The Ontario Legislature yesterday passed Bill 37, the Child Pornography Reporting Act, 2008.
The bill was somewhat amended in Committee, notably to tie the definition of child pornography more closely to the Criminal Code definition (though it’s still not identical). You can see the amendments here and the bill as amended in Committee here.
People who commented on the bill on the ULC-ECOMM list in the spring were sceptical of its benefits and of its practicality. No member of the Legislature shared any such doubts, apparently. All three parties supported the bill.
The penalty for not reporting child pornography to the entity to be designated by the regulations can be a fine up to $50,000 and two years in jail.
Manitoba had already enacted something similar. Is this a good model for other provinces to follow?
While on one hand I absolutely applaud the efforts to reduce child pornography, I don't agree with this type of approach. Forcing citizens and individuals to report child pornography is difficult. When should you report it? In my line of work, I often look at network traces, should I report any child pornography I find in them (assuming I bring images / video up for view)? What if the destination of the transmission is outside this country? Am I obligated then? If I've been hired as a consultant to do an internal security investigation and I discover what I feel might be child pornography, am I obliged to report it? I think I should be obliged to report it to the client, but it should be up to them to report it to the authorities.
What is child pornography? I mean there is obvious child pornography, but I recall a few years ago an investigation where an image was found that I was suspicious was child pornography, but turned out to be a 22 year old, however she didn't look 22. Is 22 child pronography? How does one tell? Is there a manual somewhere?
For those that do system investigations, what if they have child pornography on their systems due to the investigation? What if they are not aware of it yet? Are they guilty? Even if they are not, is it worth getting involved, the hassle of being interviewed, questioned, having to appear in court all because you happened across something you thought might be child pornography? Seems like you could quickly be sucked into time that is not billable.
This forcing via law or strongly encouraging citizens to be
the 'eyes of police' is a disturbing trend.
http://www.local10.com/crimealert/17660929/detail.html
http://www.schneier.com/blog/archives/2007/04/citizencountert.html
http://www.schneier.com/essay-156.html
I worry that police will be overwhelmed with false alarms. I'd rather they catch the bad guys, not run around on wild goose chases.
I think these types of laws have to be thought through, debated very carefully, and when they are produced be very detailed and specific with requirements and expectations.
It does not matter who you are, under the Act – if you find child pornography or are aware of it, you have to report it. The Act leaves to regulations the person or agency to whom you have to report – and that agency has to report to police. The first person in line (you, in this example) has no discretion, except to find whether it meets the definition (and someone apparently under age is under age for this purpose.) Whether the next person does is perhaps less clear.
Someone on my list mentioned, when the bill was introduced, that the main class of people who are probably aware that child porn is on a computer or who are likely to come across it is the spouses of those who are using it. Despite the protections in the Act for whistleblowers, one may ask if such people are really likely to be able to stay anonymous and thus safe, or should suffer very stiff penalties for choosing not to send their spouses and fathers of their children, and possibly main source of support, off to jail and not to make them unemployable for many years.
(If it's their own children being abused, then they had better turn the guy in forthwith – even under existing law, covering that up can be risky.)
The penalties for not reporting child porn that one comes across, however indirectly, are far higher than the penalties under existing law for professionals who have contact with children and who do not report child abuse as required.
On second reading, some MPPs praised the sponsor of the bill, Laurel Broten, for her courage. One might ask how much courage it takes to be seen to oppose child pornography. One suspects it would take more courage to oppose the bill because of its marginal effectiveness and its possibly harmful effects (like detracting attention from cases one might do something about, as noted, or penalizing family members of the offender.) However, no MPP thought there were problems, or no MPP had the latter kind of courage, one or the other.
I suppose it makes sense that the main people who are likely to come across child pornography would be the spouses of those who are using it. So the main intent of the bill is to create a law that would force people to turn their spouses in? I thought there was some provision in the law that a person was not required to testify or 'go against' their spouse …. maybe that is a U.S.A. concept. I suppose at a quick glance it seems like this is a plausible theory that the spouse would be the one to find it, but I wonder if any research has been done to prove that.
I attended a law enforcement meeting a while ago. In the meeting a detective was doing a presentation on child pornography, what they find, how they investigate it, convictions and such. I asked if during the course of their investigation they came across encryption. Given the later operating systems (Microsoft Vista), encryption is readily available and pretty easy to set up. Sure it isn't 100% and you can typically find evidence in other non-encrypted areas such as cache, temporary swap, browser history, registry, and others, but using encryption would make it more difficult especially for the average spouse to discover. The detectives response was that they typically do not find encryption. I queried as to why they thought this was so, their response was that they seem to want 'quick' access to it and encryption is cumbersome.
Why someone would want access to child pornography I don't understand let alone requiring 'quick' access to it. I was curious if any research had been done on this, but my sense at the time was it was more law enforcements 'perception'. I found it odd. I mean if one was engaging in something illegal like this you would use or attempt to conceal it anyway possible.
-mike
In this context take a look at the WikiNews piece (picked up by Boing Boing): British ISPs restrict access to Wikipedia amid child pornography allegations. Fact of the matter seems to me to be that there is so much sexualization of young girls in our society generally that any steady gaze at advertising, for example, is bound to uncover many examples that would meet the criterion of child pornography.
@simon: Thanks for that link. I've had the privilege of working with clients around the world that for legal or other reasons are required to block access to sites via the IWF list as well as other lists. I'd suggest that there are service providers that block sites in many countries 'quietly' unsure of the legalities.
There are two problems with this type of blocking and filtering. First, it does not scale keeping the list 'up-to-date' is a lot of work and as internet demand grows, I am not sure it will be possible to filter every request. The second problem and bigger problem is that I believe all this filtering is just going to cause servers (good and bad) to switch to HTTPS (the protocol that the banks and other sites use for secure communication). When this happens the URL is no longer available to be viewed by the service provider.