The Sanity Assassin

Posted on 12th May 2011

An update to my recent post.

With thanks to a fellow Perler, Smylers informs me that a Flash Cookie refers to the cookie used by Flash content on a site, which saves state on the users machines, by-passing browsers preferences. Odd that the advice singles out this type of cookie by name though, and not the others.

In an article on the Wall Street Journal I found after posting my article, I found it interesting to discover that the ICO themselves use Google Analytics. So after 25th May, if you visit the ICO website and see no pop-up, I guess that means Google Analytics are good to go. Failing that they'll see a deluge of complaints that their own website fails to follow the EU directive.

I also recommend reading the StatCounter's response too. They also note the problem with the way hosting locations are (not) covered by the directive, and the fact that the protection from behavioural advertising has got lost along the way.

After a discussion about this at the Birmingham.pm Social meeting last night, we came to the considered opinion that this would likely just be a wait and see game. Until the ICO bring a test case to court, we really won't know how much impact this will have. Which brings us back to the motives for the directives. If you're going to take someone to court, only big business is worth fining. Bankrupting an individual or a small business (ICO now have powers to fine up to £500,000) is going to give the ICO, the government and the EU a lot of really negative press.

Having tackled the problem in the wrong way, those the directives sort to bring into line are only going to use other technologies to retrieve and store the data they want. It may even effect EU hoisting companies, if a sizeable portion of their market decide to register and host their websites in non-EU countries.

In the end the only losers will be EU businesses, and thus the EU economy. Did anyone seriously think these directives through?

File Under: government / law / security / technology / usability / web / website
NO COMMENTS


The Planner's Dream Goes Wrong

Posted on 11th May 2011

On May 26th 2011, UK websites must adhere to a EU directive regarding cookies, that still hasn't been finalised. Other member states of the EU are also required to have laws in place that enforce the directive.

Within the web developer world this has caused a considerable amount of confusion and annoyance, for a variety of reasons, and has enabled media outlets to scaremonger the doom and gloom that could befall developers, businesses and users. It wouldn't be so bad if there was a clear piece of legislation that could be read, understood and followed, but there isn't. Even the original EU directives are vague in the presentation of their requirements.

If you have the time and/or inclination the documents to read are Article 2 of Directive 2009/136/EC (the Directive), which amends the E-Privacy Directive 2002/58/EC (the E-Privacy Directive), with both part of the EU Electronic Communications Framework (ECF).

Aside from the ludicrous situation of trying to enforce a law with no actual documentation to abide by (George Orwell would have a field day), and questioning why we are paying polictians for this shambolic situation, I have to question the motives behind the creation of this directive.

The basic Data Protection premise for tightening up the directive is a reasonable one, however the way it has been presented is potentially detremental to the way developers, businesses and users, particularly in the EU, are going to browse and use the internet. The directive needed tightening due to the way advertisers use cookies to track users as they browse the web and target adverts. There has been much to complain about in this regard, and far beyond the use of cookies with companies such as Phorm trying to track information at the server level too. However, the directive has ended up being too vague and covers too wide a perspective to tackle the problem effectively.

Others have already questioned whether it could push users to use non-EU websites to do their business because they get put off using EU based sites. Continually being asked whether you want to have information stored in a cookie every time you visit a website is going to get pretty tiresome pretty quickly. You see, if you do not consent to the use of cookies, that information cannot be saved in a cookie, and so when revisiting the site, the site doesn't know you said no, and will ask you all over again. For those happy to save simple preferences and settings stored in cookies, then you'll be asked once and never again. If you need an example of how bad it could get, Paul Carpenter took a sartirical look at a possible implementation.

On Monday 9th May 2011, the Information Commissioner's Office (ICO) issued an advice notice to UK businesses and organisation on how to comply with the new law. However even their own advice states the document "is a starting point for getting compliant rather than a definitive guide." They even invent cookie types that don't exist! Apparently "Flash Cookies" is a commonly used term, except in the web technology world there are just two types of cookie, Persistent Cookies and Session Cookies. They even reference the website AllAboutCookies, which makes no mention of "Flash Cookies". Still not convinced this is a complete shambolic mess?

