jmalcolm's blog

Will Big Content Derail Argentina's New Intermediary Law?

jmalcolm — Tue, 27 Mar 2018 07:00:00 +0000

Will Big Content Derail Argentina's New Intermediary Law?

The Federal Congress of Argentina is currently debating a new law on intermediary liability, which would establish a safe harbor of protection for Internet intermediaries (such as ISPs, social media platforms, and search engines) from liability for content uploaded or transmitted by third parties. For the most part, the law closely follows the recommendations that EFF and over 100 other organizations make in our Manila Principles on Intermediary Liability.

The effect of this law is that ISPs and platforms in Argentina will no longer face the threat of immediate legal liability when a user or other third party creates or shares content that someone else complains about. Why is this important? Because if they do face such liability, the very first thing that a platform is inclined to do when receiving such a complaint is to block or take down that content, and perhaps to suspend or terminate the account of the user who uploaded it. When platforms face liability for user content, it also gives them a legal incentive to closely monitor the behavior of their users online, placing user privacy at risk.

The law proposed in Argentina would fix both of these problems. For the first time, the law specifies (in Article 4) that Internet intermediaries are not liable for third party content, unless they fail to comply with a court order for its blocking or removal. It also specifies (in Article 5) that they are under no duty to proactively monitor content created by third parties, in order to identify or prevent infringements of the law.

But that doesn't mean that intermediaries have no responsibilities at all. Article 6 of the law allows a court to grant a preliminary injunction requiring the removal, blocking, suspension of disabling of access to content until a final determination about the legality of that content can be made. The law also specifies (in Article 7) that intermediaries may create their own self-regulatory mechanisms for removal and blocking of content, or for the suspension of cancellation of services.

We are a little concerned that these latter provisions do not explicitly spell out the protections that we would like to see to guard against the abuse of such takedown, blocking and suspension procedures. For example, the Manila Principles specify that intermediaries need to be transparent about the removal of content and provide the user whose content was removed with a way to have that decision reviewed. This applies even when the content removal is done voluntarily rather than under compulsion of law.

Safe Harbors Under Threat from the Copyright Lobby

The passage of the law isn't yet a done deal, though. It faces a threat from Argentina's copyright lobby, who have been lobbying lawmakers and placing press advertisements to ask for stricter provisions on the removal of copyright content. To explain why, it's useful to consider how Argentina's law would differ from the law in the U.S. In the United States, intermediary liability is dealt with as a provision of two separate laws, which we know as DMCA 512, and Section 230 (or "CDA 230"). The former (section 512 of the Digital Millennium Copyright Act) only relates to liability under copyright law, and the latter (47 U.S.C. § 230) for other grounds of liability, such as defamation, breach of privacy, and so on.

The reason for this split is that copyright owners receive more favorable treatment under U.S. law than other claimants do. In particular, platforms only receive safe harbor protection if they take content down when receiving a DMCA notice in a prescribed form, and that notice doesn't have to be vetted by a judge. As a result, it's extremely common for platforms to receive DMCA notices that are misleading, overreaching, or flat-out wrong, including notices that are intended to suppress political speech rather than as a legitimate complaint of copyright infringement.

Argentina's law, which deals with the liability for both copyright content and other types of content in a unified way, is a different approach. Outside of the voluntary measures allowed by Article 7, it would require a court order before platforms would have to take down content for alleged copyright infringement. Copyright holders aren't happy about that, but it does makes sense. There is nothing inherent in copyright-infringing content that requires it to be treated any differently from other types of unlawful content, and Argentina has not entered into any bilateral agreements with the United States that would require it to adopt a DMCA-style system.

