WWW Bill Of Rights?

Daniel W. Connolly (connolly@hal.com)
Fri, 20 Jan 1995 01:30:09 +0100

I just saw a headline about how Prodigy is announcing WWW access to
their subscribers.

I wonder if this will have an effect similar to when America Online
started supporting USENET news: a whole mess of people suddenly had
access to USENET without knowing much about it, especially the culture
and the rules of netiquite.

There's a big difference, though: the USENET rules and guidelines were
written down and pretty widely agreed on. There is no such set of
guidelines for the web, as far as I can tell.

Most web users get at the web through their employer or their school
or some such entity with whom they have some other relationship. But
increasingly, folks get at the net through a service
provider. Typically, if a body abused their USENET "privileges", other
folks would complain to their postmaster or system administrator.
What are the responsibilities of service providers to control their
customers? How about responsibilities to educate their customers?

At the Geneva WWW conference, a lot of folks started talking about how
some sort of "Bill of Rights" for the WWW was needed.

Is anybody interested in discussing that here? (Can we stay civil, and
try to keep the signal/noise ratio tolerable?)

All these folks jumping on the web are sort of implicitly agreeing to
play by certain rules, but nobody knows exactly what those rules

Here are some questions that come to mind when I noodle on this subject:

* How much "right to privacy" are users entitled to? Information
providers often use access logs to cost-justify their operations, so
they need to know at least generally who's accessing what. But I think
it's pretty widely agreed that keeping information like "Joe User
accessed cindy.gif at 2:47pm on Jun 12, 1994" is a violation of Joe's

* On the other hand, nothing is currently keeping information providers
from lying about their readership. In the magazine business, there are
auditors that will check claims like "we have a 10,1000 qualified

* The additional HTTP requests involved with inline images causes
distortion (well... confusion at least) in server statistics. Then
there's all the gateways and caches... Do you suppose information
providers can reasonably expect cache maintainers to send some sort of
summary report of the accesses the cache masked on a periodic basis?

* What are the responsibilities of authors that make links to other
folks work? For example, the NCSA folks put my email address and a
link to some of my stuff on the "help on HTML" page. I don't remember
if they asked me before they did it or not. All I know is that I
suddenly got a zillion messages from "clueless newbies" asking how to
do server-side includes, how to center text, and how to use Mosaic.

Suppose webmaster at site X includes a link to site Y. Site Y changes
their stuff, and the link becomes stale. Joe user follows the link,
and his browser tells him "Sorry, something broke*". Joe complains
to webmaster@Y that his system is broke. If Y is lucky, he can consult
his logs and find out from Referer: info that site X is the culprit.

With folks building search services and edited collections of
pointers, this could get messy.

* What is the copyright status of text and graphics on the web? If I
see a nifty page, can I save it, tweak it a little, and stick in in my
own web? Can I grab little bullets and other icons from other folks?
I suppose the polite thing to do is to send email and just ask. And I
suppose by the letter of the law, web stuff is like email -- copying
and retransmission is forbidden except for explicit permission. Do you
suppose part of the HTTP protocol is implicit permission to cache and
gateway information? The WAIS protocol and document addresses actually
had little copyright fields built in. Hmmm....

* Can information providers tell clients not to pass on Referer:
information? That is, can an information provider declare that the
address of its documents are sensitive information, not to be
divulged? I don't think that sort of thing is practical in the near
term. I think that a certain amount of information becomes public when
you make your info available over the web.

But suppose client C uses secure-HTTP or whatever to access
confidential information at X, which contains an link to public
site Y. C's request to Y will not be encrypted, and X may consider
it's document addresses sensitive.

* I'd rather not get into discussion of when little Johnny that
discovers http://www.playboy.com/ via Prodigy, and Johnny's mom sues
prodigy for violating the terms of service... but somebody's got to
figure out how to resolve those things. I think some folks might
consider it a valuable service if Prodigy would strive to filter out
nasty stuff. Technically, I don't see how they could. I think they'll
have to wash their hands of liability on this issue somehow, but...

* Does a web document act like a newspaper or a magazine w.r.t. lible
and slander? The web is becoming an important mass medium -- an
effective marketing tool. If Motorola puts lies about Intel on the
web, can they just put a retraction in the next day, or can Intel sue
of damages?

Is this Bill of Rights something that the IETF or the W3O should try
to write up and maintain? (I hope nobody expects them to enforce
it...) Do the documents concerning adding a host to the Internet,
maintaining an FTP archive, and posting to Usenet cover all the
issues, or are there some novel issues that should be hammered out and
spelled out?

Just thinking...