April 22, 1997

AN INTERNET DEFENSE TO LEARN FROM

by Andy Oram
American Reporter Correspondent

CAMBRIDGE, MASS.—Surely there have been times when you couldn’t dial into the Internet, perhaps for two hours or longer. But suppose your whole country couldn’t use the Internet for two hours. Would that make people sit up and take notice?

On March 25, 1997 the Internet Service Providers of Austria deliberately took the entire country off the Internet for two hours. Ninety-five percent of users lost their service. The providers were trying to make a point: they could not do business under conditions that the Ministry of Justice was trying to force on them.

The story starts in Bavaria, Germany, a full year earlier. On March 10, 1996, a court in Munich ruled that a firm was illegally sending child pornography out over electronic mail. It was not until March 20 of the following year that the Austrian police entered the scene. Knowing that the firm was using an Austrian ISP called VIPNet, they entered the premises and seized the ISP’s equipment. No one at VIPNet was arrested, but the sudden shutdown cut off service to all its users; it was not restored until the police returned some equipment two weeks later. Bavarian prosecutors, incidentally, in a separate but similar case, have just charged a CompuServe manager with the crime of making pornography accessible.

The Internet, of course, is not a service offered by any single provider but a global environment. The ISPs—many of whom are individuals running machines out of their basements—have traditionally taken no more responsibility for the content of this network than the Post Office or telephone company takes for material traveling through its service. Little could they, because hundreds of thousands of emails, newsgroup messages, files, and Web pages pass through daily in dozens of text and binary formats.

But governments seem stubbornly insistent upon making ISPs responsible for content. The grand-daddy at the head of this tradition is the Communications Decency Act, which is so poorly written that it does not even say explicitly whether the ISPs are responsible. Yet as it is written, it clearly raises the threat that something like what happened in Austria could also happen here if the Supreme Court upholds the CDA—with a two-year jail sentence in tow.

Recent administration proposals on copyright, and demands for self-policing by a company called the Software Publisher’s Association, also betray the assumption that an ISP can control content like a publisher.

Every bit coming over the network to your system passes through your ISP. Modern Internet services such as the Web break everything into packets, but still it passes through the ISP’s systems, as well as any other ISP’s systems that happen to be part of the chain—which is why ISPs have been worried about the Communications Decency Act and their liability for whatever reaches a child anywhere in the country.

Older technologies—electronic mail and newsgroups—come in slightly larger chunks. They use a store-and-forward technology, by which each message is stored in its entirety on a system for a matter of minutes or hours, until it can be transmitted to the next link in the chain on its way to you. Newsgroups, in particular, were designed for a remarkably simple but effective system called UUCP, in which individuals who know each other dial each other up and send over chunks of information.

Newsgroups, therefore, can be blocked by an ISP. This is what CompuServe did when a Bavarian court demanded that a large number of newsgroups with sexual content be banned. While such actions do not please advocates of free speech, they are technically feasible. But since newsgroups come and go on a daily basis, it is impossible to monitor every message that travels over every newsgroup in the event that it contains objectionable content.

Austria is soon to consider a new telecommunications bill, and the Parliament may well consider restrictions on the Internet in the same way that the U.S. Congress incorporated the CDA into the Telecommunications Act of 1996. Some observers explain the timing of the police raid as a publicity stunt to build public backing for controls on the Internet. An article by Rebecca Vesely in Wired quotes Erich Moechel, of the Austrian newspaper Der Standard, as suggesting that right-wing politicians set up the raid. In this scenario, the Austrian raid plays the same role as the unsavory and poorly researched Time Magazine “Cyber Porn” article in the U.S., which jolted the press and public at a very opportune moment for Senator Exon’s promotion of the CDA.

But Austrian providers are less likely to see evidence of a grand plan and more inclined to attribute the raid to “ignorance and hysteria,” to quote Rene Fries of Der Standard. A similar conflict is brewing over gambling, which is a government monopoly in Austria. A law passed just a few weeks before the VIPNet raid made ISPs responsible for preventing gambling on the Internet.

Ironically, if you really want to find the perpetrators of illegal electronic mail, you need the help of ISPs to trace the message back to the system from which it originated. Law enforcement would do well to see ISPs as allies, but I suppose the police are more accustomed to using vinegar than honey in such situations. Nevertheless, the Austrian Society of Internet Service Providers (ISPA) is consummately forgiving: they have offered the Ministry of Justice free Internet access as an educational measure.

The ISPs were well-organized in this case and carried off an effective “strike” that won them a great deal of press coverage (and in some quarters, sympathy). It would be wonderful to see such political sophistication among U.S. providers, who barely raised their heads during the whole CDA controversy. They have been seen somewhat more during the recent controversy over charging them fees on the telephone network, but even here their interests have been represented more effectively by computer companies. Despite the fantasies of some users, the Internet is not immune from the world around it; its providers should also be its defenders.


Editor, O’Reilly Media
Author’s home page
Other articles in chronological order
Index to other articles