The risks online chatrooms pose to children arenever far from the headlines. This article examinesthe legal issues surrounding the increasing use ofsuch services by schoolchildren and considers whois ultimately responsible for their protection.

1. IntroductionRecent campaigns only highlight the failings of

the UK’s existing regulation in this area of law.What is clear is that, while paedophiles are usingincreasingly sophisticated means of targeting theirvictims via the Internet to avoid being caught, ourpresent laws are failing to keep up the pace. So,what can we do to make such online services safefor children to use?

Chat rooms, bulletin boards, newsgroups orother messaging services, collectively known aschat services, might be set up with a particularhobby in mind, or as a website just for children orteenagers. Their purpose is to allow individualswho share common interests to talk about themwith like-minded people in one shared virtualplace.

Unfortunately, by their very nature, onlinechatrooms can lure children into a potentiallydangerous situation. Children who are perhaps shyand self-conscious when speaking face-to-face findit much easier to be able to express themselves byemail. For the bolder ones it presents an excitingopportunity to flirt and chat with others their ownage away form the watchful eye of their parentsand teachers. Inevitably though, this chance forchildren to socialize with others their own age andmake new friends, presents equally attractiveopportunities for paedophiles. By creating a falseidentity, lying about their age, “grooming” theirpotential victims and then arranging to meet themin person, children easily become sitting ducks forchild abusers.

While there are a number of different ways inwhich such chat services operate, they do share acommon trait in their operating process, whichcould ultimately help track down the abusers. If anISP relays conversations or communications, eitherin delayed or real time, between individuals by

displaying, forwarding or hosting them, the ISPfunctions as a link between the online paedophileand the victim. If this is the case, to what extentshould the ISP be held responsible for the offencecommitted by the paedophile?

2. Could an ISP be held criminallyliable?

The majority of offences relating to thephysical abuse of children are covered by theSexual Offences Act 1956. These include sexualintercourse with a girl under the age of 13,1 sexualintercourse with a girl under 16,2 buggery 3 andindecent assault.4 But these offences apply to theperpetrators of the crime, those who commit theactus reus. The ISP’s role in committing an offenceis no more than inadvertently providing assistanceto paedophiles. In these circumstances, otherlegislation applies.

The Accessories and Abettors Act 1861,section 85 states that:

Whosoever shall aid, abet, counsel or procure

the commission of any indictable offence whether

the same be an offence at common law or by

virtue of any Act passed or to be passed, shall be

liable to be tried, indicted and punished as a

principal offender6

Section 8 would appear to provide amechanism whereby an ISP could be found liablefor an offence committed by a paedophile.Traditionally, the interpretation of the words “aid,abet, counsel or procure” have been broad enoughto potentially catch an ISP for allowing its chatservices to be used by paedophiles to meet victims.However, the ISP is afforded protection from anypotential criminal prosecution by the judicialinterpretation of the requisite mens rea.

In respect of an accessory, the test applied bythe courts is generally more demanding than inrespect of the principal offender where recklessnessor negligence may suffice. To be an accessory, aperson “must know the essential matters whichconstitute that offence”.7 There is a requirementof knowledge and an intention to aid. And it ishere that a potential criminal prosecution against

44 Computer Law & Security Report Vol. 19 no. 1 2003 ISSN 0267 3649/03 © 2003 Elsevier Science Ltd. All rights reserved

Online Chatroom Regulation

Protecting children from paedophiles on theInternetAndrew Joint, Field Fisher Waterhouse

CLSR1901.qxd 16/01/2003 13:54 Page 44

45

the unwitting owner or operator of an ISP wouldfall down.

In addition to this, there are numerouscriminal offences relating to the holding andcirculating of obscene images involving children,generally under the scope of the ObscenePublications Act 1959. However, this provides anISP with a statutory defence8 of innocentpublication where the offending material has notbeen examined and there is no reason to suspectthat the material is offensive. Further recentlyenacted legislation has also provided certain typesof ISPs with a defence against civil and criminalliability.

