[LINK] RFC: Evidence for Joint Select Ctee on Cybersafety

rene rene.ln at libertus.net
Fri Mar 18 19:43:38 AEDT 2011 

On Fri, 18 Mar 2011 16:44:29 +1100, Roger Clarke wrote:

> Thanks for thoughts received to date.
>
> It's not easy to come up with new things to say, or ways to say them.
>
> But I sense that the Ctee is finely-balanced on a number of aspects
> of cyber-safety, so my aim is to strengthen the hand of the good guys
> and weaken the position of the bad guys.
>
> I have to finalise and send the submission this Sunday evening:
> http://www.rogerclarke.com/II/CS-1103.html
>
> Constructively negative comment greatly appreciated, on- or off-list!

Having read the document at that URL, albeit fairly quickly, this section:
> (10) Emphasis on Empowerment of Individuals Against Corporations
jumps out at me as being very worrying/problematic. While I can probably 
guess/assume what you're trying to say/raise, imo it is *extremely* likely 
that some politicians on the Committee will read into it much more than I 
presume you intend to advocate/imply.

The core problem, imo, is the use of the omnibus term "Internet Services 
Providers (ISPs)". Imo, the section needs to use a term which specifically 
excludes Australian Internet *Access* Providers (IAP), unless you can cite 
a specific example of a specific AU IAP/s that has not complied with the 
Telec Act; Interception Act; and/or C'th Privacy Act (and if you can then 
you should name that IAP/s rather than tar brushing the entire AU IAP 
industry and thereby encouraging the Committee to recommend regulating  
them even more than currently).

In the above regard, s10 of the paper says:
> Many corporations that provide Internet services are consumer-
> hostile. For an analysis of the Terms of Service of six major
> international corporations and three Australian ISPs, see Clarke
> (2010). A broader analysis arising from the same project is in Clarke
> (2011).
> For the last two decades, Australian legislatures have been failing
> the Australian public by importing the American disease of 'self-
> regulation', and permitting industry associations to write and
> administer their own codes of conduct.
> Several of the problems being considered in this Cyber-Safety Inquiry
> arise because of this derogation of duty by the Australian
> Parliament. ...

[I've skimmed through Clarke (2010) and I didn't see any specific 
complaints about AU IAPs].

As I'm sure you're aware, were it not for the IIA having written/brokered a 
"self regulatory" (well "co-regulatory") IAP code in 1999 in relation to 
filtering/censorship, then legislation mandating blocking at the ISP level 
would have been legislatively implemented in 1999. Some politicians on the 
Joint Committee want that, so saying/implying that industry developed 
"codes of conduct" are a failure by Australian legislatures will very 
likely imply to them that you're saying legislated mandatory ISP blocking 
should have been/be implemented. (Don't assume they'll all read/remember 
everything you've said/written). 

S10 of the paper goes on to say:
"Specifically, it is essential that formal legal requirements be imposed on 
Internet Services Providers (ISPs) in relation to key aspects of their 
Terms of Service, including Privacy Terms."

Are you aware of any Australian Internet *Access* Provider that does not 
comply with its own Terms of Service and/or existing legislation? If no, 
then a term other than omnibus "Internet Services Providers (ISPs)" should 
be used, or you should specifically exclude AU IAPs from your 
comments/accusations. If yes, then imo you should name the particular AU 
IAPs and state what you allege they are doing wrong - not imply the entire 
AU IAP industry needs greater legislative intervention than currently 
exists. 

An all encompassing type claim that "self regulation" isn't working and 
Parliaments should legislate is a recipe for disaster. You could almost 
certainly rest assured that what the Committee (or part thereof) will 
recommend legislating about is not what you meant/want and very likely 
something you'd not want done. (Pro-censorship groups continually say 
self-regulation isn't good enough, when they're complaining about 
television programs, or billboard or any other advertising, or Internet 
content, or whatever). 

Unfortunately, I don't have a suggested term to replace "ISP". I just know 
that term is bandied about and often misinterpreted/misunderstood - 
particularly when the writer intends to speaking about "service providers" 
such as Facebook, Google, etc, and are not actually meaning to include 
"service providers" who merely enable people to access/connect to the 
Internet and thereby access services provided by other service providers. 

Irene

More information about the Link mailing list