Slashdot Mirror
Australian ISPs Required To Report Child Porn
rolling_or_jaded writes "As of the 1st of March 2005, Australian ISPs and web hosts will face fines of up to $55,000 if they can be used to access child pornography and do not refer the information to the police. Yikes. How on earth are the ISPs (and web hosts -- like my own very small-time and humble company) supposed to enforce this?"
From the article:
Under the new laws, an ISP or ICH will face penalties of $11,000 for the individual and $55,000 for body corporates if they are made aware that their service can be used to access material that they have reasonable grounds to believe is child pornography or child abuse material and they do not refer details of that material to the AFP within a reasonable time.
What that equates to is if child porn is reported to the ISP/webhost, they have to then report it to the Australian police quickly or face penalties. This isn't some ridiculous content-policing scheme - its just imposing a penalty on those who don't forward child pornography reports to the police at a reasonable pace.
The legislation does not require ISPs to monitor customer usage to pick up on illegal use. It is purely there to ensure that when an ISP becomes aware of specific content, that they report it.
To read an official summary of the legislation, check out this site: http://www.ag.gov.au/ISPresponsibilities
From the article: "... and they do not refer details of that material to the AFP within a reasonable time."
From the article, it sounds more like ISPs will be required to notify authorities if they are made aware of a specific instance of child pornography.
----
All of whose base are belong to the what-now?
For gods sake read the new ruling first. Then make comments.
a) It's not a new law it's merely an amedment to the existing legislation
b) It only kicks in if the ISP is found to know about access to or hosting of child porn. It does *not* expect the ISP to watch for access to child porn. It is merely an incentive for ISP's to actually report access to or hosting of child porn rather than wiping/disconnecting user and pretending it never happened.
Yes I'm aware of what the media is saying. It's the medias job to beef up things like this and it keeps the "won't anyone think of the children!" brigade happy.
The law does not force ISP's to do filtering, it does not expect them to block access to child porn site it only ensures that ISP's report known access/hosting to the AFP within a decent time frame. Something just about every sysadmin with a sense of ethics would do in any case here in Australia in any event.
I work for an ISP and we recently had a friendly informational meeting with our local police. It was pretty much a get to know you kind of thing.
In talking, the topic of child porn came up as it would be something we cooperate should that type of investigation land on our networks door-step. The Officer said that they could have found 20 images of a 'child' in various stages of undress, and the last one was an image of a fully disclothed child, but without a clear shot of their face. Out of all of that they would have no way (with out obvious birthmarks and the like) to classify any of the images as child pornography because there was no definitive way to link the final image to the identity of the child.
Pretty depressing stuff, but that is the reality the poice face when trying to prosecute this kind of thing.
Imagine the steps ISPs would have to do to come to the same conclusions.
How do you decide what's child porn and what's good old regular normal porn?
Or even what is just ordinary human behaviour.
Remember that immigrant in America who was charged with child pornography for taking pictures of herself breast feeding?
With 10 years in jail as the penalty, on top of other penalties that may be imposed by individual states, you'd have to be bloody certain you didn't upset any religious zealot in the goverment bureaucracy. No nudism for you, buddy!
The reports on other news channels say they must report it, IF they know about it. Not police it. Sounds good to me, unless you support child porn.
There was an unknown error in the submission.
One of the main complaints of current laws is that there is no intent written into the law. It is an interesting age that using your own computer can instantly be a felony should you mis-type a URL, a trojan from an exploit begins pop-ups or Googled more than you expected.
People seem to think that just because your computer is in your home that you are safe. The computer is a doorway that can let every seedy thing in the world find a way into your house and should be treated as such.
Bel, the mostly sane.. "Of course I can't see anything! I'm standing on the shoulders of idiots." -- Me
No, this law only requires that ISPs forward customers' reports about child porn to the authorities. The Slashdot summary is totally incorrect.
The law only requires that ISPs forward customers' reports about child porn to the authorities. The Slashdot summary is totally incorrect.
There are no issues like you mention, because this story is total rubbish.
Slandering the Australian Government is tradition on Slashdot, but this story really takes the cake.
No, just a typical Slashdotter, more interested in shooting from the lip than in bothering to RTFA. As several other posters have already pointed out, this law requires ISPs that learn about kiddy porn on their systems, or viewed through their systems, to report the incident to the police in a reasonably timely manner, and nothing else. It doesn't make them responsible for content, it doesn't force them to censor anything, it doesn't force them to do anything at all except report kiddy porn to the police. Now please, get off your soapbox, back on your meds and next time, RTFA before showing everybody what a fool you are.
Good, inexpensive web hosting
Under the new laws, an ISP or ICH will face penalties of $11,000 for the individual and $55,000 for body corporates if they are made aware that their service can be used to access material that they have reasonable grounds to believe is child pornography or child abuse material and they do not refer details of that material to the AFP within a reasonable time.
