Liability of Internet Providers

Following a recent spate of investigations by the Public Prosecutor's Office into Internet providers, a key question for the latter is the extent to which they are legally responsible for the content of Internet material. In November 1995, the Public Prosecutor's office in Munich searched the offices of CompuServe and passed on a list of newsgroups suspected of child pornography. As a result, CompuServe barred around 250 newsgroups for fear of criminal prosecution. This caused a furore abroad, particularly in the USA, as for technical reasons this ban could not initially be restricted to Germany but was made world-wide.
Firstly, it is necessary to define the various providers according to their services. The content provider is the supplier of the contents offered. It is his content. The access provider, however, only provides technical access to other people's contents. The service provider, in addition to providing technical access, also provides other services, e.g. saves newsgroups on his server. Major providers, like CompuServe or AOL, which besides providing access to the Internet also offer structured contents, fall into all three provider categories as a rule. Thus in each case a check must be made on the activities of the provider to see which category he falls into to determine his liability.

A. The German example

As early as 1987, the Higher Court of Stuttgart (jur-pc 1992, 1714) had to deal with the issue regarding the liability of a non commercial mailbox operator for the user's messages on the blackboard of the mailbox. The court ruled that the operator is not obliged to examine each incoming message in order to determine if it is legally unobjectionable. Such an examination, demanding much time and being in certain cases legally complicated, would go beyond the requirements as to the mailbox operator’s diligence. Instead, his liability could be compared to that of a newspaper editor for advertisements who is only liable when he positively knows or, for example based on a third person's hint, is able to know about the violation (BGH GRUR 1972, 722 f; 1973, 203 f).
After a consultation period of just twelve months, the Information and Communication Services Law (IuKDG), passed by the Federal Republic, and the Media Services Inter-State Treaty (MDStV), passed by the Länder, came into force in Germany on 1 August 1997.

1. Scope of application

The political objective is to remove obstacles to, and legal insecurities surrounding, investments, to regulate responsibility for contents and to comply with requirements vis-a-vis young people and data protection. The Information and Communication Services Law (IuKDG) is responsible for individually tailored teleservices, for example telebanking, non-editorial weather forecasts, traffic news and stock exchange databases, access to the Internet or telegames. The Media Services Inter-State Treaty is, however, responsible for editorial media services such as electronic newspapers, teletext and in particular online-services such as CompuServe or AOL, who offer their editorial information to the general public. Despite the fact that it is sometimes difficult to demarcate the various jurisdictions, it can be seen that the federal legislation, as well as the legislation in the individual Länder, agrees on the essential points of the liability of providers.

2. Provider liability

Of central importance to the new regulations is the question of the provider's liability, which in the Information and Communication Services Law is regulated by the Tele Services Law (TDG).
The following applies to the content provider's liability:
The content provider (as in the past) is fully responsible for his own content (§§ 5, para 1, MDStV / TDG). This not only concerns material that may be subject to a public prosecution brought under criminal law, such as child pornography or propaganda that contravenes the Constitution, but also concerns the question of compensation that might be payable under civil law, where for example the content provider gives wrong information in areas where there is an element of risk.
For other providers, liability is only engaged if the following circumstances apply:
The service provider is only liable for external contents if he knows for a fact that the contents are unlawful and if it is technically possible and reasonable for him to block these contents (§§ 5, para 2, MDStV / TDG). He therefore has no general duty to control or monitor the contents. What is true, though, is that his knowledge can be established by information given to him by other users, so in these cases he will have to check out the specific information.
The access provider is not responsible for external contents, indeed he will not become a service provider even if the external contents are being intermediately stored on his server using the 'proxy-cache' procedure (§§ 5, para 3, MDStV / TDG).
As §§ 5, para 1, MDStV / TDG refer not only to access to the Internet but access to content generally, the feeling in some quarters is that providing hyperlinks between websites falls into the category of access providing and is therefore exempted from responsibility (Koch, NJW-CoR 1997,302). This is, however, countered by the opinion that an editorial collation of certain hyperlinks to websites is taking place and in this case link collations can be seen as "content" and the provider is therefore fully liable. After all, the provider has included these links in his contents independently and without pressure. Nevertheless, it can be assumed that the liability for links will be limited in future. This applies in particular in those cases where the website contents were changed after establishing links and therefore there was no intention to provide illegal contents.
As far as the provider's privileged liability merely results from the MDStV, there is still some legal uncertainty. In the view of part of the critics, § 5 para 3 MDStV is contrary to the Constitution because it interferes with the civil and penal liability of the provider under the German Civil Code (BGB) and Penal Code (StGB) which belong, however, to the competence of the Federal State and not of the Länder. This would mean that the privileged liability position is void and that, as a principle, providers will still be liable in the future (Koch, CR 1997, 193[198]). One has to wait and see if the issue will be cleared up by an ammendment of the MDStV and the TDG or if the Federal Constitutional Court will have to settle the dispute. However, because of the time factor, this would mean a situation hardly bearable for the IT-branch in Germany.

