Walking the Policy Tightrope

In policy work nothing is ever truly simply black and white. The means to achieve one outcome may well act to impair the work to achieve different outcomes, and the resultant effort often requires some difficult decisions to balance what appears to be some fundamental tensions between various policy objectives.

The Australian Government has enacted the Online Safety Act as a means of improving the Australia’s response to harmful online content. The material that the Act refers to ranges from the most seriously harmful online content, such as videos showing the sexual abuse of children or acts of terrorism, to content that is inappropriate for children, such as online pornography.

It’s clear that we all have a problem here. Consigning the entire responsibility to maintain a safe online environment for Australian users solely to the existing police and security agencies doesn’t appear to be anywhere near an adequate response. The Australian Online Safety Act provides for industry bodies to develop new codes to regulate the publication and promulgation of harmful online content, and for the eSafety Commissioner to register these codes.

Various industry associations have published the proposed Industry Codes and there is a request for public comment on these codes. Our review of these codes illustrates the need to balance various public policy objectives to achieve an effective response that minimises unintended side-effects while pursuing the major objective of improving aspects of accountability in the online environment.

The Internet is highly diverse, and while it might appear to be dominated by the activities of a small clique of hypergiants (large content providers, cloud providers, and Content Delivery Networks), the Internet remains a highly diverse space that also hosts the work of individuals and various community and shared interest groups who have a role alongside the massive content aggregators.

Over in the platform world, open-source communities still thrive alongside corporate efforts. The policy issue here is that if we were to exclusively apply an industry-based response to ensuring that inappropriate and harmful content is not published or promulgated, then it’s a policy response that treats the entire space as if it was exclusively populated by those large corporate entities that are capable of undertaking the proposed roles. This will become a self-fulfilling prophecy.

Although much of online discourse and content flows through ‘big tech’ companies, it is still not uncommon for people to create self-hosted discussion boards, blogs, personal sites, interest-based sites, and so on. Requiring students, parents, teachers, community groups, social groups, interest groups, and other non-commercial bodies who wish to create a website to undertake the same compliance activities as multi-billion (or trillion-) dollar companies is not proportional or equitable and has a significant impact upon their freedom of expression, the freedom of expression of their users, and freedom of assembly for all.

Requiring the diverse community of open-source operating system contributors to live up to the same regulatory requirements within Australia as the largest content companies in the world, likewise, would stifle their activities, and since open-source communities lie at the foundation of the digital economy the measures being contemplated here would push much this activity out of Australia.

Even if the Commissioner were to exercise judgement in applying the Codes to online content and open source contributions, the need to rely on that discretion would have a chilling effect on open expression and assembly. By ‘herding’ such discourse to a small number of platforms who are capable of being compliant, the diversity of Australian expression and assembly will suffer, and our society will progress further along a path that would be the antithesis of a free and open democracy.

Furthermore, a requirement that most new services on the Internet undertake a regulatory risk assessment and other compliance activities prior to release would create a barrier to the Internet’s characterization of permissionless innovation. In turn, we would expect the Australian Internet to be less diverse, less representative of broader society, more commercial, and more concentrated as a result. It would be less the Internet as we know it, and more of a ‘walled garden’ – keeping in mind that the Internet already faces considerable pressure towards consolidation of power by large companies.

Such measures essentially drive us all into the arms of the larger players, as they are the only actors with access to resources and the capability to work within these proposed Industry Codes. The underlying vitality and resilience of the Internet environment are dependent on its diversity of cultures and modes of participation. Online safety is an extremely important topic of our time, but a framework intended to help us address this issue that also imperils this diversity as a side effect is ultimately a poor outcome.

The policy process certainly can help us make some steps in improving the safety of the online environment, but at the same time, it needs to consider the full range of modes of participation. While ‘one size fits all’ is a convenient policy reaction to many such issues, the counterargument is that the application of such uniform policies runs the risk of further entrenching a highly centralized Internet monoculture. We can, and should, do better than this.

We need a more balanced policy outcome. We certainly need to improve our response to harmful online content and placing greater levels of accountability on the entities who perform content publication is an integral part of such a response. At the same time, we need to avoid creating further barriers to diverse modes of use of the Internet, avoid stifling the Internet’s environment of permissionless innovation and avoid pushing the Internet even further into the dominance of the entire communications space by a few digital behemoths.

We can’t just walk away from this problem and say: ‘Too hard!’ Finding the appropriate level of balance here is akin to tightrope walking. It’s not impossible, and it can be done, but you need to be very careful in how you approach it.

The submission we’ve made in response to these proposed industry codes can be found online.


The above views are the personal opinions of the authors. They do not necessarily represent the views or positions of the Asia Pacific Network Information Centre.


Mark Nottingham has served on the Internet Architecture Board and the W3C Technical Architecture Group, the peak architectural bodies for the Internet and the Web respectively. He is currently a member of the W3C Board of Directors and has been chair of the IETF HTTP Working Group for more than fifteen years. He has contributed to numerous technical standards for the Internet and Web.

Geoff Huston AM is the Chief Scientist at the Asia Pacific Network Information Centre (APNIC), where he undertakes research on topics associated with Internet infrastructure, IP technologies, and address distribution policies. Geoff has served in a number of roles, including as a member of the Internet Architecture Board and as the chair of the Board of Trustees of the Internet Society. He has presented at a number of global technical and government forums, including the Organisation for Economic Co-operation and Development (OECD), the International Telecommunications Union (ITU), the Internet Corporation for Assigned Names and Numbers (ICANN), the Asia- Pacific Economic Cooperation (APEC), and the Internet Engineering Task Force (IETF). In 2020, Geoff was made a member in the general division of the Order of Australia (AM) for his role as an Internet pioneer in Australia.

Martin Thomson is a Distinguished Engineer at Mozilla, based in Sydney. He is a former member of the Internet Architecture Board and authored the technical specifications for HTTP/2 and QUIC.