Roger Clarke's 'Netethiquette Cases'
Roger
Clarke
Principal,
Xamax
Consultancy Pty Ltd, Canberra
Visiting Fellow,
Department
of Computer Science,
Australian
National University
©
Xamax Consultancy Pty Ltd, 1995, 1996, 1997, 1998
Available under an AEShareNet licence
This document is at http://www.rogerclarke.com/II/Netethiquettecases.html
These instances have been selected specifically because they are
instances of dysfunctional human behaviour on the net, or may be
interpreted by some people to be so. I make clear that I'm an enthusiastic
user and promoter of services available over the emergent information
infrastructure. Indeed (along with thousands of other people), I've made
a
few contributions to its development. My purposes in this particular
project are to address, and to contribute to the management of, some of the
downsides of the networked world.
THIS PAGE IS WORK-IN-PROGRESS (and always will be ...)
Here's
a
reference list of some electronic and hard-copy materials.
Classifying these cases is a nightmare. The organisation below is fairly
arbitrary, and intended to offer some appearance of structure among the chaos.
- Accidental Dysfunctionality:
- Socially Aggressive Dysfunctionality:
- Economically Aggressive Dysfunctionality:
- Avoidance Dysfunctionality:
-
Compound
Cases
Information
Overload
- Someone sends a message to an emailing list, which has very limited
relevance to the purposes for which the list was established.
- Someone replies to the list criticising the person who posted the first
message.
- A flurry of discussion ensues, which has nothing to do with the ostensible
purpose of the emailing list, and everything to do with the list's management.
- Someone sees a message from a friend, and sends a reply. It transpires
that the original message came not directly from the friend, but from an
emailing list. The result is that the response is broadcast to the several
thousand people on the list.
- Someone generates a 'chain letter', and lots of the recipients pass it on
to lots of their friends. The standout example is the 'chain reaction' letter
of July 1995, protesting about Chirac's resumption of nuclear testing at
Mururoa Atoll. The originators (postgraduate students in physics in Japan)
were buried in thousands of replies, installed
a
web-page, and sent email messages chasing the chain, requesting people to
stop sending them messages.
- Someone with an axe to grind sends a message to many mailing lists. The
message is entirely irrelevant to most of the lists (this has been referred to
as 'kook
spamming').
- Someone who wishes to join or leave an emailing list sends an email to the
complete list, rather than to the list administration address, and the list
management software fails to filter the message out.
- Someone who needs to filter the data available in a database has no search
tool available which is appropriate to a person of their particular educational
background.
Rumour
and Accidental Misinformation
- Someone sends a message which misleads readers into assuming facts that
aren't. This may be because of the tense or expressions used.
Note that this most commonly arises where the originator of the message has
relatively high credibility, and/or reflects a sentiment popular within the
community/ies the message reaches. Here is
a
compendium and advice. Note that accidental misinformation and
intentional
misinformation can be very difficult to distinguish.
Negligent
Defamation
- Someone sends a message to a person which contains assertions of a factual
nature, about the recipient, that transpire to be misleading or false.
- The message is cc'ed to further people.
- The message is posted by one of the recipients to a newsgroup.
Note: To be defamatory in law, then, depending on the jurisdiction, the
originator would have to have failed certain tests, e.g. to have not reasonably
believed in the truth of the assertions, to have failed to take reasonable
precautions, and/or to have intended that the assertions harm the person
concerned. See Timothy Arnold-Moore's (somewhat legalistic) paper on
defamation
on computer networks.
Persistence
- A person leaves someone on a mailing list, or in a local nickname or
alias, even though they have asked to be removed.
Minor
Plagiarism
- While writing an assignment, a junior student seeks out material on the
web, downloads it, and incorporates it into their answer, without taking
sufficient care to provide appropriate attribution to their sources.
Inadequate
Care with Data
- Someone sees a message from a friend, and sends a reply which includes
confidential information, or comments highly derogatory about another person.
It transpires that the original message came not directly from the friend, but
from an emailing list. The result is that the response is broadcast to the
several thousand people on the list.
- As a service to its local community, a University makes the identification
details and contact points of its students available on the net.
