Questions are being asked on both sides of the Tasman about the privacy implications of investigators searching the computer systems or ISP logs of people who allegedly trade copyright or illegal material over peer-to-peer networks.
Australia’s Federal Privacy Commissioner, Malcolm Crompton, questions the tactics of those acting on behalf of owners of copyright material in scanning the ISP logs of people allegedly trading, for example, music tracks and video clips.
“This has the potential to invade the privacy not of the person being chased, but of all the people that have ever used that ISP. [It’s] not appropriate, it’s a sledgehammer to crack a walnut,” Crompton says.
He emphasises that when going after offenders, investigating companies must be careful not to intrude on personal information.
“I challenge both the digital industry and software pirates to recognise that digital rights management includes both the right of protection for intellectual property and the right of protection for personal information,” says Crompton, addressing the 11th Biennial Copyright Law and Practice Symposium in Sydney last month.
Auckland-based forensic specialist John Thackray said action against ISPs themselves is under way in Australia and could shortly hit New Zealand. A week after his comments, local file-sharing service p2p.net.nz shut down.
Meanwhile, the Department of Internal Affairs in this country is practising a simpler method of detecting allegedly illegal downloads, doing away with the need to search ISP records. An inspector logs into the P2P network, scans traders’ folders for certain files and downloads any apparently offending ones made available by New Zealand sources.
At least two people have been prosecuted for trading files when the file transfer has apparently been triggered entirely by the inspector.
Computerworld has asked the DIA, lawyers and Justice Minister Phil Goff how such a search squares with the requirements for search warrants in the “real world” and with the amendments introduced into the Crimes Act this year that prohibit access to another’s computer system without authorisation. Opening a P2P resource could be seen as an implied authority to access, but if a user were specifically to deny investigators authorisation, it is unclear whether they would be able to collect P2P evidence. A possible analogy is with someone holding an “open home” to sell their house, but reserving the right to turn away particular visitors. This might include law-enforcement officers seeking to search a property for evidence of crime without a search warrant.
In the physical world, an inspector has to obtain a warrant allowing a search only on a particular premises, even if they are seeking something very specific, and they can only get a warrant if there is reasonable evidence of actual trading. The department’s inspectors, acting on legal advice, previously only considered they had sufficient evidence for a warrant when a suspect, invited to upload a file to the inspector, has done so willingly with a deliberate action on their computer.
Potential for incrimination also exists. Someone could be trapped into downloading an innocently named illegal file, then reported to the DIA, who could upload the file from the user’s P2P folder before he/she had a chance to view and delete it.
DIA Gaming and Censorship head Keith Manch says “mistakes [in downloading files] are not established as a defence under the [Films, Videos and Publications Classification] Act”.
Some internet users also see problems in the censorship legislation involving “offences of strict liability” and not taking account of intent (in legal language, mens rea) or the lack of it.
No reply had been obtained from any of the official sources by press time. Goff’s private secretary had forwarded Computerworld’s questions to Internal Affairs minister George Hawkins.
An anonymous newsgroup source, who appeared well acquainted with the procedure of the DIA investigation, argues it was not an intrusion on information in general or a “fishing” expedition through the files of innocent users. Inspectors were looking for particular files and therefore not searching through computers that did not hold those files. They are not violating innocent users’ privacy, as the Australian privacy commissioner suggests might happen in Australia, the source argues.