Comment on this article |
Email this article |
News :: Technology
The Multatuli Project
by Sjoera Nas, Bits of Freedom* -Netherlands
11 Oct 2004
Under the European E-Commerce directive internet hosting providers risk liability for apparently illegal content from their customers. Once they are notified, they should take immediate action to block or remove the content. How serious are providers in the Netherlands about their responsibility for the online freedom of speech? Should providers first ask their customer to respond to an allegation, or does 'immediate' mean they have to first shoot and ask questions later? What if the complaint about an alleged infringement lacks legal grounds?
SANE, 1 October 2004
The general legal framework in Europe for provider liability is the European directive on electronic commerce. The directive was adopted in 2000 and is legally binding since 17 January 2002. In Articles 12 to 14 three kinds of providers are described, with their respective liabilities. In case of mere conduit (access provisioning) and caching, providers are exempted from any liability. In the case of hosting, providers are only exempted if they have no actual knowledge of 'apparent' illegal content and, if so, act expeditiously to remove the content.
This vague European liability-rule was to a great extent inspired by a court case instigated in 1995 by the religious sect Scientology against the Dutch author Karin Spaink and 20 providers that hosted copies of her home-page. In 2003, 8 years after the first allegation, the Appellate Court of The Hague rejected all claims and ruled that freedom of expression should prevail upon copyrights. Currently the case is with the Supreme Court, but a ruling is not to be expected before 2006. Spaink had published the Fishman Affidavit on her home-page. This affidavit, a court-testimony from a former member, contained many quotes from documents that the church wanted to keep secret. When Scientology threatened to sue her and XS4ALL, many other people put mirrors on their home-pages. In interim injunction proceedings in 1996, the court of The Hague declared all Scientology's claims against XS4ALL, Karin Spaink and the other defendants to be unfounded.
Scientology appealed, but lost once again in 1999. However, this 1999 decision included a separate declaratory judgement stating that providers could be held liable if three conditions are met; first, the provider is notified; secondly, the notification leaves no reasonable doubt about the infringement of (copy-)rights; and thirdly, the provider does not take down or block the material.
Besides the E-commerce directive and national jurisprudence, provider liability is also determined in some countries by the penal code, which might contain sanctions for helping to distribute texts that are considered obscene or in violation of good taste. Finally, the general terms and conditions of providers are decisive on how they deal with allegations of infringing content and what the user rights are in such cases.
COMPARISON WITH THE USA
In the United States, there is a safe harbour provision for providers confronted with allegations of copyright infringement. In the 1998 Digital Millennium Copyright Act, section 512 stipulates that all categories of service providers qualify for the safe harbour provisions, access, caching, hosting and service as search engines.
The legal safe harbour consists of 5 elements.
• a complaint must identify himself and the infringements exactly
• plaintiff and the customer must act 'in good faith', on penalty for perjury.
• the provider must block the material upon receipt of the complaint and inform
• materials must be put-back in 10, maximum 14 business days after a counter
• identification data can only be obtained with a subpoena
Compared with these Safe Harbour provisions, the European legislation leaves plenty of room for doubt and misguided judgement by providers. There are no criteria to validate complaints and counter notices and there are no arrangements for the hand-over of customer data, besides general privacy principles that do allow voluntary hand-over. More-over there is no obligation in Europe to inform the customer and there are no legal guarantees to protect the freedom of speech.
Though a put-back procedure is not the ideal solution, since it leaves room for fanatics like Scientology to shut-down website and instigate long legal procedures, at least it gives some kind of guarantee to internet users their counter claim is taken seriously.
In July and November 2003, 3 researchers from the Oxford Centre for Socio-Legal Studies conducted a small experiment with notice and takedown, to see if the different legal regime made any difference in practice. They found a very appropriate article from the famous philospher/economist John Stuart Mill, On Liberty, dating from 1869. They published a part of the second chapter, about freedom of speech, on a homepage in the USA and a homepage in the UK, with a clear indication that the text dates from 1869 and belongs to the public domain.
