FEDERAL TRADE COMMISSION
Washington, D.C. 20580
U.S. PERSPECTIVES ON CONSUMER PROTECTION
COMMENTS OF THE
Barabara A. Dooley Ronald L. Plesser
Commercial Internet eXchange Association
Piper & Marbury L.L.P.
Submitted March 26, 1999
I. INTRODUCTION AND SUMMARY
The Commercial Internet eXchange Association ("CIX"), by its attorneys, submits these comments in response to the Federal Trade Commission's ("FTC") request in preparation for its workshop on Consumer Protection in the Global Electronic Marketplace.
CIX is a trade association that represents more than 100 Internet service providers ("ISPs") who handle more than 90% of the United States' Internet traffic.(1) CIX members include large ISPs as well as many of the smaller local providers. CIX works to facilitate global connectivity among commercial ISPs in the United States and throughout the world. Internet service providers, including CIX members, continue to be at the forefront of efficient, innovative, and market-based Internet services to the public. CIX members provide consumers with access to the Internet, host web pages, manage email accounts, and offer numerous other services.
As the "gateway" to the Internet, CIX members have a significant interest in ensuring a sufficient consumer protection framework on the Internet for its customers. CIX supports the Federal Trade Commission's initiative to examine consumer protection issues online as they affect the Internet. As the FTC and others examine this issue, CIX urges that no action be taken that could threaten the current pace of development of the Internet. CIX also firmly believes that any approach to consumer protection should not impose vicarious or contributory liability upon Internet service providers for the acts of their users. Finally, CIX supports technological advancements, particularly the use of digital signatures, to help ensure trust and confidence in Internet transactions.
II. CIX SUPPORTS THE EXPLORATION OF INITIATIVES THAT COULD PROVIDE STRONG CONSUMER PROTECTION ON THE INTERNET
The Internet is a remarkable success. Today's Internet is growing at an unprecedented rate and will continue to evolve into tomorrow's information superhighway. CIX, in general, continues to support a "hands off" approach to regulating the Internet. To the extent possible, CIX believes that this approach is the most effective in letting the medium develop according to market preferences. At the same time, CIX recognizes that measures may need to be taken to further protect consumers in their online transactions. CIX supports the exploration in the upcoming workshop of initiatives that could provide strong protection against perpetrators of fraud in the context of global electronic commerce ("e-commerce").
One concept that should be explored is development of harmonized rules that could eliminate many of the jurisdictional uncertainties with regard to Internet transactions. Application of either the law of the consumer's or merchant's jurisdiction to a transaction could result in undesirable outcomes. For example, applying the law of the consumer's jurisdiction to a transaction would in many cases prove unworkable for businesses, requiring familiarization and compliance with the laws of every jurisdiction in which a potential customer resides. This could be very expensive and result in increasing the price to the consumer or limiting of the merchant's offering altogether. Similarly, applying the law of the merchant's jurisdiction could encourage merchants to "forum shop" for jurisdictions with legal frameworks most favorable to them.
Another area worthy of exploration is low-cost dispute resolution. A global forum, perhaps virtual, may provide an appropriate and effective means of resolving disputes between consumers and businesses. Such forums could limit the current expenses and difficulties associated with resolving disputes between entities located in different areas around the world.
Third-party seal programs for sites that adopt generally accepted consumer protection practices could also further protection of consumers in e-commerce. Seal programs could adopt specific requirements with which a company must comply to obtain a seal of approval to display on its site. Such seals would provide web shoppers assurance that the company is reliable. The privacy seal programs of BBBOnLine and Truste may serve as appropriate models for such programs. Harmonization, low-cost dispute resolution, and third-party seal programs all may be best addresses in self-regulatory frameworks.
In addition, there are areas that CIX believes could benefit consumer protection while at the same time furthering the growth of the medium. CIX urges the Commission to explore: (1) limiting intermediary liability of Internet service providers for the actions of their users; and (2) allowing the marketplace to develop a digital signature framework unfettered by conflicting laws of different sovereigns. Both traditional governmental institutions and self-regulatory frameworks should be evaluated in addressing all these issues.
While CIX recognizes the potential utility of new approaches to consumer protection on the Internet, we urge caution with regard to any action that could potentially disrupt the continued evolution of the Internet. The extraordinary growth of the Internet is due to technological advances and the efforts of many different industries.
CIX members are proud of their role in contributing to this development. Their contribution is reflected in the dramatic increase in the number of Internet hosts that store information, interact, and relay communications from 1.3 million in 1993 to 43.2 million in 1999.(2)
In the United States today, there are more than 6,000 Internet service providers and more than 60 million Internet users.(3)
Recent studies on the number of homes in the United States with computers and Internet access also indicate the surge in the growth of this medium.(4) Between January 1995 and January 1999, the penetration of home computers has increased from 32% to 50%, and the number of homes accessing the Internet has increased from 9% to 33%. There is equally strong growth in the quality and diversity of services being offered to these users. For example, many CIX members are beginning to deploy "broadband" services to the public that offer high speed connections to the Internet.
