Author:	Robert Chalmers BA, LLB (Hons), LLM (Lond) Lecturer, University of Adelaide School of Law
Subjects:	Cybercrime Internet Computer Network -- Australia (Other articles) Internet computer network law and legislation (Other articles)
Issue:	Volume 9, Number 3 (September 2002)
Category:	Refereed Articles

Paper presented at the Australasian Law Teachers' Association annual conference hosted by Murdoch University School of Law, Perth, Western Australia September 29 - October 2 2002.

Contents

• 1. INTRODUCTION
• 2. DIFFICULTY IN IMPLEMENTING REGULATION
• 3. THE EXAMPLE OF CENSORSHIP
• 3.1 Limitations of pre-existing censorship laws
• 3.2 Broadcasting Services Amendment (Online Services) Act
• 3.21 The process of developing the legislation
• 3.22 The legislative framework
• 3.23 Technological and cross border problems
• 3.24 Operation and Review of the scheme
• 3.25 EFA - FOI requests and AAT Appeal
• 3.26 Government's legislative response to FOI requests
• 3.3 Non-regulatory approaches
• 3.4 State Implementation of the Federal laws
• 3.5 United States
• 3.6 Europe
• 4. INTERACTIVE GAMBLING CONTROLS
• 4.1 Enabling Legislation - Queensland Interactive Gambling (Player Protection) Act
• 4.2 Blocking Legislation - Interactive Gambling (Moratorium) Act 2000
• 4.3 Ban - Interactive Gambling Act 2001
• 4.4 Recent Case Law from the US
• 5. CYBERCRIME
• 5.1 Cybercrime Act 2001
• 5.2 Cybercrime Convention
• 5.3 US Action
• 6. SPAM
• 6.1 NOIE interim report
• 7. CONCLUSION
• NOTES

1. INTRODUCTION

1. Many of the recent Australian regulatory initiatives created to address perceived Internet based problems were subject to widespread criticism at the time of their generation and inception (in particular the censorship[1] and gambling controls).

2. This paper will consider the following examples of local Net regulation:
   • Broadcasting Services Amendment (Online Services) Act 1999, attempts to introduce State "mirror" legislation[2] and other State laws;

   • Interactive Gambling Act 2001 (and predecessors);

   • Cybercrime Act 2001 (in particular its provisions directed against denial of service attacks);

   • The 2002 "Spam" reference to the National Office for the Information Economy (NOIE).

3. Based on performance data now available, how successful have the older regimes been in addressing the issues that prompted their creation? Do any of the newer reforms or proposals reflect any learning from earlier experiences? Given the difficulties (technical, practical and jurisdictional) of regulating Internet based activity, is the law of any real use in these fields or is it just window dressing? Or even if ineffective, does it serve some other useful signalling or symbolic function?

4. Some comparison will also be made with international experiences in this area, especially in the United States and Europe, along with mention of alternative and extra-legal methods of control.

5. The problems posed by the Internet are serious, but this paper argues that recent attempts to tailor specific laws to deal with these problems have proved fairly futile in providing an effective remedy. They may have achieved certain political goals, but they have done so at a significant cost. More care and consideration is needed in crafting appropriate laws, and more emphasis needs to be placed on extra-legal methods of control.

   2. DIFFICULTY IN IMPLEMENTING REGULATION

6. The Internet provides a new communications medium which is potentially very flexible and can enable very fast, widespread distribution of information of all sorts on a world wide basis. It is also possible to encrypt such information, hide the nature of information which is being distributed, or even the fact that any meaningful data is being exchanged at all. This new technology challenges the reach and effectiveness of previous regulation of media in more traditional formats, including (but not limited to) censorship regulation. The sheer volume of material transmitted through the Internet also contributes to the impossibility of creating a watertight monitoring system.

7. The Internet provides a new channel not merely for the distribution of all sorts of material, but also the establishment of interactive services. Some of these may involve materials or activities that have previously been regarded as offensive or are restricted, regulated or prohibited in some way in the "off line" world.

8. Obviously the Internet and other information technologies pose considerable challenges for the effective regulation of activities they mediate, given: the ease of reproduction and dissemination of material in digital form; the anonymity possible in information distribution; the ability to hide information (through encryption or steganography or other methods);[3] and difficulties in enforcing controls. The difficulties in enforcing controls apply particularly in relation to cross border activities (participants in such activities may be in a number of different jurisdictions). The problems here include inconsistency of regulation cross-border, the difficulties of establishing effective co-operation of authorities cross-border, and the general cost and complexity of dealing with activities that need to be traced through many different countries.

   3. THE EXAMPLE OF CENSORSHIP

9. This section will consider the Broadcasting Services Amendment (Online Services) Act 1999 and related State legislation. This example is useful to consider as it is now the oldest of the relevant Commonwealth regulatory schemes in Australia. The regime was subject to widespread criticism, particularly in the lead-up to its introduction when some commentators decried the proposals as making Australia a "global village idiot" or the dunce of the networked world, in purporting to control the uncontrollable, and serving only to hurt local industry (content producers), partly through uncertainty as to the reach of these controls. While the Government never promoted these laws alone as constituting an effective system of control (as we will see below), there did seem to be a significant political motivation in introducing these laws and being seen to try to do something, or reassure a less informed public that the Internet was a safe place to interact with.[4]

10. The effectiveness and cost of the regime in achieving anything beyond short term political aims is however another question, and it is an opportune time to re-examine its achievements as there is soon to be a formal review into the impact of these laws.

    3.1 Limitations of pre-existing censorship laws

11. Pre-existing censorship laws[5] still applied to online content published, sold or hired using the Internet, where the resulting materials were expressed in hard-copy form, or stored in a permanent form. But it was not clear whether the acts of publishing, distributing or accessing information over the Internet would be an offence.[6] Further, the models adopted in many countries to regulate traditional media content have relied on the production and distribution of trackable and seizable "hard copy" content being carried out domestically in a relatively centralised and organised manner. The Internet provides a radically different distribution model.

