3. Legal basis of ISP (internet service provider) activity

Defining authorities participate in the creation of the law on the Internet, in the restriction or expansion of its activities, by creating defining standards. In order to understand the question of a possible liability of information society service providers, I must first characterise the defining standards and the defining authority.

Defining standards are created and implemented by entities that are authorised to define the information network environment. These are in practice sui generis standards that define information networks as such. They occur in layers that are interdependent. “Defining standards are created by telecommunication operators, office software producers but also, for example, creators or operators of online games, or anyone who opens a blog or has an email box. (A defining standard created by a user of this box is a filter that automatically performs a set inbox operation).” [1]

Defining authorities are the creators of defining standards. It is an entity that, through its operation, creates rules for the functioning of the logical system in which the authority operates. As mentioned earlier, ICANN has an executive position among these authorities since it is responsible for assigning, administering and laying down rules for the domain name system.[2] Another defining authority is, for example, the IETF.[3] Although defining authorities may appear to be unrestricted administrators of cyberspace, they are still subject to the law of a state.[4]

The specificity of the Internet is that it exists only thanks to defining authorities. It is composed of them. No operation will take place without the participation (execution or mediation of the operation) of the defining authority.

Lawrence Lessig states in his book Code and Other Laws of Cyberspace (Code v. 2): “We can build, design or encode[5] (program) cyberspace to protect the values ​​we consider fundamental. But we can also design or program it by letting these values ​​disappear. There is no middle ground, everything in cyberspace is built in some way. We never discover the code, we always create it.”[6]

Following the statement above and my experience with cyberspace, I dare say that the greatest defining authority, even if it is not the entity that creates the rules of operation of the logical system, is a user as such. Its defining role acts indirectly. A user of services provided by each ISP directly or indirectly influences what will be successful in cyberspace and what will not. If a sufficiently large group of users decides to actively stop using any of services provided by an ISP, such a service will be forced to change its “conduct” based on user demand, or in the worst case, will cease to exist. It is a question of how large a group of people would have to stop using services such as Google, Microsoft, Facebook, etc., so that it is not marginal for these companies. However, it is cyberspace where users have the opportunity to directly influence the operation or non-operation of individual services.

The following conclusions can therefore be drawn:

§  Cyberspace is formed by the will of defining authorities.

§  All information society service providers are defining authorities.

§  Every service provider, like any other body of law, is legally responsible for its actions.

The issue of liability of information society service providers (ISPs) under the Act on Certain Information Society Services is mentioned here intentionally as it is directly related to the issue of cybercrime, user liability, and finding and securing information relevant to criminal proceedings. “In general, the principle is that if information is illegal and an ISP has no knowledge of its creation or communication, the ISP is exempted from liability by law.“[7]

In addition to the above-mentioned law, the term service provider is also defined, for example, in the Convention on Cybercrime, specifically in Article 1 (c) where it is stated that service provider is:

§  any public or private entity that provides to users of its service the ability to communicate by means of a computer system, and 

§  any other entity that processes or stores computer data on behalf of such communication service or users of such a service.


[1] Cf.  POLČÁK, Radim.  Právo na internetu. Spam a odpovědnost ISP. Brno: Computer Press, 2007, p. 42 et seq., p. 88 et seq.

RFC (Request For Comments) can also be included in the defining standards. Although these are documents with the nature of recommendations rather than standards, they are respected by users as if they were standards. RFCs are freely available at http://www.ietf.org/rfc.html.

[2] The domain name is used to denote the “class” of computer systems connected to the Internet. They are characterised by a certain geographical and organisational unity: e.g. all computers in the .cz domain are located in the Czech Republic. All computers in the domain (subdomain) nic.cz are computers under the administration of the CZ.NIC association. The names of the main domains (based on geography) are strictly separated.

Regarding domain names, Polčák states, among other things, that: “A form of virtual reality can be a domain name. It is a record in DNS databases. If the domain authority decides to delete the domain name, this virtual reality will cease to exist. It doesn't matter if it is a domain name such as: www.tondovy_stranky.cz or www.google.com.

[3] IETF – The Internet Engineering Task Force. For more details, see https://www.ietf.org/.

[4] It is always a natural or legal person that has its registered office or permanent residence. Therefore, they are subject to the law as any other entity. In some countries (e.g. China), the defining authority is the state itself.

[5] Lessig refers to the defining standard as code.

[6] Cf. LESSIG, Lawrence. Code v. 2. p. 6 Available in full (Eng) [online]. [cit.13/03/2008]. Available from: http://pdf.codev2.cc/Lessig-Codev2.pdf

[7] POLČÁK, Radim. Právo na internetu. Spam a odpovědnost ISP. Brno: Computer Press, 2007, p. 55