Skip to Main Content
The Liability of Internet Intermediaries The Liability of Internet Intermediaries


The Liability of Internet Intermediaries The Liability of Internet Intermediaries

Internet intermediaries 2.03


Terminology 2.04


Information society service providers 2.14


Judicial definitions 2.19


An overview of internet architecture 2.24


The layers principle 2.27


The end-to-end principle 2.34


The generativity principle 2.38


A taxonomy of internet intermediaries 2.40


Physical layer services 2.44


Network layer services 2.46


Application layer services 2.57


Offline intermediaries 2.87


Postal services 2.89


Carriers 2.95


Highway and canal authorities 2.101


Utilities 2.102

2.01  Overview. This chapter introduces the concept of an internet intermediary and situates their activities within the layered, modular network architecture of the internet. The services considered in this work take many forms, ranging from operators of network equipment to administrators of bulletin boards. Not all providers of internet services are properly described as ‘intermediaries’ as such, and are not necessarily to be treated comparably. Services may consist of different activities or contribute in different ways to wrongdoing. Some entities supply many distinct services which vary in their complexity, control, mental state, and degree of passivity. This makes it crucial to describe these activities accurately and with precision. As Arnold J has explained in the context of blocking injunctions, when considering questions of intermediary liability ‘it is important to consider the nature of the infringing act and its relationship with the service in question’.1

2.02  Taxonomy. This chapter explains the basic technology and activities of the main internet intermediaries considered in this work. To do so, it proposes a detailed taxonomy of internet services which classifies their technical activities into the physical, network, and application layers. It is suggested that this taxonomy offers a technically accurate and architecturally aware description of what each service does and how that function may be implicated in wrongdoing. That description, it is hoped, will enable more nuanced conceptions of their causative relationship to harm and the circumstances in which they may face primary or secondary liability.

2.03  Definition of an ‘intermediary’. This work uses the terminology of ‘internet intermediaries’ in preference to other concepts, such as ‘information society service providers’. It is helpful to begin by considering what exactly an internet intermediary does and how they may differ from other types of defendants. This section briefly explains the choice of terminology and analyses definitions from case law and legislation. It is suggested that internet intermediaries are united by the attribute that they are necessary but insufficient causes when online wrongdoers utilise their services or status to cause harm to others.

2.04  Fragmentation of terminology. The terminology applied to discussions of internet liability is fragmented and contested. Some writers refer to ‘secondary’2 or ‘intermediary’ liability; others distinguish between ‘accessories’3 and ‘primary’ or ‘direct’ wrongdoers. The problem with such terminology is that not all liability of internet intermediaries is secondary, not all internet services are intermediaries or accessories, and not all wrongdoing is of the same kind. Still others speak in terms of ‘service providers’, but this term is so general that it describes almost any commercial entity.

2.05  EU law concepts. The term ‘information society service provider’ is an autonomous concept of EU law which describes a specific class of regulated entities.4 Service providers may enjoy the benefit of safe harbours in respect of certain protected activities, but the definition is both too broad and too narrow. It is too broad because not all service providers are intermediaries (eg website operators who author and publish articles themselves). It is too narrow because there are conceivably internet services that do not fall within the definition, perhaps because they are not supplied at a distance or ordinarily for remuneration. The concept of an information society service provider is discussed further in chapter 12.5

2.06  Relationship between ‘intermediaries’ and ‘service providers’. A further difficulty is that the relationship between an information society service provider and an intermediary is not clearly defined in EU law. It appears that ‘internet intermediaries’ are a sub-category of information society service providers whose activities fall within the hosting, caching, or mere conduit safe harbours. For example, the Court of Justice referred in Papasavvas to an ‘“intermediary service provider” within the meaning of Articles 12 to 14 of Directive 2000/31’.6 It is submitted that the obvious difficulty with this approach is that an internet intermediary may carry on multiple (or hybrid) activities, some of which fall within a safe harbour and some of which do not. Further, it is possible that some ‘intermediaries’ may not be ‘internet intermediaries’.

2.07  Platforms. EU law appears to recognise that not all information society service providers are the same. The European Commission has proposed a sub-category of service provider which is termed an ‘online platform’. Platforms provide information society services to multiple user groups (eg uploaders of photographs and viewers of photographs), and were defined in a 2015 consultation as follows:

‘Online platform’ refers to an undertaking operating in two (or multi)-sided markets, which uses the Internet to enable interactions between two or more distinct but interdependent groups of users so as to generate value for at least one of the groups. Certain platforms also qualify as Intermediary service providers.

Typical examples include general internet search engines (eg Google, Bing), specialised search tools (eg Google Shopping, Kelkoo, Twenga, Google Local, TripAdvisor, Yelp), location-based business directories or some maps (eg Google or Bing Maps), news aggregators (eg Google News), online market places (eg Amazon, eBay, Allegro,, audio-visual and music platforms (eg Deezer, Spotify, Netflix, Canal play, Apple TV), video sharing platforms (eg YouTube, Dailymotion), payment systems (eg PayPal, Apple Pay), social networks (eg Facebook, Linkedin, Twitter, Tuenti), app stores (eg Apple App Store, Google Play) or collaborative economy platforms (eg AirBnB, Uber, Taskrabbit, Bla-bla car). Internet access providers fall outside the scope of this definition.7

This definition indicates that some, but not all, platforms may be intermediaries. It may be more accurate to say that some, but not all, activities of a platform may fall within the scope of a safe harbour. That is the approach that will be taken in this work.

2.08  Neutrality of terminology. This work prefers the term ‘internet intermediary’ for several reasons. First, it is neutral. It reflects the fact that some services may be intermediaries properly called, while others may act as primary authors or intervene in wrongdoing in deliberate and calculated ways. Internet intermediaries exist on a spectrum ranging from absolute passivity to direct action. However, this work is not concerned with ‘offline’ intermediaries, who do not use internet technology to deliver their services.8

2.09  Adaptability of terminology. Second, the term ‘internet intermediaries’ is broad and adaptable enough that its boundaries and membership may continue to expand with changes in technology. It seeks to strike a balance between being unhelpfully abstract and prematurely redundant.

2.10  Alternatives. Third, it is better than the alternatives. Other terms are imperfect synonyms which have a tendency to mislead or suggest conclusions regarding the very liability that is in issue. For example, ‘mere conduits’, ‘accessory’, and ‘participatory’ parties express value judgments about the causal contribution and mental state of a party. The substitution of taxonomically indistinct sub-categories is also unhelpful, such as ‘internet service providers’,9 ‘facilitators’,10 ‘enablers’,11 ‘vicarious infringers’,12 and ‘joint tortfeasors’.13 Internet intermediaries may enable or they may not; they may act vicariously or directly, and so on.

2.11  Why terminology matters. Advocates, judges, and legislators often use different terms to achieve particular rhetorical effects. Some descriptions suggest inherent neutrality (eg ‘conduit’ or ‘pipe’), while others (‘gatekeeper’, ‘accessory party’, or ‘platform operator’) suggest participation or control. These labels are deliberately chosen and ‘carefully massaged so as to have particular resonance for particular audiences’.14 This risk is particularly acute for internet intermediaries, which are variously described in ways that reflect the competing ideologies of civil libertarians, right-holders, regulators, and technocrats.

2.12  Ambiguity. The term internet intermediary is thus an unhappy abstraction. These words must be used to describe many entities which seem to share little in common, other than activity that uses electronic computer networks. Their ambiguity arises partly from the fact that they lack an obvious correspondence to tangible facts or human experiences.15 They are a genus whose many members’ common features have never been systemically identified. These difficulties partly explain their tendency to elude precise definition.

2.13  OECD definition. The Organisation for Economic Co-operation and Development (‘OECD’) proposes a more specific, category-based definition framed in terms of facilitation by intermediaries:

‘Internet intermediaries’ bring together or facilitate transactions between third parties on the Internet. They give access to, host, transmit and index content, products and services originated by third parties on the Internet or provide Internet-based services to third parties.16

The OECD definition delineates six sub-categories: (1) access providers; (2) hosts and registrars; (3) search engines and portals; (4) e-commerce platforms; (5) payment systems; and (6) participative networking platforms. It also distinguishes ‘pure’ intermediaries (which deal with third party content, goods, and services) from those that publish their own content and sell their own goods.

