_Submission from EFA to the BBS Task Force_ Contents Introduction & Summary; About EFA; Background; Principles; Comments; Options; Proposal; Response to terms of reference; Requests; Appendices Introduction & Summary This submission by Electronic Frontiers Australia (EFA) has been contributed to by many BBS System Operators (SysOps) and other interested individuals and organisations. The submission starts with a description of EFA, followed by background information. It makes several recommendations, the principle ones being: o There should be a voluntary Code of Practice for BBS's. o There should be no BBS specific legislation. Any defects in existing laws should be remedied by amending those laws. o Any search or seizure of BBS equipment should require court orders, back-up copies of data to be made, and be subject to early review. o Any regulations should be uniform across Australia. About EFA Electronic Frontiers Australia is an association of people with a common interest in computer based communication systems, online information services, electronic mail networks, and similar media. "Born" on Fidonet and the Internet last year, EFA arose out of a growing awareness by its founding members of the need for a community based organisation to become involved in the establishment of the national agenda for the delivery of data communication services to and within the Australian community-at-large. It is loosely modelled on the American Electronic Frontier Foundation (EFF) and has received m uch encouragement and support from that organisation in its establishment phase. Electronic Frontiers Australia is a net-based organisation. EFA conducts the vast majority of its business via electronic data communications medium, utilising both Internet and Fidonet systems. EFA's objectives, loosely stated, are; - To ensure that people have the same basic freedoms 'within' computer based communication systems as without, - To educate the public at large about computer based communication systems and their use, - To support, encourage and advise on the development and use of computer based communication systems (and related innovations), and - To research and advise on the law as applied to computer based communication systems and related technologies. To these ends, EFA is corresponding with the media, representatives of the government, the law community, and other interested groups. EFA has created and/or uses mailing lists, USEnet newsgroups and Fidonet- based echomail conferences to foster discussion of these issues. Background o There are many means of communication (including, but not limited to: post, phones, fax and radio) that can be used for illegal purposes. However none of these appears to be the subject of "special" attention by the Attorney General. Similarly newspapers appear to advertise many items and services in classified ads, some of which appear to promote illegal activities, but again, no-one, State or Federal appears to investigate. o The volume of electronic information entering Australia daily is already huge and growing. [On Usenet as of 28 March 1994 there were over 52,000 articles posted per day averaging 2000 characters (the equivalent of one type written page) each. The number of articles posted per day is currently growing at over 170% per year.] Trying to stop the flow would be like King Canute trying to stop the tide. o Delivering on the promise of the "Clever Country" will depend in no small part on our ability to play the information game successfully. To do this we will need full access to international electronic networks. Consequently any moves to restrict the free flow of electronic information will have a negative impact on the economy of this country. o There is no "BBS Industry". There are some systems that are operated in support of a business, but their numbers are small, and there are even fewer large systems that are run as businesses in their own right. However the great majority of BBS SysOps treat it as a hobby, and most sysops don't recover the cost of running their boards from their users. What we have is a "BBS Community", but _not_ a "BBS Industry." o Even if contentious computer games, pornography, etc were not available via Australian BBS's, they would still be available electronically from sources overseas (by phone and/or international networks). Once in Australia they would get passed around on floppy disk, a method that is often called a "sneaker net" (sneaker refers to the footwear of those operating such a network). As an example there were press reports a few months ago of pornographic image files on computer disk being exchanged and sold in school playgrounds in the UK. o There is a rapid turnover of BBS's. Of 721 BBS's on the BBS Registry two years ago, only 432 are still operational. This is a loss of 40% in two years. However in that time the total number of systems now on the Registry is 1032. The age break down of systems is: Age (years) 0 1 2 3 4 5+ Number 356 244 129 106 68 129 This age distribution is typical of a rapidly growing population, but also indicates that many systems are only online for a very short time. It should also be noted that while not all BBS's are listed in the BBS Registry's lists, the percentage of all BBS's of a given age that are registered is very likely to increase with age, so the above will tend to understate the short life expectancy of a new BBS. o Computer games distributed via BBS's can, in large part, be divided into two categories. The first is shareware games from companies like Apogee that are put out by the company as an inducement to buy a set of commercial games of which the shareware game is the first of the set. The second category is non-commercial, pure shareware or freeware games. Games in the first category