12. As a result of this, and public concern about exposure of offensive material on the Web in a readily accessible form, many governments have been considering or have attempted to implement controls which extend to regulate the distribution of information via this new technology. Australia has been at the forefront of such efforts for some years, and has alternatively been viewed as "world leading", "draconian" or as being a "global village idiot" for these attempts. There are very real problems at a technical and regulatory level in trying to effectively regulate the dissemination of offensive material, which are acknowledged at least to some degree even by the Federal Government.

    3.2 Broadcasting Services Amendment (Online Services) Act

    3.21 The process of developing the legislation

13. Concern about how to deal with Internet based distribution of offensive material had been building for some time. The Australian Broadcasting Authority had been involved in a pioneering study into international regulatory issues.[7] The Standing Committee of Attorney Generals had also been considering draft model legislation for online content since 1996.[8]

14. After announcing its basic intentions in 1997 and being involved in some consultations, the Federal government eventually introduced the Broadcasting Services Amendment (Online Services) Bill 1999 into the Senate on 21 April 1999, without a previously promised exposure draft stage (pre-empting more extensive public comment and involvement in its formulation). The legislation was passed in the Senate in late May and debated and passed in the House of Representatives in June 1999.

15. The prefatory statement in the Explanatory Memorandum states that:

    "The Government takes seriously its responsibility to provide an effective regime to address the publication of illegal and offensive material online, while ensuring that regulation does not place onerous or unjustifiable burdens on industry and inhibit the development of the online economy."

16. The regulatory framework purports to strike a balance between the interests of the industry and wider community concerns about illegal or highly offensive material that may be harmful to children. While acknowledging technical difficulties with blocking material that is hosted overseas, the Government considers that where it is technically feasible to block material this should be done and states that: "It is not acceptable to make no attempt at all on the basis that it may be difficult."

17. The government had considered four regulatory models:[9]
    (a) an individual licensing scheme for service providers setting standards of propriety pre-market;
    (b) co-regulation involving industry self-regulation within a legislated framework;
    (c) industry self-regulation without legislative supervision;
    (d) no specific action, relying on the market in conjunction with existing law.

18. Model (b) is the model the government selected. Another issue they needed to consider was what range of material should trigger action by the ABA. There were two pre-existing models to choose from: that applying to videos and magazines or that applying to subscription broadcasting and narrowcasting television services:
    (1) restricting the definition to any material that has been (or would be) Refused Classification (RC) under the National Classification Code. This would leave X- and R-rated material to be regulated under State and Territory legislation and would be consistent with the regulation of `off-line' material, such as videos and magazines;
    (2) restricting the definition of proscribed material to any RC material and material classified X, and material classified R that is not protected by adult verification procedures such as passwords or PINs. This would be consistent with the regulation of content on pay TV and narrowcast services where X rated material is prohibited and R rated material must be encrypted or modified.

19. The government also considered a compromise position but decided ultimately to proscribe RC and X rated material, plus R-rated material that is not protected by adult verification systems. Part of the reasoning was to ensure consistency with regulation of subscription broadcasting and narrowcasting services (given that access to online services can be seen to be less discretionary than access to conventional content in hard copy form). The decision also sought to take into account possible future technological convergence which may result in online services becoming more like broadcasting (and so purportedly needing a higher level of regulation). The government was also concerned about the ease of child access to such material.

    3.22 The legislative framework

20. The Broadcasting Services Amendment (Online Services) Act 1999 amended the Broadcasting Services Act to provide for the regulation of online services. There are numerous other articles discussing the detail of the framework[10] but for the purposes of this article in overview the main elements of the system are as follows:
    • "Internet content" is defined as stored information which is accessed over an Internet carriage service, including material on the World Wide Web, postings on newsgroups and bulletin boards, and other files that can be downloaded from an archive or library;

    • a complaints mechanism is set up so that people can complain to the Australian Broadcasting Authority (ABA) about offensive material online;

    • material that will trigger action is defined on the basis of National Classification Board guidelines for film (Guidelines for the Classification of Films and Videotapes), as material Refused Classification and rated X,[11] and material rated R[12] that is not protected by adult verification procedures[13] It is important to note that the R classification is not preserved simply for pornography, but extends to cover other material, including that dealing with "adult themes" - including non sexual material such as suicide, crime, corruption, marital problems, emotional trauma, drug and alcohol dependency, death and serious illness, racism and religious issues;

    • the ABA can issue notices (so called "take down" notices) to service providers aimed at preventing access to prohibited material. If the material is hosted in Australia and is prohibited, or is likely to be prohibited, the ABA will direct the Internet content host to remove the content from their service;

    • If the material is sourced overseas the ABA will notify the content to the suppliers of approved filters.[14] Makers of the filtering software products update their products to "blacklist" access to sites hosting offensive material to filter future Internet access. Referral of content to the makers of approved filtering software products is provided for in industry codes of practice developed by the Internet Industry Association (IIA), which are given teeth by the legislation in this so-called "co-regulatory" scheme.[15]

    • If the material is sufficiently serious (eg child pornography), the ABA may refer the material to the appropriate law enforcement body;

    • indemnities are given to service providers to protect them from litigation by customers affected by ABA notices;

    • there is a graduated scale of sanctions against service providers breaching ABA notices or the legislation;

    • subject to the ability of the Minister to declare a person to be an Internet Service Provider ("ISP"), the legislation does not apply to private or restricted distribution communications such as ordinary e-mail or real time chat services or voice over Internet communications.[16]

    • a community advisory body exists to monitor material, operate a `hotline' to receive complaints about illegal material and pass this information to the ABA and police authorities, and advise the public about options such as filtering software that are available to address concerns about online content.

    3.23 Technological and cross border problems

21. The Regulation Impact Statement in the Explanatory Memorandum acknowledges the difficulties faced in attempting to regulate this area:

    "Online communications are an intrinsically global medium. This means that no system of national regulation, short of isolating the nation from all transborder electronic communications, can expect to control all information transmitted online. Similarly, network or service provider blocking of objectionable content emanating from overseas may not be effective, given the rapid growth of Internet sites, the impossibility of monitoring each one or monitoring all telecommunications traffic, and the relative ease with which users can by-pass domestic service providers by accessing Internet nodes offshore through the international telephone system. Nor can online service providers be made to 'police' the content transmitted through their service (as for example a cinema or newsagent is made to in relation to conventional media), because the online service provider will often not be aware of, or be in a position to be aware of, much of the content which is being accessed or provided by users of their service."