Then they sent a fake complaint to the 2 major ISPs, on behalf of the (nonexistent) John Stuart Mill Heritage Foundation, using a free and anonymous Hotmail address. The result was shocking. The UK provider removed the homepage within 24 hours. The US provider on the other hand, insisted their plaintiff would declare to act in good faith. Maybe, they write, if they had proceeded with this last, fraudulent, step, this provider would have also taken down the material, since there was no indication at all the complaints department had looked at the home-page. They were just following procedure. For the scientists this was enough proof the different legal approach in the USA made it a lot harder to take down a website.
THE TAKE DOWN TEST
To investigate notice & take down procedures on a larger scale, Bits of Freedom organized a similar experiment this summer, on a much larger scale, involving 10 Dutch ISPs.
We picked 3 free dial-up ISPs (Freeler, Tiscali and Wanadoo), 3 paid access providers (Demon, Planet Internet and XS4ALL), 3 hosting providers (iFast, Ladot/Active 24 and Yourhosting) and 1 cable internet provider (UPC/Chello). 
A text was uploaded from the famous author Multatuli (Eduard Douwes Dekker), dating from 1871. The text is about democracy, and begins with the story of the sheep. The sheep chase away a tyrant, only to find themselves in need of specialists to represent them, and they end up inviting the tyrant back, disguised as 'Specialist'. The text clearly states in the opening line that the work dates from 1871, and was reprinted in 1981. At the bottom of the text there is a line stating 'this works belongs to the public domain', right after the final conclusion from Multatuli: 'It is certain that _my_ goddess, Reason, is not satisfied with such childish and criminal tricks'.[appendix 1]
First the customer was invented, and given the name 'Johan de Ruyter'. When Multatuli published his most famous work in 1860, Max Havelaar, exposing the abuse of free labour in the Dutch Indies, he was cheated out of his copyrights by his first publisher, Johan de Ruyter. Only years after the first publication, Multatuli was able to regain his copyrights, and publish a revised edition. In 3 cases, we were unable to create the fictive character Johan de Ruyter, and
used the real identity of Mr. B. de Kler. 
Secondly, a fake society was created to act as copyright holder, the E.D. Dekkers society. Representing this society was a 'legal advisor', Mr. Johan Droogleever. His name alludes to a very respectable legal firm in the Netherlands, representing the State. A few weeks after the text were brought online, Mr. Droogleever started to send complaints to the providers from his Hotmail account.
The letter says:
E.D. Dekkers society
To whom it concerns,
I am writing to you as the legal representative of the E.D. Dekkers society. The society owns the copyright of all the published works of E.D. Dekkers. I hereby notify you that you are hosting material (published via a so-called home-page) which infringes on our copyrights.
The address of the website is Use nor distribution of this material has been authorised by the E.D. Dekkers society. Hence I have to conclude that this publication constitutes an infringement of the copyrights of the society.
Under the European E-Commerce directive you as a hosting provider are liable for unlawful content if you don't act immediately after you have been notified of this fact. I trust you will take all necessary measures upon receipt of this notification to end this and all future infringements of our intellectual property rights.
Thank you for your courtesy and anticipated co-operation,
Mr. J. Droogleever (legal advisor E.D. Dekkers society)
johandroogleever (at) hotmail.com
The first ISP to act 'expeditiously' was Tiscali, one of the largest access providers in Europe. One day after having received the complaint, Tiscali replaced the homepage by a 'Notice', referring to the general terms and conditions. Droogleever was told Tiscali gives customers 48 hours to remove the content. The customer never received the full complaint.
Wanadoo, another large pan-European access provider, also acted fast, and warned their customer immediately about the complaint, and gave him 24 hours to remove the content, adding that the customer 'had without permission placed a text' on his home-page. The customer never received the full complaint, but Wanadoo somehow forgot to remove the home-page. Only after Droogleever sent a second complaint, 10 days later, Wanadoo immediately removed the site. 
