Issues Arising from the Internet

CHILD PORNOGRAPHY
CONSUMER FRAUD AND CYBERCRIME
DEFAMATION
COPYRIGHT
SPAM
CONCLUSION

This chapter outlines some problem areas vexing the global internet community and suggests possible solutions. For example, at the time of writing, unsolicited bulk commercial email or spam began to command increasing attention with more and more countries passing legislation to rein in the problem. The way spam is being regulated is instructive and suggests how regulation of online offenses may develop. Because spam traverses borders, legislation regulating it can only be as effective as the extent of international cooperation.

Here is where policy-makers can benefit from tackling issues of international concern to enforce the law against violators. Three such areas--child pornography, cybercrime and consumer fraud--are discussed briefly below.

In sum, where there is international cooperation, particularly where cooperation is supported by the more developed economies, developing countries should join forces and not attempt to go it

alone. International cooperation is very difficult to achieve. The fact that countries are cooperating to police child pornography, cybercrime and consumer fraud suggests the importance and necessity of cooperation in those areas.

Second, in areas where internet players can self-manage (for example, through technology) and self-regulate, it would be advisable for industry associations in particular to try to do so. Regulation is needed because, as discussed earlier, the poor quality of information can wreak havoc in the industry. And self-management or self-regulation is a better mode of regulation at this stage where governments are struggling to regulate the internet and when they do, have tended to be heavy-handed.

Given the still-nascent state of the internet, it is likely that effective policing of the problem areas will require a combination of self-help, technological help, industry regulation as well as legislation.

CHILD PORNOGRAPHY1

The Problem

Child pornography highlights one of the ways that the power of the internet can be and is being abused. Child pornography is the exploitation of children as objects of pornography. Contrary to the misunderstanding of some in the internet community. Child pornography is not the exposure of children to pornography; rather, it is the use of children themselves in pornography. In its most extreme form, children are captured in still or video photography

¹ http://www.cyber-rights.org/reports/child.htm

performing sexual acts. There even have been reports of infants being

abused.²

The Japanese were the last significant holdout in criminalizing child pornography, outlawing it only in May 1999. Japanese culture apparently did not draw a distinction between adult pornography and what would be considered as young adult pornography although such tolerance does not extend to infant pornography.³

The issue of child pornography on the internet demonstrates how with sufficient political will, the internet can be policed. Political will comes in the form of the United Nations' Convention on the Rights of Children (the “Convention”.) This international treaty is the “most widely and rapidly ratified human rights treaty in history” with only Somalia and the US not having ratified the treaty after signing it. Article 34 of the Convention outlaws the “exploitative use of children in pornographic performances and materials.” An optional protocol on the sale of children, child prostitution and child pornography came into force in January 2002.⁴

The treaty clarifies certain issues, such as the age of minority, but does not guarantee a solution to the problem of child pornography. It does not, for example, define child pornography. In yet another wrinkle in the already complex issue, the US, although not a signatory to the Convention, is one of the most aggressive in pursuing child pornographers, beginning with the Innocent Images Initiative in 1995.⁵ Conversely, there are countries who are signatories but are lax in enforcing the Convention. Notwithstanding its shortcomings, the

² Marlise Simons, “Dutch Say a Sex Ring Used Infants on Internet,” New York Times, July 19, 1998.

³ “Japan: The Darker Side of Cuteness,” Economist, May 8, 1999, 32.

⁴ Convention on the Rights of Children, n.d., United Nation's Children's Fund (UNICEF). Available at http://www.unicef.org/crc/convention.htm (accessed August 1, 2004).

⁵ Federal Bureau of Investigation, “Investigative Programs: Crimes Against Children. Online Child Pornography. Innocent Images National Initiative.” http://www.fbi.gov/hq/cid/cac/innocent.htm (accessed August 9, 2004).

treaty is useful in compelling countries that have ratified the law to act against child porn.

The Internet's Role in Child Pornography

According to Maxwell Taylor, perhaps one of the most pre-eminent researchers of the subject, much of the child porn pictures are pre-internet. In other words, child porn has been around for a long time. Some of it is in the form of wood cuts, suggesting that it preceded the metal-type printing press of 1450.⁶ If mass media opened the Pandora box for child porn, the internet threw away the lid. Child porn on the internet is different from previously-available porn in several significant ways.⁷

First, the internet has made it easier to obtain and disseminate child porn. Instead of reprinting a photo and sending it through the post, photos can be posted online which are accessed with a click of the mouse.⁸ To be sure, it is not that easy to obtain child porn on the internet. One has to get into the network of those who have child porn in the first case. Child pornographers and constomers typically trade images. This is a form of protection as it means that the recipient is as guilty as the provider. The internet, however, makes it easier to form a community to trade. The sense of community is

⁶ Maxwell Taylor, “The Nature and Dimensions of Child Pornography on the Internet, Combating Child Pornography on the Internet,” Vienna, September 29-October 1, 1999. http://www.ipce.info/library_3/files/nat_dims_kp.htm (accessed March 6, 2004).

