Saturday, 26 January 2008

My other hobby

For details on the other things I do in my spare time, see my wife's blog:
http://lynn-downunder.blogspot.com/

On the weekends at the farm I have to check the property for things that may have gone wrong. Fencing breaks, cows get stuck in areas they are not meant to be and many other things can occur. I take the camera with me when I want about checking things. So this is a joint exercise in work and enjoyment.
The previous image is the farm looking over our hills. With a little over 520 acres all up, there is always plenty to do (and it beats TV). Not only does this keep me busy (as if I am not already), but it means I am not just let hanging about...
On a separate note, I had a guest editorial published in SANS Newsbytes this week. In particular, my POST is linked here directly as well.


As you can see, the local wildlife are jumping for joy.

The internet intermediary framework

The intermediary framework
(In conjuction with my wife, Lynn Wright)
The Australian legislative framework is more or less analogous to that of the UK in areas that will be examined. Australia's federalist system with both state and federal legislation creates the foundation for the main divergences from the UK. Internet service providers (ISPs) in Australia need to consider both the federal legislation and the respective laws of the relative state or territory in which they operate. This paper will demonstrate that inaction from ISPs and other intermediaries is risky and that the most effective enforcement framework involves enforcement from the least cost provider as proposed by Mann & Belzley[i].

Copyright
Australian copyright law is governed through the Copyright Act 1968 and the ensuing decisions of courts. The Australian position mirrors that of the UK where protection of a work is free and automatic upon its creation and differs from the position in the US, where work has to be registered to be actionable. While some divergences may be found, Australian copyright law largely replicates the framework in place within the US and UK. The copyright term is shorter than these jurisdictions in Australia being the creator’s life plus 50 years. As a co-signatory to the Berne Convention, most foreign copyright holders are also sheltered in Australia.
Australian law contains provisions imposing criminal penalties and civil remedies for making importing or commercially trading in items or services designed to thwart technological copyright protection instruments, and sanctions against tampering with electronic rights management information and against distributing or commercially dealing with material whose rights management information has been tampered with.[ii]

The Australian High Court decision in Telstra Corporation Ltd v Australasian Performing Rights Association Limited[iii] imposed primary liability for copyright infringement on Telstra in respect of music broadcast over a telephone “hold” system. A large part of the decision concentrated on the definition of the diffusion right in Australia.[iv] It follows from this decision that if an ISP broadcasts copyright works to in the general course of disseminating other materials through the Internet, that diffusion is a “transmission to subscribers to a diffusion service” as defined by the Australian Copyright Act. It consequently emerges that an ISP may be directly liable for an infringement of copyright caused by that transmission under Australian common law for the infringements of its customers.[v]

A determination as to whether a message using telecommunications is “to the public”[vi] will likely hinge on whether the message is made “openly, without concealment”[vii] to a sufficiently large number of recipients. No case has attempted to quantify a specific cut-off point.
In Moorhouse v. University of New South Wales,[viii] a writer initiated a “test case” asserting copyright infringement against the University of New South Wales. The University had provided a photocopier for the function of allowing photocopying works held by the university’s library. A chapter of the plaintiff’s manuscript was copied by means of the photocopier. The library had taken rudimentary provisions to control the unauthorised copying. No monitoring of the use of the photocopier was made. Further, he sign located on the photocopier was unclear and was determined by the Court to not be “adequate”[ix]. The Australian High Court held that, whilst the University had not directly infringed the plaintiff’s copyright, the University had sanctioned infringements of copyright in that the library had provided a boundless incitement for its patrons to duplicate material in the library.[x]

In July 1997, the Attorney-General published a discussion paper[xi] that proposed a new broad-based technology-neutral diffusion right as well as a right of making available to the public[xii]. This provides the position where direct infringement by users of a peer-to-peer (P2P) file-sharing network would be covered in Australian law in a manner comparable to the US position in both Napster and Grokster[xiii].

The result is that Mann and Belzley’s[xiv] position that holds the least cost intermediary liable is likely to be upheld under existing Australian law. The positions held by the court in Telstra v Apra[xv] and Moorhouse v UNSW[xvi] Define the necessary conditions to detail public dissemination and infringement through a sanctioned arrangement. The public dissemination of music clips on a website could be seen as being analogous to the copying of a manuscript with the ISP's disclaimer being held as an inadequate control. It is clear that the provision of technical controls, monitoring and issuing of take down notices by the ISP would be far more effective at controlling copyright infringement than enforcing infringements against individuals.