Even with this tremendous growth, CIX members recognize that the medium is still in its infancy. The 33% of homes that access the Internet when compared with the penetration of the telephone, television and cable demonstrates tremendous opportunity for continued growth. Likewise, the deployment of broadband services will result in capabilities and applications that will dwarf those of today's Internet.
III. INTERNET SERVICE PROVIDERS SHOULD NOT
The United States' approach of not imposing liability on Internet service providers for the fraudulent acts of others on the Internet should be part of any global framework for consumer protection. This approach is well founded, in contrast to proposals contained, for example, in the draft Electronic Commerce Directive proposed by DG XV of the European Commission(5) and the French Conseil d'Etat's "The Internet and Digital Networks" report.(6) These other approaches would impose regimes of vicarious and contributory liability upon Internet service providers for the acts of their users.
As Congress recognized in adopting 47 U.S.C. § 230(c) as part of the Telecommunications Act of 1996, Internet service providers should not be held liable for content supplied by others. Subsection § 230(c) shields ISPs from all civil liability under federal and state laws, as well as criminal liability under state laws that would treat them as the publisher or speaker of any information provided by another information content provider. The statute explicitly preempts inconsistent state law. 47 U.S.C. § 230(d)(3). Congress decided to apply this core principle horizontally across all areas of civil liability under federal and state law with the sole exception of liability for intellectual property violations. See § 230(d)(2).(7)
Congress' judgment is well-founded in light of the realities of Internet communication, which make Internet providers unable to serve as policemen of the Internet. ISPs who "host" websites (provide computer server space to others who decide what content they want to place on the site), typically host tens of thousands of sites and do not know what content will be or has been placed on the site. Furthermore, there are a vast number of other fora on the Internet¾including chatrooms, bulletin boards and newsgroups¾where millions of users are able to post material of their choice without editing by the service provider. The only way to prevent postings of deceptive material in this context is almost always to close down the forum completely.
Conversely, DG XV's first draft of the European Commission's Electronic Commerce Directive ("E-Commerce Directive") recommends adoption of a modified version of liability for the content of others. This approach is modeled closely upon Title II of the Digital Millennium Copyright Act of 1998, 17 U.S.C. § 512. This regime, developed in the context of the United States Copyright Act, is ill-suited to consumer protection. Copyright, of course, is a strict liability statute with well-developed and expansive notions of vicarious and contributory liability. Internet communications often involve automatic, temporary copying, which is a per se violation of the Copyright Act.
In this unique context, Congress developed a solution that immunizes service providers for direct liability for the acts of others, and narrows vicarious and contributory liability. Service providers are not liable for infringing material placed by others on their servers unless they: (1) have actual knowledge of it, (2) have knowledge of facts or circumstances from which the infringement is "apparent," (3) are notified of the infringing material pursuant to a notice that meets certain procedural requirements designed to ensure its authenticity and specificity, or (4) derive a direct financial benefit from the infringement with the right and ability to control the infringing activity. See § 512(c); E-Commerce Directive, Article 14, paragraph 1.
However, consumer protection does not involve the same legal concepts, nor do providers have the resources to screen for many different kinds of illegal third-party material on their servers. Much of the law of consumer protection in the United States results from the general concepts of deception and unfairness. These subjective concepts would be very difficult for ISPs to detect, and it would be inappropriate to subject them to liability for such actions by their users.
There are more than 6,000 ISPs operating in this country alone. Most are small businesses that compete in a highly competitive market by providing low-cost service with lean staffing on narrow margins. These providers have neither the staff nor the resources to monitor postings that others have made to their computer servers.
The principle of Section 230¾placing responsibility for fraudulent transactions squarely upon the entity that engages in deceptive activity with consumers¾is essential to the growth of the Internet as a means of global communication and commerce. If Internet providers are held liable for content supplied by others on their servers, they will have a powerful incentive to close the Internet's "vast democratic fora," see ACLU v. Reno, 117 S. Ct. 2329, 2343 (1997), and to deny placement on their servers to businesses that cannot indemnify them for potential illegal activities. The end result would be to limit the entry of new competitors through higher costs, thereby greatly reducing choices available to consumers.
Even worse would be an obligation on Internet providers to engage in the futile, highly burdensome exercise of attempting to prevent their users from accessing illegal foreign sites. This more extreme vision has been effectively endorsed, for example, in The Internet and Digital Networks, the French Conseil d'Etat's major report on Internet policy, which recommends that access providers should be liable if they have knowledge of illegal content flowing over their systems, or if they fail to supply a filtering system. See id. Part IV, Clarifying the liability of the players.
