Document Type : Original article
Authors
1 Professor, Imam Sadiq University, Tehran, Iran
2 Assistant Professor, Imam Sadiq University, Tehran, Iran
Abstract
Highlights
This is an open access article distributed under the terms of the Creative Commons Attribution Non-Commercial License (CC BY NC), which permits distribution and reproduction in any medium, provided the original work is properly cited and is not used for commercial purposes.
Keywords
Introduction
To tackle political, security, economic, legal, cultural and social concerns, all governments place cyberspace policy-making within their agenda. This is indeed both a unique opportunity and a challenge for all countries. In one categorization, the general policies dominating the cyberspace could be divided into imperative and preventive. For instance, improving internet infrastructure is imperative, while imposing punitive policies is preventive.
Filtering is one of the preventive policies pursued by governments based on their value structures and meant to purify the cyberspace. A 2008 study by Ronald Deibert and his colleagues entitled “Access Denied, Practice and Policy of Global Internet Filtering” indicates that there are few countries without any policy in their agenda. What differentiates the countries and their experience in regulating cyberspace is both the limit and method of regulation. This paper offers a comparative analysis of three leading cases in the cyberspace that is the United States, the European Union, and China. Other than the leading role of these countries in cyberspace, this selection is based on diversity in the regulatory systems. In other words, the choice of case studies was based on their policy-making approaches in self-regulation, co-regulation and state regulation, so that the comparison would be valid and make sense. The analogy could put forth the effective alternative options as a package of proposals for the Islamic Republic of Iran’s cyberspace regulation policies.
To gain such an objective, the research tries to initially map out the structure within which it has been conducted. Afterwards, the cyberspace regulation systems in the US, the EU and China will be elucidated, while in the conclusion, the three systems will be compared and practical proposals, to be used in Iran, will be offered.
1. The Theoretical Framework of the Comparative Study
The results of some studies indicate that regulation systems in the above-mentioned cases can be analyzed from the following three perspectives:
1. The policymaking structure
2. The legal system
3. The Technical-executive order.
Based on these three aspects, the paper analyzes the ruling legal structure, the laws and orders and the processes through which regulations are implemented. Here, the three issues are being fully explained.
1.1. Structure of Regulation Systems
The term “regulation” has found a variety of definitions and equivalents in Farsi, which could cover a variety of concepts, including policymaking, agenda setting, legal supervision, ordering, setting up, etc. which indicates the widespread and different uses of the word. The same holds true when the term is applied in technical contexts. Referring to valid English dictionaries confirms the extensive applications and uses of the word, ranging from a thermometer to a country’s constitution.
Oxford Dictionary defines regulation as:
1. A rule or directive made and maintained by an authority, 2. The action or process of regulating or being regulated, 3. Person or organization that officially supervises an area of trade or industry to make sure that the rules are properly implemented (Wehmeier, 2005, p. 1275).
Similarly, Webster stresses two major meanings: an authoritative rule dealing with details or procedure and a rule or order issued by an executive authority or regulatory agency of a government and having the force of law (Costello, 1992, p. 1135). The four key responses in Longman are the following: an official rule or order, control over something, especially by rules, a person who controls the implementation of rules, a tool used to control temperature, speed, etc. (Summers, 2003, p. 1382). This last definition almost offers the same equivalents, while also refers to a physical tool rather than a social one.
As a result, the definitions offered for the term “regulation” allude to a wide range of concepts which can be categorized into the following binaries:
In general, “regulation” in this paper is the legal structure in charge of creating and enforcing order on a special field, whose decisions are obligatory to follow by the players in the field. Those decisions could include directives, tariffs, supervising the implementation, etc. The three major aspects of the nature of regulating structure, as far as this paper is concerned, are self-regulation, co-regulation, and state regulation. More specifically, the regulating system could follow three major patterns as Ansari (2011, pp. 98-99) illustrates:
1. Self-regulation (regulating by the individual)
2. State regulation (enforced by the government)
3. Co-regulation (enforcing a shared regulating system).
The logic behind the categorization derives from the nature of the structure that is, whether it is private or governmental. Basically, such a nature is limited to the following three forms: the regulations are set, ratified and implemented by the private sector and people, by the government, or by a combination of both the private sector and the state.