22. The government acknowledged the difficulties with blocking international access, including a CSIRO study that concluded that blocking by service providers of non-hosted material (such as material sourced from overseas) may be ineffective. It rejected the option of doing nothing about such overseas material on the basis that the majority of online material is sourced overseas, and so supposedly exclusion of it from the regulatory model might undermine confidence in the regulatory framework. However, the government did not seem to acknowledge that doing something comparatively ineffective about it (which might be seen as the end result) may also undermine confidence.

23. Internet service providers (ISPs) play their part by providing filtering software to their users in accordance with the IIA codes. ISPs have to supply filters if requested - most people apparently don't want them[17] (note also that users are responsible for their configuration and maintenance). The CSIRO conducted a major study for the government on filtering products, which noted the lack of any perfect solution and the dilemma posed by the fact that the more "effective" a filter was in filtering out objectionable content, the more likely it was to impact on overall performance and access to non objectionable content.[18]

    3.24 Operation and Review of the scheme

24. What do available data about the operation of the scheme tell us as to its success in meeting its aims? The scheme started on 1 January 2000 and during the first 3 months, the ABA received 124 complaints, issued final take-down notices for 31 items of Australian-hosted content, referred 45 items of content to the makers of filtering software products and referred 7 items of content to law enforcement agencies. About half the investigations resulted in the location of prohibited or potential prohibited content.[19]

25. Some of the tables from the ABA's 6 month review of the operation of the Act are reproduced below. As will be seen from an examination of these tables, the bulk of the offensive content complained of was hosted outside of Australia, and so was effectively beyond the reach of the system's take down provisions.

    Table 1: Outcome of Completed Investigations

    	Australia	Outside Aus	Total
    Not Prohibited or Potentially Prohibited Content	27	9	36
    Prohibited or Potentially Prohibited Content	9	26	35
    Total	36	35	71

     

     Table 2: Action Arising from Completed Investigations

    Australian Hosted	Items*
    R Classified (restricted access system not implemented - final take-down notice issued)	5
    X Classified (final take-down notice issued)	3
    RC Classified (final take-down notice issued)	23

    Hosted Outside Australia[20]	Items*
    Prohibited or Potential Prohibited (X) - referred to makers of approved filters	10
    Prohibited or Potential Prohibited (RC) - referred to makers of approved filters[21]	35
    Referral to Police	7

    * Some items were the subject of more than one complaint while some complaints resulted in the investigation of a number of items.

     

26. As even the ABA representatives involved in administration of and reporting on the scheme acknowledged in a paper relating to their six month review, "in the end, it is up to individual users to actively manage their own use and that of the young people in their care".[22]

27. The latest report from the ABA on the operation of the scheme was issued on 13 February 2002 and related to the period 1 January and 30 June 2001.[23] A few excerpts from its tables sections are shown below. Again obvious, but this time more markedly than in relation to the 6 month review, is the fact that the vast bulk of such material is not hosted in Australia and so is beyond the reach of its regulators.

     

    Outcome of investigations

    Location of Internet content host	Prohibited/potentially prohibited[24]	Not prohibited	Total
    Australia	8	8	16
    Outside Australia	90	79	169
    Total	98	87	185

     

    Referral to law enforcement agencies

    	Jan to Jun 2000	Jul to Dec 2000	Jan to Jun 2001	Total
    Australian Federal Police	51	105	104	260
    State or Territory Police	44	45	23	112

     

28. Clearly the scheme can do nothing mandatory about material hosted off-shore, where indeed the vast bulk of it is stored. Equally obvious is that there has been no noticeable reduction in the availability of pornography on the Internet (indeed in the wake of the dotcom crash this is purported to be one of the Internet's few remaining growth areas). And now we are facing new and more intrusive methods of distribution or advertising for such material (by means of spam - see below under section 4).

29. Further, many groups are concerned about the potential breadth of the controls, the actual practices used in their enforcement and the lack of checks or balances in the system:

    "This is an unaccountable regime?Unless it is made more accountable, there is no way to know whether the ABA is implementing the law properly?For instance, they've refused to even give us information about materials classified 'R,' which is not illegal for adults to access... At this point, the public is not even being allowed to know what the ABA is censoring?If no one tries to make them accountable, they could become more and more draconian."[25]

30. On the other hand, while there may have been some degree of inhibition of local activity in posting material to the Internet which deals with adult themes or otherwise skirts the boundaries of "acceptable" content in the name of art or freedom of speech, there has probably not been as profoundly chilling effect in this respect as some earlier commentators feared,[26] if for no other reason than lack of awareness of the potential impact of the controls, and the lack of publicity in relation to such matters now that the political debate has moved on to other issues.

31. Note that the legislation is required to be formally reviewed by 1 January 2003. It is to be hoped that the review will result in some improvement,[27] although it seems unlikely that the current scheme will be dismantled, despite its ineffectiveness in doing anything substantial about the presence of offensive material on the Internet.

    3.25 EFA - FOI requests and AAT Appeal

32. As is evident from the quote set out above, Electronic Frontiers Australia is one of the organisations that has been concerned about the lack of transparency around the operation of the scheme, in particular in relation to how the ABA is making decisions about classification of content, especially at the border line where such decisions are being made in relation to content which is not of a blatantly offensive nature (such as child pornography) but rather relates to "adult themes". The EFA filed a request in February 2000 under the Freedom of Information Act seeking further details of the "take-down" orders issued under the Act. They eventually received a censored copy of documents but these provided little further information about the sites taken down or their content. EFA then went to the Administrative Appeals Tribunal in July 2001 seeking review of the decision to censor most of the important information. They complained that Internet sites are being treated more harshly than "offline" films, publications and video games, where such details are available.[28]

33. However the chairman of the ABA, David Flint, defended such differential treatment:

    "While there are obvious practical and legal difficulties in obtaining access to a censored film, an Internet access allows and even invites access?Many of these proscribed sites show the most appalling abuse of children, sometimes very young."[29]

    The ABA argues that it can't make address or URL information public or it might be seen to be promoting such sites. However the EFA has repeatedly denied that it is actually seeking such address details - rather it is seeking relevant information in relation to how the ABA is operating the scheme and making decisions about content.

