Nico van Eijk is Professor of Media and Telecommunications Law and Director of the Institute for Information Law (IViR, Faculty of Law, University of Amsterdam). He studied Law at the University of Tilburg and received his doctorate on government interference with broadcasting in 1992 from the University of Amsterdam. He also works as an independent legal adviser. Among other things, he is the Chairman of the Dutch Federation for Media and Communications Law (Vereniging voor Media- en Communicatierecht, VMC), a member of the supervisory board of the Dutch public broadcasting organisation (NPO) and chairman of two committees of The Social and Economic Council of the Netherlands (SER).

22.01.2013

Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act, November 2012.

Institutions have started to move their data and ICT operations into the cloud. It is becoming clear that this is leading to a decrease of overview and control over government access to data for law enforcement and national security purposes. This report looks at the possibilities for the U.S. government to obtain access to information in the cloud from Dutch institutions on the basis of U.S. law and on the basis of Dutch law and international co-operation. It concludes that the U.S. legal state of affairs implies that the transition towards the cloud has important negative consequences for the possibility to manage information confidentiality, information security and the privacy of European end users in relation to foreign governments.
The Patriot Act from 2001 has started to play a symbolic role in the public debate. It is one important element in a larger, complex and dynamic legal framework for access to data for law enforcement and national security purposes. In particular, the FISA Amendments Act provision for access to data of non-U.S. persons outside the U.S. enacted in 2008 deserves attention. The report describes this and other legal powers for the U.S. government to obtain data of non-U.S. persons located outside of the U.S. from cloud providers that fall under its jurisdiction. Such jurisdiction applies widely, namely to cloud services that conduct systematic business in the United States and is not dependent on the location where the data are stored, as is often assumed. For non-U.S. persons located outside of the U.S., constitutional protection is not applicable and the statutory safeguards are minimal.
In the Netherlands and across the EU, government agencies have legal powers to obtain access to cloud data as well. These provisions can also be be used to assist the U.S. government, when it does not have jurisdiction for instance, but they must stay within the constitutional safeguards set by national constitutions, the European Convention on Human Rights and the EU Charter.

This is the English translation of a report that was released in September 2012 in The Netherlands. It was covered extensively in Dutch newspapers, on Radio1 and the 8 PM news bulletin of public broadcaster NOS. Politicians across the spectrum reacted on the report, both directly in the media and through Parliamentary questions. Meanwhile, the State Secretary of Security and Justice has responded to the Parliamentary questions on 15 October 2012. References can be found on the Institute for Information Law website. The report is also available on SSRN.

See also: Patriot Act can "obtain" data in Europe, researchers say, CBS News, 4 December 2012.

29.11.2012

Duties of Care on the Internet?, in: Cyber Safety: an introduction, R. Leukfeldt & W. Stol (ed.), The Hague: Eleven International Publishing 2012, p. 267-279.
ISBN 9789490947750.

15.11.2012

(with W. Benedek & J. Liddicoat) Comments relating to freedom of expression and freedom of association with regard to new generic top level domains, Comments submitted to the Governmental Advisory Committee (GAC) of the Internet Corporation for Assigned Names and Numbers, DG-I (2012) 4, 12 October 2012.

01.11.2012

(with B. van der Sloot), Must-carry Regulation: A Must or a Burden?, IRIS plus, 2012-5, p. 7-23.

The first must-carry rules date back to 1990, the time when space on analogue broadcasting networks was limited and when supply grew quickly due to the introduction of private broadcasters. To ensure that channels of general interest would still be transmitted, countries introduced rules to regulate the scarcely available cable capacity. The major reason for introducing these must-carry rules was to guarantee access to public service broadcasting and ensure a diverse choice of programmes. The option in the European regulatory framework of reserving distribution capacity for selected channels, is characterised by its technology-neutral formulation. A distinctive feature of these European rules is that must-carry obligations can only be imposed if the respective networks are the principal means of receiving radio and television channels for a significant number of end-users of these networks. In a market where users increasingly opt for using one provider for all their communication services, the question is justified if - apart from technical restrictions - must-carry obligations should be linked to a quantitative criterion. In this article, insight is provided into the choices made by various European countries with respect to regulation must-carry obligations and how the general European framework is applicable to national regulations. A brief comparison is made with the situation in the United States, some conclusions are drawn and thoughts are provided on the future of must-carry obligations in Europe.