The directives currently state that only cookies that are "strictly necessary" to the consumer are exempt from the ruling. In most cases shopping carts have been used as an example of cookie usage which would be exempt. However, it doesn't exempt all 1st party cookies (those that come from the originating domain), and especially targets 3rd party cookies (from other domains). The advice states "The exception would not apply, for example, just because you have decided that your website is more attractive if you remember users' preferences or if you decide to use a cookie to collect statistical information about the use of your website." Both of which have significant disruption potential for both websites and their visitors.

Many of the 1st party cookies I use are Session Cookies, which either store an encrypted key to keep you logged into the site, or store preferences to hide/show elements of the site. You could argue both are strictly necessary or not depending on your view. Of the 3rd party cookies, like many people these days, I use Google Analytics to study the use of my websites. Of particular interest to me is how people find the site, and the search words used that brough the visitor to the site. It could be argued that these are strictly necessary to help allow the site visitor find the site in the first place. Okay its a weak argument, but the point remains that people use these types of analysis to improve their sites and make the visitor experience more worthwhile.

Understandly many people have questioned the implications of using Google Analytics, and on one Google forum thread, the Google approved answer seems to imply that it will only mean websites make it clearer that they use Google Analtyics. However this is at odds with the ICO advice, which says that that isn't enough to comply with the law.

If the ruling had been more explicit about consent for the storing of personal data in cookies, such as a name or e-mail address, or the use of cookies to create a personal profile, such as with advertisier tracking cookies, it would have been much more reasonable and obvious what is permissible. Instead it feels like the politicians are using a wrecking ball to take out a few bricks, but then aiming at the wrong wall.

For a site like CPAN Testers Reports, it is quite likely that I will have to block anyone using the site, unless they explictly allow me to use cookies. The current plan is to redirect people to the static site, which will have Google Analytics switched off, and has no other cookies to require consent. It also doesn't have the full dynamic driven content of the main site. In Germany, which already has much stricter requirements for data protection, several personal bloggers have choosen to not use Google Analytics at all in case they are prosecuted. I'm undecided at the moment whether I will remove GA from my websites, but will watch with interest whether other bloggers use pop-ups or remove GA from their sites.

Perhaps the most frustrating aspect of the directives and the advice is that it discusses only website compliance. It doesn't acknowledge that the websites and services may be hosted on servers outside the EU, although the organisation or domain may have been registered within the EU. It also doesn't differentiate between commercial businesses, voluntary organisations or individuals. Personal bloggers are just as at risk to prosecution as multinational, multibillion [currency of choice] businesses. The ICO is planning to issue a separate guidance on how they intend to enforce these Regulations, but no timescale is given. I hope that they make it absolutely clear that commercial businesses, voluntary organisations or individuals will all be treated differently from each other.

In their eagerness to appear to be doing something, the politicians, in their ignorance, have crafted a very misguided ruling that will largely fail to prevent the tracking of information and creation of personal profiles, which was the original intent of the changes. When companies, such as Phorm, can create all this personal information on their servers, using the same techology to capture the data, but sending it back to a server, rather than saving a cookie, have these directives actually protected us? By and large this will be a resounding No. Have they put in place a mission to disrupt EU business and web usage, and deter some from using EU based websites? Definitely. How much this truly affects web usage remains to be seen, but I suspect initially there will be an increase in pop-ups appearing on websites asking to use cookies.

It will also be interesting to see how many government websites adhere to the rulings too.

File Under: government / law / security / technology / usability / web / website
NO COMMENTS


Open Your Eyes

Posted on 3rd March 2009

Thanks to a twitter post by Simon Phipps this morning, I read with interest a blog post by Patrick Finch, entitled Mozilla and Cybermentors. Mozilla are getting actively involved with the UK charity BeatBullying and their CyberMentors programme.