The Electronic Commerce (EC Directive)Regulations 2002 (the Regulations), which cameinto force on 21 August 20029 clarify the liabilitiesof intermediaries involved in e-commerce. TheRegulations offer ISPs protection from criminaland civil liability for certain services they provide.

The Regulations apply to an “informationsociety service”, defined10 as any service normallyprovided for remuneration, at a distance, by meansof electronic equipment for the processing andstorage of data. Broadly speaking, although thedefinition has not been free from debate, thedefinition will include ISPs involved in thetransmission or storage of electroniccommunications, those who provide the hostingservice, or those who provide the means of accessto a communication network.

3. ExemptionsThe Regulations state that an information

society service provider (ISSP) will not be liable fordamages or criminal sanctions where it can beshown that the ISSP falls within one of thefollowing three categories:

■ Mere Conduit 11

The exemption applies where the ISSP plays apassive role in the transmission of information,which it did not initiate, and where it did not selectthe receiver of the transmission or modify theinformation in the transmission.

■ Caching 12

ISSPs which automatically, immediately andtemporarily store information for more efficientonward transmission are said to cacheinformation. They will not be liable for damagesor other sanctions providing that they do notmodify the information, comply with conditionson access to the information and any rules

regarding updating the information, and actquickly to remove or disable access to informationstored where they are aware that the informationat the initial source has been removed or access toit has been disabled.

■ Hosting 13

Where a recipient makes a request to an ISSPto store information provided by them, the ISSPwill not be liable for damages or other sanctions asa result of storage of the information providing it:

– Is not aware that an activity or information isin breach of the law;

– Is not aware of any facts or circumstanceswhich would have made it apparent; and

– Upon becoming aware that a message isunlawful, it acts expeditiously to remove it ordisable access.

4. The Effect of the RegulationsThe Regulations encourage ISPs to keep to a

bare minimum their involvement in the patrollingand regulation of any transmission or hostingservice they provide. This means that an ISP isshielded from liability and prosecution foradopting a policy of non-monitoring, providingthey execute a swift response on receivingnotification in relation to any reported illegalactivity. Consequently, rather than rewarding ISPsfor a proactive stance by demonstrating aresponsible attitude towards the content of theinformation they transmit or store, the Regulationsmakes them more exposed to liability as theyperform more monitoring.

5. Case studiesAs the Regulations have only recently entered intoUK law, cases brought under them are yet to reachthe courts. In the meantime, guidance on certainliability issues raised by the Regulations can betaken from previous cases.

(a) Godfrey v Demon InternetLimited14

The case concerned the posting of defamatorycomments on a newsgroup, which the ISP hostedbut did not monitor and then neglected to removefor ten days after being notified of the presence ofdefamatory comments.

The Court held that ISPs hosting bulletinboards are publishers for the purposes of theDefamation Act 1996, and not (as with the Post

Online Chatroom Regulation

CLSR1901.qxd 16/01/2003 13:54 Page 45

Offices or telephone operators) passive carriers ofthe information.

It would seem that an ISP, which transmits,emails, hosts chat rooms or other instantaneous orvirtually instantaneous services are unlikely to bedescribed as a publisher when dealing withdefamatory content. In these cases their role islimited and passive.

The role for the ISP shifts from merely beingpassive carriers to more active publishers whendealing with bulletin boards. Usenet newsgroupsprovide numerous forums. Posts made in thoseforums are accessible through an ISP, which offersthat newsgroup to its subscribers. Demontherefore chose to receive the postings, store andmake them available and their role was thereforemore than passive and, with that came a higherlevel of liability.

Whilst the case was brought under theDefamation Act 1996, some of the issues it raisedare also addressed by the Regulations, notably thatthe court will grade the test for the ISP foravoiding criminal and civil liability according tothe type of service provided.

The case also highlights the fact that an ISPwill be liable if it has notice that infringingmaterial appears on its site and it does nothing torectify it. ISPs should be aware and have in placea system, not merely an automatic email reply orpre-recorded telephone message, to deal with beinggiven notice of offending material and ensure thatany such notice is investigated expeditiously.