⁷ “Child Pornography: An International Perspective,” 1996, End Child Prostitution, Child Pornography and Trafficking of Children for Sexual Purposes (ECPAT) (report, World Congress Against Commercial Sexual Exploitation of Children). http://www.csecworldcongress.org/PDF/en/Stockholm/Background_reading/Theme_papers/ Theme%20paper%20Pornography%201996_EN.pdf (accessed August 9, 2004). The article also contains a succinct summary of the issues.

⁸ Taylor, “The Nature and Dimensions of Child Pornography on the Internet.”

important as it validates their behavior of legitimizing and normalizing an adult s sexual interest in children.⁹

Second, the internet affords some degree of anonymity and this emboldens those on the fringe. Users can create virtual identities that make it more difficult, though not impossible, to trace.

Third, the internet makes it possible for other forms of child porn not available previously. Thus, for example, it is possible to have “live” child porn, where images of the child being abused can be customized according to the whims of the purchaser of the porn.

These factors mean that there are good reasons to believe that there will be more and more child porn images being created. In the UK, thirty-five people were cautioned or charged for child pornography offenses in 1998. The number cautioned or charged rose to 549 in 2001. Then in 2002, Operation Ore provided UK police with 6,500 names of persons who had bought child porn from a single site in the US.¹⁰ In 2004, British Telecom, UK s dominant ISP, found that a new service it installed called Clean Feed was blocking access to child porn sites at a rate of 20,000 attempts a day.¹¹

International Cooperation

The only effective way to defeat child porn on the internet is through international cooperation. The first such instance of international police cooperation against child porn was Operation Cathedral. Until

⁹ John, Carr, “Child Pornography” (paper, 2nd World Congress on Commercial Sexual Exploitation of Children). http://www.csecworldcongress.org/PDF/en/Yokohama/Background_reading/Theme_papers/Theme%20paper%20Child%20Pornography.pdf (accessed August 9, 2004) quoting Rachel O'Connell, “Untangling the Complexities of Combating Paedophile Activities in Cyberspace,” University of Central Lancashire, Cyberspace Research Unit, 2000.

¹⁰ John Carr, Child Pornography, Child Abuse and the Internet (London: NCH, 2004).

¹¹ “Extent of Child Net Porn Revealed,” BBC. http://news.bbc.co.uk/1/hi/uk/3908215.stm (accessed August 9, 2004).

then, the largest haul of child porn was 7,000 images and it was difficult to pin down an international operation. Operation Cathedral showed what international cooperation could do.

It culminated on September 2, 1998 with simultaneous raids at 0400 GMT on an international pedophile ring, called the Wonderland Club, in fourteen countries: Australia, Austria, Belgium, England and Wales, Finland, France, Germany, Italy, Norway, Portugal, Scotland, Sweden, and the US. Police in the UK alone served 105 arrest warrants. Altogether police around the world seized “at least 750,000 still pictures and 1,800 digitised video clips of children--mostly boys--being sexually abused.”¹²

To be sure, Operation Cathedral was not an unmitigated success. At the end, the police were attempting to locate the 1,236 children who had been depicted in the pornographic images. And while raids were conducted in the fourteen countries, that was only a third of the forty-six countries in which the Wonderland Club operated. Some countries--Ireland, New Zealand, Israel, Japan, Spain and South Africa--were excluded because they lacked either the expertise or the political will to address the issue. In other cases, the countries lacked a legal framework to punish the offenders.¹³

Implications for the Future

Operational Cathedral is significant in demonstrating that child pornography over the internet can be policed, albeit within limits, if there is sufficient political will and international cooperation. Since then, there have been sweeps of varying reach. The UK's National Hi

¹² How Police Smashed Child Porn Club,” CNN Worldwide, February 13, 2001. http://www3.cnn.com/2001/WORLD/europe/UK/02/13/paedophile.police/ (accessed September 30, 2001).

¹³ Sean O'Neill, “Internet Child Sex Perverts Escape Justice,” August 3, 2001. http://news.telegraph.co.uk/news/main.jhtml?xml=/news/2001/08/03/nwond03.xml (accessed August 9, 2004).

