The issue of Internet regulation has long been tied to the question of Internet service-provider liability. As the gateways to the Internet, ISPs were quickly identified as a potential "choke point" in the system that could effectively be used to regulate Internet activity.
ISPs cringed at the prospect that they might be held responsible for the conduct of their subscribers, arguing that they should be seen as an Internet equivalent to the phone company.
Just as phone companies are not responsible for the conduct of their subscribers or the content of the phone calls carried on their systems, ISPs contended that they should not be held responsible for the conduct of their users nor the content accessed on their networks.
While Canada has not yet developed legislation specific to Internet intermediaries, the U.S. Congress has been particularly responsive to the ISP's argument, enacting a provision in the Communications Decency Act of 1996 that granted near complete immunity to Internet intermediaries.
While most envisioned the statute would apply chiefly to ISPs, e-commerce giants such as eBay and Amazon.com have been prime beneficiaries of the law. They successfully invoked the statutory protection when facing claims of liability for allegedly defamatory postings or infringing sales on their sites.
Earlier this month, a U.S. appellate court broadened the statutory protection yet again. The court ruled that an online matchmaking service could not be held liable for an incident of identity theft, relying on the immunity provision as the basis for its decision.
The case involved a false posting on Matchmaker.com purported to be from Christine Carafano, a popular actress. The posting included a photo along with Carafano's e-mail and home address. After the actress began receiving death threats at home, she proceeded to unsuccessfully sue the service.
While U.S. law has provided strong protection for intermediary liability that might arise due to content that appears on their sites and systems, regulators have been busy searching for alternative choke points that can be used to regulate online activity.
For example, financial institutions — the payment intermediary in most online gambling transactions — have been identified as a potential choke point.
Under pressure from authorities such as New York State attorney general Eliot Spitzer, some have agreed to stop accrediting online gambling merchant accounts.
Similarly, Google, the Internet's most popular search engine and information intermediary, is regularly asked to remove links to controversial content. While the search for choke points has indeed mushroomed, the true scope of intermediaries in the Internet context is only now being realized. In a global, interconnected network, the question is no longer who is an intermediary, but rather who isn't.
As anti-spam advocates place open servers and others who allow spam to proliferate on "blacklists," they acknowledge that the distribution of spam involves not one, but two intermediaries — the ISP that provides the spammer with Internet access and the party maintaining an e-mail server that enables the distribution of the spam message to millions of in-boxes.
Of even greater interest is the identification of individual Internet users as intermediaries. Consider the hundreds of subpoenas recently filed by the Recording Industry Association of America against ISPs requesting the identification of their subscribers engaged in music file sharing.
As the RIAA prepares to sue individual file sharers, the shift in tactics represents the latest form of intermediary liability — potential liability for the millions of users in peer-to-peer networks such as Kazaa and Grokster who are all themselves intermediaries in the circulation of music across the globe.
The intermediary label applies to individuals in a range of other instances as well.
Last year, pharmaceutical giant Eli Lilly paid a hefty fine to the U.S. Federal Trade Commission after it accidentally revealed the e-mail addresses of hundreds of Prozac users in a single e-mail.
While the fine served as an important reminder to carefully safeguard personal information, most Internet users will recognize the incident as a fairly common occurrence.
Many individuals similarly become privacy infringement intermediaries when they accidentally hit "reply all" to an e-mail and in the process reveal dozens of e-mail addresses to all recipients.
Over the past two weeks, as the MSBlast and SoBig viruses spread across the Internet, millions of individuals became computer crime intermediaries. Most viruses depend upon a simple yet very effective distribution system — propagation through millions of individual users who serve as intermediaries in passing along the virus to friends and colleagues.
With Internet users joining ISPs, e-commerce companies, financial institutions and search engines as intermediaries, we must begin to reconsider what it means to be an intermediary on the Internet.
While the initial reaction was to provide broad legal protection for intermediaries, it may be time to re-evaluate that approach.
The issue has ceased to become whether an intermediary bears responsibility when harmful activity occurs online. The question is now which intermediary bears responsibility.