Most internet users know far less about the internet — and internet nasties — than the ISPs who bring them online. That uneven relationship is one reason why local ISPs need a code of practice, suggests Stuart Meiklejohn.
Meiklejohn has written a working paper on InternetNZ's long-neglected Code of Practice. He envisages that the draft code will develop from the outline in this working paper, with the detail of individual sections filled in progressively by way of a request-for-comment mechanism on one section at a time, with deadlines for members to reply.
In other situations of asymmetrical knowledge, such as the health industry, Meiklejohn notes, there is “heavy” government regulation. “This often depends on the risk of harm to consumers, and the level of possible harm,” he says. “Improper use of the internet poses a high level of serious risks for users, including fraud, damage to computer systems from viruses and computer hacking, and minors having access to offensive or adult material. Self-regulation can help address consumers’ needs, and in particular help them to protect themselves and their computer equipment.”
The first section of the draft released for comment sets out the purposes and scope of the planned code. The “purposes” are first laid out — broad general principles such as “to establish confidence in and encourage the use of the internet" and “to promote positive user relations with the internet industry.”
The code should describe standards of good practice and service to be met by participating ISPs, says the draft; and (bearing in mind the ‘asymmetrical’ relationship) “promote disclosure of information relevant and useful to consumers so as to allow them to make an informed choice and compare one product with another.”
Promotion of effective competition and efficiency in the industry also come in at this level, Another of the purposes is to “have regard to the need to protect consumers and ISP’s from increased costs from unsolicited mail, and from offensive material.”
In the working paper, Meiklejohn connects this with the matter of trust and confidence that the user population should ideally have in the operation of the internet. This was brought out by the State Services Commission’s e-government unit late last year in a paper that questioned whether lack of such trust could imperil the success of the e-government initiative.
A potentially controversial question devolving from this and highlighted in the working paper, is whether ISPs should bear some responsibility for alerting a user that his/her system is not properly patched and may be infected and used as a “zombie” for malicious purposes. This will clearly come up for public comment as the CoP exercise works its way down into the detail.
A proposed list of more specific “objectives” follows. These include fairness, accuracy and responsibility in conducting business and adhering to promises of service levels, “improving customer relations”and protecting “rights of access and free speech” while at the same time “ensur[ing] that information and procedures are in place for the protection of minors from accessing objectionable material over the internet.”
Here, judging from the working paper, the initial emphasis is on provision of filtering software and the like to users, at appropriate cost, for them to use or not as they see fit.
At the same time, material hosted by local ISPs which is actually illegal (defamatory, objectionable or in breach of copyright) can be regulated by the ISP, and the working paper signals the need for mechanisms of complaint handling.
Meiklejohn’s working paper includes a wealth of material on how ISPs and internet industry bodies overseas have tackled similar questions.
Throughout the paper, the point is made that there are few legal sanctions applying to the internet, and InternetNZ is severely limited in the sanctions it can apply. At worst, it can expel from membership an ISP which breaches the code, and rely on the resulting bad publicity on this to ac as a deterrent.