is especially relevant for slander and libel cases. The tendancy in these cases in the past has been to automatically take the information carrier to court even when no editorial control exists.

Many attorneys and their clients know that they can get more money out of an information carrier than out of the user who actually slandered or libelled the client. The information carrier community wants to put a stop to this unethical behaviour. Most information carriers do not have the resources necessary to fight the legal battles to prove that they are not responsible for a user's actions. Back downs and out of court settlements establish the wrong precedents, and frighten the online community with their implications.

The online community also seeks to limit information carriers becoming scapegoats in any future police action against online crime. The efforts of police should be narrowly focused to catch the real perpetrators. Many information carriers will be happy to assist police, if indeed their efforts are narrowly focused, and if a proper warrant is produced.

Note that the purpose of these guidelines is not to get immunity from prosecution for information carriers. If an information carrier does exercise editorial control over the contentious information, they should be taken to court. But this should be determined BEFORE charges are laid or cases are brought, to limit the damage that is currently being done to innocents' lives and pockets.