Open Collections

UBC Theses and Dissertations

UBC Theses Logo

UBC Theses and Dissertations

Self-regulation and co-regulation : prospects and boundaries in an online environment Doelker, Andreas 2010

Your browser doesn't seem to have a PDF viewer, please download the PDF to view this item.

Notice for Google Chrome users:
If you are having trouble viewing or searching the PDF with Google Chrome, please download it here instead.

Item Metadata


24-ubc_2010_fall_doelker_andreas.pdf [ 864.35kB ]
JSON: 24-1.0071207.json
JSON-LD: 24-1.0071207-ld.json
RDF/XML (Pretty): 24-1.0071207-rdf.xml
RDF/JSON: 24-1.0071207-rdf.json
Turtle: 24-1.0071207-turtle.txt
N-Triples: 24-1.0071207-rdf-ntriples.txt
Original Record: 24-1.0071207-source.json
Full Text

Full Text

 SELF-REGULATION AND CO-REGULATION: PROSPECTS AND BOUNDARIES IN AN ONLINE ENVIRONMENT   by  Andreas Doelker           A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF   MASTER OF LAWS   in   The Faculty of Graduate Studies      THE UNIVERSITY OF BRITISH COLUMBIA (Vancouver)   August 2010   © Andreas Doelker, 2010 ABSTRACT Industry self-regulation and governmental regulation compete for the best model of Internet regulation. This thesis challenges the argument that they have to be antagonistic schemes and evaluates the possibility of cooperation in the form of co-regulation or ‘regulated self-regulation’. It uses a comparative method to analyze the preference for the regulatory models in Europe, the United States and Canada, which draws upon the role of governments in a historical context and the impact of fundamental rights in the respective constitutional frameworks. Before considering the peculiarities of Internet regulation, the thesis identifies and analyzes the advantages and difficulties of both self-regulation and co-regulation. Whereas self-regulation lacks democratic legitimacy, has little incentive to detect violations and to maintain high standards, governments have the ability to compensate for some of these problems. In the Internet context, this analysis reveals the need to deal with regulatory effects of code, transborder conduct, and ways to sanction non-compliance. However, governments with traditional command-and-control legislature have not adapted to these specifics. A system that would suit the Internet environment is composed of certification and accreditation of codes of conduct, and support of self-regulatory institutions. The thesis proposes ten criteria for efficient co- regulation that attend to fundamental values and favor an open, transparent collaboration. It further evaluates the substitution of governmental influence by external self-regulatory bodies, and the integration of Internet users to create a democratic link between regulators and regulated. The ten criteria are applied to some exemplary regimes to demonstrate practical application and ways to improve existing regulation. This shows the potential of models in which the public sector defines the goals and the private sector offers the solutions.  ii TABLE OF CONTENTS ABSTRACT ....................................................................................................................... ii TABLE OF CONTENTS .................................................................................................. iii ACKNOWLEDGEMENTS................................................................................................ v DEDICATION................................................................................................................... vi CHAPTER 1: INTRODUCTION....................................................................................... 1 1.1. Introduction ............................................................................................................. 1 1.2. Methodology............................................................................................................ 3 1.3. Definitions ............................................................................................................... 4 1.3.1. Definition of self-regulation and governmental regulation .............................. 4 1.3.2. Definition of co-regulation ............................................................................... 6 CHAPTER 2: HISTORICAL DEVELOPMENT............................................................... 8 2.1. Self-regulation prior to the ‘Information Age’ ........................................................ 8 2.2. Development of self-regulation in the Information Age ....................................... 10 2.3. Offline appearances of self-regulation and co-regulation ..................................... 13 2.4. Online appearances of self-regulation and co-regulation ...................................... 14 2.4.1. Regulation of code.......................................................................................... 15 2.4.2. Regulation of content...................................................................................... 17 CHAPTER 3: DEFENDING VALUES ........................................................................... 20 3.1. Approaches and reasons for co-regulation in the EU ............................................ 20 3.1.1. Focus on the common good............................................................................ 20 3.1.2. Effects of constitutional principles ................................................................. 22 3.2. Approaches and reasons for self-regulation in the US .......................................... 25 3.2.1. Market based approach................................................................................... 25 3.2.2. Focus on free speech....................................................................................... 26 3.3. Approaches and reasons for self-regulation in Canada ......................................... 30 3.4. Conclusion ............................................................................................................. 34 CHAPTER 4: ADVANTAGES AND DIFFICULTIES................................................... 36 4.1. Advantages of self-regulatory organizations ......................................................... 36 4.1.1. Expertise ......................................................................................................... 36 4.1.2. Effectiveness and efficiency........................................................................... 37 4.1.3. International application ................................................................................. 40 4.2. Difficulties of self-regulatory organizations.......................................................... 41 4.2.1. Deficit of enforceability.................................................................................. 41 4.2.2. Problem of democratic legitimacy.................................................................. 43 4.2.3. Possibility of race to the bottom ..................................................................... 46 4.3. Advantages of co-regulatory organizations ........................................................... 47 4.3.1. Improved enforceability.................................................................................. 47 4.3.2. Increased legitimacy ....................................................................................... 48 4.3.3. Absence of race to the bottom ........................................................................ 49 4.4. Difficulties of co-regulatory organizations............................................................ 50 4.4.1. Deficit of information..................................................................................... 51 4.4.2. Deficit of control ............................................................................................ 52 4.4.3. Limited scope.................................................................................................. 52 4.5. Conclusion ............................................................................................................. 53 CHAPTER 5: EAST COAST CODE AND WEST COAST CODE ............................... 55  iii 5.1. Rejection of regulation .......................................................................................... 55 5.2. Reliance on national approaches ........................................................................... 59 5.3. Reliance on self-regulation .................................................................................... 62 5.4. Use of regulatory effects of code........................................................................... 65 5.5. Role of governments.............................................................................................. 68 5.6. Conclusion ............................................................................................................. 72 CHAPTER 6: FRAMEWORKS FOR INTERNET REGULATION............................... 73 6.1. Requirements for co-regulation ............................................................................. 73 6.1.1. Establishment (accreditation and certification) .............................................. 74 6.1.2. Transparency................................................................................................... 75 6.1.3. External accountability ................................................................................... 77 6.1.4. Sanctions......................................................................................................... 80 6.1.5. Evaluation....................................................................................................... 81 6.1.6. Pluralistic composition ................................................................................... 82 6.1.7. Interim conclusion .......................................................................................... 85 6.2. Application to self-regulation................................................................................ 86 6.3. Conclusion ............................................................................................................. 89 CHAPTER 7: PRACTICAL APPLICATION ................................................................. 90 7.1. US-EU Safe Harbor Privacy Principles................................................................. 90 7.2. Internet Advertising Sales House .......................................................................... 95 7.3. YouTube .............................................................................................................. 100 7.4. Framework for electronic signatures ................................................................... 106 7.5. Conclusion ........................................................................................................... 111 CHAPTER 8 : FINAL CONCLUSION ......................................................................... 113 BIBLIOGRAPHY .......................................................................................................... 118 Books .......................................................................................................................... 118 Journals ....................................................................................................................... 122 Online materials.......................................................................................................... 125   iv ACKNOWLEDGEMENTS I would like to express my gratitude to Ljiljana Biuković for her invaluable advice and support. I also want to thank Shigenori Matsui for his commitment and Tom Garbett for thoughts and suggestions after hours of reading. I am especially grateful for the friendship and support of my parents, Marion Dölker, Carol Liao, Raul Donegá, Joanne Chung, Helen Sevenoaks, and Mirjam Eggen.  v  vi DEDICATION   To Jette  CHAPTER 1: INTRODUCTION A new path has to be elaborated, adapted to the specificities of the network. It must be based on a new scheme of cooperation between the public and the private actors, more balanced, more flexible, more open.  Le forum des droits sur l’internet, Report on Internet Governance (2005)1  1.1. Introduction Internet has become omnipresent and an integral part of our daily life. Availability and online access increasingly define our society. The internet of the early days was shaped by pioneer work and law had not adapted to this new environment. It was unclear if the Internet, or Cyberspace2, could be considered an extension of national territorial claims or if it should remain an independent, unregulated space.  But nowadays an immense structure of commerce, information and individual contacts has been established. The initial question if the Internet should be regulated meanwhile has partially the rug drawn from under it – Internet is being heavily regulated at the moment.3 Most countries have excessive case law or statutes regarding areas like e- commerce, copyright or protection of minors. A multitude of fragmented and isolated approaches of national governments is currently trying to keep up with the speed of internet development. As an alternative to regular command-and-control governance, the terms of self-regulation and co-regulation are often mentioned.  1 Le forum des droits sur l’internet, Report on Internet Governance (2005) 2 The origin of the term is believed to be novel Neuromancer by William Gibson, however it is now used as a popular name for the internet, see D. Koepsell, The Ontology of Cyberspace (Peru: Open Court Publishing 2000) at 11. 3 J. A. Cannataci, J. P. Bonnici, Can Self-regulation Satisfy the Transnational Requisite of Successful Internet Regulation? (2003) 17 Int’l Rev. L. Comp. & Tech. at 52.  1 The purpose of the thesis is to understand these two conflicting regulatory systems which operate in similar areas: Co-regulation with a focus on public interests and close surveillance of private organizations and self-regulation with a focus on free market and laissez-faire attitude. As a first step, the thesis will display evolution, characteristics, and the underlying normative and constitutional frameworks of both systems. It will take into account prospects as well as boundaries. After this initial analysis, a second step will concentrate on Internet specific peculiarities, find requirements for self-regulation and co-regulation, and evaluate current frameworks of Internet regulation. This aims at answering the question if governmental participation is unsuitable or beneficial for Internet regulation. The first step will include chapters II-IV and the second step chapters V-VII.  In detail, chapter I concludes with a definition of terms, and chapter II places both self- regulation and co-regulation within a historical context and show existing areas of application. Chapter III will display different regulatory backgrounds and regulatory roles in order to understand current approaches and preference for either self-regulation or co-regulation. It will focus on the European Union as a representative for traditional strong state regulation, the United States as a system more open to market-regulation, and Canada as a system which has been influenced by both extremes. Chapter IV will focus on difficulties and advantages in regard to elements like enforceability, democratic legitimacy and public policy objectives.  Chapter V will focus on Internet specifics, namely transborder nature and regulatory effect of code as a new form of regulation which operates solely by implementing  2 technical standards. Based on these peculiarities, chapter VI will find requirements for self-regulation and co-regulation e.g. transparency and effectiveness and evaluate their suitability in an Internet context. Eventually, chapter VII will apply the findings to some new, exemplary regulatory mechanisms. 1.2. Methodology This comparative study focuses primarily on self- and co-regulation in the US, Canada and Europe. Doctrinal analysis of relevant legislation is based on Friedrich C. Savigny’s approach of interpretation which takes into account wording, historical background, context and legislator’s intention.4 Instead of considering these elements isolated, the thesis will combine the elements and acknowledge their interaction.5 This means that methodology will not follow a Positivist approach and focus solely on legal rules; it will rather emphasize culture and legal traditions. This includes non-rule elements, such as underlying values of legal systems, principles, traditions and shared beliefs.6 Therefore, the thesis incorporates elements of the study of Legal Culture. In the case at hand this includes, in particular, examination of different regulatory regimes, institutions and concepts of governance. Similarities and differences of the legal systems will be probed to find either conclusions about distinctive characteristics or commonalities.7 Relying on historical traditions and philosophical backgrounds will help to give reasons for these particularities or specific designs of regulatory regimes. The Functionalist assumption,  4 Also known as grammatical, historical, systematic and teleologic interpretation; introduced by Friedrich Carl von Savigny,19th century jurist and spokesman of the Historical school; K. Larenz, Methodenlehre der Rechtswissenschaft, 5. ed (Berlin: Springer, 1983) at 305. 5 See F. Müller, R. Christensen, Methodik I, 10ed (Berlin: Duncker & Humblot, 2009). 6 See R. Cotterell, Comparative Law And Legal Culture, in M. Reimann, R. Zimmermann, The Oxford Handbook of Comparative Law (New York: Oxford Univers. Press, 2008) at 710. 7 According to J.C. Reitz, How to Do Comparative Law (1998) 46 Am. J. Comp. L. at 625.  3 that different legal systems find similar solutions by different means, can further facilitate comprehension of different approaches.8 Sometimes this approach of identifying criteria of comparison in terms of problems, tasks, or societal needs, instead of terms of rules, can be helpful. However, a too broad level of generalization and abstraction is often not suitable, particularly when it neglects cultural references.9 In Internet Law a certain level of abstractness is appropriate because of its trans-border and trans-cultural elements, but when assessing the history of regulatory frameworks acknowledging cultural references is necessary. The matter of Internet related law furthermore requires taking technical aspects into consideration. Against this backdrop, legislation, judicial decisions, studies, articles, books and web documents will be reviewed, analyzed and assessed. The overall structure moves from a more descriptive presentation to a prescriptive examination. 1.3. Definitions The terms self-regulation, governmental regulation and co-regulation are used non- consistently in the literature and therefore have to be defined to clarify usage in this thesis. 1.3.1. Definition of self-regulation and governmental regulation The prefix ‘regulation’ is being understood as governing with a certain intention, which  8 R. Michaels, The Functional Method of Comparative Law, in M. Reimann, R. Zimmermann, The Oxford Handbook of Comparative Law (New York: Oxford Univers. Press, 2008) at 346; the ideas are based on K. Zweigert and H. Kötz, An Introduction to Comparative Law, translated by T. Weir (Oxford: Clarendon Press, 1998). 9 Cotterell (2008) at 711.  4 is not limited to a singular case.10 Whereas regulation is often associated with actions by a sovereign, this element is commonly absent in the term ‘self-regulation’. Thomas Hoeren describes self-regulation as activities of non-governmental entities to autonomously create and maintain codes of conducts.11 The activity which takes place is exercise of control over the behavior of a certain membership.12 Control can be exercised either directly or by delegating powers to other actors.13 The absence of governmental interference is likewise present in definitions by Michael Froomkin14, Jose Emmanuel Caral15 and Pierre Trudel16. This means that institutions with ties to public bodies are excluded from this definition.  In a self-regulatory environment market actors administer their affairs according to their own conceptions and voluntarily comply with codes of conduct. Therefore it is a way of indirect and informal regulation.17 In governmental regulation compliance is mandatory, enforcement is exercised by force and recipients are usually not involved in the decision- making process. It has a direct character, which is based on a ‘command-and-control’ relationship. For the purpose of this study, governmental regulation is also referred to as ‘traditional regulation’.  10 See E. Schmidt-Aßmann, Regulierte Selbstregulierung als Element verwaltungsrechtlicher Systembildung (2001) Die Verwaltung Beiheft 4 at 255. 11 T. Hoeren, Selbstregulierung im Banken- und Versicherungsrecht (Karlsruhe: VWW, 1995) at 5. 12 R. Baldwin, M. Cave, Understanding Regulation: Theory, Strategy, and Practice (Oxford: Oxford University Press, 1999) at 125. 13 Ibid. 14 A. M. Froomkin, Semi-private international rulemaking: Lessons learned from the WIPO domain name process (London, New York:  Routledge 2000) in C. Marsden, Regulating the Global Information Society at 211. 15 J. E. Caral, Lessons from ICANN: Is self-regulation of the Internet fundamentally flawed? (2004) 12 Int'l. J. L. & I.T. at 4. 16 P. Trudel, Les effet juridique de l’autoréglementation (1989) 19 R.D.U.S. at 247. 17 M. Kloepfer, Umweltrecht, 3ed (München, C.H. Beck 2004), § 5 Rn 36.  5 1.3.2. Definition of co-regulation Co-regulation can be described as an effort to make use of the advantages of self- regulation and of traditional regulation. The definition of co-regulation, or often referred to as ‘regulated self-regulation’18, is being widely discussed and as Monroe Price and Stefaan Verhulst have pointed out, is dependent on factors like extent of government action, history of the relationship between industry and government, and nature of public’s perceptions of this relationship.19 What all definitions have in common is that co-regulation is based on a legal framework in which private entities administer their affairs by codes of conducts or sets of rules. The legal framework can take different shapes, but it always consists of some form of link between state regulation and non-state regulatory system, which influences drawing, implementation or enforcement of rules. This often renders governments possible to assign duties or responsibilities to private organizations, which allegedly accomplish them in a better or more effective way (further inquiry CHAPTER 4). After a comprehensive literature review, a study for the European Commission selected the following elements of co-regulation:  1. The system is established to achieve public policy goals targeted at social processes. 2. There is a legal connection between the non-state regulatory system and the state regulation. 3. The state leaves discretionary power to a non-state regulatory system. 4. The state uses regulatory resources to influence the outcome of the regulatory process. 20  18 D. Bosch, Die Regulierte Selbstregulierung im Jugendmedienschutz-Staatsvertrag (Frankfurt: P. Lang, 2007) at 69. 19 M. Price, S. Verhulst, Self-Regulation and the Internet (The Hague: Kluwer Law Int. 2005) at 1. 20 W. Schulz et al, Study on co-regulation measures in the media sector, Final report (2006) at 4,5 and 35  6   This wide definition does not limit the application area in which self-regulation could be used. A ‘legal connection’21 between state and institution is sufficient. This means that either a state could frame a set of rules with strict guidelines, restraints and sanctions, or a state could use an established system and only step in when the given expectations are not met. However, systems that are solely self-regulatory or solely governmental are excluded from this definition. Similarly, the term ‘uses regulatory resources’ excludes systems which are completely independent. They fall under the category self-regulation, described above. Speaking in terms of direct or indirect governance, co-regulation is a compulsion of direct regulation and elements of indirect control.22 A more figurative analogy describes it as [self-regulation and its legal framework] complement each other, like the frame and strings of a tennis racquet.23 In conclusion, co-regulation always consists of a state and a non-state component whereas self-regulation is independent of a public body.  21 The interim report for the study had demanded a ‘legal basis’; the term ‘legal connection’ is broader because  it includes systems where the state ties up to existing self-regulatory organizations; however parallel state and non-state regulatory processes without any connection are still excluded, see W. Schulz et al, Study on Co-Regulatory Measures in the Media Sector, Interim Report (05/19/2005) at 15, 21 22 A. Finckh, Regulierte Selbstregulierung im Dualen System (Baden-Baden: Nomos 1998) at 42. 23 EASA, Advertising self-regulation, The Essentials (2003) at 6  7 CHAPTER 2: HISTORICAL DEVELOPMENT 2.1. Self-regulation prior to the ‘Information Age’24 Prior to establishing constitutional frameworks, societies were primarily based on hierarchical composition25. Each individual’s position in society was determined by birth and not changeable. The sovereign was responsible for establishing order in his territory. His imperative laws did not leave space for individual participation. But even this system had exceptions like the regulation of professions: The medieval system of guilds can be considered one of the first well-studied institutions of self-regulation.26 A consortium of craftsmen or merchants regulated their own relations and promoted economical and social interests of the members. Guilds created a body of rules and regulations which affected hours of work, prices of products, terms of product quality or rules for apprenticeship.27 As early as in the 11th to the 14th century, there were guild officials and guild courts to enforce internal regulations.28 However not all guilds were completely independent: Often representatives could be held responsible by the city government or sovereign.29  This constitutes exercise of control over the membership by non-governmental entities and it comprises creation and maintenance of codes of conduct. Hence, it matches the  24 A time frame which is characterized by increased access to knowledge and improved ability to transfer information; beginning with widespread availability of the Internet and personal computers in the early 1990s, see D. Alberts, D. Papp, The Information Age: An Anthology on Its Impact and Consequences (1997) at 2 25 D. Grimm, Regulierte Selbstregulierung in der Tradition des Verfassungsstaates (2001) Die Verwaltung Beiheft 4 at 10. 26 Ibid at 11; J. P. Bonnici, Self-Regulation in Cyberspace (The Hague: TMC Asser Press, 2008) at 10; A. Ogus, Regulation: Legal Form and Economic Theory (Oxford: Clarendon Press, 1994) at 6. 27 J. Strayer, Dictionary of the middle ages (New York: Charles Scribner’s Sons, 1985) at 15-20. 28 Which included fines or expulsion of violators; ibid at 17. 29 Ibid at 17.  8 definition of self-regulation as described earlier. In the case of supervision, it even matches the definition of co-regulation due to a connection with the government. Therefore, both self-regulation and co-regulation are long standing mechanisms.  The role of the sovereign shifted during the Age of Enlightenment, which lasted from the 17th century to the end of the 18th century. Whereas the imperative sovereign lost its relevancy, the individual and a dispositive view of law gained importance. Although this allowed supervision of governments through citizens, it did not necessarily lead to self- regulatory institutions, because essential responsibilities and duties remained with the governments.30 With industrialization and urbanization, governmental regulation gradually expanded in the 19th century, mainly as a response to social and economic problems.31 Regulatory efforts consistently grew, culminating in a high point in the 1970s32. For example, consumer protection in the areas of health and safety was deemed necessary and economic intervention was established according to the ideas of Keynes.33 Since then efforts of deregulation, privatization, and support of private competition grew.34 This encouraged already existing and emerging self-regulatory institutions in areas such as the press, the banking sector and dispute resolution (see offline appearances 2.3).    30 Grimm (2001) at 13. 31 Ogus (1994) at 7-8. 32 For the UK: Ibid. 33 S. Young, A.V. Lowe, Intervention In The Mixed Economy (London: Croom Helm, 1974) at 29. 34 Ibid at 10.  9 2.2. Development of self-regulation in the Information Age After the United States initially developed the Internet as military network, it was later used for academic purposes, and opened to the public over 20 years after its introduction.35 In the early days, when only a limited number of researchers or military personnel could access data, regulation was based on internal systems and community rules.36 These mechanisms worked well as long as the number of servers and users was still limited. Legal Scholars considered the evolving Cyberspace to be independent of the law of states and governed by norms of its own.37 When the number of internet users rose, the prospects of self-regulation and a market- based approach to the internet were outlined in the EU as early as 1994 in the ‘Bangemann Group Report’38. Similar tendencies can be seen in the United States in the ‘Framework for Global Electronic Commerce’ in 1997:39  For electronic commerce to flourish, the private sector must continue to lead. […] governments should encourage industry self-regulation wherever appropriate and support the efforts of private sector organizations to develop mechanisms to facilitate the successful operation of the Internet. 40    35 Between 1967 and 1969, the US military laid foundation for ARPANET, a decentralized packet switching network. The US Department of Defense controlled ARPANET from 1975 until cessation in 1990. After introducing the World Wide Web (WWW) in 1991 and opening it to the public,  and after introducing the web browser ‘Mosaic’ in 1993, the Internet experienced an exponential growth of users which destabilized previous structures; R. Zakon, Hobbes' Internet Timeline 36 Bonnici (2008) at 9. 37 D. Johnson, D. Post, Law and Borders – the Rise of Law in Cyberspace (1996) 48 Sta. L. Rev. at 1367; see further chapter 5.1. 38 M. Bangemann et al., Europe and the global information society (1994) 39 Bonnici (2008) at 11. 