2.14  EU definition. The Electronic Commerce (EC Directive) Regulations 2002 (UK) (‘2002 Regulations’) transpose the provisions of the E-Commerce Directive17 into United Kingdom law. The 2002 Regulations define the concept of an ‘information society service provider’ as follows:18  

any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.19

2.15  Elements. This definition is discussed in detail in chapter 12.20 Briefly, three elements merit attention. First, subject to the requirement that services are delivered electronically and remotely, the definition is technology-neutral. Almost any economic activity occurring via the internet is included, by any natural or legal person.21 Second, services must be requested by a user; the service provider cannot be a broadcaster that determines when and what transmissions occur. Third, the service must be normally provided for remuneration. In practice, this will include almost any commercial service, even if remuneration is not supplied by the immediate recipient (eg a search engine). This excludes personal email communications between individuals,22 but is otherwise interpreted broadly; the activity must simply form part of some genuine economic enterprise.23

2.16  Scope of the EU law definition. This definition is narrower than the general class of internet services at large because it only applies to economic operators and not purely non-commercial activities. The relationship between a service provider and an intermediary is somewhat unclear, but in the E-Commerce Directive the former appears to be the wider category. Recital (4) of the Directive refers to ‘service providers acting as intermediaries’, in that their activities are ‘of a mere technical, automatic and passive nature’.24 These requirements reflect the traditional view of an intermediary as a conduit facilitator. They suggest that not all service providers are ‘intermediaries’, and not all internet services are ‘service providers’ under the 2002 Regulations.

2.17  Transposition in the United Kingdom. The EU definition of ‘information society service provider’ is adopted by other domestic legislation and statutory instruments.25 Most importantly, section 97A of the Copyright, Designs and Patents Act 1988 provides for injunctions against a ‘service provider’. That term is given the same definition as in the 2002 Regulations: ‘any person providing an information society service’.26

2.18  References to ‘intermediaries’ in EU law. The Information Society Directive refers in two places to intermediaries without definition.27 First, recital (33) refers to liability for network transmissions made ‘by an intermediary’ on behalf of third parties. Second, recital (59) refers to intermediaries as parties who may be ‘best placed’ to bring infringing activities to an end:

In the digital environment, in particular, the services of intermediaries may increasingly be used by third parties for infringing activities. In many cases such intermediaries are best placed to bring such infringing activities to an end. Therefore, without prejudice to any other sanctions and remedies available, rightholders should have the possibility of applying for an injunction against an intermediary who carries a third party’s infringement of a protected work or other subject-matter in a network.

These definitions suggest a conception of intermediaries in EU law which is based on the concept of a least-cost avoider.28 However, they appear to recognise that an intermediary will not always be the most efficient source of a remedy, though in ‘many cases’ that will be so. Finally, the Enforcement Directive likewise refers to ‘intermediaries’ in the context of injunctive relief, and again does not define the term.29

2.19  Technical descriptions. No comprehensive definition of an internet intermediary can be found in English or EU case law. Some descriptions are purely technical. In one case, Kitchin J described the ‘intermediate computer servers between a web-server and the computer running a web-browser used by an end-user’.30 In another case, Morritt C referred compendiously to processes undertaken ‘in a network between third parties by an intermediary, typically an internet service provider.’31 Of course, the class of entities providing internet services is far wider than ISPs in the traditional sense of access providers.

2.20  Metaphor. Other descriptions are characterised by the use of examples and metaphor. Eady J has compared internet intermediaries to the postal service,32 which are both ‘simply conduits, or facilitators, enabling messages to be carried from one person, or one computer, to another’.33 However, in a website blocking case considered in chapter 14, Arnold J rejected an analogy between ‘an intermediary provider, such as an ISP’ and the postal service, and expressed doubts about whether analogies ‘are helpful in this context’.34 Despite such warnings, analogies and metaphors continue to be used. Partly this reflects the need, identified by HHJ Parkes QC, to adapt established principles to new situations involving ‘internet entities’ and their ‘radically novel platforms’.35

2.21  The ‘mere’ intermediary. Internet services are sometimes described in terms which suggest a lower degree of responsibility. For example, the Belgian Cour d’appel has explained that the public ‘knows that eBay is only an intermediary’.36 Similarly, where an infringing keyword advertisement is placed on a search engine, that conduct is only ‘carried out by Google as an intermediary’ on the instructions of the advertiser ‘rather than by Google’.37 Conversely, Kitchin J rejected one defendant’s characterisation of its service as ‘merely acting as an intermediary’ by supplying hyperlinks to infringing material.38 Common to these cases is a perception that true intermediaries are not primary wrongdoers. Thus, in L’Oréal SA v eBay International AG Arnold J described the question as when ‘an injunction [may issue] against an intermediary who is not an infringer’.39

2.22  Intermediaries as facilitators. Similarly, the CJEU has described ‘intermediaries, such as ISPs, whose services are being used by a third party to infringe their rights’.40 A more granular description was given of ISPs, which could be ‘intermediaries’ because ‘those access providers supply the user with the connection enabling [primary wrongdoing]’, and lack control over users’ conduct.41 In eBay (CJEU), the Advocate General gave as examples of intermediaries: ‘distributors, brokers, auction houses, flea markets and real estate agents’.42 The Court adopted a negative definition, concluding that a service provider will not act as an intermediary sensu stricto if:

instead of confining itself to providing that service neutrally by a merely technical and automatic processing of the data provided by its customers, [it] plays an active role of such a kind as to give it knowledge of, or control over, those data . . .43

2.23  Passivity of intermediaries. A similar definition was adopted by the Court of Justice in Google France in the context of search engines.44 In the Court’s view, intermediaries must be passive. Passivity is lost if they consciously assist users to create or promote particular content, since this would involve abandoning a ‘neutral position’ and instead playing ‘an active role’ in a transaction which conferred actual knowledge or control. This description suggests that many internet services will act as intermediaries who are neutral and passive about the content they store or transmit, but it fails to supply an all-encompassing definition.

2.24  The internet. The internet45 is a global network of computer networks which support communications services using the Internet Protocol (‘IP’).46 Although this amalgam resembles a public and externally monolithic network, in reality it comprises a heterogeneous set of interconnected private networks which are mostly decentralised and independently controlled.

2.25  Architecture. Interconnection is possible due to the adoption of common standards, protocols, and architectures by firms investing in network infrastructure, and via interconnection and peering agreements which enable data packets to traverse between networks. The internet is fundamentally an agreement to interconnect using an evolving set of technical protocols, which enable universal delivery of data across the network.47

On this view, the internet of physical devices, cables, and machines is a mirage. Instead the internet reflects a set of conventions and practices by which different networked systems can communicate. Some are contractually enforceable—through service level, transit, peering and multi-homing agreements—but others exist only as a delicate and inherently vulnerable cooperative amalgam,48 which collectively we can term the internet’s architecture.

2.26  Importance of architecture. This section introduces three fundamental properties of internet architecture. A proper understanding of internet architecture is important because it informs our analysis of liability rules in three ways. First, architecture supplies a vocabulary with which to describe the technical functions of internet intermediaries and precisely define their contributions to wrongdoing. Second, architectural choices set limits on those services’ ability to control information, and indirectly regulate the behaviour of tortfeasors and claimants. In short, architecture imposes de facto network rules upon all internet intermediaries. Third, architecture is intrinsic to the internet’s growth, innovation, and low entry costs. If these properties are to be preserved, liability rules should respect and preserve architecture rather than interfere with it.

2.27  Definition of layers. Layering is the most basic feature of a communications network. This involves arranging its functions into a hierarchy of self-contained modules separated by logical boundaries.49 Users and services at higher network layers can access content without understanding the technical details of its delivery because those details are abstracted and hidden in lower layers. This allows network operators to alter the functionality of particular network layers without affecting other parts of the system.

2.28  Traditional layers. Network layers are abstractions derived from the Open Systems Interconnection (‘OSI’) model, which describes the underlying architecture of a communications network as a stack comprising seven independent layers.50 Each layer performs a technical function upon which higher layers rely. Under the traditional model, there are seven layers:


Physical layer. The lowest, foundational layer is termed the physical layer, which controls units of electrical hardware used in a network node or transmission link.


Data link layer. The second layer supplies an addressing system for accessing data stored in the physical layer and correcting transmission errors.


Network layer. The third layer, termed the network layer, routes sequences of data which are sub-divided into units of data called ‘packets’ and sent along a transport link between nodes in the network.


