Sunday, 28 December 2008

Hacking and the amazon forest

hacking is profitable, very profitable; greed again... "Hackers help loggers illegally strip trees from the Amazon " (17 December 2008)

Censorship again

In other words, China blocks access to the NY Times, not a surprise: "La Chine bloque le site du New York Times" (JDN, 22 December 2008)

"Vietnam Continues Online Censorship; Outlaws 'Subversive' Blogs; Puts Liability On ISPs" (TechDirt, 24 December 2008)

"Australian Filtering Boss: Turning Off Blog And Comments" (TechDirt, 24 December 2008) and Australia delaying filtering due to technical and organisational problems "Australian Net Censorship Plan Delayed Temporarily" (TechDirt, 29 December 2008)

Harassment online - being a jerk and beyond

As already notices in an earlier post, there is nothing to forbid online harassment to fall within the current legal definition of definition. Harassment traditionally involves repeated behaviours or course of conduct in terms of speech or physical actions which causes distress, the victim feeling harassed. Whether one uses a fake identity or not is no obstacle to acknowledge liability as long as the mens rea is there.
That mechanisms to report abuse also exist is the least that can be done...

"What's The Goal Of Anti-Cyberbullying Moves?" (TechDirt, 19 December 2008)

"Missouri Prosecutors Going Overboard In Bringing Cyberbullying Cases" (TechDirt, 22 December 2008) and on the legislation previously passed, "Missouri Makes Online Harassment A Felony" (TechDirt, 2 July 2008)

"Reporting Bullies Online: Helpful Or Not?" (TechDirt, 15 October 2008)

For an example which escaladated to criminal damage and fear of violence, see the chinese online version of mobbing... "Man Wins Lawsuit Against Online Vigilante Mob In China" (TechDirt, 22 December 2008)

But for misuse of legislation... "How Is It Cyberbullying When Students Are Exposing Teacher Abuses?" (TechDirt, 31 December 2008)

Thursday, 18 December 2008

Causation, child abuse, video and liability

It is interesting because criminal law has not been set up for those types of cases on a massive scale. I don't see how the prosecution can stand on its feet because it is very indirect liability - chain of causation is frail

"Man Who Re-Uploaded Viral Baby Swinging Video Charged With Child Abuse?" (12 December 2008, TechDirt)

China firewall: official recognition

At last, a bit of transparency in recognising everything is filtered from the BBC website to opponents' related websites or reports...

"La Chine reconnaît officiellement la censure du Web" (Journal du Net, 16 Decembre 2008)

Hacking and illegal competition

Hacking seems to have been used to enter the intranet forum of the SNCF, the French rail company, by its competitor Deutsche Ban. The context is that French railway is still not open to competition, and not so until January 2010, despite Germany and Italy having opened their networks.
"L'intranet de la SNCF piraté par son concurrent allemand" (Journal du net, 16 December 2008)

Tuesday, 16 December 2008


It is interesting because the threshold for criminalisation is always difficult to determine. Before as now, criminal law remains a symbol and because of that symbolic value, it tends to be used as a benchmark or signal, whereas its effectiveness can be doubted.

"Chill Out On The Texting While Walking Bans, Says Professor" (December 15th, 2008)

Read also in the same line the work on Overcriminalisation: the limits of criminal law, from D. Husak.

On the other hand, it could be argued that resorting to criminal law cannot be measured simply by effectiveness and that its symbolic results can be more important than its actual use by prosecution and courts.

Copyrights infringement and duty to react from ISPs/social networking

A bit of French law here: a French comic who used to specialised in hidden cameras type of sketches in the high street (his nickname literally means Thebottom), sued and sues several companies/ISPs for holding pirated videos of his work. According to the article below, he has not been that succesful and often had to pay for expenses more than he ever gained when his complaint was accepted.
The interesting feature is the take down notice feature. Social networking like Dailymotion (videos like YouTube) was condemned to pay damages for not having removed contents before three months have ellapsed since given notice.
Lafesse lost another case, but on procedural grounds rather on the issue of whether MySpace is responsible as content provider or host.

"La cour d'appel annule la condamnation de MySpace par Jean-Yves Lafesse" (3 November 2008)

Net neutrality

Have The Big Internet Companies Turned Their Back On Net Neutrality? (TechDirt, 15 December 2008)

Friday, 12 December 2008

Police e-crime unit calls for industry aid (11 December 2008)

aiding terrorist and google earth

Aiding and abetting terrorism! poor Google! this is silly because google earth in itself is not made to create crime. It's not like bomb making and use of firearms type of documentation that circulates so easily on the web.

"Indian Court Wants To Ban Google Earth In The Wake Of Mumbai Attacks" (10 December 2008)

Anonimity - right not to...

A business is asking for anonimity to be lifted about two posting. I find this troublesome. Unless there is an actionable tort or criminal suit, there is no need to ask for anonimity to be lifted. Otherwise it is private censorship

"Yet Another State Court Explores Right To Anonymity In Online Posting" (10 December 2008)

Cyberbullying, discipline and crime

Cyberbullying is already an offence as long as it fits within the definition of harassment. So no need of any new offence. And like all crimes, it can give rise to disciplinary sanctions. And like all disciplinary sanctions, a lot of interpretation is given to the disciplinary institutions. Nothing new, everything under scrutiny by judicial review. It is especially with the ECHR artilce 6.

"Student Sues School For Suspending Her Over Facebook Group" (10 December 2008) I wonder to which extent the article confuses legal issues and factual issues (whether there was bullying or not)

Internet filtering and ISPs roles

Internet filtering is certainly one of the main tools available to control the internet. Nonetheless, the conditions in which it is done are crucial to ensure the balance between liberties and social needs. The Great firewall of China obviously does not create that balance; but France Germany and many other European countries have done so when filtering or banning racist websites, notably those denying the holocaust.

"Internet Filtering Appearing On Various Wishlists For Obama" (11 December 2008)

"Australian ISPs Refuse To Censor The Internet" (10 December 2008)

In comparison, I found the private filtering (by non ISPs; by private companies such as a shop or a newspapers) much more troubling and scary. "Online Video Sites Harming Themselves With Geographic Restrictions" (8 December 2008)

The help of the ISPs and other internet censors is crucial, so yes they should be responsible, but maybe in different terms, by analogy to public institutions' liability?

"Should Internet Censors Be Responsible For Breaking Stuff?" (10 December 2008)

USA presidency - new developments ahead?

Given the interesting way Obama ran its campaign, - the first to use the full potential of cyberspace to fund with only 5 to 10 dollars donation the core of his campaign expenses-, it is not surprising there is a lot of expectation.
A call for a new White House office to tackle cybersecurity, i.e. accessing and stealing vital information about the US. The fact that both Obama and McCain's e-mail accounts were hacked during the campaign does not help dispelling the threat. For the report by the CSIS

for the ZDnet article "Obama urged to appoint cybersecurity chief " (10 December 2008) and CCRN "Panel urges Obama to consider hacker-response plan" (7 December 2008)

But the cybersecurity threat should not shade away the cybereconomy threat "Forget The Economy, Security Vendor Says Cybercrime Is The Real Threat" (11 December 2008) although I am not sure it deserves the hype it is given

Friday, 5 December 2008

Underground economy - the 'benefits' of fraud

self-explanatory: "Symantec takes cybercrime snapshot with 'Underground Economy' report " (24 November 2008)

ISPs role: caught in fire?