Defamation
Australian defamation laws are complicated by a state based nature in that they differ across each jurisdiction in content and available defences. Various Australian state laws include offence provisions for both civil defamation and criminal defamation. Civil liability transpires as a consequence of publications that are expected to harm a person's reputation and the penalties are monetary. Criminal liability transpires as a consequence of publications that concern society, including those with a propensity to imperil the public peace, and penalties in the majority of jurisdictions incorporate incarceration. Significant distinctions exist between civil and criminal defamation law in relation to both liability and defences.

The Western Australian Supreme Court decided in Rindos v. Hardwick[xvii] that statements distributed in a discussion list can be defamatory and lead to an action. The court thought that it was inappropriate to apply the rules differently to the Internet from other means of communications. The court acknowledged the instigator’s accountability for defamatory proclamations broadcast across a discussion group[xviii]. The matter of the liability of other participants on the list was not considered during the trial.

It is considered unlikely that an ISP would scrutinize all material presented across its network[xix] and this may not be economically feasible[xx]. Mann & Belzley address this though “targeting specific types of misconduct with tailored legal regimes”[xxi]. These regimes would leave the ISP responsible for the defamatory publications of its users where they have failed to take reasonable action to mitigate these infringements. The existing law in Australia leaves all parties considered to be a “publisher” liable[xxii]. Cases do exist[xxiii] where ISPs have removed content proactively.

The common law defense of innocent dissemination exists in Australia. Thompson v Australian Capital Television [xxiv] demonstrated this when Channel 7 asserted that transmission of a “live” show to the ACT retransmitted from Channel 9 NSW in effect placed it as a subordinate publisher that disseminated the material of the real publisher devoid of any material awareness or influence over the content of the show. They argued that this was analogous to a printer or newspaper vendor.

The High Court held that the defense of innocent dissemination is available to television broadcasts as well as printed works. In this instance it was held that the facts demonstrated Channel 7 maintained the capacity to direct and oversee the material it simulcasts. The show was broadcast as a live program through Channel 7's choice. They chose this format in full knowledge that a diffusion of the show would be next to instantaneous. The where further conscious of the nature of the show, a “live-to-air current affairs programme”[xxv] and understood that this program conceded an elevated risk of transmitting defamatory material. It was decided by the facts that Channel 7 was not a subordinate publisher on this occasion.
The Federal Broadcasting Services Act 1992[xxvi] affords a legislative defence to an ISP or Internet Content Host (ICH) that transmits or hosts Internet based content in Australia if they can demonstrate that they were reasonably unaware of the defamatory publication. s.91(1) of Schedule 5 to the Broadcasting Services Act[xxvii] grants that a law of a State or Territory, or a rule of common law or equity, has no effect to the extent to which the ISP “was not aware of the nature of the internet content”.

The BSA[xxviii] defines "internet content" to exclude "ordinary electronic mail". This is a communication conveyed using a broadcasting service where the communication is not "kept on a data storage device". Consequently, the s.91 defence will not be offered in cases concerning such material. In such cases, an ISP or ICH may be still attempt to rely on the defence of innocent dissemination. The applicability of the common law defence of innocent dissemination remains to be determined by the Australian courts.[xxix] As a consequence, any reliance on these provisions by an ISP or ICHs carries a measure of risk.

Data Protection
In December 2000, the Privacy Amendment (Private Sector) Act 2000[xxx] modified the Privacy Act[xxxi] making it apply to various private sector organisations. The Australian legislation was updated to reflect the EU[xxxii] and is based on the Organisation for Economic Cooperation and Development’s (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980). The National Privacy Principles[xxxiii] (the NPPs) in the Privacy Act detail the methods that the private sector should use to “collect, use, keep secure and disclose personal information”.[xxxiv]

These principles provide individuals with a statutory right to discern the extent of information held concerning them by an organisation. It further introduces a right to correct information that is incorrect. An ISP or ICH in Australia would be covered by the amended Privacy Act. The State and Territory privacy legislation also needs to be considered.[xxxv]

An ISP or ICH that hosts sites for other parties could be held liable if they fail to maintain a reasonable level of system security and a breach of this leads to a compromise of an individuals private data.