Transport layer. The fourth layer provides end-to-end transmission of a message from source to destination according to an agreed protocol, such as TCP/IP.


Session layer. This layer manages connections between remote hosts which are structured into groups of transmissions known as sessions.


Presentation layer. The presentation layer translates data into the required format, such as by applying encryption or decryption.


Application layer. The application layer provides a visible service for accessing network resources, such as Hypertext Transfer Protocol (‘HTTP’) (web), File Transfer Protocol (‘FTP’) (file transmission), and Simple Mail Transfer Protocol (‘SMTP’) (email).

2.29  Simplified model. Viewed at a high level, network layers progressively increase in complexity, functionality, and familiarity. For the purposes of this work, a slightly simplified grouping is used:


Physical layers: hardware, cables, and equipment which store and transmit data;


Network layers: the routing and transport protocols which interpret and route data for higher-level applications, but which do not inspect or modify data; and


Application layers: the protocols, applications, and front-end software which receive and present data to end users.

2.30  Content layer. Above all the functional layers of a network sits the content layer, which contains the semantic payload of a communication (in other words, the human-readable message). In simpler network models, the network and application layers are sometimes abstracted into a single ‘logical’ or ‘code’ layer.51

2.31  Overview. One important consequence of layering is that individual layers do not need to understand the data passed to them by other layers. Instead, received data are preserved naively via a process called ‘encapsulation’, in which the payload from a higher layer is packaged into a unit of data compatible with the lower layers comprising a header and the original payload data. Sometimes the design of lower layers will require large higher layer payloads to be split into multiple datagrams. When data are received at their destination host, each layer verifies the datagrams then strips out the header information, passing up the payload to the next layer. This process repeats until the application receives the original message. Datagrams are treated as a pure stream of unrecognised data by lower layers.

2.32  Purpose of encapsulation. Because the payload of received datagrams does not need to be understood by every layer, encapsulation allows packets to be transmitted regardless of the type of underlying computer hardware or network configuration. That suggests a second normative consequence: services at lower layers cannot, by design, understand or alter the payload of higher-layer communications data, and should not violate layer integrity by being required to do so.

2.33  Abstraction using layers. The purpose of OSI architecture is to group similar network functions together while separating and hiding the details of dissimilar functions. This makes it easier to design efficient multi-purpose networks, achieve standardisation and systems interoperability, and redesign independent sub-components.52 Layers are intrinsic to the internet’s extraordinary growth and adaptability.53 Indeed, they form the basic building blocks of the internet.

2.34  Definition. In its traditional form, the end-to-end principle requires that application-layer network functions be maintained at the edges or ‘ends’ of the network, rather than in interior nodes or lower layers.54 It is a ‘guiding normative principle’ of network organisation,55 which requires specialised functionality to be situated at the points where users input and receive data to and from the network. Interior points consist solely of generic or ‘dumb’ (and therefore interoperable) transmitters, which forward packets without asking why. Put differently, the job of the interior network is simply to carry traffic, while the ends perform computations, interpretation, and other functions on the data being transmitted—they supply specific services, such as the World Wide Web, email, and video conferencing.

2.35  Purpose of end-to-end network design. This design minimalism was intentional:56 it offers flexibility, scalability, and interoperability regardless of interior network design. While these objectives are widely shared, their political impacts are more contentious: an end-to-end network makes it both difficult and easy to conduct surveillance during transmission (difficult because intervening systems are not easily able to control or monitor traffic, easy because those systems do not guarantee any transmission security), but generally harder to block specific content from reaching the edges.

2.36  Network neutrality. The end-to-end principle also has economic consequences if traffic must be treated equally; that is to say, transmitted without regard to its source or content (sometimes described as ‘network neutrality’).57 Mandatory neutrality lowers the barriers to entry, reduces the cost of infrastructure, and enables innovation by new entrants,58 thereby reducing the power of incumbents. However, most networks do not respect absolute neutrality; for example, it may be desirable to prioritise or manage certain network traffic.

2.37  Benefits of end-to-end design. End-to-end was, in various forms, a basic organising principle of the early internet.59 Although it has been weakened with the development of more complex network topologies, packet inspection and Quality of Service (‘QoS’), it remains a core architectural value. The consequence of end-to-end is that most functionality visible to users is achieved at the application layer. Software innovation is decentralised because it occurs at the edges of networks, proximate to content rather than infrastructure. Network hardware innovation is, by contrast, largely centralised. Many of the economic and social benefits created by internet services are by-products of end-to-end architecture, since it reduces coordination costs between multiple innovators to a level roughly equivalent to an integrated firm.60 Indeed, some argue that without end-to-end, most software innovation would have been impossible.61

2.38  Definition. The internet is designed to enable almost any type of network and device to interconnect. Using standard components, anyone can assemble a machine able to transfer data to and from all other devices on all other networks. These machines have been used by communities of decentralised innovators to produce software capable of performing almost any function, which can in turn be used to send and receive content without knowing precisely how the underlying modules work. This openness and non-discrimination is sometimes called ‘generativity’: the property of a technology which can ‘produce unprompted change driven by large, varied, and uncoordinated audiences.’62 Such user-driven change enables innovation and makes more useful, adaptable, and powerful technology.

2.39  Generativity and network effects. Generativity comprises four elements: capacity for leverage (making difficult tasks easier); adaptability (breadth of possible uses); ease of mastery (skill required to make transformative modifications); and accessibility (cost of producing derivative innovations). The internet exemplifies these qualities: it reduces the costs of content creation and dissemination; it is adaptable to almost any purpose involving data; its use of encapsulation means it is easy for users to master creation in the content and application layers; and its barriers to entry are low, since anyone can develop and receive new edge functionality without needing permission. In short, the internet’s adaptability and growth reflect the power of layered network effects.

2.40  Overview. This section proposes a taxonomy of internet intermediaries which is structured according to the network layer model. An accurate understanding of liability depends on more than simply classifying a service provider’s activities into the limited buckets specified in the E-Commerce Directive and elsewhere. It requires precise identification of how a party’s technology has been used for wrongdoing and where that technology fits within the internet’s architecture.63 This functional approach reflects the complex layering of responsibilities produced by the interposition of internet services between uploaders and recipients of digital information.

2.41  Purposes of taxonomy. The taxonomic exercise serves two purposes. First, it supplies a useful structure for analysing liability in this work, on the assumption that different considerations arise when different functions are supplied to wrongdoers. Grouping services that facilitate by different means may misunderstand their contributions to wrongdoing and lead to the wrong liability standard being applied. By adding a second dimension of classification, we

introduce a richer vocabulary for describing intermediaries and identifying their relationship to primary wrongs. Second, this section introduces the basics of internet technology and illustrates the full spectrum of services—not just the classical trinity of ISPs, hosts, and search engines—which may act as intermediaries. The overall structure is illustrated in Figure 2.1.

Internet intermediaries as layered services
Figure 2.1

Internet intermediaries as layered services

2.42  Taxonomic evolution. Several limitations of the network layer approach should be borne in mind. First, the boundaries of services within each layer are fluid, and a single service may fit into multiple categories simultaneously; for example, many application-layer platforms are also gateways. Entire categories may appear or disappear as technology and consumer needs evolve (consider the supplanting of human-edited directories by algorithmically indexed search engines). However, by being based on network architecture, this taxonomy is flexible and capable of adaptation.

2.43  Overlapping service providers. Second, a single natural or legal person can supply services at multiple layers simultaneously; it can be commercially artificial to separate vertically integrated entities (such as Google and Facebook), which we think of as homogeneous services, into their constituent functions at each layer. Finally, certain related entities are necessarily grouped together in the same layer despite subtle differences in their functions; this improves clarity but comes at the expense of taxonomic precision. The following sections provide non-exhaustive examples at each layer.

2.44  Transmission intermediaries. Physical layer services deal in the medium of transmission and storage. They provide the basic connectivity necessary for communication—typically a modem, Ethernet interface, wireless access point, optic fibre, or secondary storage device. Three main sub-categories exist:


First, hardware controllers own or operate the physical equipment used in network backbones, servers and access points.


Second, network operations centres own the physical environment in which hardware is stored and operated, and supply secondary resources such as electricity and connectivity.


Third, hardware vendors build the physical equipment—cables, microprocessors, pre-assembled computers and their components—and may supply configuration and support services.