Tech Crime Unit arrested twelve people in March 2002 as part of coordinated raids led by Interpol. Law enforcement officers from twelve countries took part in the raids codenamed Operation ARTUS, which followed the identification of a pedophile network by Germany s National Criminal Police Agency.¹⁴ Just four months later, in July, UK police led an international sweep that led to fifty arrests in the seven countries that took part.¹⁵ And where police had previously only gone after the retailers of child porn, police in 2002 in Operation Ore went after child porn subscribers.¹⁶ Of the 3,500 suspects arrested, 1,679 were charged and 1,230 convicted two years later in 2004.¹⁷

Encouraged by their success, police in the developed world have embarked on more raids on child pornographers and operators of such sites. As Table 7.1 shows, the number of such raids has increased since 1999, after Operation Cathedral. It should be noted that conspicuously absent from the table are developing countries.

Despite their success, such raids cannot eradicate child porn from the internet totally. But then that is not the aim of such operations. The aim is to make the otherwise “casual” user think twice. The compulsive and hard-core user will find ways around the law to get at child porn. The reality is that no law can stop a recalcitrant offender from breaking the law.

¹⁴ Tim Richardson, “Police Tackle Global ‘Elite’ Paedo Ring,” The Register, March 20, 2002. http://www.theregister.co.uk/2002/03/20/police_tackle_global_elite_paedo/ (accessed August 9, 2004).

¹⁵ John Leyden, “Police Bust Global Net Pedo Ring,” The Register, July 2, 2002. http://www.theregister.co.uk/2002/07/02/police_bust_global_net_pedo/ (accessed August 9, 2004).

¹⁶ “Mass Arrests Over Online Child Porn,” BBC Online, June 18, 2004. http://news.bbc.co.uk/1/hi/uk/1998515.stm (accessed August 9, 2004).

¹⁷ “Arrests in Child Porn Probe,” BBC Online, June 18, 2004. http://news.bbc.co.uk/1/hi/northern_ireland/3819633.stm (accessed August 9, 2004).

CONSUMER FRAUD AND CYBERCRIME

The Problem

In their essence, cybercrime and online consumer fraud are extensions of their offline counterparts. They rely on the vulnerabilities and gullibility of online users. Of course as a new medium, there will naturally be some frauds unique to the internet. The most common forms of consumer fraud are misrepresentation as to price, quantity or quality, bait and switch.

Technically, online consumer fraud can be a form of cybercrime because most legal definitions of cybercrime often include the use of the internet as the medium to commit fraud. But this is not a helpful approach because the response to consumer fraud should be different from that to cybercrime.

It is more helpful to treat cybercrimes as offenses that are online-or internet-specific. That way, the responses would be more effective in treating the problem.

Cybercrime

Unlike consumer fraud where a country can minimize fraud by encouraging its citizens to shop at its own online stores, the impact of cybercrime can and often does extend beyond its own borders. That is, even if one is sitting idly and not intending to do anything, one can be a victim of cybercrime. Any serious fight against cybercrime must, therefore, have international cooperation or else the perpetrators will simply locate to a regime with weak regulations.

The EU has taken action by creating the Brussels-based European Network and Information Security Agency (ENISA) to monitor, research and counteract virus and worm attacks and to educate the public about online security.¹⁸ The agency is expected to function as a

¹⁸ http://news.bbc.co.uk/2/hi/technology/3226178.stm (accessed November 21, 2003).

clearing house of best practices and work with enforcement agencies.

In Singapore, the Computer Misuse Act is extra-territorial. If a person outside of Singapore were to crack a website hosted in Singapore, in theory, that person if found can be charged in a Singapore court. Many countries are looking into extending such laws on a similar basis. International cooperation would help define offenses, jurisdiction as well as enforcement.

This area of online fraud and crime shows how laws that may have been thought to be superfluous in fact do have their basis in human nature. Perhaps a prime example is online auctions. Since the late 1990s, it has become one of the top cybercrimes and consumer frauds. This is because the anonymity afforded by the internet makes it harder, though not impossible, to trace the culprits.

The Singapore experience is instructive. Following the success of eBay, several local companies started online auction sites. All went well until they consulted lawyers to help them draft the terms of use of their sites. Under Singapore law, only a licensed auctioneer can hold an auction. This would have meant that the sites needed an auctioneer to watch every bid, a physical impossibility. And so the law was amended to allow online auctions.

This is to show that offline laws that apply online should not merely be done with because they get in the way of the online world. There are good reasons for many of the laws in our books.

