Internet Way of Networking Strengthening the Internet

Mapping Intermediary Liability in Latin America

Thanks to our Chapters in Latin America, we now have a clearer map of the intermediary liability regulatory landscape across the region.

Intermediary liability answers the question, “Should Internet intermediaries (ISPs, web hosting and cloud services, social media platforms, etc.)  be liable for content posted or for actions performed by others, such as, for example, their users?”

The success of the Internet depends on intermediary liability regimes that protect Internet providers – by ensuring responsibility for user behavior is on the users themselves, not on the intermediaries upon which they rely (both at the infrastructure and content layers).

The way legal frameworks deal with intermediary liability around the world can impact the Internet way of networking in different ways.

In some countries, intermediary liability legislation is well known: the 1996 US Communications Decency Act (Section 230) and the Brazilian Internet Bill of Rights, for example. But in much of the world it is covered by other more general-purpose regulations, such as tort law, consumer protection law, and child protection law.

We asked our local community to help us map and monitor the current regimes that apply to Internet intermediaries in their countries, so that our work can ensure that policies and regulations related to the matter keep supporting a healthy foundation for the Internet.

The questionnaire we developed in partnership with Chapter leaders was responded to by people from 18 Latin American countries.[1] The responses generated country profiles with detailed descriptions of rules and regulations that can affect intermediary liability in Bolivia, Brazil, Colombia, Chile, the Dominican Republic, Ecuador, Mexico, and Venezuela.

The country profiles provide an up-to-date snapshot of the complex regulatory landscape. The majority of countries still rely on general administrative, civil, and criminal norms that apply more or less uniformly to Internet intermediaries.

Copyright regimes and editorial liability are commonly applied, even if they predate the Internet age. General telecommunications regulations can also comprise rules that apply to Internet intermediaries. Chile is a highlight due to its longstanding network neutrality rules, which impose penalties for intermediaries who interfere with the free flow of data at the infrastructure level.

Brazil is the only country among those listed above that has a specialized intermediary liability regime designed for Internet access providers and Internet application providers. The “Marco Civil” establishes exemptions to providers’ liability in relation to third-party content. Access providers are always exempt from liability for user content and behavior.

Our  mapping exercise is still underway. More country profiles produced by LAC Chapter members are expected for the upcoming months.

The process went beyond gathering up-to-date information. It has also helped us identify people who can promote and defend the importance of strong intermediary liability regimes for the Internet Way of Networking project in support of future community engagement and advocacy.

Based on what we have accomplished so far, we had some ideas on how the Internet Society can keep growing its knowledge base on intermediary liability – with the help of its global community. This could include:

  • Country or Chapter-level working groups to review and expand individual country profiles
  • Additional training and work to inspire and collaborate with other Chapters in the region
  • Additional activities and resources around the topic of intermediary liability
  • Replication of the process in other regions
  • Leveraging our community to serve as a valuable source of input to other mapping exercises, such as the World Intermediary Liability Map

Learn more about the Internet Way of Networking!

We would like to thank the following people for having committed their time and knowledge to help us with this collaborative effort: Roberto Zambrana Flores; Félix Fabian Espinoza Valencia; Flávio R. Wagner; Giovanna Michelato; Lorena Donoso Abarca; German M Fajardo Muriel; César Moliné; Alejandro Pisanty; Viviana Da Silva. Additionally, Nancy Quiros and Christian O’Flaherty contributed to this article.

We would also like to thank these people for their contributions: Graciela Mariani; Hector Ariel Manoff; José Ignacio Alvarez-Hamelin; R  Danton Nunes; Eric Alexander – Venturas; Jorge Augusto Ottoni Nobre de Oliveira; Leonardo Lins;   Miguel Medina; Willy Maurer; Mauricio Alarcón Salvador; Kelvin Atiencia; Ethel Monge de Kuri; Yesenia Granillo; Fernando Manuel Morales Rodas; Jose Anibal Silva de los Angeles; Ernesto Pineda; Sandy Karyna Palma Rodríguez;  Ana Laura Leon; Francisco Javier Huerta Gijón; Simon Perez C.; Haydee Almiron; Dra. Dámaris Mercado Martínez; Alicia Castillo; Eduardo Tomé and Jan Alvarado.