2.45  Lack of control. Because the physical layer is designed to be separable from higher layers, these parties rarely exercise control over content. Hardware design can place constraints on functionality—for example, by restricting the applications which can be executed on a particular device, or hard-coding technical protection measures. However, in most cases physical layer equipment is simply incapable of inspecting the contents of datagrams transmitted via their network interfaces. For this reason, physical layer services are very rarely involved in disputes over liability for content because they are simply too remote from the nexus of wrongdoing. Conversely, they are more commonly involved in contractual disputes over infrastructure and hardware, service levels, data breaches, and peering.

2.46  Overview. Network layer services route data packets between IP addresses on the internet and supply ancillary services. Five distinct sub-classes can be distinguished.

2.47  Definition of ISP. The first class of network layer service is an internet service provider (‘ISP’), which connects its subscribers to the internet by supplying telecommunications facilities and access equipment, such as modems and subscriber lines. When a subscriber requests or publishes content on a third party website, the packets pass through the ISP’s network and are relayed to the remote host, which transports the response back to the subscriber.64 ISPs regulate their relationship with subscribers by contract, often placing limits on the volume of data which may be downloaded, permitted uses of the connection, and the types of content which may be received and transmitted.

2.48  Deep packet inspection. Although ISPs do not normally filter or examine transmitted data, they sometimes use deep packet inspection (‘DPI’) technology for network management and website blocking purposes. Most impose contractual terms which prohibit the use of their services to publish or access tortious content.65

2.49  Mobile network operators.Mobile network operators are a distinct sub-class of ISP which supply wireless connectivity to subscribers of a mobile telecommunications network. Like fixed line ISPs, mobile carriers regulate their relationships with subscribers contractually.

2.50  Hosting services. The second sub-class of network layer service is a host, which supplies storage and transmission facilities that allow hosed services to be accessed by other internet users.66 Typically, customers lease an agreed allotment of resources measured by storage space and transmission volume. Some hosts permit this to be done anonymously. The relationship between hosts and their customers is primarily regulated by contract. Almost all conditions of service prohibit the publication of defamatory, copyright-infringing, and other tortious content.67

2.51  Cloud services. Third, cloud service providers offer remote computational and storage services for on-demand access at network edges.68 Services such as content distribution networks, webmail, document retrieval, customer and project management, media streaming, and databases are increasingly delivered via cloud infrastructure. Like mainframe computers, cloud services offer better, cheaper functionality by exploiting economies of scale; however, unlike traditional mainframes, cloud services tend to use distributed, scalable, and modular architecture. They often act as both network and application-layer services, as in the case of Apple iCloud, Dropbox, and Google Drive.

2.52  DNS. Fourth, domain name controllers administer the Domain Name System (‘DNS’), which is responsible for translating human-friendly domain names, such as, into the IP address of the corresponding server, namely Besides convenience, domain names ensure stability by allowing application-layer services to shift locations on a network without requiring addresses to be updated.70

2.53  Namespaces. The Domain Name System is sub-divided hierarchically into a number of namespaces, which define different domain name suffixes. The highest namespace is known as the ‘root’ (or ‘.’) namespace. Below that sit top-level domain (‘TLD’) namespaces, such as .com and .net. There are also a large number of geographical country-code TLDs (such as .uk and .au) and second-level domains (such as and Recently, ICANN has begun accepting applications for new generic TLDs (‘gTLDs’), such as .london and .lawyer. These are discussed further in chapter 7.71

2.54  Domain name registries. Of particular relevance are registry operators, which control the registration and resolution of domain names within a particular namespace. Registries determine the eligibility of registrants for domain names, operate authoritative nameservers, and maintain data about registrants in a database (known as the WHOIS database).72 Second-level domain registry operators perform a similar function in relation to country-specific (‘2LD’) namespaces, such as Nominet (.uk).

2.55  Domain name registrars. Registries are to be distinguished from domain name registrars, who accept applications for the registration or renewal of particular domain names (such as from registrants. In doing so, they collect personal information from registrants and process the creation and renewal of the licences necessary to use the relevant domain name. Such a registration creates a contract between the registrant and the registrar, and results in DNS zone entries being created for the domain name in the registry servers that administer the relevant namespace.

2.56  Signed certificates. Finally, certificate authorities issue public keys for use in asymmetric cryptography. This involves verifying the identity of key recipients, who typically supply application-layer services.73 Most signed certificates are accompanied by contractual indemnities for loss arising from malicious decryption or fraud.74 It is also possible for services or individuals to issue ‘self-signed’ certificates, which are public keys without the benefit of the identity verification and checks carried out by a certificate authority. Self-signed keys are just as effective in cryptographic terms, but cause most modern web browsers to display a security warning.

2.57  Overview. The application layer is by far the most diverse. This is where content is transacted, having been encoded, sent, transmitted, received, and decoded by lower layers. Protocols such as HTTP, client software like Mozilla Firefox, and web services including Google, Facebook, and YouTube all provide services at the application layer. They operate closest to end-users and exercise the most direct control over application content. Although it is possible to classify application-layer services in various ways, three main sub-classes are proposed here.

2.58  User-created content. The most common targets of liability are operators of platforms, typically websites, that display materials authored by their visitors—so-called ‘user-created content’.75 Such content covers a wide spectrum of material,76 including: text postings, such as reviews and comments; multimedia, such as photographs and videos; metadata, such as tags, votes, and location information; and ancillary functionality, such as applications, plug-ins, and ‘mashups’, often using an application programming interface (‘API’). Collectively, these are common features of ‘web 2.0’ services.77 User-created content is now pervasive.

2.59  Content moderation. Alive to the risk of tortious or inappropriate content, many platform operators have deployed moderation systems for the detection and removal of undesirable materials. Techniques for moderation fall into three main categories:


pre-publication approval, which involves manual review of submissions before publication;


post-publication removal, using community moderation or content flagging; and


automated content filtering, which uses probabilistic pattern analysis to determine the degree to which content is similar to a supplied training data-set of material known to be harmful.

2.60  Algorithmic and community moderation. Although pre-publication methods are usually more accurate and complete than automated or flagged moderation, they are costly and delay postings in a moderation queue for hours or days.78 Accordingly, very few platforms use them, though an increasing number require users to identify themselves by signing in with an identity provider such as Facebook or Google. Many platforms also rely upon voluntary reporting and community peer review.79 A smaller number of platforms, such as YouTube and SoundCloud, deploy sophisticated matching databases which are designed to interdict the upload of files that incorporate copyright works.80

2.61 The web permits a variety of human interactions via social platforms tailored to the personal, professional, romantic, or other interests of their users. Although the methods and capabilities of each social platform vary considerably, most publish user-created content to a group of users who are connected by common friendship, interests, or community.81 Three main sub-classes exist: (1) generalist networks, such as Facebook, Twitter, and Google+, which organise text and multimedia across undifferentiated social graphs; (2) geographic networks, such as Foursquare, which appeal to users in particular regions or based on physical proximity; and (3) thematic networks, which cater to specific demographics and interests, such as LinkedIn (professionals), (academics), and Mendeley (authors). Social networking is popular, with 66 per cent of United Kingdom internet users holding at least one account.82

2.62  Functions of social networks. Social network services perform several functions which equip them as influential application-layer regulators. First, they are identity providers, allowing users to authenticate around the web using a single account. Second, they collect and monetise users’ activities and personal information for targeted advertising, which makes such networks powerful gatekeepers of privacy and law enforcement.83 Third, much of what is said and read about individuals online occurs on social networks. In the reputation economy, social networks are the dominant treasury. Finally, many social network services employ staff to moderate suspicious or flagged content.84 Such moderation is imperfect, and incidents of online harassment and bullying are well documented.85

2.63 File repositories (also known as ‘cyber-lockers’ and ‘cloud storage’) are web-based services that allow users to upload digital files for personal storage. They provide an application-layer interface to a host under their control, to which files can be uploaded using a web browser. Examples include personal backup services such as Dropbox and one-click sharing services such as RapidShare and MegaUpload. Repositories are usually content-agnostic by design, but are the most popular sources of copyright-infringing content86 and account for large volumes of internet traffic.87

2.64 Platforms such as YouTube, Instagram, Flickr, and SoundCloud allow their members to upload videos, images, or music in permitted file formats. Other members can typically post comments—on some platforms, ‘notorious’ for their low quality88—and ratings. Most platforms adopt community policies which restrict the permitted types of content and normally remove content or comments which breach those policies using post-moderation and community flagging.