are highly likely to be presented to the OFLC for classification by their local distributors. It is games in this category that are most likely to receive ratings higher than G(8+). Games in the latter category would be much more likely to attract a rating of G or G(8+). The point of this is that the vast majority of games on BBS's that would attract a M(15+) or higher rating from the OFLC will have a rating. The distinction between G and G(8+) should be of no great concern since very few children under 8 are capable of accessing a BBS. o The great majority of BBS systems are operated in an ethical fashion, restricting access to contentious material based on age. The proportion of "problem systems" is small and appears to be falling. [See Appendix A2.] o BBS systems are _not_ publishers. In the case of both messages and files (including programs) the publisher is the one who posts the message or file to the first BBS. The BBS is a delivery system, not a publisher. A publisher can exert control over the content of what is published. A BBS SysOp has no effective control over what is posted by users on the BBS. Users may be subject to conditions under which they use the BBS. However whether they follow those conditions or not cannot be controlled. If they don't follow the conditions their use of the system can be curtailed, but only after a user has posted objectionable material, not before. It should also be noted that the volume of material posted on most BBS systems is such that it is beyond the ability of one person to thoroughly vet all of the posted material. o There are already several BBS's in each state that are also connected to the Internet. This is a trend that is likely to increase. The distinction between a BBS and an Internet provider is not clear and will increasingly become less clear as time progresses. o It is possible to logon to a fully connected Internet site and from there logon to thousands of systems world wide. Such access will soon be available from an increasing number of BBS systems, in addition to an increasing number of public access unix systems. Once logged into a second system through a BBS, the BBS sysop can have no control over either what the user does, nor the material the user accesses, without an unacceptably high level of survelence. The level of survelence required would be similar to Telecom actively monitoring all telephone calls to ensure that no phone user engaged in "unacceptable behaviour". o One type of game available on BBS's is the multi-player game. By their interactive nature, there is no way that the content of messages that will be posted in such games can be known, or classified before the playing of any one instance of the game. There is no practical way in which the content of messages can be controlled. o The recent WA defamation case highlights the need for user verification. There have been cases on the Internet of bogus messages being posted in other people's names. Technically such bogus messages are also possible on Fidonet technology networks. What is required is a method of ensuring that messages were actually posted by the person who appears to have posed them. o Most SysOps restrict viewing of contentious material to those over the age of 18. However there is considerable doubt within the BBS community as to what constitutes an adequate check on the age of a new user. If some guidance were available as to adequate age checks, more SysOps are likely to implement an age check if they carry contentious material on their BBS. o Some BBS's support machines that the SysOp does not have access to. For Example a BBS run on an IBM PC can have software (including games) available for downloading that can only be run on Amigas, Macs and Unix platforms. There is no way that such a SysOp could personally test or evaluate such software. Principles EFA has followed the following principles in drawing up this submission and asks that the Task Force adopt similar principles. - Regulations and/or legislation governing BBS's should be no more onerous or restrictive than their physical counterparts. For example if there are no restrictions on a particular piece of text when it is in printed form, there should be no restrictions on it when it is in electronic form (message or text file). - BBS's should not expect special treatment - Self regulation (of BBS's by BBS sysops and/or users) is preferable to legislative regulation. - The reader/viewer/writer should be responsible for what (s)he reads/views/writes. Specifically someone who cannot reasonably be expected to have effective control over content (of messages or files) should not be held responsible for that content. - Parents should be responsible for what their children do. - If material is not illegal in text, video or magazine format, it should not be excluded from BBS's or Internet sites, subject to the strong recommendation that minor's access to material should be restricted in line with general community standards. Comments Criminal uses of BBS's (such as "exchange of paedophile information or data that assists in the commission of fraud offences or the dissemination of racist propaganda") should be covered by existing legislation. If it is not that legislation should be amended - not new legislation enacted. In response to an early draft of this submission Paul Repacholi had this to say: ' The reality is that kids just don't care about most of the stuff that people go on about, to quote my son (11) "Boring..." ' [also see Appendix A2] While BBS's *may* be controllable to some extent, the Internet by its very design is not controllable and is also vital to the economic well-being of our nation. Rather than looking at mechanisms for control we (as a nation) should be looking at how to live with this