Obstacles to Access: 0 (0–25)
Limits on Content: 6 (0–35)
Violations of User Rights: 14 (0–40)
Total Score: 20 (0–100)
Access to the internet and digital media technologies in the United Kingdom is among the best in the world. Nonetheless, potential threats to users’ rights to information and privacy have emerged in recent years, particularly as a result of inadequate transparency in the blocking of harmful content and extensive data retention. The first mobile-telephone call was made on January 1, 1985, and internet use became popular in the mid-1990s, though academic institutions had access prior to that.
The British experience has also raised concerns over the role of private actors, such as internet-service provider (ISP) associations, in the regulation and blocking of internet content, particularly when these self-regulatory mechanisms lack sufficient transparency and public oversight and when companies are susceptible to influence by powerful economic interests. An erosion of government observance of civil liberties since September 11, 2001 has also affected internet freedom and the right to privacy in general.
Obstacles to Access
The United Kingdom enjoys widespread internet access, including broadband, which is available even in rural areas and has been expanding in recent years. As of June 2008, the country had an estimated internet-penetration rate of 68.6 percent. In 2007, more than 86 percent of computer owners had a broadband connection, compared with 73 percent in 2006. Research suggests that high-speed internet is available to almost everyone, although the connection speed may vary according to the user’s distance from the exchange and the quality of the local network.1
The percentage of consumers who did not have an internet connection for involuntary reasons such as cost decreased to just 8 percent in 2007. This decline may stem from the introduction of bundled services, competing offers, and lower prices, coupled with “free” services awarded by some operators (Orange, Sky, TalkTalk, and others) when customers accept additional services such as line rental and mobile contracts.
Mobile-phone penetration is also extensive, with the number of mobile connections exceeding the total population. In 2006, the country had the second-highest penetration of mobile connections per head in Europe. Many individuals own more than one mobile phone, and the average is 1.44 subscriptions each.2 In 2007, household subscriptions to mobile-phone service exceeded fixed lines for the first time. While 16 percent of the population still does not own mobile phones, most in this group are either very young, very old, or too poor to do so.3 Mobile phones with both second generation (2G) services, including SMS (text messaging), and third generation (3G) features, including high-speed internet and multimedia capabilities, are available to the majority of the population.
The government does not place limits on the amount of bandwidth ISPs can supply, and the use of internet infrastructure is not subject to governmental control. Internet protocols and tools such as Voice over Internet Protocol (VoIP), peer-to-peer (P2P) networks, and advanced web applications are not subject to blocking. For example, the YouTube video-sharing site, the social-networking site Facebook, and international blog-hosting services are freely available. Users also have access to circumvention technologies, which they employ most often in workplaces or universities that have installed filtering tools and software.
The United Kingdom provides a competitive market for internet access, with approximately 700 ISPs in operation. ISPs are not subject to licensing but must comply with the general conditions set by the Office of Communications (Ofcom), such as having a recognized code of practice and being a member of an alternative dispute-resolution scheme. Prior to July 2003, any mobile-phone company operating in the country had to obtain a license under the Telecommunications Act of 1984. In 2003, however, this arrangement was replaced by the General Authorization regime, under which licenses are no longer required for providing communications networks or services, and everyone is “generally authorized” to do so.4 Major mobile-phone providers, such as Vodafone, Orange, T-Mobile, and O2, operate on this basis.
Ofcom is the independent regulator and competition authority for general communications industries, including telecommunications and wireless communications services. Ofcom is generally viewed as fair and independent in its oversight. Its main legal duties are to ensure that the United Kingdom has a wide range of electronic communications services, including high-speed or broadband information services.
Limits on Content
While access to online content, including that addressing domestic politics and human rights violations, is extensive and free of significant barriers, some restrictions exist on terrorism-related content, and in at least one incident during the coverage period, private actors’ interests led to the removal of information that was potentially beneficial to the public. In addition, it is estimated that thousands of websites containing content harmful to children have been blocked. The lack of transparency surrounding such censorship practices has raised concerns over the room for abuse, particularly as these actions are usually carried out by private-sector actors with little public oversight.