A recent ruling from the European Court of Human Rights against Finland highlighted the crucial role ISPs can play in investigations and protection of the person. K.U. v. FINLAND (2 December 2008),
"The European Court of Human Rights has today notified in writing its Chamber judgment1 in the case of K.U. v. Finland (application no. 2872/02).
The Court held unanimously that there had been a violation of Article 8 (right to respect for private and family life) of the European Convention on Human Rights concerning the Finnish authorities’ failure to protect a child’s right to respect for private life following an advertisement of a sexual nature being posted about him on an Internet dating site." (statewatch)

And yes, ISPs are policemen. Not such a bad thing as long as the courts are involved and criminal procedure respected, which is not always the case.
"Danish High Court Says ISPs Must Be Internet Policemen; Have To Block The Pirate Bay" (26 November 2008)

Offence of possessing extreme porn - UK

The concept of possession for child pornography troubled the courts in the recent years. The main question is to which extent deleting images makes one still in possession of those images? The courts were warry to create a legal test that would lead to convicting the "innocent" person receiving unwelcomed porn by e-mail.
The issues have been partially adressed with the new offences of extreme porn (rather than modification of child porn) in s. 63 to 67 Criminal Justice and Immigration Act 2008. Contrary to what everybody says, there is no defence if one deletes the materials. One has to prove that one did not solicit to receive the materials and that is much harder to do than it appears at first sight. The official guidelines are clear as long as one does not read only para. 21, but also read para. 19 and 20. The test is in line with the French courts' approach

" says extreme porn isn't illegal if you delete it..." (The register - 28 November 2008)

"UK Says You Can't Have Some Kinds Of Porn, But It Determines What Kinds" (Tech Dirt - 2 December 2008)

with the official guidelines available at the Ministry of Justice website

Investigations - the use of internet for detective work

Renewed ways of collaborating witht the public in solving crimes:

"Small Business Owners Track Down Dumb Criminals Online" (3 December 2008) - with one warning: criminal procedure does apply to investigations if they lead to criminal prosecutions. Thus, companies engaging in that type of activities should be warry of falling fool of the law

"Canadian Cops Seek To Solve Murder Cases With Online Tips" (1 December 2008)

and for a European approach "EU fights cybercrime with 'remote search' strategy" (28 November 2008)

Tuesday, 25 November 2008

Inadequate training of police forces - collateral damages

A bit ironic but not enough when thinking about Julie Amero's life. If the information is really true, and there is no reason to doubt, this is a scandal both in terms of training of law enforcement officials, and in terms of complete failure for the American criminal justice system to protect the innocent. I am not surprised though; I studied the system enough to know that plea bargaining is a powerful tool and that the US Supreme Court's conditions are insufficient to guarantee fairness in the process. The ECHR has a more humane approach.
and by the way, not all charges were dropped as PB done

"Connecticut Finally Drops Charges Against Julie Amero" (24 November 2008)

US - China - computer attacks

Don't know if the US report should be completely trusted. A few things certain: China built the great firewal; it can do much more than that. Given the pressures it put on ISPs and Google like to give away details of dissidents, no doubt similar pressures can exist against Governments.
"US easy target for Chinese cyber-spies, says report " (25 November 2008)
For the report itself, see US Congress report especially p. 291 et s.

Thus that the two former candidates to the White House may have been targeted by CHina, is far from impossible. "Obama, McCain Cyber-attacks have Chinese Origins?" (17 November 2008)

"China denies hacking US politicians' computers" (, 13 June 2008)

Better educated children, less victims?

So many conflicting reports about the influence of internet on children and adults that I do not know if this one must be trusted either. I disagree with the idea that the internet cannot have a negative impact. No later than a week ago, a teenage girl escaped from home and met a man met through msn, paedophile presenting himself as a 16 years old...
on the other hand, the message that on the net you cannot know who the other person is really and that one should be more wary about one's privacy, may start to come through?
"As Internet Usage Grows, Sexual Offenses Against Kids Have Decreased" (21 Novembre 2008)

Thursday, 20 November 2008

Second Life - for the best or the worse?

Three interesting uses or outcomes about Second Life - will write later about it as I am a middle of a research on it for hate crimes

"Other Tools Terrrorists Might Use: Voice, Pencils, Fax Machines, Email, Mobile Phones, Etc." (27 October 2008)

"That Was Fast: Woman Arrested For Virtual Murder Of Virtual Husband" (23rd October 2008)

"Well, At Least Second Life Won't Need A Gov't Bailout" (20 October 2008) because it has already crashed? "No, Second Life's Bank Crash Did Not Predict Real World Bank Crash" (26 November 2008)

Online services and police work

I personally don't see what they are worried about. Crime statistics about areas are already available on the web. Is it because police and Government would have to rethink their crime control strategy and be a bit more efficient?
"UK Police Worried About Online Crime Maps" (24 Otober 2008)

Filtering and ISPs' role

Along the lines I argue, that ISPs should not enforce public policies as cops unless they have the same duties, and also only after we have rethought enforcement policies.

"Why ISPs Shouldn't Be Copyright Cops" (20 October 2008)

"Belgian Court Realizes That ISPs Shouldn't Be Forced To Block File Sharing" (27 October 2008)

"Woman Sues MySpace For Taking Down Her Page" (27 October 2008)

Espionage and Hacking: just updates

Nothing new but targets make it interesting.

White House email archives targeted by hackers (10 November 2008)
Sarkozy falls prey to bank hacker (France) (21 October 2008)

Online Criminals Move On To Corporate Espionage (13 November 2008)

DDOS and amended CMA

At last the amended version of CMA by Police and Justice Act 2006 comes into force on 1st October 2008. The delay is inadmissible when considering the threats and the potential for a different outcome than in the Lennon case.
DoS and distributed hacking tools finally criminalised (14 November 2008)
For the official text,

Filtering and censorship - updates

It's quite trendy to filter internet contents. Apart from freedom of expression concerns, it's quite a never ending task and probably an impossible one given the breadth of information on the internet, unless one builds the Great firewall like in China and employs thousands of people filtering.

Australian ISP Agrees To Filter... Just To Show How Stupid It Is (19 November 2008)

Perhaps Turkey Should Just Ban The Entire Internet (27 October 2008)

Saudis Crowdsourcing Internet Censorship (17 November 2008) - only 25 people to filter)

and the ironic result of what filtering can mean in terms of economic gain: how China is making some profits by reorientating searches in Google to its own website. "China Says: If You Must Infringe On Copyrights, Use Baidu" (10 November 2008)

Internet Censorship -- Whether By Gov't Or Parents -- Has Downsides (12 November 2008)

and the funny interdiction to search about some Argentian celebreties, funny and scary though "Argentinian Celebrities Succeed In Forcing Search Engines To Block Search Results On Their Name" (November 2008)

For something slightly different:
German Politician's Plan To Block Wikipedia Backfires... Badly (17 November 2008)

Sunday, 16 November 2008

Cyber-terrorism - possibility of death penalty in Pakistan

At first sight, for us European, it seems a heavy sentence that of death for cyber-terrorism. But it seems that the sentence is tied to a result: causing death of an other person, even it is indirectly by simply allowing access to computers. And death penalty is only an option, the other being life imprisonment. Comparing to the US regime, the US knowing also death penalty for murder, that is not so unreasonable. Note that Pakistan has not yet signed the Convention on cybercrime (
"Cyber-terrorism will be punishable by death" (7 November 2008)

Jury duties and new technologies

The way jurors perform their function have not changed for centuries. They sit down, listen, no notes can be taken most of the time, and after a few days or a few months of trial, decide on the case. In a world where writing is now key, where aural transmission of culture and knowledge is inexistent (without images/video, I mean), Lord Judge of Draycote's comments is certainly a viable and valuable one. Yes, childrend and young adults cannot sit anymore to just listen and do nothing else. I would certainly not dismissed its comments on how this inability to listen can affect criminal trials. Now should we change the way a jury trial is conducted?
The fact of listening with no writing is an intrinsic part of an adversarial trial; it is viewed as being the only way to arrive to a fair decision. Introducing writing would certainly modify the process of reaching a decision. But that does not mean the adversarial trial would sell its soul to the devil. Financial trials (complex frauds) are actually hindered by this traditional process and a fair decision cannot be reached. So time for a change? Work from criminologists and linguistics could help understand the impact writing could have.
"Web-savvy young make bad jurors because they cannot listen, says Lord Chief Justice" (7 November 2008) and TechDirt on the same day

Google charged - but on which grounds?