situation. [see Appendix A3] Options Options, available for dealing with the problems the Task Force has been set up to address, range from "do nothing", through a voluntary Code of Practice, to licensing of BBS's. None of these options will be totally effective, even the most restrictive. Within a democratic society there is no effective way of banning "sneaker nets", that is the distribution of material from person to person on computer disks. There is also no effective way of preventing the import, (or domestic production,) of contentious materials, given the ease of accessing such materials through international phone calls and/or the Internet. Heavy regulation would discourage the highly responsible volunteer effort of most BBS SysOps, would probably reduce their numbers, leaving the field more open to the unscrupulous element that exists in any culture, thus increasing rather than reducing the quantity of undesirable communications by making them more profitable and more available to the less discerning young and increasing the difficulty of securing the benefits that the regulations would be attempting to enforce. One approach to be avoided is to require that any game on a BBS should be classified by OFLC at the expense of the BBS SysOp. The effective of this would be to force games off reputable BBS's and onto underground systems. Such underground systems would also be likely to have pornography and copyrighted material. While EFA does not condone such activities, we must point out that overly restrictive regulation of BBS's will tend to encourage them. EFA is opposed to the imposition of a mandatory Code of Practice or licensing because of the extra regulations, costs and controls that would be required to enforce it. There is unlikely to be any level of licence fee that would cover the full cost of a licensing scheme. With higher the fees more BBS's would cease operations and the less revenue would be raised. There would also be the problem of how to define a BBS. It would either cover all computer systems linked by telecommunications that would be detrimental to the economic well being of the country, or some arbitrary sub-set of such computers. Proposal The solution to the problems that the Task Force is investigating that EFA most favours is that of the establishment of a voluntary Code of Practice. Such a Code should encourage the spread of current best practice within the BBS community [see Appendix A1]. EFA is already committed to supporting the development of such a Code. Several aspects could enhance such a voluntary Code. One is a complaints procedure and another is having enducements to adopting the Code of Practice. Either (or both) of these will work best if there is a body to oversee the operation of the Code of Practice. EFA is currently engaged in discussion with the BBS community as to how such a body could be setup. While the BBS Registry could not administer a code of practice (due to its charter) it does provide a good example of cooperation between BBS sysops. Several inducements could be set up to encourage BBS SysOps to adopt a voluntary Code of Practice. These are in the form of benefits which those adopting the Code of Practice would enjoy. They could include the provision of a standard user agreement that has been drawn up by a legal professional, and discounts on goods and services used by BBS systems from providers who back the scheme. Such benefits would only be available to those who continue to follow the Code of Practice. A complaints procedure could be administered by an Ombudsman appointed by the body administering the Code of Practice. Complaints that a particular BBS and/or SysOp was not following the Code of Practice would be considered by the Ombudsman who would have power to require a BBS and/or SysOp to rectify any irregularities found. Failure to make such rectification would be grounds for expelling the BBS and/or SysOp from the scheme. Response to terms of reference "The Task Force is to consider alternatives for developing a regulatory system that would: o allow bulletin board users, parents and guardians to make informed entertainment choices for themselves and those in their care; and o provide adequate protection to children from material that might be considered harmful or disturbing." These issues are best dealt with by a voluntary Code of Practice that encourages the widespread adoption of current best practice. Our comments on the other terms of reference are: o existing Commonwealth offences covering the misuse of computers and telecommunication services are adequate to deal with bulletin board abuse; If they are not, then the individual laws defining those offences should be extended to cover BBS's. Such extension should be no more onerous on BBS's, SysOps, and BBS users, than the existing provisions. o import/export restrictions are capable of controlling the international trafficking and subsequent copying and distribution of otherwise banned material; It would appear that the only way to control the import of banned material would be the imposition of the equivalent of Customs Inspection on all international data traffic. This would require the monitoring of all international telecommunications links. Such a level of monitoring would be unacceptable. If there are to be categories of banned material, ways will have to be found of dealing with them within Australia. o State and Territory laws such as those dealing with the misuse of computers and possession of child pornography are adequate to deal with bulletin boards; As with our comments on Commonwealth law, if they are not, then the individual laws defining those offences should be extended to cover BBS's. Such extension should be no more onerous on BBS's, SysOps, and BBS users, than the