[Note that links within this document point to material that was not necessarily supplied with this submission. -KA]
REGULATION OF COMPUTER ONLINE SERVICES
PC Users Group (ACT) Incorporated
We endorse and commend to the Select Committee the submission made by Mr Karl Auer to the Department of Communications and the Arts in response to their Consultation Paper of 7 July 1995. A copy of Mr Auer's submission is attached.
In particular (from page 4 of that document):
A carrier forwards material without specific awareness of its nature or content, much as a Post Office forwards postal items.
An originator has a specific awareness of the nature and content of an item, and transmits it knowingly either to another person or to a place or system from which others can obtain it."
(i) The operations of current and planned computer online services in Australia
The PC Users Group (ACT) ("PCUG") manages two separate computer online services - a bulletin board system (BBS) and an Internet site This submission concentrates on the Internet services offered; analogous services are offered by the BBS, with the exception that the BBS offers no real-time, interactive services other than local user-to-user chat.
It is planned to expand both services to accommodate the changing needs of members of the PCUG and (in the case of the Internet site) the members of the Australian Unix Users Group (AUUG), which is a joint partner in the running of the site.
Though small, our Internet site is very much typical of Internet sites throughout Australia - the chief difference is scale.
(ii) the extent and sources of obscene, offensive or otherwise undesirable material through online services
Potential sources of undesirable material include most usual Internet services such as Usenet news, the World Wide Web, private and semi-private email messages, files available for download and several user-to-user interactive mechanisms such as Internet Relay Chat.
The extent of availability and actual use of such material is not known to us. A study of the actual (as distinct from assumed or feared) extent would be most helpful to the debate. Such factual data has to date been conspicuously absent.
(iii) the adequacy of existing and proposed regulatory systems to control access by minors to such material both in Australia and overseas
The proposed regulatory systems are inappropriate because they cannot be applied effectively, do not place responsibility in the appropriate quarters, and if enacted will have disastrous effects on Australian social, industrial and academic activities. We recommend several modifications.
Other comment
We feel that issues of privacy, free speech and the impact on the national information infrastructure have been largely ignored by those moving to regulate the online community. We are further concerned that the oft-mentioned "growing community concern" is poorly substantiated. We urge the Select Committee to consider its terms of reference coolly and without haste.
The system managed by the PCUG and AUUG, known as "the Internet Project" consists of a link to the Internet via AARNet, a bank of modems allowing telephone access, and a computer system which mediates access and provides several services.
At present the Project has approximately 1400 users, all (by definition) members of either PCUG or AUUG. No fee is charged for email and news services; a small fee of about 30 cents per hour is charged for interactive access to the Internet.
The services provided include all usual Internet services - World Wide Web, ftp download, electronic mail, Usenet news and so on. For people who have paid for interactive Internet access, the system also acts as a gateway to the wider Internet, which offers many more services hosted by various systems around the world. For these other services, the Internet Project provides a means of contact only, in much the same way that a telephone exchange is involved in a long-distance call.
When a user calls the Project from (typically) their home computer, the mediating computer authenticates them by requesting their user ID ( a short word based on their name) and a password. If these match, the user is permitted access to the system.
User IDs and passwords are allocated on request. In order to physically obtain the user ID and password, the user must sign a declaration indemnifying the Project from any harm arising out of the user's use of the Internet and accepting a set of rules known as the "Acceptable Use Policy". In the case of minors, a parent or guardian must sign this declaration and accept responsibility for the use made of the account.
There are few specific plans for new services - most are already in place. However, there are plans to increase the bandwidth to the Internet and the number of modems providing access. The size and power of associated equipment will be increased wherever possible to meet demand.
Most of the services provided by, or accessible through the Internet Project are potentially sources of undesirable material; these include Usenet news, the World Wide Web, private and semi-private email messages, files available for download and several user-to-user interactive mechanisms such as Internet Relay Chat.
However, distinctions must be made between material the Internet Project deliberately makes available, material that Internet Project users make available and material that is made available in an automated fashion from external sources.
There are several hundred pages of material available on the World Wide Web from the Internet Project. This material has been authored by Internet Project staff and contains useful information about the Project and the Groups involved in its running.
The Internet Project also makes a limited amount of disk space available to each user for them to place material in for dissemination over the Internet - typically World Wide Web pages ("personal home pages") and files for others to download using FTP. This material is placed on the Internet Project systems by the users themselves, without the involvement of Internet Project staff.
World Wide Web sites around the world are also accessible via the Internet Project. For these sites, the Internet Project acts as a "proxy server" - the request from the user refers to a particular item, the Internet Project computer retrieves the item automatically and makes it available to the user. The item is also cached (stored locally on the Internet Project systems) in order to speed up any subsequently requested retrieval. Apart from the user making the request, the entire process is completely automated and occurs many hundreds of times each hour, with the cached material changing constantly.
The point being made by the above description is that the Internet Project is not the "source" of material in any but the first case - that is, where material has been made available by the Internet Project with knowledge of its content and nature. By analogy, the Post Office is not the "source" of most items of mail.
The other services provided by or through the Internet Project are similar in this respect. Many hundreds of electronic mail messages flow between Project users and to and from remote sites. The transfer of electronic mail is fully automated. The Internet Project management cannot practically be aware of the nature of the material; it is being handled by automated systems in real time and in volumes which preclude inspection, even were inspection desirable given the privacy issues involved.