- As a service to its local community, a University makes the identification
details and contact points of its students available on the net. Some of the
students have unlisted numbers, which they have disclosed to the University on
the assumption that they will only be used within the context of student
administration.
Note: In relation to the first case, this depends on the setting of the
Reply-To variable, which is controlled by the list-owner. Many list-owners
assume that their community is network-savvy, and set the variable to
reply-to-list rather than reply-to-originator. Generally, however, network
communities are not mature enough to take this risk.
Netsearching
/ Trawling / Spidering
- A person makes comments in what they assume is a restricted context, such
as a specific newsgroup. Software tools (generically referred to as indexing
or concordance tools, search-engines, robots, wanderers, and more vividly as
'spiders') crawl around the web building cross-references. People discover
these comments remote from the original time, space and context.
Note: For an authoritative source on the topic, try
Martijn
Koster's page. The latest, most powerful, and therefore most accidentally
threatening tools are Deja News (for newsgroups) and Alta Vista. In the spirit
of spidering, I offer an html'd version of
a
relevant message by Tim May on the cypherpunks mailing list.
Intentional
Misinformation
- Someone spreads a rumour which they know is unfounded, or distributes
seemingly hard information which is incorrect, and which is intended to cause
difficulties for someone else.
Note: See
the
Apple/Sony rumour, and a story that suggested that a particular virus can
be propagated by email -
the
so-called 'Good Times' Virus. See also
one
'Good Times' Virus FAQ, and
another
(I'm not sure which is the original ...). This subsequently re-surfaced as
PenPal
Greetings.
Note that intentional misinformation can be very difficult to distinguish from
accidental
isinformation.
Flaming
- Someone sends an email message containing foul and/or abusive language
about the person to whom it is addressed.
- A participant in a synchronous 'chat' session uses foul and/or abusive
language about another participant.
- Someone sends an email message containing foul and/or abusive language
about one of the addressees of a message.
- Someone sends an email message to a small group of people containing foul
and/or abusive language about another person relevant to the group.
- Someone sends an email message to a large number of people using foul
and/or abusive language about another person who is only moderately relevant to
the group.
Intentional
Defamation
- Someone sends a message to a person which contains assertions purporting
to be factual, about the recipient, that the sender knows, or reasonably should
have known, to be false or constructively misleading.
- The message is cc'ed to further people.
- The message is posted by one of the recipients to a newsgroup.
Note: See
Francis
Auburn's paper on the Western Australian Rindos v. Hardwick newsgroup
defamation case. Timothy Arnold-Moore has made available a (somewhat
legalistic) paper on
defamation
on computer networks. There's also
the
Interactive Services Association's views on the Stratton Oakmont libel case
against Prodigy.
Harassment
- Someone sends a succession of email messages to someone else, although it
is clear that the recipient does not want to maintain the conversation.
- Someone implements a program to intercept a person's email traffic. The
purposes the interceptor has in mind are to block some or all messages, to send
an automated response to the sender, to send a copy to some other person,
and/or to modify and re-transmit the message.
- Someone sends an email message to someone else, suggesting various acts of
violence, which the sender would like to, or intends to commit on the
message-recipient.
- While participating in a multi-user dungeons and dragons game (or MUDD),
someone depicts a highly graphic rape of one of the other participants.
Note: In relation to case 4,
the
article was first published by Julian Dibbell in 'The Village Voice'
(Greenwich, presumably), December 21, 1993, p.38.
Mail-Bombing
- Someone sends many email messages to someone else's mailbox, with the
intention of causing at least inconvenience in sorting out real mail from
nuisance mail, and perhaps a disk-overflow and therefore even more serious
inconvenience.
- Someone organises many people to despatch email messages to someone else's
mailbox, etc.
- Someone sends very large messages to someone else's mailbox, etc. This is
usually performed by attaching very large files, such as the source-code for a
Microsoft product.
Note: In relation to case 2, a notable example was the campaign to fill
Jacques Chirac's mailbox after he announced the Mururoa Atoll tests.
Obscenity
- Material is made available over the net which some people find
objectionable.
- Unsolicited material is sent over the net to various people, some of whom
find it objectionable.