1.2. Legal System
The concept of the legal system in this paper refers to all legal documents including policies, laws, and rules which are ratified and implemented in regulating the cyberspace. In this regard, the paper is to offer a comprehensive picture of legal systems applied in the three case studies.
1.3. Technical-Executive System
The technical structure is a series of ideas and measures which are implemented at the executive level as a consequence of the policies and rules set by officials with regulation purposes.
2. Research Method
This research has been conducted with a document study approach through a library or descriptive analysis method. In this regard, the effort is to collect and analyze the legal documents of the countries and related sectors in accordance with the research question.
3. The United States of America
One must acknowledge the fact that the US was the country which founded the World Wide Web. In the same field, the US is still the pioneer in the infrastructure, service providing, content as well as user population. This has helped the country to access more options when it comes to cyberspace supervision and control. One clear example of the American influence and power in this regard is its possession and control over domain names. Additionally, is the widespread leadership of the online content, redirecting through offering cyberspace to other countries, also known as hosting services, which gives the US the advantage of path finding (Jalali Farahani, 2007, p. 21).
3.1. Regulation System
The cyberspace regulation system employed in the US is referred to as a self-regulating one which sets the policy itself (Frybman et al., 2008, p. 173). In other words, the private sector plays a key role in supervising and regulating the American cyberspace. The most active groups in such area are companies producing “parental control” software and access providers, which offer services to users in an optional manner.
In the US, cyberspace state control is mainly and only focused on schools and libraries (Deibert et al., 2008, p. 226) and is best manifested in CIPA (Children’s Internet Protection Act). Another clear example of self-regulation is the Digital Millennium Copyright Act (DMCA), which has been signed based on an agreement between copyright owners and representatives from electronic businesses, both from the private sector. Yet, in the case of the US, the self-regulation system does not deny the role played by the government in control and supervisions. In fact, a minimum minimal and emergency presence of the state is still visible. This will be later discussed in detail.
3.2. Legal System
Since 1996, the US has ratified five different internet regulation acts (some of which have been revoked by either individual courts or the Supreme Court. This will be explained later). The acts, in order of subject and ratification time, are listed below:
The paper elaborates on Details of all those acts later.
3.2.1. Communications Decency Act (CDA)
As part of the distant communications law (Deibert et al., 2008, p. 228), the CDA is considered as Congress’ first measure, taken in 1996, aimed at regulating children’s access to explicit sexual content on the internet (Jalali Farahani, 2007, p. 26).
The act stipulates that providing “indecent material” and “patently offensive content” to individuals below the age of 18 is regarded as an offense. Meanwhile, a “safe harbor” has been given to internet service providers to create technical barriers for children’s access to such material (Deibert et al., 2008, pp. 228-229). Simply, the Communications Decency Act criminalizes any conscious transfer of indecent content or message to underage users. There is also strong support and justification for people who, based on their goodwill, limit children’s access to the adult material (Deibert et al., 2008, p. 229).
However, the law was annulled by the US Supreme Court in 1997 (Deibert et al., 2008, p. 229). The court recognized that such terms as “indecent” and others used by the act were general and vague, thus declaring the act as violating the First Amendment. The only remaining binding portion of the act is the section which allows service providers to voluntarily introduce some provisions which could restrict access to content that is obscene, sensual, disgusting, graphic and violent. This makes the provider exempt from prosecution (Amn Afzar Gostar Sharif Service Provider, 2008, Chapter 1. Vol. 2. Report 2, p. 43).
3.2.2. Child Online Protection Act (COPA)
Reacting to the Supreme Court’s decision to revoke the Communications Decency Act (CDA), US lawmakers introduced a new bill: The Child Online Protection Act (COPA) (Balkin et al., 1999, p. 2; Deibert et al., 2008, p. 229). The legislation aimed at regulating children’s access to explicit sexual material on the internet and followed the cancelation of the CDA by the Supreme Court. It was ratified by Congress and made into law in October 1998.
COPA stipulates that the service providers report to authorities any material containing child pornography. Failure to do so results in a punishment of 50,000 dollars and a second failure would double the fine (Frybman et al., 2008, p. 176). The law also proposes connection and synchronization of the online account of parents to their credit cards, their user IDs, passwords and a digital certificate that could verify the user’s age and limit access to potentially damaging content for the ones below the legal age (Ameli, 2011, p. 346).
However, the story of COPA was similar to that of the CDA. Initially, a local Eastern Pennsylvania court placed a temporary ban on it and later in February 1999, it was completely annulled (Wang cited by Ameli, 2011, p. 345).