40 US Government, A Framework For Global Electronic Commerce (1997)  10 In 1999, the EU passed decision 276/1999/EC also known as Safer Internet action plan, which promoted the use of self- and co-regulatory institutions:  Whereas [...] Ministers stressed the role which the private sector can play in protecting the interests of consumers and in promoting and respecting ethical standards, through properly functioning systems of self-regulation in compliance with and supported by the legal system; whereas they encouraged industry to implement open, platform-independent content rating systems, and to propose rating services which meet the needs of different users and take account of Europe's cultural and linguistic diversity;41   This statement shows that the EU tends to promote co-regulation as well (whereas decision makers in the US focus on self-regulation). Furthermore, the necessity of prosecution of internet crimes was recognized by the Convention on Cybercrime in 2001, 43 states including USA and Canada attempted to harmonize international laws.42 Studies about European Governance43 and ‘better lawmaking’44 continuously promoted the use of self-regulatory bodies. The successor of the Safer Internet action plan, decision 854/2005/EC also known as Safer Internet Plus action plan, highlighted the significance of self-regulation as well:  A fully functioning system of self-regulation is an essential element in limiting the flow of unwanted, harmful and illegal content. […] The Safer Internet Forum will have the specific objectives of […] stimulating consensus and self-regulation on issues such as quality rating of websites, cross-  41 European Parliament and Council, Decision adopting a multiannual Community action plan on promoting safer use of the Internet by combating illegal and harmful content on global networks, 276/1999/EC, s. 10, 42 Council of Europe, Convention on Cybercrime (2001) 43 Commission of the European Communities, European Governance, a white paper (2001) 44 Parliament, Council and Commission of the European Communities, Interinstitutional Agreement on better law-making (2003)  11 media content rating, rating and filtering techniques, extending them to new forms of content such as online games and new forms of access such as mobile phones;45  Online self-regulation is present since the early days of the Internet. Politicians and national governments (and EU as a supranational institution) are constantly emphasizing its significance. If these suggestions are being followed a numeral increase of self- regulatory bodies can be expected. What is somewhat neglected in the literature about self-regulation is the fact that governments as well created and expanded specific forms of regulation. This applies in particular to the areas of copyright46, e-commerce47 and containment of cybersquatting48. For example, recent governmental approaches aims to block internet content, in particular child pornography, and prevent access to sites mentioned in a blacklist administrated by police authorities.49 This implies that despite self-regulation is heavily propagated, it is not considered the only feasible approach. It is a specific form of regulation and at the moment in many  45 European Parliament and Council, Decision establishing a multiannual Community Programme on promoting safer use of the Internet and new online technologies at 3 http://eur- 46 E.g. USA Digital Millennium Copyright  Act (17 U.S.C. §§ 512, 1201 et seq., 28 U.S.C. § 4001) in 1996; EU Copyright Directive (2001/29/EC) in 2001. 47 E.g. EU e-Commerce Directive (2000/31/EC) in 2000 and Directive on a framework for electronic signatures (1999/93/EC); USA CAN-SPAM Act in 2003 (15 U.S.C. 7701 et seq); Canada Electronic Commerce Protection Act Bill C-27 in 2009. 48 Registering a domain name with bad faith intent; e.g. USA Anticybersquatting Consumer Protection Act in 1999. 49 European Commission, proposal for sanctions against child sexual abuse, sexual exploitation and child pornography (03/29/2010) EN&guiLanguage=en; Germany, Zugangserschwerungsgesetz/Access Impediment Act of 06/19/09, not yet enacted  12 areas self-regulation and traditional state legislation complement each others and intertwine.50 2.3. Offline appearances of self-regulation and co-regulation Traditionally in liberal societies the press governs itself with the use of self-regulatory institutions.51 This allows a huge amount of independency in an area that is highly protected by national constitutions and international laws.52 The area of advertisements is mainly organized by voluntary codes of conducts. Financial services or corporate responsibility rely on self-regulation.53 Different forms of dispute resolution or protection of deposits are handled independently.54 Self-regulatory institutions also manage ordinary subjects like paper sizes.55 The area of protection of minors is regulated by both self-regulatory and co-regulatory organization. This applies to regulation of broadcasting56, movies57 and video games58. For example, the Pan European Game Information (PEGI) is a self-regulatory rating system for video games  50 See Bonnici (2008) at 72. 51 See comparative study J. Bröhmer, Die Selbstkontrolle im Medienbereich in Europa: Eine Rechtsvergleichende Untersuchung, in J. Ukrow,  Selbstkontrolle im Medienbereich und europäisches Gemeinschaftsrecht  (München/Berlin: Jehle Rehm, 2000) at 274. 52 E.g. British Columbia Press Council; German Pressekodex 53 Baldwin, Cave (1999) at 125, Bonnici (2008) at 10. 54 See Schmidt-Aßmann (2001) at 257. 55 Caral (2004) at 4. 56 In the order country, state body and non-state state institution e.g. Canada CRTC (Canadian Radio- television and Telecommunications Commission) and CAB (Canadian Association of Broadcasters), Germany KJM (Kommission für Jugendmedienschtz) and Einrichtungen freiwilliger Selbstkontorlle, Italy AGCOM (Autorita per le garanzie nelle comunicazioni) and Comitato di applicazione del Codice di autoregolamentazione TV e Minori, Netherlands CvdM (Commissariaat voor de Media) and NICAM (Nederlands Instituut voor de Classificatie van Audiovisual Media), United Kingdom Ofcom (Office for Communications) and ASAB (Advertising Standards Authority Broadcast). 57 E.g. Co-regulation in Austria government and JMK (Jugendmedienkommission) Netherlands CvdM (Commissariaat voor de Media) and NICAM (Nederlands Instituut voor de Classificatie van Audiovisual Media); Self-regulation in the USA MPAA (The Motion Picture Association of America). 58 E.g. Co-regulation in Germany BPjM (Bundesprüfstelle für jugendgefährdende Medien  and USK (Freiwillige Selbstkontrolle Unterhaltungssoftware) and Self-regulation in the USA and Canada ESRB (Entertainment Software Rating Board).  13 that operates in 30 countries.59 The same function performs the self-regulatory Entertainment Software Rating Board (ESRB) in the United States and Canada.60  Co-regulations can be frequently found in areas, which are closer connected to governments. The mentioned area of broadcasting falls into this category due to the fact that broadcasting frequencies are limited and most states take a central role in allocation and harmonization of these frequencies.61 Other domains are telecommunications or environmental protection.62 Telecommunications is significant in so far that it provides the infrastructure, the physical layer63, for online appearances. 2.4. Online appearances of self-regulation and co-regulation Online appearance of self-regulation and co-regulation exist on different levels. Internet as a system of interconnected networks is based on technical standards. On one hand, there are technical standards which are necessary for internet’s basic operation. On the other hand, there are programs like browsers, office suites or music players that rely on their operation. Both are dependent on technical standardization. All of these aspects and their regulatory approach can be described as ‘code-regulation’ or ‘content-neutral regulation’.64   59 PEGI, about PEGI (last accessed 10/06/09) 60 ESRB, What is the ESRB (last accessed 02/05/10) 61 This includes television, FM and AM radio, but also cell phones, wifi and amateur radio, see Industry Canada, Canadian Table of Frequency Allocations, gst.nsf/vwapj/spectallocation-08.pdf/$FILE/spectallocation-08.pdf; Department of Commerce, US Frequency Allocation Chart, 62 See Schmidt-Aßmann (2001) at 256. 63 Term established in L. Lessig, The Future Of Ideas: The Fate Of The Commons In A Connected World (2001) at 23 64 Part of the code layer, see ibid at 23.  14 Its counterpart ‘content-regulation’ covers the data, which is available on top of this code layer. This includes all texts, images and videos the internet consists of. At this point only a brief, non-comprehensive presentation of current regulatory mechanisms follows. Technical aspects will be reduced to a minimum. CHAPTER 7 will contain further detailed analysis of some exemplary mechanisms. 2.4.1. Regulation of code When it comes to Internet’s elementary components, regulation of code is especially conducted by the organizations ICANN (Internet Corporation for Assigned Names and Numbers), IETF (Internet Engineering Task Force) and W3C (World Wide Web Consortium).  ICANN is a non-profit organization, which is concerned with the assignment and administration of internet names and addresses.65 Each client computer or server is connected to the Internet by an individual Internet Protocol address (IP) and this address is being translated by the Domain Name System (DNS)-servers into legible web addresses (e.g. to The IP-address can be compared to a phone number or a unique identification number. Therefore, the DNS-servers are often referred to as the ‘phone book’ of the internet.66 Certain DNS-servers provide the basis for other DNS-servers to work on; they contain a list of addresses of servers necessary to translate Top-Level-Domains (e.g. .com, .org, .ca). These servers are at the top of the hierarchy are called root servers. They are  65 J. Hofmann, Internet Corporation for Assigned Names and Numbers (2007) Global Information Society Watch at 39. 66 S. Garfinkel, DNS: The Problematic Phone Book of Cyberspace (1997)  15 coordinated by ICANN. ICANN takes the most central role in allocation of IP addresses, domain name management and administration of root servers. It is considered a self- regulatory institution, however due to its connections with the US government and other organizations, its role has been seen controversial.67  IETF is involved in creating technological standards to enhance internet’s functionality (including the transport protocol TCP/IP and the mail protocol SMTP) 68. IETF is an open organization with voluntary participation and non-governmental oversight by the Internet Architecture Board.69 Participants organize in working groups which interact via e-mail and mailing lists, their decision making process is based on rough consensus instead of formal votes.70 Though it originated as an initiative by the US, it was transformed to an independent society in 1992.71 Governments are still involved in funding, but there is no exceeding regulatory influence by a state, therefore no legal connection to a state. Thus, it is a self-regulatory organization.  67 In 1998, control of the DNS management was transferred from the US government through a memorandum of understanding between the US Department of Commerce and ICANN. The memorandum allows the Department of Commerce to renew the terms of the relationship and possibly take direct control of the DNS system. This made the United States a de facto overseer and consequently raised questions concerning ICANN’s independence. In 2006, ICANN and the Department of Commerce signed a new memorandum which aims to institutionalize private sector management and technical coordination. Since October 2009, an affirmation of commitments increases international participation in ICANN’s evaluation. At the moment, the United States only keep control over a small part of the DNS system (the authoritative root zone file) and governmental influence on ICANN is reduced to an advisory role (by means of the Governmental Advisory Committee).  Public sector participation in the DNS management has gradually decreased and ICANN does not constitute a ‘semi-private process led by a public body’ (Froomkin 2000 at 19) anymore, instead it can be called a self-regulatory organization. See Caral (2004) at 8; Bonnici (2008) at 25, 83-85; Hofmann (2007) at 39. 68 TCP/IP=Transmission Control Protocol/Internet Protocol; T. Socolofsky et al, A TCP/IP Tutorial (1991); SMTP=Simple Mail Transfer Protocol; J. Klensin, Simple Mail Transfer Protocal (2001) 69 see IAB, A Brief History of The Internet Advisory, Activities, Architecture Board (last accessed 10/07/09) 70 See quote of David D. Clark, former chair holder of the Internet Architecture Board ‘We reject kings, presidents and voting. We believe in rough consensus and running code.’ in J. Reagle, Why the Internet Is Good, 71 IAB (2009).  16  Eventually W3C is a consortium of industry members to adopt new web standards and protocols and to ensure their compatibility. A major part is advancement in the area of programming languages. Programming languages like HTML and XML are necessary to form the basic structure of websites. W3C is administered by research institutions in the USA, France and Japan and based on a membership model open for corporations, non- profit organizations and governments as well.72 But like IETF, the states do not exert regulatory power or grant formal discretionary power to the organization. Because of independent governance by the membership, it can be labeled a self-regulatory organization.  Generally, code regulation does not fit in the grid of established direct command-and- control-regulation: It has a global approach and is pervasive in matters of territorial borders.73 2.4.2. Regulation of content Content regulation on the Internet often follows a different approach compared to offline regulation: Due to its nature and the vast amount of available data, it is not possible to submit all material to an external rating body.74 Though the nature of online content regulation is different, it is being used excessively in an internet context and it is administered by self-regulatory institutions as well as co- regulatory bodies. For example, self-regulation is the predominant tool in online  72 List of members available at (last accessed 10/07/09). 73 Caral (2004) at 10. 74 Schulz et al (2006) at 125.  17 communities or web forums (e.g. Facebook and MySpace). Community members act as moderators and administrators to solve disputes or delete unwanted content.  Online-disputes emerging from electronic auctions and sales are solved by commercial dispute resolutions agencies without the interference of public bodies.75 Online games are rated by self-regulatory organizations like PEGI online, the pendant to the offline gaming organization PEGI. Illegal and harmful content is subject to self-rating or self-labeling and can be reported via user hotlines.76 Or it is voluntarily blocked by ISPs in the case of child-pornography (e.g. Project Cleanfeed in Canada).77  Self-regulation often coexists with traditional direct governance in areas like copyright, e-commerce and containment of cybersquatting (see 2.2). Jeanne Bonnici describes this relationship as intertwining and complementary.78 Self-regulatory rules can act as an archetype for state-regulation, they can help to clarify the aims of state regulation or they can fill gaps in the absence of state regulation.79 Co-regulation with obvious state participation is temporarily being used sparely but it can be found on the internet as well, especially in Australia80 and Germany81 in the area of protection of minors. In contrast to self-regulation, co-regulation and traditional  75 Bonnici (2008) at 151. 76 E.g. INHOPE (International Association of Internet Hotlines) with hotlines in 31 countries (last accessed 10/18/09). 77 See M. Geist, Project Cleanfeed Canada (11/29/06) 78 Bonnici (2008) at 72, see also 2.2 and 6.3. 79 Ibid. 80 E.g. ACMA (Australian Communications and Media Authority) and IIA (Internet Industry Association). 81 E.g. KJM (Kommission für Jugendmedienschutz) and FSM (Freiwillige Selbstkontrolle Multimdia- Diensteanbieter).  18 regulations of content are often fragmented over many jurisdictions and therefore have a limited sphere of influence.82  82 This applies to the physical layer as well, Caral (2004) at 9.  19 CHAPTER 3: DEFENDING VALUES Although self-regulation is ubiquitously present in the Internet, co-regulation seems to be limited to Europe (see chapter 2.3). The purpose of this chapter is to find reasons for this preference in Europe and, on the other hand, reasons for reluctance in the United States and Canada. In order to asses these systems cultural, constitutional, and historic backgrounds have to be taken into account. 3.1. Approaches and reasons for co-regulation in the EU The following analysis of the EU is not meant to resemble all member states’ values and backgrounds; it rather tries to highlight some common schemes, which led to establishment of co-regulatory organizations in some of the member states. 3.1.1. Focus on the common good States are expected to guarantee freedom of citizens and at the same time safeguard the common good.83 This originates from a dual view of constitutional principles: (1) The predominant purpose of constitutional principles is to provide protection against governmental interference (lat: status negativus84). Liberty, equality and private property protect the individual and concurrently limit governmental power. This idea of basic rights or ‘droits fondamentaux’ originated in the French Revolution and was meant to protect citizens against despotism.85 (2) Besides that, there are constitutional principles, which require the state to act especially in its legislative role (lat: status positivus). Governments can safeguard and  83 Bosch (2007) at 165. 84 Term introduced by G. Jellinek, System der subjektiven öffentlichen Rechte, 2ed (Tübingen: Mohr, 1919) at 87, 94. 85 B. Pieroth, B. Schlink, Grundrechte, Staatsrecht II (Heidelberg: C.F. Müller 2009) at Rn 23.  20 guarantee individual liberties by enacting provisions. Sometimes governmental provisions in the form of rights of protection, rights of participation, guarantees of procedural rights or legal titles, are deemed necessary to uphold personal freedom.86 Therefore, governmental intervention can be a prerequisite or obligation to safeguard the common good. This view is resembled in the movement from a mere liberal state towards a welfare state.87 Whereas the former status negativus expresses a subjective view of constitutional principles, the latter status positivus expresses an objective or institutional- constitutive view that can be observed in many European countries. The principle of co-regulation is rooted in this objective view. Whereas the past, imperative sovereign governed by himself, today’s sovereign delegates power to private entities in order to foster public goals.88 An administering role is today considered necessary for the state to optimally fulfill public goals. One way of accomplishing this role is to provide a legal framework for co-regulatory organizations. For example, the obligation to safeguard public goals is carried out by protecting minors of harmful influences in the media.89 There some forms of supervision are deemed necessary because private organizations act mere profit orientated without prioritizing the public interest.90 Values such as pluralism and cultural identity, or maintenance of standards related to violence, sex and decency, as well as concerns of national security can allegedly not be committed to the marketplace.91 In this sense, the role of government as  86 Ibid at Rn 78. 87 R. Zippelius, Allgemeine Staatslehre, 14ed (München: C.H. Beck, 2003) at 345. K Fernsehen (2004) 12 t 1397.  (2005) at 141; W. Hoffman-Riem, Regulating Media: The Licensing and Supervision of ing in Six Countries (New York: Guildford Press 1996) at 274. 88 Ibid. 89 T. Groß, Selbtregulierung im medienrechtlichen Jugendschutz am Beispiel der FS NVwZ a 90 Ibid. 91 Price, Verhulst Broadcast  21 perceived by the EU member states supports the preference for co-regulation and more active regulation. 3.1.2. Effects of constitutional principles When it comes to constitutional protection on the internet, freedom of expression is of utmost importance. It is protected by Article 10 of the ‘Convention for the Protection of Human Rights and Fundamental Freedoms’92 (ECHR) and by the member states’ constitutions.  Art 10, para 1 ECHR: Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers. This article shall not prevent States from requiring the licensing of broadcasting, television or cinema enterprises.  This protects all kinds of expressions regardless of the specific content or the used medium. Freedom of expression is considered of outstanding importance for democracy and personal development.93 Freedom of expression is not restricted to traditional regulation: In Barthold v. Federal Republic of Germany the European Court of Human Rights (ECtHR) ruled that rules of conduct have to be viewed in the light of Art 10 ECHR even if they were passed by a non-state entity, because they still need approval by the state and therefore are considered ‘law’ in the sense of the ECHR.94 Art 10 ECHR is flanked by Art 8 ECHR, which grants respect for private life, and by the procedural guarantees Art 6 and 13 ECHR, which  92 Convention for the Protection of Human Rights and Fundamental Freedoms (11/04/50), 213 U.N.T.S. 221 at 223, Eur. T.S. 5 [ECHR]. 93 Schulz et al (2006) at 149. 94 Barthold v. Federal Republic of Germany (03/25/85) 8734/79 ECtHR (online: HUDOC); Ibid at 151.  22 grant fair trial and the right to effective remedy. In Peck v. the United Kingdom ECtHR especially ruled that Art 13 ECHR has to be applied in a co-regulatory context (at least when co-regulation is used to protect rights that are granted by the ECHR95).96 Despite the significance of constitutional protection, Art 10 ECHR can be subject to limitations:  Art 10, para 2 ECHR: The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or the rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.  This means that infringements of Art 10, para 2 ECHR can be justified by various goals such as protection of minors or protection of consumers. This is well established by ECtHR’s case law.97 The result is a constant struggle between freedom of expression and reasons for justification. This struggle also influences self-regulatory organizations: An area that was in the past governed by self-regulation can become subject to limitations. There is always a possibility that a state enacts legislation and directly governs an area, which was previously self-regulated.98 This threat of the ‘sword of Damocles’ is reduced in co- regulatory frameworks when a state is already involved and can exert regulatory power.  95 Schulz et al (2006) at 148-149. 96 Peck v. the United Kingdom (01/28/03) 44647/98 ECtHR (online: HUDOC). 97 Protection of minors: Handyside v. UK (12/07/76) 5493/72 ECtHR (online: HUDOC); Mueller at al. v. Switzerland (24.05.1988) 10737/84 A 133 ECtHR (online: HUDOC); Consumer protectection: Krone Verlag GmbH & Co KG v. Austria No. 3 (12/11/03) 39069/97 ECtHR (online: HUDOC). 98 Price, Verhulst (2005) at 16.  23 By choosing co-regulatory frameworks governments bolster public policy objectives right from the start (the trade-off is less latitude in the private market).  Furthermore, the application of free speech in Barthold and Peck illustrates the effect of constitutional principles: In many European countries constitutional principles can have a third party effect on private interaction (‘mittelbare Drittwirkung’).99 This means that constitutional protection is not limited to interaction between state and individual. Though the constitution is not applied directly, judges interpret all statutes in the light of the constitution. Therefore, the constitution can grant protection if privacy, free speech or a similar right is threatened by another individual. This is an implication of the objective part of fundamental rights. In contrast to the US (see 3.2.2) it can lead to consideration of fundamental rights in self-regulatory environments. This effect of constitutional principles dates back to the ideas of John Locke who assumed that fundamental rights exist between every human being.100 Every citizen should have the same opportunities by birth – this idea is present in the American Constitution as well, but in European countries economic or social power of other individuals are believed to threaten equal opportunities and sometimes have to be  99 The third party effect of the ECHR is subject to an ongoing discussion, but widely accepted in the literature, see supra note 20 at 150; B. Pieroth, B. Schlink, Grundrechte, Staatsrecht II (Heidelberg: C.F. Müller 2009) at Rn 189-200;  A. Clapham, The “Drittwirkung” of the convention, in Ronald MacDonald, Franz Matscher,  Herbert Petzold, The European system for the protection of human rights (Dordrecht: M. Nijhoff, 1993) at 163; A. Peters, Einführung in die Europäische Menschenrechtskonvention (München: C.H. Beck, 2003) at 15; the 12th optional protocol to the ECHR touches these issues in saying ‘Regarding more specifically relations between private persons, a failure to provide protection from discrimination in such relations might be so clear-cut and grave that it might engage clearly the responsibility of the State’. The third party effect can be seen in case-law e.g. Caroline of Monaco v. Germany (06/24/04) 59320/00 ECtHR (online: HUDOC) ‘in addition to this primarily negative undertaking, there may be positive obligations inherent in an effective respect for private or family life. These obligations may involve the adoption of measures designed to secure respect for private life even in the sphere of the relations of individuals between themselves’. 100 J. Locke, Two Treaties of Government (London: Dent 1962) at II §§ 23, 135.  24 restrained to achieve a status of ‘factual symmetry’.101 This aspect is fundamentally different in the US approach. 3.2. Approaches and reasons for self-regulation in the US 3.2.1. Market based approach Regulation in the United States is designed more towards individual liberty and less governmental intervention. The Founding Fathers expressed a deep concern about governmental intervention and therefore proposed strong constitutional limitations.102 The constitution was specifically enacted to deal with infringements by public bodies whereas for infringements by private persons Common Law was deemed sufficient.103 This approach roots in classic liberalism and assumes that individuals authorize governments, which are constrained by a system of checks and balances.104 The focus is on the subjective, status negativus element of constitutional protection whereas the objective, status positivus element is less present.   Economic regulation reflects this view in leaving the economy to natural forces of supply and demand, and market intervention to a minimum. Therefore, scholars in the United  101 Pieroth, Schlink (2009) at Rn 198. 102 Thomas Jefferson: ‘Were it left to me to have a government with no newspapers, or newspapers with no government, I should not hesitate a moment to prefer the latter.’ in Merrill D. Peterson, Jefferson: Writings (New York: Literary Classics 1984); Thomas Paine: ‘Society in every state is a blessing, but Government, even in its best state, is but a necessary evil.’ in Edward Larkin, Common sense, edited (Peterborough, Broadview 2004). 103 E. Chemerinsky, Constitutional Law: Principles And Policies, 3ed (New York: Apsen Publ, 2006) § 6.4.2. 104 This view is influenced by the writings of Hobbes, Spinoza, Locke, Montesquieu and Rousseau, see M. Dry, Free Speech In Political Philosophy And Its Relation To American Constitutional Law: A Consideration Of Mill, Meiklejohn, And Plato (1994) 11 Const. Commentary at 83.  25 States view regulation as state influence on economic processes, in contrast to the broader European view of a tool to achieve public policy objectives.105 This leads to regulatory approaches in the US that are more sensitive to the needs of the marketplace and, in comparison to the EU, less far-reaching.106 Consequently self- regulation carries greater weight. Self-regulation is meant to evolve autonomously, and government assuming control over an area is considered only the last option.107 Ideally authorities are thought to take a monitoring role and just counsel by posting guidelines,108 because private regulation is believed to work more efficient than direct government regulation and to deal best with arising problems.109 Therefore, the he role of state supports ‘hands-off’ or ‘light-handed’110 approaches. 3.2.2. Focus on free speech The US approach is deeply rooted in the US Constitution and its Bill of Rights:  First Amendment: Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.111  The First Amendment is a strong constitutional guarantee and acts as a barrier against governmental censorship. Justice Brandeis expresses this when he speaks of a market-  105 Schulz et al (2006) at 11. 106 W. E. Kennard, Vision to mission: a blueprint for architects of the global information infrastructure (1999); Caral (2004) at 9. 107 Bonnici, (2008) at 18. 108 Federal Trade Commission, Marketing Violent Entertainment to Children: A Review of Self-Regulation and Industry Practices in the Motion Picture, Music Recording and Electronic Games Industries (2000) at VI. 109 J. Grewlich, Governance in Cyberspace: Access and Public Interest in Global Communications (The Hague: Kluwer Law International, 1999) at 110. 110 M. Gould; Locating Internet governance: Lessons from the standards process (London, New York: Routledge 2000) in C. Marsden, Regulating the Global Information Society at 209. 111 U.S. Const. amend. I.  26 place of ideas which should be free of governmental restraint, because ‘truth will win out and the best response to harmful speech is more speech, unless there is a clear and present danger of substantive evil that government has a right to prohibit’.112 Therefore a democratic dialogue with a variety of speech is central to the First Amendment and prohibiting this speech would deny citizens information, and the ability to express opinions, doubt, disbelief or criticism.113 The appropriate response to offensive speech is counter-speech rather than censorship.114 This leads to a large area of protected speech that cannot be prohibited and only regulated regarding time, place and matter if the regulation is content neutral.115 Therefore, most restrictions to free speech that exist in European countries would not be possible.116 In the US only a small area of unprotected speech exists which governments can constrain, for example obscenity or speech harmful to minors.117  This particular protection affects content regulation by the US government in the area of new media.118 In one of the first major Internet cases, Reno vs. ACLU119, the United States Supreme Court struck down a law, which prohibited the transmission of obscene and indecent material to minors, and the permission of such a transmission by technical  112 Summarized by Murray Dry, Dry (1994) at 82; originally expressed in the subversive advocacy cases from 1919-1927: Abrams v. United States 250 U.S. 616, 630 (1919); Schenck v. United States 249 U.S. 47 (1919); Gitlow v. New York  268 U.S. 652 (1925); Whitney v. California 274 U.S. 357 (1927). 113 A. Meiklejohn, Political Freedom: The Constitutional Powers of the People (New York: Harper, 1960) at 27 114 J. Bakan, J. Burrows et al, Canadian Constitutional Law, 3rd ed (Toronto: Edmond Montgomery Pub., 2003) in regard to the US Constitution at 939. 115 Dry (1994) at 83. 116 E.g. restrictions of hate speech or jail sentence for denial of the holocaust in Germany (§ 130 StGB Strafgesetzbuch) or France (Art. 9 Loi Gayssot). 117 L. Lessig, Codev2 (2006) at 250. 