09.10.2012

(with P. Nooren & A. Leurdijk) Net neutrality and the value chain for video, info, 2012-6, p. 45-58.

Video distribution over the Internet leads to heated net-neutrality related debates between network operators and Over-the-Top application providers. The purpose of this paper is to analyze this debate from a new perspective that takes into account all of the assets that companies try to exploit in the so-called battle for eyeballs in video distribution.

05.10.2012

(with A.M. Arnbak) Certificate Authority Collapse: Regulating Systemic Vulnerabilities in the HTTPS Value Chain, Telecommunications Policy Research Conference, August 2012.

Paper also available through SSRN.

Recent breaches and malpractices at several Certificate Authorities (CA’s) have led to a global collapse of trust in these central mediators of Hypertext Transfer Protocol Secure (HTTPS) communications. Given our dependence on secure web browsing, the security of HTTPS has become a top priority in telecommunications policy. In June 2012, the European Commission proposed a new Regulation on eSignatures. As the HTTPS ecosystem is by and large unregulated across the world, the proposal presents a paradigm shift in the governance of HTTPS. This paper examines if, and if so, how the European regulatory framework should legitimately address the systemic vulnerabilities of the HTTPS ecosystem. To this end, the HTTPS authentication model is conceptualised using actor-based value chain analysis and the systemic vulnerabilities of the HTTPs ecosystem are described through the lens of several landmark breaches. The paper explores the rationales for regulatory intervention, discusses the proposed EU eSignatures Regulation and ultimately develops a conceptual framework for HTTPS governance. It apprises the incentive structure of the entire HTTPS authentication value chain, untangles the concept of information security and connects its balancing of public and private interests to underlying values, in particular constitutional rights such as privacy, communications secrecy and freedom of expression. On the short term, specific regulatory measures to be considered throughout the value chain includes proportional liability provisions, meaningful security breach notifications and internal security requirements, but both legitimacy and effectiveness will depend on the exact wording of the regulatory provisions. The EU eSignatures proposal falls short on many of these aspects. In the long term, a robust technical and policy overhaul is needed to address the systemic weaknesses of HTTPS, as each CA is a single point of failure for the security of the entire ecosystem.

See also:

• 29C3: "Das SSL-System ist grundlegend defekt - und jemand muss es reparieren", Heise Online, 28 December 2012.

07.09.2012

Within the EU regulatory framework, licensees for commercial radio broadcasting may be charged a fee to ensure optimal allocation of scarce resources but not to maximize public revenues. While radio licence renewal occurs in many EU countries, an objective, model-based approach for setting licence fees has not been used so far. In this paper, it is described how such a fee can be determined for the purpose of licence renewal or extension. National and regional Dutch FM licences were valued, taking into account that simulcast broadcasting of digital and analogue radio is obligatory upon extension. Licences are valued using discounted cash flow methodology, whereby the cash flows of an averagely efficient entrant are taken as the benchmark for valuation of each individual licence. Cash flows during the licence period 2011–2017 are forecast based on generalized least squares regressions, using financial variables of Dutch radio stations for the years 2004–2008. Separately, bottom-up cost and investment models are used to calculate analogue and digital distribution costs. This results in a value per licence, based on objective licence characteristics, which can be used to set licence fees if administrative renewal or extension is opted for instead of a new auction or beauty contest.

For students and researchers, access to the article is available at the Springer database, through your own university library.

14.08.2012

(with N. Helberger, L. Kool, A. van der Plas and B. van der Sloot) Online tracking: questioning the power of informed consent, info, 2012-5, p. 57-73.