Concerted international action is being taken against consumer fraud. Australia, which has one of the strongest consumer protection regimes in the world,¹⁹ leads the world in the fight against online consumer fraud. In October 1997, the Australian Competition and Consumer Commission coordinated the world's first consumer sweep with the International Marketing Supervision Network, an association of consumer protection law enforcement agencies around

¹⁹ In the 2000 Olympics, Sydney highlighted its strong consumer protection regime as a marketing tool to invite tourists to shop in Australia.

the world since,²⁰ and has done so annually. In 2004, the Australian Commission coordinated the consumer sweep by seventy-six agencies from twenty-four countries under the auspices of the International Consumer Protection and Enforcement Network, “a network of consumer protection authorities from thirty-one countries, including Australia, Canada, Germany, NZ, UK and the US which cooperate to prevent and redress deceptive marketing practices with an international component.”²¹

When an offending site is found in a sweep, it is reported to the relevant regulator according to the location in which the business is operated. This assumes that the regulator is able to take some action. Sometimes it may mean extending the law to cyberspace. At other times, it may mean some offline action is needed. Often, it is a combination of both.

The Nigerian 419 scam is one example of fraud and cybercrime where the regulator is aware of the crime but is either unwilling or unable to act; this sort of scam is so called because it violates Section 419 of the Nigeria's Penal Code.²² The Nigerian scam is unfortunate in that it is the item most closely associated with Nigeria in the online world. Action against the perpetrators can only be taken in the country where they are located.

There are many shady practices that have been magnified and multiplied because of the internet. Diploma mills²³ and sites that sell

²⁰ CNN, “Warnings Issued to Hundreds of Web Site Operators,” November 17, 1997. http://www.cnn.com/TECH/9711/17/internet.scams.ap/index.html (accessed December 31, 2004); Australian Competition and Consumer Commission, “International Agencies Swoop on Internet Scams,” October 15, 1997. http://www.accc.gov.au/content/index.phtml/itemId/87021/fromItemId/ 378004 (accessed December 31, 2004).

²¹ Australian Competition and Consumer Commission, “Too Good to be True?” n.d. http://www.accc.gov.au/content/index.phtml/itemId/494787/fromItemId/ 500756 (accessed December 31, 2004).

²² There are variations of the scam but in essence, the scammer invites a foreigner to send him money to facilitate a transaction in which the foreigner will get a share of the loot.

²³ http://news.bbc.co.uk/2/hi/uk_news/education/2829237.stm

term essays are two examples of online businesses that are able to thrive because of the low cost of setting up shop online and the ease by which they may be located using search engines.

Spam and Phishing

In other areas, the internet gives rise to new offenses. Spamming and phishing are two internet-specific offenses. It may be argued that spamming is an online version of offline junk mail. Spam, however, is much more pervasive than junk mail or junk fax because the internet makes it very cheap to spam--the cost per unit to send spam is so low as to be almost negligible. The number of countries that have passed anti-spamming laws have risen. There is little doubt that this is one activity that will need to be regulated worldwide. The problem of spam is dealt with later in this chapter.

Phishing are fake sites that mirror their real counterparts. For example, sydneyopera.org was the fake site of sydneyoperahouse.com. Fake sites duplicate the look and feel of the real thing except that money goes into the fake credit accounts.

Action

As noted above, online consumer fraud can only be fought if there are legal sanctions against it in the first place. Unlike other kinds of online offenses, international cooperation is not always necessary. In Operation Cyber Sweep, multiple US agencies in October 2003 worked to flush out a variety of online crimes such as fraud, software piracy and the sale of stolen goods. By the end of November of that year, more than 125 people had been arrested for causing losses of more than US$100 million.²⁴

The need for consumer protection laws is instructive and highlights yet another instance where the online world is impacting

²⁴ http://www.usdoj.gov/opa/pr/2003/November/03_crm_638.htm

the one offline. Without laws against offline consumer fraud, the fight against online consumer fraud will be weak. Where consumer fraud laws are weak, shopping online is worse than gambling online because there is no chance of payback. So only a strong consumer protection regime will enhance online shopping. This is an area where the developing world lags; until these countries have stronger consumer protection laws, online shopping in the developing world will remain its infancy.

DEFAMATION

Anonymity afforded by the internet is thought to be the cloak of invisibility allowing anyone to say what they wish and many people do. However, not everyone gets away with it. Plaintiffs have sued and won for defamatory remarks made over the internet.

Defamation law varies from country to country but the general principle is that a person who makes false statements about another person can be sued, subject to some exceptions, by the defamed person. That simple definition of defamation tests both the limits of online laws as well as civil libertarian concerns about freedom of expression and speech.