3.2.3. Child Internet Protection Act (CIPA)
The legislation was approved by Congress in December 2000 and came into force as of April 21, 2001. The law obliged all state schools and libraries, which are funded by the federal budget, to use the E-Rate software on their internet access. As part of a comprehensive plan to guarantee healthy internet use for children, the software versions were employed by the Federal Communications Committee, the Education Department and the Institute for Museum and Library Services. The plan includes technical supports that impose restrictions on users under the age of 17 in their online activities, which fully bans access to obscene pictures, child pornography as well as extremely dangerous material for minors. To achieve this goal, schools and libraries are required to be equipped with computers that have the preventive technical support. Still, the same law allowed a lift of the restrictions when parents are the users (Jalali Farahani, 2007, pp. 27-28).
Meanwhile, the law permits principals and librarians to temporarily deactivate the regulatory systems for adults and children in special cases for research or other permissible purposes (Deibert et al., 2008, p. 230). Libraries which follow the rule are all equipped with the Web Sense software. Although all libraries can use their own regulation settings in the system, they mainly heed recommendations by the consortium (Amn Afzar Gostar Sharif Service Provider, 2008, Chapter 1. Vol. 2. Report 2: 30). In practice, a small number of the libraries and schools refused to receive financial support. Provided that most of libraries and schools are dependent on the federal budget, it had been decided to install the regulator software (Deibert, et al., 2008, p. 229).
The American Civil Liberties Union and the American Library Association filed a lawsuit with the Supreme Court, claiming that the law was in breach of the First Amendment. The court, nevertheless, turned down the case. The Child Internet Protection Act, indeed, encourages some integration and involvement with the service providers and other internet companies. Moreover, CIPA helps them play a role by offering information to state officials while also taking some law enforcement as they are authorized to directly restrict access to controversial content (Frybman et al., 2008, p. 176).
3.2.4. Digital Millennium Copyright Act (DMCA)
When it comes to copyright laws, Congress specifies clear responsibilities for service providers. In 1998, the Digital Millennium Copyright Act (DMCA) incorporated into the Copyright Directive the 1989 Washington Treaty that was signed between intellectual property owners and representatives of electronic businesses and criminalized the circumvention of all literary and artistic properties.
The act exempts the service providers from liability when they are unaware of hosting information which violates the copyright of the owners, not beneficiary to the dissemination of the content, or is in breach of intellectual property laws. If the copyright owner reports the breach, the service providers face the deadline to either remove/make the content inaccessible within 10 days or pay the compensation. In this case, the content publisher must be notified for content removal/inaccessibility. Then the publisher would have a chance to issue a warning to the provider for removing the material. Afterwards, the service provider shall inform the intellectual property plaintiff concerning re-publishing the disputed content. However, this would not be the case if a lawsuit was filed against the person accused of copyright violation and demands a temporary court ruling (Frybman et al., 2008, p. 177).
3.2.5. USA Patriot Act
In the wake of the September 11 attacks, the US government policy suddenly shifted from “Cyber Democracy” to “Cyber Security”. 40 days into the attacks, October 26, 2001, the extensive and controversial Patriot Act was ratified allowing the FBI and the NSA to breach the privacy of users worldwide, and access and record their data. Subsequently, agents have been granted the authority to install so-called black boxes on the servers of the service providers. The aim is to fully track all online communication with residents of “hostile” nations and in-depth analysis to higher authorities (Jalali Farahani, 2007, p. 22).
Furthermore, in cases of good will, the act allows the service providers to leak information to the local or federal authorities if they find the case to be an emergency, or the information can save lives, or prevent serious damage to someone’s health. They have the permission to do so in such cases, while facing no legal pursuit. In fact, that’s where the service providers are immune from prosecution and protected against claims of breach of privacy laws. Providers are additionally encouraged to cooperate and act as law enforcement authorities (Frybman et al., 2008, p. 176).
3.3. Technical-Executive System
The United States is a progressive pioneer of internet regulation systems and the related software versions. Although the country applies those systems in a very limited manner, its products are being vastly used across the world (Amn Afzar Gostar Sharif Service Provider, 2008, Chapter 1. Vol. 2. Report 2, p. 14). Interestingly, the American regulatory system is more concerned with content removal than blockade (Deibert et al, 2008, p. 226). What makes removal a better option is that it leaves no space for circumvention. For a government to do so, it requires to be equipped with advanced infrastructure, especially hosting provisions.