(b) The Chancellor of Justice v KalleLjunkvist15

To compare the approach taken in otherjurisdictions, this recent Swedish case saw anewspaper editor receive a conditional sentenceand fine for illegal comments regarding the deathof Jews which appeared on a newspaper websitemessage board and which contravened the SwedishCriminal Code.

The newspaper’s message board stated that itmonitored the board. By doing so, the court foundthat they had automatically raised the height ofthe hurdle they had to clear when trying to avoidliability.

(c) Hit-Bit Software GmbH v AOLBertelsmann on-line GmbH KG16

This case offers an interesting perspective on howthe German courts assess ISP liability. Where there

is a high possibility that a user could infringerights by using the service provided by the ISP (inthis case the service provided the users with fileswhich they could up and download which wereprotected by copyright), the appearance of aprohibition notice restricting use and onwardtransmission, highlighting infringements of rightsand, including a disclaimer, was not enough toprovide the ISP with protection.

There was, in this case, a substantial risk ofinfringing behaviour by users of a service of thistype. Such a high risk service imposed contentmonitoring obligations on the ISP. Even thoughthese were not imposed directly by German Lawsor EC Directive, it was held that the ISP shouldhave known, if it had applied the proper care andattention, that the site’s content was infringing.

6. Self-regulation The current status of the UK law - or lack

thereof - concerning the online activities ofpaedophiles leads us to surmise that the UKGovernment has tacitly acknowledged that thedrafting of legislation to cover use by paedophilesof online facilities is a highly complex affair.

Therefore the present law reflects the currentthinking on ISPs’ liability in general:

■ the burden should be shifted as far as possibleonto those who benefit and profit from thechat services – the ISPs themselves;

■ self regulation should be encouraged; and

■ specific Codes and good practice guidelinesshould be established.

While the government is under pressure tooutlaw the practice of paedophiles approachingchildren online, such legislation would, by its verynature, walk a tightrope between safety concernsand human rights. Issues such as privacy, freedomof expression and of communication are foundingpillars of the internet and are issues which internetusers passionately seek to protect. To attempt toregulate these, therefore, will be difficult,controversial and will take time.

However, shifting the emphasis ofresponsibility onto ISPs in the meantime, andletting them police themselves, goes at least someof the way towards alleviating the problems in theintervening period.

The UK Government has launched a numberof initiatives to help establish safe practice andguidelines for child access and parental supervision

46

Online Chatroom Regulation

an ISP will be liable

if it has notice that

infringing material

appears on its site

and it does

nothing to rectify it

CLSR1901.qxd 16/01/2003 13:54 Page 46

47

of the internet. For example, the Home Officeoperates the “Thinkuknow” website.17 This givesguidance to children and parents over the use ofmessage boards and other types of onlinecommunication.

The Home Office has also set up a specialTaskforce on Child Protection18. Launched in July2001, its members comprise a cross-section ofrepresentatives from government, industry, childwelfare organizations and academia. Their remit isto develop ways to neutralize the threat posed tochildren using the internet by paedophiles. In anattempt to achieve this, they have developed goodpractice guides for ISPs and, in its interim reportto the Home Secretary, they have recommendednew legislation to tackle paedophile “grooming”activity on- and offline. Their suggestions includea new criminal offence relating to meetings orarranging to meet with a child with the intentionto commit a sex offence. The Taskforce also aimsto provide internet content rating systems in futureand develop a “kitemarking” scheme for chatrooms which deliver child-friendly services.

Sites, such as www.besafeonline.org, have beendeveloped by special interest groups and offerinformation and software which parents can use toblock out certain websites, and guidance as to howto make sure that their children are operating onlinesafely. Other non-profit global organizations, suchas the worldwide Internet Content RatingAssociation19 and the UK based Internet WatchFoundation 20 (which both have support from anumber of industry leading companies), offer asubstantial amount of advice to ISPs to promotebest practice and safe use by children.