First, what is the standard for defamation? It is possible for a remark that is considered wholly innocent in one country to be considered highly defamatory in another. Take the following statement: all incumbent politicians are corrupt. In many democratic countries, politicians are expected to take such remarks with a pinch of salt. In Singapore, where the libel laws are inherited from colonial British law and in the main have not been amended by legislation, those remarks could well lead to a libel suit. In other countries with a different political system, the result will be even more different. In China, a company sued the editor of a financial magazine over an

article that had critically analyzed the financial state of the company. As a legal tactic, it is unwise to sue unless one is sure that one can win. The fact of the suit suggests that in Chinese libel law, truth may not be a defense.

Second, what is the standard to prove damage of reputation? In the US, the public figure doctrine, where public figures have a much higher burden of proof on the assumption that they have put themselves up for public criticism, means that politicians stand almost no chance in a libel suit against the media. So even it is agreed that the statement is defamatory, the outcome would be different in the US as against, say, the UK.

Third, the consequences and burden of proof may be different. For example, the English common law does not take into account the consequence of a libel; it is enough if the statement is libellous on its face.

Because of these differences and difficulties, defamation suits are easiest determined in isolation. The first recorded court case involving libel over the internet was in Australia in 1994 where an anthropologist won some A$80,000 (about US$45,000) in damages for the continued defamatory postings by the defendant.²⁵ Since then, there have been successful suits in many countries around the world, almost all within the same country in which the defendant resided. Such cases are similar to defamation suits using, say, the newspaper as the medium of publication. The only difference is that the internet is used instead.

Jurisdiction

However, an Australian case, started in 2002, is testing the limits of defamation law on the internet. If a publisher were to sell its

²⁵ Rindos v. Hardwick Supreme Court of Western Australia No. 1994 of 1993 (unreported, judgement 940164). http://www.jmls.edu/cyber/cases/rindos.html (accessed 23 October 1996).

publications worldwide through the internet and someone in another country was defamed, would the publisher be liable for that defamation? This very issue arose in the Australian case of Dow-Jones v. Gutnick.²⁶ The Dow Jones news company contested the jurisdiction of the court, relying in part on the argument that to hold it liable would be to set a precedent that all online publications would be liable worldwide, which would have major international repercussions for publishing. Not to hold Dow Jones liable, however, would mean that an individual who had incurred injury by defamation would not be able to have recourse if the damage was caused by an international publisher.

The Australian courts ruled against the company, both in the court of first instance and on appeal, concluding that it had jurisdiction over the defamation suit. In the case, the company had a small number of subscriptions and an even smaller number of street stand sales. The court said that “defamation is to be located at the place where the damage to reputation occurs. … In the case of material on the World Wide Web, it is not available in comprehensible form until downloaded on to the computer of a person who has used a web browser to pull the material from the web server. It is where that person downloads the material that the damage to reputation may be done. Ordinarily then, that will be the place where the tort of defamation is committed.”²⁷ In the UK, a high court case has asserted jurisdiction by boxing promoter Don King over statements made by Lennox Lewis that appeared on two US websites. The court ruled that publication takes place where it is downloaded.²⁸

²⁶ [2002] HCA 56 (December 10, 2002). http://www.austlii.edu.au/au/cases/cth/ high_ct/2002/56.html (accessed December 10, 2002).

²⁷ Ibid.

²⁸ Don King v. Lennox Lewis, Lion Promotions and Judd Burstein [2004] EWHC 168 (QB). http://www.bailii.org/ew/cases/EWHC/QB/2004/168.html (accessed October 4, 2004).

In the US, however, there is uncertainty because of conflicting results of cases on an issue called the “single-publication rule,” that is, that the damage should be assessed at the place of publication, not the place of receipt of the content. In two cases, the US Supreme Court appeared to have decided differently. In April 2003, the US Supreme Court in Northwest Healthcare Alliance v. HealthGrades.com refused to consider an appeal against a court's decision that a person could sue for defamation published only on an out-of-state website.²⁹ A month later, however, the same Supreme Court acted differently. In Young v. New Haven Advocate, the US Supreme Court in May 2003 refused to consider a Court of Appeal verdict that a court in Virginia does not have jurisdiction over the defendants in Connecticut who had written stories alleged to have been defamatory about a Virginia prison warden on the internet.³⁰ Which view should hold?

On the one hand, the single-publication rule would make it clear that the publisher is subject to only one set of defamation laws. The single-publication rule benefits media companies at the expense of the individual. Plaintiffs on the internet, almost by definition, are less resource-capable than corporations. Intuitively, it is unfair that an individual can be harmed by a large corporation without any avenue for redress. It would mean, for instance, that a person defamed globally would not have redress while the same person defamed locally would. Third, it would also mean that large entities that publish globally would have greater rights than smaller ones.