There are two general technical regulation strategies on the internet that are employed in the US. They are divided into the ones for the final user and the ones for the service providers. Measures in the first strategy are either technically preventive or socially preventive. There is a large number of software developers in the US dedicated to techniques of parental control over children’s internet activities. The strategies for the final users are commonly proven to be more workable than regulation methods applied by service providers. The same level of attention has also been paid to social preventive strategies. For the latter strategy, the necessary training and awareness on internet threats and challenges is offered to children and young adults. The social preventive strategies balance the judgmental views toward the new generations that is held by the parents with less interaction with cyberspace (Jalali Farahani, 2007, Vol. 2: 23 and 24).
The three major techniques applied by the service providers are: a) enforcing the producers of obscene material to use XXX in their domain addresses, b) expanding top-level “kids” domains, and c) developing techniques for age verification conditions (Jalali Farahani, 2007, Vol. 2: 25).
4. European Union
The European Union is a bloc of advanced countries in the field of cyberspace and the internet. While making progress in both software and hardware technology, the EU faces its own threats, challenges and offences which the internet use might be associated with. This has made internet regulation a widespread and common issue in the EU making it no longer an exception (Deibert, et al., 2008, 186). In the following, a brief glance is taken at the EU’s plans and efforts made to regulate the cyberspace.
4.1. Regulation System
The European Union is known as a united bloc of countries with common policy-making strategies. It’s a zone where both states and the private sector are putting serious work into the internet regulation. In this regard, the member states have come to the common conclusion that enabling the final users by raising awareness, training, cautioning, and equipping them with the latest preventive hardware and software technology is way more workable than improving the cyberspace infrastructure (Jalali Farahani, 2007, Vol. 3: 28).
4.2. Legal System
A shared regional policy in the European Union is limiting the activities of the access provider, as part of which the “Electronic Commerce Directive” was ratified in 2008 (Deibert et al., 2008, p. 187). According to the directive:
Although the above directive enforced in the European Union eases the responsibilities faced by the service providers, it offers fewer benefits to them at the same time when compared to the Communications Act in the U.S. It also allows more state interference, prepares more ground for, and offers more support to professional entities which are trusted in internet content control (Frybman et al., 2008, p. 178). The directive does not force the service providers to control the information, which is recorded/transferred in their networks, or to actively monitor possible illegal activities there. Still, EU member states have the authority to oblige the service providers into reporting on illegal information and other violations conveyed to them through their clients and reveal the identities of the violators to the state as well. National courts and state officials are also allowed to force the internet service providers into restricting access to or totally removing material, which is viewed as harmful, illegal or in breach of other people’s rights (Frybman et al., 2008, pp. 178-179).
4.3. Technical-Executive System
From a macroscopic perspective, state regulation of the internet includes reducing the illegal content, blocking it, as well as purifying the results offered when such content is searched (Deibert et al., 2008, p. 186). In April 1996, the European Council requested the European Commission to draft “a summary of problems posed by the rapid development of the Internet,” and assess the need for policymaking. The commission reported “Illegal and Harmful Content on the Internet” as well as “The Protection of Minors and Human Dignity in Audiovisual Services.” Based on these reports, the Commission offered “a common framework for self-regulation (of the Internet) at the European level,” and devised an “Action Plan on Promoting Safe Use of the Internet.” The package, ratified on January 25, 1999, became operational in 2002 and was enforced until 2005 (Amn Afzar Gostar Sharif Service Provider, 2008, Chapter 1. Vol. 2. Report 2, p. 38; Deibert et al., 2008, p. 187). The 25-million-euro project proved a success, thus a second version was also developed, unveiled, and enforced between 2005 and 2008 (Ameli, 2011, p. 356). The budget allocated to the second phase was around 45 million euros (Amn Afzar Gostar Sharif Service Provider, 2008, Phase 1. Vol. 1. Report 2, p. 32). Based on the action plan, there were five vast areas which could help restrictharmful and illegal online content.
