Last week was a tough one for Internet users worldwide. On the foreign front, the French (as predicted) reinstituted a due-process-shattering law that allows ISPs to kick suspected file-sharers off the Internet. On the domestic side, a district court refused to lift a government gag order, preventing ISPs from discussing the FBI’s Internet snooping. Separately, each of these events is a bummer, but taken together they threaten the Internet as we know it by inviting abuse from both private industry and government.
As you may recall, the French government (with a little encouragement from the entertainment industry) has previously attempted to do away with the entire notion of due process vis-à-vis the Internet. The HADOPI law would have allowed ISP’s to strip Internet access from users who were accused of file sharing. The French Socialist party challenged the law, arguing that access to the Internet was a basic right that could not be violated without judicial oversight. The Conseil Constitutionnel agreed and declared the banning provision unconstitutional.
However, last Tuesday the Conseil approved a modified version of the same law. What was the monumental change that protected the French Constitution? This bill sets up a fast-tracked judicial proceeding wherein the judge is given five minutes to rubber stamp . . . pardon me I mean . . . to rule on the disconnection order. (Suffice to say I imagine that even with this copious amount of time, innocent users might face digital execution).
The effects of HADOPI are already being felt in the EU. One day after HADOPI-redux, the Union agreed to scuttle the widely popular Amendment 138, which sought to guarantee robust judicial review of Internet prohibitions. Industry lobbyists are hailing the new law and are already pushing for an American adoption of a similar regime. While a wholesale import of this plan is unlikely, I have previously noted that the Anti-Counterfeiting Trade Agreement might require the adoption of similarly draconian measures. If such a regime is adopted, ISPs have large incentives to terminate users:
- ISP’s are often part of the entertainment business, and would therefore be eager to kick off users who provide alternate sources of product. A user who trades digital copies of shows is less likely to upgrade to the latest cable TV package or order an on-demand movie.
- ISP’s essentially promise more bandwidth than they can deliver. Kicking off high volume users is a great way to mask the limitations of the network.
Just as the HADOPI law presents the façade of judical review, the recent decision in Doe v. Holder means that judges are unlikely to lift the gag orders that the government imposes on subpoenaed ISPs. Double trouble.
The government can print its own backstage passes (National Security Letters) that allow it to demand information from ISPs without the obstacle of a warrant. Or even public controversy for that matter, because ISP’s aren’t even allowed to disclose the fact that the government made a request.
Now constitutional alarm bells should be ringing: the government can potentially violate your privacy AND the First Amendment rights of individuals working for your ISP. Wait, it gets better.
At first, the government was able to justify these secret requests merely by stating that the information related to a) an ongoing criminal investigation, b) interference with diplomatic relation, or 3) danger to the life or physical safety of any person. Wow, that must be a hard standard to meet. The Court of Appeals for the Second Circuit attempted to narrow the scope of NSLs in Doe v. Mukasey. Sorta. Instead of limiting the issuing of NSLs through judicial review ex-post, the court decided to place the onus on ISPs to challenge the requests in a timely manner:
The government could inform each NSL recipient that it should give the government prompt notice, perhaps within 10 days, in the event that the recipient wished to contest the nondisclosure requirement. Upon receipt of such notice, the government could be accorded a limited time, perhaps 30 says, to initiate a judicial review to maintain the nondisclosure requirement, and the proceeding would have to be concluded within a prescribed time, perhaps 60 days.
Only then would the FBI have to certify that the disclosure of the request “may result in an enumerated harm that is related to an authorized investigation to protect against international terrorism or clandestine intelligence activities.”
This offers little comfort because out of thousands of requests, only three challenges appear to have been registered. But what about the brave little ISP that does decide to protect its right to speak and its customers’ right to privacy? Well, in that case, the judge will just take the FBI’s word that the NSL was necessary. Indeed, that is what occurred in Doe v. Holder, where Federal District Judge Marrero determined the NSL was A OK after he met with government lawyers in closed chambers.
Wow, I feel safer already. I mean its not as if there is a long track record of improper surveillance. Right? . . . right? And surely the government has never deliberately misled the court or hidden behind the state secrets doctrine.
So at the end of the day we could possibly adopt a system that allows ISPs to terminate users with little judicial oversight. And we already have a system in place that allows the government to pry into my online life AND to gag the only party that could alert me to this violation, even if this party actually respects (and goes to bat for) my privacy rights? Well played everyone, well played.
(Andrew Moshirnia is a second-year law student at Harvard Law School. He is close to earning a secret, all-expenses-paid trip to Cuba.)