Legends of the Sun Pig

Earlier today I got an email back from the web host where the site resided that was linking to pictures of Alex (“Site A”). They have blocked all access to this site until the author removes the hyperlinks. One of the other parents involved also emailed me to let me know that she had received a similar email.

Even though I had removed the picture of Alex the site was linking to, it would still attempt to retrieve the photo from our web site every time someone visited the page. According to the sunpig server logs, the last time someone tried to access the image was at about 12:40 this afternoon.

The logs show that the page was put up on Saturday 25th January. It got accessed 10 times before Sunday evening, which is when I took Alex’s photo down. Since then, it has been hit 91 times, from 38 distinct IP addresses. (Two of those hits, and one of those IP addresses is mine, while I was checking up on the state of the site.)

So I’m relieved, but only a little. I can take action when someone links to my image, but if they had taken copies and put them on their own site, I would never have found out about them. Is there anything else out there? I may never know. I’m going to try not to let it bother me too much.

As a follow-up to what I wrote earlier this week about identity theft, I need to clarify a few things. Not so much about what happened, but about where I stand on some of the issues I touched on. In particular, here are two quotes from the earlier article:

“And even if [the police] can’t do anything about this instance, it may help them in some other, wider inquiry. (So if you’re involved with ‘Felix’, here’s fair warning to you: the sunpig.com server logs are being burned to CD and sent to the rozzers.)”

“I am usually more than happy to let you use my photos or text, but you have to ask me first, and I reserve the right to say “no” if I think you’re a sick freak.”

Two issues here. The first is about police, or other government authorities, getting access to information like my server logs. I don’t have a privacy statement on this web site, and I have never made any guarantees about what I will or won’t do with data that I collect. I don’t go out of my way to collect information about you, gentle reader, but just by being here you do leave behind certain virtual fingerprints. Your IP address, for example. And if you arrived here via a link from another web site, then that ends up in the server log, too. And If you leave a comment on one of my entries, then I’ve probably got your email address, even though it’s not displayed for everyone else to see.

So I know stuff about you, and I’m under no obligation to tell you what I’m going to do with that data. (So long as I use it for personal purposes. The Data Protection Registrar might have something to say if I decided to set up a commercial mailing database with it.)

And if I choose to hand that data over to the police, what’s the problem? If you’re just an innocent web surfer, then you have nothing to worry about, right? It’s only people with something to hide who would have any reason to be concerned.

Um.

That’s the start of the road to identity cards and universal DNA databases. The argument “if you’ve done nothing wrong, you have no worries” is easy to swallow in peaceful times, when you are confident that the laws of the land are just. But peaceful times rarely last, and laws change. You may (may) trust your government now, but what about next year, when a different set of people are in charge? What happens when it becomes illegal to share music files with your friends? (Oops, it already is.) Will you still be as happy that you provided that DNA sample, or stayed quiet about identity cards?

I believe that the government and police should know certain things about us. But we must understand the drawbacks as well as the benefits. For example, DNA evidence may produce greater conclusiveness and sounder judgements in many cases. But precisely because of the technique’s power, it is prone to being accepted as infallible. And if there is some kind of accident, or a mix-up with samples, the strength of DNA evidence makes it all the more difficult to overturn a wrongful conviction.

(On the other hand, anecdotal evidence (hi, Google!) suggests that DNA evidence has done more to clear wrongfully convicted people than it has to mistakenly convict the innocent.)

With every piece of private information you give up, you surrender a small piece of personal freedom for the good of your community. In return you benefit from increased personal security. But this is an ideal. In practice, you don’t give up your information directly to your society, you give it to the people who run your society. So you need to ask yourself: do you trust those people not to use the information for their own ends, in order to secure their position of power?

Hmm. Now I’m coming across as paranoid and suspicious of authority, rather than confident in their abilities to deal appropriately with this instance of wrongdoing.

Basically, there’s a balance to be struck. I’m just not sure where it lies.