[1] Argentina, Bolívia, Brasil, Chile, Colombia, Costa Rica, Ecuador, El Salvador, Guatemala, Honduras, Mexico, Panama, Paraguay, Peru, Puerto Rico, República Dominicana, Uruguay, Venezuela.

Image by delfi de la Rua via Unsplash

Internet Way of Networking Strengthening the Internet

Playing Politics with Section 230 Makes the Internet Weaker, Not Stronger

This opinion piece was originally published in The Hill.

Thursday the president of the United States signed an executive order that aims to address the liability regime of social media companies. A wide variety of reports have highlighted the problems with this move, but there is one problem that we find especially troubling: the danger of politicizing what is fundamentally a legal debate around party lines.

The president needs to stay out of this debate.

The Internet and politics have always had an awkward relationship. There have been numerous attempts to bring the Internet into mainstream politics over the years, most of which have been unsuccessful. The main reason is that the Internet is not a static “thing,” but a model for how networks and computers can interconnect through voluntary collaboration. A key characteristic of this model is that it’s decentralized, which means it doesn’t have a central point of control that dictates how the Internet should evolve. There is no switch that one can turn on and off, and as soon as policymakers or regulators try to impose one they inevitably chip away at the Internet itself. This characteristic has always been its most powerful asset, and the reason it has been an infinite source of innovation and growth – from the Web to ever-evolving smart devices, homes, etc. This lack of central control is a feature of the Internet, not a bug!

Trump’s Social Media Executive Order: Legal, Ethical, Smart?
In the wake of the United States Executive Order on Preventing Online Censorship, the Internet Society will host a virtual event focused on the broader issue of intermediary liability. Join experts as they discuss what it means for the future of speech and platforms online. Register for the event, which takes place Tuesday, June 9th at 1400 ET!

Most of the early legal frameworks that have been implemented in the Internet reflect this apolitical premise, albeit at different levels and to different degrees. But there is really no other law that does this as gracefully as Section 230 of the Communications Decency Act in the United States, which undergirds “intermediary liability” online.

Online intermediary liability protection first emerged in the United States in 1995 as a policy discussion regarding the scope of responsibility intermediaries should have. At the time, there was no Facebook or Twitter, so the law was aimed at services like CompuServe, Prodigy, and AOL. However, it set the tone for all future services and would later be exported to the world as one of the most positive Internet legal developments. The question was simple: should intermediaries be liable for content posted using their services or for actions performed by third parties, i.e. their users?

This question would fundamentally shape the future of the Internet. It discouraged attempts of centralized control because it did not force providers to perform functions they were never originally supposed to do. Similar to how telecommunications services are not responsible for the things phone users say over the phone, it was clear that online intermediaries and service providers would need similar commonsense restrictions on what they could be liable for.

Immunity from liability ensures a level playing field and provides autonomy to a diverse set of actors to perform their intended functions. In this context, Section 230 provided predictability in the Internet’s highly unpredictable environment. No one can predict the next innovation; the Internet is designed this way. The Internet’s highly unpredictable environment can only unfold to its full potential if it operates within a legal framework that is obvious in its intention and unsurprising in its outcomes. Section 230 does this. Politicizing it would reverse years of such predictability and could place the Internet’s future potential in jeopardy.

With this in mind, one can see how the executive order is problematic, setting in motion a dangerous precedent both for the Internet and speech. The problem is that a lot of the provisions in this order appear to be what Stanford’s Director of Intermediary Liability, Daphne Keller, calls “atmospheric” – politically driven questions that should not be part of the legal debate related to the scope of intermediary liability protections. They constitute a distraction, which could cause a series of unintended consequences for the evolution of the Internet.

While conversations about the evolving scope of Section 230 are healthy, they should not be based on fashionable political motivations. Section 230 has a historical track record of promoting innovation and creativity online. By separating it from partisan politics, we can ensure that these benefits are retained.

