A Swedish proposal for a law about computer-mediated communication

A Swedish government committee has put forward a proposal covering partly the same issues as the famous U.S. "Communications Decency Act"  Rating . Below is an English summary of the proposal.

The actual text of the proposed new law in English

The full Swedish-language text of the proposal in Adobe Acrobat format  Rating

Discussion of, and the full Swedish-language text of the proposal in HTML format  Rating

(This initial text was written by Jacob Palme. The longer summary below the horizontal line was written by the secretary of the government committee.)

The committee does not propose that anything is unlawful in BBSes and the Internet except what would be unlawful according to other Swedish laws (for example copyright laws, libel laws, child pornography laws). The main issue for the proposal is which responsibility the provider of a data base (WWW data base, BBS, news server, etc.) has on the content. According to the law proposal, sysop must remove illegal items, but only under two conditions:

  1. The item was obviously illegal. I.e. on borderline cases, the sysop does not have to remove the item.
  2. The sysop was aware of the existence of the item. I.e. the syop is not forced to pre-censor information, but if the sysop is informed of the occurrence of illegal items in the data base, these must be removed.

A sysop which does not follow these rules, can be punished by fines or a maximum of 2 years prison.

The next step is that the Swedish government will send the proposal to organizations who are allowed to comment on it. In this stage, anyone can send their views on the proposal to the government. After that, the government may prepare a (possibly modified) proposal to the Swedish parliament, and the parliament may turn it into a law.

Table of contents:

Below this line is the summary produced by the government committee itself in original format; English translation done by the committee itself:


Ministry of Justice

Electronic documents in Administrative Procedures, Business Life and Bulletin Board Systems

Summary of the Report by the IT-committee

Stockholm, March 1996


Introduction

In 1994, the Swedish Government established a committee to consider certain legal matters concerning information technology (IT). The committee was designated the IT-committee. Its task has been to elaborate on such legislation that could be needed in relation to the use of electronic documents in administrative procedures, business life and bulletin board systems.

The committee's chairman was Hans Jacobson, Director General of the Bank Support Authority. As experts the following persons were appointed to the committee: Göran Axelsson, Principle Administrative Officer, Simon Corell, Security Officer, Jan Evers, Senior Lecturer in Law, Viiveke Fåk, Associate Professor, Karin Göransson, Associate Judge of Appeal, Ingela Halvorsen, Legal Adviser, Martin Holmgren, Deputy Assistant Under-Secretary, Björn Rosén, Deputy Assistant Under-Secretary, Catharina Staaf, Deputy Assistant Under-Secretary, Christer Ström, district prosecutor, Anne Wigart, Legal Adviser, and Britt-Marie Östholm, Senior Archivist. Secretary of the committee has been Per Furberg, Associate Judge of Appeal.

In March 1996 the committee presented its report Electronic Documents (Elektronisk dokumenthantering, SOU 1996:40). This summary presents the main features of the committee's findings.

Summary

Background

This report presents the findings of a governmental committee, established to examine the need for change to existing laws in the area of data transmission to accommodate new requirements in society. The committee's mandate was to consider suggestions for the legal redefinitions that are necessitated by the replacement of traditional and established routines of document transmittal and verification by electronic documents and services. Rapid changes are occurring in the area of Information Technology (IT), and difficulties arise when one attempts to integrate modern computing and telecommunication techniques into the current legal structure. Traditional boundaries existing between e.g. various forms of media and geo-political entities are easily and effectively penetrated.

The primary reasons for the enquiry originated from two distinct sources: The perceived need by governmental authorities and the private sector to improve the efficiency of their operations through the utilization of modern IT; and the rapid development of innovative services and technologies used in the mediation and transportation of electronic messages. With these factors in mind, the findings of the committee may be divided into three separate parts.

The first of these deals with governmental authorities' management of documents and the obstacles to the utilization of IT in administrative functions (Chapters II-VI). Questions are dealt with that arise when documents of a traditional nature are replaced by digital "equivalents". Among other things, there are suggested definitions of digital documents and the like, as well as rules concerning the receipt of electronic documents and the electronic serving of documents.

The second part addresses questions relating to civil law as it pertains to the management of electronic documentation (Chapters VII-IX). The suggestion is made that most questions that arise in this area can be answered within the framework of current contractual law.

Finally, questions regarding Bulletin Board Systems and similar electronic services are presented (Chapters X-XII). A recommendation for a law focused on suppliers of such services is presented in the report.

Proposals of the committee

Administrative procedure

Swedish public administration is extensively computerized. However, the main body of legislation in this area was established in the 1970's, when e.g. the Swedish Data Act and provisions in the Swedish Constitution concerning public electronic records were introduced. While it is true that the Swedish Administrative Procedure Act, introduced in the 1980's, has been designed to provide legal principles applicable to paperbased as well as electronic handling of cases, the relevant legislation as a whole reflects a view of computers and databases which now must be viewed as antiquated.