British law does not provide for blocking or filtering websites, blogs, or any other type of internet communication for the purposes of limiting political and social content. Censorship systems instead focus on extreme pornography, racial hatred, and material that is harmful to children. Politics, foreign news, human rights, and religious content are not blocked. The country’s content regulation policy is generally in line with that of the European Union. Although the United Kingdom also signed the Cybercrime Convention developed by the Council of Europe, it has yet to ratify it.
As Ofcom is not empowered to deal with internet content regulation, self- and co-regulatory initiatives are in place to tackle illegal and harmful material. Britain’s Internet Services Providers’ Association (ISPA) adopted a code of practice in January 1999, which refers to the work of the Internet Watch Foundation (IWF).5 The IWF is responsible for informing all British ISPs of allegedly illegal content, which they are then required to remove from websites, newsgroups, and servers.6 The IWF launched a hotline for reporting illegal material on the internet in December 1996, and the foundation received charitable status in 2005. It is fully funded and supported by British ISPs, which oversee its operation. Members of the ISPA are required to adhere to all IWF procedures. The IWF reportedly orders blocking of some 10,000 web pages from around the world every year,7 and the list can contain between 800 and 1,200 live URLs at any given time.8 Most of the content blocked or taken down includes pornography, particularly involving children, or information inciting racial hatred. Content that involves state secrets or is subject to contempt of court laws is also taken down by ISPs or removed from search engines.
British Telecom (BT) has partnered with the IWF to create the CleanFeed filtering system, which blocks access to any images or websites listed in the IWF database. While British ISPs are under no legal obligation to implement such a system or to monitor their own systems, it is estimated that the country’s largest ISPs were either currently filtering or had plans to begin filtering by the end of 2006.9 Providers can face prosecution if they are found to have had knowledge of illicit material, including defamatory content and terrorist propaganda, but failed to remove it.10
While the IWF’s blocking and removal actions focus mainly on legitimately harmful content, its procedures and policies are not transparent. The blocking criteria lack clarity, and the internal appeal process is inadequate. There is no judicial or governmental oversight of the IWF’s activities, and critics have argued that this leaves the body with too much discretion. In a case that received widespread attention, the IWF in December 2008 added the Wikipedia page devoted to the rock band Scorpions to its blocking list. The page featured an image from the band’s controversial 1976 album, Virgin Killer, which consisted of “a striking photograph of a nude, pre-pubescent girl covered by broken glass.”11 After the image was reported to the IWF, the page—including the text—was blocked through BT’s CleanFeed technology.12 In some cases, British users were temporarily unable to see or edit any Wikipedia content.13 While the IWF subsequently revoked its decision after protests from the Wikimedia Foundation, the act of censorship led the British public to question the IWF’s ability as a private body to both control internet content and obstruct public access.
The Terrorism Act of 2006 contains provisions that criminalize the encouragement of terrorism,14 as well as the dissemination of terrorist publications.15 There are procedures for notification and removal if such activities are carried out over the internet.16 While the content in question may be legitimately harmful, the current policies and legislation have decreased judicial oversight. Any British police officer is empowered to issue the removal notices, though their preferred method is to first use informal requests to service providers. According to the secretary of state for the Home Office, Jacqui Smith, “to date this has proved effective,” but statistics on the number of sites removed through such informal contact are not available.
