Andrew Charlesworth cuts a path through the legal jungle on the World-Wide Web, in the first of a series of articles on Net law .
It is apparent, from even a cursory survey of the Internet, that the increasing availability and sophistication of World-Wide Web technology has resulted in an unprecedented development in publishing.
Until recently, the ability to collate information in book, journal or pamphlet form and then disseminate copies on a large scale to a world-wide audience, was the sole province of the increasingly monolithic firms of international publishers. Now, by creating one copy on a Web server and allowing others to access it, an individual can publish on a similar scale with a minimum of cost and effort. However, this paradigm shift in publishing has not been matched by a similar shift in the laws relating to publishing, nor in individuals' awareness of those laws.
In the early days of the WWW, this lack of awareness primarily demonstrated itself in an almost utter disregard for intellectual property rights. People were so caught up in the fact that they could place pictures and text online that they often neglected to consider whether or not their ability to do so might infringe upon the intellectual property rights of the owner of the material. The realities of the situation were swiftly driven home when the creators of home pages such as the Unofficial Garfield Homepage began to receive warning letters from lawyers representing the owners of the intellectual property rights in the material used. This usually led to the rapid removal of the infringing material, and a chilling effect on the activities of would-be imitators.
The simple fact is that in electronic publishing, as in traditional forms of publishing, there are myriad pieces of British legislation which must be taken into account, including those concerning liability for content of publications, covering such topics as defamation, obscenity, blasphemy, and provisions with regard to sex discrimination and advertising standards. Some of these legal provisions may seem archaic by modern standards, yet, as the magazine Gay News discovered in the late 1970s, there is still life left in the blasphemy laws.
In addition, the budding WWW publisher has to take into account the fact that those web pages that are not access-limited to certain domains can be read by potentially more than 32 million users in more than 130 countries, and that material which is perfectly legal in the United Kingdom may not be legal or acceptable elsewhere. Thus, as Salman Rushdie and his publishers found to their cost, even though UK blasphemy law does not provide for Islamic sensibilities, publishing sensitive material on an international basis still holds many risks.
The legal issues surrounding Web publishing are therefore likely to have even more of an international dimension than traditional publishing. It is unlikely that any institution supplying WWW facilities is going to be able to consider every legal rule in every possible jurisdiction, but given the fact that, in defamation cases, jurisdiction hopping - the ability to choose a jurisdiction where one is most likely to succeed - may well be an option open to the person defamed, a certain amount of thought will have to be given to limiting potential liability in jurisdictions outside the UK.
This article will set out strategies for preventing, or avoiding, liability for the content of Web pages held on machines in higher education. Further articles in Multimedia will build on this strategic framework by examining in more detail the major areas of legal risk and how to deal with them. Those areas are defamation, intellectual property rights, data protection and criminal liability - the four legal horsemen of the Web.
A useful starting point for consideration of the approach to be taken to the legal issues facing higher education institutions in the UK is the Joint Academic Network's (JANET) Acceptable Use Policy. The network provides links between most higher education institutions in the UK, and the policy states that the system should not be used for the following purposes:
*the creation or transmission (other than for properly supervised and lawful research purposes) of any offensive, obscene or indecent images or material
*the creation or transmission of material which is designed or likely to cause annoyance, inconvenience or needless anxiety
*the creation or transmission of defamatory material
*the transmission of material that infringes the copyright of another person.
In addition, higher education institutions are required to "take all reasonable steps to ensure compliance with the conditions set out in this policy document, and to ensure that unacceptable use of JANET does not occur. The discharge of this responsibility must include informing those at the Organisation with access to JANET of their obligations in this respect." Thus the policy lays out some broad pointers as to what is considered unacceptable use of the system and, potentially more important, places the onus for informing the end user on the individual higher education institutions. It is useful to note the "catch-all" nature of the second category, as use of such "catch-all" provisions in institutional regulations can provide the flexibility required for adequately regulating a rapidly changing environment.
It is important to remember when considering an institutional approach to the setting up and use of Web servers and home pages that the unwritten first rule of civil litigation is "never sue poor people". Thus, if a plaintiff is given the choice between suing a student or staff member and suing a higher education institution, they are unlikely to pursue the former. As a result, when writing an institutional code of practice, it is advisable to place precise restrictions on who may set up a Web server on any machine within the institution - the fewer the Web servers that exist, the easier it is to develop effective regulation. Similarly, it is wise to maintain a clear separation between official institutional web pages and personal web pages. This may be achieved by restricting the use of official logos and institutional web pages and placing a notification and disclaimer page between institutional pages and links to personal web pages at the institution and all other web pages beyond the control of the institution.