Image by Leon Seibert via Unsplash

Internet Way of Networking Strengthening the Internet

Discussion Paper Now Available about the New-IP Proposal

In the run up to the ITU World Telecommunication Standardization Assembly (WTSA-20) later this year there has been some discussion about a proposal called the “New IP.” It is positioned as a top-down architecture to solve a number of use cases that are currently been developed in the ITU-T’s Future Network 2030 Focus Group.

The Internet Society is carefully following the developments in the run-up to WTSA-20. We are trying to understand if and how the New IP works with the Internet as we know it, if it actually solves problems that cannot be solved in the Internet, and, if the ITU-T is developing standards, where other standards development organizations (SDOs) have change control.

In order to get a sense of the environment we commissioned a discussion paper, “An analysis of the ‘New IP’ proposal to the ITU-T.” The paper helps inform us and the broader community whilst the public debate around these proposals shapes up. It also aims to inform and shape the discussion from the Internet’s Society’s perspective. Eventually the debate around it will inform our position and the potential further evolution of the discussion paper itself.

We would like to thank Chip Sharp for authoring the paper, with input from a set of experts from and close to the Internet Society.

We welcome any feedback on “An analysis of the “New IP” proposal to the ITU-T”. Contact the authors directly using or join the discussion papers list, which is public and archived.

Update: Richard Li has posted a response to this paper.

About Internet Society Internet Way of Networking Strengthening the Internet

What Does a Global Pandemic Mean for the Internet?

This interview was originally published in

The Internet has long been a connector beyond the physical. Now, it’s the only reason people are able to see their faraway loved ones and complete remote projects with their coworkers amid pandemic-prompted social distancing. It’s a great moment for the technology — and for hackers.

Reston, Virginia-based Internet Society is an advocacy organization that, in its words, promotes “the development of the Internet as a global technical infrastructure, a resource to enrich people’s lives, and a force for good in society.”

Katie Jordan, a resident of Philadelphia’s Graduate Hospital neighborhood, joined the team in 2018 after serving as a policy and program manager at Next Century Cities where she worked with emerging tech issues. As Internet Society’s senior policy manager, Jordan develops and advocates for policy related to Internet access and security.

She talked to about what the Internet Society is focusing on now and if COVID-19 is going to change the way we use the Internet. What does Internet Society do when there’s not a pandemic, and how has your work shifted recently?

Jordan: It’s made everything feel more urgent. We’re not doing anything different right now. We’re just doing a lot more of it as quickly as we possibly can.

I think anyone who didn’t understand just how important the Internet is has to understand it now. It’s absolutely critical for every person to be online when there’s no other option to connect with people. We hear people being told they have to work from home, but they don’t have Internet access at home. A huge part of my work now is with policy makers to see what we can do and also working with community members to see how we can get equipment to them to actually put together networks in their own homes.

As critical services send their employees home, it is essential that they have a secure way to communicate. We’re still continuing with some of our academic research on finding the things that build the Internet up and the kinds of policies that can continue its growth long-term.

How is the pandemic changing the way people use the Internet? Is the Internet itself being changed?

We’re seeing a lot more people use it in innovative ways. From a work and a personal perspective, we’ve always had tools like FaceTime and video chat but now people are realizing how useful those tools can be. I hope the Internet will change in that people will come to understand how urgent the need for access and secured technologies are. We’re seeing companies having to stand up and say, “not only are these services available but they’re available in a secure way.”

I hope policy makers use funds for broadband infrastructure. There’s some band-aid fixes going on. Some communities can use those band-aids, but if you put together these networks using that temporary fix, what happens 60 days from now? It’s not really clear. I hope it will be easier for communities to get access to that infrastructure.

How is the Internet able to handle all of this traffic?

From the very beginning when COVID-19 concerns started to be raised, network engineers started to figure out what they could do to their networks to make sure they didn’t fall through.