On the contrary, Argentina would be in good company within the region by requiring a judicial assessment of copyright takedown requests. Chile, whose legal system has many similarities with Argentina, tenaciously (and successfully) held out for the recognition of its own judicial copyright takedown system when negotiating the Trans-Pacific Partnership (TPP) with the United States (though in the end the U.S. withdrew from the TPP and that particular provision of the agreement was suspended anyway). Requiring a court order before platforms are required to take down content for copyright infringement is a key recommendation of the Manila Principles, and is just as appropriate for Argentina to adopt as it was for Chile.

Although there are some provisions of the bill that we would have written differently, overall this law will set a positive standard of intermediary liability protection for the region, in which several other countries lack clear laws in this area. Argentina's law on intermediary liability deserves to pass the Federal Congress without being watered down big content lobbying.

Users Around the World Reject Europe's Upload Filtering Proposal

jmalcolm — Thu, 10 Nov 2016 20:53:06 +0000

Users Around the World Reject Europe's Upload Filtering Proposal

Users around the world have been outraged by the European Commission's proposal to require websites to enter into Shadow Regulation agreements with copyright holders concerning the automatic filtering of user-generated content. This proposal, which some are calling RoboCopyright and others Europe's #CensorshipMachine, would require many Internet platforms to integrate content scanning software into their websites to alert copyright holders every time it detected their content being uploaded by a user, without any consideration of the context.

People are right to be mad. This is going to result in the wrongful blocking of non-infringing content, such as the fair use dancing baby video. But that's only the start of it. The European proposal may also require images and text—not just video—to be automatically blocked on copyright grounds. Because automated scanning technologies are unable to evaluate the applicability of copyright exceptions, such as fair use or quotation, this could mean no more image macros, and no more reposting of song lyrics or excerpts from news articles to social media.

Once these scanning technologies are in place, it will also become far easier for repressive regimes around the world to demand that Internet platforms scan and filter content for purposes completely unrelated to copyright enforcement—such as suppressing political dissent or enforcing anti-LGBT laws. Even when used as originally intended, these automated tools are also notoriously ineffective, often catching things they shouldn't, and failing to catch things they intend to. These are among the reasons why this new automatic censorship mechanism would be vulnerable to legal challenge under Europe's Charter of Fundamental Rights, as we explained in our last post on this topic.

A Filtering Mandate Infringes the Manila Principles on Intermediary Liability

Two years ago, well before the current European proposal was placed on the table, EFF and our partners launched the Manila Principles on Intermediary Liability. Despite not being a legal instrument, the Manila Principles have been tremendously influential. It has been endorsed by over 100 other organizations and referenced in international documents, such as reports by United Nations rapporteurs and the Organization for Security and Co-operation in Europe (OSCE), along with the Global Commission on Internet Governance's One Internet report.

According to the Manila Principles (emphasis added):

Intermediaries should be shielded from liability for third-party content

Any rules governing intermediary liability must be provided by laws, which must be precise, clear, and accessible.

Intermediaries should be immune from liability for third-party content in circumstances where they have not been involved in modifying that content.

Intermediaries must not be held liable for failing to restrict lawful content.

Intermediaries must never be made strictly liable for hosting unlawful third-party content, nor should they ever be required to monitor content proactively as part of an intermediary liability regime.

Forcing Internet platforms (i.e., intermediaries) into private deals with copyright holders to automatically scan and filter user content is, effectively, a requirement to proactively monitor user content. Since sanctions would apply to intermediaries who refuse to enter into such deals, this amounts to an abridgment of the safe harbor protections that intermediaries otherwise enjoy under European law. This not only directly contravenes the Manila Principles, but also Europe's own E-Commerce Directive.

The Manila Principles don't ban proactive monitoring obligations for the sake of the Internet intermediaries; the ban is to protect users. When an Internet platform is required to vet user-generated content, it has incentive to do so in the cheapest manner possible, to ensure that its service remains viable. This means relying on error-prone automatic systems that place copyright holders in the position of Chief Censors of the Internet. The proposal also provides no recourse for users in the inevitable cases where automated scanning goes wrong.

