idnits 2.17.1 draft-451-imp-report-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The abstract seems to contain references ([RFC7725]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 15, 2017) is 2477 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Human Rights Protocol Considerations Research Group S. Abraham 3 Internet-Draft CIS India 4 Intended status: Informational MP. Canales 5 Expires: January 16, 2018 Derechos Digitales 6 J. Hall 7 CDT 8 O. Khrustaleva 9 American University 10 N. ten Oever 11 ARTICLE 19 12 C. Runnegar 13 ISOC 14 S. Sahib 15 Cisco Systems 16 July 15, 2017 18 Implementation Report for HTTP Status Code 451 (RFC 7725) 19 draft-451-imp-report-00 21 Abstract 23 This report describes implementation experience between various 24 components working with the HTTP Status Code 451 [RFC7725], a risk 25 assessment and recommendation for improvements. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on January 16, 2018. 44 Copyright Notice 46 Copyright (c) 2017 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 62 2. Vocabulary . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 3. Target audiences . . . . . . . . . . . . . . . . . . . . . . 4 64 4. Who is likely to implement the 451 status code? . . . . . . . 4 65 4.1. Server operators . . . . . . . . . . . . . . . . . . . . 4 66 4.2. Intermediaries . . . . . . . . . . . . . . . . . . . . . 4 67 5. Who is likely to use the 451 status code data? . . . . . . . 4 68 5.1. Browser vendors . . . . . . . . . . . . . . . . . . . . . 4 69 5.2. End users . . . . . . . . . . . . . . . . . . . . . . . . 4 70 5.3. Researchers . . . . . . . . . . . . . . . . . . . . . . . 4 71 5.4. Civil society . . . . . . . . . . . . . . . . . . . . . . 4 72 5.5. Governments . . . . . . . . . . . . . . . . . . . . . . . 4 73 6. Current Usage . . . . . . . . . . . . . . . . . . . . . . . . 5 74 7. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 5 75 8. Trends and observations . . . . . . . . . . . . . . . . . . . 6 76 9. Potential negative or positive impacts . . . . . . . . . . . 6 77 10. What are features of a blocking reporting infrastructure that 78 would be useful? . . . . . . . . . . . . . . . . . . . . . . 7 79 11. What features of blocking events are supported by the 80 existing 451 status code, and what features do we need to 81 add? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 82 12. Appendix: Legal Realities . . . . . . . . . . . . . . . . . . 9 83 13. Russia . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 84 13.1. Federal Law of 27 July 2006 . . . . . . . . . . . . . . 9 85 13.2. "Yarovaya laws" . . . . . . . . . . . . . . . . . . . . 10 86 14. Chile . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 87 14.1. Blocking by courts . . . . . . . . . . . . . . . . . . . 10 88 15. Iran . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 89 15.1. Blocking by government . . . . . . . . . . . . . . . . . 11 90 15.2. Blocking by courts . . . . . . . . . . . . . . . . . . . 11 91 16. India . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 92 16.1. Blocking by the government . . . . . . . . . . . . . . . 12 93 16.2. Blocking by courts . . . . . . . . . . . . . . . . . . . 12 94 16.3. Takedowns by web sites . . . . . . . . . . . . . . . . . 13 95 17. United States of America . . . . . . . . . . . . . . . . . . 13 96 17.1. Section 512 of the DMCA . . . . . . . . . . . . . . . . 13 97 17.2. Other US-based forms of takedown . . . . . . . . . . . . 13 98 18. Informative References . . . . . . . . . . . . . . . . . . . 14 99 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 101 1. Introduction 103 This document evaluates the usage of HTTP Status Code 451, which was 104 standardized by the IETF in February 2016 [RFC7725]. This 105 implementation report aims to illuminate whether the status code does 106 what it set out to do ("provide transparency in circumstances where 107 issues of law or public policy affect server operations"), the 108 different ways it is being used, positive and negative impacts the 109 standard might have and we end with suggestions for improvement of 110 the standard. 112 2. Vocabulary 114 Blocking The act of making an HTTP resource inaccessible to a class 115 of users. 117 Resource A top-level information object served by an HTTP server 118 (e.g., HTML page). 120 Subresource An information object served within the context of a 121 top-level Resource (e.g., JavaScript, Image, etc.) 123 Server Operator An entity or an individual operating an HTTP server. 