Community Protections
The distribution of prohibited material[xxxvi] and potentially prohibited material[xxxvii] is restricted by legislation[xxxviii]. This obliges the Australian Broadcasting Authority (ABA) to inspect websites that consumers have lodged complaints about[xxxix]. The ABA is not able to scrutinize and censor Internet content dynamically. Further its jurisdiction only applies to ISPs and sites within Australia. In cases where the complaint concerns prohibited or potentially prohibited sites or works, the ABA takes different actions based on the location of the material. When it is hosted in Australia, the hosting site or ISP will be given a “take-down order”.[xl]
When outside Australia, the legislation suggests an intent to enact a process designed to prevent Australian’s from accessing prohibited or potentially prohibited content over the Internet. Specific information on achieving this is not included and the Act simply declares that “all reasonable steps” must be taken.[xli] The legislation makes provisions for ISPs that comply with the Industry Code of Practice[xlii] of the Australian Internet Industry Association (IIA) and registered by the ABA. The legislation directs that ISPs conform to the industry code.[xliii]
The Industry Code of Practice affirms that ISPs are compliant with the legislation regarding content hosted overseas if they make a content filter, or filtered ISP service available to their customers. An ISP that has been advised to prohibited or potential prohibited material does not need to block it and there is no obligation on customers to implement filters or filtered services. Failing to remove content hosted within Australia will still leave the ISP open to civil action.
Despite the fact that prohibited and potentially prohibited works cannot be lawfully hosted in Australia, the ABA has no jurisdiction to regulate anything not hosted within Australia. A failure of an ISP to remove prohibited content will leave it liable even in cases where they have contracted to display a site.

Other Violations that may result in liability for an intermediary
The Internet has enabled many old crimes to be reborn. Many morally violating acts such as child pornography have become far more widespread and simpler due to the ease and reach of e-mail. Many traditional crimes such as threats and harassment, blackmail, fraud and criminal defamation have not changed in essence, but the ease of the Internet has made them more prevalent. The Trafficking in Contraband and Counterfeit Products and illegal Gambling using the Internet are just the tip of the iceberg.

Spamming
Spamming can be defined as sending unsolicited commercial e-mails (UCE). The more common term for spam is junk mail. Spammers obtain e-mail addresses by harvesting them from Usenet, bots, postings, DNS listings, and/or Web pages.

Sexual Abuse of Children in Chat Rooms
The increasing prevalence of instant messaging, Web forums[xliv] have created a potential for sexual abuse to occur. It is common for paedophiles to use chat rooms for sexually abusing children by starting relationships with them online. This generally involves befriending the child, establishing a steady relationship and then gradually introducing the children into pornography through images or videos that may contain sexually explicit material.

Child Pornography
Any work that depicts the sexual behavior of children is classified as child pornography. The anonymity and ease of transfer provided through the Internet has created an international problem with child pornography.[xlv]

Harassment
Harassment may occur through all forms of media, the Internet is no exception. Junk mail, sexually offensive e-mails and threats delivered through online means (including both e-mail and instant messaging) are all forms of harassment. The inappropriate accessing of sexually explicit, racist or otherwise offensive material at the workplace is another form of harassment. This includes the sending of unwelcome messages that may contain offensive material to another co-worker.

Identity Fraud
Identity theft is becoming more widespread due to the ease and profitability. This action involves the stealing of someone's identity for fraudulent financial gain. It is in effect a larceny. The sending of offers e-mails that are too good to be true, fake websites and other forms of phishing are all used to capture an identity. Many groups specialize in the capture of information and make financial games by selling this information to groups who will make illegitimate purchases or financial transactions.

Conclusion
Authorise means to “sanction, approve, [or] countenance”[xlvi]. If an ISP is to be held liable for authorisation as an intermediary, it must have knowledge, or otherwise deduce that infringements are proceeding.[xlvii] ISPs commonly monitor their systems and have the means to suspect when infringements are occurring. This is further exacerbated by the storms over the Internet concerning copyright, defamation, pornographic or otherwise offensive material and other criminal actions.[xlviii] ISPs also require the authority to prevent infringement if they are to be held liable for authorisation, a condition that entails an aspect of control.[xlix] ISPs[l] do not always have the technical competence to control and monitor contraventions by their customers [[li]]. Companies have started that validate individual websites for violations of trademark, copyright and other offences for a fee[lii]. The existence of these companies advocates that it is feasible for ISPs to control infringement (at least in theory), although this may not always be economically practicable. These companies may not be able to monitor e-mail[liii]. It also possible that the Telecommunications (Interception) Act 1979 (Cth) will restrict a ISPs’ legal authority to differentiate all lawful uses from infringing uses.[liv] It is clear that a framework similar to that proposed by Mann and Belzley [[lv]] is needed to effectively control infringements over the Internet and that such a solution is economically the most effective solution.