34. The AAT handed down its decision in Electronic Frontiers Australia Incorporated and Australian Broadcasting Authority (Q2000/979)[30] on 12 June 2002, rejecting EFA's appeal, but evidently not without some difficulty in trying to balance administration of the system against public rights of access to information relating to that administration. The AAT acknowledged that there were:

    "important issues relating to censorship, openness of government and even to the confidence that the public has in the agencies of government to implement and administer its schemes with integrity for secrecy can ultimately lead to the public's questioning integrity even where there is no need for such questioning"[31]

    3.26 Government's legislative response to FOI requests

35. Apparently in response to the FOI requests from EFA, the Government introduced proposed amendments to the Freedom of Information Act 1982 on 27 June 2002 - in the form of the Communications Legislation Amendment Bill 2002. The changes would exempt the Office of Film and Literature Classification and the Australian Broadcasting Authority from requirements under FOI law to disclose certain documents that relate to the operation of the censorship regime. Two new definitions are inserted:
    "offensive Internet content means Internet content (within the meaning of Schedule 5 to the Broadcasting Services Act 1992) that is:

    (a) prohibited content (within the meaning of that Schedule); or
    (b) potential prohibited content (within the meaning of that Schedule)."

    "exempt Internet-content document means:

    (a) a document containing information (within the meaning of Schedule 5 to the Broadcasting Services Act 1992) that:

    (i) has been copied from the Internet; and
    (ii) was offensive Internet content when it was accessible on the Internet; or
    
    (b) a document that sets out how to access, or that is likely to facilitate access to, offensive Internet content (for example: by setting out the name of an Internet site, an IP address, a URL, a password, or the name of a newsgroup)."

36. In the words of the EFA:

    "The amendments are designed to further prevent public scrutiny (and potential criticism) of the operation of the Internet censorship regime and of claims made by the Minister, the ABA and the OFLC."[32]

    The EFA thinks the changes will enable the ABA and OFLC to completely censor all records relating to Internet classification decisions (for instance by means of use of relevant banned URLs as headers or footers on every page of relevant documents). While the changes may not be interpreted to go to quite the extent suggested by the EFA, they do seem to represent a questionable extension of special exemption to the scheme and run counter to a more open and accountable operation of the classification process. And on the basis of past responses to FOI requests by the ABA the EFA can be forgiven for being suspicious as to how these new provisions, if passed into law, might be used.

    3.3 Non-regulatory approaches

37. As described in the Explanatory Memorandum, the Government's approach does not rely on regulation alone. It is also encouraging better education, the development of content labelling and labelling standards, and the provision by Internet service providers of a range of options for consumers to permit subscription to services that only allow access to a "sanitised" cache of permitted material or alternatively services that are filtered by the service provider.

38. Some hope that self-rating and filtering systems will give users choice and offer a means of protection. Initiatives include PICS - the Platform for Internet Content Selection, development of which was supported by the World Wide Web Consortium.[33] Such systems rely on voluntary self-labelling of content according to certain standards, which can be automatically picked up by a properly configured Internet browser, which can then screen access to content which is outside of the user set preferences. The concept for child protection purposes is then that adults can set password protected preferences for child access - presuming the adult has the requisite skill! However only a tiny portion of content accessible on the Internet has been PICS rated and this is a voluntary self rating system in any event, which could be readily abused.

39. Other filtering systems can also be both over and under inclusive in the breadth of the material that they block or filter, indeed there is no such thing as a perfect filter.[34] This has posed major problems for US attempts to mandate the use of such filtering products, given US freedom of speech laws. Note also that such systems can have a degree of cultural loading in the formulation of the relevant categories of content type.[35] For instance, it has been noted that most of the filter products on the market are US developed and so fairly US centric in their cultural concerns and construction.

    3.4 State Implementation of the Federal laws

40. There has only been slow and patchy progress towards implementation of the State laws that are needed to mirror and give further sanctions in conjunction with the federal legislation (the federal legislation only gives practical take down sanctions in relation to service providers, but the State legislation is meant to impose criminal penalties on content providers).

41. South Australia moved towards putting such legislation[36] in place but those moves stalled initially in the face of widespread criticism.[37] Legislation has now been reintroduced into Parliament but at the time of writing had not yet been passed.

42. NSW passed laws (not yet proclaimed), but they were referred to a legislative review committee in the face of continuing public concern.[38] That committee issued a detailed report in June 2002.[39] Amongst the key findings of the committee were the following:
    the proposed model "could have a significant effect on the legitimate use of the Internet and may affect the fair reporting of news and current affairs";
    • "legitimate use of the Internet by residents of NSW may be deterred";

    • the provisions "may have the unintended consequence of criminalising a wide range of academic or other material which would be legal to publish off-line";

    • the regime will not meet the stated policy objectives of deterring the making available of objectionable matter and protecting minors from unsuitable material and is ineffective and unenforceable;

    • a much better way of achieving the policy objectives would be to use a combination of existing laws, some take down notices, voluntary use of filters, and more education;

    • the Office of Film and Literature should provide more information about the operation of the scheme and a low cost voluntary classification scheme.

43. Some other states (Victoria, Western Australia and the Northern Territory) had already introduced related laws before the Commonwealth laws. So there is a very inconsistent legal position even within Australia on this topic.[40] Other states such as Queensland apparently have no plans to introduce legislation: "We have our doubts about their effectiveness, so we will wait and see? [it] makes people feel good, but it may not actually do much."[41]

    3.5 United States

44. The US has tried unsuccessfully to introduce similar controls on a number of previous occasions. The key additional problem there has been the potential impact of constitutional protections for free speech. US courts struck down Congress's first attempt on First Amendment grounds, the Communications Decency Act[42] ("CDA") which were passed as part of the Telecommunications Act of 1996.[43]