B. The European Union

The question of the liability of Internet providers has also been being discussed for some time now at the level of the European Community within the framework of the technical and legal questions raised regarding the Internet.

1. The Council and the Commission

Based on the proposals from the EU Commission in October 1996 (KOM 96/487), the Council of Ministers, by its decision of 17th February 1997 (OJ C 70, 06.03.1997), asked the member states to take measures against the transmission of illegal and damaging contents on the Internet.
This includes the promotion of systems of self-regulation in which both providers and users should be involved, the introduction of a code of conduct and a hotline notification system for the general public. From a technical point of view, filter mechanisms and classification systems like PICS (Platform for Internet Content Selection), the standard for the WWW Consortium, should be further developed.
France has already proposed to the rest of the OECD member countries a specific code of conduct for the Internet. It includes regulations for the observance of human dignity, the protection of minors, protection of public order, privacy, intellectual property, competition and protection of the customer. For this purpose the providers have been issued with certain duties. Should an access or service provider have knowledge of illegal material he is obliged to block this temporarily using whatever technical possibilities are at his disposal and to inform the voluntary self-regulatory body as well as the source of the material. Should the access or service provider have knowledge of material which could have a detrimental effect (though without being openly illegal), he is obliged to advise the voluntary self-regulatory body and at their request to then bar access to the website. Content providers on the other hand are obliged to classify the contents of their websites themselves in accordance with a sample provided by the voluntary self-regulatory body in order to facilitate the work with the filter system.
The EU Commission has been asked by the Council to support at a Community level the co-ordination of the national bodies for self-regulation, promote the exchange of research findings and information about technical issues and to check the question of legal liability for Internet contents.
The Commission states explicitly that liability for illegal contents does not only relate to content providers but can also include access and service providers. Liability might in particular be based on the fact that even though they do not control all the information content, their technical installations allow access to such information. The Commission makes it clear that for this reason alone regulations must be drawn up to ensure that access and services providers are not put in a position where they would be obliged virtually to censor contents. Otherwise the competitiveness of the European IT industry could not be guaranteed. Furthermore, the Commission has stated that some third party countries (e.g. China and Singapore) are exerting control over the contents of the Internet by introducing an intermediate server on which only the material wanted in the country would be saved and could then be downloaded. The Commission is dismissing such a solution for Europe as this does not match up with local political tradition and the personal freedom of the individual would be fundamentally restricted.
Accordingly the Commission points to legislation - some already passed, some at the planning stage - in member states under the terms of which the liability of access and service providers is restricted in such a way that they are only liable for documents saved on their server and only then if they can have been justifiably expected to have recognised the material as being illegal or if they have failed to remove this material despite the fact that the content matter has been clearly pointed out to them. Pure network operators such as Telekom for example are not as a rule liable for the information carried by them either under civil or criminal law. They can, however, be contractually or legally obliged to take measures against customers so as to prevent them from putting out illegal data via the Internet.
The Commission has proposed the use of filter systems as an acceptable solution which allows the user to control access to certain contents. This on the one hand basically involves the blocking of certain websites sorted according to categories (violence, sex, racism etc.) as a sort of black list and on the other hand approval can be given for certain websites as a sort of white list. The PICS identification system is probably the one which is the furthest developed with websites divided into various classifications. Users (parents) can then ensure that only pages with a PICS identification and which are within a category that they have approved can be downloaded.
The question of the blocking of contents remains problematic if what is forbidden in one member state is allowed in another. Furthermore blocking operations can also involve the blocking of harmless material and in addition illegal contents can be distributed from abroad. As this could represent a restriction on the free movement of services in the domestic market the Commission is recommending closer co-ordination between Public Prosecutors' Offices and Internet providers. Also anonymous use of the Internet ought to be curtailed. Somebody remailing an item, for example, could be compelled to reveal the identity of the user to the Public Prosecutor's Office. Given that the EU has no jurisdiction to pass a decree under criminal law the Commission believes closer co-operation between technicians and experts in criminal and legal proceedings is indispensable if member states are to realise common standards in criminal law.