Facts: four kids downloaded on Google a video of when they were taunting a disabled child. Prosecution, in addition to charge the children, contemplates charging Google.
I can't understand on which grounds the prosecution was thinking of charging four executives of Google. Complicity? impossible there is no mens rea and the actus reus is abstention because Google did not download the video but the kids authors of the offences. Conspiracy? impossible as no agreement... Corporate liability in criminal law? again makes no sense.
Thus the initial magistrate who rejected the case (not a trial decision if I understood well) is probably right. I wish I could speak Italian better to research a bit on this
"Italy Moves Forward With Plan To Prosecute Google Execs Over Online Video" (7 November 2008)

Friday, 7 November 2008

Police investigation - use of websites..

for the use of Craigslist ( by police forces Police Realizing "Craigslist Is A Resource, Not A Problem" (5 September 2007)
On a reassuring outcome, thanks to traditional methods of detecting crime, "Yet Another WiFi-Borrowing Criminal Caught" (7 November 2008)

and Craigslist Pressured Into Policing Ads For Prostitution (6 November 2008) which I personally find problematic because Attorneys Generals are not the judiciary.

Thursday, 6 November 2008

Avatar, copyrights and money

Not at first sight a criminal law problem but nonetheless related. To ask for copyrights for art copied to create an avatar; what about the reverse?

Artist Demands $500 From Guy For Using His Image As An Avatar (November 2008)

Tuesday, 4 November 2008

Takedown notices - recurring issue

THis is a recurring theme: private enforcement of the law instead of courts deciding if it is worth taking down, even temporarily. Maybe time to think about allocating courts to those matters?
Facebook Using DMCA Notices To Takedown Private Videos? (30th October 2008)

Second Life - Real economy on virtual property?

Second Life hit by the financial crisis? yes, well possible because the so-called virtual currency of LInden Dollars has nothing virtual but it's name as long as you can exchange it against US Dollars. Now that's interesting because what about Second Life regulated by the FSA or the European agency that may be created? and what about bankruptcy laws???
On Second Thought, Maybe Second Life Does Need A Bailout, (30th October 2008 - Tech Dirt)

New offence?

Unless handling can be applied, which I doubt it could as there is no items held in hands in the traditional meaning of the word; or unless money-laudering laws apply, we are left with a gap for something which is clearly illegal. So new offence to think about?
Cybercrime takes to the cloud (3 November 2008)

French Bill on piracy

Due to an article I need to finish, no time to investigate this and read the Parliamentary Bill and debates, but it's worth looking at it, especially in comparison with Europen policy
French Senate Approves 3 Strikes Law (3 November 2008)

The French website Juriscom explains a bit more the details of the Bill, although sorry it is all in French. "Lecture au Sénat du projet ''Création et Internet'' le 29 octobre : risposte attendue contre la réponse graduée" 21 October 2008 on
The comments from J-L. Fandiari are as follow: the European Commission just voted that no restriction should be imposed regarding rights and liberties without a decision from the judiciary, in compliance with ARticle 11 of the Charter on Fundamental Rights. The French Bill seems to do all the contrary: no judicial decision, only the administrative authority or quango type called HADOPI will serve the notice to offenders; no clear criminal offence refered to by the text; constitutional issues. The latter is definitely interesting as Article 55 of the Constitution forbids an Act to be contrary to European law or any other treaties; thus the judiciary has the right to strike the law down; but then no judiciary is at first instance competent in the Bill; so it will fall upon the Conseil d'ETat the French supreme court for administrative law to decide on appeal/judicial review to settle the issue.

For the Parliamentary procedure, see the Senat website: The Bill has been declared urgent and strangely enough, it is called the "little Act" (petite loi). Is it because it is controversial?

Virtual worlds - real law

Just the beginning of the problems with virtual worlds: why applying real laws and which laws? Tax and laws linked with money, it's easy: those virtual worlds produce real economics, so no point in hiding being the notion of "virtual" world. Next is what about criminal law and criminal procedure? China Sends Tax Collectors Into Online Worlds (3 November 2008)

Security - Convention on cybercrime

THe convention on cybercrime allows for the law to require a minimum of security features implemented by users as a pre-condition to prosecute for hacking... So that for WI-FI, users are required to be cautious could hardly be surprising. However, two things trouble me here: first, it's not the Government which set up the requirements, but the ISPs; certaintly consumers have a contract with ISPs but I find this unilateral change problematic given the indirect consequences it can have on criminal law, even if those consequences are unwanted. Second, to which extend the ISPs are refusing to engage into providing security features, I wonder? because I suspect it is easier to pass the burden of building good security that doing it themselves.
UK ISP Claims It Will Disconnect Any Customers With Open WiFi (3 November 2008)

Friday, 24 October 2008

Incidence of the divide public/private

A German court considered the IP address to be of the public domain. Parallel with "physical" world could support the decision: home address is public information unless one opts against it and forbid the name and address to appear in public directories.
there is however another parallel: the IP address is not your address but also the "image" of you on the internet. In that case can it either be private? Difficult to see.
THe whole debate has an incidence for crime: what is private can be stolen; what is public cannot be.
"German Court Rules That IP Addresses Are Not Personal Info" (21 October 2008)

Tuesday, 14 October 2008

Investigations - some hope?

"University Gets Time To Notify Students Before Handing Over Info To The RIAA" (10 October 2008)
"How Soon Until We Start Hearing Stories Of Twitter Criminals?" (9 October 2008)
My answer will be: not long. And the issue is exactly the same as usual with social networking sites: sharing of private information people don't realise are a delicacy for criminals.

Interception of communications and filtering

No link apparently between interception of communication in the US of phone calls and filtering in Australia with very little opt-out. Yet both methods are means to control the flow of information on the internet and give little chance on users to fight back.

"Australian Internet Filters Have No Real Opt-Out; Only Opt-In To Fewer Filters" (13 October 2008)
"NSA Abused Wiretap Rights: Intercepted, Shared Private Calls Of Americans" (9 October 2008)

Diversity of laws - a dilemna?

Apparently somebody in the US - Florida was sanctionned for obscenity after prosecutors went forum shopping for the most stringent laws on the matter. Diversity of laws is not a new issue; comparative law is highly aware of it. Internet just increases the problem
"What Are 'Community Standards' When It Comes To Obscenity Online?" (13 October 2008)

Thursday, 9 October 2008

Investigations are not spying on Web2

Sef-explanatory: "US Government Admits: Data Mining For Terrorists Doesn't Work" (7 October 2008)

Free speech, privacy and ISPs

The two posts may not seem related but I think they are when looking at them via the issue of regulating the internet to best protect users and their human rights.
Several posts pointed out the issue of ISPs acting like censor for fear of loosing market shares or being sued for not acting promptly. However to expect private organisations to do the job of Government threatens rights if there are not strong counterparts, like guaranteing privacy.