125 HTTP status For each response, HTTP servers return a numerical 126 status code (e.g., 400 (OK), 403 (unauthorized), etc.) described 127 by IANA https://www.iana.org/assignments/http-status-codes/http- 128 status-codes.xhtml. 130 Response When an HTTP Server responds to a request, it sends a 131 Response, made up of header fields and a body (See: 132 https://tools.ietf.org/html/rfc7725#section-3 134 Legal demand A verbal or written request grounded in law or 135 regulation from an Authority to a Server Operator to Blocking a 136 Resource. 138 Authority A government or government-licensed entity mandating 139 blocking of a resource directly or that may institute laws that 140 indirectly require blocking of a resource. 142 Complainant A party making a Legal demand; may or may not be an 143 Authority (e.g., the US DMCA allows a copyright holder to demand 144 takedown). 146 3. Target audiences 148 4. Who is likely to implement the 451 status code? 150 4.1. Server operators 152 Server operators that are being confronted with an order from a legal 153 authority can use the HTTP Status Code to communicate to third 154 parties why the resource is not available on the server. 156 4.2. Intermediaries 158 Intermediaries such as Internet Service Providers, Content 159 Distribution Networks and other might be obligated by a legal 160 authority in their operational jurisdiction to filter certain 161 content. The HTTP status code would add transparency to this 162 practice. 164 5. Who is likely to use the 451 status code data? 166 5.1. Browser vendors 168 Browser vendors might implement functionality to communicate the 169 presence of a HTTP status code 451 to a user. 171 5.2. End users 173 End users will be informed about why the information they are trying 174 to access is not available, instead of merely concluding that the 175 content is not available due to other reasons (e.g., 404 176 unavailable). 178 5.3. Researchers 180 Researchers might want to scan for the prevalence of blocking, as 181 well as trends in blocking behavior. 183 5.4. Civil society 185 Civil society may want to use instances of HTTP status code 451 to 186 highlight censorship and censorship trends, to challenge blocking. 188 5.5. Governments 190 Governments might want to verify compliance with blocking orders and 191 use HTTP status code 451 to do so on the networks in their 192 jurisdiction. 194 6. Current Usage 196 7. Overview 198 In the majority of cases in which HTTP status code 451 is being 199 deployed [Censys], the status code reads as follows - "451 200 Unavailable For Legal Reasons" or "451" or "451 Unknown Error" or 201 "451 Error" or "451 Unavailable For Legal Reasons (burned)" or "451 202 OK". The Page Title could say "404 Not Found" or "Blocked" or "451 203 -" or "Restricted access" or "Bloqueado por ordem judicial" ("Blocked 204 by judicial order") or "Sito censurato" ("Censored site") or 205 "Доступ 206 ограничен" 207 ("Access is restricted") or 208 "Зелёная 209 точка - 210 доступ к за 211 87;рашиваемо 212 084;у ресурсу 213 ограничен" 214 ("Zelenaya tochka" - Internet and TV provider - access to the 215 requested resource is restricted")or "Violazione del bispensiero" or 216 "Please report sexual abuse against children to the Swedish National 217 Bureau of Investigation!" or "Copyright Notice" or "451 RKN Redirect" 218 (RKN is likely Russia's Roskomnadzor) or "ATTENZIONE!! - POLIZIA 219 POSTALE E DELLE COMUNICAZIONI - PAGINA BLOCCATA" ("Attention! - 220 Postal and Communications Policy - Blocked Page") or "451 Unavailable 221 For Legal Reasons 本网站由于国 222 3478;政策而不可用" (Chinese: 223 "This site is not available due to national policy"). 225 The hosts that were observed implementing the status code are located 226 in Russia, United States of America, Singapore, Czech Republic, 227 Thailand, Netherlands, Portugal, Spain, Italy, Greece, Bulgaria, 228 Hungary, Germany, France, United Kingdom, Ukraine, Norway, Finland, 229 Kazakhstan, United Arab Emirates, Japan, China, Philippines and 230 Australia. In some cases - the visitor to the website is provided 231 some context for the block - for example, a take-down notice for 232 copyright infringment - in other cases the visitor is encouraged to 233 cooperate with law enforcement agencies. The page title may have 234 information that does not always make sense in the context of the 235 error code, for example when the title says "404 Not Found" but the 236 page is a 451 response body. These observations are based an 237 examination of the search results from Censys.io on 15 July 2017 238 which featured 526 IPv4 Hosts of which 17 were included in the list 239 of "Top Million Websites". 