Such blocking would be ineffective because illegal sites located on foreign networks can easily evade blocks by using products readily available from major commercial suppliers that map a single Internet site to a large number of constantly changing Internet Protocol ("IP") addresses or domain names. Moreover, blocking imposes significant costs on lawful users of the Internet because blocking can interfere with access to lawful content on other sites and can slow down network performance for all users. Furthermore, efforts to screen illegal communications delivered through e-mail and private chat rooms ("Instant Messaging") would slow Internet communications tremendously and would violate user privacy rights under the Electronic Communications Privacy Act and similar state laws.
For all of these reasons, as an Internet consumer protection framework is being developed, legislators and regulators should avoid imposing liability on ISPs for the acts of their users. The United States Government is well positioned to work with governments around the world through the OECD and other international organizations so that the framework with regard to ISP liability worldwide moves to the current policy in the United States.
IV. SECURITY AND AUTHENTICATION TECHNOLOGIES
While CIX does not believe that ISPs should be liable for the actions of their users, CIX firmly believes that its members' customers must have adequate consumer protections on the Internet. CIX recognizes the value that technological solutions can have towards this end. While governments will continue to play a significant role in establishing trust in consumer transactions, in the Internet environment, security and authentication technologies can provide the certainty and predictability required by both consumers and merchants.
In particular, CIX supports the use of digital signatures as a means of protecting consumer information and authentication in electronic transactions and protecting against fraud. In fact, in many cases, digital signatures can provide greater protection than that found in the paper world.
Digital signature technologies are developing sufficiently in the marketplace that such progress should not be impeded by regulatory obstacles. While a hands-off approach is preferable, many different regulatory frameworks regarding digital signatures have either been passed or are being considered at the state, national, and international levels.
To ensure compliance with the emerging matrix of various digital signature laws, the parties to a transaction will have to know the legal requirements of the relevant jurisdictions of the communication. Certificate authorities (third parties that verify the identification of the parties to a transaction), would subject the transaction to an additional set of duties and responsibilities. Multiple and sometimes conflicting regimes will be detrimental to the widespread adoption of these technologies.
Moreover, new questions, directly related to the legal uncertainty that surrounds the concept of jurisdiction on the Internet, are arising in the area of consumer protection and digital signatures. For example, is the existence of a digital signature enough to create the minimum contacts necessary to establish jurisdiction? Likewise, it is not yet established in many jurisdictions that a digital signature carries with it the same legal significance as a traditional signature to meet satisfy the "statute of frauds" and signature requirements. The question of jurisdiction in the Internet combined with differing laws of the sovereigns, unless resolved, will increasingly hinder the full development of the marketplace with regard to these technologies. These questions should be addressed and resolved in the upcoming discussions on consumer protection in a way that provides simplicity an legal predictability.
In summary CIX supports the efforts of the FTC and others in exploring fully the issue of consumer protection on the Internet. CIX suggests that regulators exercise caution in avoiding any actions that could disrupt the full development of the Internet. CIX also firmly believes that any approach to consumer protection not impose vicarious or contributory liability upon Internet service providers for the acts of their users. Finally, CIX believes that technology, including the use of digital signatures, can be an effective solution to ensuring trust and confidence in Internet transactions. We look forward to contributing to the upcoming workshop.
1. The views expressed herein are those of CIX as a trade association, and are not necessarily the views of each individual member.
2. Internet Domain Survey, July 1997, Produced by Network Wizards and available on the World Wide Web at http://www.nw.com.
5. See Proposal for a European Parliament and Council Directive on Certain Aspects of Electronic Commerce in the Internal Market, Section IV (Nov. 18, 1998).
6. The Internet and Digital Networks, Report of the Council of State, Part IV, "Clarifying the liability of the players" (July, 1998), available in English translation at <www.internet.gouv.fr>. This report is France's quite different answer to the Magaziner report.
7. Although 230(d)(1) exempts liability under title 18, making particular mention of federal obscenity and indecency laws, Congress has legislated in this area so as to protect service providers from liability for content supplied by others. Congress' most recent legislation in this area, the Children's Online Protection Act (COPA), 47 U.S.C. § 231, criminalizes communications that are harmful to minors. However, it provides immunity for Internet access providers, others "similarly engaged in the transmission" of third party communications (e.g., backbone providers), and ISPs who host web sites containing the illegal material. 47 U.S.C. § 231(b)(2) & (4). Similarly, federal obscenity statutes criminalize "use" of an ISP, rather than the conduct of an ISP who transmits obscene material. See 18 U.S.C. §§ 1462, 1465.