[i] Mann, R. & Belzley, S (2005) “The Promise of the Internet Intermediary Liability” 47 William and Mary Law Review 1 at 27 July 2007]
[ii] See also, Australian Copyright Council Online Information Centre (http://www.copyright.org.au)
[iii] Telstra Corporation Limited v Australasian Performing Rights Association Limited (1997) 38 IPR 294. The Majority of the High Court (with Justices Toohey and McHugh dissenting) upheld the Full Court that music on hold transmitted to users of wired telephones represents a transmission to subscribers over a diffusion service. The Court further unanimously held that music on hold transmitted to users of mobile telephones involves a broadcast of the music.
[iv] Section 26 of the Australian Copyright Act 1968.
[v] This decision has created apprehension amongst authors. E.g. Simon Gilchrist “Telstra v Apra –Implications for the Internet” [1998] CTLR 16 & MacMillian, Blakeney “The Internet and Communications Carriers’ Copyright Liability” [1998] EIPR 52.
[vi] Ibid; See also Goldman v The Queen (1979), 108 D.L.R. (3d) 17 (S.C.C.), at p. 30. It would therefore appear that it 70 is the intention of the sender of the message which is determinative of the private or public nature of the message
[vii] Supra note 3
[viii] [1976] R.P.C. 151.
[ix] This is similar to the findings in RCA Corp. v. John Fairfax & Sons Ltd [1982] R.P.C. 91 at 100 in which the court stated that “[A] person may be said to authorize another to commit an infringement if he or she has some form of control over the other at the time of infringement or, if there is no such control, if a person is responsible for placing in the hands of another materials which by their nature are almost inevitably to be used for the purpose of infringement.”
[x] [1976] R.P.C. 151 “[A] person who has under his control the means by which an infringement of copyright may be committed - such as a photocopying machine - and who makes it available to other persons knowing, or having reason to suspect, that it is likely to be used for the purpose of committing an infringement, and omitting to take reasonable steps to limit use to legitimate purposes, would authorize any infringement that resulted from its use”.
[xi] See Attorney-General’s Discussion Paper, “Copyright and the Digital Agenda”, July 1997 at 71. The goal of this paper was to indicate the method by which Australia could implement the international copyright standards agreed at the December 1996 WIPO meeting.
[xii] See Attorney-General’s Discussion Paper, note 11.
[xiii] A&M Records Inc v Napster, Inc 114 F Supp 2d 896 (ND Cal 2000) & A&M Records Inc v Napster, Inc 239 F 3d 1004 (9th Cir 2001); Metro-Goldwyn-Mayer Studios Inc v Grokster Ltd No.s CV-01-08541-SVW, CV-01-09923-SVW (CD Cal, 25 April 2003) ('Grokster') (available at www.cacd.uscourts.gov) & Grokster Nos CV-01-08541-SVW, CV-01-09923-SVW (CD Cal, 25 April 2003), 21-2.
[xiv] Mann, R. & Belzley, S (2005) “The Promise of the Internet Intermediary Liability” 47 William and Mary Law Review 1 at 27 July 2007]
[xv] See Supra note 3
[xvi] See Supra note 8
[xvii] Rindos v. Hardwicke No. 940164, March 25, 1994 (Supreme Ct. of West Australia) (Unreported); See also Gareth Sansom, Illegal and Offensive Content on the Information Highway (Ottawa: Industry Canada, 1995) .
[xviii] Ibid, it was the decision of the court that no difference in the context of the Internet News groups and bulletin boards should be held to exist when compared to conventional media. Thus, any action against a publisher is valid in the context of the Internet to the same extent as it would be should the defamatory remark been published in say a newspaper.
[xix] RECORDING INDUSTRY ASSOCIATION OF AMERICA, INC., (RIAA) v. Verizon Internet Services, 351 F.3d 1229 (DC Cir. 2003); See also Godfrey v Demon Internet
[xx] ; Further, in the US, the Digital Millennium Copyright Act’s (DMCA’s) “good faith” requirement may not require “due diligence” or affirmative considerations of whether the activity is protected under the fair-use doctrine. In contrast, FRCP 11 requires “best of the signer’s knowledge, information and belief formed after reasonable inquiry, it is well grounded in fact and is warranted by existing law…”. Additionally, with the DMCA, penalties attach only if the copyright owner “knowingly, materially” misrepresents an infringement, so the copyright owner is motivated to not carefully investigate a claim before seeking to enforce a DMCA right.
