Thursday, May 19, 2011

21st Century society vs 19th Century laws and policing

Laws have always struggled to keep up with society, however rarely in such a vivid and public way as in Wednesday's arrest of Sydney Morning Herald journalist, Ben Grubb, and the confiscation of his iPad.

The incident, well reported in the SMH, occurred when Queensland Police responded to a complaint regarding a photo hacked from one security expert's private Facebook page and displayed in a presentation at the AusCERT conference in Brisbane as an example of a major security hole in Facebook's system.

Grubb was attending the conference and received a briefing about the security hole. Seeing the public interest in telling the community that their supposedly private Facebook photos could be easily accessed, Grubb reported the matter in an article featuring the image, which I can no longer find on the SMH site.

The following day police questioned Grubb about the matter and then demanded he hand over his iPad on the basis that police wanted to 'search' it for evidence of a crime. When he was unwilling to do so, he was arrested and his iPad confiscated for a complete image of its content to be taken and analysed by police (let's not even explore the potential conflict with Australia's Shield laws, which incidentally also cover bloggers and tweeters).

The basis of police concern was that the image retrieved by the security expert and used in the SMH article was 'tainted material', stolen from a Facebook account and then passed on to others.

What is more worrying is that the Queensland police, in a press conference, then equated receiving an email containing a stolen image as 'like taking stolen TVs'. To quote:
Detective Superintendent Hay used an analogy to describe why Grubb was targeted.

"Someone breaks into your house and they steal a TV and they give that TV to you and you know that TV is stolen," he said.

"The reality is the online environment is now an extension of our real community and if we go into that environment we have responsibilities to behave in a certain way."

Let's think about this for a moment.

Firstly, when someone 'steals' an image - or music, movies, books or other online content - it isn't stealing if the content remains at the point of origin for the original owner to continue using. It may be a copyright infringement or privacy breach, but unlike stealing a television, where the owner of the television is left without it, there is no theft, simply replication.

On that basis any laws around theft simply don't apply online. You can copy my idea, my words, my images. However unless if you somehow delete the originals, you are not stealing them, you are breaching my copyright.

Secondly, when an email is sent to our email address it gets delivered regardless of the legality of its contents. We have no say in whether we receive legal or illegal messages and images. Sure there's spam blockers and the like, however these automated tools can't tell if content is legal or not, only if it violates certain rules, such as containing certain four letter words or phrases.

However, according to the QLD Police, if someone sends you an email containing a 'stolen' image, you are breaking the law. This is even though there is no way possible for you to refrain from receiving the email in the first place. You don't even have to open the email. If it has been stored on your device, based on the QLD Police's interpretation of Commonwealth law, you are a potential criminal.

This has enormous ramifications for society. Anyone can frame someone else by sending them an email. As it is relatively easy to set up a disposal email account, you can do so anonymously. This could be used against business rivals, political opponents, or even against the police themselves simply by sending them an anonymous email and then making an anonymous complaint.

Equally, if the person receiving the email is a potential criminal, then what about all the organisations whose mail servers were used to transmit the message?

When an email is sent from one person to another it can pass through a number of different systems on its journey. At each stop, a mail server copies and saves the email, checks the route then sends the email on.

In most cases these mail servers delete these emails again for storage reasons, however at a point in time each of them has received the email, making the organisations and individuals who own them liable, again, under the QLD Police's interpretation of the law.

Given the number of emails sent each day in Australia it's clear from the QLD Police's legal interpretation that most ISPs must be operated by criminals, receiving, storing and transmitting illegal content all day and night.

Applying this type of 19th Century policing and legal approach clearly isn't going to work in the 21st Century.

When everyone can publish and illegal content can be received without your consent or knowledge, laws need to change, as does police training and practice.

Without these changes government bodies will become more removed from the society they are meant to serve, unable to function effectively and efficiently in today's world.

By the way, the security analyst who originally 'stole' the Facebook images hasn't been questioned, arrested or charged. And Ben Grubb still hasn't received his iPad back.

No comments:

Post a Comment