Friday, 21 December 2007

Social networking: parallels with ISPs' liability

Facebook apparently deletes what is reported as fake accounts. Apart from the doubtful justification to do so (does it harm anybody? what about this fake cat and bird account nobody could be a fool about?), the method employed does not promote fairness and accountability.
Anybody can denounce the site as fake and to take denounciations at face value is really dangerous. The article at TechDirt rightly points out the absurdity of the policy. But for me, it echoes the behaviours of ISPs when receiving postings about controversial websites: is taking down a website the only solution, especially without notice?
"What Happens If Facebook Thinks You're Not Real?" 20 December 2007

Thursday, 20 December 2007

Crime the old fashioned way: where hacking looses all interest!

According to ZDNet: "Criminals posing as policemen conned their way into a data centre near London's King's Cross station, tying up staff and stealing computing equipment, the Metropolitan Police said on Friday." 10 December 2007,1000000189,39291411,00.htm

ISPs liabitiliy: the take-down notice procedure

A suit arising from claimed take-down notices sent to e-bay (13 December 2007) probably US based but interesting nonetheless...


The usual debate about cyberterrorism's theat: a hype or a truthfully worrying fact? ZDNet (10 December 2007),1000002000,39291413,00.htm

Hacking and other tools: which is most efficient?

See TechDirt's article: any legal consequence? (17th December 2007)

Trojan and new victims: ISPs

Usually trojans victimise the lot of us, private users who are not careful about what we download or where we go; but this time, ironically, the victim is Google itself who is loosing money, exactly what it should not!

Google 'powerless' to stop AdSense theft (20 December 2007),1000000189,39291643,00.htm

Unintended DDOS!

How efforts to fight corruption in China ended it up with the equivalent of a DDOS attack, although quite unvoluntarily (well, let's hope)
'Too many hits' crash Chinese anti-corruption website (19 December 2007),1000000097,39291622,00.htm

Friday, 7 December 2007


probable cause or plausible reasons to ask for warrant.
In the US, but could obviously interest the UK, a practice about mobile phone data, easily transferable to cybercrime given that the mobile phone technology is now computerised to the extreme some would say (26 November 2007)
the last comment on the article could be related to the notion of private/public divide that is being eroded with the internet, and needs a rethink (3rd December 2007)

investigators as preventive hackers
see the SOCA work about Microsoft OS to reveal its frailty...,1000000189,39290736,00.htm (13 November 2007)

And an interesting question: "Can A Computer Store Tech Look At Your Files?" without warrant, (17th December 2007)

Thursday, 6 December 2007


Earlier on, I wrote a post about the downsides of spywares use for identity theft purposes

but here is a "positive" sides although regulation issues may make it scary : spyware and investigation forces (27th november 2007)


Something not often looked at in cybercrime courses, but worth having a thought: cybersquatting...

see "Dell suing cybersquatters" (29 November 2007)

and the opposite approach,1000000097,39291329,00.htm?r=2 (6 December 2007)
I find this article interesting for several reasons:
- first the notion of public and private: yes, the internet blurred the distinction; Facebook is an excellent example where private matters become public without people realising the implications in legal terms
- second, the role of ISPs as contents providers rather than providing a telecommunication service
all that has indirect consequences for cybercrime (3rd December 2007)
and (30th November 2007)

versus ISPs just facilitators: " Citizen Journalism Site Sued Over Content Posted By User" (29 November 2007)

Virtual worlds, social networkin, and crime: is it crime?

In virtual worlds like Second Life, can there be fraud or theft with associated real criminal liability? A real question for a virtual world which should be excluded from our physical laws, but is it that simple? Are we going to see criminal law reinvented online? (3rd December 2007)

The following article seems to confirm we may have to think ahead "Bad Ideas: Trying To Build A Marketplace Of Virtual Goods" TechDirt (18 December 2007)

Another issue will arise with the development of e-currencies: "Virtual worlds driving move to e-payments",1000000183,39291065,00.htm (26 November 2007)

Bearing more connexion to reality, what about damaging statements in social networking websites that in the physical world do not constitute crime? Should criminal law be involved or should it be regulated by other means? (3rd December 2007)