241 Several large content providers are now supporting the HTTP 451 242 Status Code, such as [Github] and [Reddit], whereas other content 243 providers such as [Twitter], [Facebook], and [Youtube] are currently 244 not using the HTTP status code to indicate the blocking or takedown 245 of specific content. 247 8. Trends and observations 249 - The majority of instance of HTTP status code 451 provide no 250 explanation in the response body. 252 - There have been found several cases of servers serving HTTP status 253 code 451 with redirect another server with a central warning 254 message of a blocking authority. 256 - A registrar serves HTTP status code 451 when a registrant did not 257 pay their domain fees. 259 - There are significant observations of server serving HTTP status 260 code 451 based on geoIP (especially for gambling sites). 262 - There are different understandings of the 'blocked-by' field as 263 defined in RFC7725. Some people interpret is as the entity that 264 is doing the blocking, others are interpreting it at the authority 265 responsible for ordering the blocking. 267 - HTTP Status Code 451 is thusfar only served by hosts, not by 268 intermediaries. 270 9. Potential negative or positive impacts 272 - [RFC7725] specifies a status code for web resources that are 273 blocked for legal reasons. The HTTP status code 451 is designed 274 to enable content providers and intermediaries (including ISPs and 275 search engines) to notify users that their access to specific web 276 resources has been blocked for legal reasons. The standard also 277 recommends that the notification include an explanation. This is 278 important because this is the detail the user needs to be able to 279 understand why access has been blocked, and if desired, to take 280 action to challenge the blocked access. It also helps content 281 servers and intermediaries who have been required to block access 282 to notify users who directed that access by blocked. 284 - Also, as the 451 status code is machine-readable, researchers and 285 others could use web crawlers to identity which blocked URLs or 286 sub-resources use error code 451. This data could be used to 287 produce a searchable open repository of all known error code 451 288 instances. This information could then be used to map the blocked 289 Web and to analyze the explanations, looking for trends and 290 anomalies. For example, one day there might be an answer to the 291 question - "how much content is blocked for IPR reasons?" 293 - The 451 status code can also be used for encrypted webpages, which 294 is significant as encryption on the Web becomes more and more 295 prevalent. A user should be able to see the error code 296 irrespective of whether they try to access the content via HTTP or 297 HTTPS. 299 - This standard is a prime example of an Internet protocol enabling 300 common policy objectives (in this case, transparency) to be 301 implemented across the world. However, as with all IETF 302 standards, the implementation of the 451 status code is voluntary. 303 So, how widely it is used will likely depend on a number of 304 factors, including a legal/political regime that does not penalize 305 transparency, the willingness to be transparent and the capability 306 to implement. 308 - It is possible that status code 451 code could be used for other 309 purposes (e.g. to mislead users as to the reason for the content 310 being blocked), especially as "legal reasons" is not defined. 312 - It is also possible that content providers and intermediaries who 313 are required to block content for legal reasons to be asked or 314 compelled to use another status code (e.g. 404). In these 315 circumstances, content providers and intermediaries should include 316 information in their transparency reports to indicate whether this 317 is happening, by, for example, stating: "We have/have not been 318 required to replace 451 by other status codes." 320 - There may be a temptation in some cases of the implementation of 321 status code 451 to include the ability to identify and/or track 322 the users that visit a web resource that has been blocked. This 323 raises significant privacy issues. 