- Material is made available over the net which infringes the obscenity laws
of some jurisdictions.
- Unsolicited material is sent over the net to various people, which
infringes the obscenity laws of some of the jurisdictions in which they are
located.
- Solicited material is sent over the net to various people, which infringes
the obscenity laws of some of the jurisdictions in which they are located.
Note: I maintain
a
page of pointers to key sites concerning regulation of the net, most of
which are stimulated by pornography concerns. The recent
switching-off
by Compuserve of access to USENET newsgroups was also stimulated by the
same concern, in that instance by German authorities. The
story
about Compuserve switching it back on again is also interesting.
Incitement
- Someone posts to a bulletin board explicit instructions on how to make
letter-box bombs, pick locks, make plastic explosives in one's garage, or make
an atom bomb.
- Someone posts to a bulletin board a list of valid credit-card numbers, to
demonstrate the insecurity of a computer installation.
- Someone posts to a bulletin board a list of valid credit-card numbers, and
suggests that they be used to perpetrate financial fraud.
- Someone sends emails to one, a few, or many people, criticising some class
of people (e.g. those of a particular ethnic origin, or of a particular
religious persuasion), and urging that action be taken against such people,
their property, or their meeting places.
Check out
EFF's
page on 'hatespeech', and
Harvard
Law School's 'Guide to Hate Groups on the Internet'.
Impersonation
- Someone uses the security weaknesses inherent in an email package or
systems software to send a message which appears to come from someone else.
The message says something highly derogatory about someone.
- Someone uses the security weaknesses inherent in an email package or
systems software to send a message in such a way that it appears to come from
the Lecturer-in-Charge of a unit of study, and advises that the current
assignment has been cancelled.
- A male participant in a chat session or an electronic conference
represents themselves as being female, and attracts the trust of other females,
with the result that some of them confide sensitive information with the
impersonator.
- A participant in a multi-user dungeons and dragons game (MUDD) represents
themselves as a person of the opposite gender.
Note: In relation to case 3, the perpetrator was a New York clinical
psychologist. For some background in this area, try
the
Electronic Frontier Foundation's FAQ on anonymity, and
material
and pointers in my dataveillance page.
Surveillance
- An employer openly monitors the senders and recipients of email traffic to
and from their employees.
- An employer openly monitors the content of email traffic to and from their
employees.
- An employer surreptitiously monitors email traffic to and from their
employees.
- An employer surreptitiously monitors email traffic to and from their
employees, but, when challenged, denies that they do so.
- A law enforcement agency takes advantage of loopholes in existing law to
demand information about net-users' behaviour from their Internet Services
Providers, without a warrant or other form of external control.
- A provider of a software product builds into it a means whereby data about
client-workstations and their users can be captured and made available to
distant servers that they communicate with.
- Teams of people developing enhancements to Internet architecture
intentionally build in means whereby servers can monitor behaviour and data on
remote client-workstations.
Cases 6 and 7 are modelled on Netscape's
Cookies,
and an emergent generalised feature of forthcoming Internet services. Note
that surveillance by marketing organisations may be linked with
spamming.
Spamming
- An organisation sends an advertisement for its services to many mailing
lists. The services are in some way relevant to the topics which some of the
lists address, but are entirely irrelevant to most.
- Many people reply, the vast majority expressing very negative sentiments.
The organisation's mailbox overflows.
- A few people attach 8MB files to their replies. (This is referred to as '
mail-bombing').
This results in an overflow of the disk-drive of the network services provider
who provides the organisation with its electronic mailbox, and seriously
inconveniences the provider's hundreds or thousands of other clients.
Note: These cases are modelled on the Cantor & Siegel case in early
1995. (They offered legal services relating to applications for green cards).
Unfortunately I can't many net-reference for the history of the case. See,
however,
http://www-math.uni-paderborn.de/~axel/BL/#list.
Here's
my
standard reply to spammers.
Here's
my
separate paper on spamming, which pursues the analysis much further. Note
that the effectiveness of spamming is dependent on the effective implementation
of consumer
surveillance
.
Advertising,
Promotion and Soliciting
- An organisation sends an advertisement for its goods or services to
mailing lists whose subscribers can reasonably be expected to have some
interest in the products.