When we talk about the Internet, I think some people are thinking about NetflixFacebook and Google. The way a platform is able to handle increased traffic is different from the way the infrastructure can handle it. We’ve been trying to explain that Netflix, for example, has been overwhelmed with how much traffic they’re getting and they’re taking measures to make sure they’re still able to deliver content. That’s not an impact of the underlying networks. While those networks are seeing big increases in traffic, it’s not anything they can’t handle.

From the very beginning when COVID-19 concerns started to be raised, network engineers started to figure out what they could do to their networks to make sure they didn’t fall through. So from an infrastructure perspective, I think we’re in a good position.

What are the biggest threats to cybersecurity in this moment?

The biggest threat to cybersecurity is that so many people are going home and using platforms and services they don’t understand the implications of. If you work in a government office, in finance or you’re dealing with people’s personal information, there’s a massive risk that individuals who don’t understand the security could start sending things in insecure ways that open us up to a future attack.

One of the things we’ve been speaking to people in those critical positions about is the need to invest time in end-to-end encrypted services. That’s the best way we have right now to make sure everyone’s information stays safe. My biggest worry is people relying on a service. Is it protected? Maybe we don’t feel that now, but three months or six months if there’s a breach on a service that wasn’t encrypted, we could have huge problems for public safety.

Have there been examples of new, bigger cyber attacks since the pandemic started?

We know there’s a lot more phishing attacks where people are sending emails or texts that look like they’re an official alert about the response to COVID-19. In actuality, they are malware. It’s on the rise, and I don’t think it’s going to slow down by any means. No matter who you are or where you are, when you see a link, your first thought [should be], “Is this real or is this something malicious?”

How should people balance the importance of cybersecurity with the importance for privacy?

I think they go hand in hand in a lot of ways. If you’re using an end-to-end encrypted service, then you’re protecting your privacy more because there’s no way for an intermediary to get access to things you’re doing. For example, we use iMessageWhatsApp and things like that. Those protect your privacy. If you’re using iMessage, only the person you sent that message to can see it so your privacy is more protected.

Any other trends you’re noticing?

We’re all learning together. The fundamental need for interaction is much more apparent. That’s what the Internet does. It connects us and helps us communicate. People are getting creative with they ways they’re communicating. I hope we continue to rely on it for daily communication and experiences. It took this moment for everyone to collectively realize just how important it is to keep up connections and find interesting ways to communicate when you can’t be physically together.

Internet Way of Networking Strengthening the Internet

Intermediary Liability: The Hidden Gem

There is a law in the United States that consists of twenty-six words: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Otherwise known as Section 230 of the Communications Decency Act (CDA), it has been characterized as the law that “created the Internet.”

Only part of this statement is true. Section 230 did not actually create the Internet because the Internet was created through the collaboration of a diverse set of people around the world. What is true, however, is that the intermediary liability regime has undergirded the Internet as we know it. It has been responsible for three primary features of the Internet:

  • It has created certainty and predictability: intermediary liability rules have allowed Internet providers (both infrastructure and content) to design compliance strategies based on a limited set of laws and their Terms of Service (ToS). Because of intermediary liability, companies can design businesses that suit their needs.
  • It has created good Internet citizens: intermediary liability rules have ensured that the burden of determining whether a business is going to speak in a particular way is placed with that business.
  • It has put the responsibility for content where it belongs: it has affirmed that compliance with different types of laws that regulate content belongs to whoever produces the content and not those who host it.

The history of intermediary liability is as important as is the way the law has evolved over the years. In the early days of the Internet, the trend was that less regulation was better. However, by 1995, it looked like we were moving towards an Internet environment where either user speech would be hugely censored or companies would operate under an unpredictable framework of liability. The historical rule that emerged as part of this legal conundrum was captured in a simple, yet profound, thought: users should be able to put up whatever they wish on the Internet and the companies hosting their speech should be able to remove whatever they do not like.

Intermediary liability has a rich history of respecting the diversity of Internet companies and in setting the expectations about their roles and responsibilities; in doing so, the law captures much of what the Internet is all about. It is one of the first laws, if not the first, that acknowledged much of the Internet’s early design choices, specifically that the function of the core is dumb and, therefore, infrastructure providers (ISPs, IXPs, CDNs, Domain Name Registries, Domain Name Registrars, etc.) are not meant to monitor content. This understanding became the catalyst for a massive wave of innovative companies and business models. In fact, studies have shown that weakened intermediary liability protection is detrimental to economic prosperity and growth.