Friday, 23 November 2007

Cybercrime is not limited to PC

An obvious statement but often forgotten: as computers invade our daily life (Fridges, washing machines, photocopiers...), we should be a bit more careful.. See the iPhone, only one week old at the time of this post.
"Exploit turns iPhone into a spy tool",1000000189,39290994,00.htm

or for hacking obviously:,1000000189,39291479,00.htm (13 December 2007)

and obviously on wireless in general (19 novembre 2007),1000002985,39290910,00.htm

Cybercrime and police investigation

An often left on the side issue is the difficulties police forces encountered when investigating crime committed with the use of internet:
for an example, encryption being a nuisance (although it is supposed to create security to prevent cybercrime, rather than to be a hindrance to investigation of...) "Skype encryption baffles German police" (23 november 2007),1000000085,39291017,00.htm

Wednesday, 21 November 2007

Just for fun: reinventing sentencing one day?

The following article brought a smile: will the criminal system ever introduce a bootcamp for hackers? Never know but look at the following: "Korea's Internet Addiction Bootcamps Mistargeted" 20 November 2007

and what about sex offenders and the use of internet? " Is Banning Internet Usage For Sex Offenders Reasonable Or Practical?" 28 December 2007

Cybercrime, copyrights law, and the post-scarcity economy

Copyrights is not always associated with crime but given the fuss about piracy by big companies controlling digital copies, it is worth looking at the issue a bit more closely.

First this article on Techdirt which highlights the craziness of copyrights law (whether with civil or criminal sanctions) "The Infringement Age: How Much Do You Infringe On A Daily Basis?". The article, drawing on the results of an other article, asks the pertinent question of the legitimacy of copyrights laws as they stand. If we infringe so much, often without fully realising we do, is there not something amiss?
Which leads me to the concept of post-scarcity economy which the founder of Techdirt, Mike Masnick, is fully aware of as he followed the course of the professor who launched the idea. See We live in a world where crime against property used to be defined against the idea of scarcity: what was scarce was valuable, the seriousness of the crime increasing with the value and the social perception of the criminal behaviour. The problem, notably for piracy, is that there is no scarcity and thus the perception that crime exists has disappeared. Do we need to readjust our concept of crime? How? I believe it is the challenge for the next 5 years of criminal lawyers.

An other line of thought is the possible explanations for the success of Silicon Valley: the noncompete model that never existed there seems to have largely contributed to the explosion of new ideas and IT impact on everyday life. In other words, information is valued for its ability to be shared and freely available, not for its confidentiality. Is that the clue of the problem?
see Techdirt on Wed. 5th December 2007

obviously this is without wondering about the procedural aspect of some lawsuits, many civil, but why not one day criminal? "FSF Sets Up Fund To Pay For Experts Who Can Show How Flimsy RIAA Evidence Is"

In comparison, counterfeiting creates less challenges " Dawn raids net three web-counterfeit suspects",1000000097,39291018,00.htm (23 November 2007)

Monday, 19 November 2007

How to use fear to steal information...

Not the first report on the practice, but the latest: how to use the fear of spyware to phish for credit card details... Very effective, thanks to people's credulity...,1000000189,39290658,00.htm

Cybercrime and legal response: an impossible task?

nothing new really, but it is interesting to see that the argument comes back regularly, often coinciding with a warning about the increase in cybercrimes. Can Government control the web? Here, Dr. Vinc Cerf reaffrims it can't because of the very nature of the web; but what about China? it builts a great electronic wall around its borders to such an extend that the state controls most communication (see the book of Goldsmith on Who controls the internet?) So to which extends Cerf's assertion is correct, one may wonder...,1000000097,39290831,00.htm

old crimes, new bottles...

To borrow the famous expression from David Wall, here is another example of how crime can be resilient and take new shapes with a new name: wi-fi piggybacking or the unauthorised use of electronic communications, just to get free access (but what if it goes further by the way?),1000000085,39290850,00.htm
with an update on December 14th 2007

And the emergence of botnets, showing how one cannot help using new technology for our old crime of fraud...,1000000189,39290694,00.htm
and,1000000189,39291184,00.htm (30 November 2007)
and Stephen Fry's article (yes, humour does not prevent knowledge of technology!!)

