February 20, 2006 -- (WEB HOST INDUSTRY REVIEW) -- In the past, I've written about the basics of contract drafting, and in particular, the need to draft your own policies and procedures. Drafting an Acceptable Use Policy and Terms of Service that reflect the unique risks present in your business puts you in a better position to control and mitigate those risks. Many hosting companies reference laws in their AUP and TOS, but few understand the laws those documents reference.
Let Rackspace make the difference with reliable managed hosting solutions backed by Fanatical Support.™ 100% Network Uptime Money-Back Guar., 1-hour hardware replacement, 24/7 LIVE, MS and LNX certified technical support.
The goal of developing internal policies is creating a standard for how your business implements the AUP and TOS, and responds to related issues. Creating these policies does not always mean developing binders full of documents. Indeed, some of the policies need not be written. What is necessary is that you, or another responsible individual within your company, understand how your AUP and TOS relate to the policies, and why certain provisions of your AUP and TOS exist.
One of the primary reasons companies don't create their own policies is that doing so takes time, money and effort away from other business tasks that may have a more immediate bottom-line impact. Once you've spent this time, however, you can easily, quickly and inexpensively create internal policies to implement your new AUP and TOS. A good example of how your effort can work is the issue of child pornography.
Illegal pornography is one of the most difficult issues for hosts to discuss and to handle. Discussion of the topic is so distasteful, that many hosts fail to understand their legal obligations. This failure opens up two avenues for potential liability under the statute. The first is failure to report child pornographic material, and the second is for distributing it, when it remains on your servers.
US laws on this topic are very strict and require hosting companies to report all child pornography they have discovered or been made aware of. Most companies either understand this, or adopt "industry standard" language in their AUP or TOS. Industry standard language usually contains a broad prohibition on the use of their hosting services for this purpose. But simply having this clause in your AUP or TOS isn't enough. To avoid liability you must comply with the law including its reporting provisions.
The most important issue for mitigating liability for child pornography is determining when you learned about it. For a host to violate the law, the host must know that it is hosting child pornographic material. Most government officials take the position that hosts cannot even view the content to determine whether it falls within the statute. That creates a significant Catch 22 for hosts who often are required to deal with large numbers of complaints about the sites they host.
The key is to determine whether the complaint is credible or not. Because you cannot review the images themselves, you need to review the circumstances surrounding the complaint. Here, strategies developed during the drafting of the AUP and TOS can be helpful in gathering information that will help determine if a complaint is credible. For example – how many complaints have you received about this particular customer? What does the directory structure look like? Does it contain references that could reasonably be construed to be pornographic? Has there been a recent increase in traffic to the site?
In designing your AUP and TOS, you were likely to have determined who would be the person responsible for receiving reports of copyright infringement and other allegations that these policies had been violated. In addition, you've likely identified employees who are both interested in understanding how these policies affect your business and who are trustworthy. In the context of child pornography, these two qualities are very important. Because of the nuances in the laws restricting the creation, distribution and reporting of the material, the person who receives the complaints and reports the material, must be interested enough in the laws to effectively create a policy – no matter how informal – that accurately reflects the law. Of equal importance is that this individual is trustworthy. Because this material can have a high commercial value, it is critical that any individual who has knowledge that you have discovered child pornography will not further distribute it for his own benefit. Not only is this completely contrary to the spirit of your policies, it may expose you to additional liability.
Finally, the material must be reported and destroyed. The laws restricting child pornography have given the Attorney General the authority to designate the entity to which the material must be reported.
Former Attorney General Ashcroft has designated the National Center for Missing and Exploited Children (missingkids.com) as that entity. The NCMEC has created a Web portal to enable reports of this nature. If you register with the NCMEC, it will issue you a password, and you can upload all the material and any additional information you think would be helpful to their investigation and receive a receipt indicating your report. You can use the information you've gathered creating your AUP and TOS to create a simple process that gathers this material together, puts it in a format acceptable to the NCMEC, permanently erases it from your company's servers, and preserves the receipt given to you by the NCMEC.