It's unlikely that anyone growing up hasn't suffered some form of bullying. It comes in all shapes and forms, and while for some of it may be minor or only last a short time, for some it can have devasating effects. A colleague recently took his own life, because the traumatic and abuse he suffered through primary and secondary school, even over ten years later, was still something that affected his life and personality, and was something he felt he could no longer cope with. I personally was first bullied by my 3rd year junior teacher. Yes you read that right a teacher, and I was just 9. It isn't just children that can be cruel and spiteful, adults can too. While I would dearly love to name the teacher in question, I have no proof beyond my word, and even now feel powerless to do anything about it, much as I did back then. Many children who suffer from bullying feel exactly the same way. Even if they told, who would listen and who would even believe them?

As Patrick points out in his post, many young people are growing up never knowing how we used to keep in contact with our friends, without using the internet or mobile phones. We play out so much of our lives online, that it shouldn't be a surprise that a recent Harvard University task force concluded that one of the biggest risks to children on the internet, isn't from sexual predators, but from bullies. The difference between the school yard bulling and cyber-bullying, is that the former is pretty much contain within a small sphere and often there are adults and peers who can deal with it and stop it. On the internet anyone can hide behind their relative anonymity and victimise just about anyone they choose. As it isn't within school grounds, teachers are often unable or ill-equiped to deal with it.

As such, the Cybermentors aims to be a way for youngsters experiencing bullying online to tell someone about it. Mozilla are offering to support 10 members of the Mozilla community to be trained as Cybermentors, who can then spend at least 2 hours a week for 4 months, helping children to cope and deal with any bullying issues. All credit to Mozilla for supporting this, and hopefully other companies will also be willing to help fund training for individuals to act as mentors.

A few years ago the GetSafeOnline campaign was initiated to help make parents and youngsters aware of the potential dangers on the internet. Identifying ways to protect themselves from viruses, phishing scams and spam, as well as unwanted websites, chatrooms and the like. While this programme is different in that it's targeting a very specific danger, it is still all about keeping the internet safe for everyone. I personally value efforts such as this, rather than the sometimes heavy-handed and misguided attempts by governments and self-appointed puritans of the internet to protect children from percieved threats.

I really hope BeatBullying and the Cybermentors programme gets a lot of internet and media exposure, as the more children are aware of it, the more chance they have of coping with it and not suffering mental anguish for the whole of their (possibly short) adult life. If you're a member of the Mozilla community, and think you can spare the time, please read Patrick's blog post and get in touch with him.

File Under: internet / life / school / security / web
NO COMMENTS


Suffer The Little Children

Posted on 24th December 2008

Following on from my previous post regarding the Internet Watch Foundation, a fellow Perl programmer, Jacinta Richardson, recently posted on her use.perl blog regarding currently proposed legislation in Australia. To get a bit of background on the subject, read the articles she links to in her post, before reading her reply.

For myself, working in the filtering industry, I'm well aware of the fact that it is impossible to get filtering 100% accurate all the time. Even our Service Level Agreements (SLAs) don't state that, as it is just too difficult to manage. We get very close, and our filter systems are considered to be the best in the world, but we'll never be 100% perfect. As Jacinita highlights in her reply, the owners of the bad stuff change their domains on a regular basis, swap IP addresses and even server locations to avoid detection. In some cases the server locations are beyond law enforcement agencies as they are in countries that have limited or no resources to shut down these operations.

However, the part that irritates Jacinita and the reason why I find objections to this kind of thing important, is the blindly ignorant "you're either with us or with the terrorists" style of retort from officials or self-appointed puritants for the world. Having children of my own, I would never want them to be subjected to indecent or illegal material on the internet. However, the vast majority of that kind of material is very unlikely to be something you would accidentally stumble across. Putting in aggressive filters to scan absolutely everything all of the time, is rarely going to stop those wishing to find that kind of material, and is likely to block more innocent websites than potentially harmful ones. Using scare tactics and accusing your opposition of advocating child pornography is insensitive and irresponsible, and only serves to make you and your arguments look ignorant.