The first hosting ISP that received the complaint, Yourhosting, even outdid Tiscali and Wanadoo, and removed the website within 3 hours. They did call and e-mail the customer, and confirmed the take down to Droogleever. They took all the arguments for granted, and reported to the customer on the phone that the infringement was 'a fact'. In their e-mail they said 'We are obliged to do this after we have been notified of an alleged criminal act." In their zealousness to comply, to Droogleever they added a very surprising line: "Normally we only take materials off-line if we receive a written notification with proof, but in this case we have made an exception." 
The second hosting ISP (LaDot, renamed in Active24 during the complaints round), lost the first complaint, perhaps due to the name change, but immediately after the second complaint e-mails the customer and warns him to notify the ISP if he has permission to publish the material, or remove the content within 28 hours. Droogleever also receives an acknowledgement that LaDot has informed the customer and if the customer says that he has no permission, he will be given 'reasonable time to remove the material'. However, if the customer were to say he had permission, Droogleever is advised to contact the police or start a civil case, because LaDot is unablee to decide in copyright matters. 3 days later the website is removed.
The third hosting ISP (iFast) was only added to the experiment at a very late stage. They received the first complaint on 28 September. A few hours later, the 'Managing Director' sent the full address details of their customer to Droogleever, including year of birth, telephone number and private e-mail address, insuring Droogleever 'further measures' would be taken, but also requesting Droogleever to directly contact the customer. So we did. The next day, Droogleever sent the complaint to the customer, with CC to the Managing Director. 24 hours later, Droogleever sent a new complaint to iFast, insisting take down should happen within 12 hours, or legal steps would be taken. iFast complied, and removed the site the next morning.
Planet Internet and Demon  both sent an auto-reply to the general abuse address, with reference to a special procedure for copyright-related complaints. Their 'questionnaire' is more or less identical, and based on the original developed by XS4ALL in 1999-2000, during the legal struggle with Scientology about provider liability. This questionnaire basically asks the plaintiff to identify himself, describe the alleged infringement as accurately as possible, add available proof, and indemnify the provider from any liability for acting upon the request to take down. We sent the questionnaire back to the providers, adding the fake address of Blaak 1 in Rotterdam, and the telephone number of Rotterdam City Hall. We didn't add any new argument, just restated the E.D. Dekkers society owned all the copyrights. Both providers warned their customer to remove the homepage within 48 hours after having received the questionnaire. Obviously, they never even looked at the home-page, or bothered to read the questionnaire, let alone verify the identity of the plaintiff.
The only 3 providers that did not take down the material are XS4ALL, UPC and Freeler. Freeler never bothered to dignify the complaints sent to abuse (at) freeler.nl with an answer, and only sent 2 auto-replies to new complaints sent to info (at) freeler.nl, and only indicated it would take at least 5 working days to deal with the e-mail.
UPC sent a clear reply to Mr. Droogleever: 
It is insufficiently clear for us that you represent the E.D. Dekkers society. Also because you send your complaint via a free and anonymous hotmail-address we cannot verify sufficiently that you act on behalf of the above mentioned copyright holder. If you can present us several verifications indicating this society really exists and you are acting on behalf of them, we can decide to maybe process your complaint.
We trust we have informed you sufficiently,
In order to test UPC once more, we created a new (free) account with another provider based in The Netherlands; office (at) droogleever.xtdnet.nl. 2 new complaintsfrom this address remained unanswered. Likely because Chello thought they had dealt sufficiently with the matter, but it would have been nice if they had answered the new mails with the same answer as before.
XS4ALL finally, was the only provider in this test that demonstrated it had looked at the page and saw the 2 references indicating copyright had expired a long time ago. Following procedure, they did send a questionnaire, and asked an attorney to send a answer to the questionnaire to Droogleever explaining the year of death of Eduard Douwes Dekker.