- An organisation which provides a gratis or very cheap service on the net
devises a way to offer space on the page to sponsors or advertisers. The ads
do not intrude unduly (e.g. the images occupy a relatively small proportion of
the page, and they are displayed after the content of the page appears and
hence their display can be interrupted without loss of content).
- An organisation provides the same kind of service, but in such a manner
that the advertising intrudes on the function.
- The advertiser stores the addresses of replies to its ads.
- The advertiser consolidates the information from the replies to its ads
with other data it has on the individual.
- The organisation runs on off-list, or what is sometimes referred to as an
an
'opt-out' mechanism, whereby anyone can nominate that they do not wish to
receive any further ads, and they will be removed from the list.
- The organisation runs an 'opt-in' mechanism, such that the only people who
receive ads are people who have expressly nominated to join the service.
-
Here's
Spam.htmlmy separate paper on spamming.
Secondary
Use of Data
- An organisation uses net transactions as a basis for developing or
improving a mailing list.
- An organisation seeks out and acquires data from net transactions to which
it was not a party, and includes them in its database of customers and
prospects.
Note: Check out
EPIC's
documentation of the Avrahmi case.
Here's
my
separate paper on cookies.
Serious
Plagiarism
- While writing an assignment, a senior student or researcher seeks out
material on the web, downloads it, and incorporates it into their answer,
without providing appropriate attribution.
- The database the material is drawn from is a set of previous
student-written assignments, together with model answers written by lecturing
staff, which is maintained by students as a service to students throughout the
world.
Abuse
of Intellectual Property Rights
- An author intentionally makes material available on the net and
intentionally cedes copyright, placing it in 'the public domain'.
- Someone appropriates copyrighted text (such as this document), or a
cartoon, or an image, or video, or software, and fails to provide a reference
to the source, thereby implying the work is their own. (Note that some uses
are considered 'fair dealing', such as quoting less than 'a substantial
portion' of the work and providing attribution to the source).
- Someone incites others to appropriate copyright materials, on the grounds
that the Internet is common grazing land and property rights are morally
unjustifiable.
- Someone argues that the law should be changed to delete all forms of
intellectual property in the context of the net, because it is not in the
economic interest of society to create large numbers of micro-monopolies.
Note: See
Gillian
Dempsey's guide to the application of copyright on the net. There have
been lively debates raging, e.g.
Ron
Newman's page on the Church of Scientology's attempts to protect its
restricted-access, money-earning documents;
Hacking
- Someone exploits a security weakness in an installation, and leaves a
message for the system administrator, identifying the weakness.
- Someone exploits a security weakness in an installation, and writes a
report to the system administrator's boss.
- Someone exploits a security weakness in an installation, and uses
resources (such as processor-cycles, disk space and communications links) for
their own purposes.
- Someone exploits a security weakness in an installation, and accesses data
stored in that installation.
- Someone exploits a security weakness in an installation, and damages data
stored in that installation.
- Someone exploits a security weakness in an installation, and gains access
to another site [followed by any of the above].
Note: This is well-travelled territory, which pre-dates the Internet.
Statutory laws have been amended and created in many jurisdictions intended to
proscribe some or all such activities. They vary greatly in their sensibleness
and effectiveness. I'm looking for an authoritative site which examines, and
provides links to copies of, such laws.
Viruses
and Worms
- Someone writes software which 'infects' other software by inserting or
appending some additional code (generally including copies of itself).
- Someone accidentally creates an environment in which a virus or worm will
propagate.
- Someone knowingly creates an environment in which a virus or worm will
propagate.
- Someone creates a virus or worm which accidentally causes significant harm
to data stored in installations which are infected by it.
- Someone creates a virus or worm which is intended to cause significant
harm to data stored in installations which are infected by it.
Note: Here's
an
FAQ on viruses. And here's
the
story on Robert Morris's Cornell worm in 1988.
Security
Breach
- Someone writes and publishes a book which explains many 'known' (but not
very widely known) security weaknesses in common operating systems.
- Someone writes a program which checks whether 'known' (but not very widely
known) security weaknesses are present in the operating system installed on a
local machine.