In the first category, it is noteworthy that in order to limit a flow of undesirable, harmful, and illegal content the establishment of a self-regulating order is an essential element. After the above proposal established, the relevant committee and panels on self-regulation and co-regulation were set up in 2004 to meet the following objectives:
The focus in this area is to activate the public capacity. Alongside the hosting servers and access providers, there is a third entity titled “Hotlines” consisting of professional private institutions. Hotlines play a key role in organizing and purifying the cyberspace and are being backed by the European Union and the national authorities. For example, INHOPE is a collaborative professional body, supported by the EU, which has launched 25 hotlines in 23 countries worldwide. The hotlines are ordered to convey warnings and reports to the service providers, police, and members of the foundation. A similar entity is Britain’s Internet Watch Foundation (IWF), which has reported its cooperative approach has helped reduce the country’s child abuse rate from 18% in 1997 to 4% in 2004 (Frybman et al., 2008, p. 180-181).
In the second category, emphasis is put on technical provisions, enabling users to limit and manage their exposure to unfavorable and harmful content as well as unwanted spam material. To do so, the following steps have taken:
There are a few points to be mentioned in this regard:
The third area asserts that public awareness of the layers of illegal, unwanted and harmful content needs to be elevated, while also supporting users and data as well as information and network are significant. It also demands that the expanding educational material addressing children should be placed on the agenda, since they are making much greater use of the internet compared to parents. Such plans should be implemented in the most appropriate and least costly manner and transferred through means of communication. Given the high significance and the important role of awareness among children and parents in preventing internet threats and tackling the challenges, this area receives 43 to 50 percent of the action plan’s budget (Jalali Farahani, 2007, pp. 19-20).
5. China
When it comes to both the quality and quantity of the internet regulation success, China is probably standing at the top, as a country that has “institutionalized the world’s most comprehensive regulatory regime in different network layers covering and blocking a variety of subjects,” (Deibert et al., 2008, p. 20). Such a position in internet regulation plus the similarity of China’s policy structure with that of Iran and the common strategies used in both countries, make China a significant case for the purpose of this research.
5.1. Policy-Making System
The ruling political and ideological structure in China that is based on communism has defined magnificent and widespread state influence in all sectors of Chinese life. The same holds true for the issue of internet regulation, where the country’s policy-making structure is visible and dominant. “Nearly from the introduction of the internet into China, the central government has realized that there were unknown potentials. Therefore, to prevent all the possible consequences, it took over not only the full ownership, but also the entire control over the new phenomenon (Jalali Farahani, 2007, p. 7). Yet, here, state policy-making does not necessarily deny the private sector’s role.it serves as the channel through which state power and influence are exercised. For instance, content control and state censorship are carried out through the supervision of non-state actors including foreign investors. Also in China, every individual is directly responsible for the content of the material they illegally publish on the net. At the same time, users who open up chart rooms or news groups are subject to be controlled and need to be approved by official sources (Frybman et al., 2008, pp. 184-185).
5.2. Legal System
The followings are the policy-making entities in China:
Since 1996, the Chinese government has issued a large number of rules and directives on regulating the internet. The country’s Ministry of Information Industry has implemented extremely restrictive laws aimed at preventing the publication of political interpretations which are not favored by the ruling system. This has led to the repeated issuance of many international reports on the Chinese government’s measures, to block various foreign and rights advocacy websites (Fray, 2006 cited by Ameli, 2011, p. 352). Some of those directives and rules have been enumerated below:
5.3. Technical-Executive System
China’s internet regulation system is worth studying as it is equipped with one of the world’s most complicated, penetrating and wide-reaching technical and executive structures (Amn Afzar Gostar Sharif Service Provider, 2008, Chapter 1. Vol. 2. Report 2, p. 14). This section explains the role of the concerned institutions and the key players in the field of regulation in full detail.
From the technical point of view, regulation is enforced in all of the three levels of the structure of China’s cyberspace. Therefore, this process is applied to the backbone network and is also employed by the service providers, home users, administrative users and the owners of cybercafés (Amn Afzar Gostar Sharif Service Provider, 2008, Chapter 1. Vol. 2. Report 1, pp. 17-19). Below is an explanation of the key players of the internet in China and the part they each take.
