Transcript Security

Legal Issues
Computer Misuse, Defamation,
Pornography, Spam
Computer Misuse Act 1990
Creates three new criminal offences:
• unauthorised access to a computer;
• unauthorised access with intent to commit a
serious crime;
• unauthorised modification of the contents of a
computer.
In all cases the access must be intentional.
Maximum penalty for the first is six months
imprisonment or a fine of £2000. For the
others, five years or an unlimited fine.
2
The effect of modern
communications
1980 – any country could control fairly
effectively what was available to its
citizens in print or in video form.
2000 – a country cannot control what is
available in print or video form on the web
or what is broadcast to it through satellite
television.
3
The law across frontiers
Criminal law:
A person guilty of a crime in country A can be
brought back from country B to face trial if:
– there is an extradition treaty between A and B; and
– what he is accused of would also be a crime in
country B; and
– there is prima facie evidence that he is guilty as
charged.
4
Defamation
• Defamation means making false
statements that will damage someone’s
reputation, bring them into contempt,
make them disliked, and so on.
(In England and Wales, a distinction is
made between slander, which is spoken,
and libel, which is written or recorded in
some other way, including e-mail.)
5
Defamation Act 1996 (UK)
•
•
•
States that someone has a defence against a
charge of defamation if he can prove that
he was not the author, editor or publisher of the
statement complained of, or
he took reasonable care in relation to its
publication, and
he did not know, and had no reason to believe,
that what he did caused or contributed to the
publication of a defamatory statement.
6
Defamation in the USA
In the USA, to succeed in a libel action, a
public figure needs to show not only that
the statement was factually incorrect but
also that it was made maliciously or
recklessly.
7
Cross-frontier defamation
A court in New Zealand has recently ruled
that an organisation based in New Zealand
could take action in a New Zealand court
against an Australian newspaper that, it was
claimed, had published defamatory
statements about it on its website in
Australia.
8
Electronic Commerce (EC
Directive) Regulations 2002
These regulations follow the EC
Directive in distinguishing three roles
that an ISP may play:
• mere conduit,
• caching, and
• hosting.
9
Mere conduit
The ISP does no more than transmit data; in
particular, the ISP does not
– initiate transmissions,
– select the receivers of the transmissions,
– select or modify the data transmitted.
If it is acting in the role of a mere conduit, the
ISP cannot be liable for damages or for any
criminal sanction as a result of a transmission.
10
Caching
An ISP acts in a caching role when the
information transmitted is the subject of
automatic, intermediate and temporary
storage, for the sole purpose of increasing
the efficiency of the transmission of the
information to other recipients of the
service upon their request.
11
Hosting
•
•
•
•
Where an ISP stores information provided by its customers, it is
acting in a hosting role. In this case, it is not liable for damage or
criminal sanctions provided that
it did not know that anything unlawful was going on;
where a claim for damages is made, it did not know anything that
should have led it to think that something unlawful might be going
on; or
when it found out that that something unlawful was going on, it
acted expeditiously to remove the information or to prevent access
to it, and
the customer was not acting under the authority or the control of
the service provider.
12
ISPs as censors
To protect themselves against liability for
damages, when ISPs receive a complaint
about a site they are hosting, they try to
make it inaccessible as quickly as possible.
They are not in a position to judge whether
the complaint is justified.
13
Pornography
The question is not what is pornography
but what is unlawful.
• Is possession unlawful?
• Is broadcasting unlawful?
• Is selling unlawful?
The answer to all these questions is very
different in different countries.
14
UK
•
•
•
•
•
•
Obscene Publications Act 1959 defines obscene as “tending to
deprave or corrupt”.
It is an offence to publish obscene material or to possess it with the
intention of publication for profit.
It is not an offence simply to possess it.
Possible defences are artistic merit or the public good.
The interpretation of “tending to deprave and corrupt” has changed
over the years.
A lot of the fuss about “porn on the Internet” relates to material that
would not be considered obscene by a court.
Concern arises when offensive material is presented to users who
have not asked for it or when it becomes available to children who
would be prevented from accessing it through other channels.
15
USA
First amendment to the constitution famously states:
“Congress shall make no law . . . abridging the freedom of speech, or of the
press”
This means that attempts to make pornographic material illegal (including an
Act of Congress aimed at cleaning up the Internet) have often been ruled
unconstitutional.