2.65  Automated content moderation. Some platforms, such as YouTube, also use an algorithmic method known as ‘Content ID’ to identify copyright works contained in users’ videos by matching them against a database of known works supplied by content owners. If a match is detected, copyright owners have the choice of removing the video, receiving a percentage of advertising revenues generated by its display, or monitoring traffic.89 Although this system occasionally produces false positives and fails to consider legal subtleties such as subsistence and defences, it is generally regarded as a gold standard in automated content moderation.90 However, a certain level of tortious content is inevitable; one claimant alleged that 150,000 of its videos had been uploaded to YouTube without authorisation.91

2.66  Other kinds of platforms. The platform ecosystem is extremely diverse. Other media platforms link to live streaming feeds for television, sporting, and musical events. Finally, some platforms are oriented around the concept of ‘social curation’, whereby users repost existing third party content. Pinterest, for example, encourages users to ‘pin’ items of interest to its social bulletin board, which displays images of the items sourced from third parties.92

2.67 Publishing services provide an interface for individuals to publish documents. First, blogging services, such as Google’s, WordPress, and Medium, form part of the so-called ‘blogosphere’—the tightly interlinked region of the web in which most amateur self-publishing occurs. These services host publications authored by their users. They may also enable the aggregation of postings into feeds of material based on its popularity or relevance, using automated classification, community curation, tag metadata, and other techniques.

2.68  Discussion fora. Second, discussion fora allow users to post messages in threaded topics which are visible to other members (and often the general public). Most fora employ a combination of community flagging and self-regulation by deputised forum moderators.

2.69  Document hosting platforms. Third, document repositories such as Scribd allow their users to upload hosted text documents for public dissemination. This category may also encompass hosted databases and research tools which aggregate third parties’ content, though such tools rarely allow users to upload material.

2.70  Hosted comment services. Finally, comment and reputation tools such as Disqus provide centralised moderation and comment-hosting tools to blogs and other websites.93

2.71 Location services provide data based on the user’s location or other geographical data. First, local directories and review websites such as Yelp, TripAdvisor, and Google Maps connect reputational information to specific geographic locations (mainly restaurants, hotels, and tourist attractions). Second, planning and itinerary services such as TripIt and WorldMate aggregate users’ bookings and other travel content. Third, social location services such as Foursquare allow their users to ‘check-in’ to venues, displaying relevant information and location-aware advertising.

2.72 Gaming platforms mediate the delivery and consumption of electronic video games for personal entertainment. For example, virtual world operators supply the software, content, and infrastructure that enable ‘massively multiplayer online’ games to function. The most prominent example is World of Warcraft, which has boasted as many as 10.2 million subscribers94 who connect to a network of around 20,000 computers housing 1.3 petabytes of storage.95 Smaller game developers such as Zynga create software for social networks or smartphones,96 while gaming content distributors such as Steam sell and distribute third parties’ gaming software.97 Secondary platforms such as Twitch provide live-streaming of in-game footage authorised for broadcast by gamers.98

2.73  Functions of gateways. Gateways collate, index, and distribute hyperlinks to third parties’ internet content. Search engines, portals, directories, and RSS are the most common examples. While these services employ various means to locate and rank relevant material, they are united by their reliance upon automated tools and algorithms to parse, store, and query large volumes of data authored by others.

2.74  Search engines. The most significant example of a gateway is a search engine, which aggregates content into a searchable index. Content aggregation by search engines usually involves three distinct phases:


crawling: data are gathered by means of an artificial computerised agent (a ‘robot’) that recursively browses hyperlinks on the web and extracts page content;


indexing: extracted page content is added to a database called an index which stores instances of keywords and performs automated data analysis to determine authoritativeness and extract structured data; and


retrieval: when a query is received, relevant pages in the index are identified, ranked, and presented to the user.

2.75  Snippets in search results. Most aggregators include a brief extract or ‘snippet’ of the information alongside each result, which automatically repeats information from the source webpage using a combination of meta tags, keyword matching, structured content ‘recipes’ for extracting particular kinds of data (such as flight times), and statistical summation. Summaries produced by human editors are relatively infrequent.99

2.76  Shortening services. Another class of gateways abbreviates URLs by allowing users to register ‘shortened URLs’ which instantly redirect users to the original page content.100

2.77  Overview. Internet marketplaces allow users to buy and sell goods and services from third parties. It is possible to distinguish between marketplaces for particular kinds of goods or services and the transaction service providers who enable payments to be made and received on them.

2.78 First, online marketplaces such as eBay facilitate transactions involving goods between vendors and purchasers. To reduce listings for infringing and counterfeit goods, eBay operates a Verified Rights Owner (‘VeRO’) programme consisting of around 16,000 keyword filtering rules, community moderation via flagging, restrictions on sales of ‘High Risk Brands’, and a notice-and-takedown system under which 90 per cent of notices led to removal within 6–12 hours, with 98 per cent removed within 24 hours.101

2.79 Second, ticketing portals such as Viagogo, Ticketmaster, EventBrite, and LiveNation allow event promoters to sell tickets to events and in some cases may enable secondary markets for the transfer of unwanted tickets.

2.80 Third, retail emporia such as aggregate retailers’ wares into a central marketplace of goods. Users are normally permitted to rate and review products and sellers, and their feedback is aggregated to produce ratings and regulate marketplace activity.

2.81 Fourth, app stores such as iTunes and Google Play sell third parties’ software and content in formats optimised for particular platforms (commonly mobile devices). Fifth, classified listings such as Craigslist and Gumtree allow individuals to post notices for goods and services. Sixth, business-to-business labour marketplaces such as 99designs and Elance facilitate transactions between service providers and business consumers.

2.82 Seventh, social commerce websites such as Groupon and LivingSocial offer targeted coupons and deals fulfilled by third parties. Eighth, travel and transportation marketplaces connect service providers and consumers in specific two-sided markets. Examples include passenger transportation (such as Uber, Hailo, GetTaxi) and holiday accommodation (such as AirBnB).

2.83 Finally, transaction networks supply the services and software with which value is transferred between internet users.102 The ecosystem of electronic payment providers is vast: PayPal processed online transactions totalling $118 billion in 2011,103 while Visa exceeded $3.7 trillion on 1.9 billion issued cards.104

2.84  Types of transaction networks. Several distinct sub-classes may be identified: (1) card issuers and payment networks, such as Visa and MasterCard; (2) market makers for electronic currencies, such as Bitcoin; (3) dedicated online payment systems, such as PayPal and Google Checkout, which permit horizontal consumer-to-consumer payments; (4) transaction processing gateways, such as WorldPay and eWay; and (5) mobile point-of-sale and ‘in-app’ micropayments providers.105

2.85  Regulation of transactions. Some transaction networks may also act as deposit-taking institutions which are regulated as banks. Others are pure transaction intermediaries and regulated via a web of contracts between vendor, bank, website operator, and purchaser. Still others may be regulated primarily by technical means and self-help (such as escrow), as in the case of Bitcoin.

2.86  Functions of payment services. The primary function of payment services is to provide a secure means of electronically transferring value, while minimising transaction costs and fraudulent activity.106 Secondarily, they provide points of regulatory control. For example, overseas users can be excluded based on the territory in which a credit card was issued, while anonymous users and minors can be excluded by the need to obtain a credit card at all. Payment networks often conduct due diligence to verify the trustworthiness of merchants for whom they process payments, voluntarily inspecting merchants’ websites and removing those involved in illicit activity, particularly child pornography, controlled pharmaceuticals, and illicit tobacco.107

2.87  Overview. Although the focus of this work is internet intermediaries, a useful comparison may be made with the legal position of earlier offline intermediaries which acted as conduits for information or property. Care must be taken to avoid misleading metaphors, but a brief consideration of offline services illustrates that they can be a helpful lens through which to view new problems posed by internet wrongdoing.