Level 1. Backbone network
What has been designed and implemented at this level as a massive national project is called the “Golden Shield” or the “Great Firewall” (Ameli, 2011, p. 353). The project is, in fact, China’s most important technical tool in internet access restriction. The firewall explores all the data packs and dynamically detects packs which contain the forbidden keywords, and then disconnects the link (Dibert et al., 2008, p. 37). The infrastructure can also be applied to emails, blogs, online boards and search engines (Hang, 2006, cited by Jalali Farahani, 2007, p. 8). The system has hired an army of thousands of human forces who directly oversee the online activities of users across China. The Chinese government considers such a system an essential factor in helping create a healthy cyber environment for Chinese people (Rouzbahani, 2014, p. 85).
Level 2. Internet service providers
These servers are all from the private sector and the intermediary between the national connected networks and the final users. They all have to supply their wide band through the backbone network. Access providers are required to record information on every 60 days of the online activities of the users, including registration numbers, phone numbers, addresses and domains of the pages visited and the connection times and hand over the data to the concerned authorities when they request them (Jalali Farahani, 2007, p. 8).
They are also required to install tracking software, implement oversight and control strategies and report to the relevant authorities once they detect a user with illegal activities. The servers also need to install programs to filter webpages deemed as saboteurs by the government (Frybman et al., 2008, p. 185). In a wide network, the major servers should further regularly share and exchange information about the banned websites. (Hang, 2006, cited by Jalali Farahani, 2007, p. 8)
The ICPs are concerned with issuing permit requests for businesses and in non-commercial areas they are responsible for releasing and filling in the special forms. They are required to control the content of their pages and immediately respond to any illegal material (Amn Afzar Gostar Sharif Service Provider, 2008, Chapter 1. Vol. 1. Report 2, p. 20). Therefore, according to Chinese law, all content providers need to register their identity with the central or provincial offices of the Culture Ministry (Amn Afzar Gostar Sharif Service Provider, 2008, Chapter 1. Vol. 2. Report 2, p. 37).
When it comes to news and media websites, Chinese control gets even tougher. Indeed, news story publishing on the web is in general forbidden unless it is done through a web page belonging to a government office or the State News Center Institutions. If a specific internet portal seeks to publish such news stories it has to observe all the specified conditions regarding professional editorial guidelines as well as financial resources and technical provisions (Amn Afzar Gostar Sharif Service Provider, 2008, Chapter 1. Vol. 2. Report 2, p. 37).
The same holds true for public websites. They are required to install the security software which can review and record all the messages sent and received by the users and report to the government all the “sensitive cases” (E.F.E. 2002, cited by Ameli, 2011, pp. 353-354).
One clear example here is the agreement between the Chinese government and Google. China has recently been using a new filtering method, based on which Google has agreed to refrain from opening specified page results for the search attempts by Chinese users (Diber et al., 2008, p. 48; Rouzbahani, 2014, p. 85)
In addition to such preventive measures, the Chinese government itself has further placed large emphasis on internet search services. To do so, it has established and expanded two home-grown and domestic engines, dubbed “Baidu” and “Yaesu”. While users search the sensitive keywords, the two engines will immediately prevent access and block the pages (Hang, 2006, cited by Jalali Farahani, 2007, p. 8).
Level 3. Final users
Since personal computers and home internet connection are not affordable by many people in China, cybercafés have found a special place where government control is heavily concentrated. The Ministry of Information Industry, the Culture Ministry, the Ministry of National Security and the Trade and Industry Department are responsible for regulating China’s cybercafés (Hang, 2006, cited by Jalali Farahani, 2007, p. 9).
Opening up a cybercafé in China is quite a demanding and complicated paper work process. In addition to going through such a stage, the owners must provide authorities with all the information regarding their working structure, the number of computers, the domains as well as their IP addresses, while also installing oversight software. In 2001 alone, 17,488 cybercafés were shut down. 28,000 others also received orders to immediately install the necessary oversight software. Alongside those control mechanisms, there are also cyber officers known as “Wang Guans” who constantly monitor the content and the users’ activities (Amn Afzar Gostar Sharif Service Provider, 2008, Chapter 1. Vol. 1. Report 2, pp. 18-19; Amn Afzar Gostar Sharif Service Provider, 2008, Chapter 1. Vol. 1. Report 1, p. 20; Hang, 2006, cited by Jalali Farahani, 2007, pp. 9-10).
Chinese users are required to register their personal computers to help accelerate the process of identification and surveillance conducted by the state. All users must sign a statement of obligation in which they express commitment not to jeopardize national security and public safety. The same approach applies to service providers. They are responsible for the activities of their clients, something which has pushed them toward extreme filtering methods (Hang, 2006, cited by Jalali Farahani, 2007, p. 10).
