Monthly Archives: September 2006

Shockingly Low Conviction Rate in UK Child Porn Raids — Police Sued

…or: Why we don’t touch child porn on this site. We certainly condemn child porn. And of course it is highly likely that organised crime profit from child porn on the net in various ways. However, how the police are investigating this particular crime, and the fallout of these operations makes it an extremely difficult subject to deal with. The Scotsman reports, that in the UK, accused in child porn inquiry are to sue the police in a class action suit.

The UK’s “Operation Ore” was launched in 2002. The British police had been sent credit card details of 7,200 people by US detectives. These people were believed to have paid for child porn on the adult site “Landslide”. However, the group behind the legal action action claims, that that the police’s central claim – that everyone entering the site had to go through a banner marked “click here (for) child porn” – was false. Further the group claims to have detected evidence of major credit-card fraud – essentially that crooks were using other people’s credit card details to log into the site. And the group obviously has evidence to prove that.

The “Operation Ore” was not really a successful operation: of the 7,200 suspeccts, “more than 2,000 people have been convicted” – which leads to a staggering number of 5,000 people who had been investigated, some of them falsely arrested, with all the consequences of losing jobs and marriages. In the US, according to the Scotsman, police were operating a bit more subtle, arresting only carefully selected targets.

UK: First Application of EU e-commerce Directive sections 17 & 18

This is the case of John Bunt v David Tilley. David Tilley had published messages on various usenet boards which in th eyes of John Bunt were defamatory. Mr Bunt now tried to sue AOL, BT and Tiscali: according to him they provided a route for the messages to spread. The court found that while indeed they did exactly that, technically, however they had not been aware of the contents. That’s where sections 17 (ISPs act as mere conduits) and 18 (ISPs use caching) of the EU e-commerce directive protect ISPs: if they don’t know about the content of what they are transmitting or caching, they are not liable. I.e. Mr. Bunt would have had to write to them, asking them to remove the “defamatory messages”. Thus they would have been in the know about the content and would have been liable if they would not remove the messages.
See the comprehensive report by Alexandra Anderson reports for

Cybercrime Unreported in Scotland?

The Sunday Herald runs a story by Liam McDougall explaining why companies, and banks in particular, would not report cybercrime attacks. Gillian MacDonald (Scottish Drug Enforcement Agency) is reported saying “[Admitting to a security breach] has a fairly negative impact in terms of PR to that company. That’s why the banks don’t report to us”. However, Mark Bowerman (spokesman for Apacs) is reported denying this: “These things are certainly not swept under the carpet. It’s not in the banks’ interest.”