325 - The usage of HTTP status code 451 might lead to an increase in 326 blocking because it makes analyzing compliance easier. 328 10. What are features of a blocking reporting infrastructure that would 329 be useful? 331 - The reporting format needs to cover information enough to satisfy 332 transparency and offer insight about possible misuse of 451 error 333 as a vehicle for censorship. 335 - Transparency requirement will be better served through 336 standardization of fields and descriptions. Currently many 337 implementations for HTTP status code 451 do not provide the reason 338 for blocking. This could be attributed to the fact that the 339 different needs are not sufficiently documented in RFC7725. This 340 could be fixed by adding fields in the header. Useful 341 categorization fields to accurately describe content blocked by 342 legal reasons are: 344 - Identification of the legal source on which the blocking request is 345 based. 347 - Identification of the complainant/requestor if is an institution 348 (not if individual because of privacy concerns). It could be useful 349 to identify in this field if the request comes from a private or 350 public entity, and in if there is a judicial order involved, or a law 351 enforcement or other type of governmental request. 353 - Description of blocked content (example: 'Non-consensual sexually 354 explicit imagery'). It could be helpful to have suggested fields 355 that standardize type of content in order to make easier the analysis 356 and the evaluation about eventual challenge of the use of error 451 357 for the specific content removal. 359 - Determination of the geographical scope of the blocking. 360 Increasingly blocks are being implemented at the level of the city or 361 province. Therefore country codes may not be sufficient to describe 362 the geographical scope. 364 - Date of block order and time-period for which the block has to be 365 enforced. 367 - Date of start serving HTTP status code 451. 369 - Link to the final decision (if available). Again this should only 370 be the case when the complainant is not an individual. 372 - Contact information for relevant authority for the purposes of 373 verification of procedural stage and appeal or redress opportunities. 375 11. What features of blocking events are supported by the existing 451 376 status code, and what features do we need to add? 378 - Guidance on the representation of HTTP status code for 379 subresources in browsers 381 - Guidance on the implementation of HTTP status code 451 could lead 382 to an increase in adoption. RFC7725 provides high level advice 383 but still leaves space for interpretation. An implementation 384 guide in conjunction with an adoption campaign might lead to 385 increased adoption. 387 - [RFC7725] does not clarify whether HTTP Status Code 451 is only 388 meant for respones to GET/HEAD requests or also for POST/HEAD 389 requests. 391 - Guidance on a HTTP link header to indicate that a resources that 392 is linked on the page, but not loaded, is no longer available for 393 legal reasons. 395 12. Appendix: Legal Realities 397 In the light of the use cases outlined above underneath we are 398 providing an overview of legal frameworks in a number of countries 399 that could be used to make a blocking request. This is to show that 400 a reference to a the description of blocked content, the legal source 401 on which the blocking order or request is based and the authority 402 that is makes the order or request is crucial in understanding the 403 context and nature of the blockage. 405 13. Russia 407 Blocking by the government: 409 13.1. Federal Law of 27 July 2006 411 Law No. 149-FZ on Information, Information Technologies and 412 Protection of Information and its amendments: 414 - "Blacklist" law 139-FZ (2012) - allowing to block websites if they 415 appear to have dangerous information for children such as 416 information about suicide and drugs. The blocking was often done 417 by keyword so as a result one of the biggest wiki sites in Russia 418 (Lukmore) was accused of drugs propaganda, an online encyclopedia 419 (Absurdopedia) was accused of suicide propaganda and an online 420 game was blocked because on it's forum somebody used a word 421 "drug". 423 - "Anti-pirate" law 187-FZ (2013) - easier way for the government to 424 block access to websites if they are suspected in any wrongdoing. 