Such proposed legislation may appear sensible and simple to implement. But it only serves to demonstrate the lack of knowledge often apparent on the part of the lawmakers. Legislation existing to tackle issues of free speech, copyright, and the like cannot simply be ‘cut and pasted’ onto the Internet. The issues governing the Internet are far too complex.
There is no overall ownership, no large companies to approach and regulate. Though the tendencies toward integration and convergence, as discussed above, may solve this problem for authorities.
Its instantaneity is also marked out as being an important aspect, which can increase the impact of broadcasts, and also limit the opportunity for traditional intercession, by authorities.
There is also the issue of transnationality, which makes any binding law near impossible to create, much less enforce. It is too widespread to be easily controlled by any single government. “By creating a seamless global-economic zone, borderless and unregulatable, the Internet calls into question the very idea of a nation-state” (Barlow 13).
However that is not to say that every effort is not being made to regulate this difficult terrain.
Examples of Internet Regulation
China
China is perhaps the most pertinent example of governmental controls being placed over the Internet. In March 2002, two Vietnamese journalists, Le Chi Quang and Tran Khue, were arrested for publication of material held to be “dangerous information” (DeSio, [email protected]). It was assumed that by publishing online, they were sending the information overseas. The content of the publication was an essay regarding Vietnam's secret border agreements with China, and of a letter to Chinese president Jiang Zemin.
In another incident, Lin Hai was arrested and sentenced to 2 years for sending 30,000 email addresses to an U.S. online magazine (BBC News, bbc.co.uk). While he claims that he was simply exchanging emails addresses for his Internet business, it was viewed as a subversive act, as the magazine in question is strongly in favour of Chinese democracy.
In November of 2001 the Chinese government were reported to have closed more than 17,000 Internet cafes. Thousands more were ordered to install police surveillance software. This includes functionality requiring a user to log on and identify themselves prior to using the web. Clearly the authorities in China view the Internet as a threat, and not without reason. Estimates of Internet use in China are up to 26 million by 2001, increasing by over 4 million in a half year alone. All these users have potential access to dissident information and Western media.
Cuba
Nor is China the only nation to take outlandish methods to curb what is apparently perceived as a threat to governmental stability. Recently, in an effort to curb Internet use, the Cuban government has banned the sale of computers for personal use (Lebowitz, dfn.org).
USA
The effects of events in recent years have provoked similar actions by western governments, most notably the U.S. In the late 1990’s, moved by TWA Flight 800 and the pipe bomb at the Olympics there was already a move toward decryption. In 1996, the then G7 urged states to “accelerate consultation in encryption that allows, when necessary, lawful government access to data and communications in order to prevent or investigate acts of terrorism, while protecting the privacy of legitimate communications” (Scheier and Banisar 322).
While understandable as efforts to protect life and national security, the immediate effects of the attacks on September 11 2001 are proving to be more severe. Smith’s Bill, named after the Texan Republican who sponsored the bill, moves to make sweeping changes to penalties for cyber-crime. Current law holds that the penalties for a cyber-crime are equal to the financial damage caused. Under Smith’s Bill, the perpetrators intent and whether or not it was a government system will also be taken into account.
The bill will also encourage ISP’s to report on user activity and threats that are not immediate, an activity that is currently prohibited by privacy laws. They will also be required to hold information, including customer’s emails, for at least 90 days. This is noteworthy considering how many Internet users world wide use web-based mails, such as Hotmail or Yahoo, that are physically based in the United States. As with many current Bills targeting national security in regards to the Internet, no search warrant or similar, will be required for seizure of these records.
UK examples – regulating Service Providers
That some nation-states have restricted access to the Internet and that privacy and encryption software have become issues for national security make it obvious that the regulation of the Internet by government is underway. However, as it is improbable that government will be capable of enforcing this regulation without aid from the industry, it is likely that the present compromise between governmental, commercial, and public interests will continue as the main regulatory force in communications. It is simply impractical for any government to assume that it possesses the resources to effectively police a structure like the Internet. If they wish to remain effective, the regulatory structures that are emerging cannot conform to traditional paradigms of control.
