Critique of CAIP's proposed Code of Conduct for ISPs

TO: Canadian Assocation           DATE: November 14, 1996
     of Internet Providers        FROM: Electronic Frontier Canada
    5925 Airport Road, Suite 200	20 Richmond Avenue
    Mississauga, Ontario, L4V 1W1	Kitchener, Ontario, N2G 1Y9
    phone: (905) 405-6212		phone: (905) 525-9140 x24689
    fax:   (905) 405-6214		fax:   (905) 546-9995

RE: CAIP's Draft Code of Conduct for Internet Service Providers

Dear	Ken Fockler, President, CAIP	[email protected]
	Rob Hall, Vice-President, CAIP	[email protected]
and	Ron Kawchuk, Executive Director, CAIP	[email protected]

I am writing on behalf of Electronic Frontier Canada to offer some constructive criticism of your recently published "Draft Code of Conduct" for Internet Service Providers (ISPs).

Electronic Frontier Canada (EFC) is a non-profit organization dedicated to protecting Charter Rights in cyberspace -- safeguarding freedom of expression and the right to privacy as new computer, communication, and information technologies are introduced into Canadian society. EFC has members in all of Canada's provinces and territories, who come from diverse backgrounds, and who range in age from under 16 to over 60.

(a) re: Privacy

The CAIP commentary under "4. Privacy is of fundamental importance..." says:
"taking into account the relative sensitivity of each type of information."

We are pleased to see that CAIP recognizes privacy as fundamentally important. However, we are concerned that some CAIP members may interpret Section 4 to mean that personal information collected about customers is only "relatively private", instead of "100% private". The vague and somewhat contradictory nature of the policy, as stated, may leave customers uncertain about their actual level of privacy.

We think it would be instructive for CAIP to be more specific about the circumstances under which personal information will be disclosed. For example, will CAIP members sell, or otherwise make available, the transaction data of their customers to third parties? When police inquire about customers, what information will be provided in the absence of a court order? When newspaper reporters ask about what sites have been surfed lately by a famous customer, will CAIP members provide the information?

We would also like to draw to your attention the new Model Code for the Protection of Personal Information that is being developed by the Canadian Standards Association (CSA) [1]. It is receiving support from the various privacy commissioners in Canada and it may well be the government's intention to incorporate it into future legislation. It therefore might be appropriate for CAIP to include a statement that all members will adopt this code.

(b) re: controversial or illegal content

The CAIP commentary about "5. ... illegal content" mentions:
"Sharing information about material that has been evaluated as illegal will facilitate some preventative action".

The recent case of Toronto artist Eli Langer, whose drawings and paintings were first seized, but later returned, is just one familiar example of how difficult it is to determine when something crosses the line between controversial and illegal content.

If "preventative action" of controversial content means prior restraint, then we are concerned that public debate on issues of vital national interest may be stifled. We agree with Supreme Court Justice John Sopinka who said:

"one must ask whether it is not preferable to permit the expression and allow the criminal or civil law to deal with the individual who publishes obscene, defamatory, or hateful messages rather than prevent speech before it can be expressed. Otherwise, individuals may be putting themselves in the positions of courts to determine what is obscene and what is acceptable." [2]

We think ISPs should not presume to take the position of determining what Canadians should and should not be permitted to say or read in cyberspace.

The policy also does not indicate just how intrusive with the process of evaluating content might be. Will it include inspection of personal e-mail, for example? What information about customer activity will CAIP members be sharing among themselves?

(c) re: controversial content

The CAIP commentary under "6. ... complaints of illegal content ..." says:
"deal with content and abuse issues ... a complaint-driven process."

We are concerned that the absence of a clear statement about respect for a diversity of views and freedom of expression makes CAIP members inviting targets for letter-writing campaigns. The risk to Canadians is that unpopular views will be silenced by a flood of complaints, with little or no regard for the legality of the content.

EFC recommends that ISPs clearly state that *individuals* are responsible for the content they put online. It would be a serious blunder for ISPs to claim responsibility for content over which they have little or no effective control, particularly when one considers the volume of material. ISPs should make it clear that complaints should be directed, in the first instance, to the individuals who are the source of the controversial content.

- - -

In this brief letter, I have tried to highlight our main concerns with CAIP's Draft Code of Conduct, with the hope that CAIP will take them into consideration when formulating the final version. We hope you accept this letter in the positive and constructive spirit in which it is intended.

We would be happy to discuss these issues further with you at your convenience.

Sincerely,: David Jones, PhD
President, Electronic Frontier Canada

web: http://www.efc.ca/

email: [email protected]

[1]: A draft version of the Canadian Standards Association CSA Model Code for the Protection of Personal Information is available at: http://www.efc.ca/pages/doc/csa-privacy-code.jun96.html
[2]: "Freedom of Speech and Privacy in the Information Age" given by The Honourable Mr. John Sopinka, Supreme Court of Canada, speaking at an EFC-sponsored Symposium at the Unviersity of Waterloo, November 26, 1994. http://www.efc.ca/pages/doc/sopinka.txt