425 The amendment also allows blocking by IP address. Leads to the 426 blockage of portals such as OpenSharing.org 428 - The law 398-FZ on immediate blockage of websites at the request of 429 Prosecutor General (2013). 431 - "Bloggers' amendment" 97-FZ (2014) - bloggers with more than 3000 432 need to register as mass media ("information distributors") and 433 have the same responsibilities (including on what their readers 434 post in comments). 436 - Data localization law 242-FZ (2015) all companies collecting 437 personal data of the Russian citizens must store that information 438 on the servers within Russia 440 - The laws against extremism that have been updated throughout the 441 past 5 years expanding the term "extremism" and making the 442 punishment tougher (jail terms for posting and reposting) as well 443 as blocking. These laws have been used widely after the conflict 444 in Ukraine. Some people got jail sentences and resources were 445 being blocked for spreading information sympathizing with the 446 Ukrainian side. Such laws are particularly vague and "extremism" 447 is very laxly defined. For example, "...extremist materials, as 448 well as information propagating racial, national or religious 449 hatred or enmity or hatred towards any social group." 451 13.2. "Yarovaya laws" 453 This law was approved by the Parliament and, if passed, will oblige 454 messaging apps to store messaging history and decrypt messages at 455 prosecutors' request. 457 14. Chile 459 14.1. Blocking by courts 461 The Law No. 20.435 (Copyright Act reform from 2010) contains a notice 462 and take down procedure, for copyright infringements under which a 463 court order is required -instead of a private notice like happens in 464 the DMCA- to have content taken down. A Supreme Court decision from 465 2016 held that it was possible to request a news oulet to remove 466 content in its website to enforce the constitutional right of 467 privacy, when the data is no longer relevant and it availability on 468 the network cause harm to the data subject. The case was 469 controversial because the information was about a public servant 470 condemned in a pedophilia case. This decision has been used to 471 enforce a kind of 'right to be forgotten' for lower courts since the 472 Supreme Court decision, but there is a lack of general legislation 473 that clarify this cause of removals. On the other hand, the Law No. 474 20.453 tackles intermediary non-interference from the perspective of 475 users by adding to the general rules within the General 476 Telecommunications Act (Law No 18.168) new rules for internet service 477 providers. Among those rules the internet service providers "shall 478 not block or interfere in any way with the rights of the user to use 479 any content, application or service on the internet; but they may 480 take traffic management measures or block contents upon user requests 481 (and to their cost)". 483 15. Iran 485 15.1. Blocking by government 487 The Committee Charged with Determining Offensive Content (CCDOC) is 488 the official authority on censorship and blocking of web content in 489 Iran. The Supreme Council of Cyberspace (SCC), established in 2012, 490 develops policies related to cyberspace governance. However, 491 blocking and filtering directives originate from various levels of 492 the government, including through direct orders by the judiciary 493 independent of the SCC and CCDOC. Other organizations involved in 494 the censorship process include the Iranian Cyber Police (FATA) and 495 the Telecommunication Company of Iran. By national law, the 496 Telecommunication Company of Iran (TCI) is the exclusive provider of 497 Internet bandwidth in the country. All ISPs have to purchase 498 bandwidth from TCI and are legally bound to use censoring software. 499 Such a system enables a centralized filtering program for all 500 Internet traffic in the country. 502 15.2. Blocking by courts 504 In Iran, freedom of expression is regulated by the Penal Code and the 505 Press Law of 1986. The Press Law was amended in 2000 to mandate that 506 publishing online without a license was grounds for blocking, 507 effectively censoring services such as Google, Facebook and Twitter. 