By Natasha Tusikov, Baldy Centre for Law and Social Policy, University of Buffalo at the State University of New York
Who makes the rules that govern how we use services and technologies on the Internet, and how are those rules implemented and enforced? Public concern over Internet surveillance peaked in 2013 with Edward Snowden’s dramatic disclosure of highly classified files. The Snowden files reveal that the U.S. National Security Agency (NSA) and its allies are highly reliant upon large, U.S.-based Internet firms, particularly Google, Yahoo, Microsoft, and Facebook, among others. These firms are ideally suited to facilitate mass surveillance as many of their applications and services are premised upon sharing personal information and cultivating ever-expanding social and professional networks. Google, for example, logs our searches, scans our emails sent using Gmail, maps our social networks in Google+, and tries to predict our search terms. Companies like Google and PayPal can also influence how we understand and use certain technologies and services on the Internet as they make and enforce rules governing the use of their platforms. Further, they can do so in ways that are opaque and contrary to the public interest by chipping away at fundamental digital rights like privacy and freedom of expression.
The Snowden files have laid bare Internet firms’ facilitation of state surveillance practices on the Internet, particularly by the U.S. government. In contrast, the firms’ activities on behalf of corporate actors are relatively unknown. With the rapid growth of the Internet, companies with large, global operations, such as Google, PayPal, eBay, and Yahoo, have developed a considerable capacity to set rules for their services that can affect hundreds of millions of their users worldwide. These firms act as gatekeepers, parties that can facilitate and/or control the flow of particular phenomena, such as individuals, information, behaviour, or funds and are not the primary authors or beneficiaries of the wrongdoing. Generally, these gatekeepers are understood to function more efficiently and cost-effectively as regulators than if states or other private actors were to try to control the same wrongdoing. Rights holders, for instance, argue that PayPal can identify and target sites selling counterfeit goods much more easily and cheaply than can Gucci. My research focuses on some of the largest U.S.-based Internet companies that dominate their respective industry sectors. PayPal, Visa, and MasterCard are the dominant online payment providers and GoDaddy is the largest domain name registrar globally. Google is the world’s largest search and advertising provider, while Yahoo and Microsoft’s Bing have a much smaller share of the search and online advertising markets.
These companies have sophisticated surveillance and enforcement programs that they employ on behalf of rights holders of intellectual property like Gucci, Nike, or the pharmaceutical company Pfizer. Advocates of greater protection for intellectual property argue that the online distribution of counterfeit goods (unauthorised reproductions of trademarked products and a form of trademark infringement) is a problem too pervasive and complex for rights holders to address alone. To strengthen anti-counterfeiting enforcement efforts, rights holders are increasingly pressuring Internet firms – from payment providers and advertising platforms to search engines and domain service providers – to crack down on the online distribution of counterfeit goods. In particular, rights holders want Internet firms to withdraw their services from websites selling counterfeit goods. Rights holders ask
- search engines to remove infringing search results;
- payment providers to terminate merchant accounts of infringing sites;
- advertising providers to prevent ads from ending up on those sites; and,
- domain registrars to cancel domain names.
Companies with global operations and sizeable market share, like Google and PayPal, have a significant capacity to regulate their platforms to address and prevent wrongdoing. PayPal, Visa, and MasterCard, for example, can withdraw their payment processing services from targeted websites selling counterfeit goods, thereby rendering the websites commercially non-viable. This regulatory strategy is intended to deprive targeted websites of essential commercial and business services, like payment, advertising, and domain services.
Internet firms are able to police their platforms for wrongdoing and act as gatekeepers for rights holders through the contractual terms-of-use agreements they have with their users. Users may directly accept a terms-of-use agreement, such as when one signs up for a PayPal account. Other contractual agreements are subtler: users may signal their acceptance by clicking on a webpage. Firms’ terms-of-use agreements incorporate public laws, such as those that prohibit the sale of counterfeit goods. They also include industry standards or company-specific rules. Google, for example, restricts advertisements for certain types of legal services and products, such as those for adult merchandise and online pharmacies. The agreements also set out procedures by which the companies conduct investigations of wrongdoing, processes for users to make appeals or challenge decisions, and list sanctions. MasterCard, for example, explicitly sets out procedures for rights holders to make complaints about online vendors selling counterfeit goods.
Internet companies can sanction users who violate their terms-of-use contracts by restricting or terminating services. PayPal, for example, can restrict its services to individuals who violate their policies, or cancel their accounts altogether. If PayPal determines that a website is selling counterfeit goods, it sends an email to the site operator saying that the website’s PayPal account is terminated. It is relatively simple for rights holders to work with Internet firms to police their intellectual property:
- Rights holders make a complaint of infringement to the Internet firm.
- They provide some sort of evidence (often a sworn statement) and proof of ownership of the trademark in question.
- If the complaint constitutes a violation of the Internet firm’s contractual terms-of-services agreement, the offending content is removed or the service is disabled.