The impossibility of success in any effort to do so is made clear by expert responses to the Anti-Terrorism, Crime, and Security Act, in the UK. The government’s immediate response to the September 11 attacks was to further empower authorities in a similar manner to the Regulation of Investigatory Powers Act of 2000. While the Home Secretary initially stated that the act would apply “strictly in the case of a criminal investigation against suspect terrorists” it is now stated that it will apply to the “full range of purposes listed in the act” (Millar, guardian.co.uk). These include national security, preventing public disorder, and even tax collecting.
The result of this legislation is that, without the need to obtain an order, police can request the decryption of any data, such as the password for an individuals email account, and have access to such details as: email addresses they have been in contact with, which ISP’s they use and what websites they visit and when. According to the Foundation for Information Policy Research, the data gathered would provide a “complete map of an individual’s life” (Millar, guardian.co.uk). The U.K. has obviously realised the potential power of an all-encompassing information network, a panopticon.
Response from Industry
The response from industry has been overwhelmingly negative. An important point to consider is that the argument against this regulation often has little to do with free speech, rather “that it is completely ineffective” (Bowden, bbc.co.uk). This is made evident in the four main proposals issued by the UK government to further monitor online activity. These are covered in some detail here, as they are similar to proposals from many other governments.
All encryption software would contain a secret weakness allowing access by official authorities. The flaw here is that were the ‘back-door’ ever to be cracked or leaked; the entire communications structure would be wide open. A ‘back-door’ for police to use would be also open to use for any competent hackers.
The concept here is that every individual or organisation using encryption would have to deposit his or her key in a database. Setting aside the issue of several layers of encryption possibly being used (as in an encrypted file inside an encrypted file), it is widely held that such a database would be near impossible to create, much less maintain.
- Power to demand decryption
The RIP Act gives powers to demand decryption of any data, regardless of whether or not the person in question is suspected of any crime.
Setting aside the ethical issue of possibly being imprisoned for 2 years for forgetting a password, it is unlikely that a terrorist, facing charges of encryption, would willingly decrypt data that would convict him or her of far more serious crimes.
Effectively hacking into whatever system is targeted. While this would probably be quite effective, the validity of any evidence obtained in a court would be questionable. It also presumes that one has found the correct target through other means.
Ultimately none of these options can prevent the hiding of information. Clandestine operations have always managed to secret themselves using words with veiled meanings, fake adverts in newspapers, and so on. Online, an exchange can hide itself as an innocuous conversation. Layered meanings can be woven into image and audio files. No keyword detection program can ever hope to catch every variation. “Those who want a nostalgic return to the era of phone-tapping are either naïve or impervious to reason. The only way to stop terrorist cells communicating via the Internet is to disinvent it. Encryption is irrelevant” (Bowden, bbc.co.uk). Ultimately a system that is designed around the core concept of decentralisation will need to be wholly reinvented in order to be effectively controlled. These attempts to establish technological means of control are unlikely to succeed.
Examples of Technological Control Online
Carnivore (aka DCS1000)
Carnivore is a controversial computer system designed by the USA's FBI to monitor, intercept and collect Internet communications (email, web pages accessed, etc). Carnivore is placed on an Internet Service Provider's system and collects data on a removable hard-drive. A court order and the ISP's knowledge and assistance is required to install the system. Controversy surrounds the use of Carnivore because it can intercept and collect communications by people who have nothing to do with the FBI's investigation, for example, if the system is purposely or accidentally misconfigured, or presumably if the software is faulty
Echelon
Echelon is a global electronic surveillance system. "Australia and New Zealand are key partners in Echelon, the satellite spying system whose existence is still being denied by US authorities, a European Parliament report has concluded. While the USA continues to deny it’s existence, 'that a global system for intercepting communications exists, operating by means of co-operation proportionate to their capabilities among the US, the UK, Canada, Australia and New Zealand, under the UKUSA agreement, is no longer in doubt,' the committee investigating Echelon says.
The system's primary purpose is 'to intercept private and commercial communications, not military communications'.
From : “”, Duncan Campbell, London, The Age, 30 Sep 2001
"...According to the FBI, the conspirators did not use encryption; once found, the e-mails could be openly read.
