Written evidence submission from Carnegie UK Trust (DTD0010)
CARNEGIE UK TRUST
Submission to International Trade Committee Call for Evidence on Digital Trade and Data
- We welcome the Committee’s inquiry into this topic. Our primary area of interest is in the intersection between the intentions set out in the Government’s proposals to regulate Online Harms (in the forthcoming “Online Safety Bill”) and its ongoing (but unseen) negotiations with future trade partners, particularly the US.
- Our interest is shared with Baroness Kidron and many of her fellow Peers, who recently pressured the Government into introducing an amendment to the Trade Bill to protect children’s rights online and to remove any negotiations on this from continuity trade deals. Baroness Kidron, like us, is aware that the US has previously inserted Section 230 protections into its trade deals with, among others, Canada, Japan and Korea – thus limiting the ability for those countries to regulate online platforms or introduce online safety measures within their own jurisdiction.
- While the Government’s amendment to the Trade Bill is a positive move to prevent such consequences here, it is limited to children’s rights. There are many other vulnerable groups, such as victims of revenge porn and (adult) victims of sex trafficking who would not be protected. We have yet to digest the detail and implications of this for wider online harms policy. This submission however sets out the arguments we have previously put to DCMS Ministers and others in relation to the potential risks to the online harms protection here in the UK as a result of the UK/US trade bill.
Background to our work
- In early 2018, Professor Lorna Woods (Professor of Internet Law at the University of Essex and member of the Human Rights Centre there) and former civil servant William Perrin started work to develop a model to reduce online harms through a statutory duty of care, enforced by a regulator. The proposals were published in a series of blogs and publications for Carnegie and developed further in evidence to Parliamentary Committees[1]. In April 2019, the government’s Online Harms White Paper[2] proposed a statutory duty of care enforced by a regulator in a variant of the Carnegie model and we welcome the fact that the final response to the White Paper consultation (published on 15th December[3]) continues to draw on our work, though we need to analyse the detail of that further. In December 2019, we published a draft bill[4] to implement a statutory duty of care regime, based upon our full policy document of the previous April[5]. Professor Woods also published a comprehensive paper on the statutory duty of care and fundamental freedoms, including freedom of expression.
Online Harms and the UK/US Trade Deal
- Government ministers – including the Secretary of State for International Trade and the DCMS Lords Minister – have repeatedly told Parliament that their Online Harms commitments (to introduce a statutory duty of care, enforced by an independent regulator) will not be affected by the UK-US Trade Deal. However, there is still a chance of the US tabling a similar approach to that in the USMCA and other trade deals. This note explains our thinking around the implications on this.
- The US Trade Representative’s opening position was that they sought limited intermediary liability:
‘subject to the Parties’ rights to adopt non-discriminatory measures for legitimate public policy objectives or that are necessary to protect public morals.’ [6]
- Since then, a developing policy discussion in the US has emerged on reforming the American approach to intermediary liability as set out in S230 of the Communications Decency Act: a debate that has increased in intensity in the run-up to, and since, the events at the Capitol on 6th January.
Liability of intermediaries
- The UK has an effective, proven intermediary liability regime under which American companies trading in the UK have been operating for over 15 years. We are not aware of widespread industry calls to change it. Should the US table a new regime – say, along the lines of the United States, Mexico, Canada (USMCA) trade agreement – it will need to set out in detail why the current regime no longer works for its companies. Given the above, it is hard to see a rational basis for that.
- While both the UK intermediary regime and the US approach provide immunity, there is a key difference: the UK regime expects intermediaries, when on notice of unlawful content, to take that content down or lose the immunity. This approach balances the responsibilities of the platforms and the different rights of both speaker and victim. There is no such condition in the US regime and therefore no incentive to the companies to take content down even when that content has been proven to be unlawful – even for terrorist content[7] or (until the passing of FOSTA-CESTA) sexual abuse of children. The US approach does include a ‘good Samaritan’ clause, so that if platforms do moderate content they do not lose immunity for it (this does not require them to do so).
- The effect of the two elements of s. 230 is as the then US Attorney General noted late last year, to:
‘enable [..] platforms to absolve themselves completely of responsibility for policing their platforms, while blocking or removing third-party speech – including political speech – selectively, and with impunity.[8]
- The Australian eSafety Commissioner Julie Inman-Grant describes[9] the American regime:
‘Some of the worst terrorist and child sex abuse and revenge porn sites in the world are hosted in the US… They don't have a regulatory structure or government agency to go after these sites.’