That doesn't mean there should be no way to flag copyright-infringing content online. Most popular platforms already have systems in place that allow their users to flag content—for copyright infringement or terms of service or community standards violations. In Europe, the United States, and many other countries, the law also requires platform operators to address infringement notices from copyright owners; even this is the subject of considerable abuse by automated systems. We can expect to see far more abuse when automated copyright bots are also put in charge of vetting the content that users upload.

Europe's mandatory filtering plans would give far too much power to copyright holders and create onerous new barriers for Internet platforms that seek to operate in Europe. The automated upload filters would become magnets for abuse—not only by copyright holders, but also governments and others seeking to inhibit what users create and share online.

If you're in Europe, you can rise up and take action using the write-in tool below, put together by the activists over at OpenMedia. This tool will allow you to send Members of the European Parliament your views on this repressive proposal, in order to help ensure that it never becomes law.

New Tool to Help Notify Users When Their Content is Taken Offline

jmalcolm — Fri, 29 Jul 2016 20:13:19 +0000

New Tool to Help Notify Users When Their Content is Taken Offline

When user content is threatened with removal from the Internet, it's unlikely that anyone is going to put up more of a fight than the user who uploaded it. That's what makes it so critically important that the user is informed whenever an Internet intermediary is asked to remove their content from its platform, or decides to do so on its own account.

Unfortunately this doesn't consistently happen. In the case of content taken down for copyright infringement under the DMCA or its foreign equivalents, the law typically requires the user to be informed. But for content that allegedly infringes other laws (such as defamation, privacy, hate speech, or obscenity laws), or content that isn't alleged to be illegal but merely against the intermediary's terms of service, there is often no requirement that the user be informed, and some intermediaries don't make a practice of doing so.

Another problem is that even when intermediaries do pass on notices about allegedly illegal content to the user who uploaded it, this notice might be inaccurate or incomplete. This led to the situtation in Canada where ISPs were passing on misleading notices from US-based rightsholders, falsely threatening Canadian users with penalties that are not even applicable under Canadian law.

As a result of the failure to accurately inform users about why their content is being targeted for removal, users remain confused about their rights, and may fail to defend themselves against removal requests that are mistaken or abusive. The ultimate result of this is that much legitimate content silently disappears from the Internet.

To help with this, EFF and our Manila Principles partners have this week released a tool to help intermediaries generate more accurate notices to their users, when those users' content is threatened with removal. An alpha release of the tool was previewed at this year's RightsCon (on the first anniversary of the launch of the Manila Principles), and yesterday at the Asia-Pacific Regional Internet Governance Forum it was finally launched in beta.

The tool is simply a Web form that an intermediary can complete, giving basic details of what content was (or might be) removed and why, and what the user can do about it. Submitting the questionnaire will crunch the form data and produce a draft notice that the intermediary can copy, review, and send to the user. (Note that the form itself doesn't send anything automatically, and the form data is not stored for longer than required to generate the draft notice.)

We don't expect that this form will be needed by most large intermediaries, who will have staff to write their own notices to users. Further information to help users restore content taken down for terms of service violations by several of these large platforms, including Facebook, Twitter, and YouTube, is also available on onlinecensorship.org.

But bearing in mind that small businesses and hobbyists can also be intermediaries who host other users' content, this form may provide a useful shortcut for them to generate a draft notice that covers most of the important information that a user needs to know. The form remains in beta, and we welcome your suggestions for improvement!

How the TPP Perpetuates the Mistakes of the DMCA

jmalcolm — Thu, 17 Dec 2015 11:22:02 +0000

How the TPP Perpetuates the Mistakes of the DMCA

The language in the Trans-Pacific Partnership (TPP) on Internet Service Provider (ISP) liability—which governs the legal liability of Internet intermediaries and platforms for communications of their users—resides in an annex in the trade agreement's Intellectual Property chapter and was one of the most contentious parts of its copyright enforcement rules. This is because the United States was pushing to export a version of the liability regime that exists under its Digital Millennium Copyright Act (DMCA), which has been notoriously problematicin facilitating the censorship of online content through bogus copyright claims.