existing provisions. o current law enforcement tools/powers are adequate to deal with the new technology; and If such law enforcement tools/powers are found inadequate and proposals are made as to how such inadequacies should be remedied then EFA requests that the public and/or EFA be given the opportunity to comment on such proposals _before_ they are finalised. o specific offences should be enacted for the use of bulletin boards for unlawful purposes. EFA is opposed to the introduction of specific legislation with regard to BBS's (or any other specific technology). If something is unlawful it should be unlawful regardless of the technology used. If there are deficiencies in current legislation, then that legislation should be amended, rather than creating BBS specific offences. Any legislation or regulations regarding search or seizure by police of BBS equipment should require judicially-granted search or seizure orders and in both cases two back-ups should be taken (one for the authorities, one for the defendant, as with blood samples). Seizure of equipment should be subject to early judicial review, strictly on the grounds of evidence or bail. Account must be taken of varying State prosecution procedures so that there is no advantage in "forum-shopping". In this regard the BBS community is likely to prefer Federal regulation, rather than have different codes state-to-state. Recently a WA Supreme Court awarded an academic $40,000 for e-mail defamation, identified as a "libel", although the usefulness of that precedent is limited as the defendant did not file a defence or in any way dispute the plaintiff's claim. As criminal defamation is a State-based crime, it would be useful for any regulation of potential abuse of e-mail to be an Australian standard to safeguard the free flow of mail between States. Requests EFA requests that the Task Force either specify what would constitute an adequate check on the age of a BBS user, or recommends that advice on what would constitute an adequate check be made available. EFA requests that the Task Force include in their report and/or recommendations that the responsibility of BBS SysOp's (and service providers in general) should not extend beyond those things that they can reasonably be expected to have adequate control over. Appendices A1. BBS best practice This is a summary of an infomal survey of BBS's carried out via the R_U_NEXT and EFA Fidonet echos. A questionaire was posted on 17 April 1994. The following is based on a compilation of the replies received and is written in terms of what the composite BBS following best practice does. There are two broad categories of BBS - those that carry contentious material and those that don't. As far as such contentious material is concerned, current best practice is to either not carry it or place age restrictions on access to it. Contentious material occurs in both message and file areas. Both have large volumes of material. Message areas are much more difficult to classify since anyone could post anything (including language that is considered offensive by some) to any area. However based on past experience it is possible to give general guidance as to what to expect in different areas. However such guidance is *not* full-proof. Both types of BBS warn users that they may come across offensive material in any of the message areas. BBS's carrying contentious message areas restrict access to them to those over 18 years. File areas have brief descriptions which describe their content. Access to areas conting contentious material is restricted to those over 18 years. Within each file area lists are available describing each file. In general the descriptions are derived from the authors or distributors of the files. Methods of verification of age vary. There is considerable uncertainty within the BBS community as to what constitutes an adequate validation of age. A BBS following best practice does one of the following: a) Require the return of an application form which asks for age and/or date of birth and is signed as being a true statement. b) Requires an application as in a) plus verifies by phone. c) An application as in a) is mailed to the user addressed to Mr/Ms UserName (as listed in the phone book) so that the application is likely to be seen by a child's caregiver. d) Require to see signed photocopies of drivers license or passport. e) Only provide access to those personally known by the SysOp. Subject to a suitable Code of Conduct being drawn up BBS SysOps following best practice would be willing to follow such a Code of Conduct. A2. Message from a 14 year old The following message was posted to the R_U_NEXT Fidonet echo conference recently. - Area: R U Next? ---------------------------------------------------- Msg#: 73 Date: 18 Apr 94 19:24:34 From: Rhys Brett Read: Yes Replied: No To: All Mark: Subj: BBS regulation ---------------------------------------------------------------------- Dear all, I am a 14 year old who has been using modems and BBS's for about 3 years. I am not oblivious to X-rated material on Bulletin Boards and let it be shown that I have tried to obtain a few pieces over the last three or so years... and each time failing. I have used many different net's and I have never once found any child pornography or any material normally classified harmful and regulated under Government procedure. In recent months there has been an increaseing amount of Media articles directed to this disscussion. i know about 100 other people my age who use BBS's and I am pretty well sure they don't have access to X-Rated material either. As a standard now most BBS's require a drivers license minmum. The point that I am trying to make is that why would any reasonally sane person want to risk getting fined and possibly jailed for a few X-rated pictures. If you would like to argue the opposite side of this I would be more than willing to reply.. Rhys -!