"Why Did ISPs Take Down Ronald Riley's Sites?" (8 October 2008)
"Forget Net Neutrality Laws; Just Strengthen Privacy Laws" (7 October 2008) and the refered article "Privacy laws will guarantee net neutrality, says legal expert" (2 October 2008)

Responses to cybercrime - Debate at HL

Friday 10 October 2008, House of Lords will start the debate again, following their earlier reports. What is interesting is the proposal for software companies to be responsible for insecure code. If companies were responsible like Microsoft, they would be a bit more careful in their release and would save a bit of money to everyone. After all, if you release a toy or a TV which explodes or has default, the manufacturer is liable, at least for one year in the UK; why not software companies?
"Lords to debate gov't progress on internet security" (6 October 2008)

Damages by spamming

Harm is a key concept, although elusive concept, to justify crimininalisation of behaviours. Here the case seems to justify the policy to criminalise spamming "Spammers Ordered To Pay $236 Million" (8 October 2008)

Digital evidence on YouTube

A reassuring decision where the Scottish Court is not dazzled by the technological elements of the case. The basic principle for all evidence is to be adminissible and secure; doubts benefit the accused and strengthened human rights by forcing the police to do their job thoroughly.
Man cleared in YouTube speed case (8 October 2008)

Let's hope the US Supreme Court will conform to the rules and not allow some exceptions "Is A Conviction Constitutional If It's Based On Evidence From An Unconstitutional Search?" (6 October 2008)

Friday, 3 October 2008

Fraud and e-passports

If this is true, it is pretty scary, not only in terms of privacy but also regarding fraud and criminal investigations (think about international arrest warrants based on false information).
"Researcher details Dutch e-passport hack" (2 October 2008)

New e-crime police - a welcomed addition?

Fraud being one of the most common crimes in cyberspace, it's good to see the National Fraud squad welcoming the creation of the e-crime police in the UK "National anti-fraud centre ready for action" (3 October 2008)

Meanwhile the City of London decided to take action "City of London pilots cybercrime scheme" (, 6 June 2008)
and Government hesitates "E-crime unit 'on track' despite funding delay" (, 16 June 2008)

Interception of communication - illegality

Just another example that the internet should not escape the rules... "Chinese Skype service censoring messages" (2 October 2008) and on TechDirt
Actually I wonder to which extend Skype's responsibility should not be engaged. But under which laws, may you reply?
(09 october 2008): the new episode of the affair is that Skype was apparently sub-contracting to a company that was spying. This is a typical case of vicarious liability both in contract law and criminal law.

To which extend tracking data by ISPs is also interception of communication I wonder... "Most People Don't Realize Their ISPs Are Already Spying On Them" (2 October 2008)

Thursday, 2 October 2008

New UK e-crime police training

They want to recruit from the technology industry. Providing they have enough money to pay the persons! See "Fears over funding for police e-crime unit " (2 October 2008)
No problem with that, but training in law and criminal law should not be forgotten ..."Police e-crime unit seeks industry recruits" (2 October 2008).
And in the US, it's the Homeland Security which helps out the businesses (1 October 2008)

Tuesday, 30 September 2008

Crime and the influence of the internet

"What Does The Internet Have To Do With The Finnish School Shooting?" (24 September 2008) ask Mr. Masnik. Well, at first sight, nothing really. But the debate is not restricted to violent crimes. It is at the center of whether to or not to criminalise hate crimes, a subject I am working on currently. I would say that the internet like any other form of communication (radio) is neither neutral. Responsible behaviours should exist; and yes, it can be used for spreading negative feelings and hatred; and yes, it can have an impact. Now, to which extent there is an impact will probably be a subject of debate for a long time, as long as there is no proper studies on it (there are studies but further research needs to be done). However, if one takes the example of radio, one cannot deny that it was at the heart of the Rwandan genocide. It is radio which was mainly used to spread hatred and callings to murder and genocide. This incitement to hatred can be criminalised. That the US chose not to is actually a very minor position in a world that chose to take the other options with often proper safeguards.

This issue is however different, I think, from the claim that ebay drives people to shoplift! "Retailers Blame eBay For Driving Good People To Shoplift" (24 September 2008)

Interception of communications

Yes, interception of communications is a criminal offence; the question is what do we require and understand as a criminal intent to intercept? The City of London Police thinks it cannot be proved about BT's use of Phorm in trials. The reasoning is unclear. I just wonder if there is not a confusion here between motivation/motives and intent. Intent to intercept is knowledge that the action taken, here the use of Phorm, will lead to the ability to know about e-mails' communications by BT customers. Whether it is to improve the customer service or not is of no relevant to the criminal intent given that this would constitute the motive not the intent.

See and "UK Says Phorm Clickstream Tracking Is Okay... If Clearly Explained To Customers" (19 September 2008) - well I think it is slightly different but...

Addition: obviously BT has not been detered to reuse the technology (29 September 2008) but at least customers will be asked their consent

Investigations - luck or display of forces?

The main problem of cyberspace is always tracking done the authors of offences. Some crimes will never be solved, unless maybe their authors unveil later on their methods; some may be solved although the more time elapsed the more unlikely there are chances to find the offenders. “The 10 Most Mysterious Cyber Crimes” (26 September 2008)
See also “Cybercrime expert to educate MSU engineers on "Gen Next Terror" (23 September 2008)

Comp with “Second TJX hacker pleads guilty” (24 September 2008) (also under "Second alleged hacker pleads guilty in TJX case") and maybe the silliness of the Palin’s hacker: hacking a high profile person is more likely to create a surge of investigatory reactions and actions than hacking a business, even if no real damage was done. “Palin Hacker's IP Address Linked to Tennessee College Dorm” (22 September 2008)

Censorship and cyberspace

Back to the 18th century and before? One of the battle of the Enlightenment was to fight mandatory registration for any type of publication, so as to avoid censorship and freedom of expression to become a reality rather than a debated idea. “Has Italy Outlawed Unregistered Blogs?” (26th September 2008)

See the more serious issue of "Malaysia Jails Blogger For Two Years Without Trial"

Defamation in cyberspace - a reminder

Hardly surprising, but worth a reminder. Diffamation/libel still applies on cyberspace and more importantly, in some countries like France it is a criminal offence and does not engage civil liability. "Reminder: Defamation Still Applies To Bloggers" (29 September 2008)

Friday, 19 September 2008

Defamation, MySpace and fake profiles

Case rejected against those children who created a fake profile of their headmaster; lucky because in some countries like France defamation is a criminal matter not usually a civil law issue like in the US and UK (well criminal law does get involved but rarely).
Principal Loses Lawsuit Against Students and Parents Over Fake MySpace Page--Draker v. Schreiber (Eric Goldman - 22 august 2008)
Draker v. Schreiber, 2008 WL 3457023

But it does not mean disciplinary action cannot be taken. See "Judge Says School Can Suspend Student For Fake MySpace Page Of Principal" (19 September 2008)

A change of standard in the law? Sorry have not read yet the case, so can't comment much "UK High Court Recognizes That Defamation Standard Should Be Lowered For Online Forums" (11 August 2008) Judgment is available on the BBC website in PDF format

Cyber-attack: politics

"Georgia accuses Russia of co-ordinated cyberattack" (11 August 2008) ; a war of words?