Meanwhile, the UK's Law Commission on Defamation and the Internet in 2002 had observed: “The law in this area has always been complex, and attempts within the EU to create greater legal certainty have added new ambiguities. There are no easy answers.” After a

²⁹ Northwest Healthcare Alliance v. HealthGrades.com, S.C. No. 02-1250.

³⁰ Stanley Young v. New Haven Advocate et al., S.C. No. 02-1394 (a petition for writ of certiorari to the Fourth Circuit).

brief analysis, it concluded: “We do not think that the problem can be solved within the short to medium term. We do not therefore recommend reform in this area at the present time.”³¹

COPYRIGHT

There is a perception that one can make unpermitted use of copyrighted material because it is either not against the law (because it is impossible to enforce the law) or even if it is, there is little chance of being caught and punished. As long as a country has copyright laws for offline material and provisions in its legal system to recognize online content, copyright laws apply.

Because copyright can be valuable, this is an area that international corporations and organizations have the most interest in protecting. So, for example, in 2000 the International Olympic Committee spent US$500,000 to patrol the internet for unauthorized webcasting of broadcast feeds. The patrol, after inspecting hundreds of thousands of sites and eventually narrowing down to a number sites, was effective as there was no such webcasting from professional media companies.

Admittedly, enforcement of the law is difficult here. But where there is sufficient interest and commitment on the part of the rights holder, the more significant violations can be stopped. This is especially so in the case where the copyrighted material is used commercially. For private use, rights holders are unlikely to be so tough.

³¹ Lord Chancellor's Department, Law Commission on Defamation and the Internet: A Preliminary Investigation, December 2002, United Kingdom, 3. http://www.lawcom.gov.uk/files/defamation2.pdf (accessed October 4, 2004).

Content providers need to be careful that their content is original or, if not, have the approval of the rights holders. The reason is that the sanctions for violation can be severe, costing much more than had the material been created originally. The heavy penalty is necessary to deter widespread breach of copyright--if the penalties were even equal to the cost of creation, one might as well copy first and pay later.

Content providers are not sitting still. The International Federation of the Phonographic Industry (IFPI) in late 2003 announced a “one-stop” licence for international webcasting of music.³² This makes it easier to get approval and, therefore, removes another excuse for piracy.

Because there are international agreements governing copyright, it is easier for rights holders to pursue their rights. The US has the most advanced laws in this area with the Digital Millennium Copyright Act (DMCA). It has detailed provisions for how an aggrieved party should act, from giving notice, to taking down, to restoring the material should it prove to have been taken down incorrectly. Most Asian countries and the developing world are at the stage of wrestling with copyright. On the one hand, it is clear that not having copyright laws will stunt development in the information economy and foreign direct investment inflows, on the other hand, it is equally clear that having strong copyright laws (or even just enforcing existent laws) will stunt the economy.

Lessig and others are working on developing copyright laws that better balance the interests of users. The modern copyright regime that was in place before the advent of the internet was initially developed against the interests of the rights holders.³³ If history is

³² IFPI, “Recording Industry Announces New One-Stop-Shop for Webcast Licensing,” November 11, 2003. http://www.ifpi.org/site-content/press/ 20040913.html (accessed October 4, 2004).

³³ Peng Hwa Ang and Jim Dewar, “Back to the Future of the Internet: The Printing Press,” in Networking Knowledge for Information Societies: Institutions and Intervention, eds., Robin Mansell, Rohan Samarajiva and Amy Mahan, 249-53 (Delft, Netherlands: Delft University Press, 2002).

right, then the initial loss by the rights holders will be more than offset by their benefit for society at large.

SPAM

The Problem

The problem of spam is so widespread today that it needs no introduction. Spam has become a problem significant enough to retard the development of the internet. The TransAtlantic Consumer Dialogue (TACD), an international consumer advocacy group comprising forty-five EU and twenty-five US consumer organizations, found that more than half the users it surveyed were shopping less online or not at all because they were afraid that personal data they submitted would result in spam.³⁴

In April 2004, anti-spam software vendor Brightmail estimated that spam accounted for sixty-four percent of all email traffic on the internet, up from eight percent of traffic in mid-2001.³⁵ AOL in early 2003 estimated that it was blocking an average of two billion spam emails a day, or about seventy-five spam emails per customer.³⁶

The problem of spam or unsolicited commercial email is that, first, they are sent indiscriminately. This is possible because spammers send out programs to harvest email addresses from

³⁴ TACD report on Consumer Attitudes Regarding Unsolicited Commercial E-mail (Spam) (October-December 2003). http://www.tacd.org/docs/?id=225 (accessed October 4, 2004).

