Is the Era of “Permissionless Innovation” and Avoidance of Regulation on the Internet Finally Over? It’s High Time.
It would be the ultimate under-statement to say that recent events concerning the appalling breaches of privacy permitted and indeed orchestrated by Facebook have raised public awareness to new heights over what happens when internet intermediaries are allowed to do just about whatever they want. Despite Mark Zuckerberg’s apologies about “mistakes” and pledges do better in future, the genie is out of the bottle. Even Zuckerberg had to admit that there is a place for regulation.
“It’s clear now that we didn’t do enough to prevent these tools from being used for harm. That goes for fake news, foreign interference in elections, and hate speech, as well as developers and data privacy.”
Wow, that is quite a list of transgressions. But my purpose is not to beat up on Facebook, who happen to be the internet whipping boy of the moment. It is to look at the broader issue of when enough is enough when it comes to the kind of “permissionless innovation” and avoidance of regulation that the Silicon Valley platforms have foisted on us all in the name of progress.
“It is better to beg for forgiveness than to ask for permission” has been the Silicon Valley mantra for some time. This has been demonstrated vividly by Facebook’s persistent reluctance to respect the reasonable expectations of its users with regard to the use of their personal data. Another example is Google’s digitization of literary works without so much as asking for–let alone receiving–permission from their authors and its practice of vacuuming up of thousands of pages of novels (without permission of course) to feed its Artificial Intelligence (AI) machine. But this is starting to change. It hasn’t been a great couple of weeks for the “Don’t Be Evil” company. In late March a US federal appeals court ruled that Google’s use of Oracle’s APIs (application programming interfaces) to develop Android was not “fair use” and directed the district court to set damages. This case has been running for eight years. At first Google argued that APIs are not subject to copyright. It lost. Then it argued that its appropriation of the APIs was “fair use”. Predictably, the Electronic Frontier Foundation (EFF) weighed in to support Google. But the use was not fair. Next argument?
Meanwhile, Google’s latest gambit to do an end run on a decision by the Supreme Court of Canada has failed. The Supreme Court had upheld a lower court ruling requiring Google to delist from its global search results references to a rogue Canadian company that is the subject of an injunction in British Columbia (B.C) for intellectual property infringement. A thorough discussion of this decision can be found here. Having lost at the B.C. Court of Appeal and at the Supreme Court of Canada, Google brought an uncontested case before the US District Court of Northern California seeking an injunction to render the Canadian decision unenforceable in the United States.
The real issue was whether, by complying with the Canadian order, Google would be violating US law. The California court issued a temporary injunction blocking the application of the Canadian order in the US, but did so because Google sought an exemption on the basis that it was an internet service provider, not a publisher, and was therefore not responsible (under US law—the Communications Decency Act) for third-party material.
As I pointed out in an earlier post on this issue, while Google was able to establish that it was not required to enforce the Canadian injunction in the US, had it done so it is hard to imagine what US law it would have violated. Google has no legal obligation to index any particular website, so equally to de-index a website would not seem to violate any law, in the US or elsewhere. (The exception would be if a blocked site obtained a US court order requiring that it be listed). This conclusion is also what the judge in B.C. found when Google went back in an attempt to get the original decision quashed, arguing that if it complied with the Canadian order it would be in violation of US law. Not so, said Mr. Justice Smith, stating that, “The U.S. decision does not establish that the injunction requires Google to violate American law”. He also addressed a number of other issues in rejecting Google’ application to dismiss the injunction, but the essence is that Google is subject to the law of Canada in Canada. This it doesn’t like. The Google/Equustek case is not one of permissionless innovation, but is still an example of a large internet intermediary taking the position that it can do as it damned well pleases because, after all, it operates in multiple jurisdictions—in fact it operates in cyberspace, where, according to some, normal regulatory practices and laws shouldn’t apply or we will “stifle innovation”.
Along with permissionless innovation, this “I can’t comply because I am everywhere” dodge is getting short shrift these days. Equustek is not the only case where Google is facing challenges that involve national jurisdictions seeking to exercise their regulatory authority broadly. A case involving Europe’s 2014 “Right to be Forgotten” directive is now before the European Court of Justice (CJEU). The French regulator, the Commission Nationale de l’Informatique et des Libertés (CNIL) wants Google to implement the Commission’s “right to be forgotten” decisions globally. Google was fined in France for refusing to implement CNIL’s privacy ruling across all its domains. Google appealed and now the European Court will decide. Meanwhile Google has lost a “right to be forgotten” case in the UK, where it declined to accede to demands by a British businessman that references to his ten year old judgement (for illegally intercepting communications) be delisted. What happens if the UK court decides that this decision should be enforced globally?
One innovation that Google has instituted is to tweak its geolocation system. Whereas previously users in, say Canada for example, could bypass Google’s national domain Google.ca by selecting Google.com or Google.co.uk, now Google has modified its search engine so that it delivers search results based by default on the user’s location as identified by the IP address, regardless of the Google URL the user enters. That will help Google limit search results for users in specific national jurisdictions unless the searcher tricks the system through use of proxy servers or other means. This may go some way to addressing Google’s dilemma which is rapidly morphing from a bad dream into a real nightmare.