The article indicates that the new law just requires that if an ISP is made aware of child abuse material accessable using their service, the ISP should inform the AFP about the material. Not that unenforcable, is it?
The author asks - "How on earth are the ISPs ... supposed to enforce this?"
This question is misguided according to the article.
"(Liability) if they are made aware that their service can be used to access material that they have reasonable grounds to believe is child pornography or child abuse material and they do not refer details of that material to the AFP within a reasonable time."
The ISPs are not the enforcers, the police are. Furthermore, it does not state that it is the duty of the ISP to try to track down infringment - but simply forward any reported infringement that comes their way. I do not find anything unreasonable here. It simply says that if the ISP is made aware that such activity is happening through their service they, by law, must report that to the police. It does not state that if such activities are happening then the ISP is liable no matter what. They are only liable if they are "made aware" and then neglect to act. I don't see anything wrong with this.
I would have to see more specific information on the law to consider it unjust. But from what the article states, I do not understand the author's alarm.
whenever someone accesses a file ending in .gif, .jpg, .bmp or .png using their browser, forward a copy of that file to the police
A US government agency keeps a list of hashes for known files which contain illegal material and make it available for people working in computer forensics.
Images which pass through proxy and mail servers, could be checked at random against the list to flag potential offenders. Of course, checking hashes on every file that passes through an ISP's proxy and mail servers would likely be infeasible, but at least a best attempt could be made which could allow a focus to be moved to where it is most likely needed.
No, the Australian Federal Police is the equivalent of their FBI. ASIO is like the 'theory' component of the CIA, ASIS is like the 'practical' component.
Not Meta-modding due to apathy.
Although it is not required for any billeted job description, many of us in front end DSD collection and survey positions DO report child porn and IP addresses (Plus lots of other data) to Australian federal police - regardless of source. Australian originator or not, child porn is not even nearly as nice as cancer. It is just fucked up sick. (No apologies for language - I see this too often, it disgusts me)
Quite a bit of this crap goes over non-public links, weakly encrypted (they likely think it's hot shit though) so not much escapes.
The feeling is nice when you get a call across stu-III or wherever, interpol, whoever, saying thankyou - 'we got the bastards'
OK, people, reality check here. In all fairness to the luddites up in Canberra (for whom I did not vote), the law only requires ISP's and hosts to report child porn to the police when it is brought to their attention by a 3rd party.
They are NOT required to go looking for it.
They are NOT required to pre-screen content before allowing posting/hosting.
They are NOT required to take preventative measures.
They are NOT required to implement filtering or blocks.
Get the message?
All the law says is that they are NOT allowed to turn a blind eye when someone complains about child porn hosted on or transmitted through their facilities. Then all they have to do is forward the complaint on to the police for action.
This is no worse than doctors being required to report signs of child abuse in their patients.
John.
surely its more efficient not to post until you have thought the question through?
"Hello, police? As required, I am reporting that my service can be used to access child porn. Goodbye."
Quoting from the article almost nobody seems to read : "Under the new laws, an ISP or ICH will face penalties [...] if they are made aware that their service can be used to access material that they have reasonable grounds to believe is child pornography or child abuse material and they do not refer details of that material to the AFP within a reasonable time."
Well, although the above poster might be partially right, he fails to catch the issue: you have to report WHO is using you to access what you may think it's child porn, and you have to report who hosts or who sent it to the other. That's what people call "details"...
Also, the very question posed in the title of the thread is completely misplaced... you're NOT supposed to ban or restrict use or access to child pornography, you're only supposed to forward information you received from your staff or your clients regarding possible uses of child porn.
So how are you supposed to enforce it ?
Exactly how the above poster has said it, plus all the details you have.
By reading this signature you agree to not disagree with the post you just read.
...but the de facto state of the law is that you were in fact producing child pornography (presuming the pictures qualify). If you were above the minimum age of prosecution, but below the required age (which in some cases are age of consent, but mostly higher), you could go to jail. To keep them after you passed the age of prosecution would be possession of child pornography, and in the eyes of the law it does not matter if the subject is yourself or someone else. Likewise for distribution.
To take a simple example from here:
You must be 14 to be prosecuted.
You must be 16 to be of legal age.
You must be 18 to be in a sexual picture/movie (actually, we're implementing that now, up from 16).
If you're 13 at the time, you can't be prosecuted for production, but for possession when you reach 14 (and still have them).
If you're 15 at the time, you can be prosecuted both for production and possession.
If you're 17 at the time, you can also be prosecuted both for production and possession.
The law is rather peculiar this way. Two 17 year olds could fuck as much as they want, and it's legal. But if they take a picture of it, it is child pornography, even though both are above the age of consent, and may consent all they like.
Kjella
Live today, because you never know what tomorrow brings
Running a small airline, even between a handful of destinations, isn't as easy as you assume.
Certainly not me. Under current laws I'd probably be charged with viewing child pornography.
Much better to just delete the stuff and forget about it, than to attempt to get the actual source busted. The law is fucked and it encourages people not to report.