45. Then the later Child Online Protection Act[44] was also struck down on constitutional grounds:

    "Because material posted on the Web is accessible by all Internet users worldwide, and because current technology does not permit a Web publisher to restrict access to its site based on the geographic locale of each particular Internet user, COPA essentially requires that every Web publisher subject to the statute abide by the most restrictive and conservative state's community standards in order to avoid criminal liability. Thus, because the standard by which COPA gauges whether material is" harmful to minors" is based on identifying "contemporary community standards" the inability of Web publishers to restrict access to their Web sites based on the geographic locale of the site visitor, in and of itself, imposes an impermissible burden on constitutionally protected First Amendment speech?we are forced to recognize that, at present, due to technological limitations, there may be no other means by which harmful material on the Web may be constitutionally restricted, although, in light of rapidly developing technological advances, what may now be impossible to regulate constitutionally may, in the not- too-distant future, become feasible."[45]

46. The US Child Online Protection Act (COPA) Commission was then established to consider strategies for ensuring the safety of children using the Internet. It reported on 23 October 2000, and advocated renewed efforts at education, "user empowerment", and enforcement of existing laws, rather than new legislation. It also raised constitutional concerns about the filtering technology proposed for mandated use in schools and libraries. The latest version of the legislation is the Children's Internet Protection Act.[46] Under this Act schools and libraries receiving federal technology funding were required to use specified Internet filtering software. However, a three-judge panel of the US Federal Court in Philadelphia struck down this Act in May 2002, again because of the inaccuracy of filtering technology that would also suppress legitimate free speech.[47]

    3.6 Europe

47. Europe has not been so notable for the introduction of general censorship controls. However there has been much discussion of the efforts of French courts to restrict Internet access to Internet auction sites offering (amongst many other things) Nazi memorabilia - an offence under French Law. In May 2000 French judge Jean-Jacques Gomez of the County Court of Paris ordered Yahoo to block French users from auctions of Nazi artifacts. This ruling was stayed until a three-person international technical panel could debate the technical aspects of the block. It eventually determined (in a partially split report) that Yahoo could keep 70-90 percent of French users away from the offending material. Consequently on 20 November 2000 the Judge upheld the earlier ruling and gave Yahoo 90 days to comply.[48]

48. The Times of London reported this as "the first attempt by any country to impose international censorship on the World Wide Web".[49] There is now a conflicting US decision not recognizing enforcement of the French orders.[50]

    4. INTERACTIVE GAMBLING CONTROLS

49. The prospect of Internet gaming activities arrived when there was already growing public disquiet at the impact of more traditional gaming technology such as poker machines. However industry groups (including the Internet Industry Association and gambling operators) stressed the difficulties of enforcing strict controls and the commercial potential of enabling Australian industry involvement in this area and advocated a policy approach of so called "managed liberalism". In response to these different agendas, interactive gambling has been the subject of both "enabling" (State) and "blocking" (Commonwealth) legislative controls, as examined briefly below.

    4.1 Enabling Legislation - Queensland Interactive Gambling (Player Protection) Act

50. Initially, a number of state governments were keen to provide a legislative framework to enable or purport to control online gaming activities, with a view to encouraging the local development of new Internet industries, providing some level of "player protection", and (not insignificantly) allowing the State to tap into new gaming revenue flows. State and Territory Gaming Ministers put forward a Draft Regulatory Control Model for New Forms of Interactive Home Gambling in May 1996.

51. An example of such legislation is the Queensland Interactive Gambling (Player Protection) Act No 14 of 1998, which commenced operation in October 1998. Part of the theory was that an operator of such services established in a jurisdiction which imposed controls on these services may actually have a market edge (especially in the early start up phase of the provision of such services) over other unregulated operators elsewhere, because potential users might see such a service as more credible/reliable or situated within a framework allowing some redress if something went wrong. It was thought this might give Australian providers an edge over providers in other countries, enabling them (and the governments regulating them) to tap into a worldwide market.[51] Ironically, while the adoption of this so called "AUS Model" has been blocked in this country by Federal legislation, it has apparently been recognized as best practice elsewhere and is being considered for adoption in other countries.[52]

52. The objects of the Queensland Act were to: regulate and control interactive gambling; protect players; and provide a basis for an inter-jurisdictional regulatory scheme (by reciprocal recognition of regulation and sharing of taxation). The Act contains quite extensive provisions, including a licensing and audit scheme and various provisions directed to giving some basic level of player protection (eg requiring funds in a player's account to be remitted on demand, giving licensed providers limited recourse to players' accounts, and dealing with the issue of inactive accounts, and even allowing for special orders banning certain people (problem gamblers) from participating in interactive gambling, amongst many other things). Section 16 prohibits a person from conducting an interactive game wholly or partly in Queensland or allowing a person in Queensland to participate if the game is not authorised under the Act or a corresponding recognised scheme (in an attempt to provide for recognition of similar systems operating in other jurisdictions). The Act contained a licensing (and taxation) scheme for authorised providers, under which control systems were required, players were required to be registered and could not be given credit.

53. However the permissive but regulated approaches of some States and Territories were fairly rapidly neutered by the actions of the Federal government, as detailed below.

    4.2 Blocking Legislation - Interactive Gambling (Moratorium) Act 2000

54. With a change in mood over the abuse of gambling, and following the passage of controls over offensive online material (see censorship discussion earlier), the Federal Government also stepped in to impose a moratorium on the further development of interactive gambling services. The concern was voiced that the Internet (and "datacasting" - a peculiar and subsequently failed Australian regulatory invention) would produce a 'quantum leap' in accessibility to gambling - putting "a virtual 'poker machine' in every home", exacerbating a significant national problem.[53]

55. There was in-principle opposition from religious groups such as the Victorian Interchurch Gambling Taskforce as well as "economic" opposition to online gambling from other traders, including the Australian Retailers Association, whose members were concerned, based on experience with "pokies", that their trade would be impacted negatively by the expansion of online gaming services.[54]

56. Obviously this put the Federal government in direct opposition to State and Territory initiatives to regulate this area in a supportive way - and indeed some Federal Ministers denounced such efforts as "sick and greedy".[55] After some failed attempts to pass the legislation, the government eventually succeeded in persuading previous minority Senate opposition and the Interactive Gambling (Moratorium) Act 2000 came into effect on 22 December 2000. Part of the compromise used to achieve this support was to exempt Interactive wagering services that are simply an extension of current offline betting services (eg betting on horse races, harness races, greyhound races, and sporting events).[56] However, the moratorium applied to the introduction of new wagering services - such as those that offer real-time betting after a sporting event has commenced (eg services allowing wagering on mini-outcomes, or "ball-by-ball" betting).

