Collaboration with ISPs

Due to its nature and quick pace of growth, the Internet has posed a real challenge to traditional government regulations, including the ones destined to protect human rights. The sovereignty of the national state and its “hard law” was not as operational as the code of applications. Thus, the current framework actually demands a lot of private collaboration in regulating the digital environment. The importance and intricacy of collaboration with ISPs to enforce human right provisions on the Internet has been well explained by De Gregorio:[1]

The need for public actors to take into consideration, on the one hand, the protection of the freedom to conduct business of online platforms and free speech of the and, on the other hand, the need to tackle illicit contents have made the policy to tackle terrorist contents hosted by platforms constitute a reason which explains why the fight against terrorist online contents for Constitutional States is so complex.

The theme of collaboration with ISPs in order to restrain terrorism from spreading online is a rich one, in which Lessig’s concept of architecture/code prevails as a way of enforcing conduct. However, since the main topic of our discussion deals with the human right of accessing the Internet, we must be alert to the fact that only a specific group of the broader category known as ‘Internet Service Providers’ (ISPs) is pertinent to our research: the Internet Access Providers (IAPs). The IAPs are the companies that provide services that make it possible for individuals to have access to the Internet.

Consequently, the present topic intends to address how the collaboration of IAPs with authorities can be considered as a limitation to the right to access the Internet. Also, the effectiveness of the cooperation is dependent on what information the IAPs may or may not access. In Brazil, for example, governing law (Federal Statute 12.965, from 23 April 2014) provides in its Article 14 that in the provision of a connection, whether free or at cost, it is prohibited to retain users’ records of access to Internet applications. Such a provision has a lot of relevance to the case, since the current architecture (hardware and software) of IAPs’ tools tends to allow access to these logs. Architecture, in this case, is being limited by Law — a limitation that may not be very effective.

It should be remembered that companies may have to enforce some human rights and, therefore, may have to comply with some duties and standards before government. When it comes to Internet access versus terrorism, a immediate topic is the collection of data and the sharing of it with the law enforcement authorities. This kind of procedure could be considered a restriction on free access (not as in “free beer”, but as in “free speech”), since accessing the Internet presupposes a freedom to search without undue government impositions. Previous general and extensive content filtering by IAPs should not be adopted as a general rule, due to its heavy economic costs. Rights may have costs, but duties tend to cost even more. Conversely, whenever technology simplifies (Architecture) and reduces the cost (Market) of filtering and processing specific data that could be tagged as “red flags” (for example, exchange of data with words referring to bombing, killing, exploding, terror, etc.), it should be adopted as a policy by IAPs to share this data with the government.

One may question whether the access to the data should only be admissible with a warrant, since it would be a search that would demand probable cause to be valid. In our opinion, this would have been adequate for the reality existed before the Internet. The huge amount of data generated by the most diverse applications would make the security activity almost impossible. Instead of worrying about the sharing of data between private companies and the government, a correct and more updated human rights framework would require the proper judicial orders only for the actual use of the data for more intrusive proceedings, such as physical searches and arrests.

The need to update the meaning of human rights safeguards has already been developed by Lessig,[2] applying what he calls ‘translation’ to deal with the practical matter of the constitutionality of a ‘worm’, in the context of the US Constitution. His classic lesson is stated as follows:

Is the worm, then, constitutional? That depends on your conception of what the Fourth Amendment protects. In one view, the amendment protects against suspicionless governmental invasions, whether those invasions are burdensome or not. In a second view, the amendment protects against invasions that are burdensome, allowing only those for which there is adequate suspicion that guilt will be uncovered. The paradigm case that motivated the framers does not distinguish between these two very different types of protections, because the technology of the time wouldn’t distinguish either. You couldn’t- technically— have a perfectly burdenless generalized search in 1791. So they didn’t-technically-express a view about whether such a search should be constitutionally proscribed. It is instead we who must choose what the amendment is to mean.

