16:48 Thursday 20th June 2002 Reuters

Software piracy monitors at Business Software Alliance asked Finnish Internet service provider Jippii Group last November to remove a customer's Web site that allegedly helped others to scam bootlegged software.

Jippii repeatedly denied BSA requests to take down the site, maintaining it would protect its customer until the anti-piracy group could conclusively prove that the site was distributing serial numbers required to crack popular business software programs.

But, Jippii's defiant stance was short-lived. A Finnish judge, after a brief hearing, ordered the Internet Service Provider (ISP) to shut down the site.

The Jippii case reflects the changing tide of ISP liability. New laws and court rulings now require ISPs to take a more active role in policing the way customers use its network and the material stored on its server.

Traditionally, ISPs had been regarded as "passive conduits," a legal term that in most countries meant they could not be held accountable for customers' online activities, just as the telephone company could not be compelled to turn in callers who plotted a bank heist over the phone system.

New US, European laws
But new legislation, including the European Parliament's directive on privacy in electronic communications and the Digital Millennium Copyright Act (DMCA) in the United States, is compelling ISPs to cooperate more fully with authorities in their legal investigations.

In more and more cases, industry groups, with the help of law enforcement authorities, are succeeding in getting ISPs to take down sites that violate laws regarding privacy, security, speech and standards of decency.

Earlier this month, the Motion Picture Association, the international arm of the Motion Picture Association of America, forced a Dutch ISP to shut down Film88.com, a Web site that advertised the download of copyright-protected first-run films for $1 apiece.

Other ISPs have vowed to fight for their clients. Virginia-based ProHosters last month opposed repeated requests by the Federal Bureau of Investigation to remove from its network the controversial video of slain Wall Street Journal reporter Daniel Pearl, which was posted on Dutch Web site Ogrish.com, a ProHosters customer.

At first, Ogrish.com and Prohosters complied, taking down the four-minute video showing Pearl's decapitation. But the two outlets quickly changed their mind and put the video back online.

In a statement on its site, ProHosters president and chief executive Theodore Hickman Jr, defended the company's decision to reinstate the video, arguing that the public's right to view the footage outweighed any question of bad taste.

This is just the latest example of how ISPs are not entirely comfortable with the role of content editor, even enforcer, fearing a heavy-handed approach could alienate customers and drain resources.

"We should be likened to a phone business," Jippii chief executive Harri Johannesdahl says. "We just cannot figure out who is doing what at all times."

Legal experts predict the heightened accountability means ISPs could also face more lawsuits in the future, those extended to downtime or slow service, security breaches on their network, and the publication of defamatory statements.

Putting hackers, pirates on notice
So far, the greatest level of legal compliance activity comes in the area of crackdown on pirates and hackers.

The BSA said in Europe last year it issued 4,400 notice and "takedown" requests, mainly to ISPs suspected of hosting a site trafficking elicit copies of copyrighted software.

Of those, 97 percent of sites were taken down, "which demonstrates the level of cooperation received from ISPs in the region," said Beth Scott, BSA's vice president of Europe.

Cybersecurity specialists at System Administration, Networking and Security Institute (SANS), meanwhile, say they send out thousands of notices daily to ISPs asking them to investigate hack attacks unleashed across their network.

"We have a right to send (notification) on behalf of those being attacked," said Alan Paller, research director at the institute headquartered in Bethesda, Maryland, a suburb outside of Washington, DC.

"It puts the ISP on notice and creates a requirement for the ISP to be a policeman," he said.

Lawmakers are also keen to make ISPs take a more active role in filtering out sites that contain objectionable material. A new Pennsylvania law requires ISPs to block access to child pornography sites for customers who reside in the state.

Despite doubts about the enforceability of the law from a technological and legal standpoint, critics fear it could prompt other legal regimes around the globe to require that ISPs adopt measures to keep its citizens away from outlawed materials on the Net.

Are the laws fair?
Few in the industry are critical of the basic system of notification and takedown currently in place, particularly if it results in a more secure environment for conducting business and communicating with others.

Jippii's Johannesdahl, for one, said he would welcome new laws that clearly state when an ISP is obligated to respond to a perceived violation on a site it controls.

But he said he fears that existing laws are unbalanced, creating an atmosphere where authorities turn to ISPs first, and not the Web site publishers, to get an offending site shut down.

The current wording of the E-Commerce Directive, which has been signed into law by three of 15 European Union member nations, is what one legal expert described as a "shoot-first, ask-questions-later'' approach.

"Because of the way the regulation is worded, an ISP cannot afford to take a considered view," said Lindsey Scutt, intellectual property attorney for British law firm Taylor Joynson Garrett.

"If an ISP wants to protect itself, it will just have to take down a site regardless," she added.

As with all young industry sectors, some in the ISP community are calling for the adoption of a standard code of practice outlining how it should react to protect its customers and itself from mounting legal liabilities.

"If we do that, I don't see a problem in the long run," said Johannesdahl.

Related Links Scientologists force closure of ISP's Internet connection AOL not liable for unauthorised e-books ISP finds backing in fight with gaming giant

	Search for similar stories
	Email this story to a friend
	Printer friendly version