"Georgian president suffers cyberattack" (21 July 2008)

Liability of auction sites

Following Yahoo! case: what for e-bay? "Belgian Court Agrees With US Court That eBay Not Liable For Fake Products" (13 August 2008)

Blocking access to content or removal of

Certainly if content is not illegal, there is no obligation to take it down, whether we like it or not. See "No One Is Obligated To Take Down Perfectly Legal Content You Don't Like" (3 September 2008).
However, that is not really our point. Blocking access or asking content to be removed should go before the courts or at least an impartial body/institution/authority who could hear both sides and decide if the suspicious or litigious content is really illegal. That would save us from unregulated censorship (censorship for printed publications used to be regulated - even if nobody really agreed with the principle of censorship). After all, for movies, whether it's porn or not is the decision for most countries of accreditated bodies; why should it be different on the internet? A question of unpracticability (too much requests)? no study has been made and if nobody tries, we're just then giving up on fair trial's rights. See Thailand and China "Thailand Continues To Try To Mimic China With Internet Censorship" (4 September 2008)

in that sense, the US DMCA takedown notice is more respectful of rights than simple requests: it must meet some important conditions that, if met, compel the ISPs or host to takedown the litigious copyright material. See "But What If A Takedown Notice Isn't Actually A DMCA Takedown?" (22 August 2008) and "Judge Says Copyright Holders Must Consider Fair Use Before Sending DMCA Takedowns" (21 August 2008)

Jurisdiction issues

About an India Court's ordering Google to communicate a blogger's identity and the right to do so when author and offence are committed in the US with no material elements in India...
Absurd? Mr Masnik argues that the stricker laws get to be applied. Not far of the mark if we compare with the case of privacy where the European standards of privacy have overcome the American conception of privacy.
On the other hand, should the most liberal laws get the upper hand? An interesting problem of diversity and unity familiar to the comparatist

"Indian Court Demands Google Hand Over Anonymous Blogger's Identity" (15 August 2008)

Nasa hacker - last episodes

Catching up - I was enable to keep the blog up to date - with the Nasa hacker story.
The last episode is first a protest against his extradition (3 september 2008), and the last possible appeal for Mr. McKinnon before the Hight Court. The grounds of appeal is unfitness to stand trial in the US, and thus asking the trial to take place in the UK... which means applying UK laws, not US laws, thus sentencing will be much more favourable. Home office decides

see also: (29 August 2008)
Note that none of the articles seems to give an accurate account of what the US is claimins as damages suffered...

Blocking access - China again

Everybody knows about the Great Firewall of China although officially it does not exist. Talk to take it down during the Olympics, but rumours are of course unfounded!!
"China Blocks iTunes After Olympic Athletes Download Pro-Tibetan Music" (21 August 2008)

"So About That Plan To Drop The Great Firewall For Olympics Reporters? Yeah, Forget That..." (30 July 2008)

Investigations - finding criminals and new technologies

The problem with new technologies remains identical as with the old ones: how do we ensure that police does not misuse them? Traditional way is obtaining a warrant, which often (but not always) mean going before the judge. Loopholes do not serve the public interest; first because the evidence may be discarded by the judge because obtained unfairly (on HR principles); second because the only barrier or difference between the goodies and the badies is playing or not by the rules: not to play by the rules is ultimately to abandon the very values sought to be protected.
"GPS Device Data Increasingly Being Used By Police To Determine Where You Were" (3 September 2008)
"German Authorities Raiding Homes To Find Skype Tapping Whistleblower" (18 September 2008)
or the troublesome FBI view on searches "FBI Asks Congress To Ignore The Whole 'Probable Cause' Part Of The 4th Amendment" (22 August 2008) and "DHS: Laptop Border Searches Are Bad... Except When We Do It" (17 September 2008)and our previous post (13 July 2008)

Thursday, 18 September 2008

Laptop searches in the US

"DHS: Laptop Border Searches Are Bad... Except When We Do It" (17 September 2008)

Hopefully a Bill is being introduced since then (1 October 2008), the Senators not being kin of the searches "Senators Not Thrilled About Laptop Searches At The Border" (, June 2008)

and our previous post (13 July 2008)

Cybercrime sanctions = disciplinary action

an other facet of cybercrime, disciplinary action for what could constitute criminal offense (10 sept 2008) "Carleton collars hacker"

Theft and security measures - analogies with the past

I like this post for this is where I start my seminar on theft in cyberspace: the analogy with the security measures of the past. "Gartner: Authentication systems are 'fatally flawed' ",1000001991,39486978,00.htm?r=1 (12 september 2008)
By the way, the clarity with which Gartner describes the system of authentication is chilling and I still can't understand why it's there and has not been replaced by something better.

Social networking and investigation

it speaks for itself "Facebook app herds PCs into botnet",1000000189,39485526,00.htm?r=1 (8 september 2008)

and refers back to a post in july 2008

ISPs and search engines blocking accesss to content

  1. It's a behaviour not peculiar to criminal law issues, but it is certainly troublesome when it comes to criminal law. Again, ISPs take action before any judgment has been passed, before any court involvement and the like. Such blocking of content by physically removing the materials does not comply with international standards of presumption of innocence; plus it means that the ISPs act as judges, especially if nobody challenges their decision, a route that could be explained for purely financial reasons.
Obviously, in addition there is the freedom of speech issue.

"Will YouTube Ban Videos Of Putting Your Head In The Sand Next?" (17 septembre 2008)

"Thousands Of Anti-Scientology Videos Taken Down From YouTube Via DMCA Takedowns" (8 september 2008)

"Google Taking Down Private Videos For Copyright Infringement?" (8 September 2008)

  1. The dangers underlined above appear in the following case. A grandfather posting on windows live the images of his family, with no possible access by outsiders, was ordered to withdraw some photographs within 48 hours or the site would be shut down. Having no clue of what the problem was, he went to see which pictures were so problematic and it was his grandson taking the bath with his dad, so obviously child naked with adult (male - because if female, I am pretty sure the host would not have raised an eyebrow). Had the case been refered to the court, the ISP/host would have lost: impossibility to prove the mens rea of putting child porn images (the family context with restricted access to family members whose identity can be easily verified); impossibility for the pictures to be found constituting child porn given that the adult was not engaging in any indecent act.
  2. and at the end, I think this is an infringement on privacy which is too great not to be noticed

Wednesday, 17 September 2008

Tracking down hackers

An interesting article from CCRC about unresolved cybercrimes. The last three are from 2008, so it may be a bit early to say the offenders have not been tracked down, although as with any type of forensics, time is of the essence. "The 10 Most Mysterious Cyber Crimes" (27 September 2008)
Overall, the article highlights the main difficulty of cybercrime: tracking down the authors.
Comp. with "Cybercrime expert to educate MSU engineers on "Gen Next Terror" "(23 September 2008)

See in comparison "Second TJX hacker pleads guilty" (24 Septembre 2008) and the track for Palin's hacker which seems quite disproportionate in comparison with more damaging cybercrimes that just this one, "FBI Closing In On Palin Hacker " (22 September 2008)
"FBI on the trail of hackers after Palin's emails made public" (The Guardian, 19 September 2008)

and for statistics by DOJ (US) in september 2008

Hackers and their skills for policing purposes

A recurrent theme, this time in New Zealand,
"New Zealand Hacker Released As Police, Judge, Prosecutors All Praise His Mad Hacking Skillz"(16 July 2008)
as the charge was dropped "NZ teenage hacker charges dropped " (BBC, 16 July 2008)

see also my post of 14 March 2008

Saturday, 30 August 2008

Criminal responsiblity for lack of security features?