It is important to have a coherent structure of responsibility in place, particularly where an institution has a Web server with multiple official departmental homepages or multiple official departmental Web servers. In such circumstances there should be a designated staff member within each of those departments with responsibility for their maintenance and content and a staff member with the power to remove potentially damaging material from institutional and personal Web pages, as soon as it is brought to the attention of the institution, until such time as it can be verified whether or not some civil or criminal liability may be incurred by its display.
At present, if an institution allows personal Web pages to be held on its machines, it is desirable to have both the notification and disclaimer page mentioned above, and also a statement in the code of practice to the effect that the institution does not exercise any editorial control over personal Web pages. This may allow for a defence of "innocent dissemination" in circumstances where staff or students publish defamatory statements. However, this should be accompanied by a statement that where the institution is notified by third parties that defamatory, infringing or criminal material is being held on its machines it will take all reasonable steps to ensure its removal in a timely manner. This approach may become less practicable if the current draft Defamation Bill being circulated by the Lord Chancellor's department becomes law, as this would require the institution to take reasonable steps to ensure defamatory material was not published. There is a considerable degree of uncertainty as to whether such reasonable steps would entail an institution monitoring all Web pages held on its machines, potentially an impossible task. If that were to be the case, it would seem likely that most higher education institutions would follow the lead already taken by several of their number, and simply ban all personal Web pages from machines under their control.
The code of practice should also make clear the penalties for unacceptable use. Such penalties would usually include the statement that where there is a breach of the code of practice or where an individual's web page is deemed by the authorities at the institution to bring the name and/or reputation of that institution into disrepute, this may result in withdrawal of computer services.
As an adjunct to any code of practice, there should be a set of clear guidelines for individuals wishing to maintain Web pages. These guidelines should contain advice as to the design and content of Web pages, including use of university logos. They should also contain advice as to the type of sites which the institution considers it inappropriate or unacceptable for pages maintained on its machines to link to. These would probably include sites known to contain pornography, defamatory materials, illegally copied software and other copyrighted works, as well as other inappropriate material, such as hacker manuals, and racist and sexist tracts. It should be noted that institutions have a wide discretion in deciding what is not appropriate and may thus ban links to materials which is not illegal per se. It may be helpful to put the institution's policy into context by including the Acceptable Use Policy, as this demonstrates that the institution is to a large extent bound by its obligations to the policy, and that the restrictions imposed are not merely an arbitrary whim of the institution's computer services department or administration. The guidelines should also provide a brief summary of the relevant laws, in particular those relating to libel, obscenity, intellectual property and data protection.
Prospective users of an institution's computer systems should be provided with a copy of the code of practice and the guidelines, and informed that use of the institution's computer systems will be taken as acceptance of the institutional rules contained within them. Log-in screens may also refer the user to their acceptance of the code of practice and guidelines each time they access the systems.
In a large higher education institution, it is next to impossible to monitor the use of Web facilities by staff and students effectively. However, a carefully thought-out code of practice and an effective regulatory system can be used to shield the institution from most legal risks posed by the Web and it will ill behove any institution to fail to take advantage of that protection in the coming years.
Andrew Charlesworth is director of the Information Law and Technology Unit, University of Hull Law School.
AN INSTITUTIONAL CODE OF PRACTICE FOR USING THE WORLD-WIDE WEB.
A code of practice should: * Reflect a clear institutional approach to the setting up and use of Web servers and Web pages.
* Ensure a clear separation between institutional Web pages and personal Web pages, including notification and disclaimer when a user leaves the institutional Web pages.
* Provide for a coherent internal structure of responsibility for general institutional and departmental Web pages, and the ability to respond quickly to remove potentially damaging material.
* State that the institution does not exercise direct editorial control over personal Web pages.
* Provide for sanctions for breach of the code of practice, including, where necessary, temporary or permanent removal of computer services.
* Provide clear guidelines for WWW use for all institutional users.
INSTITUTIONAL GUIDELINES FOR USING THE WORLD-WIDE WEB
The guidelines should: * Provide clear advice on the design and content of Web pages.
* Provide clear advice as to types of sites considered unacceptable to link to.
* Include the JANET Acceptable Use Policy.
* Include a brief summary of the relevant laws, especially those relating to libel, obscenity, intellectual property and data protection.