from the the-impact-is-very,-very-different dept
To some extent we've had this discussion before, as parts of other discussions about the regulation of content online, but it's worth calling it out explicitly: regulating internet infrastructure services the same as internet edge service providers is a really bad idea. And yet, here we are. So few people seem to even care enough to make a distinction. So, let's start with the basics: "edge providers" are the companies who provide internet services that you, as a end user, interact with. Google, YouTube, Facebook, Twitter, Twitch, Reddit, Wikipedia, Amazon's e-commerce site. These are all edge providers as currently built. Infrastructure providers, however, sit a layer (or more) down from those edge providers. They're the services that make the edge services possible. This can include domain registrars and registers, CDNs, internet security companies and more. So, companies like Cloudflare, GoDaddy, Amazon's AWS, among others are examples there.
While tons of people interact with infrastructure players all the time, your average person will never even realize they're doing so -- as the interactions tend to be mediated entirely by the edge providers. For a few years now we've been seeing attempts to move the liability questions up (or, depending on your viewpoint, down) the stack from edge providers to infrastructure players. This raises a lot of significant concerns.
At the simplest level, a big part of the concern is that the only real "remedy" for an infrastructure provider is to cease providing service altogether to the edge provider. This is an incredibly blunt instrument -- as a single accusation of a legal violation could lead an entire service to come crashing down if the infrastructure provider is sufficiently spooked about the potential liability. In short: imagine what happens when a copyright holder sends a DMCA notice not to the site that had an allegedly infringing image uploaded, but rather to that site's domain registrar. If the registrar fears liability, it might revoke the domain entirely (removing service) pulling down an entire website (or, at least, the way in which most people access that website).
There may be good arguments for cases when infrastructure providers should be involved -- perhaps the edge provider cannot be found or is deliberately ignoring actual legal notices. Then you might understand moving to a different level in the stack. But it should be justified.
Instead, it seems like many are simply targeting infrastructure because either they don't understand the difference between infrastructure and edge... or just because they know that its remedy (complete removal of service) is so big that it'll have more impact. Case in point: an Italian court has ordered Cloudflare to terminate the accounts of a few sites that the court has determined to be pirate sites. Assuming that these sites truly are engaged in infringing activities, it seems fine to hold the sites themselves accountable. But that's not what's happening here. Instead, the legal liability is being placed on Cloudflare, a company that provides CDN services, but isn't the actual host of any of the content.
In a ruling handed down by the Commercial Court of Rome late last month, Cloudflare was ordered to immediately terminate the accounts of the contested pirate sites. These include filmpertutti.uno, italiaserie.tv, piratestreaming.watch, cinemalibero.red, and various others.
In addition, Cloudflare was ordered to share the personal details of the site owners and their hosting companies with RTI.
If Cloudflare fails to comply with any of the above, it must pay a fine of €1,000 for each day the infringements continue.
While Cloudflare doesn’t see itself as a hosting provider, the Court concluded that it can be seen as such, under European law. Among other things, its “Always Online” service hosts various website resources even when the site’s servers go offline.
It's that last paragraph that's most important. Basically, that's the court saying "we don't care that you're an infrastructure provider, we're going to treat you as an edge provider." That should worry everyone. Again, unlike an edge provider that might be able to more narrowly target and adjudicate activity that violates laws (or terms of service), Cloudflare's only real ability here is to cut off service entirely. That's a pretty extreme solution.
But it's not just Italian courts doing this. Gizmodo recently had an article with the provocative title, The Dirty Business of Hosting Hate Online. That article details various parts of the web in which truly vile people with pretty despicable views hang out. And, I can completely empathize with why people are both upset and troubled by such corners of the internet. I'm uncomfortable with them as well. But, is their answer to blame the lower level infrastructure providers? The Gizmodo article certainly seems to think so. The entire article reads like an attempt to shame those infrastructure providers into cutting ties.
Four years later, the Council of Conservative Citizens’ website is still online, pumping out stories about “black serial murderers.” Those pieces are now slotted between odes to nationalist politicians like Nigel Farage, advertisements for a white supremacist conference at a Tennessee state park, and a widget tracking the progress of a crowdfunding campaign to help build Donald Trump’s border wall.
All of that content is still out there, waiting to be found by the next Dylan Roof. But the people behind the site aren’t able to spread their message without some help: The group’s website is hosted by a Michigan-based company called Liquid Web and registered by web infrastructure giant GoDaddy, a publicly traded company currently valued at over $12 billion.
There's a lot more in the article, but almost all of it is targeted at infrastructure providers. Indeed, the story's title is a bit misleading, focusing on the "hosting" of content, which is much closer to an edge provider than most infrastructure providers. But do we actually want to live in a world in which registrars are in the business of determining what you're going to do with a domain before allowing you to register it? Imagine if Techdirt's registrar for our domain decided it didn't like our views on copyright? Would be okay with them just shutting us down and "taking" our domain?
There are big questions to be dealt with concerning how internet companies handle content online, from dealing with hate, harassment and abuse, to disinformation and other sketchy practices. And there are lots of important questions to be dealt with concerning what choices edge providers make concerning content moderation on their networks. But to conflate those questions with the questions related to infrastructure providers seems fraught with very bad scenarios of censorship or worse. It's completely reasonable to be concerned about ignorant racists putting up ignorant racist websites. But is the answer to block them from being able to do so entirely? Be careful what you wish for. And how far does that go? If we don't want racists to even be able to set up forums, does that mean we should also bar them from having internet access at all? Cut them off? No phone service either? Where exactly is the line drawn? And I'm sure some people will say that racists have no redeeming values and you have no problem with cutting them off entirely. But let's be upfront about that and think about the implications, because it's quite a long way to go from "this person is an ignorant racist" to "and therefore they shouldn't be able to use the internet at all."
Filed Under: copyright, edge, infrastructure, liability
Companies: cloudflare