2.88  Common features. Offline intermediaries share three common features with internet intermediaries: first, they can be causally significant but insufficient causes of harm to third parties; second, their prima facie liability is generally not determined by universal principles of secondary responsibility but by the application of context-specific doctrines and remedies; and third, their liability is often limited for reasons of public policy. The following examples are not exhaustive; doubtless, many other instances of analogous offline service providers could be identified, including financial brokers, auctioneers, and marketplaces.108

2.89  A network for packages. The Post Office is the archetypal intermediary. It is, in effect, a network for information conveyed by means of packages sent by senders to recipients. Occasionally those packages cause harm (as in the case of a letter bomb, a defamatory pamphlet, or a counterfeit medicament) but, intuitively, we know that it is not the Post Office which is responsible for this harm, even though it may have been one cause of it by carrying the relevant article. Instead, we say that the wrongdoer is the sender, and the Post Office merely their innocent agent or a conduit for the material. The Post Office is clearly an insufficient cause of harm, since without its sender the package would never have arrived,109 but it is necessary to the primary event which occurred (delivery). The Post Office might have been able to prevent the harm, albeit at significant cost, by inspecting and approving each package during transit, but we do not expect that it will do so.110

2.90  Regulation of postal services. The conduit status of postal services is codified by statute. Section 29(1) of the Post Office Act 1969 (UK) immunised the Post Office and its agents from liability ‘for anything done or omitted to be done in relation to anything in the post’, while section 29(2) extended the immunity to loss or damage arising during the carriage of mail.111 Section 90 of the Postal Services Act 2000 (UK) carries forward these exemptions to the modern privatised entities, subject to limited exceptions.112 Interpreting earlier legislation, Triefus & Co Ltd v Post Office held that the postal authorities had no liability to the sender for mail that had been stolen by a third party.113

2.91  Justifications for immunity. The principle of postal immunity is long-standing: in 1699, Lane v Cotton exonerated the postmaster general from liability for a stolen cheque.114 Such an office was considered ‘so extensive, and requires such a number of servants, &c speed in conveyance, journeys by day and night [that] it resembles the case of piracy, which is damnum fatale’. To similar effect, in Whitfield v Lord Lé Despencer Lord Mansfield concluded that any action on the case lies against ‘the party really offending’ and not the postmaster, who is liable only for his own fault.115

2.92  Self-help measures. In the nineteenth century, the telegraph department of the Post Office was treated similarly.116 In response to the absence of secondary liability rules, correspondents adopted self-help measures—such as cutting bills and notes into multiple parts sent on successive days—to protect themselves from fraud.

2.93  Scope of immunity. During industrial action in the late 1970s, the Court of Appeal held that the principle of immunity meant it had no jurisdiction to grant an injunction against employees of the Post Office who were detaining the claimants’ mail in protest.117 Lord Denning MR said of section 29 simply: ‘It is very wide. It is “any loss or damage suffered by any person.”’118 Because of this section, there was no action in conversion against the employees; thus no mandatory injunction could issue which required them to forward the claimants’ mail.

2.94  Policy considerations. Even if the Court could grant such an injunction, it would decline to exercise its discretion because that would require the postal employees to ‘discriminate’ between recipients. All members of the Court were clearly concerned to ensure that the Post Office remained a content-neutral intermediary; intervening so as to require its officers to differentiate between mail would ‘create such a bad precedent—with so much danger for the future’.119 Losses were left to lie where they fell.

2.95  Conduits for property. Aircraft, cargo ships, couriers, and other carriers act as conduits when they transmit property belonging to a third party consignor from one location to another.

2.96  Regulation under international law. Their duties are partially harmonised in international treaties. For example, article 17 of the Convention on the Contract for the International Carriage of Goods by Road provides that road carriers will be liable for partial or total loss or damage to goods and for delay in delivery, unless caused by the consignor’s wrongful conduct, instructions, some inherent property of the goods, or other circumstances that the carrier could not avoid.120 These duties are primary in the sense that they are undertaken by the carrier’s voluntary acceptance of goods—or implied by statute121—and breached when the carrier fails to protect the bailed goods. Liability for the carriage per se reflects carriers’ duties as agents who are engaged for the express purpose of securely bringing goods to a destination.

2.97  Common law duties. At common law, a carrier could also incur liability arising from the acts of third parties—for example, where a thief stole bailed property from a furrier,122 airline,123 shipowner,124 or railway operator.125 The thief may be an independent cause of another wrong (theft), but the carrier was primarily liable for breach of a primary duty.126

2.98  Limitations upon liability. The liability of common carriers is subject to various limitations and exclusions which reflect public policy, such as the need to ensure the economic viability of supplying carriage services.127 For example, railway operators are exempted from liability for nuisance and certain related harms.128 These exclusions are not the subjects of this work.

2.99  Scope of bailment duties. It is difficult to identify cases where a bailee is held liable for wrongs carried out by means of transporting the goods, but which fall outside the scope of the bailment—such as losses caused by delivering defamatory goods, transporting goods which infringe a patent, or detaining goods that belong to another. Although there are few clear statements of principle, this appears to be because the primary and only wrongdoer is the consignor rather than the bailee.

2.100 In Morton–Norwich Products Inc v Intercen Ltd, the defendants imported patented chemical compounds into the United Kingdom.129 The carriage was effected by British United Airways, which took the goods from Rotterdam to Gatwick. Although the airline was acting as agent for the consignee, there was no suggestion that it was liable for the resulting patent infringement by the consignee.130 The question appears to have been resolved as a matter of principle: simply possessing, transporting,131 or warehousing an invention is not necessarily ‘use’ of it by the carrier.132 Liability is thus fixed according to the boundaries of individual torts.133

2.101  Statutory duties. Road traffic controllers, tollway operators, canal ways, and other highway authorities owe various duties to their users and owners of neighbouring properties.134 Many of these duties are public in nature and do not create rights in private parties.135 To the extent they do, these statutory duties are not absolute. Thus, the owner or operator of a road is not normally liable for the negligent conduct of road users, whose acts are their own: a mere omission by the highway operator will not create liability without ‘some special justification’ or a specific statutory duty.136 The fact that the road may be a necessary cause of the third party’s wrongdoing is insufficient because the operator acts as an intermediary for road traffic.

2.102  Conduits for resources. Whereas the Post Office is a conduit for printed messages and goods, utilities are conduits for energy and other natural resources. While they owe various obligations in their primary capacity as energy suppliers—to ensure continuity of service, safety of supply and storage137—they are not liable for wrongs committed by customers using the electricity they provide, though little authority exists on the point.138 Gas and nuclear power producers are strictly liable for loss caused by the escape of their hazardous materials,139 but not simply because energy is used tortiously. They supply essential preconditions for engaging in many species of wrongdoing (as do automobile service stations, vendors of knives, and almost any other merchant) without possessing control over how their resources are used by customers.


Twentieth Century Fox Film Corp v British Telecommunications plc [2011] EWHC 1981 (Ch), [103] (Arnold J) (‘Newzbin2’).


See Patrick Atiyah, Vicarious Liability in the Law of Torts (1967) 289; Philip Sales, ‘The Tort of Conspiracy and Civil Secondary Liability’ (1990) 49 Cambridge Law Journal 491.


See Paul Davies, ‘Accessory Liability: Protecting Intellectual Property Rights’ [2011] 4 Intellectual Property Quarterly 390, 396.


See section 1.2, paragraphs 2.14 to 2.18.


See chapter 12, section 2.


Papasavvas v O Fileleftheros Dimosia Etairia Ltd, Case C-291/13, ECLI:EU:C:2014:2209, [45].


European Commission, ‘Public Consultation on the Regulatory Environment for Platforms, Online Intermediaries, Data and Cloud Computing and the Collaborative Economy’ (24 September 2015) 5.


See section 4 for further discussion of offline intermediaries.


See World Intellectual Property Organization, Standing Committee on Copyright and Related Rights (4–8 November 2002) SCCR/8/2, 2.


See Assaf Hamdani, ‘Who’s Liable for Cyberwrongs?’ (2001) 87 Cornell Law Review 901, 902–3; Doug Lichtman and Eric Posner, ‘Holding Internet Service Providers Accountable’ (2006) 14 Supreme Court Economic Review 221, 225–6, 227.


See Communications Decency Act 1996 (US) 47 USC § 230(f); Decree No 468 of 18 May 2006, Regulation on Protection of the Right of Communication via Information Networks (CN) art 22.


See Alfred Yen, ‘Sony, Tort Doctrines, and the Puzzle of Peer-to-Peer’ (2004) 55 Case Western Reserve Law Review 815, 820.


See Dennis Lievens, ‘eBay’s Accessory Liability for Counterfeiting — Why Joint Tort Liability Just Doesn’t Cut the Mustard’ (2011) 42 International Review of Intellectual Property and Competition Law 506, 508–9.