A recurrent idea, with the FTC (in the US) putting it forward once more. Note that the COnvention of cybercrime lets the member states parties free to narrow the offences (hacking and misuse of computers) by including a condition, that of having up-to-date security features. Now the problem is what is up to date? (26 August 2008)

In the same line of thought is the comment of a Nigerian official who points out that victims of 419 scams should be held responsible "Nigerian Official Blames The Victims Of Nigerian 419 Advance Fee Scams" (22 August 2008)

And earlier, "Banks slip through virus loophole" (TheGuardian, 12 June 208): "A quiet rule change allows British banks to refuse to compensate the victims of online fraud if they do not have "up-to-date" anti-virus protection, says Danny Bradbury"

Hacking - insiders

"Bank Changes Man's Password After They Realize It Insults Them" (28 August 2008) and for the BBC link as the case is in the UK

  1. The employee does not work for Lloyds anymore. Has disciplinary action been taken? Concerning criminal proceedings, the behaviour falls under the CMAct 1990, for the employee modified computer data without authorisation
  2. Althought there has been no harm here (just a change of password without taking money or the like), the facts illustrate that crime can be generated from the inside. Security policies must be stronger to avoid this type of situation, despite a survey stating that insider crimes diminish "Insiders No Longer The Biggest Threat To Computer Networks" (TechDirt, 17 June 2008)

Scams -Nigeria and the challenge of cybercrime

An interesting article, a bit non-mainstream when it comes to cybercrime in Africa. The Nigerian commission admitted that cybercrime was a challenge difficult for its Government to tackle. Not often authorities admit that. (27 August 2008)

although one can validly argue that victims are now really fools to fall for 419 scams after all the publicity surronding them for the past few years. (22 August 2008) "Nigerian Official Blames The Victims Of Nigerian 419 Advance Fee Scams"

Friday, 29 August 2008

Hacking (Nasa hacker) - jurisdiction and policies

The last hope of hacker McKinnon vanished today. The ECtHR rejected his emergency appeal from the House of Lords' decision on his extradition case. Obliged to be tried now in the US, Mr McKinnon faces an unenvious position in a country where plea bargaining is rife. Having refused the plea made to him, the sentence is likely to be less lenient, especially if the prosecution is exasperated by the litigation process.
Three things here interest me:
  1. First, Mr McKinnon's admission that he hacked but to find documents on UFOs. In strict terms of criminal law, his motive (UFOs, pure fun, or terrorism) bears no influence on the existing offence. Mens rea, the mental component of an offence, discards motives which cannot be its component. Motives may come into play later, as an excuse (insanity for example) or justification. This is why the Asperger's syndrome argument becomes important as a ground for an excuse (constraint? barely insanity in today's understanding of the defence)
  2. Second, the procedural aspect of the case. 95% of criminal cases end up in a plea; plea bargaining is supposed to be a transaction between two parties and a minimum of fairness is supposed to exist, rules of the Supreme Court. But the conception of fairness is relative, especially in the eyes of Europeans: American fairness in relation to plea bargaining is not often perceived, rightly or wrongly, as fairness in the sense of ENglish law or European Human Rights. Pressures are great to accept the plea and not to do so is taking a huge risk.
  3. It is unclear what has been the attitude of the authorities. Pressure was claimed to have been exercised. Mistatements were supposedly made about the extent of the hack and its threat...

Overall, let's hope one thing: that Mr McKinnon's misapprehensions of his original actions does not cost him more than it is necessary. He should not be sanctioned for the symbol that some may want to see of him in the fight against cybercrime; he should be sanctioned for his actions only, not for political or policies reasons. He hacked into the computers; this is an offence. If hacking into governmental networks is an aggravating circomstance, fine; it is not, then he should be left alone.

"US: tackling cyber-crime" (22 August 2008),1000000189,39475039,00.htm (28 August 2008) (29 August 2008)

Earlier, "Nasa hacker to fight US extradition on Monday" (, 13 June 2008)

Crime in virtual world

Back from holidays, late on posting, but could not resist this one: according to McAfee, one of the multiple anti-virus companies, illegal behaviours are now numerous. Viruses, scams, phishing etc... all flourish and it is not a virtual behaviour. The financial consequences are real because virtual currency can be converted into "real" currency. Maybe it should be time to stop talking of virtual and real, and use concepts like "online"/"offline" currencies, both being real in their existence, and not always immediately tangible.,1000000189,39466789,00.htm

Monday, 21 July 2008

Fraud & social networking

Nor surprisingly, people still fall for Nigerian Scams, not aware that the new forms they take, using social netwoking tools, do not conceal the fact they remain scams. "Nigerian 419 Advance Fee Scammers Move To... LinkedIn?" (4 June 2008)

whether fake profiles on facebook are illegal depends on the offences looked at. Defamation/libel could be constituted providing the contents fit the description of libel and are not merely a joke. they could also be an instrument to fraud if they help attracting potential victims to depart with money "Is A Fake Facebook Profile Illegal?" (5th June 2008)

Saturday, 19 July 2008

Recurring behaviours: fraud?

An interesting case for a lawyer.. Does taking a few pennies (legally each time) constitute fraud? The answer is yes if there is a scheme to defraud. This is a typical case of an offence by habit: the isolated behaviour is not in itself illegal (it can be, like practising medecine illegally, but the offence often is punishable only after the behaviour has been repeated twice); its repetition makes it illegal because a pattern emerges and an intention to behave illegally appears. In this, case, to use the possibility to take legally one penny numerous time to obtain money (plus under false identities) clearly is fraud. "Is It Fraud If You Collect One Penny Legally Over And Over Again?" (28 May 2008)

Web2& Social networking: helping police?

OK, I can't find the post about it; so here we are. "City Council Tells 'Dumbest Criminal' To Stop Posting So Much Evidence To YouTube" - Leeds city council seems to be also dumb? (22 May 2008)

But a more direct move from a social networking site is not funny at all: people have been banned because of their age (over 36) for fear of porn and sex abuse. Apart from the ridicule of the situation (how on earth all over 36 can be suspected?), it is a pretty dangerous move: it's called private justice for fear of prosecution. "Social Networking Site Bans Anyone Over Age 36 To (Sorta) Deal With Sex Offender Law" (23 May 2008)

Hate crime and terrorism

The new trend, at least in the US, is to tackle hate crime via terrorism, by redifining some discourses as terrorist, instead of hate. The assimilation is dangerous for what is terrorism one day can become legal the next, and what is labelled terrorism does not necessarily promote hatred although it often does so. "Senator Lieberman Tries Hunting Down Terrorist Videos On YouTube" (20 May 2008)

Tuesday, 15 July 2008

Fraud: new trend or beyond credit card data

See "Forget Credit Cards, Scammers Now Want Your VoIP Accounts?" (15 May 2008)

although the old way remains profitable "Stark warning as UK faces cybercrime boom",1000000189,39431415,00.htm?r=1 (9 june 2008)

Investigation and security

Not sure I agree entirely with the comments below. That police forces have USB keys to enter Microsof products' security features does not necessarily mean that criminals will jump on the loopholes. To take an analogy, for police officers to wiretap never meant that criminals had eavedropped more... A shield can always become a sword in the wrong hands, but it does not mean it should not exist. (29 April 2008)