³⁵ “Spam Statistics,” April 2004. http://www.brightmail.com/spamstats.html (accessed May 5, 2004). No longer available.

³⁶ All Party Parliamentary Group, “Spam: Report of an Inquiry by the All Party Internet Group,” 2003. http://www.apig.org.uk/spam_report.pdf (accessed October 4, 2004).

websites and posts. Although it is possible to filter emails to remove a lot of these spam, they still demand some time and attention. If only a minute a day of every working day is spent on removing spam, that would work out to 250 minutes or more than four hours of effort a year. Second, these spam often promote offensive, if not illegal, material. Sometimes, they are deceptive and fraudulent. Third, some spam disguise their origin, making it impossible to remove the recipient from their distribution.

Taming spam will require a combination of approaches. The first response to initial spaming activity was self-help by internet users. The husband and wife team of lawyers from Arizona, Canter and Siegel, were the first to spam the internet. This they did through a posting on 3,000 of the then 4,000-strong Usenet groups back in April 12, 1994.³⁷

Users who woke up to find the Canter and Siegel spam whenever they retrieved their Usenet readings were livid. This was in the days when the internet was largely in academic hands but was on the cusp of becoming commercialized. The internet then was governed by netiquette and social pressure.

Action

But when users saw that unwritten rules were being violated, they took the law into their own hands. Some attacked the Canter and Siegel mailbox with large files, such as an attachment containing the Bible. Others tracked their phone numbers and one suggestion this author remembered was to fax them a black page that was taped so that it formed a continuous loop; the aim was to burn out the fax

³⁷ For a brief but excellent account of the history of spam, see Paul Festa and Evan Hansen, “Happy Spamiversary,” CNET News.com, April 12, 2004. http:// news.com.com/2100-1024_3-5189340.html (accessed October 4, 2004).

machine. Canter and Siegel were unrepentant and even said that they would write a book on it; they were later kicked out from two ISPs.

As early as 1997, spammers have also been sued. One of the most celebrated instances was the successful suit by EarthLink in which the ISP won a US$2 million settlement against Sanford Wallace and his company Cyber Promotions to stop them from using the Earthlink connection as well as the forged Earthlink return address.³⁸

Such action was possible because there were limited spammers. Once the number of spammers grew, such self-help became ineffective. In any case, like a cat-and-mouse game, spammers learnt to deflect the countermeasures.

Users can also apply some technological fix. For example, email addresses should not be stored on websites such that they can be harvested by spam spiders. Instead, an image file of an email address can be used, or the addresses can be broken into two with the second part after the “@” placed somewhere else on the page so that visitors know that they need to tack on the second part but the harvester software would not be able to read them.

Further, on the technology front, Microsoft and Yahoo were reported to be working together to create a sender-id framework to minimize spam.³⁹ The approach would determine if the email is coming from the source it says it is. Such a framework should minimize the forged email return address. However, spammers are already adapting to the new framework and have reportedly found ways to work round it.⁴⁰

³⁸ Earthlink, “Cyber Promotions Finally Chokes on its Own Spam,” press release, 2004. http://www.earthlink.net/about/press/pr_cp_judgement (accessed October 4, 2004).

³⁹ Amit Asaravala, “Net Rivals Embrace to Fight Spam,” Wired News, June 4, 2004. http://www.wired.com/news/infostructure/0,1377,63708,00.html?tw= newsletter_topstories_html (accessed June 4, 2004).

⁴⁰ “Spammers Exploit Anti-Spam Trap,” BBC News, 2004. http://news.bbc.co.uk/ 2/hi/technology/3631350.stm (accessed October 4, 2004).

Industry Self-Regulation

ISPs have a form of self-regulating spam. A year 2000 study by a team of Oxford researchers found that industry codes for ISPs recommended or mandated its industry members to give users software to filter spam. In some cases, “nuisance” spam, such as those with disguised addresses, are dealt with more seriously by the ISP itself.⁴¹ Such a response is understandably not satisfying to users so it is not surprising that legislation is being brought to bear.

Such industry self-regulation comes not only from IT-related associations. The UK's Code of Advertising Practice, for example, requires commercial emailers to obtain consent from receivers. There have also been suggestions to have the subject of the spam labeled “ADV” for advertisements. In any event, the UK Code states that subject headers should not be misleading.