Other countries, that had learned some lessons from the DMCA in developing improved intermediary liability systems of their own, quite rightly sought to preserve their systems. Chile, for example, had a system that required a court order before a user's content was forcibly taken off the Internet. In Japan, although a court order was not required, an independent body containing representatives of both rights-holders and ISPs would review claims for removal of material before allowing them. And Canada had recently updated a system of “notice and notice” that would notify users of claims that their content was infringing, but would not automatically take that content offline.

In the end, the fact that these countries was able to preserve its existing system was one of the qualified wins that we achieved in the final TPP text. But the win came at a cost: the text is crafted in such a way that no other countries, besides Canada and Chile, are entitled to benefit from systems that preserve user content online until a court orders its removal. For new signatories to the TPP, they can go no further than Japan does in protecting their users' freedom of expression against copyright takedown requests.

The Manila Principles on Intermediary Liability were developed by EFF and partners from around the world and launched this May. They establish a baseline standard for intermediary liability rules that balance takedown requests with users' freedom of expression rights. So we can use the Manila Principles to rate how the TPP's ISP liability chapter should have looked. They also show how far short the TPP falls, particularly for those majority of countries who do not enjoy the grandfathered rules enjoyed by Canada and Chile.

Here are summaries of the essential points from the Manila Principles and how they are reflected (or not) in the TPP:

Intermediaries should be shielded from liability for third-party content: The TPP does satisfy the first and most fundamental criterion of the Manila Principles by requiring Internet intermediaries to be shielded from liability for acts such as routing, caching, storage, or linking to third party-content using their networks or systems. The TPP also explicitly states that intermediaries should not have a proactive duty to monitor what users do online.
Content must not be required to be restricted without an order by a judicial authority: The TPP unambiguously fails this criterion. Apart from Canada and Chile, every other TPP country (and all future TPP signatories) are required to provide a mechanism for ISPs to restrict user content without a court order. All that countries can do to mitigate the harsh impact of this provision is to follow the Japanese model, whereby a multi-stakeholder body vets takedown requests before they are carried into effect by ISPs—but such a body is no substitute for a court.
Requests for restrictions of content must be clear, be unambiguous, and follow due process: The TPP does not have much to say about the format or content of requests for the restriction of content. Even in comparison to the DMCA, it is not prescriptive about the format of a takedown notice; not even requiring the sender depose to a good faith belief that the material identified in the notice has been used unlawfully. This may lead to takedown notices being sent with even more impunity in other countries than already occurs in the United States. Against this, the TPP does at least, in compliance with sub-point (g) of this criterion of the Manila Principles, specify that penalties should be available against those who request takedowns in bad faith.
Laws and content restriction orders and practices must comply with the tests of necessity and proportionality: The TPP does not require intermediaries to limit the removal of content by using the least restrictive technical method, or by confining it to the minimum requiredgeographical and temporal extent. Given that intermediaries are insulated from liability to their users when they remove material in good faith, the outcome could be the restriction of content beyond what is strictly necessary or proportionate.
Laws and content restriction policies and practices must respect due process: The TPP does require users to be notified when their content is restricted in response to a takedown notice, but does not require them to be given an opportunity to be heard prior to that content restriction, or require them to be provided with a means of appeal. As far as the TPP goes is to require that where content is restricted by takedown notice, then if there is a counter-notification process in place, the intermediary who receives a counter-notice from a user must then reinstate the content in question. However, since a counter-notification process is not mandatory, it is possible for countries to implement the TPP in a way that provides no avenue for the restoration of wrongly-removed content at all.
Transparency and accountability must be built into laws and content restriction policies and practices: The TPP fails to address issues of transparency and accountability, such as transparency reporting. In one respect, it even works against these values. One of the sub-points of this criterion is that governments must not use extra-judicial measures to restrict content, such as the promotion or enforce so-called "voluntary" practices for the removal of content. But the TPP does promote such practices by calling for “legal incentives” for ISPs to cooperate with copyright owners, or take other action to deter copyright infringement.