I would be interested to know what recourse a company or individual has on the Australian government, should they block an innocent website that is hosted outside of Australia? The chances are none, and who would you complain to anyway? If your domain is blocked, you'll never get through!

In her reasoning, Bernadette McMenamin uses examples of countries such as the UK who use filtering. Yes we do, and the self-appointed body that tells us what we can and can't see also makes some stupid mistakes and disrupts internet use for the whole country. For all the protection these self-appointed bodies provide, I would rather see more effort put into shutting down the source operations and protecting the children from being abused in the first place, rather than waiting after the fact for government officials to wave their hands limpy, crying "oh, how could this happen, let's ban the internet for children so they can't see it!".

McMenamin claims that British Telecom block 35,000 attempts per day to illegal material. However, how many of them were to truly illegal material and not "potentially illegal" as was highlighted by The Scorpions/Wikipedia incident? How many requests were made by children accessing the content? How many prosecutions were made from these access attempts? How many of the block domains/URLs were taken down? It's easy to throw numbers around, but without substance they are worthless numbers.

Jacinta picked up on an interesting quote by McMenamin - "[T]hose who are aware [of all the facts] are, in effect, advocating child pornography." So by McMenamin's own admission she must be ignorant of all the facts, otherwise she too would be advocating child pornography. Forrest Gump has a reply for Bernadette McMenamin - "Stupid is as stupid does."

File Under: government / internet / law / rant / security
NO COMMENTS


Pictured Life

Posted on 24th December 2008

Earlier this month there was a rather confusing and worrying blanket "Moral Majority" ban of a page on Wikipedia. The page in question has now been unblocked and the actual image that started it all has also been unblocked, with the Internet Watch Foundation that instigating the block now backing down in the face of overwhelming resistance to their actions.

The image in question is from the original front cover of the 1976 album release "Virgin Killer" by The Scorpions. At the time of its release in 1976, it courted controvesy and although widely available to all in numerous retail outlets across the world, some outlets did insist on selling it only over the counter in a sealed paper bag, and only a few refused to stock it at all. Following feedback from the retail outlets, the band reissued the album with a cover featuring a group shot of the band. However, the original album cover is still widely available in second record stores and on eBay. Following remastered reissues and boxset packages, the CD is once again available with the original artwork. It has also appeared in many books over the years, often cited amongst a list of worst album covers, some of which can found in public libraries.

I don't know the retail figures, but I can imagine that several thousand heavy metal fans in the UK alone have a copy of the original album, or a reissued remastered CD featuring the image in their collections.

So the decision to ban the image ONLY on wikipedia now (some 32 years after the original image was widely available) seems absolutely idiotic. At first the main page regarding the album was blocked, and appartently it is the first time the IWF has banned a complete work of text. Wikipedia volunteer David Gerard and Sarah Robertson from the IWF were interviewed on BBC Radio 4 as I was driving into work on the day the block was instigated and it was very evident that the woman representing the IWF was rather ignorant of the situation, trying to focus on the fact that they had shown it to the police who had said it was "potentially illegal". Blaming the police, who are NOT judge and jury regarding obscene material is rather irresponsible at best, and only serves to highlight their lack of process in ensuring that if an image is considered illegal, a botched attempt at banning is the best of their abilities.

Wikipedia themselves issued a statement that reads "Due to censorship by the UK self-regulatory agency the Internet Watch Foundation (IWF), most UK residents can no longer edit the volunteer-written encyclopedia, nor can they access an article in it describing a 32-year-old album by German rock group the Scorpions." In addition Wikimedia Foundation's General Counsel, Mike Godwin, is also quoted as saying "We have no reason to believe the article, or the image contained in the article, has been held to be illegal in any jurisdiction anywhere in the world."