- Someone writes a program which checks whether 'known' (but not very widely
known) security weaknesses are present in the operating systems installed on
any machine anywhere on the net.
- Someone publishes the program.
Like almost every other case listed in this document, this series is real,
not imaginary. The program is called
SATAN
(Security Administrator Tool for Analyzing Networks).
Circumvention
- Someone establishes a web-server in a tax haven, and offers merchants a
service whereby net-facilitated sales are legally made in that location,
thereby avoiding paying tax in which the buyer and/or seller operate.
- Ditto, but the action is rendered illegal by a law in a jurisdiction in
which the buyer and/or seller operate.
- Someone stores hard-core porn and paedophilia on a web-server in a
jurisdiction whose law or law enforcement is less restrictive than that of some
of the service's clients.
- Someone scans a banned book into machine-readable form, and replicates
copies in various locations around the world.
Note: An instance of case 4 is
the
book by Mitterrand's physician, banned and re-published electronically
within hours.
Anonymisation
- A so-called 'anonymous remailer' receives email addressed to a third
party, removes the sender's identification, and forwards it to the intended
recipient. The service provider ensures that the service is genuinely
anonymous (by keeping no records of the identity of the originator of the
message; or by participating in a chain of remailers, and handling messages
which have nested levels of encryption - if that sounded complicated, you can
check out
a
paper on the topic).
- The same service is provided, but the 'anonymous' remailer maintains an
index of the relationship between the originator and the message, and is able
to provide that information to law enforcement agencies in exceptional cases.
This would be more correctly described as a 'pseudonymous remailer'.
Note: I have
some
relevant material and pointers in my dataveillance page.
Obscuration
- A sender encrypts their messages, and only provides the decryption key to
the intended recipient.
- A sender encrypts their messages, but registers the encryption key with a
government authority.
- A sender encrypts their messages, but registers the encryption key with a
key escrow agent of their choice. This agent is subject to legal compulsion to
disclose the key to law enforcement agencies under exceptional circumstances.
- A sender encrypts their messages, but registers various parts of the
encryption key with various different people and organisations, such that the
messages can be decrypted provided that several of them collaborate.
Note: This is actually the deepest of all of the mini-cases here, and has
enormous ramifications for the future of society. For one view, see
Tom
May's 'crypto-anarchist manifesto'.
Compound
Cases
- Someone sends a message to someone else, containing information
about a third party which turns out to be wrong. The recipient
includes it in a message to someone else. That person sends it to a relatively
small mailing list. A recipient posts it to a newsgroup. Along the way, some
of the associated text is removed, to shorten the message; and in the process
some of the context is lost. Unbeknowns to many of the participants, some
well-meaning soul archives all traffic which occurs on the emailing list and/or
the newsgroup. Deja News quietly goes about maintaining a comprehensive
concordance of newsgroups, and Alta Vista on, among many other things, emailing
list archives. As a result, the information is locatable, for the foreseeable
future, by search on the wrongfully-accused person's name. Correcting
information may or may not have been circulated, chasing the erroneous message.
The person concerned may or may not know about it all.
- The Time Magazine 'Cyberporn' article of 10 July 1995,
pp.48-55 (at least, that's where it was in the Australian edition) raised a
whole raft of issues, primarily about the perpetrators of the article. I
haven't seen the Time article on the net, but here are some sources:
- Someone posts on a newsgroup a fictional account of a violent
rape. The name of the 'victim' transpires to be the same as that of a
person in the same university class as the author. Someone brings the story to
the attention of the 'victim'. See
Jake
Baker's personal Information Page on the matter.
The first version of these mini-cases was originally intended as preparatory
reading and deliberation for participants in a session on what I referred to as
'net-ethiquette' at the University of Southern Queensland on 26 April 1995. My
thanks to several people for their contributions, especially Ooi Chuin Nee and
Kevin Jeffery.
Created: 10 April 1995 -
Last Amended: 4 September 1998
by Roger Clarke
- Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/II/Netethiquettecases.html
Mail to Webmaster -
© Xamax Consultancy Pty Ltd, 1995-2022 -
Privacy Policy