In a different form of censorship via private actors, economic pressure from powerful individuals has led to the removal of content that the public may have an interest in accessing. In October 2007, an ISP shut down a blog it hosted after lawyers representing Russian-based business magnate Alisher Usmanov, a key shareholder of Arsenal Football Club in the United Kingdom, threatened to sue the provider for defamation if it did not remove certain content from the blog. The site belonged to the former British ambassador to Uzbekistan, Craig Murray, and raised questions about Usmanov’s past, his ties to Uzbekistan’s authoritarian president, and accusations that he had engaged in criminal behavior. When the ISP, Fasthost, deactivated Murray’s blog, however, it also shut down servers hosting a dozen other sites, including the blog of former member of Parliament and now mayor of London Boris Johnson. Murray eventually restarted his blog through another ISP based in the Netherlands.17
Because the IWF has mainly concentrated on the availability of child pornography, users in the United Kingdom continue to enjoy wide access to free or low-cost blogging services, allowing them to express their views on the internet. Users and nongovernmental organizations also employ various forms of online communication to organize political activities, protests, and campaigns. Almost all political and religious views are represented through blogs and popular social-networking sites such as Facebook. Civil society organizations maintain a significant presence online and have used internet platforms to promote various causes, such as the NO2ID (http://www.no2id.net/) campaign to raise awareness on the use of identity cards and the creation of a “database state” in Britain.
Violations of Users’ Rights
Established law provides for freedom of expression in the United Kingdom, and the government generally respects this right in practice. There were no reports of bloggers being arrested during the coverage period, but other infringements on user rights, such as libel tourism and extensive surveillance, remain a concern.
While there is no explicit constitutional protection for freedom of speech, the Human Rights Act of 1998 provided for limited incorporation of the European Convention on Human Rights (ECHR) into the legal system. Therefore, such rights as freedom of expression and privacy are protected under British law. Nevertheless, freedom of expression has been threatened by the growth of libel tourism, whereby litigants from foreign countries use favorable libel laws in the United Kingdom to silence and intimidate journalists and other content producers. This practice has resulted in self-censorship, particularly on issues related to the funding of terrorism. As the law stands, anyone in the world can sue for libel in a British court as long as the material has been accessed in Britain. British judges have accepted lawsuits on this basis even when the number of hits for the online content in question is extremely small and it is available only in a foreign language, or if only several copies of a book have been bought from an online vendor by customers based in the UK. Those accused of libel in such cases are often small, non-British organizations or authors who cannot bear the cost of litigation and find themselves facing powerful foes with no such limitations.18
In 2007, the Ukrainian tycoon Rinat Akhmetov sued several Ukrainian news outlets, including the online Ukranian-language Obozrevatel, under British libel laws, claiming that the organizations had published false allegations against him. A judgment was issued in default, and Obozrevatel was ordered to pay Akhmetov $75,000.19 The Saudi billionaire Sheik Khalid bin Mahfouz has filed more than 30 libel suits in London against authors and publishers in the United States and Europe. Such cases have had a dramatic effect on investigative journalists, researchers, and publishers, who fear expensive litigation and harsh penalties for publishing critical material. Cambridge University Press removed the book Alms for Jihad: Charities and Terrorism in the Islamic World by J. Millard Burr and Robert O. Collins from circulation after the threat of a libel suit by bin Mahfouz.20 Libel tourism not only threatens to suppress public debate on international security issues like terrorism, it may also restrict human rights groups in their reporting, especially when dealing with violent and repressive regimes.
While anonymity in online communication is generally guaranteed, there are some limitations on anonymous expression, especially for mobile-phone users. Customers are not permitted to purchase mobile phones anonymously, and names and addresses are required for prepaid phone services. Internet users can post comments anonymously on various forums, but courts have the power to compel forum operators or ISPs to provide the personal details of those users,21 and ISPs have been ordered to do so in a number of libel cases.22
Encryption technology is allowed in the country, but law enforcement agencies can demand the decryption of data or production of decryption keys under new provisions of the 2000 Regulation of Investigatory Powers Act (RIPA) that took effect on October 1, 2007. The Home Office recently disclosed that eight decryption orders have since been served.23 Of these cases, the two recipients who refused to comply were prosecuted. In October 2008, the Court of Appeal told two men who had been served notices that they could not rely on their right to silence to refuse to give police their decryption keys.24
Concerns about surveillance have grown in recent years, as more data-retention regulations have been imposed on ISPs and the authorities have increasingly used or misused the powers granted under RIPA.25 The law covers the interception of communications; the acquisition of communications data, including billing data; intrusive surveillance, such as on residential premises or in private vehicles; covert surveillance in the course of specific operations; the use of covert human intelligence sources like agents, informants, and undercover officers; and access to encrypted data.