More dramatic is the case of this girl in the US who committed suicide after what might be considered as harassment from a fake character in Facebook. The case is exploding all our concept of victim and perpetrator... (10 December 2007)

Russia and China: shamed as worst offenders

Should not come as a surprise that China and Russia represent major threats for the online world; the amount of money at stake, and also the political stance, makes it to attractive to avoid spying, hacking, 'zombying' and the like. The only difference between the two countries: Chinese cybercrime remains state-orientated and controlled; Russian cybercrime seemed more privately "owned" although the complacency of the Russia state can be argued to amount to complicity...
But is the West really that big fat cow that needs to be milked? (see the article on the guardian about the RBN) Maybe, but cybercrime here is not about redistributing wealth to the masses, rather redistributing it to a very small number of people using crime to increase their own personal profits. In this respect, I strongly opposed the Guardian's line stating that the "RBN was founded and is run by techies, not career criminals." A career in crime is no longer about being a thief in the physical world: actually, it brings more money to go online than to stay offline...

On Russia

On China,1000000189,39290843,00.htm

and more generally, although...,1000000189,39291200,00.htm (3rd December 2007)
"Cracking open the cybercrime economy (14 December 2007),1000002000,39291463,00.htm

Cybercrime and social networking: at last an awakening?

Richard Thomas, the information commissioner, spoke before the House of Lords Constitution Committee, raising concerns about the consequences of data-sharing, whether on social networks like Facebook, or with other data-sharing practices between public and private sectors.

It's time people wake up to the serious fraud issues those practices raise. Identity information should be confidential, from date of birth (=age) to mother's maiden name and so...
see the UK practice to let the information of the civil registry available to all. The justification in 1860s when created on the grounds of creating statistics is no longer adapted to the reality of the 21st century. ANybody can obtain one's mother maiden, the very word considered by banks as the most secure password! At least the practice in France and in most continental European countries enforces security as the information on the civil registry can only be accessed by the individual concerned or his immediate family, but never by banks, employer, lending firms...

see for the electoral register also available to anybody lending no more than 10p and the controversial claim the founder of makes about availability of data: big bother is not anymore the state but your neighbour!

"New front in the battle against identity theft"
By Robert Verkaik, Law Editor
Published: 23 November 2007

And a new point against social networking: "Facebook enabling tailored email attacks" 21 november 2007,1000000189,39290972,00.htm

Thursday, 8 November 2007

Fraud: the help of non legal tools

The article below is interesting for what it reveals about fraud: is there any lesson to be learnt by law enforcement agencies in detecting and investigating fraud? And how can the software be accurate in its detection without infringing HR?,1000000189,39290606,00.htm

and a similar line a few weeks later, with Google's experiment:,1000000189,39291258,00.htm (4th December 2007)

and the usual recommendation about security behaviour:,1000000097,39291241,00.htm (3rd December 2007)

Social networking and crime

Always wondered when people will start to realise how dangerous those websites are for crime purposes. The beginning of an anwer seems to arrive; lets hope it will not just stay a wish...

Wednesday, 7 November 2007

ISPs, when will we think about them in a different way?

The US Congress condemns Yahoo!, but this should not come as a surprise.What is amazing is that nobody rethinks the role of the ISPs in this particular situation.
Yahoo! claims: "The fundamental point remains unchanged: we did not know the case related to a journalist ... We did not know this was a political case." But this is not the point: China will never tell them that it is political! Nobody in an extradition case will ever tell the other country they want the extradition because the person is a political opponent: they know that doing so leads to refusal of extradition. So why is Yahoo! not thinking further ahead? and why lawyers in the Western world are not changing their perception of what Yahoo! is: Yahoo! is not a company anymore, it is a law enforcement agent! the same rules should thus apply to Yahoo!,1000000097,39290605,00.htm

and for another case of helping law enforcement officers, this time by ... YouTube! (29 November 2007)

The ambiguity is probably at its peak when one sees that Yahoo! settles some cases. The ironic argument is that it probably costs Yahoo! pitance to negotiate the end of the court cases in comparison with the damaging effect of a court case in the public opinion. So people, be warned!,1000000097,39290784,00.htm

At least, ISPs should wait for legal orders (although is legal compliance with HR, that is an other question) (November 2007)
or should be recognised as such as the French government bill suggests (26 Novembre 2007),1000000097,39291067,00.htm "France cracks down on illegal file-sharing" and the enlighting TechDirt article (26 November 2007)

Tuesday, 6 November 2007

Terrorism, more comments

Statewatch, specialised in HR and civil liberties, is not particularly happy about the EU proposal. It is true that if the nature of the internet justifies any infringement to HR, then why not extending the policy outside terrorism, like for fraud where the costs are actually greater than terrorism's?