On to the second issue now: paedophilia. From what I wrote, leading up to the second quotation, it would be easy to draw the conclusion that I think paedophiles are “sick freaks”. This is not the case.

Harming a child is a crime. No question. If you go out and buy kiddie porn, you’re not harming children directly, but you are endorsing an industry that harms children, and ensuring that such abuse continues. That is also a crime.

So what about people who are simply turned on by the thought of children, but who don’t act on these impulses? Our society deems these fantasies to be more than just unacceptable, but actively despicable. Even without having committed a crime, this state of mind is considered to be disgusting and offensive in itself.

A hundred years ago, society considered homosexuality in much the same way. Even now gays suffer prejudice and discrimination.

I don’t want to suggest that a hundred years from now paedophilia will be considered socially acceptable. I don’t think that will be the case. Any just society must protect those who can’t protect themselves, and children are simply not capable of defending themselves against abuse by adults.

What I am saying is that there is a difference between what a person thinks and what he does. If a man harbours sexual thoughts about a woman he sees in the street, that does not mean he will follow her home and try to ravish her at the first opportunity. And if he sometimes feels the impulse to punch–or even kill–another, that does not necessarily mean he will do so.

Child abuse is a very hot button, though. We love our children so much that the thought of them coming to any harm makes us fearful and angry. And as we all know, anger leads to hate, and hate leads to suffering. Love and hate get so confused that ordinary people form vigilante mobs and hunt down sex offenders, ready to lynch them. Is it any wonder, then, that they find themselves driven underground, where their hopes of rehabilitation and support are almost destroyed?

This is wrong. Yes, there is a danger that convicted criminals will re-offend. Yes, there is a danger from paedophiles stalking chat rooms on the Internet. But the media–and even the government, with their latest advertising campaigns–while trying to increase awareness of these dangers, are simultaneously feeding people’s fear. Little is being done to really promote understanding, and a measured response to a complex issue.

It is easy to sit back and say “Love thy neighbour” when the danger is remote, just as it is easy to react harshly when it strikes close to home. This week, someone stole pictures of Alex. While it is still possible that there is an innocent explanation–or at least an explanation that merely involves copyright theft–I cannot bring myself to truly believe that. I think we have had a first-hand brush with Internet paedophiles.

So what do I really feel about it all?

Right now, with the incident only involving photos, I just want it to stop. I don’t want to see the offender behind bars, nor do I want to see them rustled up for psychiatric treatment. I just want them to stop.

If a convicted sex offender moved into our neighbourhood upon release from prison, would I join up with a vigilante gang to hound him out of his home? No. Would I take extra care with Alex? Yes.

But if someone ever actually harmed Alex, I would devote my entire life to hunting them down. I’d like to say that I would just want them to be punished to the full extent of the law. But I don’t know that for sure. I don’t know myself well enough to know what I would really do.

I hope I never find myself in that situation.

If I haven’t already bored you to tears with my thoughts on these matters, I would like to point out an article in the New Yorker by author and lawyer Scott Turow. In it, he describes his experiences while serving on a commission to investigate reforms to Illinois’ system of capital punishment:

“Governor Ryan’s commission didn’t spend much time on philosophical debates, but those who favored capital punishment tended to make one argument again and again: sometimes a crime is so horrible that killing its perpetrator is the only just response. I’ve always thought death-penalty proponents have a point when they say that it denigrates the profound indignity of murder to punish it in the same fashion as other crimes. These days, you can get life in California for your third felony, even if it’s swiping a few videotapes from a Kmart. Does it vindicate our shared values if the most immoral act imaginable, the unjustified killing of another human being, is treated the same way? The issue is not revenge or retribution, exactly, so much as moral order. When everything is said and done, I suspect that this notion of moral proportion–ultimate punishment for ultimate evil–is the reason most Americans continue to support capital punishment.”

In our society, child abuse is right up there with murder in terms of the moral order. Completely different, but both repugnant and highly emotive.