118 See Federal Trade Commission, Marketing Violent Entertainment to Children: A Review of Self- Regulation and Industry Practices in the Motion Picture, Music Recording and Electronic Games Industries (2000) at ii 119 Reno v. American Civil Liberties Union (1997) 117 S.Ct. 2329, 138 L.Ed.2d 874.  27 means, because of First Amendment reasons (CDA – Communications Decency Act120). The Supreme Court noted that the CDA would suppress a large amount of speech that adults have constitutional right to receive and address; besides that, all forms of Internet content regulation could have chilling effects on free speech.121 The court also stated that Internet as a new medium is not as invasive as radio and television and therefore does not have to be subject to the same strict regulation. Though Congress could regulate obscenity, regulation of indecent material is too broad and falls into the category of protected speech. In 1998, congress passed the Child Online Protection Act (COPA) to prevent minors from accessing harmful content.122 It takes a more narrow approach in comparison to CDA and it is restricted to commercial speech. This law was first upheld by the Supreme Court in American Civil Liberties Union v. Ashcroft (2002)123, and then struck down by the Circuit Court124. In 2004, the Supreme Court ruled that COPA was likely to be unconstitutional;125 after another referral the district court eventually struck down the law because of First and Fifth Amendment reasons.126 In 2009, the Supreme Court refused to hear further appeals on the case.127 This leads to the current status of not enforcing the law. In these decisions, courts promoted less restrictive alternatives like blocking and filtering software. In their opinion, these are more effective tools and speech is not  120 47 U. S. C. A. 223 (Supp. 1997). 121 Reno v. American Civil Liberties Union (1997) 117 S.Ct. 2329, 138 L.Ed.2d 874 at 24-28. 122 47 U.S.C. 231. 123 American Civil Liberties Union v. Ashcroft (2002) 535 U.S. 564, 122 S. Ct. 1700. 124 American Civil Liberties Union v. Ashcroft (2003) 322 F.3d 240, 3d Cir. 125 American Civil Liberties Union v. Ashcroft (2004) 542 U.S. 656, 322 F.3d 240. 126 American Civil Liberties Union v. Gonzales (2007) D.C. No. 98-5591 D. Ct Pennsylv. 127 CDT (01/21/09)  28 restricted more than necessary.128 These examples show that there is intention and awareness for content regulation but the judiciary upholds a high level of constitutional free-speech protection. If governments are traditionally less involved in regulation or are bound to further intervene due to constitutional reasons, regulation by the market place is a natural alternative.  The preference for self-regulation can also be traced back to the application of the constitution. Unlike constitutions in many European countries, the US constitution only binds public bodies and not private subjects’ interaction between each others (‘state action doctrine’129). The state action doctrine provides large freedoms for private conduct. There are only three exemptions in which private conducts must comply with the constitution:130 If it involves tasks that have been exclusively done by the state in the past131, if the state affirmatively authorizes, encourages, or facilitates unconstitutional conduct132, and if statues specifically apply constitutional norms to private conduct133. The basic decision for the state action doctrine and against third party effect is already rooted in the text of the First Amendment (‘Congress shall…’). Transmitted to an Internet context, this implies that ISPs or other private entities to which the above mentioned exceptions do not apply, cannot be held liable for free expression infringements. Only governments that engage in regulation would be subject to constitutional boundaries. In contrast, a European ISP or content provider could be sued  128 American Civil Liberties Union v. Ashcroft (2004) 542 U.S. 656, 322 F.3d 240 at 666, 667 129 Chemerinsky (2006) at § 6.4. 130 Ibid. 131 The Public Functions Exception, Jackson v. Metropolitan Edison Co. (1974), 419 U.S. 345, 352. 132 The Entanglement Exception, Shelley v. Kraemer (1948), 334 U.S. 1. 133 See Civil Rights Act of 1964.  29 for these reasons (see 3.1.2). These differences sometimes lead to mutual misunderstanding. When Europeans speak of free speech protection, they often imply private corporations, due to a different constitutional framework. But when corporations are not bound in the same way as governments, regulation by the market place is once again the natural alternative to state regulation or co-regulation.  3.3. Approaches and reasons for self-regulation in Canada Classifying Canada in an unambiguous regulatory concept is difficult because it is influenced by liberalism, but incorporates some element of the welfare state.134 Whereas liberalism determined its early history, a development that includes social elements commenced in the 20th century.135 Canada’s constitutional history is interconnected with British history. During the last century, Canada evolved from a colony to an independent state within the Commonwealth.136 This background contributed to a different view of civil liberties in comparison to the United States. In the Constitution Act of 1867, civil rights primarily refer to proprietary, contractual and tortious rights and not to  134 Accordings to Asa Briggs a welfare state consists of (1) provision of minimum income, (2) provision for the reduction of economic insecurity and (3) provision of social services. A. Briggs, The Welfare State in Historical Perspective, in The Collected Essays of Asa Briggs, Vol 2 (Brighton: Harvester Press, 1985) at 177; Canada has provincial and federal assistance in all three categories, such as publicly founded healthcare, support for mortgages, low-cost primary education and assisted unemployment insurance. 135 ‘The assumptions of laissez-faire and individual self-help fitted the facts of frontier life. With greater diversification, a growth of scale in enterprise, an increase in urbanization, and an increase in economic interdependence which was accompanied by a growth of group consciousness, collective wants became more important and individual freedom of action so limited as to destroy the validity of the old individualistic assumption.’ J.R. Mallory, Social Credit and the Federal Power in Canada, in J. Bakan, J. Burrows et al, Canadian Constitutional Law, 3rd ed (Toronto: Edmond Montgomery Pub., 2003) at 148. 136 After the confederation of the colonies of British North America and after the British North America Act of 1867, the provinces remained British colonies. Canada had achieved a large measure of self- government in local affairs, but the British parliament could enact statutes extending to Canada and invalidate Canadian statutes. This changed to full sovereignty between the Treaty of Versailles in 1919 and the Statute of Westminster in 1931, see P. W. Hogg, Constitutional Law of Canada (Ontario: Thomson Carwell, 2007) at 49-51.  30 fundamental freedoms.137 At this time, the absence of legal rules was considered liberty (e.g. there is a ‘right’ to criticize the government because there is no law that prohibits criticism).138 Although protection against governmental interference was incorporated into Common Law139, this does not show the level of suspiciousness that drove the Founding Fathers in the United States. This favored development of regulatory systems with governmental participation.140 The constitutional situation changed with the introduction of the Canadian Bill of Rights in 1960141 and the Charter of Rights and Freedoms in 1982 (‘the Charter’)142. The Charter guarantees fundamental freedoms in section 2:  Section 2: Everyone has the following fundamental freedoms: [...] (b) freedom of thought, belief, opinion and expression, including freedom of the press and other media of communication; [...]  This as well highlights the importance of freedom of expression to guarantee the ‘free flow of ideas’ which is essential to political dialogue and functioning of democratic institutions.143 However, due to Section 1, it can be restricted by laws within a reasonable limit.144 This criterion of reasonableness prevents too broad limitations on free speech.145  137 Ibid at 520. 138 Ibid. 139 E.g. common law early developed the doctrine that the king and his officials had no powers other than those granted by the law, ibid at 678, 680. 140 In Canada direct regulation can be found in areas such as transportation, energy, telecommunications, broadcasting, insurance, securities and the financial sector; Gilbert Reschenthaler argues that the Canadian economy has been built upon direct regulation and promotion by government, see G. B. Reschenthaler, Direct regulation in Canada: Some policies and problems, in W.T. Stanbury, Studies on regulation in Canada (Toronto: Butterworth, 1978) at 37, 41 141 The Canadian Bill of Rights, S.C. 1960, c. 44; R.S.C. 1985. 142 Canadian Charter of Rights and Freedoms, Part I of the Constitution Act, 1982, being Schedule B to the Canada Act 1982 (U.K.), 1982, c.11. 143 R v. Keegstra [1990] 3 SCR 697, 61 CCC (3d) 1. 144 E.g. laws against hate speech and obscenity, see Criminal Code of Canada section 318, 319. 145 See R. v. Zundel (08/27/92) 2 S.C.R. 731.  31 This is similar to Art 10 ECHR and its limitations in Art 10, para 2. This is no accident because both declarations are influenced by the Universal Declaration of Human Rights and partly the same drafters were involved.146 Limitation on free speech include, similar to some European countries, the prohibition of hate propaganda.147 In R. v. Keegstra the court found that hate speech (i. a. denial of holocaust) is in fact part of protected speech and therefore an infringement of the Charter in section 2 (b)148, but the violation is justified under s. 1 due to valuable equity objectives. Therefore, justification under the Charter resembles the framework of the European Convention of Human Rights. The Charter only directly applies when a governmental body is involved, however case law has to be developed in accordance with the values of the Charter.149 For example, in Hill v. Church of Scientology the court states that ‘the Charter represents a restatement of the fundamental values which guide and shape our democratic society and our legal system’, therefore it is appropriate to rely on Charter values without blurring the borderline to Charter rights which only apply to government action.150 This as well resembles more the European model of third party effect than the strict US model of the state action doctrine.  146 In person of John Peters Humphrey, see Economic Expert, Canadian Charter of Rights and Freedoms (last accessed 12/15/09) 147 Criminal Code [R.S.,c.C-34, s.318, 319.]; ‘[...] neither should we overplay the view that rationality will overcome all falsehoods in the unregulated marketplace of ideas. There is very little chance that statements intended to promote hatred against an identifiable group are true, or that their vision of society will lead to a better world. To portray such statements as crucial to truth and the betterment of the political and social milieu is therefore misguided.’ see J. Bakan, J. Burrows et al, Canadian Constitutional Law, 3rd ed (Toronto: Edmond Montgomery Pub., 2003) at 948. 148 Section 2 (b) is not subject to content-based restrictions, its covers all messages ‘however unpopular, distasteful or contrary in the mainstream’, R v. Keegstra [1990] 3 SCR 697, 61 CCC (3d) 1 at 729. 149 See RWDSU v. Dolphin Delivery Ltd. (1986) 2 S.C.R. 573; Bakan, Burrows et al (2003) at 810. 150 Hill v. Church of Scientology of Toronto, [1995] 2 S.C.R. 1130 at 1169.  32 This indicates that Canada is more open to approaches of co-regulation and direct regulation. This can be seen in an area such as broadcasting151, however, in the area of Internet regulation none of these tools can be found. The question if Internet content should be regulated has been discussed controversially. The CRTC, which (co-)regulates broadcasting and telecommunications, states that while text is not under their jurisdiction at least audio and video on the Internet could be subject to regulation.152 But expert committees conclude that problems of broadcasting like underrepresentation of genuine Canadian content do not exist on the Internet because of its easier accessibility and the larger number of people supplying Internet content.153 CRTC stated that ‘the new media on the Internet are [...] vibrant, highly competitive and successful without regulation. The CRTC is concerned that any attempt to regulate Canadian new media might put the industry at a competitive disadvantage in the global marketplace.’154 Therefore, Internet remained unregulated in the past, and in 1999 CRTC decided to maintain this status.155 However, it monitors the current situation and if these problems reappear e.g. because of a rise of video and audio with more cost-intensive production, CRTC might regulate the market.156 At the moment, the criminal code coupled with self-regulation is deemed sufficient.157 At first sight, Canada is situated in a middle position between the US and EU: Constitutional protection resembles the European model, but regulatory efforts, or more precisely their absence in an Internet context, are closer to the US. However, reasons not  151 See chapter 2.3 and supra note 56. 152 M. Geist, Internet Law in Canada (Ontario: Captus Press, 2002) at 822-827, 834. 153 Ibid at 829. 154 CRTC, New Media Report, Public Notice 1999-84. 155 CBS News (06/04/09) 156 Geist (2002) at 830. 157 Ibid at 833.  33 to regulate are oppositional. While in the US intention to regulate is existent, it is not possible due to its constitutional framework. In Canada, the framework would be more open to regulation, but currently there is no intention to regulate. 3.4. Conclusion The preference for a regulatory system is highly dependent on the role of state. In European states, governmental intervention is part of the obligation to safeguard the common good. The market place is not meant to maintain standards and values unassisted, this task is partly delegated to governments. On the other hand, in the United States the focus is more on individual freedom, greater importance of the market place and reluctance towards governmental intervention. The first approach supports co- regulatory frameworks, the latter development of self-regulation. In regard to regulatory system, Canada is situated in between both extremes because it features liberal elements paired with components of welfare states. Constitutional backgrounds further contribute to preference of one of the systems. The constitutions either include an objective view of fundamental freedoms, or solely focus on the subjective view and protection against governmental interference. The European and Canadian model permit limited application of fundamental freedoms in private relations. In contrast, in the United States constitutional protection is limited to interaction between state and individual. The fact that self-regulation in the United States is not subject to constitutional boundaries allows more regulatory freedoms and makes it the preferred alternative to command-and-control regulation. This element is not present in Europe or Canada.  34 Eventually, in Europe and Canada relevant constitutional provisions, such as freedom of expression, can be subject to limitations. The state can enact legislation and limit areas that were previously self-regulated when it serves a valuable public policy objective. This allows establishment of co-regulatory systems at any time. Constitutional barriers in the United States in application by the judiciary prohibit the same limitations and therefore strengthen the system of self-regulation. Preference for either self-regulation or co- regulation is not only a regulatory choice, but an expression of the particular historic, cultural and constitutional background.  35 CHAPTER 4: ADVANTAGES AND DIFFICULTIES After setting out reasons for choosing either self-regulation or co-regulation in the previous chapter, this chapter will analyze particular strength and weaknesses of the systems. It will begin with self-regulatory organizations, and evaluate if the same problems exist in co-regulatory frameworks or if governmental participation can compensate some of the problems. It will deal with the questions on a theoretical level, before looking at Internet specifics in CHAPTER 5 and searching for solutions in CHAPTER 6. 4.1. Advantages of self-regulatory organizations From the perspective of market participants, the possibility of avoiding burdensome governmental regulation is a major reason in favor of self-regulation.158 Naturally, a lesser degree of state involvement allows individuals more freedom to run their own affairs. Besides guaranteeing a maximum of freedom, self-regulation offers advantages which could make it superior to traditional regulation. The most prominent advantages are accessibility to expertise, increased effectiveness and efficiency, and the possibility of international application. 4.1.1. Expertise It is a common claim that self-regulatory bodies can command higher levels of expertise and technical knowledge than governmental agencies.159 This is rooted in the belief that practitioners know more about their sector than civil servants or bureaucrats.160 They are  158 E. Huepkes, Self-regulation or Co-regulation? (2009) 5 J. Bus. L. at 429. 159 Ibid; Ogus (1994) at 107; Baldwin, Cave (1999) at 126, 127. 160 Baldwin, Cave (1999) at 127.  36 closer to the relevant matter and thus know practices or innovatory possibilities, which facilitate regulation. Yves Poullet goes as far as saying that only the involved parties are capable of perceiving the risks in particular situations and can assess the adequacy and effectiveness of solutions.161 However, the fact that governments can ‘buy in’ professional expertise has to be considered in this discussion.162 By hiring experts or training specialists in certain areas, they can compensate this deficit of expertise to some extent. Nevertheless, it is doubtful whether imported experts can provide the level of ongoing proximity and links with the profession that self-regulatory bodies can offer and that is helpful to keep information up to date.163 4.1.2. Effectiveness and efficiency The problem with measuring effectiveness or efficiency is that there is hardly any consensus on the standards which could apply to those terms: It would be possible to ask if self-regulation is faster and cheaper than traditional regulation, if practitioners adhere to the rules, if it improves the credibility of the profession, if wealth is distributed equally among participants, if the rules are relevant in the light of current concerns, or if they bring greater consumer protection and satisfaction.164 When using efficiency only as a productivity metric and asking how fast self-regulation can work, it has often been claimed that it can respond more quickly to market  161 Poullet is speaking about the superiority of hotline to report Internet pornography in comparison to judicial  ‘condemnation’. Y. Poullet, How to regulate Internet: New paradigms for Internet governance self-regulation, in C. Monville, Variations sur Ie droit de la societe de 1'information (Bruxelles: Bruylant, 2001) at 84. 162 Baldwin, Cave (1999) at 126, 127. 163 Ibid. 164 J. J. Boddewyn, Advertising self-regulation and outside participation: a multinational comparison (New York: Quorum Books, 1988) at 24; P. Christiansen, Selbstregulierung, regulatorischer Wettbewerb und staatliche Eingriffe im Internet (2000) 3 MMR at 129.  37 developments.165 Indeed, rules devised by the industry do not require a cumbersome legislative process and creation or change of rules can be a quick, informal process.166 If the regulatory system becomes redundant, ineffective or in need of change, firms tend to develop substitute codes instead of waiting for a change of governmental regulation.167 This flexible approach leads to up-to-date-rules rules that are subject to continuous market testing.168 In contrast, in traditional regulation, antiquated statutory regulation can remain on the books.169 However, similarly to the expertise argument, there is no innate reason why governments could not act with greater speed given suitable powers and resources.170 Furthermore, governmental procedures are designed to guarantee critical scrutiny of the rules, they consult with other parties, they have to be drafted precisely to withstand judicial review, and they aim for a maximum of certainty and predictability.171 A non-statutory code, which is not subject to these requirements, can be drafted in a less detailed, informal way and can embody general principles (e.g. best business practices) which can be adapted to particular cases and more easily deal with unforeseen circumstances.172 This argument also applies to the interpretation of self-regulatory norms because they can be applied according to its spirit and not only to its letter.173 This  165 Robert Pitofsky, chairman of the U.S. Federal Trade Commission: ‘Legitimate and fair self-regulation will become more important as the economy grows faster than government regulation.’ [Self-regulation is more] prompt, flexible, and effective than government regulation.’ in Price, Verhulst (2005) at 8; see also P. Cane, Self Regulation and Judicial Review (1987) 6 C. J. Q. at 331; Ogus (1994) at 107; Bonnici (2008) at 13; Huepkes (2009) at 429. 166 Huepkes (2009) at 429. 167 Cannataci, Bonnici (2003) at 57. 168 J. J. Boddewyn, Global perspectives on advertising self-regulation: principles and practices in thirty- eight countries (New York: Quorum Books, 1992) at 5. 169 Huepkes (2009) 429; on the other hand, a fixed legal system increases legal certainty because stakeholders can anticipate consequences and adjust their behavior. 170 Cane (1987) at 331. 171 Ibid. 172 Ibid at 332. 173 Ibid.  38 provides more freedom and flexibility than narrow, technical statutory interpretation. The advantage in speed is especially helpful in areas with rapid technological changes where traditional regulation can be outdated before it even comes into effect (e.g. Internet, telecommunications), or in areas where uncertainty or delay are specifically adverse to proper operation of the markets (e.g. financial service industry).174  When determining effectiveness and using it as a quality metric to ask how well self- regulation performs its tasks, advocates claim that it is superior to public, independent agencies.175 One of the reasons is that self-regulation generates greater moral adhesion. Rules tend to be accepted if the people who apply them are involved in their development.176 The process of negotiation, mediation and persuasion can reduce frictions, whereas statutory, compulsory regulation often leads to conflicts and lawsuits.177  Consequently, interaction and mutual trust lead to the advantage of greater acceptance. Additionally, regulators know what the parties see as reasonable in terms of regulatory obligations and, therefore, they can make demands that are perceived as more appropriate than externally imposed regimes.178 This can help to deal with matters that the law finds difficult to regulate (e.g. matters of taste and opinion) and can even lead to more stringent regulation in those areas.179  174 Ibid; Cannataci, Bonnici (2003) at 53. 175 Ogus (1994) at 107; Baldwin, Cave (1999) at 127. 176 Huepkes (2009) at 429. 177 Traditional concepts which are based on imperative control modes can ignore the interests of regulated parties. This is likely to produce resistance instead of willingness to cooperate and parties either elude or antagonize regulation. See W. Hahn, T. Vesting. Beck'scher Kommentar zum Rundfunkrecht (München: Beck, 2008) at § 1, Rn 23; Boddewyn (1988) at 6. 178 Baldwin, Cave (1999) at 126, 127. 179 Boddewyn states the example that broadcasting of hard-liquor commercials is prohibited by the U.S.- distilled-spirits industry instead by law. Boddewyn (1992) at 6.  39 An increased effectiveness also has an impact on costs: Because of the close connection to the professions, information costs for the formulation and interpretation of standards are lower and monitoring and enforcement costs are reduced.180 The administrative costs of self-regulatory regimes are internalized in the activity, which is subject to regulation, and typically not born by taxpayers.181 It is true that this relieves the government of costs, but it would be naive to say that it does not involve significant costs at all.182 However, developing and amending less formalized rules requires fewer personnel, and overall does produce lower costs. When finding a conclusion about effectiveness and efficiency, it has to be borne in mind that the terms are subject to different and ideologically driven perspectives. However, from a productive and qualitative point of view, self-regulation offers many advantages: It is a quick and informal process that can flexibly adapt to changing circumstances.  The interaction with regulators fosters mutual trust and the easy access to those under controls lowers costs. 4.1.3. International application An important advantage of self-regulation is that it can extend across national borders. Contractual agreements define its character which are not restricted by national, jurisdictional limits.183  Whereas traditional regulation is bound to fixed national or, in case of the EU, supranational borders, and has to extend its scope by international  180 Ogus (1994) at 107; Cannataci, Bonnici (2003) at 57. 181 Cane (1987) at 328; Ogus (1994) at 107; Huepkes (2009) at 429. 182 See Price, Verhulst (2005) at 8. 183 Huepkes (2009) at 429.  40 cooperation, self-regulation can establish international structures without constrictions.184 This benefits multi-national corporations which are not only interested in local solutions, but in ways to globally take into account specific business peculiarities. In short, it allows sectoral instead of regional regulation. Corporations can use forum shopping to determine the self-regulatory systems best suited for their needs. By negotiating at an international level, self-regulation can further assist in finding consensus on controversial topics. 4.2. Difficulties of self-regulatory organizations Mainly from a public policy perspective, the following difficulties accompany the advantages: A deficit of enforceability, reduced democratic legitimacy and a possible race to the bottom. 4.2.1. Deficit of enforceability The problem with voluntary initiatives is that enforcement is not guaranteed. Traditional command-and-control regulation has a multifaceted arsenal of enforcement mechanisms with penalties, subpoena, discovery procedures, rules of evidence, hearings, and due process rules.185 Self-regulation lacks these judicial and authoritative tools and often does not compensate for this deficit with proprietary enforcement procedures. For example, press councils in many countries have established a system for complaints, which is constituted and financed by the press industry, in order to avoid strict governmental  184 Bosch (2007) at 81-82. 185 Boddewyn (1988) at 10.  41 regulation.186 A jury of representatives from the industry, possibly together with laypeople, considers cases and issues a ruling. A press body, which is subject to one of these rulings, is expected to avoid future misconduct and publish the criticism it receives, but there is no sanction if it does not comply. The system relies solely on the goodwill of the parties involved. This can lead to the common conception that self-regulatory organizations only ‘put pretty words on paper’187 and adopt codes of conduct ‘because it will make them look good without requiring any real change’188. One way of avoiding this problem is to draft own enforcement procedures in order to put the rules into force (e.g. contractual damages, exclusion of an industry body etc.). However, it is difficult to substitute governmental enforcement which includes effective measures to summon persons and documents, and can rely on a system of injunctions, fines and damages. Existing enforcement procedures have the reputation of being either inadequate (e.g. reprimands) or draconian (e.g. exclusion of a de facto monopolistic organization).189 Some organizations plainly admit that they have neither the powers nor the will to exercise effective controls over members who breach codes of practice.190 Even if enforcement mechanisms exist, it is doubtful if industry insiders have the same incentive to detect violations and pursue sanctions as a governmental body. Whereas governments have a certain level of independency and distance, self-regulatory  186 H. J. Kleinsteuber, The Internet between Regulation and Governance, in C. Möller, A. Amouroux. The Media Freedom Internet Cookbook (Vienna: OSCE, 2004) at 64. 187 V. Haufler, A public role for the private sector: industry self-regulation in a global economy (Washington D.C.: Carnegie Endowment, 2001) at 112. 188 Ibid. 189 Cane (1987) at 330. 190 '[T]rade associations, set up for the benefit of members, frequently are neither comfortable nor effective in the role of sectoral regulator' Office of Fair Trading, Raising Standards of Consumer Care (London: OFT, 1999) at 16-17; Baldwin, Cave (1999) at 129.  42 organizations have to penalize an equal member of their community. Therefore, the voluntary nature of codes of conducts implies the risk that the participants do not adhere to them.191 Even if the industry implements high standards, compliance can pose a problem in self-regulatory frameworks. 4.2.2. Problem of democratic legitimacy Legitimacy deals with the question of whether people accept and respect the validity of a rule and the authority of a governing regime.192 In order to measure legitimacy, Yves Poullet identified three criteria: (1) Legitimacy of authors, (2) conformity of the content compared to other legal rules, and (3) the rules’ respect in the public sphere.193  (1) The first criterion is concerned with authors who draft and promulgate norms and asks if they find approval by the people who are subject to their authority. In traditional regulation, governments receive approval through general elections and the will of the voters is expressed by parliamentary representation. If the voters disapprove of their actions, they can elect different regulators after the end of the legislature period. The regulator’s power is defined and constrained by fundamental texts such as the constitution.194 Additionally, decisions or mistakes of regulators are subject to judicial review. In contrast, members of self-regulatory bodies are, in most cases, appointed without a general election process and not accountable through constitutional channels.195  191 Haufler (2001) at 2; Huepkes (2009) at 430. 192 Bonnici (2008) at 53. 193 Y. Poullet, How to regulate Internet: New paradigms for Internet governance self-regulation, in C. Monville, Variations sur Ie droit de la societe de 1'information (Bruxelles: Bruylant, 2001) at 93-94. 194 Ibid. 195 Kleinsteuber (2004) at 73.  