Mark MacCarthy, ‘What Payment Intermediaries Are Doing about Online Liability and Why it Matters’ (2010) 25 Berkeley Technology Law Journal 1037, 1038.


See H L A Hart, ‘Definition and Theory in Jurisprudence’ (1954) 70 Law Quarterly Review 37, 38–9.


OECD, The Economic and Social Role of Intermediaries (2010) 9; OECD, The Role of Internet Intermediaries in Advancing Public Policy Objectives (2011) 20.


Directive 2000/31/EC [2000] OJ L 178/1 (‘E-Commerce Directive’).


The E-Commerce Directive, in turn, incorporates the definition of ‘services’ from art 1(2) of Directive 98/34/EC [1998] OJ L 204/37, as amended by Directive 98/48/EC [1998] OJ L 217/18 (‘Technical Standards Directive’).


Technical Standards Directive art 1(2) (definition of ‘service’).


See chapter 12, section 2.


E-Commerce Directive recital (18), art 2(b).


E-Commerce Directive recital (18).


E-Commerce Directive recital (20).


E-Commerce Directive recital (42).


See, eg, Criminal Justice and Public Order Act 1994 (UK) s 166A(6); Privacy and Electronic Communications (EC Directive) Regulations 2003 (UK) regs 2(1), 6(4); Electronic Commerce Directive (Terrorism Act 2006) Regulations 2007 (UK) regs 2(1), 5–7; Tobacco Advertising and Promotion Act 2002 (UK) reg 2(4).


E-Commerce Regulations reg 2(1); Copyright, Designs and Patents Act 1988 (UK) ss 97A(3) (copyright), 191JA(3) (performers’ rights). See chapter 14, section 3 for further discussion of service provider injunctions.


Directive 2001/29/EC [2001] OJ L 167/10 (‘Information Society Directive’).


See chapter 1, paragraph 1.89.


Directive 2004/48/EC [2004] OJ L 157/45, recital (23), art 11. See chapter 14, section 4 for further discussion of this remedy.


Football Association Premier League Ltd v QC Leisure [2008] FSR 789, [241] (Kitchin J) (‘QC Leisure’).


Newspaper Licensing Agency Ltd v Meltwater Holding BV [2012] Bus LR 53, 77 (Morritt C) (‘Meltwater’). See also Case C-5/08, Infopaq International A/S v Danske Dagblades Forening [2009] ECR I-6569, [54].


Bunt v Tilley [2007] 1 WLR 1243, [9], [24] (Eady J).


Davison v Habeeb [2011] EWHC 3031 (QB), [38] (HHJ Parkes QC) (‘Davison’).


Newzbin2, [103] (Arnold J).


Davison, [36], [38] (HHJ Parkes QC).


eBay International AG v The Polo/Lauren Company LP [2010] ETMR 1, 9–10 (emphasis added).


Interflora Inc v Marks and Spencer plc [2009] RPC 22, 808 (Arnold J) (emphasis added) (‘Interflora [No 1]’).


Twentieth Century Fox Film Corp v Newzbin Ltd [2010] EWHC 608 (Ch), [118]; [2010] FSR 21, 548 (Kitchin J) (emphasis added) (‘Newzbin1’).


[2009] RPC 21, 785 (Arnold J) (‘eBay’).


Case C-70/10, Scarlet Extended SA v Société Belge des Auteurs, Compositeurs et Éditeurs SCRL (SABAM) [2012] ECDR 4, 64 (emphasis added).


Case C-557/07, LSG-Gesellschaft zur Wahrnehmung von Leistungsschutzrechten GmbH v Tele2 Telecommunication GmbH [2009] ECR I-1227, [43]–[46] (‘Tele2’).


L’Oréal SA v eBay International AG, Case C-324/09, EU:C:2010:757, [AG58] (Advocate–General Jääskinen).


L’Oréal SA v eBay International AG, Case C-324/09, EU:C:2011:474, [113] (‘eBay (CJEU)’).


Google France Sarl v Louis Vuitton Malletier SA, Joined Cases C-236/08, C-237/08, and C-238/08, EU:C:2010:159, [114]; [2010] RPC 19, 624 (‘Google France’).


This work does not insist upon capitalising ‘internet’, unless referring to the Internet Protocol.


Barry Leiner et al, ‘Brief History of the Internet’ (1995) Federal Networking Council <>.


Kevin Werbach, ‘The Network Utility’ (2011) 60 Duke Law Journal 1761, 1769.


Kevin Werbach, ‘The Centripetal Network: How the Internet Holds itself Together, and the Forces Tearing it Apart’ (2008) 42 UC Davis Law Review 343, 347.


House of Lords, Science and Technology Committee, Personal Internet Security—Volume I: Report (2007) 10.


International Organization for Standardization, ‘Information Technology—Open Systems Interconnection—Basic Reference Model: The Basic Model’ (1994) ISO/IEC 7498-1:1994(E).


Yochai Benkler, ‘From Consumers to Users: Shifting the Deeper Structures of Regulation Toward Sustainable Common and User Access’ (2000) 52 Federal Communications Law Journal 561, 562, 568.


Hubert Zimmermann, ‘OSI Reference Model—The ISO Model of Architecture for Open Systems Interconnection’ (1980) 28 IEEE Transactions on Communications 425, 429.


Barbara van Schewick, Internet Architecture and Innovation (2010) 360–5.


Mark Lemley and Lawrence Lessig, ‘The End of End-to-End: Preserving the Architecture of the Internet in the Broadband Era’ (2001) 48 UCLA Law Review 925, 930.


Lawrence Solum and Minn Chung, ‘The Layers Principle: Internet Architecture and the Law’ (2004) 79 Notre Dame Law Review 815, 845.


Lawrence Lessig, Code and Other Laws of Cyberspace (2nd ed, 2006) 44.


See Christopher Yoo, ‘Network Neutrality or Internet Innovation’ (2010) 33 Regulation 22.


Oliver Williamson, The Economic Institutions of Capitalism (1985) 205.


See Brian Carpenter, ‘Architectural Principles of the Internet’ (1996) (Internet Engineering Task Force, RFC 1958); Jerome Saltzer et al, ‘End-to-End Arguments in System Design’ (1984) 2 ACM Transactions in Computer Systems 277.


van Schewick, n 53, 194, 200–2.


Solum and Chung, n 55, 847.


Jonathan Zittrain, ‘The Generative Internet’ (2006) 119 Harvard Law Review 1974, 1980–2.


See, in the context of cybercrime: Cyrus Chung, ‘The Computer Fraud and Abuse Act: How Computer Science Can Help with the Problem of Overbreadth’ (2010) 24 Harvard Journal of Law and Technology 233, 253–6.


See Barry Greene and Philip Smith, Cisco ISP Essentials (1st ed, 2002) 229–34.


See chapter 11, section 1.3 for discussion of carrier terms of use.


Typically this means a web server and high-speed connections to a major backbone: Quinstreet Inc, ‘Web Host’ (2006) Webopedia <>.


See, eg, 1&1 Internet Ltd, ‘General Terms and Conditions of Service’ (2010) Terms & Conditions, cl 6.2.2 <>.


Peter Mell and Tim Grance, ‘The NIST Definition of Cloud Computing’ (7 October 2009) <>.


See John Klensin, ‘Role of the Domain Name System (DNS)’ (2003) (Internet Engineering Task Force, RFC 3467) 2. IPv6 introduces added complications that will not be addressed here.


Paul Mockapetris, ‘Domain Names—Concepts and Facilities’ (1987) (Internet Engineering Task Force, RFC 1034) 4, 18.


See chapter 7, section 3 for discussion of gTLDs.


See chapter 3, section 1.1 for discussion of WHOIS data.


See, eg, Netcraft Ltd, ‘SSL Survey’ (2015) <>.


See, eg, Comodo CA Ltd, ‘Comodo SSL Certificate Warranty’ (2012) <>.


See OECD, Participative Web: User-Created Content (12 April 2007) DSTI/ICCP/IE(2006)7/FINAL <> 4.


For one proposed taxonomy, see Stephan Hagemann and Gottfried Vossen, ‘Categorizing User-Generated Content’ [2009] Proceedings of the Web Science 155 <>.


Despite definitional disagreement, see WebMediaBrands Inc, ‘What is Web 2.0’ (Webopedia, 27 February 2009) <>; Tim O’Reilly, ‘Web 2.0: Compact Definition’ (O’Reilly Radar, 1 October 2005) <>.


