In this edition
In this issue, we publish the last two papers from the article competition we held to celebrate the relaunch of the journal with a broader remit, including law and science as well as law and IT.
The first of the papers is ‘Passing the Buck: Who will Bear the Financial Transaction Losses from Consumer Device Insecurity?’ by Roger Clarke and Alana Maurushat. The paper, as its title indicates, deals with allocating the losses caused by various forms of internet fraud targeting internet banking and other internet financial transactions. Many jurisdictions, including New Zealand have amended their banking codes to shift such losses from banks to consumers where the computer or other device used in a transaction was not sufficiently secure. Australia is considering following suit. The change is predicated on the assumption that consumers are capable of taking responsibility for the security of the devices which they use. The article argues that it is unfair to impose the losses on consumers because many eCommerce and eBanking services only work because of vulnerabilities in consumer devices. The paper surveys security threats and vulnerabilities of consumer devices such as personal computers and mobile phones with internet access. It assesses the effectiveness of available technical safeguards and the practicality of imposing responsibility on consumers to understand the risks, to install and configure the relevant software and to manage it on an ongoing basis. It then considers the inadequacy of the legal protection in Australia for consumers who bank online, concluding that there should not be a shift in the allocation of the losses caused by unauthorised banking transactions. Instead, it argues that emphasis should be placed on more practical approaches to the problem.
The second paper, ‘The Space Law Analogy to Internet Government’ by Jeremy Malcolm, considers the similarities and differences between regulation of the Internet and regulation of outer space. As outer space, like the Internet, is a global resource available for the use of all humanity, its governance has been used by a number of authors as an analogy to Internet government. Although the governance of both is transnational, Malcolm argues that that the distinct manner in which each of these governance regimes has evolved has resulted in significant differences between the body of law in each regime. The paper approaches the analogy by examining the sources of law, the major actors including states and non-government bodies, and the issues at stake in the governance of the internet and of outer space. The article argues that because the two regimes evolved in different circumstances, internet governance is conducted by a more decentralised network of stakeholder than has so far been the case in space governance, resulting in a greater diffusion of authority in the former. The article suggests that there may be convergence in the forms of governance used to regulate the Internet and outer space because eof similarities in the issues faced. He suggests that in outer space law there may be a move towards the empowerment of stakeholder groups, including civil society, which have largely been excluded in the past. This may lead to greater reliance on new, soft mechanisms of governance. On the other hand, he suggests that there is more scope to regulate the Internet by means of international conventions to deal with some of the most contentious issues, many of which arise from attempts by states to assert control over the Internet. He concludes with the point that if this occurs, it is important to hold fast to the principle that Internet governance should be multilateral, transparent and democratic, with the full involvement of all relevant stakeholders.
Roger Clarke and Alana Maurushat
|Internet-connected devices offer convenience and flexibility to consumers to perform tasks online, ranging from shopping to streaming videos to banking. Such activities are increasingly becoming an integral part of many people’s lives. Consumers rely on connected devices, in particular personal computers and mobile phones, to transact online. Unfortunately, there has been a surge of unauthorised banking transactions, some through the proliferation of computer malware (malicious software) making online transactions less secure. Many of these transactions are financially risky, particularly those that involve payment. Many jurisdictions, including Australia and New Zealand, are amending their banking codes to provide a new allocation of liability for unauthorised online transactions, in particular where computer devices are used in a transaction. The new liability regimes shift liability from the bank to the consumer where computer devices are insufficiently secure. The financial institutions’ argument is predicated on the assumption that consumers are capable of taking responsibility for the security of the devices that they use. The nature of consumer devices is such that it is entirely infeasible to impose responsibility on consumers in the manner that banks desire. Indeed, many eCommerce and even eBanking services only work because they exploit vulnerabilities on consumer devices. This paper surveys security threats and vulnerabilities of consumer devices. It assesses the effectiveness of available technical safeguards and the practicability of imposing responsibilities on consumers to understand the risks involved, to install relevant software, to configure it appropriately, and to manage it on an ongoing basis. It then explores a subset of legal safeguards looking at the inadequacies of Australian law, and the legal system to protect consumers who bank online with Internet-connected devices. The authors argue that there should not be a shift in the allocation of liability for unauthorized banking transactions. Emphasis should, instead, be placed on more practical approaches to the problem.|
|Access full article via [HeinOnline]|| [Austlii/WORLDLII]|
|As outer space, like the Internet, is a global resource available for the use of all humanity, its governance has been used by a number of authors as an analogy to Internet governance. However the distinct manner in which each of these governance regimes evolved has resulted in a number of significant differences between the body of law embodied in each regime, the actors participating in it, and the institutions and processes by which substantive issues are addressed. This paper outlines these differences and concludes by considering some of the lessons that might be drawn from each regime to inform the governance of the other.|
|Access full article via [HeinOnline]|| [Austlii/WORLDLII]|
© 2011 Journal of Law, Information & Science and Faculty of Law, University of Tasmania.