43 Norms are generated in an internal process without constitutional checks and balances.196 The regulators are not part of the political process, nor directly subject to political pressures; at the most, they are accountable to their own members.197 It can be argued that those authors are legitimized by groups which are represented in self-regulatory panels.198 However, this does not represent the general public because the members are chosen by features such as expertise, personality or professional function.199 Therefore, it does not equal representation by general elections. (2) The second criterion of conformity with other rules shows similar results. In traditional regulation, norms must comply with already existing rules in related areas and with norms with superior value (e.g. constitutional texts, supranational norms). In self- regulation, there is not a necessary reference to other legal texts. However, rules cannot advocate criminal behavior and in some countries constitutional standards apply.200 (3) The last criterion of respect for rules in the public sphere is connected with the aspect of enforceability (see 4.2.1): It asks if norms stimulate the addressees to comply with it, if addresses are aware of the content of the norm and of costs for not respecting it.201 Normally, governments publicize norms to bring them to attention of citizens in order to allow them to foresee consequences and penalties. Additionally, the administration and courts control the respect and sanction infringements.202 In self-regulation, publicity,  196 Poullet (2001) at 94. 197 A. C. Page, Self-Regulation: The Constitutional Dimension (1986) 49 Mod. L. Rev at 163; Cane (1987) at 331. 198 Bosch (2007) at 182. 199 J. Ehlers, Aushöhlung der Staatlichkeit durch die Privatisierung von Staatsaufgaben? (Frankfurt: Peter Lang, 2003). 200 See CHAPTER 3. 201 Poullet (2001) at 93-94. 202 Ibid.  44 control and sanctions have to be ensured by internal arrangements. The nature of these arrangements dictates the level of respect for the norms. Likewise, the first and second criteria are subject to arrangements: Self-regulatory organizations can be accountable to external bodies that guarantee their oversight. Rules can be drafted so that they resemble or respect other rules. Systems for complaints and grievance-handling mechanisms can be created. Therefore, Robert Baldwin and Martin Cave claim that lack of accountability is not a necessary feature of self-regulation.203 However, if industry insiders handle complaints or review decisions it is difficult to assure objectivity. It is likely that codes are shaped under the influence of beneficiaries and that decisions are affected by subjectivity.204 This is especially undesirable when decision of the bodies affect third parties (e.g. consumers) and if the organization is meant to serve the public interest.205  Therefore, many legal scholars advocate for increased judicial review of self-regulatory organizations.206 So far, there is no clear line to determine when decisions can be subject to review. However, the case where private organizations exercise public law functions, is an example where judicial review appears obligatory.207 In order to define when an action is public, it is necessary to consider the function of the act and the power which is exercised. So far, courts are reluctant to make this judgment and control private  203 Baldwin, Cave (1999) at 130. 204 T. McGonagle, Co-Regulation of the Media in Europe: The Potential for Practice of an Intangible Idea (2002) 10 IRIS Plus at 5. 205 Baldwin, Cave (1999) at 129; see also Huepkes (2009) at 430. 206 Page (1986) at 144; Cane (1987) at 325; Baldwin, Cave (1999) at 130; J. Black, Constitutionalising Self- Regulation (1996) 59 Mod. L. Rev. at 29. 207 The UK case R Datafin plc v Panel for Takeovers and Mergers [1987] 1 All ER 564 exemplary deals with this questions; Page (1986) at 144.  45 organizations.208 And if the public component is absent, members are often left to the organizations’ arbitrariness without the safety net of review. Therefore, lack of legitimacy is a recurring problem of self-regulatory bodies. Whereas governments are linked up with mechanisms which guarantee accountability and control, this is not an embedded feature of self-regulation. This affects acceptance for the rules and authority of the regimes and is particularly problematic when decisions affects third parties. 4.2.3. Possibility of race to the bottom ‘Why would they accept strict voluntary codes if they oppose strict mandatory rules?’209 This question by Jean Boddewyn reveals a dilemma of self-regulation - the voluntary character of norms implies that organizations are not bound to maintain high standards. Quite the contrary, organizations can dismantle existing regulatory standards without consequences. Lowering standards can be one way of saving costs in order to compete with other corporations. Without a compulsory membership there is the possibility that the worst offenders remain outside a regime (‘free riders’), and other members either drop out of the regime to abandon their standards in order to compete, or the organization entirely lowers the standards to a minimal level.210 Similarly, financial interests can lead participants to choose a weak self-regulatory system if there are multiple options.211 The advantage of being able to apply regimes internationally and choose between different, cross-border systems (see 4.1.3) increases the problem. When it leads to watered down  208 Black (1996) at 33. 209 Boddewyn (1988) at 9, referring to European Consumer Law Group, Nonlegislative Means of Consumer Protection (1983) VI 2 J. Cons. Pol. at 209. 210 Sometime laws (e.g. antitrust laws, freedom of association) even forbid compulsory memberships, ibid. 211 Huepkes (2009) at 430.  46 regimes, the advantage turns into a disadvantage from a public policy point of view. Therefore it is asked if self-regulation serves the public interest and adequately responds to public concerns or if it ‘corrupt[s] the system by favoring […] own interests over the public good’212. The main incentive that can prevent decreasing standards is public perception and a corporation’s desire for good reputation. Although reputation is an intangible resource that can have significant commercial value,213 it remains doubtful if public pressure is enough to compensate this deficit. The following section may answer to the question of whether governmental participation can solve parts of this problem. 4.3. Advantages of co-regulatory organizations The private sector can offer the expertise to draft regulation that minimizes costs and maximizes benefits.214 Ideally, the official sector could assist in identifying weaknesses and market failures that could harm the public good.  Enforcement and assistance by the public sector could give the rules legitimacy. Necessarily, these systems are more complex than pure state regulation or pure self-regulation. 4.3.1. Improved enforceability In self-regulatory environments there is no way of ensuring that the private sector upholds its end of the bargain (see 4.2.1). By providing a legal framework that contains effective enforcement mechanisms, the public sector can force industry participants to  212 Ibid at 429. 213 Reputation is a global corporate asset which can be increased by codes of conduct, see V. Haufler, A public role for the private sector: industry self-regulation in a global economy (Washington D.C.: Carnegie Endowment, 2001) at 26; Bonnici (2008) at 56, 196. 214 Huepkes (2009) at 445, 446.  47 stick to their own rules.215 Governments can scrutinize development and application of private rules and provide external accountability. Thereby industry norms can achieve a binding effect which is absent in purely self-regulatory regimes. Judicial review combined with other enforcement tools adds an adjuvant element of distance and independency. These tools are committed to the public good and therefore are not reluctant to detect violations and pursue sanctions. Often the mere threat of these sanctions is sufficient to keep the groups in check.216 This way the private sector can still draft rules, bring its expertise to the table, and avoid burdensome direct regulation. However, self-regulation loses some of its flexibility if the rules have to withstand judicial review and enforcement is limited to national jurisdictions. This is the cost for guaranteed, or at least increased, compliance. 4.3.2. Increased legitimacy Legitimacy of traditional command-and-control regulation is guaranteed by legitimacy of the norm creators, conformity of the content compared to other legal rules, and the rules’ respect in the public sphere.217 This does not automatically apply to co-regulation. If a link to a public body exists, it does not change the fact that representatives of industry and interest groups are not directly legitimized by the general public. However, self- regulation can benefit indirectly by the public connection by way of: (1) The legal framework, produced in a parliamentary process; (2) Supervision; and (3) Support for the relevant authority.   215 See Kleinsteuber (2004) at 66. 216 Bonnici (2008) at 195. 217 See three criteria by Yves Poullet at 4.2.2.  48  (1) The legal framework on which co-regulation is based, is produced in a parliamentary process and is thereby linked to the will of the voters.218 This democratic connection is established, even if the framework only determines range and requirements of tasks.219 If it demands additional requites such as expert knowledge and qualifications for panel members or open organizational structures, it can further increase legitimacy and transfer authority. (2) Supervision by a legitimized public body can transfer authority to the supervised body.220 This does not require that the body is subject to directives or instructions, instead control of legality is sufficient. (3) Eventually, a public body can encourage self-regulation and thus increase authority. One way of encouragement is to give recommendations in official documents that support industry regulation. Another possibility is financial assistance that can be associated with conditions to keep the industry in check (altruistic funding without conditions increases legitimacy as well).221 These indirect forms only constitute a ‘chain of legitimization’ and therefore are not as clear-cut as command-and-control regulation in areas where governments have immediate power, but they provide more freedom for market participants and concurrently increase their authority. 4.3.3. Absence of race to the bottom Preventing a race to the bottom is one of the most significant advantages of co- regulation. By setting minimum statutory requirements, the government can obviate declining standards. By creating compulsory memberships, the government can prevent  218 Bosch (2007) at 185. 219 Ibid. 220 Ibid at 186. 221 Bonnici (2008) at 56, 68.  49 the industry from staying out or dropping out of regulatory regimes. Combined with control mechanisms and effective enforcement (see 4.3.1) governments can thus maintain high standards.222 With the help of governmental participation, self-regulation does not become an attempt to ‘deceive the public into believing in the responsibility of an irresponsible industry’223. Furthermore, independency of public bodies from the industry being regulated can benefit regulation: Industry participants are unlikely to conduct wide-ranging research, to consult broadly amongst affected parties, to consider a wide range of policy options, and to consider radical reforms of the existing system.224 Governments, on the other hand, have the necessary procedures and resources and may not tend to incrementalism.225 Whereas self-regulation is often a response to specific scandals or misconduct, and a way to disarm critics, governments often have a broader point of view.226 This would certainly diminish the ‘self’ part of self-regulation, but it does not mean that governments interfere in detailed aspects of private rule making. Rather, it means using governmental resources to set frameworks and basic requirements in order to foster the public good. 4.4. Difficulties of co-regulatory organizations As seen in 4.3, co-regulation can compensate some problems of self-regulation, namely deficit of enforceability, reduced democratic legitimacy, and possibility of decreasing standards. Therefore, from a governmental perspective, it performs better than pure self-  222 This can prevent that self-regulatory bodies decide in case of doubt in favor of their own members (‘capturing’); see Hahn, Vesting (2008) at § 1, Rn 24. 223 Price, Verhulst (2005) at 10. 224 Cane (1987) at 330. 225 Ibid. 226 Ibid.  50 regulation. However, co-regulation decreases flexibility of self-regulation and can produce new problems. 4.4.1. Deficit of information Whereas practitioners know about their fields, governments have to acquire information in advance. Therefore there could be a deficit of information which is inherent to co- regulation.227 Firstly, this is not a specific problem of co-regulation. In command-and-control regulation, governments also only have indirect access to information, and have to obtain information by interviews, experts or surveys. This might be slightly harder in co- regulation because self-regulatory bodies act as additional intermediaries that could possibly filter information. However, direct and first-hand access to information is never guaranteed. Secondly, it is not an aggravation compared to self-regulation: When self- regulatory regimes determine and enforce rules, the government has no access to information at all. In a co-regulatory regime, the government is at least partly involved and can acquire some knowledge. Therefore, it would be incorrect to speak of a specific deficit of information. Information on which to base rules and remedies is crucial for regulation, and industry participants are likely to be in a better position to obtain information because they have the technical expertise, are familiar with the activities and have technical access228; but from a regulatory point of view using this information is more valuable than refraining from it completely.   227 Baldwin, Cave (1999) at 127; Hahn, Vesting (2008) § 1, Rn 23. 228 Bonnici (2008) at 201.  51 4.4.2. Deficit of control A related concern is that governments lose the ability to control the behavior of the recipients.229 Eberhard Schmidt-Aßmann fears that private interest groups dictate terms and governments are unable ‘to tackle problems’.230 This expresses the fear that states exclude themselves instead of taking an active role in regulation.231 It is true that co- regulation is a way to empower private interest groups, but in co-regulation states can set legal frameworks and therefore control general conditions and confine private interests. This may be inapplicable to crucial areas, such as national security or taxation where direct access and control is vital.232 But it is suitable for other areas where immediate control is not an essential factor. There, the disadvantage of a lack of control takes a backseat in comparison to the advantage of relieving the state of regulatory burden.233 Again, this is only a disadvantage compared to traditional regulation because, in comparison to self-regulation, legal frameworks add an element of control. 4.4.3. Limited scope Limited scope of co-regulation is the mirror image of international application of self- regulation. Co-regulation is not suitable for cross-border application. It cannot prevent corporations from choosing another forum in order to avoid strict national legislation.234 For a more detailed discussion see above (chapter 4.1.3).  229 Renate Mayntz, Politische Steuerung und gesellschaftliche Steuerungsprobleme, in Thomas Ellwein et al, Jahrbuch zur Staats- und Verwaltungswissenschaft Band 1 (Baden-Baden: Nomos, 1997) at 99. 230 Schmidt-Aßmann (2001) at 263. 231 Bosch (2007) at 81. 232 Ibid at 166. 233 U. Di Fabio, Die Verwaltung und das Verwaltungsrecht zwischen staatlicher Steuerung und gesellschaftlicher Selbstregulierung (1997) 56 VVDStRL at 239. 234 Bosch (2007) at 81-82.  52 4.5. Conclusion An overview of advantages and difficulties shows ambivalent results. On one hand, self- regulation is close to the relevant matter and a quick and informal way to regulate. The atmosphere benefits from mutual trust and moral adhesion. It lowers costs for formulation, interpretation and monitoring of rules, and disburdens the tax payer. The proximity and links to the profession ensures that rules are up to date. On the other hand, control and sanctions have to be ensured by internal arrangements which are only suited to a limited degree to detect violations and uphold the public good. The voluntary nature of codes implies a problem of compliance. At this point governments can step in by providing oversight and accountability, and thus help to maintain high standards. Problematically this reduces some of the flexibility and hampers international application. The last point may be important in fast moving and globalized environments. However, the concerns about a deficit of information and control did not turn out to be severe, especially in comparison to command-and-control legislation. Furthermore, co- regulation increases legitimacy of the rules and of the rule-making power, whereas self- regulation lacks authority in relation to third parties. Governmental participation can compensate some difficulties and at the same time utilize some of the benefits of self- regulation. In this context, a study of impact assessments in countries that use a mix of self-regulation and governmental elements came to the conclusion that it can provide a fast pace of decision-making, a change of high industry accountability and high sustainability.235 A cost-benefit analysis of self-regulation highlighted its ambivalent  235 Schulz et al (2006) at 119.  53 character.236 The aim of the following chapters will be to discover if the expertise and efficiency gains outweigh the weaknesses of legitimacy and accountability, and determine which elements are suited for Internet regulation.  236 Positively, self-regulation reduces costs associated with compliance, the system is difficult to evade because of peer pressure and public expectations, it is better suited for transnational conflicts, it is more flexibly adaptable to rapid changes and it avoids state intervention in sensitive areas of basic right. Negatively, private censorship can be more coercive and sweeping than public censorship, it also involves significant monetary costs, free riders ignore voluntary systems which other actors built up, there is a democratic deficit and enforcement is mild. Price, Verhulst (2005) at 8.  54 CHAPTER 5: EAST COAST CODE AND WEST COAST CODE In the offline world, regulation is bound to territorial borders.237 Their sphere of action can reach to particular individuals and items of property, or can be extended by international cooperation, but ultimately ends at a preassigned margin. In contrast, Internet is of a transborder nature and as Johnson and Post put it, there are no signposts that give notice that the rules change.238 This chapter will display the common response schemes to this peculiarity, which are (1) reject regulation, (2) rely on national laws, (3) rely on self-regulation, and (4) use the regulatory effects of code. Regulatory effects of code will take into account that the only element that transcends all territorial boundaries is the language of software. This became known under the term ‘west coast code’ as a synonym for software and hardware produced in Silicon Valley. The opposite term ‘east coast code’ refers to regulation conducted in Washington DC and stands for command-and-control regulation. Besides examining the response schemes, the goal of this chapter is to determine if governments have a role in this system and if so, how this might look like. 5.1. Rejection of regulation The first response to online regulation was rejection. Internet was believed to be, by nature, unavoidably free and immanently resistant to control.239 This view originates in the assumption that it is a place, detached from the real world, where the individual can be anonymous and eventual constraints could easily be circumvented.240 Are these factors  237 See 4.1.3 and 4.4.3. 238 D. Johnson, D. Post, Law and Borders – the Rise of Law in Cyberspace (1996) 48 Stan. L. Rev. at 1370. 239 L. Lessig, Codev2 (2006) at 3. 240 See excerpt from John Perry Barlow, A Cyberspace Independence Declaration (02/09/96)  55 still relevant today? Johnson and Post considered the volume of electronic communications too great for governments to regulate.241 And today’s Internet seems to prove them right: there are many grey areas where regulation or assertion of power could not be proven effective. For example, file sharing which infringes national laws is still responsible for a considerable amount of web traffic242, spam is accountable for an increasing percentage of e-mail messages243 and numbers of cybersquatting cases are rising despite national regulatory efforts244. Internet’s basic protocols like TCP/IP245 indeed favor an open, decentralized infrastructure: Internet traffic is transmitted in packets over different nodes and the layout of TCP/IP does not reveal content, sender or receiver of data, which rendered finding a connection between IP address and physical address nearly impossible.246 Thus, basic requirements of regulation like knowing who someone is, where someone is and what they are doing were not present in Cyberspace’s original design.247  ‘Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. […] I declare the global social space we are building to be naturally independent of the tyrannies you seek to impose on us. You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear. […]’ 241 Johnson, Post (1996) at 1372. 242 35.6% in 2008 in North-America, see Sandvine, Analysis of Traffic Demographics in North-American Broadband Networks (2008) 243 92% of all e-mail messages, see McAfee, Threats Report: Second Quarter 2009 244 WIPO, Record Number of Cybersquatting Cases in 2008 (03/16/09) 245 See explanation at 2.4.1. 246 Lessig (2006) at 44. 247 Ibid at 23.  56 However, the absence of a connection between Internet address and physical jurisdiction did not prevail.248 Nowadays systems of logging and data retention249 have made it possible for authorities to retrace this very connection. Governments or individuals can request claims for disclosure against Internet Service Providers, which can lead to criminal prosecution and civil liability.250 Rejection of regulation was also based on the assumption that governments cannot stop electronic communications from coming across borders. However, totalitarian regimes or states with a different attitude towards free speech have proven this wrong. Systems of surveillance combined with filtering technology can at least partly establish a system of ‘virtual fences’, although in free societies the flow of information still does not stop at territorial borders.251 Nevertheless stating that Internet, by nature, has to be unregulable or anarchic does not correctly respect the realities.   The idea of Cyberspace as a completely new place, which is only loosely related to the physical world, has to be reassessed as well. Users are buying goods that can be delivered into their homes, wire money that they can access in the real world, express opinions online that can insult their very neighbors etc…These many effects on our real life impose the necessity to regulate.252 This is amplified by the rising integration into our  248 Johnson, Post (1996) at 1371. 249 See EU directive ‘On the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending’ (Directive 2002/58/EC) 250 See § 101 UrhG (German Copyright Act) 251 Johnson, Post (1996) at 1390. 252 L. Lessig, The Zones of Cyberspace (1996) 48 Stanford Law Review at 1402; Lessig argues that they are both in Cyberspace and in the real world, see Lessig (2006) at 298: ‘While they are in that place, cyberspace, they are also here. They are at a terminal screen, eating chips, ignoring the phone. They are downstairs on the computer, late at night, while their husbands are asleep. They are at work, at cyber cafes,  57 daily life: Internet facilitates professional and personal communication and transforms into a permanently accessible source of information. The initial obstacles of plugging into that ‘place’ have vanished.  Furthermore, the ability to circumvent code is often mentioned against Internet’s regulability. In 1997 Froomkin, for example, compared the Internet to the many-headed serpent Hydra which is growing new heads every time previous ones are cut off because almost every attempt to block access to online material is easily circumvented.253 He has a point in saying that in the past several technologies, especially in the area of Intellectual Property, have been circumvented (e.g. CSS for video DVDs or SecuROM and SafeDisc for PC Games). This constantly led to improved versions of software which often only existed a few days before they were once again circumvented (leading to so called ‘code wars’254). Comparing circumvention to real life lock picking might reveal the dimensions:255 We lock our doors despite the fact that we know that locks can be picked. But being a lock picker requires a certain amount of skill and knowledge. Acquiring those skills in the real world might include finding knowledgeable persons, getting the necessary tools and practicing for a period of time. For ‘picking locks’ in Cyberspace this knowledge does not necessarily have to be acquired; experts write program routines which can circumvent advanced protections and users can execute this software without needing to understand  and in computer labs. They live this life there, while here, and then at some point in the day they jack out and are only here. They rise from the machine in a bit of a daze, and turn around. They have returned.’ 253 A. M. Froomkin, The Internet as a Source of Regulatory Arbitrage in Brian Kahin, Charles Nesson, Borders in Cyberspace (Cambridge: MIT Press, 1997) at 129. 254 S. Biegel, Beyond Our Control? Confronting the Limits of Our Legal System in the Age of Cyberspace (Cambridge: MIT Press, 2001) at 209. 255 T. Wu, Application-Centered Internet Analysis, 85 Va. L. Rev. 1999, at 1195-1196; Biegel (2001) at 210-211, 250.  58 its mode of operation. This way they can circumvent a protection with one mouse click. This is the equivalent to the ultimate picklock. In defense of regulation, it has to be said that it is often those who produce or apply the tools who generalize from their experience that regulation is not possible.256 Even applying those tools often requires some technical knowledge the average user might not have. Furthermore, the typical Internet user, in the offline world, is a law-abiding citizen who respects ‘east coast code’ and could be deterred from using these techniques. To have a deterring effect, systems of protection do not have to be perfect. For example, Adobes DRM is embedded in the company’s eBook-reader and allows publishers to choose between different sets of restrictions regarding printing or copying.257 Although the restriction on this technology can be circumvented, it has been established as a standard that is accepted by a wide user base. Acknowledging these realities leads to dismissal of the idea that regulation has to be flawless. Leaving online doors unlocked is not the only option. Therefore, rejection of regulation is an obsolescent response scheme and constitutes ‘cyber-romanticism’258. 5.2. Reliance on national approaches The opposite to rejection of regulation would be to apply national laws to Cyberspace. Governments, as the traditional main regulatory bodies, could either extend their existing laws or adjust them to fit Cyberspace. Both methods originate in a moderate view towards Internet’s peculiarities:  256 Ibid. 257 J. M. Besek, Anti-Circumvention Laws and Copyright: A Report from the Kernochan Center for Law, Media and the Arts (2004) 27 Colum. J.L. & Arts at 461. 258 A. L. Shapiro, The Disappearance of Cyberspace and the Rise of Code (1998) 8 Seton Hall Const. L. J. at 709.  59 ‘Cyberspace is nothing really strange or special. Bits are just another medium of expression […] Expressions in cyberspace are just as real, and exist in space in the same way as expressions in other media [through presence in ROM and RAM]. The term ‘cyberspace’ is misleading to the extent that it connotes a dimension apart from that of ordinary experience.’259  And governments have proven that they can assert regulatory power in the Internet: For example, the US’ Federal Trade Commission (FTC) successfully battles computer fraud and protects consumers in an online environment. Prosecution in unfair or deceptive practices especially in the area of online advertising has led to numerous convictions.260 The ‘myth’ of inability to regulate is already shown to be wrong.261 However, the example of online fraud is analogous to offline conduct and stakeholders agree on appropriate approaches.262 Other areas display more differences to offline conduct: The mentioned example of file sharing could be compared to using a photocopier, but that does not take into account that it results in exact matches of the copied medium and that it can be distributed easier. Therefore taking into account Internet’s peculiarities becomes a necessity. Furthermore, enforcement poses a problem due to the fact that it is primarily based on the presence of a person or their assets in a certain territory.263 Internet with its transborder nature does not follow these traditional rules. Instead in an online environment jurisdiction could be asserted by variables like location of server, location of user or location of site operator. As consequence, finding the appropriate forum is subject to  259 D.R. Koepsell, The Ontology of Cyberspace (Peru: Open Court Publishing 2000) at 124. 260 On basis of the Ferderal Trade Commission Act (15 U.S.C. §§ 41-58). 261 Biegel (2001) at 277. 262 Ibid. 263 See J. L. Goldsmith, Against Cyberanarchy (1998) 65 U. Chicago L. Rev. at 1216.  60 countless court disputes.264 States can try to apply their legal system exterritorialy or force Internet Service Providers to control users and content but this cannot grasp all users operating from different countries.265 This is aggravated by the fact that a server’s content can easily be moved and thereby strict jurisdictions can be avoided. Users can further mask their identities by using encryption or anonymous remailers.266  A tool to cope with these problems would be international cooperation. By agreeing on the manner of unwanted or improper conduct, and improving cooperation in criminal prosecution, certain ‘loopholes’ could be closed. But international law is progressing slowly due to the fact that even in crucial areas (like racist and xenophobic content267) consensus among states cannot be reached. This is rooted in diverse cultural backgrounds and values and it remains doubtful if agreeing on the least common denominator satisfies national expectations. On the contrary, a watered-down version of the intended regulation can be the result.268 Established international regulatory powers like the World Trade Organization or the International Telecommunication Union could facilitate the process of reaching a consensus, but at the moment they do not have the authority to address these problems (increasing power and democratic legitimacy would involve the transmission of sovereignty rights).269 It is even doubted if the transmission of  264 See only Calder v. Jones, 465 U.S. 783, 104 S. Ct. 1482; 79 L. Ed. 2d 804; Zippo Manufacturing Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119 (W.D. Pa. 1997), Yahoo! Inc. v. La Ligue Contre Le Racisme et l'antisemitisme, 433 F.3d 1199 (9th Cir. 2006). 