In terms of content, carriers can only effectively control access to material they also originate. No carrier can guarantee the suitability of material they do not also originate, for the reasons outlined on the previous page.
To simply refuse minors access to online services would also preclude their access to the vast array of educational, entertaining and empowering services available.
We suggest instead that access by minors to online services (other than those which guarantee acceptable content) be granted only with the consent of a parent or guardian, with that parent or guardian then assuming responsibility for the minor's use of the service. A service provider's responsibility would then be to obtain proof of age and/or a guardian's consent before granting access. This is the approach currently taken by the Internet Project.
In most computer systems (including the Internet Project), access to services is restricted using an identity/password system. Typically the password (and sometimes even the identity) is kept secret. Together, the identity and password form a "key" to the service. In the event that an authorised person deliberately or accidentally reveals their password to a minor such that the minor subsequently accesses inappropriate material via an online service, the service provider should not be held responsible.
The only proposed legislation of which we are aware is that contained in the Consultation Paper recently distributed by the Department of Communications and the Arts dated 7 July 1995. That legislation refers to a self-regulatory code which is then supported by offence provisions should the code not be followed.
The proposed legislation does not make a proper distinction between originators and carriers of material. We regard this as a fundamental failing. The proposed legislation imposes a burden of responsibility on carriers that cannot technically, practically or reasonably be met. It fails to correctly restrict responsibility to those who knowingly originate inappropriate material. It makes carriers very vulnerable to hostile activity by members of the online community. It makes unwitting recipients vulnerable to charges of possessing proscribed material.
If a proper distinction between carrier and originator was to be made in the proposed legislation, the murky waters of self-regulation would not need to be entered.
There are several other matters that we would urge the Senate Select Committee to consider.
In the case of some material, mere possession is sufficient to constitute an offence (eg., child pornography). However, clearly no conclusion about the nature of an item can be reached until the item has been inspected by the recipient.
With many online systems, items (for example email and news articles) may be procured automatically, that is, without the recipient being aware that the item has been obtained or of its nature.
The description provided for an item may be an indication of its content, but need not be. Descriptions of an item cannot be seen as an effective or relevant substitute for first-hand knowledge of the material.
It is important that legislation not make a criminal of the recipient unless it can be shown that, having become aware of an item's offensive nature, the recipient did not reject the offending item within some reasonable timeframe. "Rejection" should be clearly defined - for example, deletion of the item from storage media.
Current encryption technology is extremely effective and is cheaply and universally available. Widespread use of this technology would make inspection of communications by persons other than the sender and intended recipient impossible (we use this word in its literal sense), even if the volume were low enough to permit such inspection.
Impact on national information infrastructure
[Contents page]
If no legislative distinction is made between carriers and originators, many carriers will have no alternative but to cease operations rather than risk criminal prosecution for activities they cannot practically monitor or control.
The alternative for some carriers will be to severely restrict operations; that is, to cease carrying potential sources of offensive material. That is, for fear that they may contain offensive material, not because the sources actually do carry it.
The result of these two kinds of response to inappropriate legislation will be a severe reduction in the amount and variety of information available to Australian citizens.
The reduction in services noted above will clearly reduce the ability of Australians to freely express and exchange ideas with other members of the online community both in Australia and abroad.
Quite apart from the attack on free speech that this represents, such a reduction will also severely handicap Australian academic and industrial competitiveness.
Even were inspection of material a practical possibility, requiring of carriers that they inspect material passing through their systems implies a very significant intrusion into the privacy of people using those systems. This is be particularly true of businesses using online systems, where the material being carried may well be commercially sensitive.
One of the most effective ways that minors (or indeed all citizens) can be protected from inappropriate material is through education.
Just as we teach our children how to recognise and avoid unwanted approaches, inappropriate correspondents or dangerous situations, so too we can and should educate people in the equivalent techniques within the online community.
Other technical issues
[Contents page]
One technical issue - caching of World Wide Web pages - has already been mentioned. Other material is often also cached - files transferred via ftp, for example.
All material moving from remote sites to users' systems is moving through one or more service providers' equipment. It may be cached; it will certainly spend some amount of time in the computer memory of various components as it moves from place to place.
It is important that this kind of transient presence not be cause for legal liability. Simply adopting the suggested distinction between carrier and originator will remove many of these concerns.
Australia stands at present very much in the forefront of the information revolution. The scope and potential for its citizens and its industries to mould the future is currently almost unlimited. Poorly crafted legislation, drafted in haste and without regard for the realities and demands of the online community, can and will irreparably damage this preeminent position.
We are concerned that to date very little factual evidence has been offered in support of the oft-repeated claim that there is "growing community concern" over the issues of computer online services. To some extent the existence of the various enquiries into these issues and the attendant media attention have created a self-fuelling concern.
Children and adults are in far more danger of direct, terrible or lasting harm from accidents in the home or on the roads, from physical attack or from domestic violence and cruelty than they are in danger from even the worst of any material available online. These issues should be kept in perspective.
We urge the Select Committee to divorce its deliberations from the hype and ignorance that has been the hallmark of most media reports and indeed of reports such as that of the Attorney-General's Task Force. There is no need for haste and much need for prudence and proper consideration of the issues.
Our recommendations are straightforward: