Posted on Categories changes in law, IT

New regulations on blocking websites

Last year we discussed, in the context of copyright infringement, whether an Internet service provider could be required to block access to a specific web page. The conclusion was that current law did not expressly provide for such measures but attempts to apply them could not be ruled out. But a number of legislative proposals have appeared recently calling for blocking of Internet content that does not infringe copyright.

Blocking access under the Anti-Terrorism Act

The first of these proposals is already law in Poland—the Anti-Terrorism Act, which entered into force in July 2016 (we discuss it here). The changes are intended to help prevent and combat threats of a terrorist nature. A major role will be played by the head of the Internal Security Agency (ABW), who is vested with a range of new entitlements in the act.

One of them is the right to demand a blockade of access. Under Art. 32c of the Internal Security Agency Act, this consists of blocking by an electronic service provider of access in a teleinformatic system to certain IT data connected with an event of a terrorist nature, or certain teleinformatic services that are or could be used to cause such an event. While the provision does not directly refer to blocking websites, the terms used could cover a broad range of entities (such as telecoms or owners of sites) and services (e.g. websites and mobile apps). The regulations do not specify how the blockade should be established, but only require the service provider to immediately take the requested actions. It thus appears that the recipient of such an order must itself choose the proper technical means to implement the blockade, unless the competent authority specifies the means in its order.

Presumably, a block on access is to be an instrument applied exceptionally, and under the ABW Act it is permissible only for the purpose of preventing or combating a terrorist offence, or to discover such offences and prosecute the perpetrators. But the relatively broadly defined purposes could provide significant possibilities whose boundaries will no doubt be clarified through the practice. For example, will it be permissible to order the blocking of an application permitting conspirators planning an attack to exchange encrypted messages?

These dilemmas will be resolved by the Warsaw Regional Court, which is given jurisdiction under the act to decide on use of a block on access, generally upon application of the head of ABW approved by the Prosecutor General. But in exceptional instances the head of ABW may independently order a blockade (with the consent of the Prosecutor General), while applying to the court for retroactive approval. A blockade can last up to 30 days, with the possibility of a single extension by up to 3 months. Only the head of ABW and the Prosecutor General have a right to appeal against the court’s ruling.

Will EU law provide for blocking of websites?

Solutions similar to those described above may be adopted in connection with the proposed Directive on combating terrorism, submitted by the European Commission and now being considered by the European Parliament. The directive would replace the current Council Framework Decision on combating terrorism. The point is that new types of offences connected with evolving terrorist threats would be subject to prosecution in any of the EU member states, which would be required to implement the directive.

In July 2016 the parliamentary committee recom­mended introduction of a number of amendments to the proposal. One of them includes a new Art. 14a requiring the member states to take necessary measures to ensure the prompt removal of illegal content publicly inciting others to commit a terrorist offence, when hosted in their territory, and to endeavour to obtain removal of such content hosted outside of their territory. Where that is not feasible, the member states should take the necessary measures to block access to such content.

These measures would have to be in line with transparent procedures and subject to adequate safeguards, in particular to ensure that the restriction is limited to what is necessary and proportionate and that users are informed of the reason for the restriction. Measures on removal and blocking would also have to be subject to judicial review.

The foregoing provision would not have to lead to harmonisation of the rules for blocking and removing content supporting terrorism. The proposed directive leaves considerable discretion to the member states on the method of pursuing these obligations—for example, to determine the addressees of the duty to block content or apply technical measures. No doubt the existing procedure for blocking content—“notice and takedown”—would continue to be used to some extent. But it cannot be ruled out that certain member states would decide to introduce additional procedures. Then Internet service providers operating across multiple EU countries would have to comply with several different procedures for blocking content.

On the other hand, these obligations could also be realised in the form of voluntary arrangements reached with the largest service providers. An example is the Code of Conduct on Countering Illegal Hate Speech Online, developed at the initiative of the European Commission, which was signed onto in May 2016 by Facebook, Microsoft, Twitter and YouTube.

Embargo on online gambling

A final interesting proposal involving blocking of websites is the government bill to amend the Gambling Act, which was filed with the Parliament in August 2016. The main aim of the bill is to limit the grey market for online gaming, where foreign servers are used by gaming operators not holding licences required under Polish gaming regulations.

This aim is supposed to be achieved by creation of a register of domains used to offer gambling in violation of the act, maintained by the Minister of Finance. The minister would decide whether to list in the register Internet domain names used to operate gaming without required licences, targeted to customers in the territory of Poland. As indicated in the bill, this involves more specifically gaming offered in Polish or advertised in Poland.

The bill also specifies the technical method for imposing a blockade. It was decided to use DNS blocking, and the related obligations would be imposed on telecommunications enterprises providing Internet access services. Simply put, this means that the Internet service provider would have to configure its network equipment so that when a user entered the given domain name in the browser, the user would not reach that address but would be redirected to an announce­ment of the blockade and its legal basis. The Ministry of Finance hopes this would serve an educational purpose, as many people may not be aware that they are using unlawful sites, and the message would refer users to services holding the required licences.

Entities unhappy about entry of a domain name in the register could file an objection with the minister. There would be a right to file an objection on the part of the operator of a blocked website, telecommunications enterprises and the “owner” of the domain, as well as payment service providers—the latter because the bill prohibits them from providing payment services on sites using the blocked domain. According to the justification for the bill, a challenge could be filed in the administrative court against a decision by the Minister of Finance overruling an objection to listing in the register.

For now the bill is awaiting consideration by the Sejm, but it has already met with strong criticism. The objections are numerous, but a few of them should be mentioned. These include the risk of excessive blocking, as gambling could constitute only part of the content provided at a website using the blocked domain; too limited judicial oversight, as the decision on entry in the register of blocked domains would be made by the minister; and concerns connected with restrictions on freedom of speech—although the register is intended to combat illegal gambling, theoretically the same solutions could be used in the future to block other types of sites.