RIPA enables law enforcement, security, and intelligence agencies to track the associations and interests of internet users through their online communications. The law requires that ISPs maintain reasonable interception capabilities, including systems to record internet traffic on a large scale. ISPs generally retain the addresses of an e-mail’s recipient and sender, their digital locations, the subject line of the message, and the time it was sent.26 The sites that users visit and the times when they log on and off are also recorded. ISPs must be capable of carrying out authorized interceptions within one working day of receiving the order.27
In 2007, there were 519,260 requisitions of communications data from telephone companies (including mobile-phone service providers) and ISPs.28 While the specific content of e-mails can only be obtained with a warrant from the home secretary, RIPA does allow government agencies to access communication records for a variety of reasons, from national security to tax collection. Beginning in January 2009, 792 other organizations—including 474 local councils and every National Health Service trust and fire service—will have the ability under RIPA to access internet traffic information, raising privacy concerns. The actual content of communications, however, would still be inaccessible without approval from the home secretary.
Users who suspect that their communications have been intercepted can submit a formal complaint to the Investigatory Powers Tribunal that explains which ECHR right has allegedly been violated. The tribunal investigates the complaints, and the complainants are entitled to representation at any hearing.29 In 2007, the tribunal received 66 complaints. The Office of Surveillance Commissioners oversees the officials who authorize and conduct covert surveillance operations and use human intelligence sources.30 It is tasked with inspecting and reporting operations that fail to comply with RIPA. The commissioners are appointed by the prime minister, but they have nonetheless criticized civil servants for abusing RIPA powers. In 2008, Prime Minister Gordon Brown ordered an inquiry into the rapid increase in the use of RIPA by public authorities.31
Despite these complaint and oversight mechanisms, some cause for concern remains. Interception is never revealed to the subject, which may substantially decrease the chances that the Investigatory Powers Tribunal will be alerted to possible abuse or errors in surveillance procedures. Moreover, RIPA stipulates that the contents of an intercepted communication or any related communications data cannot be used as evidence in court, and they are excluded from legal proceedings.
In addition to RIPA, the Antiterrorism, Crime, and Security Act was passed following the terrorist attacks of September 11, 2001. It also requires ISPs to retain communications data and compensates them for the expenses of doing so. Subscriber information and telephony data is retained for a maximum of 12 months.32 The law allows officers of superintendent or equivalent rank to authorize access to retained data without a judicial or executive warrant, for both national security reasons and minor investigations.33 The retention time of 12 months may increase to 24 months once the European Union’s Data Retention Directive is transposed into British law. While user activities in cybercafés are not subject to monitoring at the point of access, the traffic is recorded as it passes through the ISPs that serve such facilities.
In addition to the current surveillance measures, the government is reportedly planning to introduce a central database for storing the electronic communications traffic data for the country’s entire population. The controversial plans, to be published in early 2009, are part of the Intercept Modernisation Programme established by the Home Office and have already been attacked by civil liberty groups for allegedly laying the foundations of a “Big Brother” police state. The Council of Europe’s commissioner for human rights, Thomas Hammarberg, has said that British proposals for sweeping powers to collect and store data will increase the risk of the violation of individual privacy rights.34
There were no reports during the coverage period of extralegal violence or technical attacks against bloggers or other digital media users, by either state or nonstate actors.