[xxi] Note 14 supra
[xxii] Thompson v Australian Capital Television, (1996) 71 ALJR 131
[xxiii] See also “Google pulls anti-scientology links”, March 21, 2002, Matt Loney & Evan Hansen , www.News.com, Cnet, http://news.com.com/2100-1023-865936.html; “Google Yanks Anti-Church Site”, March 21, 2002, Declan McCullagh, Wired News, http://wired.com/news/politics/0,1283,51233,00.html; “Church v. Google How the Church of Scientology is forcing Google to censor its critics”, John Hiler, Microcontent News, March 21, 2002, http://www.microcontentnews.com/articles/googlechurch.htm; Lawyers Keep Barney Pure, July 4, 2001, Declan McCullagh, Wired News, http://www.wired.com/news/digiwood/0,1412,44998,00.html.
[xxiv] Supra Note 22.
[xxv] Supra Note 22.
[xxvi]
[xxvii] s.91(1) of Schedule 5 to the Broadcasting Services Act states:
(i) subjects, or would have the effect (whether direct or indirect) of subjecting, an internet content host/internet service provider to liability (whether criminal or civil) in respect of hosting/carrying particular internet content in a case where the host/provider was not aware of the nature of the internet content; or
(ii) requires, or would have the effect (whether direct or indirect) of requiring, an internet content host/internet service provider to monitor, make inquiries about, or keep records of, internet content hosted/carried by the host/provider.
[xxviii] The Broadcasting Services Act specifically excludes e-mail, certain video and radio streaming, voice telephony and discourages ISP's and ICH's from monitoring content by the nature of the defense. See also, Eisenberg J, 'Safely out of site: the impact of the new online content legislation on defamation law' (2000) 23 UNSW Law Journal; Collins M, 'Liability of internet intermediaries in Australian defamation law' (2000) Media & Arts Law Review 209.
[xxix] See also EFA, Defamation Laws & the Internet
[xxx] This Act came into effect from 21 December 2001.
[xxxi] Australia has an informational privacy regime at the federal level based on the Privacy Act 1988 which initially applied mainly to Commonwealth and ACT Government public sector agencies.
[xxxii] European Union Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
[xxxiii] The National Privacy Principles are extracted from the compilation of Act No. 155 of 2000 Act No. 119 of 1988 that was prepared on 10 January 2001
[xxxiv] The Australian Office of the Privacy Commissioner has released “INFORMATION SHEET 2 -2001 Preparing for 21 December 2001” which is available from http://www.privacy.gov.au/publications/IS2_01.doc
[xxxv] See further, The Office of the Federal Privacy Commissioner, Privacy in Australia
[xxxvi] Prohibited material is material that the Australian Office of Film and Literature Classification (AOFLC) would refuse classification (RC), rate X, or rate R, hosted in Australia and not within a restricted access scheme. RC rated material can be legally hosted in Australia, but only where the site has installed mechanisms to ensure adults-only access.
[xxxvii] Potential prohibited material is material likely to be refused classification (RC), rated X, or rated R.
[xxxviii] See also:
Classification (Publications, Films and Computer Games) (Enforcement) Act 1995 (Victoria) section 57See definition of Internet Content in Broadcasting Services Act 1992 (Cth) Schedule 5, clause 3Broadcasting Services Act 1992 (Cth) Schedule 5, clause 3Classification (Publications, Films and Computer Games) (Enforcement) Act 1995 (Victoria)Broadcasting Services Act 1992 (Cth) Schedule 5, clause 91Full text of codes at http://www.iia.net.au/index2.html
[xxxix] Under the Codes, ISPs and ICHs have the following obligations: (a) Take reasonable steps to make sure children do not become internet subscribers without the consent of an adult. (b) Encourage subscribers who are commercial content providers to label content that might be unsuitable for children. (c) Advise subscribers who are commercial content providers about their legal responsibilities in relation to content. (d) Inform users about ways they can supervise and control their children's access to internet content. (e) Help subscribers block unwanted and undesirable email. (f) On becoming aware that an ICH is hosting prohibited content, advise them about the prohibited content. (g) Provide Approved Filters for subscribers in Australia at a charge determined by the ISP. (h) Take reasonable steps to inform subscribers of their procedural rights to complain to the ABA about online content.