508 Iran also has Internet-specific laws, such as the 2001 resolution 509 called "Regulations and Conditions Related to Computerized 510 Information Networks" that ordered that ISPs remove 'offensive' 511 websites and mandated the use of filtering technology. The main law 512 in terms of applicability to Internet censorship is the Computer 513 Crimes Law (CCL) of 2009. CCL prescribes articles that provide for 514 content-based restrictions on the Internet usage of Iranian citizens. 515 Articles 21 through 23, in particular, hold ISPs liable for filtering 516 content and reporting illegal material (as described in the articles) 517 to a 'web crimes committee' made up of government officials. ISPs 518 are also required to store usage data and logs about visited web 519 pages for a window of at least six months. It is worth noting that 520 none of the terms used in the CCL are defined strictly, potentially 521 over-broadening its scope. There have been many cases of Iranian 522 bloggers being prosecuted for violation of censorship laws. National 523 Internet Project: The Iranian government has been working towards the 524 creation of a National Internet Network which would domestically host 525 all accessible Internet content, isolating Iranian citizens from the 526 World Wide Web. Implementation of the national network would make it 527 easier for the government to block services and web pages through 528 measures such as intelligent filtering. Already the use of social 529 networking platforms such as Facebook, Instagram and Viber is heavily 530 monitored and controlled. 532 16. India 534 16.1. Blocking by the government 536 Under Section 69A of Information Technology Act 2000, the executive 537 branch of the government has "the power to issue directions for 538 blocking for public access of any information through any computer 539 Resource". According to the law, any person can send a block request 540 to a Nodal Officer. These Nodal Officers should be designated in all 541 government entities to deal with block requests. The request is then 542 approved by the state or central Chief Secretary. This step is not 543 required if the Nodal Officer has initiated the blocking procedure 544 without any complainant. The request is then forward to the head of 545 CERT-IN. If it is not a public emergency, the persons or 546 intermediaries should be given 48 hours to respond. But this is not 547 required if the emergency provision has been invoked, but the block 548 list still has to be reviewed by "Committee for Examination of 549 Request" within 48 hours after the block been issued. The block 550 lists are usually issued directly to ISPs and are marked confidential 551 and are implemented unevenly with some ISPs providing sparse details 552 if users try to access the blocked resources and other ISPs returning 553 a 404 Error Code. 555 16.2. Blocking by courts 557 Increasingly Indian courts are issuing ex-parte John Doe orders for 558 website blocking. These orders can be issued by courts for any 559 illegal content. There are around 30 different laws that place 560 reasonable restrictions on the right to free speech in India. For 561 example: The Scheduled Castes and the Scheduled Tribes (Prevention of 562 Atrocities) Act, 1989, The Prenatal Diagnostic Techniques (Regulation 563 and Prevention of Misuse) Act, 1994 and The Juvenile Justice Act, 564 2000. Some of these laws have multiple provisions that regulate 565 speech for ex. the Information Technology Act has 6 sections and the 566 Indian Penal Code has 10 sections. Once a court order has been 567 obtained, the order can be sent to Secretary of the Department of 568 Electronics and Information Technology who will then forward it to 569 ISPs. Or alternatively complainants could also send court orders 570 directly to ISPs without following the procedure described above. 572 16.3. Takedowns by web sites 574 Under Section 79 of the Information Technology Act 2000, both the 575 government and private parties can send take-down notices to web 576 sites. Intermediaries can ignore private party take-downs without 577 losing immunity but take-down notices from the government have to be 578 complied with. Under Section 52(1)(c) of the Indian Copyright Act, 579 take-down notices can be sent to websites who are engaged in 580 infringement but they need to be followed by court orders otherwise 581 the content can be reinstated. 