Monday, 5 November 2007

Terrorism without terrorism

Vice President Franco Frattini, the EU commissioner in charge of freedom, security and justice, suggested to modify legislation on terrorism, so as not to require a terrorist action to be committed. Nothing really new, but a way of reaffirming the importance of combating terrorism at its roots. Internet is viewed as a particular threat.
Yet how does one prove the intent if there is no active step taken towards committing a terrorist action?

Privacy, identity theft and social networking on the web...

Social networking is trendy and it is true that if the number of users were a country, it would not be of the size of Switzerland but rather the UK or Japan.
thus it is amazing what people can reveal of their personal life without thinking of the dangers of doing so. Dangers of hacking (but is the offence of hacking sufficient to tackle the issue?) which can lead to modifying contents (but what is there is no gain, thus a harmless joke?), dangers also of investigations as anybody, including police, has access to Facebook for example and can use the data...
When people are going to wake up??,1000000189,39290556,00.htm

Why spam is a crime or should be one...

Spam is a regular occurence on IT newspapers or columns. But this case illustrates particularly well why spam should be a crime, independently of its outcome (whether it incites to defraud others)...,1000000189,39290558,00.htm

Friday, 2 November 2007

When the Lords wish more security... and the government does not see the urgency

Not all about criminal law, but of relevance to the issue of identify theft and fraud.,1000000189,39290465,00.htm

Fraud: the view of a former fraudster!

Self-explanatory but essential to grasp the shift technologies brought to criminal law. I can add that a scan of a real cheque is sufficient to create a new one, or the scan of a reference letter (and not to give you any ideas here, hopefully).,1000000169,39290470-39001093c,00.htm

Cybercrime and beyond

I viewed this video during a training session; it applies perfectly to the course, but goes also beyond. Law today is about thinking the unthinkable. Hope this course will give the tools to do so!

Cybercrime: non-legal answers

The article below is self-explanatory, but revealing about the first method to fight cybercrime.,1000000189,39290504,00.htm

similarly, see the comments of Nicholas Miller, Airpatrol on ZDnet UK (19 november 2007),1000002985,39290910,00.htm

and as reported by Marcus Browne for ZDNet Australia on 21 november 2007,,1000000189,39290987,00.htm

Thursday, 1 November 2007

ISPs again: why responsible?

The following article from David Meyer is quite revealing about the role ISPs are now asked to perform: to be law-enforcement agents, but without the name, the rights and the duties. The objective is repression, laudable if human rights are not put aside. But is it always the case?
The other aspect of this call for ISPs co-operation is the emphasis put on IP materials, worth as much as child protection?,1000000085,39290371,00.htm

Spam, waste of money or money maker?

Regular posting about spam fill my mail box, always to complain about the waste of time and money it creates. But nobody complains about the junk mail they receive in their postal mailbox, although sometimes it amounts to the only mail received in a week. Why then electronic junk mail like spam gets the headline cover so often? The article is just starting to give an answer...,1000000189,39290391,00.htm

Wednesday, 31 October 2007

ISPs, law-enforcement agents?

As always in cybercrime, ISPs are at the forefront of the battle of piracy. This time, they are expressly thought as law enforcement agents, either voluntarily or "coercively". But implications does this new role have? safeguards in terms of HR protection?
Are they other domains where they become or are effectively law enforcement agents of a given State?,1000000085,39290428,00.htm?r=1

Friday, 26 October 2007

Hackers, DDOS and government - motives and legal issues

The Estonian government, earlier this year, faced a major cyberattack. Motives are unknown, but the disruption was important. Many features of Estonian life rely on computers: parking for example is computerised,1000000189,39290289,00.htm