Thorough as that looks, XS4ALL didn't answer the first 2 complaints sent to abuse (at) xs4all.nl. Like all other providers tested for this experiment, XS4ALL doesn't have any indication on the home-page or contact-page about complaints or notice and take down procedure.
SUMMARY OF RESULTS: 70% TAKE DOWN
Out of 10 providers, only UPC demonstrated distrust about the origin of the complaint (the free and unverifiable hotmail address), and only XS4ALL gave evidence they had actually looked at the page, and were aware of the fact the author had died in 1887, 117 years ago.
3 hosting providers and 4 access providers removed the text without even looking at the website, or demonstrating any clue about copyright basics. This leads to a take down 'success' of 70 percent.
2 providers don't reply at all to e-mails sent to their official abuse e-mail address, Freeler and XS4ALL. We understand these addresses receive many e-mails, but they could at least be answered with an auto-reply indicating the proper procedure to file different kinds of complaints.
1 provider (iFast) forwarded all the personal details about their customer to our fake plaintiff, something Droogleever never asked for. Besides violating freedom of speech, they also seriously breached the privacy of their customer.
In all of the cases except for XS4ALL, the customer was informed before the takedown, but only in a few cases followed by the full complaint of Droogleever. In the set-up of our test, the customer never replied, leaving it entirely up to the ISP to decide about the rightfulness of the complaint. In most regular cases we expect the customer would reply or voluntarily take down the material if enough time was given. In 3 cases, the time to respond to the allegation was too short (with the 3 hours given by Yourhosting as the worst example).
It only takes a Hotmail account to bring a website down, and freedom of speech stands no chance in front of the Texan-style private ISP justice.
These are two very alarming conclusions of this test. Internet service providers never asked for the huge responsibilities forced upon them by the European Directive on e-commerce to decide about the content of their customers, but they don't seem to realise how crucial their judgements are. Different from classical printers or editors, on-line it only takes one simple command to remove materials completely. In the Netherlands judges might order to remove a magazine or book from the stands or bookstores, but this seldom happens, and can only happen in courts, subjected to public scrutiny and the possibility to appeal.
Providers have a major social and ethical responsibility as guardians of the freedom of expression and freedom of speech. They should translate that into a balanced procedure, managed by qualified staff with basic copyright knowledge. Superficially, the European legislation on liability of providers creates a balance between liability and freedom of speech. In theory, providers should find themselves caught between a rock and a hard place, and find a balanced manner to address both liabilities (towards the plaintiff and towards their customer). But in practice, liability for wrongful take down is not translated in adequate penalties or appeal procedures for customers. Deleting the works of a customer seems a decision that can be dealt with light-heartedly.
Maybe to their defence Dutch providers will point out customers have plenty of other places to go in the highly competitive global ISP hosting world. But such an argument would deny the existence of fundamental rights, laid down for example in the European Convention on Human Rights, guaranteeing, besides privacy and freedom of expression, fair process and equal treatment in equal circumstances. More specifically, in the Netherlands the constitution explicitly functions 'vertically', meaning citizens can appeal to their basic rights against other citizens, including companies.
Providers do act as judges, and no matter how many other hosting providers could provide digital asylum to a customer, they have to respect fundamental rights within their own territory.
Finally, of the 3 providers that showed formal procedure with a questionnaire, only 1 actually verified the nature of the complaint and rejected it clearly. In these cases, the paper procedure remains worthless. This demonstrates the acute need for legal guarantees surrounding notice and take down procedure, including penalties for wrongful take down.
If these are the results of a very straightforward copyright case, how do ISPs deal with allegations of discrimination, slander or extremist political or religious expression? There are no statistics about the amount of content-related complaints providers receive, nor any statistics about the resulting actions, including hand-over of identification data and take down. We have to seriously fear the results.