All in all, the TPP's rates poorly against the Manila Principles on most of the essential criteria other than the first; although it does score a few points against some of the supporting criteria (such as clarifying that no proactive monitoring is required, penalizing wrongful takedown requests, and requiring the reinstatement of content when a counter-notification is received).

Where the TPP most seriously falls down is in the reliance on intermediaries to determine whether content is unlawful and should be taken down. This is not a decision that we should rely on intermediaries to make, since most of them are private, profit-maximizing entities, that will be inclined to over-remove content simply in order to avoid the time and cost of arguing about it. A better system is one such as Canada's, which places the responsibility of assessing rightsholders' claims initially back on the user, and ultimately on a judge.

By ruling out any other country's access to a balanced intermediary liability system such as Canada's, the TPP fails to adequately protect rights to freedom of expression and is likely only to perpetuate the unintended consequences that users have suffered under more than 15 years under the broken DMCA.

Unintended Consequences, European-Style: How the New EU Data Protection Regulation will be Misused to Censor Speech

jmalcolm — Fri, 20 Nov 2015 20:05:05 +0000

Unintended Consequences, European-Style: How the New EU Data Protection Regulation will be Misused to Censor Speech

Europe is very close to the finishing line of an extraordinary project: the adoption of the new General Data Protection Regulation (GDPR), a single, comprehensive replacement for the 28 different laws that implement Europe's existing 1995 Data Protection Directive. More than any other instrument, the original Directive has created a high global standard for personal data protection, and led many other countries to follow Europe's approach. Over the years, Europe has grown ever more committed to the idea of data protection as a core value. In the Union's Charter of Fundamental Rights, legally binding on all the EU states since 2009, lists the “right to the protection of personal data” as a separate and equal right to privacy. The GDPR is intended to update and maintain that high standard of protection, while modernising and streamlining its enforcement.

The battle over the details of the GDPR has so far mostly been a debate between advocates pushing to better defend data protection, against companies and other interests that find consumer privacy laws a hindrance to their business models. Most of the compromises between these two groups have now already been struck.

But lost in that extended negotiation has been another aspect of public interest. By concentrating on privacy, pro- or con-, the GDPR as it stands has omitted sufficient safeguards to protect another fundamental right: the right to freedom of expression, “to hold opinions and to receive and impart information... regardless of frontiers”.

It seems not to have been a deliberate omission. In their determination to protect the personal information of users online, the drafters of the GDPR introduced provisions that streamline the erasure of such information from online platforms—while neglecting to consider those who published that information to those platforms who were exercising their own human right of free expression in doing so, and their audiences who have the right to receive such information. Almost all digital rights advocates missed the implications, and corporate lobbyists didn't much care about the ramifications.

The result is a ticking time-bomb that will be bad for online speech, and bad for the future reputation of the GDPR and data protection in general.

Europe's data protection principles include a right of erasure, which has traditionally been about the right to delete data that a company holds on you, but has been extended over time to include a right to delete public statements that contain information about individuals that is “inadequate, irrelevant or excessive”. The first widely-noticed sign of how this might pose a problem for free speech online came from the 2014 judgment of the European Court of Justice, Google Spain v. Mario Costeja González—the so-called Right to Be Forgotten case.

We expressed our concern at the time that this decision created a new and ambiguous responsibility upon search engines to censor the Web, extending even to truthful information that has been lawfully published.

The current draft of the GDPR doubles down on Google Spain, and raises new problems. (The draft currently under negotiation is not publicly available, but July 2015 versions of the provisions that we refer to can be found in this comparative table of proposals and counter-proposals by the European institutions [PDF]. Article numbers referenced here, which will likely change in the final text, are to the proposal from the Council of the EU unless otherwise stated.)