Conclusion
By this point, the paper has briefly reviewed three regulation systems rooted in three different approaches. The study of those systems exposes one to a series of ideas and proposals which could be applied to improve Iran’s regulatory system. In the conclusion section of this chapter, a comparative analysis of the three systems is offered, in which the differences existing among them are highlighted and the extracted finalized policies proposed for the Iranian system are fully elucidated.
- Comparative analysis
Different criteria exist, using which one can make comparisons among various countries. The paper has sought to draw the analogy among the three case studies based on factors such as policymaking, ownership, management, physical status, and time and software production quality.
Perhaps the most important criterion that distinguishes regulation systems could be sought in the policy-making structure. Earlier, the three strategies in policy-making including state regulation, co-regulation and self-regulation were fully discussed, where the research found out that the US is a country in which the third approach is employed. Although the legal cases of exception were alluded to, in which the state interferes, those cases were limited and the general regulation was conducted by the private sector. Proof for that is the large number of private regulation software developing firms, a multitude of private companies involved, regulation carried out through parental control, at schools, libraries, by service providers, etc. Here, the Digital Millennium Copyright Act (DMCA) is worthy of reference as a case in which the protection of such a right has been agreed upon by intellectual property owners and representatives from electronic businesses. The European Union, on the other hand, is where the co-regulation system is enforced and the cooperation between states and the private sector is emphasized. One evident case of such a strategy is the “hotline” project which is meant to create some infrastructure whereby state monitoring is done through the public’s eyes. The same level of cooperation is also visible in the three-year programs. The case of China, however, is an example of strict state regulation, in which the “Great Firewall” serves as the most significant project in a mere-government control of the cyberspace.
The status of different countries in other criteria could be predicted based on their regulatory systems. The second criterion is the ownership structure. Given the special importance attached to the private firms in the United States, the ownership system, there is non-monopolist, while in the EU it is semi-monopolist (proof of which is the “hotline” project and the private software producers). In China the case is one of full monopoly, as it is the state which is in complete control of developing the regulatory software.
When it comes to the management order, the issue is different. In the US, it seems that the six-point laws allow for a more palpable presence of the ruling system in regulation. One example is the federal government’s influence over regulation in libraries and state-run schools or the measures which have been devised to tackle child pornography. Thus the US management system in regulation has to be considered as a semi-centralized one. The same system, in a more serious fashion, is common in the European Union, while in the Chinese version it is entirely centralized. This is proven by the law which obliges everyone to register their computers in a centralized state-controlled database.
Another criterion for comparison could be the issue of “physical status” of the regulation system. As mentioned earlier, such a status has three aspects: 1-the communicated, 2-the channel, 3-the communicator. It seems that in the US, although the regulation process is focused on the communicator, it is partially applicable to the channel and the communicated as well. The key current of regulation in the US is dedicated to the production of home regulation software. Schools and libraries also install them, while access providers also play a major role in controlling child pornography, especially when such services are demanded by the users.
What is emphasized in the US, particularly when it is concerned with the fields of security and copyright, the priority is given to content removal rather than blocking. This is practicable given the fact that the US is home to the world’s major hosting infrastructure. Likewise, in the EU the regulation system exists in all the three fields, where the key role is played by the final users and the communicated themselves. Still, the part taken by access and hosting service providers in the EU is stronger than in the US. In China, serious concentration is placed on all the three. But the state role in the channel field with the firewall system is much more serious. Still, in China, content and access providers as well as cybercafés are required to install regulation software on their systems.
The criterion of time is the same in all the case studies, where it is of a perpetual nature. In other words, regulation is constant in all of them and does not have time limits. For instance, it does not temporarily stop during election times. In such cases, it even gets tougher and stricter. Finally, one can also allude to the quality of the production of the software. In all the cases, the US, the EU and China, it is domestic and homemade.
Table 1 offers in a nutshell the results of the comparison among the three cases.
Table 1. A comparative analysis of the subject countries
Country Criteria |
US |
EU |
China |
Regulation system |
Self-regulation |
Co-regulation |
State-regulation |
Ownership order |
Non-monopolist |
Semi-monopolist |
Monopolized |
Management system |
Semi-centralized |
Semi-centralized |
Centralized |
Physical status |
Communicator, channel, communicatee |
Communicator, channel, communicatee |
Communicator, channel, communicatee |
Time |
Perpetual |
Perpetual |
Perpetual |
Software production fashion |
Homegrown |
Homegrown |
Homegrown |
- Policy proposals for the case of Iran:
The following section firstly reviews the measures employed by the countries which are the subjects of the research. A package of proposals will be presented afterwards.
