MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Defamation on the Internet “Defamation”, Arts Law...

MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Defamation on the Internet

“Defamation”, Arts Law Centre [Online: Accessed 4th February 2004 URL: http://artslaw.com.au/reference/info05/ ]“Gutnick and Beyond”, FindLaw [Online: accessed: 28th May 2003 URL: http://www.findlaw.com.au/magazine/Article.asp?id=428 ]


Defamation A communication

from one person to at least one other, that lowers the reputation of an identifiable

third person, where the communicator has no legal

defence. The law of defamation aims to balance free

speech with the right of an individual to protect their reputation


Communication Must be made ('published') to at least one

person other than the plaintiff. The intention of the communicator does not

matter. Liability for defamation can arise from errors.

Everyone involved in the communication is equally liable

No defence to argue that you are only repeating rumours or a comment made by somebody else


Identification The person must be identified False names are no defence if the person can

be identified by other means. Identification can be accidental A class of people cannot be defamed, but a

statement denigrating a group may be defamatory of a member of that group

A dead person cannot be defamed Corporations can also sue for defamation.


Reputation 'Does the communication lower the plaintiff's

personal or professional reputation, ridicule them, or lead others to shun and avoid them?‘

This is judged from the viewpoint of 'ordinary decent people in the community taken in general' and in light of contemporary standards.


Imputations Court considers the 'imputation', this might not

be what you meant to say. The literal meaning of the communication is not

the only meaning that is considered. The court looks at what it thinks the ordinary

reader or viewer would have understood the communication to mean.


Defences Fair comment Truth/Justification Qualified privilege Absolute privilege Innocent publication


Fair Comment Statement is 'fair comment' on a matter of public

interest. Must prove:

It is comment - an opinion, criticism, deduction, judgment, remark, observation, or conclusion

The facts upon which the comment is based must be stated unless they are widely known

The communication has to be on a matter of public interest


Justification If your imputation is found to be defamatory, the

law presumes it to be false. To use this defence you have to prove it's true. This can be difficult as you can only use

evidence that is admissible in court In some states you also have to prove that your

publication was for the public benefit


Qualified Privilege Applies when you have an interest or a legal,

social or moral duty to communicate something to a person and that person has a corresponding interest or duty to receive the information.

The defence will fail if you were actually motivated by malice to make the communication


Absolute Privilege Protects reports of court and parliamentary

proceedings

Innocent Publication For those such as newsagents (and possibly

ISP’s) who cannot reasonably be expected to be aware of the defamatory content of material they distribute


Before you publish Consider the communication as a whole

including any headlines or illustrations. Consider the context. Which groups or individuals have been identified? What imputations arise? Are they defamatory?

See if editing or clarification can remove any unintended defamatory imputations;

Check who is identified in the communication. Potential problems can be avoided by narrowing the scope of the article, or removing details that can lead to identification;


Before you publish (cont.) What defences might be relevant? If it is meant

to be comment, ensure that it is clearly identified as such (for example by adding 'In my opinion‘) and that the facts on which it is based are stated or obvious;

If you want to argue that the defamatory imputations are true, how can they be proved? What has been done to verify their accuracy? Remember proof has to be to the stringent standards demanded by a court. Sources need to be first hand (what if they wish to remain confidential?).


DefamationDow Jones v Gutnik – High Court of Australia The law governing Internet defamation cases is the

same as for other types of media. If a defamation case involves more than one jurisdiction,

the Court will apply the law of the place in which the cause of action arose.

Each time a new person accesses and reads defamatory material on a web site, a new cause of action arises and the place in which each case of action arises is the place of the reader.

Discussed in Forder & Quirk at pp 36 & 37


Defamation (cont.) An Internet publisher will need to consider the

law in many jurisdictions Freedom of Speech defences may not apply Conflicts in international law

US decisions that each mass media publication gives rise to only one cause of action and that the applicable law is that of the place of person that publishes the material.