On, eg, some 52.4m new posts and 47m new comments were posted by users during September 2015. Assuming that a conservative reviewer took three minutes per post and thirty seconds per comment to reach a decision, it would take nearly 3,000 reviewers working around the clock simply to keep pace with incoming submissions.


Once flagged, content tends to be removed if it breaches the acceptable usage policy: see, eg, YouTube LLC, ‘YouTube Community Guidelines’ (2010) <>.


See paragraph 2.65 for further discussion of automated content moderation.


Article 29 Working Party, Opinion No 5/2009 on online social networking (12 June 2009) 4–5.


Ofcom, Adults’ Media Use and Attitudes Report (2014) 5.


See Michael O’Floinn and David Ormerod, ‘Social Networking Sites, RIPA and Criminal Investigations’ [2011] 10 Criminal Law Review 766, 770–2.


See Kashmir Hill, ‘Facebook’s Top Cop: Joe Sullivan’ (Forbes, 12 March 2012).


See Bruce Mann, ‘Social Networking Websites—A Concatenation of Impersonation, Denigration, Sexual Aggressive Solicitation, Cyber-Bullying or Happy Slapping Videos’ (2008) 17 International Journal of Law and Information Technology 252.


Charles Arthur, ‘Why Are Cyberlockers Suddenly Such a Problem, Lord Mandelson?’ (The Guardian, 20 November 2009) <>.


MarkMonitor, Traffic Report: Online Piracy and Counterfeiting (January 2011) 7.


Matthew Moore, ‘YouTube’s Worst Comments Blocked by Filter’ (The Telegraph, 2 September 2008).


YouTube LLC, ‘Content ID’ (2011) <>.


Scott Smitelli, ‘Fun with YouTube’s Audio Content ID System’ (2009) <>.


Viacom International Inc v YouTube Inc, Plaintiffs’ Complaint (SDNY, 2007) [3].


See Pinterest Inc, ‘Pinterest’ (February 2013) <>.


See Discuss Inc, ‘About Disqus’ (March 2013) <>.


Activision Blizzard Inc, Q4 Earnings Call (9 February 2012).


See Ashlee Vance, ‘Computing from Weather to Warcraft’ (The New York Times, 17 November 2008) <>.


Zynga Inc, Form S-1 Registration Statement, United States Securities and Exchange Commission (11 August 2011) 1–2.


Valve Corporation, ‘Steam Download Stats’ (September 2014) <>.


See Twitch Interactive Inc, ‘Twitch’ (2014) <>.


One notable exception is the human-edited Open Directory Project: Netscape Communications Corp, ‘About the Open Directory Project’ (2002) Open Directory Project <>. Such aggregators are better classified as websites on the basis that their operators manually author content.


See Thord Hedengren, ‘TinyURL Blocked in Saudi Arabia’ (The Blog Herald, 17 April 2009) <>.


See eBay, [79]–[86] (Arnold J).


See OECD, Online Payment Systems for E-Commerce (2006) 6.


PayPal Inc, ‘Financials’ (PayPal Press Centre, January 2012) <>.


Visa Inc, Annual Report 2011 (2011) 2.


See Juniper Research, Mobile Payment Strategies: Opportunities & Markets 2011–2015 (July 2011) 15–21, 35–44.


See OECD, n 102, 17–19, 28–30.


See Mark MacCarthy, ‘Deleting Commercial Pornography Sites from the Internet: The US Financial Industry’s Efforts to Combat this Problem’ (Evidence to House Committee on Energy and Commerce, 2006) 70–72.


See eBay (CJEU), [AG108] (Advocate General Jääskinen).


The Post Office (or its delegates) might also send mail on behalf of itself. When it does so, the Post Office is acting as a primary party: see chapter 5, section 1.1.


See, eg, United States Constitution amend IV; Ex parte Jackson, 96 US 727, 733 (1877).


Christopher Walton (ed), Charlesworth & Percy on Negligence (12th ed, 2010) [3–27].


Postal Services Act 2000 (UK) ss 89, 91 (which permit liability for loss arising due to any ‘wrongful act’ or default by the service provider or their delegate).


[1957] 2 QB 352, 368 (Parker LJ).


(1701) 1 Ld Raym 646, 648; 91 ER 1332, 1333.


(1778) 2 Cowp 754, 764–6; 98 ER 1344, 1349 (Lord Mansfield).


See Telegraph Act 1868 (UK) s 2; cf Telegraph Act 1863 (UK) s 42; Bainbridge v Postmaster–General [1906] 1 KB 178, 187–9 (Collins MR), 194 (Mathew LJ).


Harold Stephen & Co Ltd v The Post Office [1977] 1 WLR 1172 (‘Harold’).


Harold, 1177 (Lord Denning MR).


Harold, 1178–9 (Lord Denning MR), 1179 (Browne LJ), 1180 (Lane LJ).


Opened for signature 19 May 1956, 399 UNTS 5742 (entered into force 2 July 1961). See also Convention for the Unification of Certain Rules Relating to International Carriage by Air, opened for signature 12 October 1929, 478 UNTS 6943 (entered into force 13 February 1933).


See, eg, Carriage of Goods by Sea Act 1971 (UK).


See Morris v C W Martin & Sons Ltd [1966] 1 QB 716, 729 (Lord Denning MR), 731 (Diplock LJ), 737 (Salmon LJ).


See Moukataff v British Overseas Airways Corp [1967] 1 Lloyd’s Rep 396.


See Elder, Dempster and Company Ltd v Paterson, Zochonis and Company Ltd [1924] AC 522, 535–6 (Viscount Finlay).


See HSBC Rail (UK) Ltd v Network Rail Infrastructure Ltd [2006] 1 WLR 643, 651–2 (Longmore LJ) (Lloyd LJ and Morritt C agreeing).


Robert Stevens, Torts and Rights (2007) 120. See chapter 5, section 1.1.


Eg, the Post Office Act applies to airlines acting in the capacity of a postal carrier: American Express Co v British Airways Board [1983] 1 WLR 701, 708 (Lloyd J). See also Carriers Act 1830 (UK) 1 (limiting liability).


Railways Act 1993 (UK) s 122(3) (excluding liability ‘in any civil proceedings’ in nuisance or ‘in respect of the escape of things from land’). See also s 123 (deeming railways not to be common carriers).


[1978] RPC 501 (‘Intercen’). See also chapter 4, section 1.2 in relation to Norwich Pharmacal orders.


Intercen, 506–7 (Prescott, in argument), 509 (Turner QC, in argument) (‘it was only a carrier...and a mere carrier does not infringe’), 518 (Graham J).


Pfizer Corporation v Ministry of Health [1965] AC 512, 571–2 (Lord Wilberforce).


Badische Anilin und Soda Fabrik v Basle Chemical Works (Bindschedler) [1898] AC 200, 208–9 (Lord Halsbury LC) (Lord MacNaghten, Lord Morris, Lord Shand, and Lord Davey agreeing).


See, eg, Wilson v Lombank [1963] 1 WLR 1294 (trespass to goods).


See, eg, Highways Act 1980 (UK) ss 41(1), 79(1); Gorringe v Calderdale Metropolitan Borough Council [2004] 1 WLR 1057 (‘Gorringe’) (duty to maintain the highway).


Gorringe, 1070 (Lord Hoffmann), 1078–9 (Lord Scott).


Stovin v Wise [1996] AC 923, 929–30 (Lord Nicholls) (dissenting), 957–8 (Lord Hoffmann).


See, eg, Water Industry Act 1991 (UK) s 209 (imposing strict liability for loss caused by water escaping from a pipe); Merchant Shipping Act 1995 (UK) (imposing strict liability for escape of hazardous chemicals from ships).


See, eg, Roadshow Films Pty Ltd v iiNet Ltd [No 3] [2010] FCA 24, [400] (Cowdroy J); [2011] FCAFC 23, [384] (Jagot J).


Gas Act 1965 (UK) s 14(1); Nuclear Installations Act 1965 (UK) s 7 (imposing strict liability for damage caused by nuclear matter or ionising radiation).

This Feature Is Available To Subscribers Only

Sign In or Create an Account


This PDF is available to Subscribers Only

View Article Abstract & Purchase Options

For full access to this pdf, sign in to an existing account, or purchase an annual subscription.