Don't wimp out over cyber-laws
- 23 January, 2000 22:00
We have a new Labour-led government in New Zealand to greet the year 2000.
Hopefully we have seen an end to the hands-off approach of Maurice Williamson and the Law Commission on e-commerce and protecting the rights of our citizens.
Our citizens have little or no legal protection. This simple fact seems to have been lost in arguments about the free market and the glories of our common law system. The free market is not going to provide laws on unacceptable conduct. Case law is not going to evolve quickly to create new rights of action to allow homeowners the right to sue if they suffer damage through a hack.
TechLaw last year criticised the pathetic response of the last government to the need for amendments to the Crimes Act. The UK has had legislation outlawing criminal damage since the 1990s. The US has many laws aimed at the same criminals. Electronic home invasion, using programs such as Back-Orifice, is a disaster waiting to happen.
To this end the government must act on issues of crimes and privacy as they relate to the online world.
Key issues it needs to act on are:
The Law Commission
The Law Commission has been rabbiting on about grand schemes of coordination in e-commerce law. It’s time to get real. GATT (general agreement on trade and tarrifs)-style law making is not the answer. Singapore has not waited. Why should we? We need to ensure that regardless of international laws if someone engages in electronic piracy, electronic home invasion, electronic snooping, electronic fraud or electronic blackmail the message is loud and clear — such acts are crimes.
Likewise the need for contractual certainty is real. We need to be certain of the status of electronic signatures, of the rights of the consumer on order fulfilment and of what does and does not constitute fraud by use of the Internet.
Consumers want the right to control how their personal information is used. This desire for online anonymity is obvious.
As we know, the Internet has a huge privacy problem.
For example, WebSideStory, the leader in Internet tracking and traffic analysis, takes the pulse of the Internet by analysing and storing data from billions of Web page views every month. This activity created an immense warehouse of raw Internet user data, which Web-SideStory converts into usable information. Knowing something about where visitors have been on the Web before arriving at your site is a powerful business tool. The question is when did we give permission for this? We didn’t.
WebSideStory could, however, for New Zealanders, be WebSafeStory. The multi-lateralists will argue that enacting privacy laws for New Zealanders is a waste of time as our laws cannot be enforced overseas. But is it a waste of time? If we prohibit WebSideStory-style activities, would such a corporation willingly flout the laws of New Zealand? If the executives of WebSideStory became personally liable in a class action to all New Zealand consumers, would they stop tracking users from dot.nz?
TechLaw’s vote is for not wimping out. Why shouldn’t New Zealand be known as a safe-Internet haven?
If WebSideStory is not enough to convince, what about Comet Cursor?
This free animated cursor program has been caught sending information about your Net surfing habits back to home-base. What is the difference between this and tapping your telephone?
Not much. Junkbuster’s president, Jason Catlett, is asking for an investigation, saying: “Comet is a shining example of how marketers have turned the Web into a gigantic surveillance device covered in smiling cartoon characters.”
It was reported recently that the popular screen-saver of a dancing baby carried the added feature of turning on the microphone of your PC, allowing the conversations around your computer to be recorded and transmitted to a cyber-eavesdropper. Watch what you’re saying when that baby is dancing around!
Does the dancing baby result in an offence under our law? Possibly. But try to get any action from your local police station.
The corporations behind these invasions have explanations that vary from “our activities are benign” to “we are sorry”.
There’s more: Paul Brislen reported in December 6’s Computerworld on two new pieces of software being developed. One is known as “people spotter” software which “could soon be watching you”. The other is “e-motion” software which “can tell if a person is depressed, had early signs of Alzheimer’s and can even tell if a woman is menstruating by body language”.
Ask your average surfer should Web advertisers, freeware software providers or even employers be allowed to assemble secret electronic dossiers on you and the answer, we all know, would be a resounding “no”.
The Privacy Act already says this but it doesn’t extend to privacy offences that occur beyond our borders.
We need to redefine our legislation to provide that a New Zealand citizen surfing from New Zealand is being offended against in New Zealand even if the data is unlawfully captured on a server somewhere else in the world. From there we need class-action rights or new jurisdiction for the Disputes Tribunal.
Lets not wimp out. We should extend our excellent Disputes Tribunal jurisdiction over spamming, hacking and privacy invasion. The Disputes Tribunal could have the power to order punitive damages up to $20,000 for each event.
Spamming New Zealanders would be known around the world as a no-go area.
The pace and extent to which benefits will flow from e-commerce are dependent on businesses gaining confidence in the security and confidentiality of the transactions involved; digital signatures must not only be secure but also binding in a legal sense.
For e-commerce to take off, the laws of our major trading partners will also need to be changed. The government needs to work on digital signature legislation in an effort to provide a framework for e-commerce.
The key objective of these legislative initiatives must be to regulate the technical steps involved in certificate generation and distribution so that a digital signature is acceptable as evidence in court. We wait in hope.
Bulk unsolicited commercial email is a fact of e-life. In the US it is a serious crime to send unsolicited email. The prosecutions have not been great but nevertheless it is crime. What happens to the hapless New Zealander that has their Web server spammed into a crash? Nothing.
The question is not “should” but “when will” New Zealand introduce laws prohibiting unsolicited e-junk? Again, class-action rights and Disputes Tribunal jurisdiction would help.
Cookies violate two assumptions held by most Internet users: one, that exploring the Web is an anonymous experience that leaves no record and two, that user’s disk drives are not written to without the user’s knowledge and approval. The prospect that cookies will be used for virus attacks has been widely discussed. Again this is a disaster waiting to happen. When a cookie is received the surfer is, in our view, entitled to work on the basis that it is a good cookie not a cookie monster. What does our law say? Surf at your peril.
Are governments powerless and ineffective anyway? The Electronic Frontier Foundation suggests 12 key steps to protecting your privacy online:
- Do not reveal personal information inadvertently.
- Turn on cookie notices in your Web browser and/or use cookie management software.
- Keep a “clean” email address.
- Don’t reveal personal details to strangers or just-met “friends”.
- Realise you may be monitored at work, avoid sending highly personal email to mailing lists and keep sensitive files on your home computer.
- Beware of sites that offer some sort of reward or prize in exchange for your contact or other information.
- Do not reply to spammers, for any reason.
- Be conscious of Web security.
- Be conscious of home computer security.
- Examine privacy policies and seals.
- Remember that you decide what information about yourself to reveal, when, why and to whom.
- Use encryption.
Craig Horrocks is the managing partner and Julie Kemp is a senior solicitor in Clendon Feeney’s technology law team. You can read this article and more at www.clendons.co.nz.