CyberCrime

See: Brenner Susan W, 2001, “Cybercrime Investigation and Prosecution: The Role of Penal and Procedural Law”, [Online: Accessed 3 February 2004 URL: http://www.murdoch.edu.au/elaw/issues/v8n2/brenner82.txt ]


The Cybercrime Challenge Enforcement agencies lack tools Lack of specific cybercrime offences Lack of appropriate procedural rules Transnational nature of cybercrime

Lack of international agreement Lack of uniformity prevents extradition

Offending often involves multiple and geographic diverse offences

High cost


Types of crimes Crimes against the person Crimes against property Crimes against the administration of justice Crimes against the State


Preparing for Cybercrime Most criminal law is generic Procedural law differs widely Cybercrime can involve

Using a new means to effect a traditional crime

A completely new type of offending A survey of 52 countries found that 33 had yet to

update their laws to address cybercrime


Crimes Against the Person Non-Sexual Crimes

Murder Assault Threats

Sexual Crimes Rape Child pornography Stalking


Cyberstalking Facilitated by enormous amount of personal

information on the web Impersonal and anonymous nature of Internet

communications remove disincentives for stalking

Cyberstalkers effort is minimal Difficult to locate, identify and arrest offender Inflicts psycological but not physical damage Conflicts with “freedom of speech”


Cyberstalking (cont.) When should criminal liability be imposed for creating

and disseminating artificial constructs and manipulating information that is freely available about individuals?

This is a "new" criminal exploits computer technology to achieve results that

would not have been achievable in years past.

A nation must maintain a balance between protecting the safety and security of individuals and guaranteeing the free dissemination of information

and opinion.


Crimes Against Property Theft Forgery Fraud Malicious damage Hacking


Theft Unlawfully taking property That belongs to another So as to deprive the owner of its use By

Carrying it away (larceny) Using force (robbery) Deception (fraud) Breaking & entering (burglary) Exploiting a position of trust (embezzlement)


Theft (cont.) The law has had difficulty in reconciling the use

of new technology with theft offences e.g. “joy riding” in cars) Cheques Electronic funds

Cybertheft relies on the electronic transmission and manipulation of data-rather than acts and communications effected in the "real world“

Cybertheft is traditional theft accomplished by rather non-traditional means


Theft (cont.) Real world theft is a zero sum offence - the sole

possession and use of property is transferred from the rightful owner to the thief.

Cybertheft may only involve copying information Both the owner and the thief now have the

information The owner has lost value due to loss of

exclusive use of the information


Forgery Using a computer to forge:

paper documents Electronic documents

Same offence – new means No new penal laws required


Hacking Analogous to traditional law of trespass Difficulties with

Consent Virtual worldsRequires specific penal laws

Hactivism Analogous to vandalism More damage caused Is it free speech?


Denial of Service Cannot be prosecuted as:

Vandalism Theft

Requires new penal laws


Crimes Against Administration of Justice Generating false evidence Altering court records Threatening judges, law enforcement officials

etc. False reports of crime Impersonating police officers etc. Mostly, computer technology is simply a tool that

is used to commit an existing offence


Crimes Against Administration of Justice Two new types of offending

Cybervigilantism Raises similar issues to cyberstalking

Threats Conflict with “freedom of speech” Virtual activities may not be seen as a

direct threat Compilation of publicly available material


Crimes Against the State Treason Espionage Sabotage Terrorism

One man’s terrorist is another man’s freedom fighter

Counterfeiting


Procedural Laws Jurisdiction Place of offence Extradition Search and Seizure laws

What is a legal search in one country may not be in another

Often only cover tangible evidence


International Agreements The Council of Europe's Draft Convention on

Cyber-Crime seeks "to improve the means to prevent and suppress computer- or computer - related crime by establishing a common minimum standard of relevant offences."

The convention proposed by the Center for International Security and Cooperation (CISAC) has similar provisions


International Agreements (cont.) The Council of Europe’s convention addresses

misuse of computer data and computer systems; computer-related forgery and fraud; child pornography; infringement of copyright provisions governing the imposition of aiding and

abetting and corporate liability.; and the availability of certain procedures used to

investigate cybercrime and apprehend cybercriminals.


The Australian ResponseCybercrime Act 2001 Creates 3 new serious offences

Unauthorised access, modification or impairment with intent to commit a serious offence

Unauthorised modification of data Unauthorised impairment of electronic

communications


Cybercrime Act 2001 (cont.) Creates 4 lesser offences

Unauthorised access to, or modification of, restricted data

Unauthorised impairment of data held on a computer disk

Possession or control of data with intent to commit a computer offence

Producing, supplying or obtaining data with intent to commit a computer offence


Cybercrime Act 2001 (cont.) increases investigation powers relating to search

and seizure of electronically stored data Defines computer terms e.g.