So although the image was deemed "potentially illegal" by the UK police the IWF spoke to, for the past 32 years no country has ever passed a judgement and condemed the image as illegal. It might be inappropriate, but not illegal.

And so to a bigger question. Why Wikipedia? In fact why ONLY Wikipedia? The image was wide spread across the internet, in places such as Google's image cache, on various retail sites, including Amazon, The Scorpions own website and countless others. Could it be that Wikipedia is unlikely to be in a position to sue them for blocking their site? I can well imagine that Amazon and any other major retailer would have drafted in lawyers within seconds and be issuing writs for comercial damages. Not something the IWF would be equipped to deal with, particularly since they are an independent self-appointed body, without official government backing.

Following on from that last point, the perhaps more important question is if this body is self-appointed, without government backing, who is reviewing the practices of the Internet Watch Foundation? While in many instances they may well be protecting us from illegal images, without proper regulation and governance, instances like the blocking of Wikipedia will happen again.

The scary thing in all of this is that possessing the album has never been considered illegal, and indeed would have been very difficult to prosecute now 32 years later, but the IWF seem to believe that that doesn't matter and effectively attempted to criminalise a potentially significant portion of the UK population. Should they have that power? In my opinion no, as it should be the police and the courts who govern what is actually illegal.

Because of the fact that most ISPs in the UK currently sign up to the IWF block lists, this incident was felt instantly across the UK for anyone contributing to Wikipedia. Having now blown such a big hole in their metaphorical foot, I suspect the IWF may well be a little more careful about what they block and maybe, just maybe, they might even provide better justification for blocking images and pages in the future. However, it still worries me that they can potentially criminalise a publicly available image by dubious means and make criminals out of the population, without having any jurisdiction to do so. It's not big brother we have to worry about any more it's the nanny state. Tipper Gore still has a lot to answer for.

File Under: government / internet / law / music / rant / security
NO COMMENTS


Let Me In

Posted on 3rd April 2008

The problem with those that get high and mighty about username/password site logins, is that they often use examples where you really do want some degree of protection, not from yourself, but from others. Of the 16 Account Design Mistakes listed in Part 1 and Part 2 by Jared M. Spool, most include good ideas for developers, however, some use examples where the sites are quite right to be obscure.

Take #13 "Not Explaining If It's The Username or Password They Got Wrong", then proceeding to hold up Staples and American Express as the worst offenders. I'm sorry but if I have accounts with companies like that, then there is no way on earth I want them giving hints to crackers whether they got my username or password wrong. Those kinds of sites contain VERY sensitive personal information, not least of which is your credit card information. If Jared is that eager to share his financial information, I'm now wondering if he publishes it on his personal website. Could it be that perhaps the very security he ridicules actually protects him from identity theft?

Another is #16 "Requiring More Than One Element When Recovering Password", where a company requires some form of additional account information other than just your email address. Again this is a company that holds your credit information and by the sound of it some very personal information (such as my phone number). Does Jared post his personal phone number on his website? I doubt it as I assume he doesn't want all and sundry knowing it, thus exposing him to more identity theft.

Don't get me wrong, Jared does list some good thoughts about username/password site logins, but the context in which he uses to ridicule some sites and companies is grossly misplaced. The problem is that the author often thinks only in terms of making life easier for themselves, forgetting that you can also make it easy for those of a more malicious nature too. In all, or possibly nearly all, sites that I have a login for, the login is there to protect my account on the site from abuse. I know there are sites out there that only provide customisations with your login, but I don't use them. Even those that don't contain personal information, I would not want anyone to hack in to. If you're happy to make it easy for some one to login to your blog account and post spam, abusive or malicious content, then fine, make it easy. For the rest of us, we'd rather have some form of protection on the account that makes it a little harder for others to get through.

File Under: design / rant / security / usability / website
NO COMMENTS


From Russia Infected

Posted on 6th March 2008

Yesterday MessageLabs got a mentioned on the BBC News site, under the title of Infective Art. The Metro Newspaper in the UK also ran with the story, Cyber crime art revealed.