2. European Conference of Ministers

In July 1997, Germany played host to the European Conference of Ministers, the theme being "Global Information Networks: Realising the Potential". As well as EU Ministers, participants included the European Free Trade Association, representatives from Central and Eastern European countries and Cyprus, and invitees from the USA, Canada, Japan and Russia. Representatives from various industries, consumers and European and international organisations were also present. The conference aimed to exchange information on the problems of using information networks, possible solutions and international co-operation.
On the question of provider liability the participants declared that a clear differentiation has to be made between the responsibility of those who produce and distribute the contents and the responsibility of mere agents. Agents, therefore, for example network operators and access providers, should in general not be liable for the contents. However guarantees must be given that these would not be subject to groundless, unreasonable or discriminatory regulations. In any case providers who offer contents of third parties should not be expected to have to carry out preliminary checks of contents which they have no reason to believe are illegal. Special account must therefore be taken as to whether the provider would have any practical possibilities of inspecting the contents. When deciding the question of liability, both the principle of free expression of opinions and the safeguarding of public and private interests have to be taken into account. Providers must not be unduly burdened.

3. Commissioner Bangemann

In his address on 8th August 1997 regarding "Global Communication", EU Commissioner Martin Bangemann made clear that it would be impossible to regulate the Internet either on the national level or by endeavours to harmonize national legislations. The countries concerned are actually too many and the various legal and cultural systems differ too much. The Commission is therefore in favour of the creation of an international Internet charta. However, for above mentioned reasons, this should be a mere framework to be filled in by the different Member states, and stipulate concrete rules only for fundamental issues such as child pornography.

C. Conclusion

Measures implemented on the national as well as the EU level make clear that "provider liability" has to be considered a fundamental issue of the Information Society. A distinction has to be made between technical and personal possibilities of control and surveillance of access and service providers on the one hand and the legitimate interest in criminal prosecution on the other hand. The Internet is not an unlegislated area. It has become clear that a competitive global Information Society cannot be developped in the single Member states, but that the problems have to be solved in a cross-border effort, a frame-work of conditions being set up on an adequate level. This means, however, that international legal certainty for providers will not be obtained in a short term. The question therefore is that of the supporting measures at the disposal of the provider to possibly avoid investigation or criminal proceedings on his behalf.

1. Current business

First of all, this can be done in day-to-day work.
For example, certain news groups which seem suspicious because of their name can be blocked. Surely, this does not hinder the corresponding contents to be published in other "non suspicious" groups, but the user looking for illegal material in well-known newsgroups will have his investigation made more complicated.
The provider may appoint a person responsible for newsgroups as a contact person for customers to whom they can report illegal contents.
The implementation of the filter systems mentioned above should also be tested to prove sensible.
As for the legal aspect, general terms and conditions should include terms stipulating that the customer's Internet access will be blocked as a precaution as soon as he gets suspected of distributing illegal contents, and that customers have to inform the provider immediately when they get to know about illegal contents on the servers of the provider. It is not sure that the latter stipulation can be effectively included in the contract, however, it has less the nature of a legally binding obligation of the customer than that of a gesture of "goodwill" towards the prosecuting bodies.
Providers should in any case refrain from controlling and moderating the contents of files, websites and newsgroups themselves. Actually, it would practically not be possible for a provider to cover the entire Internet. A New York court (NJW-CoR 1995, 346) found the US provider Prodigy liable for third parties contents, in particular because of his advertising stating that he would control the contents, making him a guarantor on the ground of which he was finally declared responsible for all the contents and sentenced.

2. Voluntary self-regulation

Besides, the membership in a body of voluntary self-regulation might be an adequate measure to create standards of conduct in order to avoid illegal contents and following prosecution.

© 1997 by Jens Barkemeyer