To be legally obscene:
– the dominant theme of the work, as a whole, must appeal to a prurient
interest in sex;
– the work must be patently offensive by contemporary community
standards; and
– the work must be devoid of serious literary, artistic, political, or
scientific value.
Private possession is not an offence but Federal laws prohibit obscene material
being broadcast on radio and television, mailed, imported, or carried across
state lines.
16
Internet Content Rating Association
• An independent international body that provides a framework for
labelling sites or individual pages systematically with labels that
describe the nature of the content under such categories as nudity
and sexual content, bad language, violence, use of drugs and
alcohol, and so on.
• The content provider fills in a questionnaire. This is submitted to
the ICRA site, which generates the label and sends it back so that
the provider can paste it on to his site.
• The ICRA provides filter software, which can be used to control
which sites and pages can be accessed. A user can download and
install this software and then configure it to allow access only to
web pages and sites that satisfy particular labelling criteria.
• Concern about children and internet pornography in the USA tends
to be concerned with the risk of children watching ‘unsuitable’
material rather than with pornographic material involving children.
17
Europe
UK laws are the strictest in Europe except for
Ireland.
Some countries (Sweden, Denmark, Germany, for
example) have no laws forbidding the publication
or dissemination of sexual material as such,
although they have laws forbidding the depiction
of sexual violence and sexual activity involving
children.
18
What can be done?
• The differences between countries make it
impossible to obtain useful international
agreement about internet pornography in
general.
• There is however widespread international
agreement about removing child
pornography from the internet.
19
Child Pornography
• The UK Protection of Children Act 1978 makes it a
•
•
•
serious offence merely to possess indecent material
involving children.
‘indecent’ means ‘sexually explicit’, a more objective and
less strict test than the test for obscenity.
‘children’ means persons below the age of consent but
this can still cause problems of definition. The age of
consent is 16 in the UK but only 12 in some European
countries.
Tackled by identifying customers (typically through
credit card numbers) and by blocking sites.
20
Internet Watch Foundation
• UK industry body that acts against “websites,
newsgroups and online groups that:
– contain images of child abuse, originating anywhere in the world.
– contain adult material that potentially breaches the Obscene
Publications Act in the UK.
– contain criminally racist material in the UK.”
• In practice, has largely been restricted to child
•
•
•
pornography and to images.
Operates a ‘hot line’ for public complaints.
Receives about 20,000 complaints a year, of which about
30% relate to illegal material.
It passes justified complaints to the Police and to the ISP
concerned. Only about 1% relate to material hosted in
the UK.
21
Spam
“unsolicited email sent without the
consent of the addressee and without any
attempt at targeting recipients who are
likely to be interested in its contents”
Taken very seriously by the industry.
22
European Community Directive on Privacy and
Electronic Communications (2002/58/EC)
• implemented in the UK by the Privacy and Electronic
•
•
•
Communications (EC Directive) Regulations 2003.
unsolicited e-mail can only be sent to individuals (as
opposed to companies) if they have agreed;
sending unsolicited e-mail that conceals the address of
the sender or doesn’t provide a valid address to which
the recipient can send a request for such mailings to
stop is unlawful;
if an e-mail address has been obtained in the course of
the sale of goods or services, the seller may use the
address for direct mailings, provided that the recipient is
given the opportunity, easily and free of charge, to
request that such mailings cease.
23
Problem
• EU Directive can only be effective within
the EU.
• 90% of the spam received in the UK
originates in the USA.
24
The CAN SPAM Act 2003
(Controlling the Assault of Non-Solicited Pornography
and Marketing Act )
•
•
US Act that makes it legal to send spam
provided that:
the person sending the spam has not been
informed by the receiver that he or she does not
wish to receive spam from that source; and
the spam contains an address that the receiver
can use to ask that no more spam be sent.
25
Technical fixes
• closing loopholes that enable spammers to use
•
•
•
•
other people’s computers to relay bulk
messages;
the use of machine learning and other
techniques to identify suspicious features of
message headers;
the use of virus detection software to reject email carrying viruses;
keeping ‘stop lists’ of sites that are known to
send spam;
“Opt in” to adult sites in UK proposed
26