57. The Act imposed a 12-month moratorium on the development of the interactive gambling industry in Australia. It did this by creating a new criminal offence, the provision of an interactive gambling service, which prohibited a person from providing an interactive gambling service unless the person was already providing the service when the moratorium started (19 May 2000 - the date that the Commonwealth Government announced its intention to legislate to impose the moratorium). Continuity of pre-existing services was permitted but their expansion was not.

58. The moratorium was intended to pause the development of the Australian-based interactive gambling industry while an investigation into the feasibility and consequences of banning interactive gambling was conducted. The Internet industry claimed it would destroy rather than pause investment in Australia, with business simply shifting off shore (to less regulated areas, with the potential for greater detriment to users).

59. The Act defined an interactive gambling service to be a gambling service provided (in the course of carrying on a business) to customers using any of the following communications services:
    • an Internet carriage service or any other listed carriage service; or
    • a broadcasting service or any other content service; or
    • a datacasting service provided under a datacasting licence

60. The service also needed to be linked in a specified way to Australia. These links did not require an interactive gambling service to be targeted to, or available to, Australians. The Interactive Gambling (Moratorium) Act 2000 applied to all interactive gambling services that had one or more of the specified links to Australia, irrespective of whether the service was intended to be provided to Australian residents. There were numerous specific exclusions from the definition of interactive gambling service, including: services for telephone betting; certain types of wagering services; services relating to the entering into of contracts that, under the Corporations Law, are exempt from a law relating to gaming or wagering (eg Futures contracts and options contracts); and services that the Minister determined were exempt.

    4.3 Ban - Interactive Gambling Act 2001

61. The National Office for the Information Economy undertook further investigations into community attitudes and the feasibility and consequences of a permanent ban, with a view to providing more detailed information on which to base any further regulatory controls.[57] The government gave strong indications it wanted to move to a ban, not just a moratorium. Internet industry groups decried the proposals, seeing them as a blow to local Internet development opportunities. For instance, consider the following comments from the Internet Industry Association:

    "The IIA maintains its strong opposition to a total ban on internet gambling sites, a spectre which has been raised by the government several times. We are worried about a ban's impact on e-commerce, internet access charges, the loss of skills and technologies and other collateral damage, and recent information suggests that enforcement would either be imposed on ISPs (to block sites) or banks (to invalidate transactions). Neither in our view is acceptable, with the former likely to push up the cost of access and the latter striking at the heart of e-commerce."[58]

62. The Federal opposition described the move as a political stunt:

    "The Coalition has chosen to set up the internet as a scapegoat rather than tackle the very real social problems. It is about buying votes with cheap legislative tricks. The price is Australia's credibility as an internet-savvy nation"[59]

    Nonetheless, a permanent prohibition was introduced. In bringing this legislation to Parliament the Federal Government engaged in further rhetorical display:

    "The Interactive Gambling Bill brings into sharp focus Mr Beazley's refusal to do anything to prevent an explosion in the accessibility of poker machine and casino like games in the living rooms of Australian families. Why on earth are Mr Beazley and the Labor Party in favour of a massive proliferation of the most insidious and social destructive forms of gambling, against the will of the vast majority of Australians?"[60]

63. The Interactive Gambling Act 2001 commenced on 11 July 2001, with some of its provisions not taking effect until 12 January 2002. The legislation has various cut outs or exemptions to avoid application to activities such as wagering before an event has commenced (including sports betting - in response to heavy lobbying by state TABs and others), telephone betting, office footy tipping competitions or Melbourne Cup sweeps or Internet share trading.[61]

64. Also, it does not prohibit Australian operators offering services to overseas punters - this element in particular has been labelled hypocritical and inconsistent (although there is a "good neighbour" system under which the government can ban provision to residents of another country that has equivalent prohibitory laws).

65. Essentially this Act attempts to regulate interactive gambling services by:
    • prohibiting provision or advertising of such services to customers in Australia;
    • prohibiting Australian-based services from being provided to customers in designated countries (basically those with an equivalent system of control);
    • establishing a complaints system regulated by the ABA in relation to prohibited Internet gambling content:[62]
    • If such content is hosted in Australia the ABA will refer the complaint to the police;
    • If such content is hosted outside Australia the ABA may refer it to the police but will principally refer it to ISPs so they can deal with it in accordance with the industry code. This code was registered by the ABA on 13 December 2001. It basically means that ISPs have to offer customers filtering services or software, and have to add any sites nominated by the ABA into the filtered lists.

66. So what of the effectiveness of the scheme? There is not yet the same regulator provided data available in relation to the performance of this regime as there is with the censorship controls. However, while "real world" poker machines seem to be the biggest gambling problem in Australia at the moment, general media coverage, specific reports on gambling activities, and the plethora of magazines devoted to such Internet gaming services would not suggest that the ban has had any noticeable effect in stemming the rise of such gambling. Some recent studies have shown a steady rise in Internet gambling since the introduction of the ban, with varying numbers of Australian interactive punters reported, up to one estimate from Accenture of 2.1 million.[63]

    4.4 Recent Case Law from the US

    Similar or broader gambling bans apply in some other jurisdictions also[64] although enforcement of such bans in an international context is always a difficult issue. However, the US Court of Appeals for the Second Circuit recently decided a case on interactive gambling and convicted the defendant for supplying such services back into the US even though the operation of the business was based in Antigua, where such activities were not unlawful.[65]

    5. CYBERCRIME

    5.1 Cybercrime Act 2001

67. The Cybercrime Act 2001 made a range of amendments to the Criminal Code Act 1995 to update the computer offences, in ways based on the joint Commonwealth, State and Territory Model Criminal Code Damage and Computer Offences Report (January 2001), along with other changes to authorise certain intelligence activities. Some are concerned at the broad language of the Act and the possible abuse of its provisions by security agencies.[66]

68. I do not suggest that the introduction of the Cybercrime Act was quite as directed to short term political goals as the Federal censorship and gambling controls. The Act does make some substantive improvements. However no doubt it is also intended to fulfill something of a similar symbolic role in painting cyberspace as a more regulated and safer place to inhabit. Also, it may be that in the rush to push through amendments the new laws were not as well considered or crafted as they might have been.