[xl] Anon., Australian Internet Anti-Pornography Effort Accelerates But May Be Ineffective, March 27, 2000 http://www.adlawbyrequest.com/international/AussieAnti-Porn.shtml. A Take-down order is a direction to remove the material from the site.
[xli] Broadcasting Services Act (1992) (Cth) schedule 5 s.40(1) (c)
[xlii] This is registered by the ABA
[xliii] Broadcasting Services Act (1992) (Cth) schedule 5 s.40(1)(b)
[xliv] such as Facebook and chat rooms
[xlv] The exploitation from child pornography can lead to long-term suffering and other negative effects. Those involved in the child pornography business often target or disabled children with promises of financial or other benefits. Children who are victims of sexual exploitation may suffer lifelong depression, emotional dysfunction fear and anxiety.
[xlvi] University of New South Wales v Moorhouse (1975) 133 CLR 1, per Gibbs J at 12, per Jacobs J at 20-1 with whom McTiernan ACJ agreed.
[xlvii] Ibid, Gibbs J at 12-13; cf Jacobs J at 21-2. See also Microsoft Corporation v Marks (1995) 33 IPR 15.
[xlviii] In Moorhouse, Gibbs J stated, at 14, that the fact that the University was conscious of allegations by the Australian Copyright Council that unlawful practices were commonplace within universities represents “enough information to raise the suspicion that some infringing copies were likely to be made”. Where ISPs have been “put on notice of infringement” through for instance a “letter of demand” sent by APRA they have sufficient warning to issue a take-down notice or remove the offending content. In submissions to the United States Commissioner of Patents and Trademarks in 1994, “on-line information service providers” admitted that they were aware of copyright infringements that occur on their systems: Lim YF
[xlix] Ibid, University of New South Wales v Moorhouse, supra, per Gibbs J at 12; WEA International Inc v Hanimex Corp Limited (1987) 10 IPR 349 at 362; Australasian Performing Right Association v Jain (1990) 18 IPR 663. See also Lim YF, 199-201; S Loughnan, See also BF Fitzgerald, “Internet Service Provider Liability” in Fitzgerald, A., Fitzgerald, B., Cook, P. & Cifuentes, C. (Eds.), Going Digital: Legal Issues for Electronic Commerce, Multimedia and the Internet, Prospect (1998) 153.
[l] This is especially true in cases of the smaller ISPs.
[li] This is often due in part to the ISPs’ reluctance to offer this information for security reasons.
[lii] See: S Loughnan. “Service Provider Liability for User Copyright Infringement on the Internet” (1997) 8 Australian Intellectual Property Law Journal 18 at 28-30;
[liii] See K Tickle, “The Vicarious Liability of Electronic Bulletin Board Operators for the Copyright Infringement Occurring on Their Bulletin Boards” (1995) 80 Iowa Law Review 391 at 397; and BF Fitzgerald, ibid. See also Lim, YF, “Internet Service Providers and Liability for Copyright Infringement through Authorisation” (1997) 8 Australian Intellectual Property Law Journal 192. Compare A Bowne, “Trade Marks and Copyright on the Internet” (1997) 2 Media and Arts Law Review 135 at 139-40; K Cooney, “Liability for On-line Images: How an Ancient Right Protects the Latest in Net Functions” (1997) 16 Communications Law Bulletin 5 at 6; S Loughnan, “Service Provider Liability for User Copyright Infringement on the Internet” (1997) 8 Australian Intellectual Property Law Journal 18 at 28-30; S Cant; D Watts. See also Attorney-General’s Discussion Paper.
[liv] Lim, Y.F. supra at 201-11. An ISP is likely to be able to evade liability by taking reasonable actions to thwart infringement, University of New South Wales v Moorhouse, supra, per Gibbs J at 12, Jacobs J referred to qualifying an invitation to infringe. An ISP can help to prevent infringement by including warnings at user logons that specify what a user can and cannot do (or their rights of use) and that monitoring may occur to the extent that it is technically and legally possible.
[lv] Mann, R. & Belzley, S (2005) “The Promise of the Internet Intermediary Liability” 47 William and Mary Law Review 1 at 27 July 2007]