As many Internet firms have a contractual relationship with their users, they can identify and sanction violations of their policies quickly and without any court order or judicial oversight. These features make Internet firms valuable gatekeepers for rights holders.
As Internet firms are increasingly becoming gatekeepers for rights holders, they are fundamentally re-shaping the manner in which online information and activities are regulated. Given their global reach, significant market share, and technologically sophisticated enforcement programs, these companies have a significant regulatory capacity. By tapping into Internet firms’ enforcement capacity, rights holders can target infringement globally and police large numbers of websites that they allege are selling counterfeit goods. Google, PayPal, Yahoo, and other large Internet companies enable rights holders to police large populations of people in ways that were previously unattainable, technologically unfeasible, or prohibitively expensive. Moreover, they can do so in ways that are unaccountable and relatively secretive.
Internet companies have another important characteristic that make them powerful gatekeepers. They have significant latitude to make and enforce rules governing the use of their platforms and services by Internet users, as well as to issue sanctions to those who violate their rules. They can rapidly change their terms-of-use agreements, thereby creating or augmenting rules that govern how individuals use their services. The companies often make these changes to their contractual agreement in ways that are not easily apparent to or understood by their users until they are unable to access certain information or use a particular service.
Regulation through gatekeepers can have broad repercussions that affect how individuals access and use particular technologies, services, and applications on the Internet. Given their size and market share, Google, PayPal, and other similar companies can act as private arbiters of the legality of certain types of technologies or services. They can do so by enabling certain services and constraining others. PayPal, for example, has threatened to withdraw its services from companies that offer virtual private network services or BitTorrent services. PayPal argues that these services can be used to facilitate access to unauthorised (i.e., copyright-infringing) versions of music and movies. However, there are many legitimate uses for these services for users that want, for example, to conceal their web traffic in authoritarian countries (virtual private networks) or share online content quickly, efficiently and cheaply (BitTorrent). Companies can legally determine what types of content and activities are appropriate for their platforms. In doing so, however, they can unfairly influence the types of new technologies and services prosper and which fail, and how individuals use those technologies. This sledgehammer approach to enforcement can inadvertently hinder the development of new technologies and services, or even deliberately retard innovation that may threaten established corporate interests and business models.
The Snowden files alerted us to an unprecedented online surveillance network facilitated by some of the largest and most popular Internet firms. These same firms are working as corporate gatekeepers for rights holders, often in ways that lack transparency and accountability. Their enforcement tactic – disabling targeted websites by denying important commercial and business services – can negatively affect legitimate businesses and users. Although this regulation is often done in the name of protecting consumers, there is little consultation with consumer organisations or consideration of how enforcement efforts may affect the general public. As Peter Bradwell from the U.K. Open Rights Group argues, online corporate regulation “should not be an excuse for invitation-only policy making.” An important consequence of Edward Snowden’s revelations is an increased sensitivity among the public toward digital privacy and digital rights in general. Amid continuing protests worldwide over corporate-state surveillance practices spurred by the Snowden files, there is clearly a need for a global debate on the nature and limits of regulation on the Internet, and the ways that corporate (and state) regulatory practices shape how we can access and use certain technologies and Internet services.
 Kraakman, Reiner H. 1986. “Gatekeepers: The Anatomy of a Third-Party Enforcement Strategy.” Journal of Law, Economics, & Organization 2:53-104.
 Castro, Daniel, Richard Bennett, and Scott Andes. 2009. Steal These Policies: Strategies for Reducing Digital Piracy. Washington, DC.
 For an account of payment providers acting as gatekeepers, see, e.g., MacCarthy, Mark. 2010. “What Payment Intermediaries are Doing About Online Liability and Why it Matters.” Berkeley Technology Law Journal. 25 (2): 1139-1122.
 MasterCard. N.d. “MasterCard Anti-Piracy Policy.” Retrieved June 9, 2013. (http://www.mastercard.com/us/wce/PDF/MasterCard_Anti-Piracy_Policy.pdf).
 Ernesto. 2011. “PayPal Bans Major File-Hosting Services over Piracy Concerns.” TorrentFreak 10 July 2012, Retrieved 23 July 2013. (https://torrentfreak.com/paypal-bans-major-file-hosting-services-over-piracy-concerns-120710/). Ernesto. 2012. “PayPal Bans BitTorrent Friendly VPN Provider.” TorrentFreak 22 June 2012, Retrieved 23 July 2013. (https://torrentfreak.com/paypal-bans-bittorrent-friendly-vpn-provider-120622/).
 Raustiala, Kal and Christopher Sprigman. 2012. The Knockoff Economy: How Imitation Sparks Innovation Oxford: Oxford University Press.
 Bradwell, Peter. 2011. “Website blocking part 1: two-tier policy making.” Open Rights Group, 9 November 2011, Retrieved 19 November 2013. (https://www.openrightsgroup.org/blog/2011/website-blocking-part-1:-two-tier-policy-making?quip_thread=blogPost6112&quip_parent=11662).