The researchers from the Oxford Centre for Socio-Legal Studies that conducted the Liberty experiment tried to compile some statistics by surveying Dutch ISPs, with the help of the Dutch ISPA NLIP. Only five (33%) out of 15 members responded to the survey, and ten (67%) were not willing to participate, even though the researchers "made clear that the intention of the research is not to put the blame on ISPs for removing content in an inappropriate way, but rather to get a clearer picture of what the problems are for ISPs." The conclusion the researchers draw is "Either ISPs perceive the NTD issue as unimportant, or they fear that intensified public discussion, and transparency, could harm their business. We assume that the latter is the more likely explanation, given the failure of Rightswatch and the lack of legal clarity in Europe." 
Quoting from the Liberty study: "The quandary for the ISP is whether to strictly investigate all claims of legal infringement, which is higher cost to itself in legal and forensic resources, or to adopt a more self-serving, cheaper and easier regime. To save costs and liabilities, the ISP may remove content immediately upon notice in order to protect itself against liability or to satisfy content consumers. The ISP is encouraged to become a censorship body, to avoid liability when they choose to take down the information from a website upon receipt of a claim." 
The results of the Liberty experiment and this test demonstrate the need for a legal
safe harbour provision for ISPs. Providers should be obliged to give their customers
a reasonable time to respond, with a minimum of 3 working days. While waiting for
the answer, materials should not be removed. In case of no response, the ISP
should only block in case of immediate danger, unmistakable unlawfulness or
proven financial damages (for example by major copyright holders). In case of a
motivated reply by the customer, the case should be referred to court, with
indemnity for the ISP for any wrongfulness that might result from leaving the
materials online during such a legal procedure.
Secondly, this test shows a penalty for perjury is not enough. There should also be
a penalty for providers in case of wrongful takedown. The provider has its own
responsibility to validate complaints, possibly with the help of external expertise. In
any environment that engages with the freedom of speech and expression, fair
process should be guaranteed. If small providers cannot afford in-house legal
expertise, they should bundle forces and help create a general legal ISP hotline.
But currently there is no legal or moral incentive to invest in this kind of due
The Dutch ministry of justice started talks with the ISPA, hotlines, police and
copyright holders a year and half ago about instituting such a first-line legal
judgement. But this has not yet resulted in anything, because nobody wants to
bear the financial costs. Meanwhile the discussion is taking place behind closed
doors, without any participation from civil society. We have to fear the results of
such negotiations for transparency and accountability.
Practically, to address the results of this test, a 1 day training course in legal basics
for all ISP staff dealing with complaints would be a good start.
Thirdly, all providers should have a clear notice and take down policy, accessible
from their home-page. None of the tested providers gave any indication how to
complain and how to respond. Many providers refer to their general terms and
conditions. They usually have phrases allowing the provider to do anything he
thinks suitable, including terminating the account without any prior warning. After
the recent verdict from the Dutch Supreme Court in the case of XS4ALL against
Abfab, property rights of the network seem to prevail above freedom of speech
rights, but it remains to be seen how valid such hidden or grey provisions are when
tested against basic consumer rights.
Finally, for the sake of transparency and accountability it would be a good idea to
publish yearly statistics about notice and take down. Given the lack of interest to
collaborate voluntarily, maybe the National Regulatory Authority (OPTA) could use
its legal authority to demand these numbers.
*Sjoera Nas (1969) works for Bits of Freedom, a not-for-profit organisation based
in Amsterdam advocating digital rights. She is editor of EDRI-gram, a bi-weekly
newsletter about digital rights in Europe. From 1998 until 2002 she worked for
internet provider XS4ALL. As public affairs officer, she was responsible for the
policy with regards to principal issues, like freedom of speech and privacy. She is
still connected to XS4ALL as member of the advisory board.
Earlier, she published an article about the daily practice of ISPs dealing with
complaints in 2003, in the OSCE book Spread the Word, ‘The future of freedom of
expression on-line - why ISP self-regulation is a bad idea’.
This paper, the presentation and the earlier article are available on-line at
For Notes see the bits of freedom website (search for Multatuli)
This work is in the public domain