Location, Location, Location

In a recent case at the High Court, the physical location of a web server has been used to define the country of "transmission". In the preliminary ruling, the Court said "making available" content takes place where the server is located, and it does not matter if use of the material only takes place somewhere else.

Also this month Nominet, who maintain the register of .uk domain names, has begun a policy review concerning Dealing with Domain Names Used in Connection with Criminal Activity. The initiative is being undertaken jointly with the UK-wide Serious Organised Crime Agency (SOCA). Of course, .uk domain names can be assigned to web sites hosted outside the UK, and the policy is only looking at criminal activities.

The idea is that Nominet should have a contractual right to suspend .uk domains where it has "reasonable grounds to believe" the domains are being used to commit a crime. The suggestion is that "reasonable grounds" is "request from an identified UK Law Enforcement Agency". But a year ago Nominet shut down more than 1,200 web sites selling fake designer goods. Maybe that action had no valid legal basis?

The briefing document for Nominet's Issue Group outlines what may need to be discussed, and with whom. The briefing document suggests that action would be taken by the registrars first, rather than by Nominet, requiring changes to the Registrar Agreement, and presumably agreements between registrars and their clients. Not all registrars are themselves located in the UK.

I suspect the degree of evidence required will be one of the topics discussed—especially in the light of the granting of a judicial review of the Digital Economy Act 2010 to BT and Talk Talk. I can imagine copyright owners seeing Nominet's process as a relatively simple way to close down .uk sites, but other reasons might include operating without a suitable licence (e.g. from the FSA or OFT), operating a cartel, breach of an ICO enforcement notice, or content relating to child pornography, incitement to racial hatred or the promotion of terrorism. Whilst I don't think we'll see web sites being shut down because they don't comply with accessibility requirements (e.g. Equality Act 2010, Disability Discrimination Act 2005), it does make you wonder if the process could be used to close web sites infected with, or spreading, malware. The Computer Misuse Act 1990 outlines criminal misuse offences:

• Unauthorised access to computer material.
• Unauthorised access with intent to commit or facilitate commission of further offences.
• Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.
• Making, supplying or obtaining articles for use in one of the above offences.

Web sites that transmit malware (including "crimeware") to their users, due to weaknesses in their design, could be considered to be contravening the Computer Misuse Act, and thus liable to having their .uk domains suspended. And most web sites with malicious code are legitimate sites (for their intended purpose). Putting to one side that web site owners ought to be taking care of their visitors, that's quite a business risk.

Simply moving to another .uk domain name will also have to be discouraged. However many UK e-commerce sites choose to use a .com domain, and it's important that similar standards and measures are agreed internationally—otherwise we will simply see sites relocating domain names (and servers?), to less strict jurisdictions offshore.

It certainly seems that knowledge of your web site's geographical properties is increasingly important. Cloud services beware! It will be interesting to see how these issues develop, and whether they will have any effect on where organisations choose to host their web sites and the domain name used.