I'm currently touring the UK with a presentation entitled Understanding Malware, which takes the six types of malware, and using the MessageLabs "Know Your Enemy" campaign images, explains a little more about what they are. The presentation has gone down very well so far and there have been some healthy discussions afterwards, with attendees trying to understand how we can get better at getting rid of malware threats from the inbox. It's unlikely to happen altogether any time soon, but with companies like MessageLabs on the case we are making it harder for the malware to get through.

I shall be taking the presentation to more parts of the UK, so if you have a user group that might be interested, please feel free to get in touch and invite me along. Note that the presentation is not a programming language or operating system talk, and is more about technology and social engineering. I shall be submitting it to LUGRadio Live, YAPC::NA and YAPC::Europe this year, so if I don't make it to your local user group, hopefully you'll be able to make one of those conferences. As an added bonus I also have some freebie giveaways for anyone who can answer the questions during my persentation, courtesy of MessageLabs :)

File Under: computers / internet / malware / security / spam / technology
NO COMMENTS


Do You Remember Rock 'n' Roll Radio?

Posted on 20th February 2008

LUGRadio Live 2007

LUGRadio Live 2007

LUGRadio Live UK dates have been announced as the weekend of 19th/20th July.

At the moment the guys are busy preparing for LUGRadio Live USA, so expect more details for the UK event after next month. The US event will be the first time the LUGRadio experience will have been seen on such a major scale outside of the UK. The guys seem suitably excited and I'll be keen to discover if the American event has the same manic and mayhem feel as the UK event. The UK event is very definitely about getting the Linux and Open Source communities together, to hopefully provide an opportunity to meet and greet with fellow developers or just people you meet on IRC or the forums. It doesn't have that corporate feel is much more laid back, thus having a much more social nature about it than many traditional conferences. Not to diminish the value of the talks and presentations, but the atmosphere is much more conducive to discussion, questions and feedback than more formal events. For me that has perhaps more value as I like to get feedback and ideas from others and some more corporate events often don't encourage that atmosphere.

In the meantime, if you're in the US and can make it to the West Coast over the weekend on 12th/13th April, checkout LUGRadio Live USA2008 and try and get along to The Metreon, San Francisco. As a tempter, watch the video trailer created by Tony Whitmore, AV coordinator for the UK event.

I shall be at LUGRadio Live UK, although whether that's as a speaker, attendee or member of the crew remains to be seen. I'm thinking of submitting my Understanding Malware talk, but seeing as it's about an hour long, and I definitely DON'T want to be on the main stage, I'm hoping the guys will agree to hiding me in a smaller room. They guys always manage to put me up against big names (Mark Shuttleworth and Chris Di Bona for the last two years), so this might be my chance to steal some of the audience back for the little guy ;)

As I don't specifically talk about Linux stuff, but more general Open Source stuff, I've often felt a bit of an outsider as a speaker. The Malware talk is again not about Linux specifically, and some aspects are not Open Source (for justifiable reasons), but the content, particularly for anyone interested in understanding what malware is and eager to gain some very basic hints and tips to protect your inbox, it's ideal. Seeing as most of the attendance for LUGRadio are knowledgeable Linux people, I'm hoping the talk will be of interest to a wide variety of people. I've now done the talk twice, for Leicester LUG last week and Coventry LUG last night. Both presentation went down very well and generated lots of interesting discussion afterwards. Seeing as some of these guys are very clueful sysadmins and developers, as a benchmark, I think the LUGRadio audience will love it. We'll see ;)

The UK event will be returning to Wolverhampton University Student's Union, the venue for the 2006 event. Personally I liked the Lighthouse, the venue for 2007, but I know the guys got heavily criticised for a variety of issues, that meant they had to reconsider the venue for the 2008 event. The SU venue is smaller than the Lighhouse too, which might cause some problems, as I can see the event getting a bigger attendance this year. For the past 3 years the attendance appears to have been increasing anyway, but in the last year, I am noticing more and more articles, blogs and posts about LUGRadio. I just hope there is enough space for everyone.

