Thursday, December 02, 2004

Australia rejects Internet filtering?

From NEWS.com.au:

THE Federal Government had rejected mandatory filtering of the internet to stop child pornography, Parliament was told today.

Communications Minister Helen Coonan said the government had recently reviewed ways of preventing child pornography, including a British-style national internet filtering system but rejected it.

Senator Coonan said the study had found such a filter would cost around $45 million a year initially and $33 million a year in later years.

She said it also had the potential to choke the internet and drive up costs for consumers and small business.

"The biggest issue is not so much the money but such an expensive scheme would not necessarily solve the problem and small to medium ISPs (internet service providers) would be driven out of business for little or no benefit," Senator Coonan said. "What does work is greater information and parental supervision and that is the kind of program that the government is promoting."


This decision rejects a well organised campaign, led by the Australia Institute, pushing for mandatory filtering. It still, however, leaves Australia with one of the most restrictive Internet censorship regimes to be found in a democracy. Electronic Frontiers Australia has comments on the filtering proposals, and an overview of the Australian Internet censorship system.

Friday, November 26, 2004

ISP resorts to denial of service attacks on spammers

From The Register:

"Lycos Europe has started to distribute a special screensaver in a controversial bid to battle spam. The program - titled Make Love Not Spam, and available for Windows and the Mac OS - sends a request to view a spam source site. When a large number of screensavers send their requests at the same time the spam web page becomes overloaded and slow.

The servers targeted by the screensaver have been manually selected from various sources, including Spamcop, and verified to be spam advertising sites, Lycos claims. Several tests are performed to make sure that no server stops working. Flooding a server with requests so that the server is unable to respond to the volume of requests made - a process known as a distributed denial of service (DDoS) attack - is considered to be illegal.

Lycos believes the program will eventually hurt spammers. 'Spamvirtised' sites typically don't sell advertising, so they have to pay for bandwidth. Therefore more requests means higher bills, Lycos argues."
This is an interesting twist on the usual denial of service attack. Is Lycos exposing itself (and potentially the users of the screensavers) to criminal liability? In Ireland and the UK the answer would most likely be no - as I argue in this article on computer crime, current law fails to address this sort of attack, which falls outside the unauthorised access offences and the damage offences. However, Lycos might well be in trouble if it targets US based spammers - see Jeff Nemerofksy's piece on "Interruption of Computer Services to Authorised Users".

Before you ask: Lycos isn't necessarily shielding itself from liability by "making sure that no server stops working". Some jurisdictions do seem to require an attack which brings down a server, but equally some of the US laws mentioned in that article criminalise the degradation of service as well as an outright denial of service.

Friday, November 12, 2004

Anonymity and the Internet

Internet use is seldom truly anonymous. In most cases, ISPs keep records which will link users with their online activities. Consequently, litigants or potential litigants often approach ISPs looking for disclosure of users' identities. The most high profile examples have been in the music industry's file sharing cases, which are now set to come to Ireland.

May ISPs voluntarily disclose this information? Must they notify their users before doing so? Can litigants obtain a court order compelling an ISP to reveal the identity of a user? On what terms? I discuss the legal issues involved in this article, which originally appeared in the Commercial Law Practitioner.

Since that article was written, there has been a decision on this point in England, where Blackburne J. issued an order compelling disclosure. The full decision isn't yet available - but it appears from the news coverage that he didn't consider giving the alleged file-sharers an opportunity to make submissions before their identity was revealed. This is unfortunate. At a minimum, it ignores earlier English authority suggesting that users should be notified and given a chance to challenge any order.