The paper aims to report the main findings of a study for the Dutch Regulatory Authority for the Telecommunications sector OPTA to explore how the new European "cookie rules" in the ePrivacy Directive impact on behavioral advertising practices via the storing and reading of cookies. The paper identifies the main dilemmas with the implementation of the new European rules. The Dutch case provides a valuable reality check also outside The Netherlands. Even before the amendment of the directive, The Netherlands already had an opt-in system in place. From the Dutch experience important lessons can be learned also for other European countries.

10.08.2012

(with J. Poort, I. Akker, B. van der Sloot & P. Rutten) Digitally binding: Examining the feasibility of charging a fixed price for e-books, Report commissioned by the Ministry of Education, Culture and Science (OC&W), Amsterdam, March 2012.

09.03.2012

(with J. Poort) Universal service and disabled people, Telecommunications Policy, 2012-36, p. 85-95.

The EU regulatory framework enacted 25 May 2011 has the objective to provide functionally equal access to telecommunications services for disabled persons. What are the rules, who are the target groups, and what obstacles do they face when using various telecommunication services? And what arrangements do exist in a selected group of six EU Member States to remove these obstacles? Recommendations include the introduction of a more market-oriented approach, independent of specific networks.

27.01.2012

Net Neutrality and Audiovisual Services, IRIS Plus, 2011-5, p. 7-19.

This article is part of IRIS Plus 2011-5 "Why Discuss Network Neutrality?".
Article also available in French and German.

06.12.2011

(with B. van der Sloot) How Television went digital in the Netherlands, Mapping Digital Media: reference series no. 11, September 2011.

11.10.2011

File Sharing, note written at the request of the European Parliament's Committee on Legal Affairs, 2011.

26.04.2011

About Network Neutrality 1.0, 2.0, 3.0 and 4.0, Computers & Law Magazine, 2011-6.

Nico van Eijk puts network neutrality in context, predicts the future flow of debate on the topic and makes a series of telling observations on network neutrality dilemmas.

This article was translated into Russian for research purposes: О СЕТЕВОМ НЕЙТРАЛИТЕТЕ 1.0, 2.0, 3.0 И 4.0.

04.03.2011

(with T.M. van Engers (Leibniz Center for Law), C. Wiersma, C.A. Jasserand and W. Abel) Moving Towards Balance: A study into duties of care on the Internet, WODC / University of Amsterdam, 2010, 125 p.

Commissioned by the WODC (Research and Documentation Centre of the Ministry of Security and Justice), research has been conducted on duties of care on the Internet, more specifically from the perspective of Internet service providers. The situation in four countries - the Netherlands, the UK, Germany and France - was researched. The (self-)regulation with respect to five separate themes (Internet security and safety, child pornography, copyright, identity fraud and the trade in stolen goods through Internet platforms) was identified. In addition to this, a significant number of interviews with stakeholders were conducted.

09.11.2010

(with J. Poort and P. Rutten) Legal, Economic and Cultural Aspects of File Sharing, Communications & Strategies, 2010-77, p. 35-54.

This contribution seeks to identify the short and long-term economic and cultural effects of file sharing on music, films and games, while taking into account the legal context and policy developments. The short-term implications examined concern direct costs and benefits to society, whereas the long-term impact concerns changes in the industry's business models as well as in cultural diversity and the accessibility of content. It observes that the proliferation of digital distribution networks combined with the availability of digital technology among consumers has broken the entertainment industries' control over the access to their products. Only part of the decline in music sales can be attributed to file sharing. Despite the losses for the music industry, the increased accessibility of culture renders the overall welfare effects of file sharing robustly positive. As a consequence the entertainment industries, particularly the music industry, have to explore new models to sustain their business.