1. Key measures
The striking point one comes across while studying the cases of the US and the EU is their focus on the final users. The experience in those two locations has proven that the shift from the national and macroscopic regulation system to microscopic and individual ones is more workable and efficient. Such a concentration has the following characteristics:
In almost all the cases studied here state and public institutions are treated as significant entities in regulation. Basically, the economic logic in government offices is that the general use of the internet by employees remains controlled and overseen. In the US, this is more striking in the case of schools and libraries. In China, also there is a complicated surveillance system controlling user activities in cybercafés.
Based on a technical logic the removal of content is preferable over blocking, as it totally destroys the chance of circumventing the regulation measures. This is where the role played by hosting service providers becomes more effective and visible. Still, the technical prerequisite for such a policy is the fact that the hosting infrastructure has to be homegrown and data centers, which could offer an efficient contribution to content servers and service providers, must exist.
This is an issue which China has especially paid attention to by signing deals with such internet giants as Google and Yahoo. Negotiating with major service providers, search engines, email companies and social networking websites not only prepares the ground for new services in the host country, it also expands the surveillance and control strategies which the host governments can hire. In fact, transferring the data centers of those companies to the host country brings positive results for both sides.
The system has been actively implemented in the US and the EU, where officials have come to the conclusion that the policy is essential in making the society user- oriented and showing respect to the decisions taken by the users, particularly children and young adults. In such a system age rating is a priority. There are also others ideas applicable to occupational, educational, gender, ethnic and cultural ratings.
Finally, another plan pursued with great attention by the European Union has been set up international institutions dedicated to purifying the cyberspace with regard to common concerns shared by world nations. It seems that in the case of the Islamic Republic of Iran attention to international areas, particularly a regional focus on the Islamic world must be placed on the agenda.
2. Alternative proposed policies
The experience in the United States and the European Union proves that cyberspace regulation demands a comprehensive plan and that measures should not be specified to state and central levels. In other words, in such areas as policymaking, structures, human resources and processes, steps have to be taken to shift the focus toward decentralization. Such a policy in the first stage of regulation suggests a need for co-regulation and then self-regulation. With regard to structures and human resources, the same strategy proposes decentralized management and the active presence of different players in the cyberspace. At the operational level, it also calls for using various processes from cultural, economic, political, legal and technical fields. In what follows more light has been shed on the different aspects of the policy:
The experience in such countries as the United States, where lies most of the world’s internet infrastructure, especially in the hosting field, has proven that for regulation at a national level removal of content is preferred over blocking. The two techniques differ in the following:
1. In removal both the message and the content are uprooted from the network. Then the possibility of circumvention wouldn’t make sense anymore. Thus, naturally search engines would also fail to revive such material. However, in blocking both the message and the content still exist in the network and it is only the access which is denied.
2. Removal is done by hosting servers, while blocking is carried out by access providers.
3. The negative cultural and psychological consequences of removal are much less significant compared to blocking. In addition, when content is removed the friction only develops between the user and the content producers or the hosting servers and there is no tension with the regulator. But when material is blocked both tensions will grow between the users and the regulation system. The policy of content removal and the preference over blocking applies to cases in which communication infrastructure, especially hosting servers are controlled by the state. Therefore, a highly useful approach and a feasible one to be taken into account and employed at Iran’s newly-developed “National Information Network”.
Investing on surveillance in cyberspace could be regarded as a tool showing the ruling system’s authority. It seems that a state by enforcing maximal filtering while there is the possibility of using proxies will only will be reducing its own power and turning the internet into a tool against its own security and authority. It is therefore, highly recommended that the internet’s surveillance capacity in analyzing the response and behavior exhibited by users in the face of filtering is applied to wider and more appropriate policymaking. Prioritizing surveillance over filtering firstly helps with improving individual users’ self-oversight and secondly prepares the ground for the ruling system to strengthen its authority in the virtual world. To gain such an objective, the two following are proposed:
Note
This paper has been adopted from the doctoral thesis written by the second author and supervised by the first author at Imam Sadiq University.