In a signal of recognition of the limits of technology and self-regulation, the UK report by the All Party Parliamentary Group urged greater enforcement of stronger legislation to arrest the problem.⁴² Many countries, again mostly developed ones, are passing or have passed laws banning spam.

However, the nature of spam is that international cooperation is needed. Australia's National Office for the Information Economy (NOIE) has called for international anti-spam cooperation. The report concluded that a combination of domestic legislation, technical countermeasures and global cooperation were the best ways to limit spam.⁴³ Australia, in 2003, passed its own Spam Act.

⁴¹ Eric Blinderman, Monroe Price and Stefaan Verhulst, “Codes of Conduct and Other Self-Regulatory Documents: Emerging Patterns of Norm Formulation and Enforcement on the Internet,” Programme in Comparative Media Law and Policy, University of Oxford, 2000.

⁴² All Party Parliamentary Group, “Spam: Report of an Inquiry by the All Party Internet Group,” 15.

⁴³ Australian National Office for the Information Economy, “Spam,” 2003. http://www2.dcita.gov.au/__data/assets/file/13050/SPAMreport.pdf (accessed October 4, 2004).

The EU regulates spam through its July 2002 Directive on Privacy and Electronic Communications (the “Directive”).⁴⁴ The Directive requires, among other things, that recipients “opt-in” to receive unsolicited emails. However, cooperation in Europe has not been easy. Eight countries were issued warnings for not implementing the Directive in time.⁴⁵

It is early days to determine the success of the various legislation that have been promulgated. However, if the American CAN-SPAM Act, is anything to go by, the result of legislation at the local level is not encouraging. The Pew Internet and American Life Project says that the verdict is mixed, with reports of increases, decreases or the same volume of spasm.⁴⁶ Ironically, the most prominent spammer to be convicted and jailed, Howard Carmack, was arrested and charged under laws not originally intended to be used against spam. Now known as the Buffalo spammer case, Carmack was, in mid-2004, sentenced to 3.5 to seven years under New York State's laws on identity theft and forgery.⁴⁷ It would appear that the CAN-SPAM Act was superfluous for the prosecution in that case.

It is evident that spam can only be tackled with a multi-layered approach. Besides enforcement action taken against the offenders, users should also be educated to defend themselves against spam. Governments will have to legislate. Otherwise, if no action is taken against spam, that country would become a haven for spam. International cooperation will be needed in this area.

⁴⁴ http://europa.eu.int/eur-lex/pri/en/oj/dat/2002/l_201/l_20120020731en 00370047.pdf (accessed October 4, 2004).

⁴⁵ John Leyden, “Europe Drags Heels in War on Spam,” The Register, April 27, 2004. http://www.theregister.co.uk/2004/04/27/spam_law_review/ (accessed October 4, 2004).

⁴⁶ Lee Rainie and Deborah Fallows, “The CAN-SPAM Act has not Helped Most Email Users So Far: A PIP Data Memo,” (Pew Internet and American Life Project, March 17, 2004). http://www.pewinternet.org/PPF/r/116/report_display.asp (accessed October 4, 2004).

⁴⁷ Andy Sullivan, “‘Buffalo Spammer’ sentenced to 3½ to 7 years,” USAToday 2004. http://www.usatoday.com/tech/news/internetprivacy/2004-05-27-spammer-to-slammer_x.htm (accessed October 4, 2004).

CONCLUSION48

The above discussion of some problem areas of the internet demonstrates the possibilities of regulating the internet. While such enforcement action need not necessarily stifle the internet, it may also in some instances, help users feel safer and more comfortable.

In a number of these areas, international cooperation is needed. Such cooperation is happening among enforcement agencies for the more serious offenses such as child pornography, consumer fraud and cybercrime. They are absent for what is deemed to be less serious offenses. Today, offenses such as spam can cause serious economic loss considering the time and effort users must expend to handle them.

Governments have to look at which international best practices and policies to adopt. The reason is that a country that does not adopt such practices will likely find itself the home of criminal activity. For some of the issues discussed here, therefore, there is likely to be a convergence of laws and policies. In other words, governments will emulate best practices and therefore, promulgate similar laws.

⁴⁸ As the book was in its final stages, several new phenomena emerged: spim, spit and phishing. Spim is unsolicited bulk commercial email or spam on instant messaging, spit is spam on internet telephony; and phishing is the fraudulent practice of pretending to be another site and misleading users to type confidential information such as Personal Identification Numbers (PINs), passwords and bank account codes on the fake site.
The response to these offenses should be multi-layered: education of users, technology deployment, industry self-regulation and legislation.