69. For example, one of the many things apparently targetted by these amendments was the problem of so called "denial of service" attacks.[67] These forms of attack on websites often involve the unknowing co-option through rogue software of hundreds or thousands of "innocent" computer systems to bombard a website with so many information requests that the increased traffic denies access by "legitimate" users. They go under appropriately crypto anarchic/new age descriptions such as "Tribal Flood Network". Such attacks are very hard to guard against as it may be virtually impossible to discriminate between legitimate and illegitimate access requests.[68]

70. However, as intimated above, there are a wide range of activities that could come within the ambit of the description of "denial of service" attacks, from co-ordinated but manual flooding of a website with queries or requests of varying types by, for example, environmental or anti-globalisation lobby groups, right through to a clandestine and fully automated distributed denial of service attack under which a range of innocent host computes are hijacked by "trojan horse" software and used by the attacker in a deliberate attempt to take a particular website offline (from commercial or other motivations).[69]

71. The discussion in the Explanatory Memorandum about the relevant new provision (477.3) does not discuss these complexities but simply describes its purpose as follows:

    "This proposed offence is designed to target tactics such as 'denial of service attacks', where an e-mail address or web site is inundated with a large volume of unwanted messages thus overloading the computer system and disrupting, impeding or preventing its functioning. The proposed offence would extend to situations where a person impairs a computer 'server', 'router' or other computerised component of the telecommunications system that relays or directs the passage of electronic communications from one computer to another."

72. The relevant provisions inserted into the Criminal Code are as follows:
    "477.3 (1)A person is guilty of an offence if:

    (a) the person causes any unauthorised impairment of electronic communication to or from a computer; and
    (b) the person knows that the impairment is unauthorised; and
    (c) one or both of the following applies:

    (i) the electronic communication is sent to or from the computer by means of a telecommunications service;
    (ii)the electronic communication is sent to or from a Commonwealth computer."[70]

    "476.2 (1)In this Part the impairment of electronic communication to or from a computer by a person is unauthorised if the person is not entitled to cause that impairment.

    (2) Any such impairment caused by the person is not unauthorised merely because he or she has an ulterior purpose for causing it.

    (3) For the purposes of an offence under this Part, a person causes any such impairment if the person's conduct substantially contributes to it."

73. Obviously a lot hinges around the interpretation of the highlighted element above - whether or not the person is "entitled" to cause the impairment. The difficulty here is in applying this to the context of denial of service attacks (of which there are many different kinds, as noted above). But if all a person engaged in such "attacks" is doing is communicating with a website deliberately open to the public, with explicit avenues for such communication, then it seems hard to say that such a person is clearly not "entitled" to engage in such activities (whether or not there may be a simultaneous overflow in the ability of the website to process those communication requests).

74. Also, interestingly, while it does not discuss "unauthorised" acts in detail, the Explanatory Memorandum also includes the following discussion about 477.3:

    "The proposed offence would only apply to unauthorised impairment. Consequently, the offence would not apply, for example, to a refusal by an Internet Service Provider (ISP) to carry certain types of electronic communications traffic on its network if such a refusal is pursuant to a contractual arrangement or an agreement between the ISP and users of the service."

75. This raises a number of interesting further questions. For instance, it would appear that the "authorisation" can be given by a person other than the operator of an affected website - eg one that was indirectly excised or censored out of access due to a contractually authorised technical measure, for example some blacklisting activities directed against servers allegedly used for "spamming" purposes.[71] But it would also imply that those measures need contractual authorisation by the network users and cannot be implemented as a technical block alone. Of course whether the gloss put on these provisions by the Explanatory Memorandum is reflective of the actual provisions is another matter.

    5.2 Cybercrime Convention

76. In 2001 the Council of Europe concluded the text of a Convention on Cybercrime.[72] This convention focuses on international regulatory co-operation, enforcement mechanisms and expedited extradition procedures to combat cybercrime, rather than introducing too much new model substantive law. It is intended to harmonize the computer crime laws of the members of the members of the Council (but is also open to other countries). It contains many controversial elements expanding surveillance powers and limiting encryption, anonymity, and security tools. Some of its controversial elements include:
    • provisions to force service providers[73] to either capture content themselves by building in surveillance capabilities, or to "cooperate and assist" with authorities in doing so;
    • criminalising "illegal devices," such as software which can be used for hacking purposes (and permitting extradition for these offences);[74]
    • provisions allowing government agents to force disclosure of computer system functioning or encryption of data.

77. There have now been additional draft protocols released in relation to the Convention, in relation to matters such as the criminalisation of racist or xenophobic acts committed through computer systems, and terrorist messages.[75] The Convention illustrates a widespread recognition that the Internet raises special needs for prompt and internationally co-ordinated responses to threats. In its emphasis on improving the mechanisms for such co-operation and also in its back up to technical controls and forensic data collection, rather than substantive law changes, it also shows a recognition that it is in these other areas that initial attention might be best directed in attempting to confront Internet threats.

    5.3 US Action

78. This is a new focus for legislative activity in the wake of the September 11 attacks and concerns about the vulnerability of information infrastructures to attack. In the US we have seen the passage of the USA Patriot Act[76] which contains specific provisions directed against acts of cyberterrorism (eg section 814). There is also the US Cyber Security Enhancement Act of 2001,[77] as well as relevant prior US legislation such as the National Information Infrastructure Protection Act of 1996. However the US is not simply relying on the passage of new provisions outlawing such provisions - some of these new laws and other executive actions are allocating very significant resources into the development of technical responses and enforcement action.

    6. SPAM

79. For those lucky enough not to have received it, in the context of the Internet spam is not a tinned ham product but a term for unsolicited bulk electronic messages. There is no sharp consensus as yet on precisely what defines inappropriate spam and what distinguishes it from acceptable marketing practices, but offensive spam usually includes one or more of the following features:[78]
    • it is largely untargeted, sent in an indiscriminate manner, and often automated;
    • illegal or offensive content;
    • a fraudulent or deceptive purpose;
    • the originator is disguised (eg email may appear to come from an innocent third party - this is referred to as "spoofing");
    • there is no functional way to opt out of further receipt of communications.

