May 7999 Network Security

that the data provided by the defendants could be construed by a reasonable person to be a true threat to abortion providers and thus not protected by the First Amendment. The judge instructed the jury to make their decisions in the light of all the circumstances (including the murders of doctors), not just the printed words. The case is unprecedented because, until now, incitement has been applied only in face-to-face communication and historically the US courts have protected rude and violent public rhetoric and hyperbole as opposed to actual incitement or aiding or abetting murder.

The case will no doubt be appealed, not only because of its implications for the right to free speech, but also because of the depth of feeling between the defendants and the plaintiffs. Whether the award will ever be paid to Planned Parenthood and other plaintlffs remains uncertain. Vowing defiance, one anti- abortionist defendant said handing over any money “would be like asking Martin Luther King to pay money to the Klu Klux Klan”.

UK E-Commerce Bill - summary

The UK Government issued on 5 March 1999 its long awaited Consultation paper on Electronic Commerce. The closing date for comments was Thursday 1 April 1999. Two responses to the Government’s proposals can be viewed at Cyber-Rights & Cyber-Liberties (UK) (http: wwwcyber-rights,org/reports/dti 99.htm) and Clive Feather - Director of Software Development for Demon Internet Ltd (http:www.davros.org/legal/ ecommsub.html).

The Government says that it is committed to introducing legislation in the current Parliamentary session and has set the ambitious goal of developing the UK as “the world’s best place in which to trade electronically”.

One of the more controversial aspects of the proposed legislation is the question of key escrow. The Government has backed away from the controversial proposal for key escrow (‘Trusted Third Parties’ holding the keys to coded data sent over the Internet). It is a relief that the Government has acknowledged the reality that the criminal fraternity will not deposit private keys - allowing law enforcement authorities to unlock their conspiratorial communications - even if the law requires them to.

However, the less controversial aspects of the Consultation paper are perhaps the most important from a legal viewpoint. Much of the actual legislation will be relegated to statutory instrument and so the new E-Commerce Act will mainly be an enabling Act. The devil is likely to be in the detail of the Regulations as and when they are issued. The legislation is intended to implement some key European Directives which have yet to be finalized.

Elec tfonic Signutufes Difec tive

Electronic signatures can be used to ensure the integrity of information (ensuring its content has not been altered), to verify the author of the information and to ensure confidentiality. Digitally signed documents and messages are to be given legal recognition. Voluntary licensing arrangements will be introduced

for bodies offering cryptographic services.

It is proposed that there be a statutory rebuttable presumption that an electronic signature, meeting certain conditions, correctly identifies the signatory it purports to identify: and, where it purports to guarantee that the accompanying data has not been altered since signature, that it has not.

The licensing regime will be set up in such a way that an electronic signature, backed up by a certificate from a licensed Certification Authority, will automatically satisfy the conditions necessary to be regarded as legally equivalent to a hand-written signature.

The Government’s intention is not to deny legal recognition to electronic signatures which are not backed by certificates from licensed Certification Authorities, but parties relying on them may be taking on a higher level of risk.

Elec tfonic Commerce Difec tive

This focuses on creating a framework within which European business will have the legal certainty needed to take full advantage of the opportunities offered by electronic commerce. It covers the treatment of electronic contracts and provisions at the moment at which a contract is concluded. The Directive seeks to ensure that, as far as possible, the law does not discriminate between traditional and electronic ways of doing business, i.e. that the law should be “technology neutral”.

0 1999 Elsevier Science Ltd 15

Network Security May 7999

Law enforcement and cryptography

The Government has the dual responsibilities of promoting lawful use of encryption, and making it as difficult as possible for criminals to exploit it for their own purposes, The Government’s response has three key elements: updating of existing statutory powers to take account of the widespread use of encryption; encouraging the deployment of key escrow and key recovery technologies and working with industry and other interested parties to find other ways to prevent criminal use of encryption.

The police olready have power to require an Individual to produce computerized information. But this does not provide the police with a clear legal basis to require disclosure of encryption keys In order to decrypt seized material. The Government believes It is necessary to establish a new power to allow the police to require disclosure of encryption keys to maintain the effectiveness of existing statutory powers of search and seizure. The Government proposes to establish a power to require any person, upon service of a written notice, to produce specified material in a comprehensible form or to disclose relevant material (e.g. an encryption key) necessary for that purpose.

There will be statutory safeguards to ensure that written notices are served only where necessary and appropriate. The Government will supplement these safeguards by a published Code of Practice governing the exercise of the new powers. The proposed legislation will also contain safeguards protecting the security and privacy of

encryption keys obtained under a written notice. It w/II be an offence of failure to comply with the terms of a written notice wtthout reasonable excuse or to ‘tip off’ an individual about the existence of an authorization by the Secretary of State.

Service provider loses defamation case

Demon Internet has lost its case against llbelled scientist Laurence Godfrey. In the case, Godfrey alleged that in 1995 Demon had failed to remove forged messages on soc.culture.thai. purporting to be from him. Demon was apparently notified that the article was alleged to be defamatory, but took no actlon in response. As a result, the Court found that Demon was unable to take advantage of the defence of “innocent dissemination” under the Defamation Act 1996.

Demon argued that it should not be responsible for information posted to and made available from newsgroups that are held on its servers. Demon estimates that approximately one million articles are posted in 35 000-plus active newsgroups each day.

The court decided that Demon was not the publisher of the posting and was not the author, editor or publisher of the statement complained of. However, to have the benefit of the defence, Demon also had to show that it took reasonable care in respect of publication, and had no knowledge or reason to believe that what it did caused or contributed to the publication of a defamatory statement. The defamatory posting was technically publlshed by Demon and, as from the moment it knew of the defamatory content of the

posting, Demon could not avail itself of the protection provided by the defence under the Act.

The American authorities demonstrate a substantial divergence of approach between American and English defamation law and therefore were of limited assistance. The case has been criticized because It indicates that an ISP can be held liable for content posted on the Internet over which it has no control. If this Is correct, it could have serious implications for ISP’s who would have to investigate every notification that they receive.

In March 1999, a UK court awarded Godfrey El 5 000 in libel damages from Canadian student Michael Dolenga, the real author of the Thai Usenet messages, who posted the piece while he was studying at Cornell University.

liability for infringements on linked sites?

The US case of Gary Bernsteln v JC Penney Inc., Elizabeth Arden Inc, Parfums Internatlonal, Unllever United States, Internet Movie Database Ltd and Alcatel - Case No 98-2958 R (Ex) 29 September 1998 before the US District Court for the Central District of Callfornia ralsed an interesting question concerning Indirect links to copyright infringing material. In this case, Gary Bernstein, a photographer, brought an action against Elizabeth Arden and JC Penney for infringement based on a series of hypertext links which connected JC Penney’s Web site to a site containing unauthorized copies of photographs of Elizabeth Taylor taken by Bernstein,

16 0 1999 Elsevier Science Ltd