david vaile cyberspace law and policy centre, unsw law faculty [email protected]
TRANSCRIPT
Regulatory implications of social media
David VaileCyberspace Law and Policy Centre, UNSW Law Faculty
www.cyberlawcentre.org
Outline
Background Examples
Background Technological changes◦ Web versions
Legal disconnects ◦ Common carriers mutate
Censorship and ‘filtering’◦ The urge to monitor
Privacy and the cloud
Surveillance/uber-veillance Malware and the RBN◦ Is there any line in the sand?
Copyright balance iiNet: Disenfranchisement
without trial? Getup: Enfranchisement
without a party?
Background to social media regulation
Tech changesLegal changes
Offline world was nice and simple, for regulators Web 1.0: global publication, old media/publish models Web 2.0: social networking, user generated content◦ Convergence of producer and consumer, + distributor
Web 3.0?: mass personalisation, semantic web◦ It’s not just your friends who know you and what you mean
Attack of the killer toddlers – we are so old◦ Hackers retire at 15, kids turning filter tables on parents, slash
Technological changes underlying
Ye Olde Worlde (–2006)
PublisherBlock here?
Reader
Viewer
Listener
ProducerImporter
Block here?
New fangled (SNS/UGC)
ProducerPublisher
Reader
ProducerPublisher
Reader
ProducerPublisher
Reader
ProducerPublisher
Reader
ProducerPublisher
ReaderISPs: the new block point
Cyberlibertarian fantasies still delude and excite Reality: Jurisdiction out of control, hyper liability (for you)◦ Intensification not escape from jurisdiction (revenge of the States)
Or: no care, and no responsibility? (for the cloud)◦ Your data and business go offshore, but not legal protection
The rise of the sub-human: minors at the frontier◦ Deficit in ‘consequences’ cognitive development: paternalism?◦ ‘Under the age of 18 or appears to be under 18’
The fall of the ‘common carrier’: ISPs’ change masters?◦ Agents of a foreign power, or a hostile litigant interest?◦ Enforced discipline of their customers, on pain of sharing liability.
Legal disconnects
Censorship and ‘filtering’It’s not censorship,Won’t somebody think of the children?
1,000 items in 1,000,000,000,000, no checking 10 billion change per month Appalling spin and shifting goals for the magic box Appeasing the swinging fundamentalists? Real child protectors: What risks? Does filtering work? Parents want to be rescued: Panic Button is for them Cargo cult mentality, denial, and hope of a saviour Does not address real problems: resilience, detection
of criminals, communication with techno kids Sexting, ‘slash’ fiction and innocents on the loose
Censorship & ISP level Internet ‘filtering’
Surely it is censorship? Offline model: centralised distribution, choke points Web 1.0: more distributors, easier importation Web 2.0: everyone is a creator, (re)-publisher, exporter Web 3.0: the cloud knows what you like, and makes it? Encryption and roll-your-own protocols already in use The long cyber-war: endless arms race between the
straiteners and those seeking to avoid the blocks? When is publication not publication? Chinese solution: you never know: the Panopticon:
(no-one is home, but you self censor)
The struggle for censors to keep up
Future of privacy protection in Australia: the cloud
At risk?
Review of privacy law – ALRC 108 Sudden emergence of the cloud – ‘It’s inevitable’!? Failure to target cross border controls in PPs Conflicting business models: your money or your data? Failure of robust regulation: sleeping watchdogs? WiFi Kids at risk: Consequences hidden, cost/benefit fail Exposure to foreign powers, litigants, and villains Not just US – Cybercrime Convention and the EU Stumbling into a surveillance state? Lack of will? A ‘jurisdiction bit’? Snowy Cloud farm with local law?
Privacy and the cloud
Surveillance to uber-veillanceExceptional to routine?
The Four Horsemen of the Apocalypse:◦ You, your mate, YouTube and FaceBook◦ The evil data mongers of cyber-Russia◦ Businesses who just want to know you◦ Government agencies who just need to catch you
One law to rule them all? Will our current apathy become as unfashionable as
climate change denial when consequences realised? Or are privacy advocates just old paranoid whingers?
Threats to privacy and PI security
Perfect free copy tools provoke evidence gathering Marketers demand right to ‘behavioural targeting’ Data aggregators prefer not to discuss it Law enforcement assumes we’ll be safer if we forfeit
centuries of protections against strong states Data retention obligations coming in from offshore Data heading offshore, scant restraint or redress Filtering logs look awfully tempting … Data breach notifications? Or ‘Informed consent’ FAIL? All supported by invisibility, and the cult of exposure
Surveillance to uber-veillance
Breaking bad: Malware and the RBN
Cybercrime goes invisible
Dare not speak its name; researchers threatened Bad guys based in former SU lift off into cyberspace You’ll never know where they came from or went Malware and the failure of IT perimiter security Social engineering: the new computer infection Recombinant undetectable malware evolution All your dataz are belong to us: zombie networks Leave no clues Losing the war?