- Maximus 2.01wb ! Origin: AlphaMed Link: The Medical MAX (3:711/413) ---------------------------------------------------------------------- As a footnote it should be noted that (as of 29 Apr 94) no one has replied "to argue the opposite side of this". A3. Recent article in the San Francisco Examiner The following was posted to the Usenet newsgroup comp.org.eff.talk recently. From: kadie@eff.org (Carl M. Kadie) Newsgroups: comp.org.eff.talk,alt.censorship,alt.comp.acad-freedom.talk Subject: [SF Examiner] "Why Censoring Cyberspace Is Futile" Date: 24 Apr 1994 19:02:43 -0400 [By Howard Rheingold. Originally published in the San Francisco Examiner, part of a weekly series of columns called "Tomorrow." Reposted with permission.] ======================================= vc.181: Howard Rheingold's "Tomorrow" Columns Online vc.181.27: Howard Rheingold (hlr) Tue 5 Apr 94 20:30 This will appear in tomorrow's Examiner: Why Censoring Cyberspace Is Futile By Howard Rheingold For years, many Netheads had a recurring nightmare that a pedophile would use a computer bulletin board system to make contact with a child, and follow up with physical abuse offline. Now this nightmare has become a reality. (See the news pages of today's Examiner.) It is only a matter of time before law enforcement authorities use cases like this to crack down on the free-wheeling, everything-is-permitted culture of cyberspace. It's not hard to imagine Jesse Helms standing before the US Senate, holding up an X-rated image downloaded from the Internet, raging indignantly about "public funds for porno highways." As the public begins to realize that communications technology is exposing them to an unlimited array of words and images, including some they might find thoroughly repulsive, the clamor for censorship and government regulation of the electronic highway is sure to begin. But it would be a mistake to let traffic cops start pulling people over on the highway. Yes, we have to think about ways of protecting our children and our society from the easy availability of every kind of abhorrent information imaginable. But the "censor the Net" approach is not just morally misguided. It's becoming technically impossible. As Net pioneer John Gilmore is often quoted: "The Net interprets censorship as damage and routes around it." The Net's technological foundation was built to withstand nuclear attack. The RAND Corporation designed the network to be a thoroughly decentralized command-and-control-and communications system, one that would be less vulnerable to intercontinental missiles than a system commanded by a centralized headquarters. This decentralization of control means that the delivery system for salacious materials is the same worldwide one that delivers economic opportunity, educational resources, civic forums, and health advice. If a hacker in Helsinki or Los Angeles connects to the Internet and provides access to his digital porno files, anybody anywhere else in the world, with the right kind of Internet connection, can download those steamy bits and bytes. This technological shock to our moral codes means that in the future, we are going to have to teach our children well. The locus of control is going to have to be in their heads and hearts, not in the laws or machines that make information so imperviously available. Before we let our kids loose on the Internet, they better have a solid moral grounding and some common sense. I bought an Internet account for my daughter when she was eight years old, so we could exchange e-mail when I was on the road. But I didn't turn her loose until I filled her in on some facts of online life. "Just because someone sends you mail, you don't have to answer unless you know them," I instructed her. "And if anybody asks if you are home alone, or says something to you that makes you feel funny about answering, then just don't answer until you speak to me." The worldwide virtual communities that provide users with companionship, personal support, enlightenment, and entertainment can also contain imposters and worse. Your 14 year old might look like he is doing his homework, but is actually secretly joining a hot chat session with lecherous strangers. (The same dangers exist with the telephone -- ask parents who have had to pay hefty bills for their kids' 976 habits.) You should have the the right, and the ability, to restrict the massive information-flow into your home, to exclude subject matter that you don't want your children to see. But sooner or later, your children will be exposed to everything you have shielded them from, and then all they will have left to deal with these shocking sights and sounds is the moral fiber you helped them cultivate. Teach your children to be politely but firmly skeptical about anything they see or hear on the Net. Teach them to have no fear of rejecting images or communications that repel or frighten them. Teach them to have a strong sense of their own personal boundaries, of their right to defend those boundaries physically and socially. Teach them that people aren't always who they present themselves to be in e-mail and that predators exist. Teach them to keep personal information private. Teach them to trust you enough to confide in you if something doesn't seem right. Yes, pedophiles and pornographers use computer networks. They also use telephones and the mail, but nobody would argue that we need to censor or shut down these forms of communication. The most relevant question now is: how do we teach our children to live, in an uncensorable world? * * * -- Carl Kadie -- I do not represent EFF; this is just me. =kadie@eff.org, kadie@cs.uiuc.edu =