80. There is no specific legislation directed against spam in Australia as yet, although there have been anti-spamming laws introduced in the US and proposed in the EU. There is little evidence that the US laws have had any effect in stemming the tide of spam, which is growing at a very fast rate.[79]

81. One informal technical measure that has been adopted by a number of Internet Service Providers and others responsible for administering the Internet is to publish or exchange details of computer servers that are the source of spam, or the intermediaries (sometimes unknowing) used by spammers, and then to implement blocks so that no traffic emanating from those addresses is accepted or forwarded by participating members of the group.[80]

82. This has potentially deleterious side effects as legitimate mail or access may also be incidentally blocked or censored out.[81] Recently this issue gained prominence in Australia when a person who had posted details about a company allegedly involved in spamming activities was sued by that company for "unlawfully interfering" with its trade.[82] There are also some browser settings and new software tools and intelligent agents that can be adopted and configured by users to try to screen out spam.[83]

    6.1 NOIE interim report

83. In response to the problem of spam the Federal Government gave the National Office for the Information Economy (NOIE) a reference to investigate the problem and countermeasures to it. The terms of reference for the spam review were as follows:
    1. Investigate and Assess Nature and Extent of Spam[84]
    2. Identify and Assess Existing Australian Counter-Measures[85]
    3. Identify and Assess Overseas Counter-Measures
    4. Possible New or Improved Counter-Measures[86]

    The NOIE has recently released its interim report "The Spam Problem and how it can be countered".[87]

84. NOIE's Summary of Draft Recommendations focuses strongly on things such as: technical measures, industry self regulation, international co-operation, and education. There is also proposal to better use of existing laws (although it is hard to see that there are many meaningful ways much spam could be attacked using such laws and the issue of the applicability of law to conduct overseas and the difficulty of cross border litigation is ignored). However what is most notable is that there is comparatively very little reliance on the option of new laws. It is one option listed to be further considered (number 12 of 15), but it is clearly and probably quite deliberately not at the top of NOIE's list of suggestions.

85. So perhaps here at last in the context of the spam debates the government may be treading more lightly and not rushing in with another blunt or blank legislative tool? The issue is arguably more blurred around the edges than other examples of Internet abuse, in particular in that it merges into the field of "legitimate" unsolicited commercial direct mailing or advertising, and so drifts into areas that the government may be wary of regulating too tightly for fear of annoying commercial interest groups. However it is probably a bit dangerous to speak so early, as previous cautious or negative reports in relation to the earlier problems of censorship and gambling did not seem to dissuade the government from new regulatory paths. Note that the report was very prominently labelled as being an interim NOIE document designed to obtain further feedback, prior to preparation of another report for Government consideration, rather than itself representing any final Commonwealth position.

    7. CONCLUSION

86. The earlier regimes (censorship and gambling controls) appear to have been highly political or symbolic in motivation - to enable the Government to be seen to be doing something rather than achieving anything much. They are also subject to considerable criticism, only some of which has been discussed above.[88] There is certainly a very concerning lack of transparency around the administration of the censorship scheme.

87. More fundamentally, performance data shows little real outcome. Some have argued that "there is wisdom even in an unenforceable law",[89] but such arguments seem to ignore the potentially deleterious effect of such unenforceable laws on the respect for and functioning of the whole legal system. There are surely better ways of sending signals about appropriate conduct rather than through legislation, and arguably the money consumed through initiation, administration and reporting on the scheme might have been better spent on education or other direct intervention against the relevant problems at an executive level.[90] Indeed, merely concluding that the controls on these issues consist of useless window dressing may be too kind - given the uncertainty and disrespect they engender, at least in some quarters. They are hardly models for regulatory intervention, even though produced by a government that is apparently concerned to introduce more rigour into regulation generally, and avoid further regulation where possible.

88. The more recent Australian cybercrime controls are fairly cursory and perhaps technically flawed in drafting in parts. While there was some consultation leading up to their formulation and they do represent an attempt to improve pre-existing computer crime laws to take account of some new Internet related problems, arguably they don't really reflect a considered approach. This is not to gainsay the efforts to sensibly address these new problems by various Commonwealth and State bodies.[91] However these problems require additional resourcing and technical measures as much as new laws.

89. In relation to regulation of spam the Government seems at this stage to be treading more lightly and not rushing to implement further legislation. Perhaps this is due to a deeper recognition of the complexity of the underlying issues (and the difficulty in discriminating between bulk spam and unsolicited, targetted but potentially legitimate promotion of product), technical difficulty in implementing regulation, and the meaninglessness of implementing a control structure locally when activity is cross border and uncontrollable under local Australian rules.

90. Generally, while a number of the government's moves in relation to regulation of the Internet are understandable in a political or symbolic context, it does not have a sound track record in crafting well tailored legislative responses or in achieving effective control of the highlighted problems through those systems that have been introduced. But there does now seem to be a belated acknowledgement of the futility of local legal regulation in the face of the difficult technical and cross border problems posed by the distribution of digital content enabled by the Internet. As the NOIE Spam report puts it: "Whilst many in the community are calling for legislation, this is no silver bullet."[92]

91. So what developments can we expect in the future? Probably a mix of responses. There will no doubt be further emphasis on technical methods of control, but of course there will always be ways around such measures, so we can expect to see a continuing battle on that front. It also seems likely that there will be further attempts to reach some international standardisation of approach, but cultural differences will frustrate the ready formulation of clear and complete standards.[93]

92. Additional resources devoted to enforcement of existing laws would be useful, but there is never enough money to resource all desirable enforcement activities.[94] Therefore there will be no rapid resolution for the abuses of the Internet that have caused such concern. There are no perfect silver bullets out there, legal or otherwise, but that does not excuse a hail of blanks. Let us hope that governments advance more carefully in the future, paying fuller regard to the limitations, financial costs and other downsides of laws, especially those that are effectively unenforceable or meaningless. Perhaps some of our best hopes lie in better education. It is interesting that the further we advance our technologies, the more starkly we are confronted with the consequences of our human nature and failings. No externally imposed laws or technical fixes will resolve our inherent problems.