First, it requires an Internet intermediary (which is not limited to a search engine, though the exact scope of the obligation remains vague) to respond to a request by a person for the removal of their personal information by immediately restricting the content, without notice to the user who uploaded that content (Articles 4(3a), 17, 17a, and 19a.). Compare this with the DMCA takedown notices, which include a notification requirement, or even the current Right to Be Forgotten process, which give search engines some time to consider the legitimacy of the request. In the new GDPR regime, the default is to block.

Then, after reviewing the (also vague) criteria that balance the privacy claim with other legitimate interests and public interest considerations such as freedom of expression (Articles 6.1(f), 17a(3) and 17.3(a)), and possibly consulting with the user who uploaded the content if doubt remains, the intermediary either permanently erases the content (which, for search engines, means removing their link to it), or reinstates it (Articles 17.1 and 17a(3)). If it does erase the information, it is not required to notify the uploading user of having done so, but is required to notify any downstream publishers or recipients of the same content (Articles 13 and 17.2), and must apparently also disclose any information that it has about the uploading user to the person who requested its removal (Articles 14a(g) and 15(1)(g)).

Think about that for a moment. You place a comment on a website which mentions a few (truthful) facts about another person. Under the GDPR, that person can now demand the instant removal of your comment from the host of the website, while that host determines whether it might be okay to still publish it. If the host's decision goes against you (and you won't always be notified, so good luck spotting the pre-emptive deletion in time to plead your case to Google or Facebook or your ISP), your comment will be erased. If that comment was syndicated, by RSS or some other mechanism, your deleting host is now obliged to let anyone else know that they should also remove the content.

Finally, according to the existing language, while the host is dissuaded from telling you about any of this procedure, they are compelled to hand over personal information about you to the original complainant. So this part of EU's data protection law would actually release personal information!

What are the incentives for the intermediary to stand by the author and keep the material online? If the host fails to remove content that a data protection authority later determines it should have removed, it may become liable to astronomical penalties of €100 million or up to 5% of its global turnover, whichever is higher (European Parliament proposal for Article 79).

That means there is enormous pressure on the intermediary to take information down if there is even a remote possibility that the information has indeed become “irrelevant”, and that countervailing public interest considerations do not apply.

These procedures are deficient in many important respects, a few of which are mentioned here:

Contrary to principle 2 of the Manila Principles on Intermediary Liability, they impose an obligation on an intermediary to remove content prior to any order by an independent and impartial judicial authority. Indeed, the initial obligation to restrict content comes even before the intermediary themselves has had an opportunity to substantively consider the removal request.
Contrary to principle 3 of the Manila Principles, the GDPR does not set out any detailed minimum requirements for requests for erasure of content, such as the details of the applicant, the exact location of the content, and the presumed legal basis for the request for erasure, which could help the intermediary to quickly identify baseless requests.
Contrary to principle 5, there is an utter lack of due process for the user who uploaded the content, either at the stage of initial restriction or before final erasure. This make the regime even more likely to result in mistaken over-blocking than the DMCA, or its European equivalent the E-Commerce Directive, which do allow for such a counter-notice procedure.
Contrary to principle 6, there is precious little transparency or accountability built into this process. The intermediary is not, generally, allowed to publish a notice identifying the restriction of particular content to the public at large, or even to notify the user who uploaded the content (except in difficult cases).

More details of these problems, and more importantly some possible textual solutions, have been identified in a series of posts by Daphne Keller, Director of Intermediary Liability at the Center for Internet and Society (CIS) of Stanford Law School. However at this late stage of the negotiations over the GDPR in a process of “trialogue” between the European Union institutions, it will be quite a challenge to effect the necessary changes.