Malware and the RBN
The business of business is business: how dare you interfere with my marketing – adware detector defeated
Spam Act (Cth) v CAN-SPAM Act (US): opt-in or opt-out?◦Opt-out: The very model of a doomed and futile gesture◦ No clear distinction between respectful and crook
Everyone is a sales agent: freebies for viral promotion?◦Who’s responsible for the lies or the pitch?
No clear line? Incentive for opportunists to creep to bad◦ There should be no room on the fence, just pointy splinters◦ Unrestrained submission to entrepreneurial instinct
blurs any lines between ethical and desparate: race to bottom
Convergence of baddies and goodies
Copyright balance in the online social world
Old business models fail?Unlocking IP project: new models for sharing and trading IPiPod legalised and no-one noticed
New models for Trading and Sharing IP Open Content, Open Source, Open Standards ARC Linkage project 2005-2009 UNSW CLPC, Linux, IBM, Bakers, OSIA, AESN Emergence of Creative Commons and FFE Now mainstream Not absolutist, hybrid business models Screenrights: $1m for free lesson plans = cash flow
positive Statutory and other licences
Unlocking IP project 2006-10
Belated consideration of user improvements Rejected ‘Fair Use’ proposals – abandonment of FTA
aim of real ‘Harmonisation’ with US copyright law Format Shifting Time shifting Very narrow: rendering CD to iPod arguably still illegal
if kept in AIFF format Controversial, Bill amndt in parliament, relatively rare Not technologically neutral
2006 Amendments to Copyright Act
No one noticed; sky did not fall, controversy evaporated Loss of opportunity to ‘tax’ blank media Incremental improvement of consumer position iPods and TiVo now legal Minor improvements in compliance, attitudes Safe for elsewhere? CI interest Challenges not addressed – old tech focus, last war What of next wars: iPad, smartphones, mixups, YouTube,
mass aggregation? Apple’s struggle to re-monetise net? The revenge of the maximalist IP-aware signal chain:
– your TV is not your agent
Result?
iiNet: Disenfranchisement without trial?
Administrative defenestration from the cyber tower
Allegations of copyright infringement, P2P file sharing A smaller ISP targeted, not Telstra or Optus Assertions, repeated, render carrier liable for load? Death of the common carrier? Earlier take down notices: 30,000 at once to Verizon ISP loses ‘safe harbour’ protection when aware: no
trial necessary before they must act against client ‘Three strikes’ rule pushed: disconnect on 3 claims Result: excluded from the Internet on mere assertion
of breach of private right?
US movie industry v iiNet in FCA
First Fed Ct hearing: Hollywood FAIL spectacularly Second Fed Ct Full Ct appeal: FAIL, but win a few HCA case due 1 December – watch it Intervener or amicus applications by APF, CA, ADA Secret negotiations between owners and ISPs Failure in iiNet litigation should matter Stand over by AGD – threat to change law if HCA FAIL Bungled consultation on “streamlined” handover of data Wikileaks revealed in 2008 Hollywood scared of
exposure
Recent developments
Getup: Enfranchisement without a party?
Online litigant and policy campaign engine
340,000 recipients cf. 10,000 party membership Poll recipients: should we go to HCA re poll closure? Instant litigation funding base, security for costs may
be less of an impediment (cf taxpayer: business, ligiled) Remarkable successes in re-enfranchisment actions Ban on recommending candidates Campaigning on policy alone? Opposite to modern parties: policies optional? Challenge to legal policy development? (Senate Online: problems of constituency)
Getup: Enfranchisement without a party?
Facebook: The teen party that never ends?
Deliberate and systematic imbalance in cost/risk analysis by young people – failures invisible, training not to care about protecting personal information security of ‘friends’, or yourself
10m members in Oz, no phone, minimal presence Hiding in the cloud – lurking outside legal reach Unwilling even to enforce own rules – Senate U13 Q Already lead to collapse of undercover policing? Used now by police and others to gather evidence Disasters from over exposure often occur several steps
away in time, and in social and real space Capacity to identify potential consequences is weakest at
time of initial addiction Encourages culture of not caring about risk. But reality...
Facebook: A fun world without consequences?
Questions/Discussion
http://cyberlawcentre.org/2011/talks/uts.pptx