265 Christiansen (2000) at 123. 266 Goldsmith (1998) at 1221. 267 The drafting of the Convention on Cybercrime took more than five year and only a minimal consensus on child pornography could be reached, other content had to be relegated to optional protocols to secure signing of the document; by 01/19/2010 20 of 46 states have not ratified the document originally signed in 2001; see Council of Europe, Convention on Cybercrime, CETS No: 185 (01/19/2010); Bonnici (2008) at 67. 268 Cannataci, Bonnici (2003)  at 53. 269 Christiansen (2000) at 124.  61 sovereignty is suitable in an Internet context since it does not represent Internet users’ decision and those processes may be too slow for Internet’s fast development.270 However, due to the complexity of having elections in the current online environment that would accurately represent user’s choice, it may be the online available option. Ultimately, national and international regulation is possible but, in particular, enforcement and sanctioning non-compliance poses a problem in an online setting. 5.3. Reliance on self-regulation Self-regulation was the dominant way of solving disputes in the early days of the Internet (see 2.2). Today most web communities still rely on moderators, administrators and rules of conduct instead of external authorities. This has its roots in the belief that individuals or entities that are in close proximity to the relevant matter understand it best, and therefore should shape the new environment.271 Furthermore, in self-regulatory institutions the process of decision-making is usually faster and more flexible than in traditional legislative and executive branches.272 Self-regulation acknowledges that there are numerous of pages, web boards and social networks which all rely on their own set of rules instead of a homogenous group of Internet users.273 This system of sub-communities and multiplicity of rules is agile and subject to market-forces - through the possibility of choosing between different sets of rules, the best systems can allocate most users and therefore contribute in spreading these  270 Ibid. 271 See advantages of self-regulatory organizations 4.1.1. 272 Ibid; Cannataci, Bonnici (2003) at 57-58. 273 Biegel (2001) at 20-21, 51;  Johnson, Post (1996) at 1397-1399.  62 rules.274 For example, a web page with a strict privacy protection may be preferred to a site without privacy regulations and a page whose regulation proves permeable will experience a drain of users or be forced to improve the regulation. This way responsible forms of self-regulation might develop which can address the peculiarities of online conduct and online conflict resolution. It has to be asked if the other boundaries of self-regulation (deficit of enforceability, problem of democratic legitimacy, decreasing standards and reluctance to support public policy objectives, see 4.2) are likewise present in an online context. Enforceability does not have to be inferior in a self-regulatory system, mainly because the government’s ability to enforce power is also hampered due to Internet’ transborder nature (see 5.2). However governments have the resources which might be needed to supervise larger networks, compared to smaller less-fluctuating groups in which relying on a community sense may work. Reluctance to public policy objectives can even be greater in an Internet context when it is easier for communities or site operator to avoid prosecution. States are commited to uphold high standards in matters of protection of minors, indecent or obscene material, privacy and protection of right holders. They are observed by systems of democratic control including judicial review and periodical votes. Self-regulatory organizations are not bound to these instruments of control which can lead to a lowering of standards (a ‘race to the bottom’275). Eventually, reduced democratic legitmacy can be compensated. Greater involvement of participants can create a direct link between self- regulatory body and the public.276 This can lead to a broader acception of regulatory  274 Johnson, Post (1996) at 1397-1399. 275 See detailed 4.2.3. 276 See 6.2.  63 decisions and benefit regulation. A top-down regime without democratic participation can have adverse effects. To cope with problems which arise, it is argued if the Net could develop its own effective legal institutions.277 Major web sites already feature their own systems of dispute resolution which try to avoid national court proceedings.278 The idea of virtual courts, suggested in 1994, already anticipated to some extent developments like ICANN’s279 dispute resolute UDRP280.281 Like most self-regulatory organizations these solutions are limited to singular areas, and do not provide a global judicial system. Even if such a system would be suited for Internet’s nature, it cannot be expected to appear out of thin air and development without governmental cooperation is currently not within reach. However, small solutions can be beneficial as they allow specially tailored answers to individual problems. Addressing problems on the level which is suited best has been long practiced in traditional regulation under the headword of federalism. Now Internet allows cutting the connection to governmental authorities. Instead of assigning tasks to the level of institution that can conduct certain tasks most efficiently, Internet can develop these  277 Johnson, Post (1996) at 1387. 278 E.g. ebay is working closely with dispute resolution provider Square Trade 279 See 2.4.1 280 UDRP - Uniform Domain Name Dispute Resolution Policy; ICANN and WIPO created this policy to effectively reduce cybersquatting. It is based on contractual adherence and thus circumvents the problem of numerous jurisdictions. All registrants have to agree to mandatory administrative proceedings under URDP when they sign up for a domain name. The arbitration is predominantly online and does not include in- person hearings. See J. P. Cortes Dieguez, An analysis of the UDRP experience – Is it time for reform? (2008) 24 Computer L. & Sec. R. at 350; J. D. Lipton, Beyond cybersquatting: taking domain name disputes past trademark policy (2005) Vol 40 No 4 Wake Forest L. R. at 1372. 281 See T. Hardy, The Proper Legal Regime for Cyberspace (1994) 55 U. Pitt. L. Rev. at 1051.  64 institutions from a bottom-up perspective.282 This approach has proven feasible in an Internet context and does embrace the multiplicity of rules and communities while not being bound territorially. 5.4. Use of regulatory effects of code Acknowledging the regulatory effect of code is a key element of modern Internet Law. Technology has the advantage of being customizable and therefore allows shaping of an environment that suits our needs. Unlike in real life, variables can easily be changed in a world which consists solely of code. Lessig goes as far as proclaiming an architecture in which control is solely exercised by the regulatory effect of code.283 According to him code, software and hardware, could regulate Cyberspace in the same way that law regulates traditional spaces.284 If the present Internet is dominated by anonymity, it is a matter of choice of technology if we either change it to an environment dominated by controllability or further facilitate access to information. Thus, the existing environment is either changed by adding or removing layers of control.285 The initial example of file sharing can display this process: If the MP3-standard provides no protection against copying and sharing music, new levels of protection have to be added. Adding systems of digital right management may help right owners to prevent unauthorized duplication of their work. If copying of a music file is successfully restricted by software, this can impose the same effects or even stricter effects than a law  282 See similar J. M. Bauer, M. F. Wilsey, National And Supra-National Regulation Of Cybernetworks And Telecommunications Carriers, draft (09/27/96); bottom-up approaches have been successfully conducted by organizations, such as IETF that requires rough consensus in decision-making, see 2.4.1. 283 Lessig (2006) at 4-5 and 27-28. 284 Ibid at 5. 285 Ibid at 36.  65 that sanctions unauthorized copying. The same restrictions can equally be revoked by making changes to the software.286 This effect of code is mainly responsible for generating regulability in an Internet context. It has some fundamental differences to the classic understanding of law. Code in contrast to ‘east coast law’ is automatically binding and absolute.287 Users have to utilize specific programs to enter the Internet and gain access to information. They depend on its code, because not using it would obviate the desired results. Therefore, the functioning of software sets the parameters for the user’s behavior. After its implementation, no further enforcement is necessary or as Bonnici put it: ‘Once implemented, the technical rules direct the behaviour of users and participants, allowing little or no scope to deviate from the rule’.288 Problematically, the initial critique of possible circumvention can be applied to code regulation too.289  But once again, it does not have to be perfect to have positive regulatory effects (only effective). Besides, code regulation can improve with technical development.290 While in some areas regulability may not even be a medium-term prospect, it can further progress with technical development. It has to be asked if this is a method of self-regulation or rather an addition to self- regulation. In the past regulation by code in the form of creation of technical standards  286 After growing protest against restrictive digital rights management in MP3 files major labels decided to abandon the concept and sell again music without copyright protection. Currently it is debated if this leads to an increase in sales numbers and affects illegal file-sharing; E-Commerce Times, Chris Maxcer, Amazon Wrangles Warner Into No-DRM Club (12/28/07) Wrangles-Warner-Into-No-DRM-Club-60982.html?wlc=1219268887; Reuters UK, Kate Holton, Rstriction-free music sales soar on (07/07/08) 287 Bonnici (2008) at 118. 288 Ibid at 194. 289 See 5.1, p. 58 et seq. 290 Biegel (2001) at 188.  66 was mainly performed by private groups (primarily corporations or academic institutions).291 Due to the absence of a connection with governments and due to the exercise of control, this comes close to the initial definition of self-regulation (see 1.3.1). However, the use of codes of conduct is different from the use of code: Codes of conduct are not obligatory by nature. They have to be agreed upon, adhered to and possibly monitored. Code, on the other hand, is binding and absolute and does not follow this scheme. Nevertheless, code, like codes of conduct, shapes the behavior of its recipients. Creators of software set standards that they consider as ‘acceptable behavior’ and users conform to these standards.292 Besides that, the membership in a self-regulatory environment is typically more defined. The use of a piece of technology is usually open to a larger number of users (but this can be changed and is again a question of code adjustment). Although code regulation is situated in close proximity to self-regulation, it shows some individual features which suggest a more supportive role. However it can be combined with ‘classic’ self-regulation and further enhance its effectiveness. Code-regulation together with self-regulatory mechanisms are the responsive schemes, which so far best reflect Internet’s peculiarities. And knowing that regulation depends on how the actual environment is designed and that it can easily be modified is important when speaking about self-regulation and possible participation of governments.    291 See ibid at 188. 292 Bonnici (2008) at 118.  67 5.5. Role of governments As stated in 5.1 many scholars would reject any regulation and many would prefer self- regulatory mechanisms, presented in 5.3, possibly in connection with the regulatory effect of code, presented in 5.4. Therefore governmental participation or any form of co- regulation which is necessarily based on a connection to a territory, could be obsolete in this new environment. Possible players like individuals, corporations, academic institutions, and other non-governmental institutions could step in and substitute the role of traditional command-and-control regulation. However, this does not solve the dilemma of low-standards in public policy objectives: The fact that self-regulatory organizations are not bound to high standards often leads to a race to the bottom (see 4.2.3) and revives the question of governmental participation: Could cautious state participation improve this situation? Possible future regulatory models to address this are  (1) the state as supporter and accreditor of self-regulatory organizations, (2) the state as initiator of code regulation.  (1) The first model acknowledges that governmental resources can aid self-regulatory organizations. Without financial support interest groups can try to influence those institutions to their personal benefit (‘capture from the outset’).293 If they succeed, regulation does not represent the organization’s initial foundation which tries to maximize overall benefit.294 States can absorb this influence by guaranteeing financial independency. Nonmonetary support can be awarded by giving knowledge about prior state regulation in close areas such as broadcasting. Besides improving independency  293 Christiansen (2000) at 125. 294 Ibid at 125, 127; C. Hood, Administrative Analysis (Brighton: Wheatsheaf 1986) at 84.  68 towards outside influences, support of self-regulatory organizations can assign additional legitimacy.295 However, the norms are still purely voluntary and organizations are not necessarily committed to uphold high standards.296 There is no way of monitoring or ensuring that they comply with public goals. This can be established by systems of accreditation and certification: Initially formulating standards of public policy objectives can set regulatory goals and compliance with these objectives can be awarded by certificates. Withdrawal of this certification is a threat which can assure ongoing compliance without interfering in the organization’s basic mode of operation (see further details CHAPTER 6). Maintaining a certificate is a signal of legitimacy which is recognized by users and customers and therefore acts as an incentive. However due to the connection to a governmental body it becomes, by definition, a system of co-regulation. But by using these governmental elements both systems can compliment each other and compensate each other’s disadvantages, namely governments’ narrow sphere of influence and self-regulation’s low, influenceable standards.  (2) The second model uses the regulatory effect of code. States, like private players, can produce software to foster public policy objectives. Lawrence Lessig, who proclaims an architecture of control exercised by code, does not reject the idea of governmental regulation.297 In the past, this architecture made regulation difficult, but governments can be part of changing it in the future. It has to be borne in mind that the status of the architecture is crucial for the possibility of regulation.298 Governments can influence the  295 See increased legitimacy 4.3.2. 296 See race to the bottom 4.2.3. 297 Lessig (2006) at 4, 60-69. 298 Ibid at 32.  69 architecture either by directly purchasing and developing software, or by indirectly creating rules which affect software companies. Both methods do have a more severe influence than the mere role of an accreditor and therefore have to be subject to certain requirements and possible restrictions.299 However, government’s use of code can be more easily constrained than regulatory efforts by external code writers. Those writers are not accountable through constitutional channels.300 In a system of increased regulability, enforcement could proof superior to the offline world due to the absolute effect of code.301 This option was not available when code was written by hackers and individuals but now that software is increasingly a product of companies the ‘influence of east coast code over west coast code has increased’.302 Software companies can easier be located and influenced by territorial rules and are likely to comply because of financial reasons or to increase their corporate value.303 The models (1) and (2) are not exclusionary: States can act as accreditors for code regulation or self-regulatory organizations supported by states use the advantages of code.304  There are already examples for successful combining elements of self-regulation with national regulation: The EU supports the development of standards and acts as an  299 See CHAPTER 6. 300 E.g. in systems with strict state action doctrine, see 3.2. 301 Lessig (2006) at 62. 302 Ibid at 72. 303 ‘Are these entities similarly regulable? The answer is that they are, though for different reasons. Skype and Vonage, as well as many other VOIP providers, seek to maximize their value as corporations. That value comes in part from demonstrating reliably regulable behavior. Failing to comply with the rules of the United States government is not a foundation upon which to build a healthy, profitable company. That’s as true for General Motors as it is for eBay.’ Ibid at 64, 149. 304 See Biegel (2001) at 118.  70 accreditor under the European framework for electronic signatures.305 References for technical, procedural and quality standards are developed and published by an industry expert panel under EU surveillance.306 The legal framework is designed for open implementation and can be adopted by interested organizations, governments or individuals to facilitate contracts in e-commerce. 307 After publishing these standards the EU is limited to conformance assessment and certification.308 This way non-mandatory regulation supports the development of electronic signatures.309 Another example is how the European data protection rules influenced the design of Microsoft’s sign-on service ‘.NET Passport’ (now Windows Live ID).310 Microsoft engaged in dialogue with an EU data protection working group which suggested changes to give the users more choice about provision and processing of data.311 This led to code changes in the final product and thereby fostered the public goal of privacy. In short, supporting self-regulation and using the regulatory effect of code can become an addition to existing models of regulation and a tool for governments to pursue public policy objectives.    305 Ibid at 116, 138; see detailed discussion in chapter 7.4. 306 ICTSB, Framework for EESSI Standards and Classes for Electronic Signatures, Issue 2.0 (09/06/00) at 1. 307 ICTSB, Final Report of the EESSI Expert Team (07/20/99) at 10. 308 Accreditation is accomplished under the European EN 45000 accreditation scheme or by a national body using equivalent criteria, see ibid. 309 EESSI (1999). 310 Caral (2004) 8. 311 Europa Press Release, Data protection: Microsoft agrees to change its .NET Passport system after discussions with EU watchdog (01/30/03) EN&guiLanguage=en.  71 5.6. Conclusion Some theories of the early days have lost their relevancy. Screens and passwords have not replaced physical, geographically-defined boundaries312, and the idea that the Internet would remain unregulated is gone.313 But whereas governments have proven that they can assert regulatory power on the Internet, the question remains if they are best placed to deal with that role. The problem is that national governments struggle with adapting laws to Cyberspace. Their traditional ‘east coast code’ is bound to territories and enforcement is increasingly difficult. Therefore, Internet cannot solely be ‘governed’ by traditional, centralized and hierarchical forms of regulation.314 Self-regulation can avoid the problem of territorial boundaries and code-regulation, or ‘west coast code’, can avoid enforcement problems. These mechanisms are best suited to deal with Internet’s peculiarities. However, problems of self-regulation like insufficient awareness towards public policy objectives are likewise present in Cyberspace. Governments can absorb some of these problems by (1) acting in the role of supporter and accreditor of self-regulation and (2) by using the regulatory effects of code and initiate code regulation.  312 Johnson, Post (1996) at 1367. 313 Lessig (2006) at introduction ix. 314 Christiansen (2000) at 127.  72 CHAPTER 6: FRAMEWORKS FOR INTERNET REGULATION By acting as supporter and accreditor of self-regulatory organizations, or as initiator of code regulation, states can maintain high standards to foster public policy objectives. The following chapter will consider possibilities to shape this connection between public and private sector. It will determine requirements which can either set standards for accreditation, set guidelines for code regulation, or find its way into legal frameworks for certificates. This tries to create institutional arrangements which are suited for Internet regulation and which meet the addressed difficulties of self-regulation while concurrently retaining its advantages.315 This way, governments can call attention to social values without pretending to police the network in a thorough manner.316 After displaying requirements for systems with governmental participation, this chapter will think about ways of omitting or substituting this element in pure self-regulatory regimes by using internal mechanisms. The overall aim is to improve effectiveness and acceptance of the respective regimes. 6.1. Requirements for co-regulation Frameworks for co-regulation have to accomplish the balancing act between being too coercive and too loose. In coercive regimes with a predominance of states, the ‘self’-part of regulation is virtually not happening and the advantages over command-and-control regulation cannot take effect.317 Co-regulation should not impose a system against the will of the participants, therefore it would be desirable to focus on the cooperative  315 For difficulties and advantages, see CHAPTER 4; see also overview Ogus (1994) at 109. 316 Y. Poullet, How to regulate Internet: New paradigms for Internet governance self-regulation, in C. Monville, Variations sur Ie droit de la societe de 1'information (Bruxelles: Bruylant, 2001) at 106. 317 K. König, Instrumente und Formen staatlichen Handelns (Köln: Heymann, 1993) at 112.  73 character. This involves, for example, a comprehensive involvement of all parties at an early stage.318 It should be open to all market actors and not favour traditional actors while leaving competitors out.319 On the other hand, the framework cannot be to loose, because co-regulation depends on industry commitments and the industry needs sufficient incentives to participate in regulation. There is no reason to believe that the industry will participate out of selfless reasons just to further a policy objective, there has to be some pressure such as pending state intervention in the sector.320 The following requirements set basic conditions to foster public policy goals and absorb market failures with modest governmental participation.  6.1.1. Establishment (accreditation and certification) In order to regulate self-regulation, a state can either choose to accredit organizations which themselves set rules for products or services (‘organizational centered model’), or certify codes of conduct which correspond with the state’s conception (‘provisions centered model).321 Certifying code instead of codes of conduct is just a modern variation of the provisions centered model. For both models, states can create a public agency, which has the authority to formally approve organizations or rules, and which has sufficient information for this task in order to act as a proxy for average users or consumers.322 The aim is to assure consumers of the quality of a product, and in an Internet context, to add certainty about the existence and  318 C. Palzer, Co-Regulierung als Steuerungsform für den Jugendschutz in den audiovisuellen Medien – eine europäische Perspektive (2002) 12 ZUM at 883. 319 Schulz et al (2006) at 179. 320 Ibid. 321 An example for the organizational centered model would be broadcasting regulation in Germany, and for the second provisions centered model broadcasting regulation in Australia, see Hahn, Vesting (2008) § 1, Rn 29. 322 Ogus (1994) at 110.  74 professional status of a dialogue partner.323 The public agency can grant accreditations or certificates for a limited period of time and either renew or revoke them. Imposition of state sanctions can be completely excluded as long as the self-regulatory organization is in line with given requirements and does not act beyond its discretionary power.324 Public agency and self-regulatory roles should be separated to clearly establish duties and responsibilities.325 Statutory requirements can be flexible minimum standards and guidelines instead of strict, imperative regulations. For example, a security guideline can be drafted to meet the most recent state of science and technology and thus avoid outdated statutory regulation. This is one way of using the industry’s expertise and circumventing the state’s deficit of information (see 4.4.1). 6.1.2. Transparency This paragraph can be classified into transparency of rules and transparency of code. Transparency of rules ideally means that the norms are ‘proposed, openly and widely disputed and finally executed in public, with an openness that clearly expresses responsibilities for decisions’326. This way, recipients are aware of norms, know the right(s) they enjoy, understand the responsibilities that follow, and mistrust is reduced to a minimum.327 Initially, all relevant guidelines, codes of conduct, charters, statutes, bylaws etc. should be published and made accessible.328 Transparency should also extend  323 This is a solution especially for consumer protection standards and security concerns. Poullet (2001) at 86. 324 For more details see 6.1.4, see also Schulz et al (2006) at 53. 325 Palzer (2002a) at 886. 326 H. J. Kleinsteuber, The Internet between Regulation and Governance, in C. Möller, A. Amouroux. The Media Freedom Internet Cookbook (Vienna: OSCE, 2004) at 73. 327 Ibid; C. Palzer, Co-Regulation of the Media in Europe: European Provisions for the Establishment of Co-regulation Frameworks (2002) 6 IRIS Plus at 3. 328 Palzer (2002a) at 886.  75 to decision making processes and creation of norms. Before decisions are made, stakeholders should be heard, reasons for findings should be given in writing and disclosed to interested persons.329 Notifying the public accurately and in a timely manner contributes to comprehensibility and legal certainty.330 Having transparent procedures often increases public pressure and forces firms to uphold their commitments; this benefits the public good and corporations benefit from increased credibility and positive reputation.331 This brings Wolfgang Schulz to the conclusion that transparency rules support the regulatory objective and produce the best result from a welfare economy point of view.332 The tools of the Information Age can further increase transparency: Norms can be made publicly available online, meetings of regulators can be held in public and transmitted via video stream, users can submit proposals and statements, and negotiations can be accompanied by online mediation and online presentation.333  The Internet also requires transparency in the code layer. Software is often opaque and users only see the end results instead of knowing what the code is doing.334 Technical experts can guess what ‘closed code’ is doing or try to reverse engineer parts of it, but there is no reasonable way to discern its functionality.335 This is where the open source movement comes into play. ‘Open’, transparent code is accessible to the public and often developed with members of web communities. This does not allow all end users to  329 Schulz et al (2006) at 49. 330 See Bonnici (2008) at 193. 331 Virginia Haufler calls reputation and transparency a tool of ‘soft enforcement’ which leverages public pressure to ensure industry commitments. V. Haufler, A public role for the private sector: industry self- regulation in a global economy (Washington D.C.: Carnegie Endowment, 2001) at 3. 332 Schulz et al (2006) at 112. 333 Bonnici (2008) at 193; Kleinsteuber (2004) at 73. 334 Lessig (2006) at 139. 335 Ibid.  76 understand the functionality, but those who are knowledgeable about the technology can comprehend every aspect and identify possible flaws. Open code can benefit from user participation, collaboration and exchange.336 Hiding the functionality or the internal design of software can sometimes be necessary to preserve technological secrets or business secrets. If this is the case and organizations hesitate to make the code public, it could be disclosed only to a certification body which analyzes its function.337 This allows less democratic participation in the evaluation, but it can reduce vulnerability to software exploitation and preserve business secrets. Open code generally works as a check on the government’s regulatory powers because users are aware of the control mechanisms.338 With closed code, governments as well as private corporations can hide their agenda. By supporting or developing open, transparent code, governments can win the trust of Internet users and give credibility and legitimacy to standards or programs. 6.1.3. External accountability Self-regulatory organizations have limited abilities to hold offenders (4.2.1), as well as regulators (4.2.2) accountable. Regulators should be answerable in terms of (1) financial management; (2) procedural fairness; and (3) substantive decision-making.339  This involves minimizing administrative costs and not wasting resources, having fair and impartial procedures and deciding regulatory questions in a justifiable way.340 The state is  336 S. Weber, The Success of Open Source (Cambridge: Harvard University Pr., 2004) at 82. 337 Lessig (2006) at 143. 338 ‘Open code means open control—there is control, but the user is aware of it’. Ibid at 151. 339 M. Loughlin, Administrative Accountability in Local Government (York: Joseph Rowntree Foundation, 1992) at 2; Ogus (1994) at 111.  77 equipped with financial experts who are not vulnerable to private interest lobbying, is bound to procedural due process principles, offers judicial control to review regulatory activities and thus is suited to deal with all three challenges.341 The last point, judicial review, is also an appropriate instrument with which to address violations of offenders. Of course, any judicial scrutiny is constrained by legislative provisions, but it offers a unique independent and unprejudiced instance of external control.342 Problematically, it is based on a territorial link to a state, and thus could be of limited use for the transnational character of the Internet.343 However, the system of accreditation and certification offers the advantage that it is not necessary to determine the appropriate forum; the institution that attests conformity can define the forum and organizations can voluntarily submit to that forum. It further applies to intermediaries, which are easier to locate than end users. Effectively reaching end users is possible by using the binding regulatory effect of code (see 5.4).  