16.04.2010

(with N. Helberger, L. Guibault, E.H. Janssen, C.J. Angelopoulos, J.V.J. van Hoboken, E. Swart, et al.) User-Created-Content: Supporting a participative Information Society, Final Report, Study carried out for the European Commission by IDATE, TNO and IViR, 2008.

28.10.2009

Search Engines, the New bottleneck for Content Access, in: B. Preissl, J. Haucap & P. Curwen (eds.), Telecommunication Markets, Drivers and Impediments, London: Springer, 2009, p. 141-157.

The core function of a search engine is to make content and sources of information easily accessible (although the search results themselves may actually include parts of the underlying information). In an environment with unlimited amounts of information available on open platforms such as the internet, the availability or accessibility of content is no longer a major issue. The real question is how to find the information. Search engines are becoming the most important gateway used to find content: research shows that the average user considers them to be the most important intermediary in their search for content. They also believe that search engines are reliable. The high social impact of search engines is now evident. This contribution discusses the functionality of search engines and their underlying business model - which is changing to include the aggregation of content as well as access to it, hence making search engines a new player on the content market. The biased structure of and manipulation by search engines is also explored. The regulatory environment is assessed - at present, search engines largely fall outside the scope of (tele)communications regulation - and possible remedies are proposed.

24.06.2009

A Converged Regulatory Model for Search Engines?, Magazine of the Society for Computers and Law, 2009-6, p. 1-3.

18.03.2009

(with A. Huygen, N. Helberger et al) Ups and downs. Economic and cultural effects of file sharing on music, film and games (authorised translation), a study by TNO Information and Communication Technology, SEO Economic Research and the Institute for Information Law, commissioned by the Dutch Ministries of Education, Culture and Science, Economic Affairs and Justice, February 2009.

27.02.2009

Search Engines, the new bottleneck for content acccess, Paper presented at the International Telecommunications Society 19th European Regional Conference, 2-5 September 2007, Istanbul, Turkey.

01.11.2007

The modernisation of the European Television without Frontiers Directive: unnecessary regulation and the introduction of internet governance, (draft) paper presented at the International Telecommunications Society 19th European Regional Conference, 2-5 September 2007, Istanbul, Turkey.

Critical analysis of the proposed Audiovisual Media Services Directive (AVMS).

01.11.2007

(with K. Maniadaki) Institutional Aspects of Internet Governance, in: C. Moeller & A. Amouroux (eds.), Governing the Internet - Freedom and Regulation in the OSCE Region, Vienna: OSCE Representative on Freedom of the Media, 2007, p. 67-87.

08.08.2007

‘Search engines: Seek and ye shall find? The position of search engines in law’, IRIS plus (Supplement to IRIS - Legal observations of the European Audiovisual Observatory), 2006-2.

15.02.2006

See also the slides.

Published 10.11.2005

Published 14.09.2004

Published 31.08.2004

The study offers an analysis of the use of conditional access systems for other reasons than the protection of remuneration interests. The report also examines the need to provide for additional legal protection by means of a Community initiative, such as a possible extension of the Conditional Access Directive. The report will give a legal and economic analysis of the most important non-remuneration reasons to use conditional access (CA), examine whether services based on conditional access for these reasons are endangered by piracy activities, to what extent existing legislation in the Member States provides for sufficient protection, and what the possible impact of the use of conditional access is on the Internal Market. Furthermore, the study analysis the specific legislation outside the European Union, notably in Australia, Canada, Japan and the US, as well as the relevant international rules at the level of the EC, WIPO and the Council of Europe.

Published 06.08.2001

The article describes the availability of broadband services in the Netherlands. This particularly concerns broadband services for the consumer/end user such as access to Internet.

Published 26.01.2000

The European Commission adopted in October 1995 a directive to allow the carriage of all liberalised telecommunications services on cable TV networks as from 1 January 1996. By adopting this directive, the European Commission aims to foster competition and new initiatives in the telecommunications field. This article addresses the enforcement and content of the Commission's directive.

Published 08.04.1998

Updated 01.03.2013