Brandon Evenson is a JD candidate at Osgoode Hall Law School.

On Tuesday, November 24th, the federal government tabled legislation mandating all ISPs to report child pornography. Bill C-58 requires that Internet Service Providers (ISPs) report the Uniform Resource Locator (URL) or Internet Protocol (IP) address where child pornography may be available to the public. If the ISP has reasonable grounds to believe that their internet services are being used to commit child pornography offences, then they must also notify the police and retain all computer data that is in their possession or control for 21 days. The ISP is also prohibited from disclosing to anyone they have made a report or notification. Failure to comply with the Act may result in a fine of $10,000 or imprisonment for sole-proprietors and $100,000 for corporations.

ISP has been broadly defined in the Act to include those that provide Internet access, Internet content hosting, or electronic mail. This would apply to typical ISPs such as Bell and Rogers, as well as unconventional ones such as Google, Facebook, and Microsoft.

While all agree that child pornography is a horrific social ill and that a substantial effort should be made to reduce the production and distribution of this content, some criticize the legislation as putting too great of a burden on ISPs (particularly smaller ISPs which host thousands of web pages) to monitor. This, however, is a mischaracterization of the legislation. In fact, section 7 of the Act makes it clear that nothing in the Act “requires or authorizes a person to seek out child pornography”.

One of the other concerns is that this will open a Pandora’s box of privacy issues for ISPs. The Canadian Civil Liberties Association’s Graeme Norton cautioned that “somebody may post a family picture or an artistic picture and if that is misinterpreted by somebody who works for an ISP and then feels compelled to tell police about it, all of the sudden that person…may find themselves being looked at a little more closely by police in a way that may invade their privacy.” Family and artistic photos are not the only types of content that may give rise to privacy issues. The recent phenomenon of sexting amongst underage high school students may also generate content that an ISP would feel compelled to report.

Under section 3 of the legislation, the ISP only has to report content available to the public. Such reporting is unlikely to generate much privacy concerns. It is hard to believe that referring the police to content already in the public domain would invade a poster’s privacy.

The other reporting requirement, section 4, is of slightly greater concern. ISPs need reasonable grounds to believe that their internet services are being used or have been used to commit child pornography offences. The risk here is that an ISP providing email, private web pages, or newsgroups services, may need to retain this data and hand it over to the police, frustrating the users’ expectations of privacy for their innocent content.

Michael Geist has also criticized the legislation for being somewhat ineffectual. He believes “the real problems lies in dissemination of child pornography in newsgroups, private groups, and other private spaces that fall largely outside the potential for tips envisioned by Bill C-58”. It is quite apparent though that the legislation does envision the private sphere of the Internet. Why else would it have such a broad definition of ISP that includes email providers? Admittedly, if an ISP has a policy of not reviewing users’ private content, and the legislation does not require an ISP to seek child pornography within their network, then it is unlikely an ISP will have reasonable grounds to believe their services are being used to commit child pornography offences. Still, members or recipients of private content may report to the ISP suspected incidences of child pornography on their network.

Even if the Act does not specifically result in a greater number of ISPs reporting suspected incidents of child pornography, it still provides further dissuasion to individuals contemplating the distributing of child pornography in both the public and private internet spheres.

Posted in Internet, Privacy