Swedish legislative work concerning documents with digital signatures began in 1989 with new regulations for customs procedures. The legislator observed the possibility of combining legal requirements with the principles behind international standardization concerning digital signatures and related services, as well as creating a base for a legally unified regulation of paperbased and electronically administered routines.

In principle, this present committee has been able to build upon the legislation that has previously been introduced in such areas as customs procedures. The fundamental idea is to have digital signatures or their equivalents as substitutes for the verification characteristics in a paper document. A basic assumption has been that the digital document needs to provide the same evidence as a paper document, and must be able to be linked to a specified originator.[1] Therefore, the password method has not been accepted. Definitions have instead been based upon the need for verification of the documents themselves. - The committee has also presented a definition of records that lack inherent protection with regards to their authenticity.[2]

Given these definitions, it has been natural to solve the various legal questions that arise on the basis of the rules which are already established for paper documents. Questions concerning legal difficulties which arise from digital documents and signatures are thereby replaced by the possibility to create a legally unified regulation of traditional routines and IT-routines. The functions of a paper document are then replicated within the framework of useful applications of a digital signature, with security maintained and without the general principles of legal procedure being affected.[3]

The committee also addresses certain practical questions arising due to the rapid transition to electronic document handling and E-mail.

If the relevant act, in a case involving legal procedures, prescribes something which precludes the usage of electronic document transmission, such as the requirement of a handwritten signature, the committee recommends that the government be allowed to stipulate that digital documents (or, if that is deemed to be sufficient, electronic records without a digital signature or stamp) may be used.

Also suggested by the committee are new provisions concerning the establishment of the point in time when incoming electronic records are deemed to have been received by an agency. In a traditional environment, a document is deemed to have been received by an agency the day upon which the document is delivered to the agency. This rule may also be applied when a diskette is mailed via the postal service to an agency.

In those cases where messages are transmitted via an electronic network, the principle applied is that the document is deemed to have been received by the agency when the data which represents the document have reached the agency's mail-receiving function. This is seen as being applicable whether this receiving function is physically located in the agency's information system or has been relegated to a mediating company which furnishes a service in which the "mailbox" is physically located on the mediating company's premises. These provisions are complemented by certain stipulated exceptions which primarily correspond to current legal practice.[4]

Also recommended is a right for agencies to require confirmation by the originator when a message lacks the originators handwritten signature, as well as to commission a third party for the technical conversion of electronic documents so that they may be read or otherwise comprehended.

The committee also suggests additional regulations regarding the serving of documents electronically, i.e. how to ascertain proper receipt of electronically transmitted documents. Present regulations concerning the serving of documents are enhanced with stipulations on "ordinary electronic serving" and "simplified electronic serving". The committee recommends, however, that areas of application be limited in order to avoid the risk of loss of legal rights. The rules on "electronic serving" shall not pertain to applications for a summons or other documents through which proceedings are initiated. Also, the "simplified electronic serving" shall be used only if the agency through a technical process (delivery notification) is informed when the document has reached the served party's electronic address.

Under section 10 of the Data Act (1973:289), an individual has the right to, if he so requests, be informed about the information on himself in personal files kept by an agency or a private company. A regulation, that limits an agency's need to give such information kept in electronic case files, is suggested.

Finally, the committee deals with the need in an IT environment for orderliness, e.g. concerning archival processing including registration and filing of incoming E-Mail. No new legislation is required in this regard. However, when an agency establishes routines for electronic message handling and the like, it is important that these procedures fulfil the applicable requirements.

Electronic document handling in the private sector

The increased demand within the private sector for effectivity has resulted in the use of IT not being limited to the conversion of traditional routines to their electronic equivalents. Instead, the entire pattern of commerce is transformed,[5] and the focus of change becomes automatic processes, rather than products such as bids, contracts, invoices, bills of lading, etc. Striving to utilize the entire potential for rationalization that IT offers has led to a balancing between effectivity and security that, in some cases, may need to be reevaluated.

The private sector has attempted to solve the legal questions that arise by constructing model contracts on how contracts should be entered into, such as the so-called EDI agreements. Among other things, these contracts deal with questions that arise when involved parties enter into agreements automatically, i.e. when computers generate and transmit messages that result in a binding agreement. Electronic commerce will most likely, at least in certain areas, attain such dimensions that it will hardly be possible to initiate and preserve written EDI agreements with every business associate. Therefore, there is a need for a functioning legal structure even within civil law concerning the creation of predictable and secure information in electronic contract formulations.

The committee has nevertheless found that most of the questions that arise may be answered within the framework of current contractual law. Not every detailed question can be answered in advance, but contract law is commonly kept and is limited to general principles which are appropriate for agreements of varying type. Questions that do not directly fit under any of the prevailing regulations should still be able to be dealt with in close relation to the principles upon which contract law is based.