BTW if you're attending LUGRadio Live USA2008, please take a camera and post your photos publically. My site always gets a lot of hits for LUGRadio, and I'm sure the thirst for photos for the US event will be just as popular.

File Under: conference / linux / lugradio / opensource / security / spam
NO COMMENTS


This Property Is Condemned

Posted on 8th June 2007

I spotted the story of Julie Amero on the BBC News site this morning. While I'm glad there has been some sense to provide a second trial, with more appropriate evidence, I'm also disappointed that this should ever come to trial in the way it has. While I totally agree that minors shouldn't be exposed to the kind of images these sites promote, I also don't agree that a single SUBSTITUTE teacher should be held accountable in the way that she has.

Firstly she's a substitute teacher, meaning that her knowledge of the computer security systems is likely to be extremely limited at best and more likely non-existent. Did the school fully brief her on the security measures they have in place? Perhaps she should be suing the school or the state for not reasonably putting in place security measures to prevent children being exposed to this sort of thing in the first place. However, that perhaps also isn't fair, as in far too many cases the school or the local governement don't have any idea about computer security. It's why there are specialist computer security companies that are called in to investigate and secure companies and organisations.

I work for a company called MessageLabs. We work in an industry where stopping malicious content is part and parcel of the job. When you consider that in email alone we stop over 70% of mail as spam, virus, inappropriate content or illegal images and are also seeing increasing numbers within our web scanning and instant messaging serives too, computer security is a huge and very specialised business. MessageLabs are the largest company of it's kind in the world, and as such, every minute we stop hundreds of messages with the sort of payloads that would cause this kind of content to be popped up on unsuspecting computers. Are you really expecting a substitute teacher to have that level of knowledge and skill?

Part of the problem is education, and that isn't meant to be ironic. In Julie Amero's case, if the prosecution wins, then we are now expecting every single person to be accountable for ensuring every single aspect of their work environment is not going to get them arrested. By implication, we're also now stipulating that every single individual MUST be come a security expert. That ain't gonna happen. In my opinon this focus is totally misplaced. The responsibility for protection at the workplace lies solely with the employer. In this instance the school or state should have taken reasonable steps to ensure that all computer security measures were deployed to ensure that the desktop computers were adequately protected, and that their network was also appropriately protected, both from intrusion and in restricting the sites that can be viewed by any computer in the school. But whether you take action against the individual or the school or the state, you are still prosecuting the victims.

Taking a step back, the law basically stipulates that minor should not be exposed to this sort of imagery, which I agree with. However, as the law is very bad at being able to hold those truly responsible accountable, they go after easy prey. Although I do believe the law could be better written to make this sort of thing virtually disappear over night.

This kind of promotion is typically from the pornographic, gaming and drug industries. None of which a minor should be exposed to. What if the law found the owners of those sites personally accountable for the distribution of harmful matter to minors? What if institutions, such as schools, colleges and libraries, or businesses, such as internet cafes, and maybe even individuals in the right circumstances were able to prosecute the site owners? How quickly do you think that this sort of invasion would disappear? Unfortunately, those three industries are extremely big business, and can employ people to ensure that bills don't get passed that would effect them in this way. As such the justice systems become corrupt by allowing victims such as Julie Amero to be held up as a scapecoat.

I really hope that the prosecution's case fails, as otherwise the kind of precedence it will set, really isn't something I want to think about.

File Under: education / law / security / technology
NO COMMENTS


Some Rights Reserved Unless otherwise expressly stated, all original material of whatever nature created by Barbie and included in the Memories Of A Roadie website and any related pages, including the website's archives, is licensed under a Creative Commons by Attribution Non-Commercial License. If you wish to use material for commercial puposes, please contact me for further assistance regarding commercial licensing.