States can also provide more informal complaint bodies and complaint procedures to assure accountability. This involves providing hotlines, permanent web addresses or national contact points.344 They can either be completely set up by states or run by ombudsmen who act as trusted middlemen between state and self-regulatory organization.345  340 Ogus (1994) at 111. 341 Ibid at 113-115. 342 Ibid at 116; Cane (1987) at 330. 343 See 5.2, p. 60 et seq, reliance on national approaches. 344 Palzer (2002b) at 5, 6. 345 For an example of an ombudsman, see British Columbia, Canada: ‘The Office of the Ombudsperson receives enquiries and complaints about the practices and services of public agencies within its jurisdiction. Our role is to impartially investigate these complaints to determine whether public agencies have acted fairly and reasonably, and whether their actions and decisions were consistent with relevant legislation,  78 Accountability explicitly extends to developers of code. It is a common perception that software developers are neither responsible for illegitimate nor illegal usage of their product.346 On the other hand, software developers are themselves imposing restrictions on the usage of certain contents and technologies.347 But when states develop software, or are able to influence developers via certificates, they can create responsibility for their actions. Increasing governmental influence in code development, takes away some important decisions, such as access to information, from engineers and technicians and reallocates those decisions to governmental bodies which can be easier controlled and are committed to the public good. This move acknowledges the increasing significance of software in the Information Age and the fact that regulation by code shapes our behavior in a similar way to traditional regulation.  External accountability bodies often have the problem that they do not have the same degree of expertise as the institutions that they control and override.348 However, autonomy and resistance against lobbying and third party influence balance this point. Furthermore, if rule making and enforcement lie in the same hands, it is considered a  policies and procedures. Our services are provided free of charge. The B.C. Ombudsperson is: An officer of the provincial legislature, independent of government and political parties, responsible for making sure that the administrative practices and services of public agencies are fair, reasonable, appropriate and equitable’. Ombudsperson B.C., About 346 See statement by Microsoft when the Chinese officials used their software to censor the Internet and identify political opponents 'We are focused on delivering the best technology to people throughout the world. However, how that technology is used is with the individual and ultimately not in the company's control.'  On the other hand, Amnesty International stated Microsoft violates the UN Human Rights code for multinational businesses that seeks to prevent abuse of Human Rights. N. Mathiason, The Observer, Microsoft in human rights row (02/01/04) 347 See response of Cory Doctorow, member of the Electronic Frontier Foundation, to the above mentioned discussion.  C. Doctorow, MSFT outfits Chinese Mini True's Room 101 (02/01/04) 348 Ogus (1994) at 117.  79 breach of the separation of powers doctrine.349 This doctrine technically only applies to branches of government350, but its relevance is not diminished when regulation is handed over to the private sector. It is an important way to discipline regulators, prevent abuse of powers, avoid conflicts of interest, and draw out covert information.351 Therefore, external, independent bodies can best guarantee accountability. 6.1.4. Sanctions Systems of accountability are not effective as long has noncompliance is without consequences.352 Therefore, sanctions are a necessary feature. They have to be proportionate to the nature of the violation, provide disincentives, and be practical instead of only theoretical.353 Self-regulatory disciplinary committees can choose between possible options, such as providing reproves, warnings, request for changes, contract penalties, removal of trust marks and ultimately exclusion from the industry association.354 The sanctions only work if the body has a high professional acceptance.355 These elements are supported by fair rules on appeal and mediation procedures, allowing dispute of imposed sanctions.356 Monitoring, sanctions and appeal are managed by the self-regulatory body, whereas states take a passive role.357 States only bear ultimate  349 Cane (1987) at 330; Page (1986) at 163; Ogus (1994) at 108. 350 T. W. Merrill, The Constitutional Principle Of Separation Of Powers (1991) Sup. Ct. Rev. at 226. 351 T. Persson, G. Roland, G. Tabellini, Separation of Powers and Accountability (1997) 112 no. 4 Quarterly Journal of Economics at 1163. 352 T. Groß, Selbtregulierung im medienrechtlichen Jugendschutz am Beispiel der FSK Fernsehen (2004) 12 NVwZ at 1398. 353 Palzer (2002b) at 5; Bosch (2007) at 172. 354 EESC, The Current State of Co-Regulation and Self-Regulation in the Single Market, Pamphlet Series (2005) at 20; Schulz et al (2006) at 58; Price, Verhulst (2005) at 65. 355 Price, Verhulst (2005) at 65. 356 Palzer (2002b) at 5. 357 However, governments can create incentives to support compliance e.g. funding, not expanding direct regulation etc., see Bosch (2007) at 70; C. Callies, Inhalt, Dogmatik und Grenzen der Selbstregulierung im  80 responsibility for adherence and reserve the right to intervene if it proves inadequate. In the case of individual non-compliance, states can withdraw accreditations or refuse to renew certificates. Only in the situation where the system of co-regulation completely fails, can a state follow through with the threat of regulating directly. This means the state’s primary function is the responsibility of monitoring the self-regulatory body or ‘control of control’.358 Whereas sanctions are a necessary feature of conventional regulatory systems, this does not equally apply to code. Code is binding by nature and does not need enforcement procedures besides its implementation.359 However, the regime could contain sanctions for the circumvention of code. 6.1.5. Evaluation To control the private sector, states need to monitor and evaluate the status of regulation. They can use preset standards to make an impact assessment of costs and benefits, and analyze whether minimum requirements have been met.360 This evaluation should not only focus on effectiveness and efficiency of regulation, but also include broader objectives, such as transparency, sustainability and impacts on fundamental rights.361 Separating the analysis into rule making, implementation and enforcement would facilitate the discovery of flaws.362 Conducting the analysis on a regular basis is important, however, it should occur more frequently in the beginning than later on in the  Medienrech (2002) AfP at 466; K. W. Grewlich, Umweltschutz durch Umweltvereinbarungen nach nationalem Recht und Europarecht (1998) DÖV 1998 at 55. 358 Bosch (2007) at 171; W. Schulz, Demokratie und Selbstregulation, in C. Büttner & J. v. Gottberg, Staatliche Kontrolle und selbstregulative Steuerung (Frankfurt: campus, 2002) at 63. 359 Regulatory effects of code, see 5.4. 360 For minimum statutory requirements, see 4.3.3. 361 Kleinsteuber (2004) at 91. 362 Schulz et al (2006) at 6.  81 process, when proper operation has already been proven.363 A legal framework can set the procedures and if necessary contain rights to demand information and access.364 However, preferably it is a constructive and honest dialogue between state and regulatory  dit burden is a minimal price to pay for effective self-regulation in the public interest’367.  body.365 Evaluation also answers the purpose of reducing a potential deficit of information on the governmental side (see 4.4.1). However, if governments acquire knowledge through evaluation they have to make sure that they are able to understand and utilize the information. Therefore, they have to maintain or build a level of ‘control competence’.366 Governmental evaluation seems to be appropriate to benchmark self-regulatory organizations and ‘an au 6.1.6. Pluralistic composition All institutions that have committees, boards or panels should seek to have a pluralistic composition. This applies to participation of the industry itself and the involvement of external groups. Industry representatives must be proportionate to the sectors covered and the scope of the adopted provisions in order to prevent under- or overrepresentation.368 This generates fairness and credibility in terms of sectoral and geographical   , Beiheft 4 at 139-140; see also F. Schoch, Privatisierung von Verwaltungsaufgaben phlet Series  20 363 Ibid at 178. 364 Bosch (2007) at 81. 365 See Price, Verhulst (2005) 14. 366 According to Martin Eiffert, the administration in a system of co-regulation needs less competence of intervention, but more competence of control. M. Eifert, Regulierte Selbstregulierung und die lernende Verwaltung, in W. Berg et al., Regulierte Selbstregulierung als Steuerungsform des Gewährleistungsstaates (2001) Die Verwaltung (1994) DVBI at 976. 367 Kleinsteuber (2004) at 91. 368 EESC, The Current State of Co-Regulation and Self-Regulation in the Single Market, Pam (2005) at .  82 representation.369 The latter is especially important in larger regimes. Additionally, all relevant sectors should be covered to increase the impact of rules and to enhance the complicate and slow down the decision making process.376 Eventually, it could lead to  collective, contractual significance.370 External participation can include opening the organization’s structures to consumer und public-interest representatives. Having a balance of sectoral and social interest groups in the regulatory process, can help self-regulation to alleviate objections of being self- serving, can give legitimacy to the rules, and thus facilitate implementation and full recognition by all parties.371 Integrating consumer organizations and giving them ‘voice’ may also anticipate criticism and avoid lengthy discussions with external groups. Although the groups have an overlap of interests, both sides can benefit from new expertise and additional perspectives372; representatives can diffuse information about the existence and performance of less known self-regulatory bodies via membership in their respective organizations.373 It further reduces problems that arise when peers have to judge and discipline other peers.374 The participation of outside groups is not without criticism: It could violate the principle of the ‘self’-part of regulation and undermine the acceptance of self-imposed rules by the industry.375 Antagonistic opinions could  369 Ibid. 370 Ibid. 371 J. P. Neelankavil & A. B. Stridsberg, Advertising self-regulation: a global perspective (New York: Hastings House, 1980); Boddewyn (1988) at 38; EESC, The Current State of Co-Regulation and Self- Regulation in the Single Market, Pamphlet Series (2005) at 20 372 ‘What may be judged to be "fair" or "unfair" on the part of competitors may not be so regarded by outsiders, who are also likely to consider the consumer and public interests’,  Boddewyn (1988) at 24 373 Boddewyn (1988) at 40. 374 See separation of powers 6.1.3; Boddewyn (1988) at 38. 375 This argument is similar to adding governmental participation to the regulatory process. For the criticism, see ibid at 41. 376 Ibid.  83 377 However, not negotiating and interacting with third parties can lead to narrow focus on business interests and neglect important stakeholders.378 This, together with the mentioned advantages, makes outside participation the preferred choice. An interesting example in an Internet context would be Internet Access Australia; their bodies contain stakeholders such as telecom carriers, content creators, and hardware developers.379 Ideally, this list could include representatives of consumer organizations to create a connection and dialogue between those who draft codes and those whom the codes will affect. Pluralistic representatives could also have a role in code development; when technology increasingly determines our environment, giving voice to affected parties instead of only to technicians and closed corporations (or governments) is a desirable development.380 Ideally, pluralistic composition, together with open code, provides new ideas for new products and product improvements.381 Pluralistic composition is not solely a requirement of co-regulation, because it does not necessarily extend to governmental representatives. However, those representatives can fulfill the function of informally guiding without interfering in internal processes, or  377 Additionally, it can increase costs, because outsiders have to be compensated in contrast to insiders, which are usually sponsored by their respective organization, and choosing outsiders imposes the risk of appearing to prefer ‘stooges’. Ibid. 378 W.-D. Ring, Die Regulierung der elektronischen Medien im Zeitalter von Digitalisierung und Globalisierung (1999) WiVerw at 198. 379 Price, Verhulst (2005) at 15. 380 See similar point 5.4 and 6.1.3. 381 M. Keil,  E. Carmel, Customer-developer links in software development (New York: ACM, 1995) at 33.  84 facilitate evaluation.382 They can be part of committees as public agents as long as it does not lead to an organizational predominance of the state. 6.1.7. Interim conclusion In the system of co-regulation, the private sector can play out the strength of flexibly adapting to changes and new developments, and utilize existing capacities while governments compensate weaknesses and act as ‘backstops’. Governments develop clear benchmarks for acceptable levels of compliance and set up supervisory control mechanisms. When summarizing the above-mentioned requirements, this leads to ten criteria for co-regulation: (1) Focus on the cooperative character, involvement of all parties at an early stage (2) Guidelines and minimum standards instead of strict, imperative regulations (3) Availability of relevant documents; transparency in decision-making (4) Open code or at least certified code (5) Accountability of regulators and offenders (6) Effective sanctions (7) Complaint bodies and appeal procedures (8) Pluralistic composition (9) Separation of powers, particularly between public and self-regulatory parts (10) Regular evaluation  The system of accreditation and certification has the advantage of not being bound to territorial boundaries; users can choose between different webpages, products and services that conform to quality marks regardless of the mark’s national origin. The ability to extend to users with other nationalities and to users in other territories makes it suitable for Internet regulation. The system, in contrast to traditional regulation, is characterized by coexistence and competition. Competition for the most trusted regime is  382 Ibid at 33; Bosch (2007) at 71; an simultaneous involvement of governments in decision making bodies and disciplinary committees can be counterproductive in regard to separation of power, especially if they enjoy veto rights, see Palzer (2002a) at 886.  85 created among self-regulatory certificate suppliers and co-regulatory suppliers alike because users can switch loyalty from one group to another.383 The systems can exist in parallel and extend their scope via mutual recognition arrangements. It is completed by the use of the regulatory effects of code which can give binding character to the rules. Therefore, modest governmental participation does not destroy self-governance, it rather assists and complements regulation. 6.2. Application to self-regulation The questions remain: how can self-regulation perform without governmental assistance, and can the proposed ten criteria be adapted to pure self-regulation? The industry could possibly substitute some elements by internal mechanisms. The criteria of open code, availability of relevant documents and transparency in decision-making do not require any institutional prerequisites and are equally valid for self-regulation. The actual certifying process, accountability, complaints, appeals, and evaluation all need some form of institutional body. They are connected with the rest of the requirements which concretize the organization and interaction of the bodies (cooperative character, pluralistic composition, guidelines and minimum standards, and separation of power). They could be substituted by internal solutions, such as a hierarchical company structure where boards take day-to-day decisions and remaining members approve or disapprove the actions.384 Problematically, this could lead to closed systems with subjective and biased decision-making, which do not have an incentive to  383 Bonnici (2008) at 196. 384 Ibid at 55.  86 exercise effective control and pursue public policy objectives.385 Therefore, purely internal solutions are out of the question. However, the tasks do not necessarily have to be performed by governments either. Neutral and independent industry instances could fulfill some of the duties.  The problem is that these instances could face the same obstacles as other self-regulatory organizations, namely deficit of enforceability, reduced democratic legitimacy and of decreasing standards (see 4.2). For example, the industry itself could conduct evaluations. Private auditing firms can substitute governmental participation. However, this may produce variations and inconsistency in the monitoring and create credibility problems. This, in turn, raises questions of training, certification, and expertise of auditing firms. The mentioned requirements of transparency, separation of power and pluralistic composition could help to address some of these problems. Satisfying the highest expectations in transparency and openness could win trust and respect for the authority of an institution, and increase legitimacy. A clear-cut separation of personnel and responsibilities between the self-regulatory operation and the controlling institution could further assist.386 For example, professional auditing firms with clear, preset standards, separated from the regulated industry would enjoy higher trust. Pluralistic composition of committees and inclusion of user/consumer representatives could further limit a democratic deficit. However, the systems have to be completely created from scratch, they cannot rely on financial support or ‘lent’  385 Instead, commercial interests can affect their actions. See difficulties of self-regulatory organizations, 4.2. 386 See Baldwin, Cave (1999) at 132.  87 legitimacy from governments, and they cannot submit to an existing jurisdiction.  They do not automatically have a commitment to public policy objectives and high standards.  This creates the need for the new requirement of ‘user contribution’. In an Internet environment users can get together in a way not possible in a physical forum and can contribute to regulation.387 Self-regulatory organizations can offer the technical tools, and users can take the actual decisions on appropriate standards or behavior.388 This can go as far as selecting representatives by a wider user base, implementing net based referenda, or having opinion polls about options proposed by industry representatives.389 If the self-regulatory body is less concerned with decision-making, it reduces the question to the legitimacy of the body.390 The user’s contribution establishes a democratic link to the self-regulatory body that, in traditional regulation, is provided by votes. If users are significantly involved, they are also more likely to recognize and honour the outcome. High user participation can also facilitate consensus on controversial issues. Without the requirement of user contribution there is likely to be a trust gap between regulators and regulated. This can be bridged by the users’ commitment to be involved, and the industry’s willingness to include them in regulation. User contribution can also be part of a co-regulatory system, but in self-regulatory regimes it becomes a necessity to compensate the democratic deficit. The industry can use its expertise and innovative potential while user contribution works as a check and control mechanism.   387 Price, Verhulst (2005) at 10, Bonnici (2008) at 204; 388 Bonnici (2008) at 53. 389 Kleinsteuber (2004) at 73. 390 Bonnici (2008) at 53.  88 6.3. Conclusion Governmental participation is not a necessary feature of regulation, but it can facilitate the maintenance of high standards and assuring compliance. This is especially valuable in sensitive areas which involve fundamental rights. The system of certification and accreditation provides the possibility of using governmental resources without being bound territorially. A catalogue of ten requirements and principles forms the framework for this system and establishes a model for Internet regulation. Regulation in an Internet environment can also be done by the industry itself, but to achieve a high level of transparency and objectivity the industry would have to establish neutral bodies that comply with the same prerequisites. In order to compensate the state’s legitimacy and independence, industries could integrate users by modern, technical means. This can dismantle the closed character of the regime. However, self-regulation and co-regulation are not alternatives: they can have considerable overlaps, coexist and compliment each other.391 The overlap is not surprising given the fact that a good part of the rules reflect generally accepted community standards.392 The role of both regimes is to internalize those rules, bring them into effect and generate moral adhesion. Public and private sector can work together to reach this objective.  391 Following the idea of legal pluralism, see Poullet (2001) at 86; Bonnici (2008) at 4, 213; Huepkes (2009) at 427. 392 Boddewyn (1992) at 13, 15.  89 CHAPTER 7: PRACTICAL APPLICATION This chapter will apply the proposed framework to four current, exemplary regulatory regimes. It will evaluate whether the systems fulfill the ten criteria, and determine how they cope with problems of self- and co-regulation. The ‘US-EU Safe Harbor privacy regulations’ and the ‘Framework for electronic signatures’ will stand for systems of co- regulation. The ‘IASH Internet advertisement rules’ and YouTube will represent self- regulatory systems. All systems except YouTube rely on certification, which is backed up either by a government or by the industry itself. YouTube’s system of identifying and removing unwanted content and the Framework for electronic signatures both use code in order to regulate. The regimes act as representatives for implementation of Internet regulation; however, they can only show a small section of current regulatory mechanisms. 7.1. US-EU Safe Harbor Privacy Principles The US-EU Safe Harbor framework is a way to bridge the gap between two different privacy regulations. The European Directive on Data Protection prohibits the transfer of personal data to non-EU nations that do not meet an ‘adequacy’ standard.393 To allow a streamlined transfer of data to the U.S. despite this directive, the U.S. Department of Commerce and the European Commission developed the Safe Harbor framework, which allows companies to attest a similar level of protection.394 If the companies adhere to  393 Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Directive 95/46/EC) 394 ITA, Welcome to the U.S.-EU & Swiss Safe Harbor Frameworks  90 seven outlined privacy principles, they can opt into the program and receive a certificate that verifies their compliance.395 All 27 EU member states accept this certificate and automatically waive any requirements for prior approval of data transfers.396 The decision to enter the Safe Harbor is entirely voluntarily, and allows US corporations to acquire data about customers, contractors or employees in the EU. It has increasingly gained popularity: Every month 50 companies apply for the framework, and more than 50% of the 2100 companies have joined during the last two years.397  (1) The evaluation of the system begins with the first criterion of cooperative character. The underlying directive was produced in the EU parliamentary process, and the Safe Harbor framework was negotiated between the US Department of Commerce and an EU working group.398 The same working group, which consists of the Privacy Commissions of the member states, regularly consults the public before issuing opinions or  395 The seven principles are (1) Notice-duty to inform about the purpose of date collection, ways to contact the organization, third parties to which the organization discloses information, and means to limiting the use (2) Choice-duty to to offer the opportunity to opt out whether personal information is to be disclosed to a third party or to be used for a purpose that is incompatible with originally intended purpose (3) Onward transfer-duty to ascertain that a third party subscribes to the same principles or provides adequate protection (4) Security-reasonable precautions to protect data from loss, misuse, unauthorized access etc (5) Data Integrity-reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current (6) Access-access to personal information, ability to correct, amend, or delete that information where it is inaccurate (7) Enforcement-mechanisms for assuring compliance together with possibility of recourse.  See Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council  (2000/520/EC) http://eur- 396 ITA, European Union Safe Harbor Overview 397 Referring to a period between 12/2007 and 12/2009. B. Hengesbaugh et al, Why are more companies joining the U.S.-EU Safe Harbor privacy framework? (01.01.10) harbor_privacy_framework/. 398 European Commission, Commission decisions on the adequacy of the protection of personal data in third countries  91 recommendations.399 This establishes a cooperative link between regulators and consumers. The U.S. Department of Commerce has attended to the corporations’ interests, however now they can only opt-in to an existing regime without interacting with the regulator. This means the system adheres to cooperative character, but the interaction between regulators and the industry falls short. (2) The system fulfills the requirement of guidelines and minimum standards. It uses principles such as ‘reasonable precautions’, ‘effective protection’ or ‘readily available’, instead of strict and detailed regulations.400 This has the benefit that the industry can adjust their privacy regulations individually and flexibly. The framework further refers to technological progress that facilitates transfer and processing of data, and thus allows continuous technological enhancements.401 (3) Relevant legislation is publicly available and the US Department of Commerce publishes the names of certified organizations.402 Unfortunately, it turns out that the list of complying organizations contains organizations that no longer exist or do not have valid certificates.403 The organizations have to disclose their respective privacy policies.404 However, the policies are not stored on a central webpage which would increase comparability.405 Decisions of working groups and an annual report are publicly available online.406 (4)  399 European Commission, Art.29 Data Protection Working Party 400 See Commission Decision 2000/520/EC. 401 Ibid at (9). 402 Ibid at (7). 403 C. Connolly, The US Safe Harbor – Fact of Fiction? (2008) on.pdf at 4. 404 ITA, Helpful Hints Prior to Self-Certifying to the Safe Harbor 405 Connolly (2008) at 17. 406 CPP, Article 29 Data Protection Working Party (05/13/09)  92 The framework influences online privacy regulations, but its operation does not rely on code. Therefore, the requirement of open code is not necessary for the case at hand. (5) Accountability is guaranteed by a mix of private sector enforcement and governmental enforcement. The primary body is a private sector organization that handles dispute resolution, verification of codes, and remedies (e.g. TRUSTe, AICPA Web Trust, BBB Online).407 The private system is backed up by government enforcement of federal and state law prohibiting unfair and deceptive acts under the jurisdiction of the Federal Trade Commission.408 Organizations can also choose pure governmental supervisory authorities, or cooperate with data protection authorities located in Europe.409 (6) Sanctions by the private sector include publication of a finding of non-compliance, deletion of data, injunctive orders, removal of a certification mark, compensation for losses, and suspension from membership in the respective privacy program.410 The last point effectively leads to suspension from the Safe Harbor.411 Governmental sanctions include administrative orders and civil penalties of up to $12,000 per day, and exclusion from the Safe Harbor framework.412  Although the regulations provide a system of accountability and sanctions, enforcement has been reluctant: A 2008 study revealed that 80% of the organizations do not meet some of the most basic requirements.413 This includes organizations that do not have a privacy policy at all, or organizations that did not identify an independent dispute resolution process for consumers. Other organizations falsely claim on their public  407 ITA, European Union Safe Harbor Overview. 408 Commission Decision 2000/520/EC Art 1 (a), Annex III. 409 ITA, European Union Safe Harbor Overview. 410 Ibid; Commission Decision 2000/520/EC at FAQ 11. 411 ITA, European Union Safe Harbor Overview. 412 Ibid, see in detail Commission Decision 2000/520/EC Art 1, para 1b, Annex IV. 413 Connolly (2008) at 4.  93 websites to be members of the Safe Harbor and include self-generated, unauthorised seals.414 The Federal Trade Commission did not act, despite these enforcement problems, until recently when it began to take action against false claims in seven cases.415 This might be a signal for more active enforcement in the near future. (7) The private sector instance that handles enforcement also acts as a complaint body for individual users.416 Organizations can appeal their verdicts. Furthermore, employees in the EU can complain to their national data protection or labor authority which then notifies the US Department of Commerce.417 (8) The system does not have a pluralistic composition with consumer representatives, or non-governmental organizations. Those groups can only participate by issuing complaints on the EU level or with dispute resolution providers. (9) Separation of powers is not optimally established, mainly because the certification process is based on self-certification: Organizations initially develop a privacy policy and automatically receive the certificate when they submit the Safe Harbor form to the Department of Commerce.418 Approval by an external body could significantly improve standards and full compliance with the principles. It should be noted, however, that separation of powers between self-regulatory part and governmental part does exist. (10) The European Union and an external consultant service conducts a regular evaluation of the system.419 This has revealed some of the  414 Ibid 4-5; other organization did not provide affordable providers ($120-$1,200 per hour plus administration fee). 