(...) It may not be easy to imagine systems that follow an individual wherever he goes, but it is easy to imagine technologies that gather an extraordinary amount of data about everything we do and make those data accessible to those with the proper authorization. The intrusiveness would be slight, and the payoff could be great.

Thus, this way of considering data sharing between IAPs and the government, with an update on the individual safeguards (judicial order only needed to use the data for more intrusive proceedings, not applicable for the sharing itself) due to Lessig’s translation, should be subject to a proportionality test. Since the goal of collecting the data is to prevent terrorism and enhance security, a human rights value, it should be considered a legitimate goal. On the suitability/adequacy test, there is a natural and obvious conclusion that with more data being subject to scrutiny the possibility of preventing attacks due to intelligence work is enriched. On the necessity aspect, the safeguard proposed (judge’s authorization previous to any invasive actions) makes this kind of cooperation the least intrusive option, acquiring the goal in the same way. On the proportionality, in a strict sense, test, the restriction can be considered non-intrusive (since the data can only be actually used with a judicial authorization) and the correlated human right (security), a very important one, considering the current context with the rise of terrorist attacks all over the world.

Therefore, the proper interpretation calls for a limited collaboration between IAPs and government, conditioned by the economic viability (Market) and technological availability (Architecture), when it comes to users’ data being shared. Moreover, the sharing isn’t authorized for legal use by the government, until there is a demonstration of probable cause. This way, the enormous amount of data doesn’t get lost in the haystack that is the Internet today, without discharging the human rights safeguards that are much needed to avoid abuse of power.


The issue of Internet access as a human right and its intertwining with security against terrorism raises innumerable questions regarding the proper way to secure and protect both human rights values in a balanced way. This involves defining the proper limitations to it and the different aspects of regulation (Law, Norms, Market and Architecture) that may influence the intensity of the limitation. If it is certain that no right is absolute, one must also wonder if the limitation does not affect its essential core. Thus, applying the proportionality test to a specific set of concrete hypotheses in which free access to the Internet may collide with the need for security against terror, we propose answers based on the proportionality adjudication technique, specifically the ones that are more likely to happen, involving direct and indirect limitations and the collaboration of private IAPs. We hope that this may be a first step towards much broader studies regarding the topic, always with one requisite in mind: human rights must be applied in a balanced way, in order to fulfil the majority of them — and not one single position.

  • [1] Giovanni de Gregorio, ‘Countering Pro-Terrorism Online Contents: Censorship, Platforms and Freedom of Expression in the Transnational Constitucional Order’, Paper presented on the X World Congress of Constitutional Law, Seoul, South Korea, 18-22 June 2018. 2 Marcel Leonardi, Responsabilidade civil dos provedores de services de internet (Editora Juarez de Oliveira 2005), 22.
  • [2] 2 ‘To know what values are relevant, however, we need a method for putting values into a new context. I begin this part with an account of that method. The values I will describe are part of our tradition, and they need to be interpreted and made real in this context. Thus, I begin this part with one approach that the law has developed for recognizing and respecting these values. This is the interpretive practice I call “translation”. A translator practises a fidelity to earlier commitments to value. Latent ambiguities are those instances where fidelity runs out. We have nothing to be faithful to, because the choices we now face are ‘choices that our forbears did not’ (Lawrence Lessig, Code version 2.0 (New York: Basic Books, 2006), 156). 3 ‘A “worm” is a bit of computer code that is spat out on the Net and works its way into the systems of vulnerable computers. It is not a “virus” because it doesn’t attach itself to other programs and interfere with their operation. It is just a bit of extra code that does what the code writer says. The code could be harmless and simply sit on someone’s machine. Or it could be harmful and corrupt files or do other damage that its author commands.’ (Lawrence Lessig, Code version 2.0 (New York: Basic Books, 2006) 20).
< Prev   CONTENTS   Source   Next >