Even so, it is not too late yet: proposed amendments to the GDPR are still being considered. We have written a joint letter with ARTICLE 19 to European policymakers, drawing their attention to the problem and explaining what needs to be done. We contend that the problems identified can be overcome by relatively simple amendments to the GDPR, which will help to secure European users' freedom of expression, without detracting from the strong protection that the regime affords to their personal data.

Without fixing the problem, the current draft risks sullying the entire GDPR project. Just like the DMCA takedown process, these GDPR removals won't just be used for the limited purpose they were intended for. Instead, it will be abused to censor authors and invade the privacy of speakers. A GDPR without fixes will damage the reputation of data protection law as effectively as the DMCA permanently tarnished the intent and purpose of copyright law.

European Web Host Ruled Liable for Users' Comments—Even Though It Didn't Read Them

jmalcolm — Wed, 17 Jun 2015 16:08:06 +0000

European Web Host Ruled Liable for Users' Comments—Even Though It Didn't Read Them

The future for online discussion platforms in Europe is looking cloudy following yesterday's ruling of the European Court of Human Rights in the case of Delfi AS v. Estonia. In a disappointing decision, the court affirmed that Estonian courts were entitled to hold an online news portal liable in defamation for comments submitted anonymously by readers. The court was unmoved by the fact that the publisher, Delfi, had set up a system for users to flag and automatically remove comments that they found offensive, or by the fact that the comments at issue had been removed prior to the initial lawsuit being filed.

The court ruled that the finding of Delfi's liability did not violate the guarantee of freedom of expression under Article 10 of the European Declaration of Human Rights, but the ramifications of the ruling on freedom of expression will be profound. Indeed, its effects have already been felt. Following the initial complaint, delfi.ee retained a team of moderators to sift through the site's anonymous and pseudonymous comments, which are segregated from those of registered users, and hidden by default. Other Estonian discussion fora, unable to afford to hire moderators, have simply shut down anonymous comments altogether, demonstrating that Delfi's first victim would be anonymous speech.

The ruling undermines the notice-and-takedown regime established under E-Commerce Directive (which is broadly Europe's equivalent to the DMCA takedown regime, but covers all types of illegal or infringing content, not just copyright infringements). Under the E-commerce Directive, a news portal such as Delfi is exempted from liability for content unless it refuses to take action to remove that content after being notified of its illegality. Unfortunately there is a loophole in the E-Commerce Directive in that it provides a minimum level of intermediary liability, but does not define the limits of liability—which is why Delfi could be found additionally liable under Estonian law for defamatory comments that were published before the notification took place.

The European Court of Human Rights had an opportunity to fix the upper limits of intermediary liability in accordance with the established standards of freedom of expression online. For years, the key experts on international human rights law have emphasized the importance of allowing intermediaries to act as impartial relays of their users' communications to protect free speech online. By rejecting that consensus, the ECHR has opened the doors to laws that chill speech by requiring Internet companies to police their users, or risk financial ruin.

The ruling also conflicts with the Manila Principles on Intermediary Liability, which are a set of best practices for Internet companies to deal with disputes over user-submitted content, and a set of guidelines for regulators constructing intermediary liability regimes. The Manila Principles, endorsed by civil society groups from around the world, provide that “Intermediaries should be immune from liability for third-party content in circumstances where they have not been involved in modifying that content,” and that “Intermediaries must not be required to substantively evaluate the legality of third-party content.”

As there is no appeal from this decision, the order of the day is damage control. The ruling has no binding impacts on other European courts or legislatures, so they are best advised to treat it as being strictly limited to the narrowest set of facts. If on the other hand the ruling is treated as a green light to impose greater liability on intermediaries than the E-Commerce Directive already imposes, the inevitable result will be the silencing of European users' speech. This in turn will contract the scope of permissible online expression, resulting in discussions that will be constrained by the legally conservative policies of intimidated Internet companies. That would lead to online forums that must be designed to offend no-one, and create limited conversations that may be more “civilized” in the eyes of this court but also more homogenous, subdued, and deferential to those with power and influence.