In addition to this, high profile campaigns inthe media, for example that of the BritishBroadcasting Corporation,21 also encourage saferweb practice by child users. Services, which allowparents to track who their children are emailingand the sites, which they are visiting, are alsoavailable in today’s market place.22

However, the problem with this trend ofreliance on self-regulation of the activities of ISPsis three-fold:

■ The civil liberties aspect of content regulationand control.

The monitoring recommended can seriouslyimpinge on privacy without the backing of alegislative mandate and naturally raises thequestion of balance between online safety and therights of the individual.

■ ISP responsibility to self regulate and monitorcontent is increased rather than thegovernment encouraging state policing.

The idea that, as their place of importance andtheir success within society grows, so should anISPs responsibilities to that society is a finephilosophical ideal, but this should not be used todisguise the fact that this system saves publicmoney, or that it avoids introducing furtherlegislation which might prove more difficult orunpopular.

■ Other than for reasons of human decency,there is no pecuniary motivation for an ISP tofollow these guidelines.

Unless some financial sanctions are imposedon ISPs, which do not act in accordance with theseguidelines, whether through direct ties, or throughnegative publicity for their business, there is littleincentive for them to comply.

7. Conclusion Current UK legislation is still playing catch-up

to the advanced and sophisticated techniques ofchild abusers. Anticipating the difficulties ofmoving a proposal for reform through the oftenlengthy legislative process, the Government hasturned to ISPs for the time being and made thempolicemen of their own domain.

Unfortunately, the problem with this approachcan be illustrated by the case of the websitewww.thinkofthechildren.co.uk - a satire websitethat attempted to make fun of the “hate mob”culture that follows the issue of paedophilia. Thiswas removed from the host server by an ISP on thebasis of a short letter from the police requestingthat it did so suggesting that it might containmaterial inciting users to commit violence. But thepolice’s response and the pressure brought to bearon the ISP as a consequence illustrates that theerosion of the “checks and balances” of statute-governed practice and procedure can endanger theright to freedom of expression which the internethas done so much to encourage.

It is obvious that legislation designed to catchthose who use online facilities to abuse childrenshould be developed as soon as possible. However,whilst this is developed, reliance on the regulationof online chat services should not fall solely at thefeet of the ISP.

Parental responsibility for child access and useof the internet should also be emphasized. And, tothis end, the publicizing of helpful codes and good

Online Chatroom Regulation

CLSR1901.qxd 16/01/2003 13:54 Page 47

practice guides for parents to offer support are ofas much importance in the short-term as theadvancement of legislation detailing theresponsibilities of the users, abusers and serviceproviders in the long-run. After all, in real life,there are places where parents can leave theirchildren quite happily and they would be safe toplay unsupervised, and there are others where theywould never dream of leaving children on theirown. The same rules should apply in cyberspace.

Andrew Joint is a solicitor in the IT & E-Commerce Group at City law firmField Fisher Waterhouse. He can be contacted on020 7861 4565 or by email: ajrj@ffwlaw.com.

FOOTNOTES1 Section 5.2 Section 6.3 Sections 12 and 16.4 Sections 14 and 15.5 As amended by the Criminal Law Act 1977.6 Similar provisions relating to summary trial appear inthe Magistrates’ Court Act 1980.7

Lord Goddard CJ in Johnson v Youden [1950] 1 KB544 at 546.8 Section 2(5). 9 It implemented into UK law the main provisions of theEC Electronic Commerce Directive 2000/37/EC.10 In regulation 2(1).11 Regulation 17.12 Regulation 18.13 Regulation 19.14 [1999] 4 All ER 342.15 B7655-00 the City Court of Stockholm.16 [2001] E.C.D.R 18.17 www.thinkuknow.co.uk18 www.homeoffice.gov.uk/cpg/internetask/index.htm.19 www.icra.org20 www.iwf.org.uk.21 www.bbc.co.uk and http://news.bbc.co.uk/cbbcnews/hi/uk/newsid_1706000/1706376.stm.22 Such as at www.kid-email.cc.

48

Online Chatroom Regulation

CLSR1901.qxd 16/01/2003 13:54 Page 48