Access to data Data held in a computer Electronic communication modification Unauthorised access


Hacker Originally, an expert programmer Today, someone who breaks into computers Types of hackers

White-hat hackers Black-hat hackers (crackers, dark side hackers) Elite hackers

Superior technical skills Very persistent Often publish their exploits

Samurai – a hacker for hire


Script-kiddie (packet monkeys, lamerz) Hacker in training Disdained by the elite hackers

Phreaker Person who cracks the telephone network

Insider Trusted employee turned black-hat hacker Very dangerous


Password Theft Easiest way to gain access User carelessness

Poor passwords Easily guessed

Dumpster diving Observation, particularly for insiders

The sticky note on the monitor Human engineering, or social engineering Standard patterns (e.g., Miami University)

Guess the password from the pattern


Password Cracker Software Available over the Internet Recover lost passwords Cracking techniques

Word list or dictionary Brute force Hybrid – lOphtcrack

Precaution – store encoded passwords


Passwords are stored in encoded form

Minimize risk if hacker steals password file Un-encoded

password needed

Password cracking programs Dictionary based Avoid English

words

Encodepassword

Readencodedpassword

Encodedpassword

file

Match?

Grantaccess

Denyaccess

Enterpassword

No

Yes

User Server


Packet Sniffer Software wiretap Captures and analyzes packets Any node between target and Internet Broadcast risk

Ethernet and cable broadcast messages Set workstation to promiscuous mode

Legitimate uses Detect intrusions Monitoring


A packet sniffer

Server

Wiringcloset

SnifferPromiscuous mode

Ethernet is a broadcast technology


Backdoor Undocumented access point

Testing and debugging tool Common in interactive computer games

Cheats and Easter eggs Hackers use backdoors to gain access

Programmer fails to close a backdoor Trojan horse Inserted by hacker on initial access

Back Orifice – the Cult of the Dead Cow


Potentially Destructive Software Logic bomb

Potentially very destructive Time bomb – a variation

Rabbit Denial of service

Trojan horse Common source of backdoors


Viruses Parasite Requires host program to replicate Virus hoaxes can be disruptive

Worms Virus-like Spreads without a host program Used to collect information

Sysop – terminal status Hacker – user IDs and passwords


Structure of a typical virus

Payload can be Trivial Logic bomb Time bomb Trojan horse Backdoor Sniffer

Macro viruses Polymorphic viruses E-mail attachments

Today, click attachment Tomorrow, ???

Cluster viruses Spawn mini-viruses Cyberterrorism threat

Reproductionlogic

Concealmentlogic

Payload


Anti-Virus Software Virus signature

Uniquely identifies a specific virus Update virus signatures frequently

Heuristics Monitor for virus-like activity

Recovery support


System Vulnerabilities Known security weak points

Default passwords – system initialization Port scanning Software bugs Logical inconsistencies between layers Published security alerts

War dialer to find vulnerable computer


Denial of Service Attacks (DoS) An act of vandalism or terrorism

A favorite of script kiddies Objective

Send target multiple packets in brief time Overwhelm target

The ping o’ death Distributed denial of service attack

Multiple sources


A distributed denial of service attack

Cyber equivalent of throwing bricks

Overwhelm target computer

Standard DoS is a favorite of script kiddies

DDoS more sophisticated

Target system


Spoofing Act of faking key system parameters DNS spoofing

Alter DNS entry on a server Redirect packets

IP spoofing Alter IP address Smurf attack


IP spoofing Preparation Probe target (A)

Launch DoS attack on trusted server (B)

Attack target (A) Fake message from B A acknowledges B

B cannot respond DoS attack

Fake acknowledgement from B Access A via 1-way

communication path

Alpha server(the target)

Beta server(trusted source)

Hacker'scomputer

2

Under DoS attack

1

3

4 One-way connection

False message claiming to come from Beta

Counterfeitacknowledgement

Acknowledgement to BetaNo response possible

MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Defamation on the Internet “Defamation”, Arts Law...

Documents

Transcript of MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Defamation on the Internet “Defamation”, Arts Law...