Cybercrime and the EU

The COuncil of Europe created the Convention of Cybercrime. Time for the EU, despite the drawback about the treaty of Lisbon, to look at cybercrime a bit more seriously than it has done so up to now.
A study is expected: (2 May 2008)

and the Commission recently took a Framework Decision about cyber attacks in order to clarify legal issues to facilitate responses to crime (14 July 2008)

Sunday, 13 July 2008

Cyber-Investigations and human rights

To monitor the internet to detect (and deter?) crime seems a good idea at first sight. Yet objections are many:

  • practical objection: is it realistic to consider being able to control the internet? It's like wanting to monitor the mail correspondance of users throughout the world. Can we imagine the FBI or Europol controlling data held by post offices? Inachievable and therefore a pretence. I don't see how the physical world of letters could be much different from the cyberworld.
  • second practical objection: how on earth can you succesfully detect crime when faced with a mass of information? the old fashioned way of doing detective work (on the web understandibly) is a much more efficient than trying to cast a net so vast it would take centuries to find the problematic fish.
  • theoritical objection: again, parallels with the so-called physical world enlighten thoughts. Data "held" by post offices are private even when their contents are terrorist or criminal; why should data on the web not considered as private and thus submitted to the same regulations as for obtaining private correspondance? Where are the human rights?

And yet the FBI seriously considers asking the ISPs retention of data (23rd April 2008)

as well as Russia's authorities who would even go further by blocking traffic like China does (24th April 2008)

Similar problem with the 9th U.S. Circuit Court of Appeals (so federal law) agreed to let searches of laptop with no specific purposes that looking in the hard drive. Why should we set up conditions for the search of a house, but not the search of a computer when nowadays the computer is like a portable home with sometimes all the documents one needs? Where are the human rights of the accused here? Gone with the wind of fear of crime...

"Is This The Best Homeland Security Can Do In Defending Laptop Searches At The Border?" (TechDirt, 10 July 2008) (23rd April 2008) with an update for the Electronic Frontier Foundation asks for Congress to intervene (1 May 2008)

Social networking, privacy and investigations

For once, I can stop criticising social networking. Manchester Police force uses Facebook in an innovative way, to promote communication and gather information about crime;
I wonder how effective it is and if privacy, which is the biggest problem on social networking, can be maintained. I would be curious to see the results of any study made on this matter. (21st April 2008)

As an illustration of privacy issues, see this acknowledgment by Facebook that spammers' attacks increased, notably because the users' contact details such as e-mail adresses are available even if the users have not opted for such "transparency". "Facebook admits to increased attacks by spammers",1000000189,39397448,00.htm (22 April 2008)

And this is without counting on the fact that users often do not realise Facebook is about publicity not keeping details private. See this story about a US military who published photographs of his base!! (23rd April 2008) or those Oxford students the University disciplined after scrolling Facebook postings (6 May 2008)

So it's not surprising that the University of Wales launches academic studies of the social networking phenomenon in relation to cyber security (9 May 2008)

Yet the reaction from N-Y to punish those incriminating themselves on YouTube (I agree, it's not social networking in the proper sense- but its audience makes it similar to social networking) is quite surprising . How can such crime deter people to put videos of illegal activities? What is the purpose of such potential legislation? "New York Wants To Punish Criminals For Incriminating Selves On YouTube" (13 May 2008)

Monday, 23 June 2008

Botnets - DDOS

on the phenomenon of botnets, describing its key feature (the difficulty to track down who did what and with or without a criminal intention), see FBI cyber division's sparse comments (16 April 2008)

Cyberterrorism - Definition

An interesting comment about cyberterrorism by the Estonian defense ministry official Christian-Marc Liflander. For him, the last year attack on Estonia belongs to the realm of cyberterrorism; but as pointed out by Stephen Cummings, director of the British government's Centre for the Protection of National Infrastructure, this is far from certain. I would agree: not sure the evidence points out towards terrorism; to threaten governmental institutions does not by itself constitute terrorism - there must be an additional element, that of inspiring terror to the civil population. Although attacking official institutions is often linked to this purpose, the two can be separated. Finally, Mr Liflander partly contradicts himself as he said that little evidence can be gathered about where the attacks came from; so if no evidence of who did it, how can there be evidence of a purpose to terrorise? (16 April 2008)

compare with the FBI assertion that the internet is used by terrorists groups to communicate, which seems to suggest that it is rarely used to attack institutions: (16 April 2008)

Related to terrorism is the question of national security. The US, or at least some US MPs, seem to have a broad vision of security and include governmental websites. Timothee Lee, from Techdirt, disagrees on the basis that those websites are not linked with the military's protocols on the net. Well, I would argue that it depends of what those websites are supposed to do. If they are the main portal to a wide range of services less and less available in the "physical" world, they may be considered as primary and integrated part of the life of a nation. The building of a city hall or city council where Government offers a range of services could be classified as national security; why not the websites? Maybe the question is linked with what we mean by national security: military or beyond?
Keeping Up Isn't A National Security Issue (21 May 2008)

Tuesday, 15 April 2008

Tangible/intangible? digital goods' nature at stake

Given that the debate in criminal law always turns towards the tangible/intangible nature of what is stolen, deceived..., this proposal from a Californian politician is quite interesting, although at first sight it does not concern criminal law, but simply tax law.

"California Lawmaker Wants To Change Law To Tax iTunes; Pretending Infinite Goods Are Tangible" (9 April 2008)

Fraud and crime - statistics

As noted in David Wall's new book on Cybercrime - The transformation of crime in the information age -, statistics about e-crime are scarce; so it is interesting to have those of the joint research of the FBI and the NWCCC, in the 2007 Internet Crime Report. Fraud, not surprisingly, is the trendy crime (= big money for small efforts to make. See : “A cyber criminal is only looking for a less than 1% return on all the e-mails he sends out, because he can still make money hand over fist,” said Hambrick, FBI -); but surprise, surprise, the UK is on top of the list as a harbour/haven for criminals.

"UK nears US in cyber-crime, ahead of Nigeria, Romania" (10 April 2008)
"UK a hotbed of cybercriminal activity" (9 April 2008),1000000189,39382596,00.htm

Will that make the Government think a bit more about establishing a specific task force? or at least give money to tackle more efficiently the problem? Or at least the police? See this article about what seems to be the US:
"Cyber crime: Police not taking it seriously" (8 April 2008)

For more statistics: "Cybercrime Losses Decline for Third Consecutive Year " (31 March 2008)

Cyberattacks - prevention by Governments

Four interesting articles about preventing cyberattacks. The first is about creating a real-scale cyberattack to see how the different targets would react and their level of vulnerability.
"International cyberattack drill tests nations' responses " (10 April 2008),1000000189,39383325,00.htm

The second is about the response to an attack, i.e. an early-warning system, a bit like for tsunamis in the pacific?
"US plans cyberattack early-warning system" (video- 10 April 2008),1000000189,39383335,00.htm

With the European COmmission (EU) urging Europe to strengthen its cyber defences "Commission eyes common cyber defences " (9 April 2008)

and finally NATO! "NATO agrees common approach to cyber defence" (4 April 2008)
"Nato creates cyber-defence command" (9 April 2008),1000000189,39382597,00.htm, with the irony of creating a centre in Estonia! (16 May 2008)

ISPs' criminal liability - YouTube and MySpace

Facts: an internet version of "happy slapping" which has nothing of happy but the name, for it is simply to beat someone up and diffuse the filming by phone or by the internet, here it was via YouTube. Can't see how one can legally argue criminal liability of YouTube: the company obviously did not know about the action before it was committed and can't in any way shape or form "aid, abet, advice..." to committing assault. Hopefully people seem to see sense.
The only liability could be if YouTube did not remove the video once informed of it...