Friday, 25 January 2008

Recomended Reading for the week

Beyond peace: Israel, the Arab world and Europe
The 2000s have been locust years for the middle-east peace process. But in 2008, the European Union has an opportunity to steer a progressive dynamic across the region, says Volker Perthes. From openDemocracy by ISN.

MIT Open Courseware
Want to learn something new? MIT has for the last few years opened their courseware and material library offering it freely online. My recomendations:

6.002 Circuits and Electronics
Course Highlights
This course features a complete set of lecture notes and videos and descriptions of live demonstrations shown during class, along with lab assignments and many other materials used by students in the course. The course textbook was also coauthored by the professors.

Or if you want to have Audio and Video as well... Have a look at the MIT lectures that have Audio/Video have a look at their lectures that have a recorded component.

In particular, I would recomend:
5.74 Introductory Quantum Mechanics II
This course covers time-dependent quantum mechanics and spectroscopy. Topics include perturbation theory, two-level systems, light-matter interactions, relaxation in quantum systems, correlation functions and linear response theory, and nonlinear spectroscopy.

Go to:
http://ocw.mit.edu/OcwWeb/Chemistry/5-74Spring-2004/VideoLectures/index.htm

If you want to listen or watch.

Thursday, 24 January 2008

Decryption Key Decision

The US Federal Government decision to appeal the Vermont “Decryption Key Decision” of Judge Niedermeier (January 16, 2008) really hinges on two issues, the key and the passphrase. PGP drive encryption is protected using a private key and a passphrase protects the key. These are both issues that are analogous to existing case law.

The issues come from the courts prior decision that by unlocking the combination lock of a suitcase a defendant consented to a search [United States v. Cox, 762 F. Supp. 145 (E.D. Tex. 1991)]. In the initial search, the Canadian man handed investigators the system unlocked. This in effect mitigated his US 4th Amendment protections. Further, the Supreme Court explicitly stated that their opinion does not apply to private papers, leaving open the question of whether a person could be bound to turn over a journal or diary if there were mere evidence of a crime [425 U.S. 391 (1976) at 414.] and this could be extended to the PC.

At this point the need to do forensic captures on live systems and use memory forensics to find previously entered passphrases is amply demonstrated.

The issue in dispute comes from Doe v. United States [487 U.S. 201 (1988)]. The court determined the issue of a comparison between being compelled to surrender a key to a strongbox containing incriminating documents and being compelled to reveal the combination to a wall safe. It was decided that forcing the combination to the wall safe would be a testimonial act, surrendering the key to a strongbox would not be a testimonial act. As such, the US government can force the surrender of a key, but not the surrender of a combination.

To align this with the current case we can see the private PGP key as being functionally equivalent to the strongbox and the PGP passphrase to be analogous to the wall safe combination. What this in effect means is that the US government investigators have the right to the PGP Private Key but no to the passphrase that protects the key. If the PGP Passphrase is strong, it will resist efforts to crack it. If it is a simple password, the key MAY be enough.

It was stated in Doe v. United States that “A defendant can be compelled to produce material evidence that is incriminating. Fingerprints, blood samples, voice exemplars, handwriting specimens, or other items of physical evidence may be extracted from a defendant against his will. But can he be compelled to use his mind to assist the prosecution in convicting him of a crime? I think not. He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe -- by word or deed.” [487 U.S. 201 (1988) at 210 n.9].

The problems in the case have come from the interchanging use of password and key by the attorneys. The US Government has the right to the private key without the password (or passphrase) but has no right to force the passphrase to the key. A further key point highlighted by this case is the need to train lawyers in the correct use of technical terms.

Monday, 21 January 2008

Data Mining and Intrusion Detection

I presented in Sydney DataMiners 2008 at Google last night.

The presentation is "Using Neural Networks to Increase Security Intelligence"

Here are the slides.
























Sunday, 20 January 2008