- Changing the regime to s S230 approach would be handing an advantage to American companies over UK ones and would disadvantage UK citizens and consumers who would be entitled to lesser protection.
- Such a shift might also disadvantage UK IP based industries such as music, video games etc. A USMC TA approach (which is different from the s230 approach but applies only to copyright, and provides for takedown notices) in the UK could remove the take down requirement of the e-Commerce Directive and replace it with an s230 requirement. Meanwhile, American platforms in the US would be covered by the Digital Millennium Copyright Act (which by contrast to the CDA contains a takedown obligation and is a stronger regime) but it isn’t clear if the UK government could impose a similar requirement on US platforms in respect of copyright holders based in the UK.
Certainty
- The UK government would of course consider the substantial regulatory uncertainty that would be introduced in switching to a new regime. If the UK were to move to an American-style regime there would be uncertainty about the compatibility of statutory duty of care with the First Amendment to the US Constitution as well as a ‘statutory’ duty of care being a novel instrument in American law[10]. The immediate reaction of a party would be to litigate to establish whether a statutory duty can operate at all with a S230 approach and seek to introduce First Amendment issues. Such litigation would take years to conclude, undermining the regime. We note that the largest American companies in this sector have around $200 billion cash at hand and thus long pockets for litigation purposes.
Dispute resolution mechanism
- OFCOM has been named by the Government as the online harms regulator, which we welcome. It has a long track record of taking effective, timely regulatory decisions that allow markets to function and take account of fundamental rights. OFCOM has an appeals process adjusted by the David Cameron administration in the Digital Economy Act to allow it to move swiftly. Litigation around a trade deal of the type we refer to above would forestall smooth commencement of a regime and make the dispute resolution mechanism an appellate body for the regulator in all but name. This would affect law enforcement’s ability to protect children and the day to day business of the UK’s intellectual property industry. This would run contrary to the general thrust of the government’s approach elsewhere to prevent court-like processes interfering with the will of Parliament and the executive.
US policy changes
- The US is gripped in a debate about the future of S230 symbolised by the Barr letter of 22 September. President Biden has previously signalled the need for S230 reform:
‘Section 230 should be revoked, immediately should be revoked, number one’
- Senator Kamala Harris, when California Attorney General in 2016, lost a hard-fought anti-sex-trafficking case[11] where S230 and the First Amendment were cited by the judge in dismissing California’s suit against Backpage.com. After losing the Backpage.com case, Harris said that
‘The Communications Decency Act was not meant to be a shield from criminal prosecution for perpetrators of online brothels.’ [12]
- Locking a version of S230 in a USMCA-like trade deal would ill-serve the UK. A UK/US deal would then become a time warp with either UK businesses or consumer – or both – potentially losing out. A pragmatic and uncontentious outcome would be for both parties to acknowledge that the other already had adequate intermediary liability regimes.
Information needed for regulation – disclosure of source code etc
- The ability of the regulator to request information from social media companies will be central to effective regulation. We note that Sections 135-137 of the Communications Act 2003 amended by the Digital Economy Act 2017 allows OFCOM a wide range of powers to request information from regulated bodies. This is an important tool in making OFCOM an effective regulator. It gives OFCOM more discretion and faster route to action than the ICO has under the Data Protection Act 2017.
- Regulatory certainty for companies is best served by swift action rather than allowing large players to spin even the simplest steps out in the courts for months. In our opinion the balance struck by OFCOM is the right one and the online harms regime should extend the existing powers to request information to the new areas of regulation. We took this approach in draft Bill we published (clause 6(1)).
- The UK’s proposal to the EU on data commendably retains the ability of regulators in general to request information about algorithms. We note that the US negotiating objectives include a desire to
‘establish rules to prevent governments from mandating the disclosure of computer source code of algorithms.’