Ever since we had that incident with a spammer trying to use our web site to generate emails, I’ve been checking our web server logs every week. Not only does this allow me to keep tabs on the site to make sure that no-one’s trying to hack it, but it also lets me see what search queries have resulted in people arriving here, and who has been hyperlinking to this site.

Most of these inbound links are from search engines, but some also come from places like movabletype.org, where I have participated on the message boards and left behind my name and a URL. But every now and then I’ll find someone who has seen fit to post a link to one of my weblog entries on his (or her) own blog. That’s cool. It’s always fun to see that someone has enjoyed something I’ve written, and these server logs are sometimes the only way to find out about that.

When I was looking through the server logs yesterday evening, I saw the URL of a site I didn’t recognize. Naturally, I copied the address into a new browser window, and visited the page. What I saw shocked me: it was a picture of my son Alex that I’d taken just a few days after he was born. And not just that. There were about a dozen other baby pictures there as well. And all of them had captions that indicated they were photos of a child called “Felix”.

What the hell was this?

I right-clicked on the picture of Alex, and looked at the image properties. It told me that the picture file was located on my server–which is why I had seen this site’s URL in the referer log. When I viewed the source for the page, it was immediately clear that this whole page of photos dedicated to “Felix” was actually linking to photos on totally different web sites and servers.

I stripped one of the image URLs down to give me the basic site address, and then had a look at that page. This was a genuine web page, run by a woman in the US. It contained lots of photos of her, her husband, and her young son. The offending web site was pointing to pictures of this child as if he were this “Felix”.

I then went to another page on the offending site (which I will call “Site A”–no way am I posting the URL here). On it, the author had put up pictures of some of “Felix’s” cousins. No prizes for guessing that these photos were not located on Site A. I followed the image URLs to their source web site and found that they were pictures of yet another child.

I am quite seriously freaked out at this point.

A look at another couple of web pages revealed a page with a photo of “Felix’s” mother (snatched), some information about these parents (the mother is apparently a dentist, and the father is an electrician), a page giving “Felix’s” height and weight at birth (50cm, 3.15kg on 5th January 2003, supposedly), and even a page with pictures (also pilfered) of their pets.

So what’s going on here?

When I told Abi, she suggested that this might be the work of an artist, who was putting together a project about an imaginary child. It’s possible, but seems unlikely. Another innocent possibility would be that these are genuine parents, who have used other people’s pictures as placeholders until they can put up their own. After all, “Felix” was supposedly born just a few weeks ago, so maybe they haven’t had their first rolls of film developed yet.

Nuh-uh. I don’t buy it.

None of the pictures involve any nudity on the part of the children, and none of the images could be described as prurient. My own first thought was that the author of Site A is a disturbed individual who wants to believe that they have a baby. Perhaps they’d had a miscarriage, and aren’t coping with the loss of their child. I was desperately trying to think of some innocent explanation for this site. But no matter how you innocent a spin you try to put on it, this is just plain wrong.

So I looked up the contact information for the parents of the children whose images had been stolen, and I sent them an email telling them what I’d found. And then I sent an email to the management of the web host where Site A is located, and asked them to get the site’s owner to remove the links to these photos. (Site A does list an email address, but it looks bogus.) I also removed the photos being linked to on my web site, so that they no longer show up on Site A.

This morning I got email back from the parents I emailed, but I haven’t heard back from Site A’s hosts yet. One of the parents has replaced their linked photos with an “under construction” image, so that’s another nail in Site A’s coffin.

But what about the bigger picture?

I found Site A because they were linking to pictures on my site. If my web host supported mod_rewrite in Apache (they don’t), I could stop people from doing this. The technique is mostly used for preventing bandwidth theft, but the principle is the same. But that wouldn’t stop anyone from stopping by here on Sunpig.com, doing a “Save As…” on my photos, and then hosting copies on their own site.