415 Hengesbaugh et al (2010). 416 Commission Decision 2000/520/EC at FAQ 11. 417 Ibid at FAQ 9. 418 ITA, Helpful Hints Prior to Self-Certifying to the Safe Harbor 419 So far, they have conducted three major evaluations. Commission Staff Working Paper SEC (2002) 196 (02/13/02);  94 mentioned weaknesses in the past and is necessary to improve the regulatory system. An annual re-certification also works as an evaluation mechanism, however, this is conducted by the organizations themselves and is therefore of limited use.  A test against the ten criteria revealed severe weaknesses in the enforcement process and separation of power. The latter has its origin in the non-transparent self-certification procedure. To compensate for this institutional deficit, dispute providers could suspend an organization’s membership if it fails to annually renew the certification.420 Dispute resolution providers could also aid in limiting false claims by publishing a list of their members to allow corroboration by the public.421 However, one of the advantages of co- regulation is that enforcement can be backed up by governmental scrutiny or public warnings of non-compliance. This process has already started.422 Ideally, it would include a comprehensive review of all entries for false claims and inadequate protection.423 Until regulatory oversight exceeds the role of ‘claimed regulation’, the system only performs moderately under the given requirements. 7.2. Internet Advertising Sales House The Inter Advertising Sales House (IASH) is a self-regulatory body that encourages best practices among providers for online advertising. Their code of conduct ensures that ads do not appear on websites that contain hate content, obscenity, indecency, spyware or  Commission Staff Working Document SEC (2004) 1323 (10/20/04); Connolly (2008). 420 Connolly (2008) at 17. 421 Ibid. 422 Hengesbaugh et al (2010). 423 Connolly (2008) at 17.  95 other barred content.424 This protects the advertisers’ brand and bolsters customers’ trust in the participating advertisement networks. IASH was founded in Great Britain in 2005 as a private sector initiative and has since expanded to Germany.425 The following evaluation finds some enhancement and differences compared to the Safe Harbor framework. It will not benchmark with regard to content, instead it will analyze the different regulatory implementation of a system of certification.  (1) The system started as a private sector program and did not cooperate with governments or consumers. IASH created a code of conduct and a constitution with the help of the established Audit Bureau of Circulations (ABC) which already (self-) regulates media in the United Kingdom.426 The media industry owns, runs and finances both IASH and ABC. In comparison to the Safe Harbor, this system is purely internal and does not interact with other stakeholders. (2) The system uses guidelines and minimum standards. It loosely describes terms e.g. hate content is ‘content articulating views intended or reasonably likely to cause or incite hatred of any race, religion, creed, class or ethnic group’, and refers to generally accepted good business ethics.427 Members also have to act in accordance with the spirit and purpose of the code of conduct and not only with its letter.428 (3) Relevant documents such as the code of conduct and the constitution  424 Other barred content includes offering bombs, guns or ammunition; unauthorised code requests; invalid clicks (e.g. use of robots, repeated manual clicking) and generally illegal content (any other content that infringes applicable laws or regulations, or the rights of any person or entity). IASH, Code of Conduct v10.1 (01/2010) at 10-11 425;, 426 ABCe, Delivering Safer Online Advertising with IASH 427 See IASH Code of Conduct at Schedule C, 1; IASH Constitution (01/2010) at 2.6.1 428 IASH Constitution at 2.6.  96 are available online in the current form. An IASH membership list is published on the central webpage, and news about certified or recertified companies, as well as organizational changes, are published online. The membership list is, in contrast to the Safe Harbor, up-to-date. Decision-making follows a transparent majority rule, but is a purely internal process.429 Eventually, ratification of results is anonymized to eliminate biased decision-making.430 (4) The system is designed for online advertisement, but its operation does not rely on code. Therefore the requirement of open code does not apply to IASH. (5) Accountability of regulators is not embedded into the system. IASH has a hierarchical structure and responsibility follows a top-down structure. However, offenders of the code of conduct are responsible for infringements and are regularly audited by an industry body (ABCe).431 Successful accountability has been proven by enforcement actions in the past.432 (6) In case of discovered non-compliance, the organizations can be subject to sanctions such as censure, referral to re-audit, membership suspension or expulsion.433  All sanctions except censure are made available online to increase public pressure.434 Expulsion can be nullified by re-admission and a complete, successful re-audit. (7) A separate appeals committee handles reviews of organizations that wish to complain about failed audits or sanctions.435 Individual users can complain if they see an ad appearing with inappropriate content. They can contact  429 Ibid at 4.16. 430 Referring to submission of audit results to the Chair of the IASH Committee, ibid at 5.3.1. 431 Ibid at 2.7 432 IAB, IASH suspends member for code infringement (07/17/08); O. Otlacan, eSpot Ad Network Suspended from IASH (04/16/10) 433 IASH Constitution at 7.1-7.4. 434 Ibid at 8.3. 435 The procedure allows only one appeal and the committee’s decision is final. If the committee wishes to overturn a previous decision on appeal, the revised result has to be ratified by the IASH Audit Committee. Ibid at 4.15, 5.3.3.  97 IASH via mail or phone, and IASH will investigate the case.436 (8) The system lacks pluralistic composition: It is a closed system which is explicitly restricted to individuals employed by members of the advertisement industry.437 The only two exceptions to this rule are the chair of the IASH council who could be an independent person, and a representative of the Internet Advertising Bureau who belongs to a superordinate industry organization. On one hand, this limits responsibility to the industry and facilitates ‘finger pointing’. On the other hand, outside participation could anticipate criticism, and increase legitimacy and transparency of the regime.438 (9) Separation of powers delivers mixed results. IASH created a number of bodies, such as the steering committee, the audit committee, the communications committee, the site vetting committee and the technical committee.439 This merely leads to a sharing of tasks and not to a separation of powers because all committees consist of IASH member representatives. However, they work with an external auditor who certifies according to the code of conduct. The auditors (the Audit Bureau of Circulations in the UK and the Frauenhofer Institute in Germany) are financed by the industry, however they are non-profit organizations and do not share any personnel with the advertising industry, therefore they can guarantee some independency.440 In terms of separation of power, the external certification process  436 IASH, FAQ nt.html . 437 Every IASH ember can nominate one individual representative on the IASH Council, a so called member representative. IASH Constitution at 4.1, 4.2. 438 See 6.1.6. 439 IASH Constitution at 4.10-4.14. 440 ABCe is the provider that also audits websites of the UK Government, BMWG, NORAS and many more. See ABCe, Delivering Safer Online Advertising with IASH and the Frauenhofer Society is the biggest research organization for applied science in Europe. See, Auditor  98 proves superior to the self-certification process of the US-EU Safe Harbor principles. The certification process is conducted in random intervals and uses a dated, unique certification mark to promote compliance with the code of conduct.441 This reduces the Safe Harbor’s susceptibility to forgery. The code of conduct is also ratified externally by an industry body for Internet standards.442 (10) Regular evaluation is an integral part of the system. IASH regularly revises its code of conduct, leading to the tenth revision since its foundation in 2005. This has introduced improvements such as abolishment of the applicant member status, which allowed companies to claim membership without having passed an audit.443 Additionally, organizations are subject to random re-certifications within each half-year period to guarantee ongoing compliance.444 (11) As a closed self- regulatory system, IASH could open up its structures by incorporating the element of user contribution. There are rudimental signs such as the possibility to complain about inappropriate content, but this could be extended by automated complain buttons, polls about the nature of barred content, or feedback about regulatory changes. The system needs to establish this link to users, in order to increase its acceptance and legitimacy.  The regime successfully encourages best practice among online advertising networks. It protects brands by ensuring that advertisements do not appear at ‘unwanted’ web pages. This contributes to create Internet spaces which are safe for advertisers and for consumers, and therefore the system makes a valuable contribution to Internet regulation.  441 Ibid at 5.4.1. 442 JICWEBS (Joint Industry Committee for Web Standards) ibid at 2.9. 443 The current constitution only knows full members status. This requires a passed audit which must be taken within six months after the initial application. IASH, 16 IASH members recertified through 'Random Audits’ 444 IASH Constitution at 2.10, 5.1.  99 It managed to set up institutional prerequisites for rigorous and continuous certification. The system of certification shows important differences to the Safe Harbor framework such as a unique, dated certification mark, an up-to-date member list, and a procedure of external verification. By implanting these changes in the Safe Harbor regulations, most problems could have been avoided. However, IASH remains a closed system where problems of self-regulation, like reduced legitimacy or the possibility of a race to the bottom, carry significant weight.445  The aspect of interaction with consumers and legitimized governments is more distinctive in the Safe harbour framework. Opening the structure to other stakeholders would increase legitimacy and transparency, and governmental ratification of the code of conduct, or accountability to agencies could help to maintain high standards. 7.3. YouTube YouTube is a video-sharing site that hosts user generated content, as well as commercial videos, and is constantly situated amongst the most visited Internet sites.446. It implemented a system of content regulation that can automatically remove unwanted content by using video and audio identification (Audio-ID & Video-ID).447 This is combined with manual take-down notices for allegedly unauthorized materials uploaded by users448, and a designated tool that allows copyright holders to send multiple notices.449 It stands for a model that heavily uses the regulatory effects of code    445 See 4.2. 446 BBC News, Visualising the Internet 447 YouTube, Audio-ID and Video-ID 448 YouTube, Copyright Infringement Notification 449 YouTube, Content Verification Program  100 (1) YouTube is based on interaction with the Internet community and therefore cooperative character is an embedded feature of the system. It encourages users to participate by submitting content, rating videos, leaving comments, but also by providing feedback about regulatory changes.450 It cooperates with industry members and content holders before making code changes.451 (2) YouTube uses guidelines and minimum standards to regulate the user’s behaviour. Their ‘community guidelines’ use a colloquial tone (‘don’t post videos showing bad stuff like animal abuse, drug abuse […]’), but establish a clear standard for accepted behaviour (‘don’t cross the line’; ‘respect copyright’).452 The rules appeal to the spirit and not to the wording, and to a general ‘common sense’ attitude.453 (3) All relevant documents, guidelines and forms are available online. Although YouTube provides a phone, email and fax address, a transparent forum is the preferred way of communication. However, regulatory decisions are made in an internal process without outside influence or outside reference. This resembles the closed decision-making process of IASH. (4) Similarly, regulation by code has an opaque character. Although YouTube relies on code to separate out copyrighted music and videos, it does not disclose any information about the mechanics of the  450 E.g. by feedback polls YouTube, YouTube User Feedback and interchange in the forum YouTube, Help Forum; YouTube constantly invites to participate ‘Each and every user of YouTube makes the site what it is, so don't be afraid to dig in and get involved! [...] leave comments, rate videos, make your own responses to videos that affect you, enter contests of interest— there's a lot going on and a lot of ways to participate.’ YouTube, Community Guidelines 451 YouTube incorporated feedback from multiple content holders in a testing phase before introducing Video ID in 2007. See ZDNet, YouTube video identification: The Basics at 2. 452 YouTube, Community Guidelines 453 ‘Here are some common-sense rules that will help you steer clear of trouble’. Ibid.  101 system.454 It does not talk about the effectiveness of the system or the rate at which it finds infringing material.455 The system allows right owners to choose if they want YouTube to block content, get statistics, or gain revenue.456 Besides using audio and video identification, YouTube uses (undisclosed) code to restrict certain content to individual countries.457 The fact that YouTube does not reveal details about its code appears oppositional to the expectation that users disclose the most trivial aspects of their lives.458 (5) Accountability of YouTube as a regulator is currently tested in a law suit brought by the media corporation Viacom. In 2007, Viacom filed a law suit under US law, alleging large-scale copyright infringements; in June 2010, that case was rejected in a summary judgement, because YouTube enjoys protection under the Digital Millennium Copyright Act (DMCA).459 The act creates a safe harbour for video sharing services as long as they expeditiously respond to infringement by taking the material down or  454 T. Steinert-Threlkeld, ZDNET, YouTube's video ID system: Is 75 percent accuracy good enough? (11/08) at 3; the system is believed to use a combination of audio and video fingerprinting technology (Audio ID, Video ID); content holders have to supply reference files which are included in a database; YouTube matches uploaded videos against this database, screens already existing files and then offers choices on how to proceed to right holders; additionally, YouTube uses the simpler method of creating a unique ‘hash’ of every infringing file and blocks identical uploads, see ZDNet (2007) at 2; Statement of undisputed facts from Viacom Int’l Inc et al. v. YouTube Inc et al, not officially published of-undisputed-facts. 455 Estimations vary from 3% (Anvato), to 75-80% (NBC Universal) to 90% (statement attributed to YouTube). T. Steinert-Threlkeld, YouTube: Does your video ID system really work? (11/06/08); The amount of viewed videos sums up to 5 billion in the United States and users upload 13 hours of new videos every minute, ZDNet (2007) at 2. 456 Block equals removal by YouTube; statistics (‘track’) leaves the video online and instructs YouTube to provide reports; and revenue (‘monetize’) leaves the video online and shares advertising income. YouTube, Block, Monetize, or Track Viewing Metrics 457 YouTube, IP blocked content 458 Steinert-Threlkeld (2008b). 459 USA Digital Millennium Copyright  Act (17 U.S.C. §§ 512, 1201 et seq., 28 U.S.C. § 4001); see BBC News, Google's YouTube wins Viacom copyright case (06/24/2010).; official verdict not yet published.  102 blocking access.460 This means, the burden to point out allegations is with the right owner, and the burden of taking down material lies with YouTube. It also means that the system of Audio ID and Video ID in combination with take-down notices is sufficient to handle the latter part, and that YouTube is not liable for a ‘general awareness’ of illegal videos.461 A solution to satisfy the content industry, and concurrently prevent drying up of user-generated content, would be to monetize infringing content. However, the DMCA would lift the safe harbour when YouTube knowingly benefits from the infringing activity.462 Until the case is successfully appealed or another arrangement between intellectual property and user-interests is found, YouTube is not externally accountable. Offenders are mainly kept in check by the regulatory effect of code. They cannot deviate from rules set by YouTube’s developers. YouTube enforces violations of its guidelines by means of a tiered system of sanctions. (6) This includes warnings, age-restriction of content, and removal of offending videos; if the material is removed, YouTube automatically applies a warning strike against the user’s account.463 Repeated strikes lead to account deletion and ban of re-registration.464 Code prevents users from uploading the same content after removal and thus binds user without the need for conventional  460 17 U.SC. § 512 (c)(1)(C). 461 BBC News, Google's YouTube wins Viacom copyright case (06/24/2010) 462 [A service provider shall not be liable] ‘if it does not receive a financial benefit directly attributable to the infringing activity’. 17 U.SC. § 512 (c)(1)(B). According to Tom Steinert-Threlkeld, this means that YouTube must be careful not to place ads next to infringing content. Steinert-Threlkeld (2008a) at 8; however liability requires knowledge of the infringing activity and the court explicitly stated that YouTube has no obligation to monitor the system besides taking down content upon notification. This means YouTube is not liable until notification, and after notification the right holder can agree to share advertisement income. 463 YouTube, Community Guidelines; YouTube, How do we implement YouTube's content policies? 464 Ibid; however, ban of re-registration only prevents the user from opening another account with the same e-mail address. It cannot prevent the user from opening a new account with a different e-mail address.  103 enforcement procedures.465 (7) If users wish to complain against the fingerprinting identification used they can dispute the mechanism via a web form466, alternatively they can file a counter notification against take-down notices467. Users can always complain about inappropriate videos, or privacy concerns.468 (8) In contrast to the other analyzed systems, YouTube features pluralistic composition. It has a community council that acts as a liaison to the community at large.469 It consists of volunteers that change every six months, and directly informs the YouTube development team.470 It is one way of incorporating user feedback and improving the understanding between regulators and regulated on a consistent basis. However, the community council only has a consultative function and therefore does not contribute to separation of powers (9). Almost all regulatory decisions are made internally without outside help or control. This produces unrest among content holders. For example, companies would like to use independent fingerprinting software, place advertisements themselves, and assign detection of violations and monetizing of detected files in different hands.471 The only element of separation of powers is the partnership with an external enforcement provider for ‘hard cases’ that acts as an intermediary between right owners and users (Nexicon).472 It monitors copyrighted material, personally identifies infringers, manages infringement  465 By using the hash and fingerprinting technology, see supra note 454. 466 YouTube, Copyright Claim Disputes: Video ID Disputes 467 YouTube, Copyright Claim Disputes: Filing a counter-notification 468 YouTube, Safety Center 469 The Official YouTube Blog, Meet the Inaugural Community Council 470 Their tasks include reporting malfunction, making suggestions for new features, beta testing, participating in usability studies and generally representing the community. The Official YouTube Blog, Community Council Update 471 Steinert-Threlkeld (2008a) at 13. 472 Ibid at 6; Nexicon, Nexicon and YouTube(TM) Form Partnership (09/11/08)  104 settlements and provides evidence for lawsuits.473 Although this cooperation is seen as questionable474, it disseminates rule making and enforcement in different hands. This is especially helpful because it may not be in YouTube’s best interest to be proactive against infringements because it benefits from users that view copyrighted material.475 However, it raises questions about standards of the enforcement body.476 (10) Evaluation is also an internal process without regular examination. As a self- regulatory system, YouTube is rather closed and does not profit from governmental legitimacy or supported enforcement. (11) The requirement of user contribution could help to open up the structures. Constantly inviting the community to participate helps, but the most import aspect is to include Internet users in policing the network. YouTube incorporates this element by allowing users to mark (‘flag’) content that violates the code of conduct.477 This leads to review by YouTube personnel and potentially triggers the mentioned sanctions. The system helps to produce an environment free of pornography, hate speech or graphic violence, and concurrently increases acceptance by the community.  On one hand, YouTube incorporates many positive aspects, such as close cooperation with all relevant stakeholders, a modern, largely automated system to police the network, efficient complaint mechanisms, and its use of the community’s potential to regulate. On  473 Ibid. 474 L. Dignan, Google Turns to Nexicon for YouTube ID System (11/06/08) 475 See statement by Alper Turgut: Roughly 30 percent of viewership on sites like YouTube […] is tied to copyright-infringing content. Police copyright better and that traffic would vanish overnight. Steinert- Threlkeld (2008a) at 10. 476 See discussion at 6.2. 477 Youtube, YouTube is for the Community; the only negative aspect is the unilateral character: user cannot ‘unflag’ videos or influence YouTube to keep them accessible.  105 the other hand, YouTube does not apply its slogan ‘Broadcast Yourself!’ to its own organizational structures. It uses opaque code, non-transparent decision-making and does not truly separate power. Furthermore, it focuses on the reaction to complaints and not on proactively proceeding against unwanted content. This is partly stipulated by the DMCA regulations, partly implied by the sheer masses of data. However, the technology is capacious enough to enforce the guidelines more rigorously. This shows the dilemma of self-regulation: that there is no guarantee of high standards.478 7.4. Framework for electronic signatures The purpose of the framework for electronic signatures is to produce clear, generally accepted standards for online signatures, and to establish their legal recognition. It is part of the process to regard paper-based documents with handwritten signatures as equivalent to digital documents with electronic signatures. It was drafted in 1999 as a European Directive479 and stands for a system of co-regulation that uses the regulatory effects of code. The system recognizes existing signature models480, but introduces further validity requirements and a voluntary accreditation scheme for so called ‘qualified electronic signatures’481. It is a unique form of collaboration between the private and the public sector to strengthen confidence in electronic communication.482  478 See 4.2.3. 479 Directive on a Community framework for electronic signatures (Directive 1999/93/EC) OJ L 13 01/19/00 480 Electronic signatures and ‘advanced electronic signatures’ are recognized as prima facie evidence in trials. Advanced electronic signature, in contrast to electronic signatures, are (a) uniquely linked to the signatory, (b) capable of identifying the signatory, (c) created using means that the signatory can maintain under his sole control; and (d) are linked to the data in such a manner that any change is detectable; Art Directive 1999/93/EC at Art. 2 para 2. 481 Qualified Electronic Signatures or ‘advanced electronic signatures based on qualified certificates’ require additional (compared to supra note 480) premisses for the certificate and the certification provider (laid down in Annex I and II of the directive) and aim at a higher level of security. E.g. Providers have to  106  (1) The framework was produced in the EU parliamentary process and is grounded in constant cooperation with the industry. The private sector handles management and improvements of standards and technology.483 The public sector only funds and structures the standardization process within an existing international infrastructure. For this purpose, the EU has set up a panel of IT experts that coordinates different standardization initiatives484, and committed the technical aspects to workshops of existing industry bodies.485 The system allows competition and does not affect coexisting voluntary industry agreements.486 In contrast, it supports their admissibility as evidence in legal proceedings.487 (2) One of the advantages of the system is that it uses guidelines and minimum standards. It takes into account rapid technological development and aims for technology neutrality.488 The regulator does not define any technical means, instead it works with and references to existing standards489, and it uses parameters such as objective, transparent, proportionate and non-discriminatory490. (3) The legal framework  use so called secure signature creation devices (SSCDs). See Directive 1999/93/EC at Art 4 para 10, Annex I, II. 482 See Directive 1999/93/EC at (4), (24). 483 R. Genghini, Global relevance of the European Electronic Signatures co-regulation process (2001) 9 DuD at 513. 484 European Electronic Signature Standardisation Initiative (EESSI) 485 The European Committee for Norms (Cen) and the European Telecommunications Standardisation Institute (ETSI). The standardization workshops (Cen-ISSS E-Sign and ETSI ESI) initially produced pre- standards to cope with the pace of technological innovation. 486 See Directive 1999/93/EC at (16); even the standardization process is considered one solution amongst other to increase challenge, A. Lehouck, Electronic Signature – Legal Framework & Standardisation (05/2001) erspective_Lehouck.ppt at 13. 487 Directive 1999/93/EC at Art 5 para 2. 488 ‘Rapid technological development and the global character of the Internet necessitate an approach which is open to various technologies and services capable of authenticating data electronically’. Ibid at (8). 489 This aplies to security of coryptographic modules, security of trustworthy systems, and security of Secure Signature Creation Devices (SSCDs). The standards are referenced by the so called Art. 9 Committee. See Genghini (2001) at 513. 490 See Directive 1999/93/EC at Art 3 para 2.  107 assures that relevant documents are published. For example, the official journal of the European Communities publishes names of generally recognized standards for signatures.491 Interested parties can download the actual standards free of charge.492 Decision-making in the standardization process is mainly conducted in expert meetings and workshops with the help of collaborative portals and online contact.493 This transparent procedure allows reconstruction and examination of decisions. (4) The framework relies, in contrast to YouTube, on open code to regulate. The standardization initiative explicitly expresses the preference for open source protocols and open interfaces.494 This increases accessibility and transparency, and allows collective development of standards for advanced electronic signatures and qualified electronic signatures.495 The directive ensures that the standards can circulate freely within the European internal market496, but the system also takes into account the global dimension: the technical aspects are of transnational character and can be applied anywhere; cross- border arrangements with third countries facilitate interoperability and mutual recognition.497 (5) The legislators are accountable through European bodies, but most aspects of accountability are left to the member states. They can either rely on private-sector-based supervision systems to commit providers of qualified signatures to comply with the  491 Ibid at Art 3 para 5. 492 E.g. 493 E.g.; the process is similar to the collaboration of the Internet Engineering Task Force (IETF), see 2.4.1. 494 E. Liikanen, speech at the EESSI conference of 19 June 2001 (speech 01/299) uage=EN&guiLanguage=en. 495 For definitions see supra notes 480 and 481; for the requirement of open code see 6.1.2. 496 See Directive 1999/93/EC at Art 4 para 2. 497 Ibid at (23).  108 provisions and control manufacturers of signature creation devices, or establish national agencies for the same purpose.498 Regardless of the decision, the most important institutions, the signature providers, are subject to national rules regarding liability.499 (6) This leads to sanctions such as compensation to third parties suffering loss in relying upon the signatures, and fines.500 If this is not effective, the state can remove trusts marks, and require the provider to suspend or cease issuing of signatures.501 If individual signatures are insecure or forged, the state can suspend the signatures without affecting the provider.502 (7) The legal framework requires complaint bodies and appeal procedures. Providers that issue qualified signatures need to demonstrate procedures for complaints and dispute settlement.503 (8) Of the analyzed systems, this framework incorporates pluralistic composition most effectively. It integrates a variety of stakeholders in the process of consensus building e.g. the industry, service providers, consumers, academics and regulatory authorities.504 This list is completed by experienced consulting members, e.g. by representatives of the World Wide Web Consortium (W3C).505 The standardization development is market led and public sector  498 Ibid at (13); Art 3 para 4. 499 In regard to Qualified Electronic Signatures (unless the provider can prove that it had not been negligent). The provider can make some contractual limitations in relation to this third party liability. See Directive 1999/93/EC at (22), Art 6; J. Murray, Public Key Infrastructure Digital Signatures and Systematic Risk, Journal of Information, Law and Technology (JILT) 2003 at 10. 