- This seeks to bring algorithms into a secret realm of their own given more protection than trade secrets in other regulatory regimes. There is no evidenced basis for such a step: intellectual property and a normal approach to trade secrets in regulation should apply. A safety regulator should expect to have explained to them how something is done to assess the management of risk and to hold this in confidence if it is a trade secret. In negotiation terms it appears simply to be a speculative attempt to extend protections for US social media companies at the expense of effective regulation on behalf of UK citizens - a legitimate public policy interest and serving the protection of public morals.
- A pragmatic outcome would be for both parties to acknowledge that there are legitimate public policy interests and protection of public morals in the disclosure of algorithms in a lawful regulatory process.
- Given the secrecy of the trade deal process and the many moving parts in relation to US policy at present, as the Biden administration settles in, the above assessment is very much our best guess at some of the issues. We hope it is helpful to the Committee in formulating its lines of inquiry with Government Ministers during the course of its work and would be happy to discuss further with Committee members.
Comprehensive and Progressive Agreement for Trans-Pacific Partnership
- The CTPP contains an Investor State Dispute Mechanism which has the potential to create regulatory hazard should the UK regulator take actions to disrupt a social network companies business in the UK (a ‘worst case’ measure envisaged in the UK government’s policy proposals).
- At the time of writing, we have not been able to consider how this operates or whether it presents the sort of threat we outline above in the hypothetical UK/USA agreement – that companies with deep pockets could use Investor-State Dispute Systems that allow companies to seek compensation for changes in the law to undermine confidence in the regulation of a fast-moving sector. We note that the ISDS has been circumscribed by some signatories but the opacity chosen by the UK government does not help us to understand whether UK negotiators are seeking such a work around for the UK’s online safety proposals.
February 2021
February 2021
[1] Our work can be found here: https://www.carnegieuktrust.org.uk/project/harm-reduction-in-social-media/
[2] https://www.gov.uk/government/consultations/online-harms-white-paper
[3] https://www.gov.uk/government/consultations/online-harms-white-paper/online-harms-white-paper
[4] https://www.carnegieuktrust.org.uk/publications/draft-online-harm-bill/
[5] https://d1ssu070pg2v9i.cloudfront.net/pex/carnegie_uk_trust/2019/04/08091652/Online-harm-reduction-a-statutory-duty-of-care-and-regulator.pdf
[6] Office of the United States Trade Representative, United States-United Kingdom Negotiations: Summary of Specific Negotiating Objectives (February 2019)
[7] Force v. Facebook, Inc., 934 F.3d 53 (2nd Cir. 2019), available: https://law.justia.com/cases/federal/appellate-courts/ca2/18-397/18-397-2019-07-31.html
See also Citron, Danielle Keats and Wittes, Benjamin (op cit) ‘Federal law allows civil and criminal penalties for providing material support—including anything of value—to designated foreign terrorist groups. Yet numerous designated terrorist groups, including Hamas, Hezbollah, the PKK, and Lakshar-e-Taiba, openly maintained an online presence on well-known social media services, including Facebook and Twitter; several of those accounts were suspended after publication of the corresponding article. Yet because of Section 230’s immunity provision, efforts to hold social media companies responsible under the civil provisions of the federal material support statute have consistently failed.’
[8] https://www.justice.gov/opa/speech/attorney-general-william-p-barr-delivers-remarks-national-association-attorneys-general
[9] Interview - Sidney Morning Herald August 18, 2020
[10] See the Wall Street Journal analysis by Parmy Olson: https://www.wsj.com/articles/policing-cyberspace-like-a-public-place-11576864098
[11] ‘After Backpage.com Case Dismissed, Anti-Trafficking Advocates Look to Next Battle’, Newsweek (12 December 2016) Available at: https://www.newsweek.com/backpage-sex-trafficking-case-ferrer-harris-531187
[12] Permanent subcommittee on investigations: backpage.com’s knowing facilitation of online sex trafficking’ 2017 staff report. Scholars of the case set out that: Under the prevailing interpretation of 47 U.S.C. § 230 (“Section 230”) of the CDA, however, Backpage would be immune from liability connected to sex trafficking even though it proactively helped sex traffickers from getting caught.” Citron, Danielle Keats and Wittes, Benjamin, The Problem Isn't Just Backpage: Revising Section 230 Immunity (July 23, 2018). 2 Georgetown Law Technology Review 453 (2018), U of Maryland Legal Studies Research Paper No. 2018-22, Available at SSRN: https://ssrn.com/abstract=3218521