However, a lot has changed since 1995. Today’s Internet companies are bigger, engaged in more activities and offering more services. The Internet itself has also changed. It is no longer a technology separated by discernible layers, but a web of dependencies with an increasing number of players, both old and new. Despite so much change, the value of intermediary liability protection has not diminished.

The value the intermediary liability regime provides, is how it acts as a functional tool in a network system. This is mainly done in two ways: first by determining the scope of action and/or inaction an Internet company is expected to take when regulating misconduct (the behavior function); and second, by allowing the application of different liability standards depending on where in the Internet stack a company operates (the normative function). So, although we refer to Facebook, Google, and Amazon as the success stories of intermediary liability, we tend to underestimate what intermediary liability means for Internet infrastructure providers.

The Internet is a complex system and early design choices have set the boundaries on the ability of intermediaries to control information, services and applications. Architecture is an essential feature of the Internet’s evolution, innovation, and low-entry costs. If the Internet’s features – interoperability, generativity, end-to-end, among others – are to be preserved, then any intermediary liability framework needs to reflect the Internet’s architecture rather than interfere with it. This means that an intermediary liability regime needs to be “technology-aware” in the sense of fully grasping the Internet’s architecture and, “technology-neutral” in the sense of not requiring any special technology for the fulfillment of its rules.

Why does this matter to the future of the Internet? For the core features of the Internet to remain intact, any potential change to the intermediary liability regime has to continue to provide the same level of protection the original law provided to infrastructure providers. Infrastructure providers, who merely provide a technical service of transferring and/or hosting data and have come to expect to be treated as dumb pipes, know that it is not within their mandate to either have to detect or block objectionable and/or illegal content.

How governments decide to address intermediary liability in the near future is critical for users and for the Internet. There are plenty of opportunities to get this right and there are plenty of opportunities to get it wrong. The right way involves conscious choices that respect the limits, scope, diversity, and functional abilities of intermediaries. This means that the breadth of limitations for infrastructure providers enshrined in the normative and legislative framework of the original law should not change.

Learn more about the Internet way of networking.

Internet Way of Networking Strengthening the Internet

Canada’s Innovative Future Relies on Upholding Core Properties of the Capital ‘I’ Internet

As Canada considers how to renew its broadcasting and telecommunications regulatory regime, it should steer clear of recent recommendations that would impact key Internet properties that foster Canadian innovation online.

On Jan. 29 the Broadcasting and Telecommunications Legislative Review (BTLR) panel handed the Canadian government 97 recommendations to consider as it prepares new legislation to update the decades-old Telecommunications Act, Radiocommunication Act and Broadcasting Act.

While it has laudable advice on how to improve access to rural and remote Indigenous communities in Canada, the report’s major flaws would inhibit the same Canadian innovation the recommendations intend to promote.

This includes giving Canadian Radio-television and Telecommunications Commission (CRTC) the authority to treat the Internet like a broadcasting network, and setting unrealistic rules that would harm crucial elements of the Internet in the name of promoting Canadian content online.

There are many reasons you can’t treat the Internet like a traditional broadcaster, but the key one is this: the Internet is not like other technologies.

While it is essentially just an interconnected network of networks – hence the name: Inter-net – the Internet was built with a unique set of properties that were critical to its success to date: openness, decentralization, and permissionless innovation.

We believe these are three of the properties essential to the Internet way of networking that has seen a military and research communications network rapidly evolve into a tool ubiquitous within our day to day lives.

If implemented, the BTLR recommendations would not only threaten core elements of what the Internet Society considers the capital “I” Internet. They would have significant implications for net neutrality, intermediary liability, privacy, and security online.

Read more about how Canada’s Broadcast and Telecommunications Review panel’s recommendations threaten the Internet way of networking, and how policymakers can take actions to protect innovation online.