Another issue facing Google is the impact of its algorithms. The excuse of “it’s not my fault; blame the algorithm”, also won’t fly anymore. Google’s algorithms are the “secret sauce” that differentiates it from its competitors, and the dominance of Google is proof of the effectiveness of its search formulae. But scooping up every bit of information and interpreting what people want (or what Google thinks they want) through an algorithm has its downsides. A German court has found that Google cannot hide behind its algorithms when it comes to producing perverse search results. The case in question produced results that linked a German man who had served time in preventive custody (for non-sex related reasons) with the category of “incurable sex offender”. Every time “incurable sex offender” was “googled”, his name came up. In Canada, investigative journalists working for the Ottawa Citizen found that Google’s search engine outed the names of young offenders or young victims, the publication of whose identity had been ordered withheld by the Court, even though these names had never been published in any news outlet, online or offline. Bing and Yahoo did not provide similar results. One guess is that the scraping of social media data by Google’s algorithms, and the use of similar search terms in news outlets and social media, has led to the inadvertent linkages. AI is great, until it isn’t, and there is no doubt that regulators will start to look at legal issues surrounding AI. Companies like Google and Facebook will not be able to duck their responsibility just because results that are potentially illegal are produced by algorithms or AI.
One area where human judgement is very much involved is in the placing of ads, although Youtube and others are quick to blame automated programs when legitimate ads appear alongside questionable or illegal content. Platforms have no obligation to accept ads as long as they don’t engage in non-competitive trade practices (as Google did when it manipulated its search results to favour its own comparison shopping services and was, as a result, fined almost $3 billion by EU regulators). Google’s right to refuse ads was upheld in a recent case in the US where a producer of honey who claimed its product had miraculous anti-cancer qualities sued to force Google to run its ads after the search engine refused to do so, on the basis of its pharmaceutical advertisement policy. Google has already learned its lesson on pharmaceutical products the hard way, having been fined $500 million in 2011 for running ads on its Adwords service from unlicenced Canadian online pharmacies illegally (according to US law) selling prescriptions to US consumers.
Google is a deep-pocketed corporation but it seems to have got the message when it comes to pharmaceuticals. What galls me is that if Google can remove Adwords placements promoting illegal drug products, why, when I google “watch pirated movies”, do I get an Adwords listing on page 1 of search that says “Watch HD Free Full Movies Online”. It is one thing to link to websites that provide pirated content (which Google obligingly serves up) but it takes it even one step further when Google actually promotes the watching of pirated films through its Adwords feature.
Money talks and it seems the only way to get Google’s attention is to hit it in the pocketbook.
At the end of the day whether it is Google, Facebook, Amazon, or any other major internet intermediary, the old wheeze that respect for privacy, respect for copyright and just plain old respect for the law in general gets in the way of innovation is being increasingly shown to be a threadbare argument. What is interesting is that many cyber-libertarians who oppose any attempt to impose copyright obligations and publishing liability on internet platforms are suddenly starting to get nervous about misuse of data by these same platforms when it comes to privacy. Canadian anti-copyright activist Michael Geist has written, as part of a series on “Data Governance in the Digital Age” produced by the Centre for Governance Innovation (CIGI) at the University of Waterloo, that modern trade agreements with their E-Commerce chapters that constrain data localization requirements and eliminate any restrictions on data flows may be getting ahead of the need for national regulation to protect data privacy or national security. Geist concedes that retaining scope for such regulation goes against,
“the competing policy goal of support for open networks and the free flow of data”, but adds, “ yet the headlong rush to conclude e-commerce or digital trade chapters in modern trade agreements suggests that the policy flexibility has narrowed considerably, with countries bound by policy limitations that they have barely begun to understand.”
This is a remarkable revelation for someone who has not only advocated that Canada adopt in NAFTA the overly-broad US safe harbour provisions found in the Communications Decency Act, a provision that has been widely abused in the US by internet intermediaries as a way of ducking any responsibility for the content they make available, but who has consistently crusaded against any strengthening of copyright laws that might impose greater obligations on internet platforms. If it is wise to leave policy-makers with options to be able to deal with future privacy concerns, among other digital issues, it is equally important not to be boxed in to a safe harbour regime that was designed in the mid-1990s and no longer meets the needs of 2018. While there is an inconsistency to Michael Geist’s position, even he recognizes the need for appropriate degrees of regulation—at least in the area of data—on internet intermediaries.
Mark Zuckerberg and Facebook have actually done a service to the proponents of reasonable internet regulation. Through Facebook’s repeated failure to police itself and live up to its promises, it has poured oil on a smouldering fire, causing it to catch flame. As the twenty-year run of permissionless innovation and avoidance of regulation, including respect for copyright, comes to an end, the internet giants who have filled the space between the creators of content and consumers are finally facing a new reality. That reality will require a much greater degree of respect for other stakeholders, including creators, consumers and regulators. It’s high time this happened.
© Hugh Stephens 2018. All Rights Reserved.
This article first appeared on Hugh Stephens Blog.