500 E.g. Art 4UK Electronic Signatures Regulations 2002, §§ 11, 21 German Signature Law, fines are up to 50.000€ (ca 66.000CAD). 501 § 19 German Signature Law. 502 Ibid. 503 See Directive 1999/93/EC at Annex II k. 504 Lehouck (2001) at 11. 505 ICTSB, Who are the board members?; for W3C see 2.4.1 .  109 representatives only act as observers.506 (9) This demonstrates the separation of power, which is visible in all aspects of the framework. Whereas the private part handles development of standards and implementation of signatures, the public part structures the development, provides legal recognition, and ensures high standards by accreditation of providers for qualified signatures. The only noteworthy exception is the situation where the state acts as a signature provider.507 This reduces separation of power, however, the state can give additional legitimacy to these signatures and the legal status is equal amongst other signature providers. (10) Finally, the system is subject to regular evaluation. This includes a review of the directive to ensure that technological advancements or legal changes have not created barriers for electronic signatures508, and a periodical review of signature providers509.   The system can almost act as a prototype for successful Internet regulation; it incorporates aspects of all ten benchmark criteria. It accesses the industry’s knowledge and combines it with effective regulatory oversight. The market could develop de facto standards without regulatory intervention, but governmental participation ensures high- standards. It can guarantee interoperability among different signatures and authentication models to avoid barriers to trade or prevent corporations from acting as technological gatekeepers.510 Ultimately, this fosters freedom of information and free flow of services while development and enhancement of standards remains a market-driven process.  506 ICTSB, Final Report of the EESSI Expert Team (07/20/99) at 8. 507 See Directive 1999/93/EC at (12). 508 See Directive 1999/93/EC at (27). 509 E.g. Art 3 UK Electronic Signatures Regulations 2002, § 19 German Signature Law 510 Corporations could control the technology and produce a bottleneck to consolidate their market position. McGonagle (2002) at 7.  110 7.5. Conclusion Three of the four analyzed systems show weaknesses with regard to the ten criteria. The first co-regulatory regime (Safe Harbor) shows an inadequate implementation of the system of certification and accreditation. The process of self-certification, outdated member lists, and deficient enforcement are not suited to protect personal information of citizens. In this system, the public sector could improve the situation but it struggles with problems of co-regulation such as deficit of information and deficit of control.511 The second system (IASH) manages to arrange institutional prerequisites for successful self- regulation. It has set up institutions for appeal, works with a reliable auditor and uses a system of external certification with a unique certification mark. However, it is a purely internal solution without participation of other stakeholders. This shows typical problems of self-regulation like limited transparency, limited legitimacy and the possibility of a race to the bottom.512 The next self-regulatory system (YouTube) shares the same character of a closed regime with non-transparent decision-making and opaque code. However, it is highly participatory and communicates with other stakeholders. The integration of users to take down unwanted content is a seminal way to police the network and concurrently increase acceptance. Additionally, the regulatory effect of code diminishes the need for conventional enforcement mechanisms which are only of limited use for the Information Age. However, the system has to face criticism because it is not proactive against copyright infringement. This, again, shows that self-regulatory systems do not automatically have incentives to maintain high standards.  511 See 4.4.1 and 4.4.2. 512 See 4.2.2 and 4.2.3.  111 The last system (the framework for electronic signatures) tries to maintain these standards by governmental participation in the area of security and interoperability of standards. The legal framework provides the possibility of a voluntary cooperation between public and private sector. Accredited organizations are awarded with legitimacy, but compliance is assured by a regulatory oversight ‘with teeth’. Additionally, the private sector can independently develop and refine standards. It is the only system that truly features pluralistic composition and uses the benefits of open code. This option, where objectives are defined by law and solutions are offered by the market, is a potential solution for other domains. The practical application of the ten criteria is not meant to display a comprehensive picture of current Internet regulation. This would require a large quantity of regimes. It rather shows current problems of self- and co-regulation and improvement opportunities to approach the ideal of efficient and balanced regulation.  112 CHAPTER 8: FINAL CONCLUSION The private sector and the public sector are competing to establish an appropriate path for Internet regulation. The private sector with self-regulation, which is suited for Internet’s transborder nature, is currently ahead of the public sector, which is having problems adapting national laws to the new environment. At the same time, the Internet has changed from a system regulated by elementary community rules to an indispensable network where infringements of individual rights and freedoms occur and where common goals of society are questioned. This thesis asks if cautious governmental participation in the form of co-regulation can address these problems.  Co-regulation in an Internet context is subject to concerns, which depend on the role of the state, on the degree the private sector is bound to constitutional principles, and on the way governments can interfere in constitutionally protected areas. The Unites States is reluctant to establish co-regulatory mechanisms, because it favors a model with a high degree of individual liberty and minimal market intervention. The industry can act without constitutional boundaries because the constitution primarily binds public bodies, and the judiciary upholds a high level of protection against governmental interference. In contrast, Europe is generally open to co-regulation, because the member states regard guaranteeing individual liberties as the state’s duty, constitutional principles can apply to self-regulatory bodies, and eventually the state can enact legislation in constitutionally protected areas if it benefits the public interest. This preference is visible in a greater amount of established co-regulatory regimes. There are also states that do not share doubts about co-regulations and are open to governmental assistance, such as Canada, but do not enact co-regulatory provisions because they do not see a need for regulatory  113 intervention, or they deem traditional regulatory instruments sufficient. However, those traditional instruments turned out to be an insufficient response to Internet regulation, because they cannot cope with enforcing norms and sanctioning non-compliance. Rejection of regulation entirely, a solution proposed in the early of the Internet, is likewise inappropriate, because it neglects the effects the online environment has on day- to-day life, and because the contested regulability has been proven in the meantime.  Self-regulation would be an option to take into account Internet’s peculiarities without being dependant on the presence of a person or their assets in a certain territory. It allows tailored solutions that can quickly and informally respond to market developments, and can access high levels of expertise while being cost-effective and providing moral adhesion. However, self-regulation shows major disadvantages: it often relies on the goodwill of the parties involved and it lacks incentives to detect violations and pursue sanctions. It features bodies that are neither accountable through constitutional channels nor approved by the public, and therefore lacks democratic legitimacy. This is critical in an Internet context where the ability to regulate actors depends on the nature and origin of code. Individual control of code is oppositional to democratic and legitimate Internet governance. Self-regulation further implies the risk of a race to the bottom because the worst offenders can stay out, existing members can abandon the regime, and the system can collectively lower standards. Low standards are especially adverse to areas that involve fundamental rights, or where the public has a particular interest (e.g. standards of violence, decency, privacy, protection of minors). At this point, governments could step in and deal with some of the problems. Assuming that they have resources to force the industry to uphold their end of the bargain they can  114 increase legitimacy of the self-regulatory bodies. They can set and control standards by drafting minimum statutory requirements or compulsory memberships. Problems of co- regulation, such as a deficit of information and a deficit of control have not turned out to be as severe as expected. To keep governmental interference to a minimum and concurrently retain the advantages of self-regulation, states can either act as supporters and accreditors of self-regulatory bodies, or act as initiators of code regulation. By supporting, accrediting and certifying self-regulatory bodies states can absorb outside influence and assign additional legitimacy. A certificate can assure users of compliance with public policy objectives and act as an incentive for organizations which, in turn, depend on the users’ trust. States can use it to prioritize certain regulatory models and contribute to the high quality of accepted community standards. Code, software and hardware, can aid this model because it is automatically binding and can enforce guidelines of accepted behavior more easily than traditional tools of command-and-control regulation. Code is especially useful in addressing end users which are harder to locate and influence than organizations, whereas the model of accreditation and certification mainly applies to intermediary organizations. Both certification and regulation by code shape and influence the behavior of the recipients in a similar way to traditional regulation, and therefore have to be subject to certain restrictions and requirements.  The thesis proposes ten criteria for successful co-regulation. They originate in the attempt to address previously detected difficulties and retain the advantages to create a framework for successful Internet regulation and a benchmark for existing regulatory models. The criteria aim at an open collaboration between the private and public sector  115 where states take a monitoring role and the industry acts according to agreed guidelines. The system tries to create accountability for the involved parties including the creator’s of code. Generally, development of code is meant to evolve under open source environments, or meant to allocate closer to bodies that can be controlled and are committed to the public good. Furthermore, the system is rooted in a clear separation of powers to establish responsibilities and prevent biased decision-making. It imposes sanctions, but leaves the responsibility to enforce them with the industry as long as they act within predefined requirements. It also tries to give voice to affected parties and include them in the regulatory process. The last aspect is especially important when applying the criteria to self-regulatory regimes, because it creates a democratic link between regulators and regulated, not only by including user representatives in committees, but also involving users in the decision- making process by modern, technological means. This can open up closed internal structures. The industry can follow the ten criteria (plus user contributions) and substitute institutional prerequisites with its own arrangements; however the industry must look to external, non-profit bodies to guarantee independency and acceptance. The case study showed that even distinguished websites like YouTube do not incorporate the aspect of separation of power. User contribution is also only in its infancy as shown by the example of the Internet Advertising Sales House. Both self-regulatory systems display a closed character and cannot guarantee high standards. Cautious state participation could address some of these problems and put focus on public policy objectives. However, existing co-regulatory regimes can show similar weaknesses concerning the criteria, especially related to the certification process and enforcement of statutory rules as shown  116 by the example of the Safe Harbor framework. Only the framework for electronic signatures features all criteria for successful regulation and can act as an archetype for a system where the state sets the goals and the industry defines the tools.  This example shows that a co-regulatory system can extend to users in other geographical areas and develop transnational effects despite being linked to national regulatory bodies. The systems can further co-exist with other private initiatives e.g. if an alternative private standard can allocate more users it will likely prevail. By supporting certain approved standards governments can promote compliance with public policy values such as transparency, privacy, security, or interoperability. This equally applies to regulation of other fundamental values. In a collaboration between private sector and public sector, the public sector can show these strengths. However, the private sector can still bring its own advantages to the table, such as speed, expertise, and moral adhesion. Therefore, state regulation and self-regulation do not have to be antagonistic models, they can compliment each other and compensate each other’s disadvantages. Public and private sector can create a dialogue and act as partners.  117 BIBLIOGRAPHY Books Bakan, Joel et al. Canadian Constitutional Law, 3rd ed (Toronto: Edmond Montgomery Pub., 2003). Baldwin, Robert & Cave, Martin. Understanding Regulation: Theory, Strategy, and Practice (Oxford: Oxford University Press, 1999). Biegel, Stuart. Beyond Our Control? Confronting the Limits of Our Legal System in the Age of Cyberspace (Cambridge: MIT Press, 2001). Boddewyn, Jean J. Advertising self-regulation and outside participation: a multinational comparison (New York: Quorum Books, 1988). Boddewyn, Jean J. Global perspectives on advertising self-regulation: principles and practices in thirty-eight countries (New York: Quorum Books, 1992). Bonnici, Jeanne Pia Mifsud. Self-Regulation in Cyberspace (The Hague: TMC Asser Press, 2008). Bosch, Dorit. Die ‚Regulierte Selbstregulierung’ im Jugendmedienschutz- Staatsvertrag (Frankfurt: P. Lang, 2007). Briggs, Asa. The Welfare State in Historical Perspective in The Collected Essays of Asa Briggs, Vol 2 (Brighton: Harvester Press, 1985). Bröhmer, Jürgen. Die Selbstkontrolle im Medienbereich in Europa: Eine Rechtsvergleichende Untersuchung, in Jörg Ukrow,  Selbstkontrolle im Medienbereich und europäisches Gemeinschaftsrecht  (München/Berlin: Jehle Rehm, 2000). Chemerinsky, Erwin. Constitutional Law: Principles And Policies, 3ed (New York: Aspen Publishers, 2006). Clapham, Andrew. The “Drittwirkung” of the convention, in Ronald MacDonald, Franz Matscher,  Herbert Petzold, The European system for the protection of human rights (Dordrecht: M. Nijhoff, 1993). Cotterell, Roger. Comparative Law And Legal Culture, in Matthias Reimann, Reinhard Zimmermann, The Oxford Handbook of Comparative Law (New York: Oxford Univers. Press, 2008 ).  118 Ehlers, Jan. Aushöhlung der Staatlichkeit durch die Privatisierung von Staatsaufgaben? (Frankfurt: Peter Lang, 2003). Finckh, Andreas. Regulierte Selbstregulierung im Dualen System (Baden-Baden: Nomos 1998). Froomkin, A. Michael. Semi-private international rulemaking: Lessons learned from the WIPO domain name process  in Christopher Marsden, Regulating the Global Information Society (London, New York: Routledge 2000) Froomkin, A. Michael. The Internet as a Source of Regulatory Arbitrage in Brian Kahin, Charles Nesson, Borders in Cyberspace (Cambridge: MIT Press, 1997). Geist, Michael. Internet Law in Canada (Ontario: Captus Press, 2002). Gould, Mark. Locating Internet governance: Lessons from the standards process in Christopher Marsden, Regulating the Global Information Society (London, New York:  Routledge 2000). Grewlich, John. Governance in Cyberspace: Access and Public Interest in Global Communications (The Hague: Kluwer Law International, 1999). Hahn, Werner & Vesting, Thomas. Beck'scher Kommentar zum Rundfunkrecht (München: Beck, 2008). Haufler, Virginia. A public role for the private sector: industry self-regulation in a global economy (Washington D.C.: Carnegie Endowment, 2001). Hoeren, Thomas. Selbstregulierung im Banken- und Versicherungsrecht (Karlsruhe: VWW, 1995). Hoffmann-Riem, Wolfgang. Regulating Media: The Licensing and Supervision of Broadcasting in Six Countries (New York: Guildford Press 1996) Hogg, Peter W. Constitutional Law of Canada (Ontario: Thomson Carwell, 2007). Hood, Christopher. Administrative Analysis (Brighton: Wheatsheaf 1986). Jellinek, Georg. System der subjektiven öffentlichen Rechte, 2. Auflage (Tübingen: Mohr, 1919). Keil, Mark & Carmel, Erran. Customer-developer links in software development (New York: ACM, 1995).  119 Kleinsteuber, Hans J. The Internet between Regulation and Governance, in Christian Möller, Arnaud Amouroux. The Media Freedom Internet Cookbook (Vienna: OSCE, 2004). Kloepfer, Michael. Umweltrecht, 3. Auflage (München: C.H. Beck 2004). Koepsell, David R. The Ontology of Cyberspace (Peru: Open Court Publishing 2000). König, Klaus. Instrumente und Formen staatlichen Handelns (Köln: Heymann, 1993). Larenz, Karl. Methodenlehre der Rechtswissenschaft, 5. ed (Berlin: Springer, 1983). Lessig, Lawrence. Code and other laws of cyberspace (New York, Perseus 1999). Locke, John. Two Treaties of Government, (London: Dent 1962). Loughlin, Martin. Administrative Accountability in Local Government (York: Joseph Rowntree Foundation, 1992). Mayntz, Renate. Politische Steuerung und gesellschaftliche Steuerungsprobleme, in Thomas Ellwein et al, Jahrbuch zur Staats- und Verwaltungswissenschaft Band 1 (Baden-Baden: Nomos, 1997). Meiklejohn, Alexander. Political Freedom: The Constitutional Powers of the People (New York: Harper, 1960). Michaels, Ralf. The Functional Method of Comparative Law, in M. Reimann, R. Zimmermann, The Oxford Handbook of Comparative Law (New York: Oxford Univers. Press, 2008). Müller, Friedrich & Christensen, Ralph. Methodik I, 10ed (Berlin: Duncker & Humblot, 2009). Neelankavil, James P. & Stridsberg, Albert B. Advertising self-regulation: a global perspective (New York: Hastings House, 1980). Ogus, Anthony. Regulation: Legal Form and Economic Theory (Oxford: Clarendon Press, 1994). Persson, Torsten & Roland, Gerard & Tabellini, Guido. Separation of Powers and Accountability (1997) 112 no. 4 Quarterly Journal of Economics 1163-1202. Peters, Anne. Einführung in die Europäische Menschenrechtskonvention (München: C.H. Beck, 2003).  120 Pieroth, Bodo & Schlink, Bernhard. Grundrechte, Staatsrecht II (Heidelberg: C.F. Müller, 2009). Poullet, Yves. How to regulate Internet: New paradigms for Internet governance self- regulation, in Monville, Claire, Variations sur Ie droit de la societe de 1'information (Bruxelles, Bruylant,, 2001) Price, Monroe E.& Verhulst, Stefaan. Self-Regulation and the Internet (The Hague: Kluwer Law International 2005) Reschenthaler, Gilbert B.Direct regulation in Canada: some policies and problems, in W.T. Stanbury, Studies on regulation in Canada (Toronto: Butterworth, 1978). Schulz, Wolfgang. Demokratie und Selbstregulation, in Christian Büttner & Joachim von Gottberg, Staatliche Kontrolle und selbstregulative Steuerung (Frankfurt: campus, 2002). Strayer, Joseph. Dictionary of the middle ages (New York: Charles Scribner’s Sons, 1985). Weber, Steven. The Success of Open Source (Cambridge: Harvard University Press, 2004). Young, Stephen & Lowe, A. Vaughan. Intervention In The Mixed Economy (London: Croom Helm, 1974). Zippelius, Reinhold. Allgemeine Staatslehre, 14. Auflage (München: C.H. Beck, 2003). Zweigert, Konrad & Kötz, Hein. An Introduction to Comparative Law, translated by Tony Weir (Oxford: Clarendon Press, 1998).  121 Journals Besek, June M. Anti-Circumvention Laws and Copyright: A Report from the Kernochan Center for Law, Media and the Arts (2004) 27 Columbia  Journal of Law & Arts 385. . Black, Julia. Constitutionalising Self-Regulation (1996) 59 Modern Law Review 24. Callies, Christian. Inhalt, Dogmatik und Grenzen der Selbstregulierung im Medienrech (2002) AfP Zeitschrift für Medien und Kommunikationsrecht 465. Cane, Peter. Self Regulation and Judicial Review (1987) 6 Civil Justice Quarterly 324. Cannataci, Joseph A. & Bonnici, Jeanne Pia Mifsud. Can Self-regulation Satisfy the Transnational Requisite of Successful Internet Regulation? (2003) 17 International Review of Law and Computers & Technology 51. Caral, Jose Emmanuel A. Lessons from ICANN: Is self-regulation of the Internet fundamentally flawed? (2004) 12 International Journal of Law and Information Technology. Christiansen, Per. Selbstregulierung, regulatorischer Wettbewerb und staatliche Eingriffe im Internet (2000) 3 Multimidia und Recht 123. Cortes Dieguez, Juan P. An analysis of the UDRP experience – Is it time for reform? (2008) 24 Computer Law & Security Report 349. Di Fabio, Udo. Die Verwaltung und das Verwaltungsrecht zwischen staatlicher Steuerung und gesellschaftlicher Selbstregulierung (1997) 56 Veröffentlichungen der Vereinigung der Deutschen Staatsrechtslehrer 235. Dry, Murray. Free Speech In Political Philosophy And Its Relation To American Constitutional Law: A Consideration Of Mill, Meiklejohn, And Plato (1994) 11 Constitutional Commentary 81. Eberhard Schmidt-Aßmann. Regulierte Selbstregulierung als Element verwaltungsrechtlicher Systembildung (2001) Die Verwaltung Beiheft 4. Eifert, Martin. Regulierte Selbstregulierung und die lernende Verwaltung, in Wilfried Berg et al., Regulierte Selbstregulierung als Steuerungsform des Gewährleistungsstaates (2001) Die Verwaltung Beiheft 4 137. European Consumer Law Group, Nonlegislative Means of Consumer Protection (1983)  122 VI 2 Journal of Consumer Policy 209. Genghini, Riccardo. Global relevance of the European Electronic Signatures co- regulation process (2001) 9 DuD at 511. Goldsmith, Jack L. Against Cyberanarchy (1998) 65 University of Chicago Law Review 1190. Grimm, Dieter. Regulierte Selbstregulierung in der Tradition des Verfassungsstaates (2001) Die Verwaltung 4 Beiheft 10. Grewlich, Klaus W. Umweltschutz durch „Umweltvereinbarungen nach nationalem Recht und Europarecht (1998) Die öffentlich Verwaltung 54. Groß, Thomas. Selbtregulierung im medienrechtlichen Jugendschutz am Beispiel der FSK Fernsehen (2004) 12 Neue Zeitschrift für Verwaltungsrecht. Hardy, Trotter. The Proper Legal Regime for Cyberspace. (1994) University of Pittsburgh Law Review 993. Hofmann, Jeanette. Internet Corporation for Assigned Names and Numbers (2007) Global Information Society Watch 39. Huepkes, Eva. Self-regulation or Co-regulation? (2009) 5 Journal of Business Law 427. Johnson, David R. & Post, David. Law and Borders – the Rise of Law in Cyberspace(1996) 48 Stanford Law Review 1367. Lessig, Lawrence. The Zones of Cyberspace (1996) 48 Stanford Law Review 1403. Lipton, Jacqueline D. Beyond cybersquatting: taking domain name disputes past trademark policy (2005) Vol 40 No 4 Wake Forest Law Review 1361. McGonagle, Tarlach. Co-Regulation of the Media in Europe: The Potential for Practice of an Intangible Idea (2002) 10 IRIS Plus. Merrill, Thomas W. The Constitutional Principle Of Separation Of Powers (1991) Supreme Court Review 225-260. Page, Alan C. Self-Regulation: The Constitutional Dimension (1986) 49 The Modern law review 141. Palzer, Carmen.  Co-Regulierung als Steuerungsform für den Jugendschutz in den audiovisuellen Medien – eine europäische Perspektive (2002) 12 Zeitschrift für Urheber- und Medienrecht 875. Palzer, Carmen. Co-Regulation of the Media in Europe: European Provisions for the  123 Establishment of Co-regulation Frameworks (2002) 6 IRIS Plus. Reidenberg,  Joel. Lex Informatica: The Formulation of Information Policy Rules Through Technology (1998) 76 Texas Law Review 553. Reitz, John C. How to Do Comparative Law (1998) 46 The American Journal of Comparative Law 617. Ring, Wolf-Dieter. Die Regulierung der elektronischen Medien im Zeitalter von Digitalisierung und Globalisierung (1999) Wirtschaft und Verwaltung 191. Schoch, Friedrich. Privatisierung von Verwaltungsaufgaben (1994) Deutsche Verwaltungsblatt 962. Shapiro,  Andrew L. The Disappearance of Cyberspace and the Rise of Code (1998) 8 Seton Hall Constitutional Law Journal 703. Trudel, Pierre. Les effet juridique de l’autoréglementation (1989) 19 Revue de droit de l'université de Sherbrooke. Wu, Timothy. Application-Centered Internet Analysis (1999) 85 Virginia Law Review 1163.  124 Online materials ABCe, Delivering Safer Online Advertising with IASH f. Alberts, David S. & Papp, Daniel S. The Information Age: An Anthology on Its Impact and Consequences (1997) Bangemann, Martin et al. Europe and the global information society (1994) Barlow, John Perry. A Declaration of the Independence of Cyberspace Fri (02/09/96) Bauer, Johannes M. & Wilsey, Michelle F. National And Supra-National Regulation Of Cybernetworks And Telecommunications Carriers, draft (09/27/96) BBC News. Google's YouTube wins Viacom copyright case (06/24/2010); BBC News. Visualising the Internet Commission of the European Communities. European Governance, a white paper (2001) Connolly, Chris. The US Safe Harbor – Fact of Fiction? (2008) 8/safe_harbor_fact_or_fiction.pdf. Council of Europe. Convention on Cybercrime (2001) Council of Europe. Convention on Cybercrime, CETS No: 185 (01/19/2010) =&CL=ENG; Department of Commerce. US Frequency Allocation Chart Dignan, Larry. Google Turns to Nexicon for YouTube ID System (11/06/08)  125 system. Doctorow, Cory. MSFT outfits Chinese Mini True's Room 101 (02/01/04) EASA. Advertising self-regulation, The Essentials (2003) http://www.easa- E-Commerce Times, Chris Maxcer. Amazon Wrangles Warner Into No-DRM Club (12/28/07) Into-No-DRM-Club-60982.html?wlc=1219268887. Economic Expert. Canadian Charter of Rights and Freedoms m. EESC. The Current State of Co-Regulation and Self-Regulation in the Single Market, Pamphlet Series (2005) ESRB. What is the ESRB Europa Press Release. Data protection: Microsoft agrees to change its .NET Passport system after discussions with EU watchdog, 01/30/2003 ML&aged=0&language=EN&guiLanguage=en. European Parliament and Council. Decision adopting a multiannual Community action plan on promoting safer use of the Internet by combating illegal and harmful content on global networks, 276/1999/EC, s. 10. http://eur- European Parliament and Council. Decision establishing a multiannual Community Programme on promoting safer use of the Internet and new online technologies, s. 3 http://eur- F Federal Trade Commission. Marketing Violent Entertainment to Children: A Review of Self-Regulation and Industry Practices in the Motion Picture, Music Recording  126 and Electronic Games Industries (2000) Garfinkel, Simson. DNS: The Problematic Phone Book of Cyberspace (1997) Geist, Michael. Project Cleanfeed Canada (11/29/06) Hengesbaugh, Brian et al. Why are more companies joining the U.S.-EU Safe Harbor privacy framework? (01.01.10) es_joining_u.s._eu_safe_harbor_privacy_framework/. IAB. A Brief History of The Internet Advisory, Activities, Architecture Board (last accessed 07/10/09) IAB. IASH suspends member for code infringement (07/17/08) IASH, IASH Constitution (01/2010) pdf. IASH. 16 IASH members recertified through 'Random Audits’ ndom_audits.html. IASH. IASH Code of Conduct v10.1 (01/2010) IASH. FAQ ainst_inappropriate_content.html. Auditor auditor.html. ICTSB. Final Report of the EESSI Expert Team (07/20/99) ICTSB. Framework for EESSI Standards and Classes for Electronic Signatures, Issue 2.0 (09/06/00)  127 v2.0.doc ICTSB. Who are the board members? Industry Canada. Canadian Table of Frequency Allocations 08.pdf/$FILE/spectallocation-08.pdf. ITA. European Union Safe Harbor Overview ITA. Welcome to the U.S.-EU & Swiss Safe Harbor Frameworks Kennard, William E. Vision to mission: a blueprint for architects of the global information infrastructure (1999); Klensin, John. Simple Mail Transfer Protocal (2001) Lehouck, Anne. Electronic Signature – Legal Framework & Standardisation (05/2001) %20in%20the%20EU%20perspective_Lehouck.ppt. Lessig, Lawrence. Codev2 (2006) Lessig, Lawrence. The Future Of Ideas: The Fate Of The Commons In A Connected World (2001) Liikanen, Erkki. Speech at the EESSI conference of 19 June 2001 (speech 01/299) mat=HTML&aged=0&language=EN&guiLanguage=en. Mathiason, Nick. The Observer, Microsoft in human rights row (02/01/04) Mc Afee. McAfee Threats Report: Second Quarter 2009 Murray, Jamie. Public Key Infrastructure Digital Signatures and Systematic Risk, Journal of Information, Law and Technology (JILT) 2003 27133/26691.  128  129 Nexicon. Nexicon and YouTube(TM) Form Partnership (09/11/08) Ombudsperson B.C., About Otlacan, Otilia. eSpot Ad Network Suspended from IASH (04/16/10) from-iash/. Parliament, Council and Commission of the European Communities. Interinstitutional Agreement on better law-making (2003) http://eur- DF Reagle, Joseph M. Why the Internet Is Good. 19990326.html Reuters UK, Kate Holton. Restriction-free music sales soar on (07/07/08) Sandvine. Analysis of Traffic Demographics in North-American Broadband Networks (2008) oadband_Networks.pdf. Schulz, Wolfgang et al. Study on co-regulation measures in the media sector, Final report (2006) Schulz, Wolfgang et al. Study on Co-Regulatory Measures in the Media Sector, Interim Report (05/19/2005) Socolofsky, Theodore et al. A TCP/IP Tutorial (1991) Steinert-Threlkeld, Tom. YouTube: Does your video ID system really work? (11/06/08) work/10689. Steinert-Threlkeld, Tom. YouTube's video ID system: Is 75 percent accuracy good  130 enough? (11/08) Swire, Peter. Markets, Self-Regulation, and Government Enforcement in the Protection of Personal Information (1997) US Government. A Framework For Global Electronic Commerce (1997) WIPO. Record Number of Cybersquatting Cases in 2008 (03/16/09) YouTube, How do we implement YouTube's content policies? YouTube. Audio-ID and Video-ID YouTube. Block, Monetize, or Track Viewing Metrics YouTube. Community Guidelines YouTube. Copyright Claim Disputes: Video ID Disputes  Zakon, Robert. Hobbes' Internet Timeline ZDNet. YouTube video identification: The Basics 


Citation Scheme:


Citations by CSL (citeproc-js)

Usage Statistics



Customize your widget with the following options, then copy and paste the code below into the HTML of your page to embed this item in your website.
                            <div id="ubcOpenCollectionsWidgetDisplay">
                            <script id="ubcOpenCollectionsWidget"
                            async >
IIIF logo Our image viewer uses the IIIF 2.0 standard. To load this item in other compatible viewers, use this url:


Related Items