583 17. United States of America 585 17.1. Section 512 of the DMCA 587 The United States Digital Millenium Copyright Act (DMCA) has a 588 provision that has greatly shaped the landscape of online content 589 [Quilter]. Section 512 of the DMCA has a "notice and takedown" 590 procedure that copyright holders can use to assert that a piece of 591 copyrighted material has been posted against their wishes and that it 592 should be taken down. Under this provision, after a website operator 593 receives a 512 notice, it must: 1) remove the material 594 "expeditiously"; 2) notify the poster that someone has alleged 595 copyright infringement in that material and that the material has 596 been removed; and 3) send any "counternotices" from the poster - 597 objections from the poster to claims of copyright - to the original 598 complaintant. The complaintant must notify the website operator that 599 it has filed a lawsuite within 10-14 days or the website can 600 reinstate the removed material. 602 17.2. Other US-based forms of takedown 604 There are a number of other legal methods that are used with much 605 less frequency in the United States: 607 - Defamation: Under US law, balancing the freedom of speech in the 608 US constitution is also a right to be free from untrue attacks on 609 one's reputation. Threats and lawsuits are regularly filed 610 claiming statements are untrue and reputationally damaging. 612 - Rights of publicity: The United States has a number of States that 613 recognize a "right of publicity", typically a right enjoyed by 614 celebrities and public figures to limit the ability of others to 615 use their likeness, name, or recognizable features for commercial 616 purposes. 618 - Non-consensual sexually-explicit imagery: A number of content 619 providers and online content hosts (intermediaries) have begun to 620 honor request to take down material that may include sexually- 621 explicit imagery that was either captured without consent or 622 shared online without consent (cite). 624 - Mugshot images: Images taken in the process of a law enforcement 625 arrest or detention have increasingly been subject to state-based 626 regulation in the United States, recognizing that people may 627 suffer undue reputational harm from the display and searchability 628 of this kind of content [ElManzalawy]. 630 - Trademark-based takedowns: A US law, The Anti-cybersquatting 631 Consumer Protection Act (ACPA), protects the owners of trademarks 632 from abuse by entities "cybersquatting" on domain names that 633 contain their trademarks (cybersquatting is proactively 634 registering a domain name to demand substantial fees from the 635 trademark holder). Trademark holders can use the remedies in this 636 law to request cancellation or transfer of the domain name as well 637 as damages. 639 - E-Commerce Patents: Because software can be patented in the United 640 States, there are regular claims made by patent holders against 641 online content and services that they claim infringe their patent. 643 18. Informative References 645 [Censys] Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., and J. 646 Halderman, "80.http.get.status_code: 451 - Censys", 2017, 647 . 650 [ElManzalawy] 651 El Manzalawy, M., "Should the Mugshot Industry be 652 Regulated? States Push Legislation to Protect Individuals 653 from Disproportionate Reputational Harm", 2017, 654 . 656 [Facebook] 657 Facebook, inc., "How do I add or edit country or age 658 restrictions for my Page?", n.d., 659 . 662 [Github] Torikian, G., "The 451 status code is now supported", 663 2016, . 666 [Quilter] Urban, J., "Efficient Process or Chilling Effects? 667 Takedown Notices Under Section 512 of the Digital 668 Millennium Copyright Act", 2005, 669 . 672 [Reddit] Turkey Blocks, "LGBTI sections disappear as Reddit 673 complies with 100% of Turkey censorship orders", 2017, 674 . 678 [RFC7725] Bray, T., "An HTTP Status Code to Report Legal Obstacles", 679 RFC 7725, DOI 10.17487/RFC7725, February 2016, 680 . 682 [Twitter] Twitter, inc., "Country withheld content", n.d., 683 . 685 [Youtube] Wikipedia, "Censorship of YouTube", 2017, 686 . 688 Authors' Addresses 690 Sunil Abraham 691 CIS India 693 EMail: sunil@cis-india.org 695 Maria Paz Canales 696 Derechos Digitales 698 EMail: mariapaz@derechosdigitales.org 700 Joseph Lorenzo Hall 701 CDT 703 EMail: joe@cdt.org 705 Olga Khrustaleva 706 American University 708 EMail: ok4193a@student.american.edu 709 Niels ten Oever 710 ARTICLE 19 712 EMail: niels@article19.org 714 Christine Runnegar 715 ISOC 717 EMail: runnegar@isoc.org 719 Shivan Kaul Sahib 720 Cisco Systems 722 EMail: shivankaulsahib@gmail.com