Europe’s two largest internet network infrastructure organizations have warned lawmakers not to lump the core network in with online platforms and apps when it comes to content regulations.
In response to the European Union’s Digital Services Act (DSA) public consultation, the Regional Internet Registry for Europe (RIPE) and Council of European National Top-Level Domain Registries (CENTR), have sent a joint letter arguing that “although the Internet is often perceived as a single technology, it comprises many different components at many different layers that each have a role to play in its functioning.”
RIPE represents the Internet Protocol (IP) address industry in Europe and CENTR the domain name industry.
The DSA is largely focused on content regulation, particularly how to limit illegal and damaging content. The goal is to update legislation made over 20 years ago to deal with the modern realities of dominating platforms like Facebook and Google, in much the same way that the US is looking at new laws around Section 230 of the Communications Decency Act as a way to get those platforms to take greater responsibility for the content that they host.
But despite many ordinary internet users often confusing Facebook or Google with the internet itself, RIPE and CENTR are keen to stress that it doesn’t go the other way. The actual core infrastructure of the internet is agnostic when it comes to content, they stress, and is designed to simply connect computers.
“We urge the European Commission to make a clear distinction between the Internet’s core infrastructure and the source of those threats - namely, the applications and content that run on top of that infrastructure - and to protect the Internet’s core infrastructure and operations from the potential for abuse as an unintended consequence of content regulation,” the response reads.
There have been countless efforts in the past few decades to get internet infrastructure companies to take on more of the burden of controlling infringing or illegal content on the internet.
But that’s the wrong path to go down, warns the industry. “Without a clear understanding and protection of the Internet’s public core in place, it will be far too easy to try to address illegal content by striking at the core infrastructure, including Internet routing and the Internet Protocol (IP) and DNS layers, rather than targeting the specific applications and content running on top of this infrastructure,” the orgs warn.
“While it can be easier to block IP addresses and domain names than it is to block specific content, the collateral damage that is likely to result from this ‘sledgehammer’ approach has the potential to affect large segments of the Internet that had every right to continue functioning normally.”
European Commission: Full-scale probe launched into data-slurping potential of Google's $2.1bn Fitbit buyREAD MORE
RIPE’s head of public policy Marco Hogewoning said in a separate statement: “Our goal is to ensure that well-intentioned policies to protect users don’t unintentionally disrupt the Internet’s technical operations.
Besides the potential for notice-and-takedowns to be abused by bad actors, any intervention at the level of naming and addressing will almost certainly result in collateral damage. So, we need to make sure that actions taken that affect the core of the Internet are only used under very strict and limited conditions and that there are protections against any malicious behaviour.”
The most common example of this has been seizing control of internet addresses - domain names - on top of which websites containing infringing or illegal content has been hosted. This “can be very disruptive to the normal functioning of the internet,” warns the response, “and should be a last resort.”
They also warn against the proposed inclusion of a “Good Samaritan clause” that would protect providers who act in good faith to voluntarily and proactively take action against illegal material - similar to America’s Section 230 - arguing that it could “end up resulting in a perfect storm, whereby the Digital Services Act would simply make it too easy to abuse the process to take action against online intermediaries.”
It gives an example: “What would stop a bad actor from sending millions of automated notice-and-takedowns to a competitor as a kind of DDoS attack if there is no cost to her in requesting action against ambiguously defined ‘harmful’ content, and yet the receiver is obligated to take action under very strict deadlines or face major penalties?
“Or from hiding behind the Good Samaritan clause and pretending to act in good faith in order to remove content for her own nefarious reasons? To keep this from happening, there must be a balance of liability between those removing content or requesting content be removed, and those receiving the requests for action.”
RIPE and CENTR also ask for “clear definitions” or things like “harmful content” and “dis/misinformation” so it is possible to create clear policies “in determining whether to respond to takedown notices, including clear guidelines on when different service providers can and should take action.”
And they argued that “a higher burden of proof should be required for any action that would affect the core infrastructure or operations, as well as some measure of shared liability or another deterrent against malicious motivations.”
On a larger level, one of the biggest problems, the two orgs argue is that “there is a lot of ambiguity” in current European law about how the services provided by internet infrastructure companies are seen: are DNS delivery , or routing, of internet exchange points the same as other intermediaries like Google providing search results or Facebook hosting user content? They argue yes, and note, somewhat pointedly, ask that the core network “be protected from political intervention.”
The good news is that RIPE and CENTR feel they have a solution: a definition of what is the internet core network and core services should be developed and then that “public core” be looked at as a separate and different group when writing new rules and laws.
How not to make a decision
The bad news is that they propose using the “multistakeholder model” where everyone that is impacted by decisions gets a say in the final solution. That model has been used and promoted by the internet infrastructure and governance worlds for some time - as opposed to government-led or industry-led approaches - but it has proved notoriously slow and difficult and, arguably, its main success is that it stops anyone from changing the status quo because no one can ever agree on what changes need to be made.
The European Commission (EC) has long experience of the most high-profile examples of the multistakeholder approach within DNS overseer ICANN and within the Internet Governance Forum (IGF) and it’s fair to say it has often expressed frustration bordering on loathing for the approach.
Nevertheless, RIPE and CENTR argue that “only through this multistakeholder approach - which has served the development of the open, innovative Internet so effectively since its conception - will the European Commission be able to table legislation that will continue to best serve the needs of Internet operators and users.” ®