Regarding the question of whether or not electronic manifestations of a party's "will", generated automatically without direct human involvement, can result in binding contracts, a parallel can be drawn with such traditional "mass" transactions that occur frequently and in large volume in daily practice. Typical contracts that fall into this group are simple, small purchases in stores or a bus trip paid in cash. It may also be cited from Swedish jurisprudence that a contract regarding parking is deemed to be entered into by simply placing the car in a parking place.

In a similar manner, the individual that electronically and automatically makes an offer or an acceptance is bound by the offer or reply. The purpose of the entire procedure is to create binding agreements when certain exterior circumstances combined with one another function as the direct establishment of a contract. The legal text is sufficiently accommodating to allow a non-prejudicial application of contract law, while at the same time avoiding a new construction that departs from traditional civil law.

However, certain provisions in contract law lose their purpose when contracts are entered into completely automatically. These are the provisions that presuppose human behavior patterns, such as those dealing with coercion, deceit and usury. A computer, for example, cannot threaten another computer. However, this does not necessitate any amendments in contract law since irrational results may be corrected through the so-called general clause, which is completely free from subjectivity.

Also in other areas current contract law should be applicable to the IT area. For example, this is true concerning provisions regarding liability because a transmitted message is delayed or never received, as well as provisions dealing with "written" and "oral" communication.

The committee suggests, however, an amendment in contract law concerning the question of who is liable when an electronic message has been corrupted during transmission. A complementary addition to the current provisions concerning assignment of risk due to the delay or disappearance of a message is recommended. This provision should also be applicable when a message is corrupted during transmission to the receiver (Section 40 of the Contract Law). The Contract Law will then correspond to the present Law of Contract of Sale of Goods, which came into force in 1990.

Bulletin Board Systems and similar computer mediated communication services

The usage of computers and telecommunication has meant increased possibilities to simply and inexpensively spread information via Bulletin Board Systems (BBS), whereby user groups can post their own messages and read those from others. Development is progressing rapidly, however, and the phrase BBS is already somewhat antiquated. With regards to Bulletin Boards and similar services that are offered via e.g. the Internet, the committee's suggestion is presented in the form of an Electronic Mediation Services Bill.

Through such mediation services, there are created new possibilities to communicate, irrespective of geographical location. One purpose of the new legislation is to remove hindrances to such communication. Therefore, exceptions are suggested to the Data Act (1973:289) to enable users to deposit or collect information enabling free exchange of opinions, free and comprehensive information and freedom of artistic creation. This section is related to article 9 of the European Communities directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

However, the electronic mediation services have also opened up avenues for crime. Ordinarily a person who posts to a mediation service e.g. a copyrighted work or a racist statement can not be traced. The same is true of one who downloads this type of message to his computer. Therefore, certain regulations are suggested to focus on the person who supplies such services, in order to reduce the risks of abuse. The question becomes what responsibility should be borne by the service supplier.

Discussions during the period of inquiry have shown that the injunction upon the supplier of an electronic mediation service must be relatively limited, if the free exchange of information is not to be hindered. The reason for this is that the volume of information distributed via electronic mediation services, independent of time and space, is so large that it cannot be read or otherwise controlled by the service supplier. The expense involved in initiating such a function would prove to be prohibitive. For similar reasons there is not proposed any obligation to preserve the messages that are transmitted. The committee has only suggested an unsanctioned provision stating that the person who provides the service should have the degree of supervision over the service that is necessary with regards to the scope and aims of the operation.

However, there is proposed an obligation upon the service supplier to inform everyone who wishes to utilize the service as to (a) who provides it, (b) the users responsibility for the content of the electronic messages submitted and (c) to what degree received messages will be available to other users. Failure to give this information would be a criminal offence.

Also proposed is an obligation upon the service supplier to hinder further distribution of an electronic message if it is obvious that a user, by posting the message, has made himself liable to a crime, that infringement of copyright is taking place, or that the contents of a message are liable to be used in crime. This responsibility is shared by any person who is commissioned by the service supplier to supervise the service. Failure to hinder further distribution of such messages would be a criminal offence. If a crime exists, then the computer and other system components may be declared forfeit.

However, criminal liability is proposed to be present only if criminal intent exists. In practice, this means that the responsibility to hinder further distribution is imposed only if the responsible party is aware of the message and its character.

Consequently, no demands are placed upon the service supplier to be aware of all the information that is mediated. Instead, the idea is that the proposed obligation to hinder further distribution of unacceptable messages will carry with it a self regulation of the area.