...There is also evidence that the terrorists used simple open codes to conceal who and what they were talking about. This low-tech method works. Unless given leads, even the vast Echelon network run by NSA and GCHQ cannot separate such messages from innocuous traffic.
NSA's (National Security Agency) problem, says Gladman [Dr Brian Gladman, formerly responsible for electronic security at the Ministry of Defence and NATO], is that 'the volume of communications is killing them. They just can't keep up. It's not about encryption'.
The NSA has been trying to keep up with the Internet by building huge online storage-systems to sift e-mail. ...The problem with NSA's purely technological approach is that it cannot know what it is looking for. While computers can search for patterns, the problem of correlating different pieces.
Echelon’s main purpose is purportedly to allow countries to spy on their own citizens. In the US and the UK, privacy laws and basic constitutional rights often prohibit the governments from spying on their own citizens; however they can spy on each others and share information.
Anonymity Online and Surveillance Culture
In a previous session, anonymity was underlined as being one of the most essential parts of a functioning democratic media.
However the efforts of legislation, whether successful or not in complete regulation, will have crucial effects on anonymity; especially now as recent uses of the Internet by terrorist groups have brought this facet of the Internet even further into the public eye. While the anonymous nature of the net makes accountability impossible, and is thus crucial to the arrest of terrorists, child pornographers, and any number of online criminals, it is also central to a discussion regarding free speech online.
Anonymous online speech has allowed for open criticism by political dissidents in Singapore, employees to report illegal activities including health and safety issues, AIDS victims and similar to talk about their experiences without fear of persecution, and many other activities worthy of legal protection. This concentration on the content’s worth over the author’s background has pushed for a consideration of the text on its own merits, without attention being given to the ethnicity, age, gender, or class of the author.
This feature of the Internet also makes it possible to communicate secretly, something that cannot be permitted in today’s political climate. There is a ‘surveillance culture’ that is being fostered by ‘real TV’ shows and the like that is developing in all areas. An example from outside the Internet, which highlights this culture, is the use of FRS (Face Recognition Software) at Superbowl 35 (Herdy , sptimes.com), in the Paris, Milan and London undergrounds (Mazoyer, en.monde-diplomatique.fr), in some London areas (Newham.com), and a growing number of locations. Should the computer match your face to that of a known criminal to within 85 per cent accuracy, you will be stopped for questioning. In Paris, staying still for longer then a few minutes will notify security, searching for vagrants. Again, the Panopticon seems a ready metaphor. “By 2005, 95 per cent of cell phones must be able to be traced to with an accuracy of about 1,000 feet or better” (Foxnews.com) in the U.S. by federal mandate. Already police can and do trace mobiles to within a few metres. A cynical view might state that the current concentration on the ‘normal individual as star’ in popular culture (Reality TV) might be used effectively to nurture a culture where the increasing monitoring of our daily lives is acceptable, even preferable.
The USA Act
There is also a great deal of legislation targeted specifically at online anonymity. The USA Act has gained a considerable following in the States, though many believe that it was pushed through as an ill-considered reaction to the September 11 attacks. The bill “could result in some of the most draconian surveillance legislation ever to hit the Internet” (Johnson, mediaguardian.co.uk). Another facet of the U.S. government’s current moves to monitor the Internet is ‘Magic Lantern’, which would “allow investigators to secretly install over the Internet powerful eavesdropping software that records every keystroke on a person’s computer” (Bridis, washingtonpost.com).
While this could efficiently solve the problems of clandestine messages being transmitted online, it leaves broader concerns. True anonymity will be lost, though its appearance will be maintained.
Conclusion
The problem in such solutions lies in their basic assumption that the authorities to which these powers are entrusted are themselves trusted by the user. The central issue in arguments concerning Internet accountability and anonymity lies with a growing distrust of government. Many websites provide the means to freely criticise our political leaders, and discuss personal matters freely. If this communication were under scrutiny by these very bodies, their use would certainly diminish. The public sphere would certainly suffer as a result.
Perhaps effective and popular legislation is impossible when the user desires protection from the lawmakers themselves.