I could password-protect Alex’s part of the web site, and all of his photos. I could distribute user names and passwords to all my family, and friends whom I know take an interest. Anyone else would be presented with the option to email me for a login, provided they could give me a good reason why I should let them in. This wouldn’t even be that difficult to set up, but it would stop people from finding the site by chance and seeing Alex’s pages.

With the explosion in weblogging, I have stumbled across dozens of blogs by parents who enjoy writing about being parents, and about what their kids are doing. It always warms my heart whenever I find a site so clearly filled with love. There’s a pleasant kind of solidarity between parents–especially new parents. When we’re dragging screaming toddlers down the street by their wrist, we exchange weary, knowing glances. While our kids are playing on the swings or slides, we smile at each other to acknowledge how happy they can make us. We strike up spontaneous conversations with complete strangers on bus rides.

I don’t want to take the step of putting Alex’s pages behind a brick wall, and assume that anyone we don’t already know is some kind of pervert. That’s not what parenting is about. I don’t want to raise Alex to be mistrustful of the world. Careful, yes; paranoid, no.

So I’m back to the question: what do I do? I’ve been thinking about this a lot today. I’ve talked it through with some folk at work, and bounced it around with some friends on-line. Responses have ranged from the serious (“contact the police”), via the vigilante-ist (“we’re big lads–let’s find their address and pay them a visit”), to the humorous (“replace the images with spoof pictures”).

This evening after I put Alex to bed, I had another look at Site A. I tracked down the web site where one of the “pets” pictures was hosted. And what do I find? A web site belonging to a young girl. She’s clearly been having fun with FrontPage, but at the top of the page was this message in big letters:

FAIR WARNING. My web site is currently being monitored by the R.C.M.P. for identity theft. Your IP address has now been recorded and is being kept in a permanent file.

Great. Now I’ve got the Mounties after me.

This could mean that I’m not the first one to discover Site A. A more disturbing (and, regrettably, more likely) explanation is that this isn’t the only site that has stolen part of this poor girl’s identity. Yet another option is that the whole thing is part of an elaborate honeypot operation.

What this has decided for me is that I am going to contact the police about this matter. I doubt very much if they will do anything about this particular instance. Their possible lines of attack would be identity theft, or violation of Copyright. I’m not sure if identity theft is a crime in Britain, and in any case the Sunpig.com server is located in the USA, and Site A is hosted in another country altogether. The Copyright option is possibly even weaker, because they only used one image from sunpig.com, which could (conceivably) be claimed as “fair use”.

I do, however, want the police to have me on record as having made a complaint to them. I don’t want to end up in a Pete Townshend situation. And even if they can’t do anything about this instance, it may help them in some other, wider inquiry. (So if you’re involved with “Felix”, here’s fair warning to you: the sunpig.com server logs are being burned to CD and sent to the rozzers.)

This does bring me onto a side note about Copyright, and the Creative Commons licenses that seem to be so popular with webloggers these days. These licenses are designed for people who want to share their work, and donate some of their rights back to the public domain. You can pick and choose what rights you want to give up. For example, you can say that others can “… copy, distribute, display, and perform your copyrighted work–and derivative works based upon it–but only if they give you credit.”

This is a laudable project, run by extremely clever people. But I am concerned about people applying these licenses without thinking through all of the consequences. It may sound like a noble thing to say that others can copy your images, so long as they give proper attribution, but are you really happy with anyone using your words, pictures, or music? Sure, you’d probably be happy for a fellow weblogger to take your photo and display it on his home page with your name displayed prominently beneath it. But what if it were a neo-nazi, or a white supremacist web site? Would you be just as happy to see your name in lights there?

And what if your children’s photos were reproduced on a complete stranger’s web site? Someone who thinks it’s a cracking idea to pass them off as his own children?

For the moment, I’m keeping my Copyrights to myself. I am usually more than happy to let you use my photos or text, but you have to ask me first, and I reserve the right to say “no” if I think you’re a sick freak. “Fair use” is fair, but I don’t think this exemption extends to identity theft.