The committee has also analysed certain questions of criminal law. Current penal regulations can in all respects be applied also to criminal conduct via a network. Although the perpetrator may be difficult to trace, the service supplier is - through the proposed legislation - given such a position that he, in certain circumstances, may be judged responsible as an accessory to the users crime according to the Swedish Penal Code, if the service supplier passively watches when a user carries on a criminal activity via the mediation service.

Certain questions of criminal procedure have also been addressed.[6] In this case, however, such questions of principle and general applicability have arisen that it has not been possible to deal with them in this limited context. A difficulty that should be mentioned, however, is how investigation and criminal inquiry can take place in cyberspace.

The proposed new legislation can in practice be applied only to activities which involve Sweden. Swedish police can naturally not act as a sort of international police force in the area of Bulletin Boards. Specific laws are not proposed in this section, but these questions must be solved in accordance with the general restrictions that apply in the area.

Considering the steps that are now being taken in other countries regarding Bulletin Boards and similar services, the Electronic Mediation Services Bill is presented below.

Electronic Mediation Services Bill

Areas of application

Article 1 This law applies to services that are intended for the electronic mediation of messages.

The law does not apply to:

1. the provision alone of a network or other connections for the transmission of messages,

2. mediation of messages within an agency or between agencies or within an enterprise or a legal group of enterprises, and

3. such services that are covered by the regulations in the Freedom of the Press Act or the Fundamental Law on Freedom of Expression.

In the law, "messages" means text, images, sounds and other information being transmitted in electronic form.

Exceptions from the Data Act

Article 2 The provisions in Sections 1-20 and 22-25 of the Data Act (1973:289) shall not be applied to personal registers that are maintained by a service according to this law, to the extent that

1. the registers contain only regular running text and information about messages and users of the service, and

2. the register is maintained for the purpose of enabling users to deposit or collect information with a view to free exchange of opinions, free and comprehensive information and freedom of artistic creation.

In the law, "regular running text" means information that has not been structured to facilitate the acquisition of personal information.

An overview of the service

Article 3 The service supplier shall have supervision over the service to the degree necessary with regards to the scope and aim of the operation.

Information to the user

Article 4 The service supplier shall, as soon as possible, inform each person who wishes to use the service about

1. who is supplying the service,

2. that the users are responsible for the content of the messages that they post, and

3. to what extent incoming messages become available to other users.

If an agency supplies the service it should also mention that messages which are mediated may become public documents.

The hindrance of continued distribution

Article 5 If it is obvious that a user, by posting a message, has made himself guilty of a crime or infringement of copyright or that the contents of the message are liable to be used in crime, the service supplier shall hinder further distribution of the message. The same applies to any person who supervises the service on behalf of the service supplier.

The first paragraph is not in effect if the message is intended to be received only by one or more designated recipients (electronic mail).

Penalties

Article 6 A person who intentionally or through negligence violates article 4 or who intentionally violates article 5 shall be sentenced to pay a fine or to imprisonment for at most six months, or, if the crime is serious, to imprisonment for at most two years. If the offence is of only a minor nature the offender shall not be sentenced.

The first paragraph is not applied if the offence is punishable under the Penal Code.

Forfeiture

Article 7 Computers and other equipment that have been used in a crime under this law may be declared forfeited, if this is called for in order to prevent crime or for other special reasons.

__________

This law comes into force on ...

Footnotes


1 From a legal viewpoint, it was felt that technical descriptions should be avoided. In the establishment of laws, more abstract formulations could be used where the foundational functions are contained, and at the same time clarify the demand for verification both for the originator and the contents.


2 electronic record: a defined set of data, which can be viewed, listened to or otherwise apprehended only by electronic means, digital document: an electronic record with a digital signature or a digital stamp,

digital signature: the result of a transformation of an electronic record, by means of a unique key, making it possible to ascertain if the contents originate from the individual designated as issuer.

digital stamp: the result of a transformation of an electronic record, by means of a unique key, making it possible to ascertain if the contents originate from the legal person or authority designated as issuer.


3 The attainment of a sufficient level of security has been judged as being primarily a technical problem, with the presuppositions that both the contents and the originator should be possible to be verified - as when the demands of a digital signature according to ISO- standards are fulfilled.


4 A document that is transmitted electronically is deemed to have arrived to an agency that day when the document
  1. has arrived to the agencies electronic address,

  2. has been received by a qualified employee, or

  3. may be assumed to have arrived to the agencies electronic address, if it has come into the hands of a qualified employee the following working day.


5 Examples of this are the concept "Just in Time" and "Business Process Reengineering", where even such demands that have been perceived as obvious from a legal point of view may be questioned.


6 Cf the Council of Europe, Recommendation No. R (95) 13 of the Committee of Ministers to Member States Concerning Problems of Criminal Procedure Law Connected with Information Technology.

Give your own rating of the quality of this web page:
(Awful) Awful!    (Mediocre) Mediocre    (Average) OK   (Good) Good    (Great) Superior