Free ISPs - new subscriber identification requirements

[Richard Clayton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <Pine.GSO.3.95-960729.990313212228.9216A-
100000@aidan.ncl.ac.uk>, Quentin Campbell <Q.G.Campbell@newcastle.ac.uk>
writes

>ISPs cannot have it both ways. They want the profits but not the
>responsibility.

[it's touching to think that ISPs (in general) make profits!]

> Newspapers and their publishers cannot act like that. 
>They are held responsible for what they print/publish. The editor could go
>to goal. Why should ISPs be any different?

people often compare ISPs with printers or newspapers

A printer chooses which pamphlets or books they will run off their
presses. Indeed it is usual for them to add a "printed by" notice to
everything to ensure it is traceable back to them. This dates back a
great many years to when owning a printing press was to have true
political power. Someone can probably enlighten us on the details !

A newspaper decides what stories to run or which letters to print in the
letters section. The editor goes to gaol (or pays damages) if an offence
such as sedition, breach of the Official Secrets Act (or even just mere
defamation) is committed.

ISPs provide access to the Internet. They do not vet or choose what
their users choose to say. Indeed they may remain forever ignorant of
what has been said. This is a key difference

>The law already recognises that "electronic transmission" is "publishing" 
>for the purposes of the Obscene Publications Act. Transmission, storage
>and display of indecent "pseudo images" of children is now a very serious
>criminal offence.

I think you're mixing up computer generated images and computer
transmitted images.

>The direction seems to be clear. A consequence of the Goverment's about
>turn on crypto over networks is likely to mean more control and sanctions
>over what is "published" over the networks. 

I agree that the direction is clear... but I think that is because the
legislators have not yet understood the Internet or the role of the ISP.
They have decided that hosting a web site is like owning a printing
press, they have decided that providing access to Usenet (or a mailing
list like this one) is like editing a local paper.

We know that these analogies are wrong and that ISPs are qualitatively
different and so deserve different sorts of legislation.

If that does not happen you will see ISPs incurring expenses to hire
libel lawyers, taking a harsh line on people who publish unpopular
opinions and taking a view on the dissemination of images which Mrs
Grundy might have approved of.

You will also see customers using expensive trans-Atlantic bandwidth to
give the figleaf impression that they are in another country and are
therefore immune to local "repression".

>I am not saying that it will be easy or immediately effective because
>networks, the Internet in particular, do not respect international
>boarders. For this reason alone the measures are likely to be pretty
>draconian. Note that the law has already started to address some of the
>trans-national issues in relation to satellite transmissions.

running a TV station (or indeed a pirate radio ship - I'm old enough to
remember them) is somewhat more expensive than running an ISP. This
makes national approaches to trans-border issues more practical.

>> ISPs are not courts or judges, yet they are being asked to act as such.
>>
>
>No. They are being asked to act responsibly.

A customer posts a news article that a million selling pop star is a
closet homosexual, given to visiting public lavatories where they
masturbate themselves to fulfilment.

The pop star's manager emails to complain that this is defamation...

what is responsible action here ?

Another customer posts a news article that an ex-South American Head of
State arranged for his political opponents to be tortured and murdered.
Again a complaint is made...

what is responsible action here ?

> My university acts as an
>ISP. It requires its users to act responsibly and will take action if they
>don't. It is self regulating and has a well framed disciplinary procedure
>under which it can judge and punish wrong acts when appropriate. 

is commenting on the pasts of South American Heads of State
irresponsible ?

>Perhaps there should be new laws that allow an individual to have access
>to records of who sent them e-mail via an ISP or who set up the web page
>that allegedly maligns them. This is no different in kind to laws allowing
>people access to their credit status or their medical records.

If the ISPs are not to be held responsible, as I would argue, then
indeed the customers who put up web sites or posted articles should not
be anonymous. I have no problem with that - people should take the
responsibility for what they do and ISPs who seek to protect their
anonymity should have to stand with them.

>It is like their rights under DP legislation. All these relate to what is
>said about an individual in a confidential context. Why should ISP's be
>excluded from this access by an individual? 

you _can_ see your own records -- but you cannot see someone elses.

>Are you saying that an ISP would not notify the Police voluntarily if it
>found one of its users storing or transmitting paedophile material?

under the current industry "agreement" the ISP would notify the IWF who
would then notify the police. The ISP I work for has clear written
procedures covering this matter.

>What of the situation where a recipient comes to you with clear evidence
>that they are being stalked by anonymous e-mail from your site. Would you
>simply tell them to go away and come back with the Police and a warrant?

it seems correct that they should contact the police. ISPs (in general)
would not have the expertise to determine whether there was wrongdoing
(rather than just something unpleasant). Why should ISPs cost base be
increased to answer such questions ?

>The law should give an individual the right to demand that the ISP hand
>over confidential records in a situation where that individual has
>received an anonymous posting that was sent from a user registered with
>the ISP.  I suspect that this might be a controversial proposal! 

As I indicated above I think that is a reasonable approach to solving
the problem. There need to be some safeguards to prevent people
obtaining identities through subterfuge (husbands seeking battered wives
should not be able to locate them in this way).

>This right might have to be moderated by the courts but I cannot conceive
>of a situation where an individual should suffer anonymous mail without a
>direct and almost immediate remedy. This must include the ability to
>obtain the identity of the person who posted the anonymous message. 

I think you mean unlawfully constructed anonymous email (not just
anonymous which is hardly a crime)

>> Perhaps we should not be allowed onto the Internet (via a Free ISP or
>> otherwise) unless we can present a crypto Certificate which attests to
>> our identity ?  [[phew, back on topic]]  This does not seem to me to be
>> a major step forward in protecting our freedoms, but might be the only
>> way to achieve the type of personal accountability which seems to be
>> being sought here ?
>
>Exactly! If this were the case then stalking by anonymous e-mail would
>stop. 

so would various other activities. We must be careful what we wish for,
at least until we've thought it through

- -- 
richard @ highwayman . com                       "Nothing seems the same
                          Still you never see the change from day to day
                                And no-one notices the customs slip away"

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.1.1 (C) 1997 Pretty Good Privacy, Inc.

iQA/AwUBNusHaO5vmeyLY9DdEQLHpgCg0x93h254Y9MUzkzjp5HsBwsLnvYAoKk6
SPMTTII4M4bwlLBICdRRyeQC
=xLKz
-----END PGP SIGNATURE-----