1See generally Ofcom, The Consumer Experience Research Report 08, at
http://www.ofcom.org.uk/research/tce/ce08/, accessed March 30, 2009
2 Deloitte “Total Mobile – The Digital Index” January 2009
3 Deloitte “Total Mobile - The Digital Index” January 2009
6 See section 5 of the ISPA Code of Practice
9 Child Abuse (Internet), House of Commons Hansard Written Answers for 15 May, 2006
10 Section 1, Defamation Act 1996
11 The Observer, “Wikipedia censorship highlights a lingering sting in the tail,” 14 December, 2008
12 The Guardian, “Wikipedia row escalates as internet watchdog considers censoring Amazon US over Scorpions image,”8 December, 2008
14 Terrorism Act 2006 (U.K.), 2006, c. 11, s. 1: “This section applies to a statement that is likely to be understood by some or all of the members of the public to whom it is published as a direct or indirect encouragement or other inducement to them to the commission, preparation or instigation of acts of terrorism….” In July 2007, three men were found guilty and sentenced to a total of 24 years in prison for incitement to commit an offense of terrorism, namely murder, through the internet. Younes Tsouli, Waseem Mughal, and Tariq al-Daour were convicted at Woolwich Crown Court after using websites to incite other Muslims to wage war on nonbelievers. The judge stated that “while some of this material might in future cases properly found a prosecution under those sections of the Terrorism Act 2006 which prohibits conduct which indirectly encourages or glorifies terrorism, much of it went a good deal further than that and amounted to an incitement to commit murder.” See Attorney General’s References (Nos 85, 86 and 87 of 2007) R v Tsouli and others,  EWCA Crim 3300.
15 Ibid., s. 2(2): dissemination of terrorist publications includes: distributing or circulating a terrorist publication; giving, selling, or lending such a publication; offering such a publication for sale or loan; providing a service to others that enables them to obtain, read, listen to or look at such a publication, or to acquire it by means of a gift, sale or loan; transmitting the contents of such a publication electronically.
16 Ibid. ss. 3, 4
18 Al Amoudi v. Brisard  EWHC 1062;  3 All E.R. 294 (QBD).
19 “Writ Large,” The Economist, January 8, 2009, http://www.economist.com/world/international/displaystory.cfm?story_id=12903058, accessed January 2009
20 Chris Walker, “The globalization of censorship,” International Herald Tribune, 11 March 2009
21 Section 35 of the Data Protection Act 35 is used as the legal basis for disclosing the identities of forum users or customers of ISPs.
22 See Totalise plc v Motley Fool Ltd and another, Court of Appeal (Civil Division)  EWCA Civ 1897
23 See RIPA Part III Section 49 Notices, 02 May, 2008, http://cyberlaw.org.uk/2008/05/02/ripa-part-iii-section-49-notices/, accessed March 30, 2009
24 The two men were arrested for helping a third man in a secret house move. The third man was subject to a control order under antiterrorism legislation, which said he could not move house without permission from the authorities. OUT-LAW News, “Court of Appeal orders men to disclose encryption keys.” 16 October, 2008, at <http://www.out-law.com//default.aspx?page=9514>.
25 See generally the Explanatory Notes to Regulation of Investigatory Powers Act at http://www.opsi.gov.uk/acts/acts2000/en/ukpgaen_20000023_en_1, accessed January 2009
26 Guardian “Prying Eyes”
27 Ibid. para 5.
28 Guardian “Regulation of Investigatory Powers Act 2000”
29 Guardian “Security & Privacy”
31 Christopher Hope, “Local Authorities Launched 10,000 Snooping Operations Last Year,” July 23, 2008, http://www.telegraph.co.uk/news/uknews/2446314/Local-authorities-launched-10000-snooping-operations-last-year.html, accessed March 30, 2009
32 A maximum period of six months is required for e-mail data, ISP data, SMS, EMS, and MMS data. On the other hand the draft code requires a maximum retention period of four days for web activity logs. See Home Office, Consultation paper on a code of practice for voluntary retention of communications data, at http://www.homeoffice.gov.uk/docs/vol_retention.pdf, 2003, Annex A, Appendix A for further technical details.
33 Guardian “Prying Eyes”
34 Verkaik, R., “UK’s database plan condemned by Europe.” The Independent, 31 December 2008