"Video of teen beating raises questions" (11 April 2008);_ylt=Aq3pQbSMs7fYFJrAKoBqUvch2.cA

Monday, 14 April 2008

Sentencing/ preventive measures

Rare are the decisions on sentencing and preventive measures. Yet for cybercrime, knowing which sanction is most appropriate is crucial. Ban of computer use may seem obvious, but apart from the question of being feasible, lies the issue of the extent of the ban. The following US example is quite enlightening and maybe the judge could have done with a bit of common sense. Cybercrime may be different (although that is still argued) but it does not mean it should escape logical reasoning. In an alleged $90000 (about £45 000) in tax fraud in New-York, a woman was banned from using computers. A bit too broad a preventive measure; it's like banning somebody to travel around the world for having trespassed in a park... (11 April 2008)

and the NY Times (10 April 2008)

ISPs as enforcers of the law

Nothing new really, but more obvious now. Section 230 (c)(2) CDA (the other part of section 230 is the infamous "child porn provision") allows for ISPs to filter contentious contents. Spam being illegal, ISPs are allowed to filter content, i.e. here e-mails and block the account holder. Law enforced by private companies which are probably quite happy about it because spam is a hindrance to their services. Decision of 10 April 2008 (Northern District Court of Illinois)
the PDF version (and full decision) is available on

From "Court Tells Spammer That It's Not Illegal For An ISP To Filter Its Emails" (11 April 2008)

Friday, 4 April 2008

Sexual assault and ISPs' liability

Would be funny if not sad and serious. MySpace was sued by daughter and mum as being liable for sexual assault. Hard to see how in this case, for the daughter actually lied about her age and engage into correspondence with a much older man. This in criminal law terms translates itself in error on fact, which means that even the author of the assault may not be considered as having mens rea to commit the actus reus.
"Mother And Daughter Still Blame MySpace For Not Protecting Her From Sexual Assault" (1 April 2008)

Since then it has been dropped "MySpace Still Not Liable For Sexual Assault Between Two MySpace Users" (19 May 2008)

Censorship and China (once more)

Again a week with China and the Olympics. Can't avoid the subject.
This one is interesting: the Olympic Committee has asked China to lift its Firewall. Put aside (momentarily) the cynism of the request, I love what the request stands for: the fact that China could well acknowledge it has a firewall, which it never did up to now (even denied it if I remember well).
Going to the request itself, well, two interpretations which actually can be found in the comments attached to the post on TechDirt: the request does not engage much more the Committee nor China, for what matters is.... making money. Better to lift the veil temporarily to get the maximum profits both for the West ... and for China! Or else the Committee would have a change of heart? well in that case, why not ask for lifting of censorship indefinitely, not simply while the games are there? Plus, is the COmmittee really serious about human rights when it has allowed games in a country not only reknown for its continuous violations of basic human rights but also for its constant refusal to improve (see Tibet as the latest example...) and make the slightest concession
"IOC: No Chinese Internet Filters During Olympics; All Other Times It's Fine" (1 April 2008)

Similar issue with iTunes (26 August2008)

ID fraud under the flashlights

It seems to be the week of ID fraud. A documentary on the BBC yesterday 3 April 2008 pointing out the work of the City of London's Economic Crime Unit and of the anti-virus firm Sophos demonstrating how easy it is to install trojans and the like on anyone computers...
The documentary should undoubtedly raise awareness about ID fraud online and how to protect oneself efficiently

One thing that always buggers me is the fact that details of the civil registry and electoral rolls are freely available (date of birth...). At a time when ID fraud is thriving and difficult to detect before it is too late, I can't understand why these personal information databases remain accessible to anyone.

Lastly, it is astonishing to realise that some do not see the threat caused by ID fraud and do not want to criminalise the use of stolen personal information! "ICO urges gov't to retain data-theft laws" (2 April 2008),1000000189,39378353,00.htm

Danger of terrorism...

The US Defense is publicly annoucing it takes cybercrime seriously whether as a direct consequence of cyberterrorism or just simple cyberattacks. Nothing new, but ironically the internet was created by the US military... who now needs to train its own service member about security issues
"US reveals plans to hit back at cyber threats " (2 April 2008),1000000189,39378374,00.htm

"Army Sets Up Phishing Scam To See How Gullible Service Members Are" (3 April 2008)

and businesses also take the threat seriously "Accenture and Sun aim to widen security scope" (2 April 2008),1000000189,39378365,00.htm

ISPs, prosecution and human rights

It seems that Yahoo! wishes to "clean up" its act: it offered $1m to study the link between the internet and international values, meaning human rights. After having contributed to giving in a chinese dissident, is Yahoo! willing to repent? The gesture could go into two different directions: a pure PR exercise destined to exorcise the bad name but with no real consequences and change of policy; or a strength to behave more responsibility and more in accordance with what the US and the West are supposed to embody, i.e. human rights. Where the wind will blow will undoubtedly depend on the quality of the research done, i.e. the methodology used and the people employed to do the work, as well as the lessons that will be learnt. There is no time frame given in the article, so we may well have to wait a while, forever? Because to declare there are "grey areas" which render doing business difficult international is an euphemism for not having the courage to stand by one's opinions and values and let greed take over. Yes fighting for freedom does not bring any penny in difficult situations, but that's the short term view is it?
"Yahoo CEO: Business overseas fraught with 'grey areas' " (4 April 2008),1000000097,39379891,00.htm

Monday, 31 March 2008

ownership - ISPs

I do not know to which extent the following article could influence cybercrime, but at least the thought is there. The title on TechDirt is intriguing: "Ownership Doesn't Always Mean Control" (21st March 2008) because common assumption is to associate ownership with complete control on what is owned. What it means for ISPs is unclear: on the one hand, they do have control; on the other hand, they don't control everything...

Wi-Fi and piggybacking

In the State of Maryland in the US, an MP proposed a Bill to criminalise piggybacking with Wi-Fi. See PDF document:

"FOR the purpose of prohibiting a person from intentionally, willfully, and without
authorization accessing, attempting to access, causing to be accessed, or
exceeding the person’s authorized access to wireless Internet service with a
certain knowledge; applying certain penalties; and generally relating to
unauthorized access to computers and related material."

Wonder if any similar proposal would be of any use? CMA 1990 section 1 cirminalised unauthorised access to computer; can the interpretation be extended to Wi-Fi (which after all requires access to computers?)

See "A Public Official Actually Shows Common Sense in Wireless 'Piggybacking' Debate" (21 March 2008)

Second life and copyrights virtual claims

Yes, it happened! A lawsuit launched, now dropped, about copyrights in Second Life. Apparently a company specialised in writing scripts for virtual sex toys and M. Leatherwood a year ago did copy the items to sell them on Second Life. The company sued him for breach of copyrights. The case (federal) was dropped after settlement with no admission of liability.
Reading the article, I was interested in the plaintiff's argument that the legal rules of the real world apply to online universe like Second Life. And the contrast to M. Leatherwood's approach to the breach: "I did it in private," he said. "I wasn't out to do a huge market thing. I was doing it for a little bit of money." In other words, breach was implicitly acknowledged; motive (=money) was at the heart of the action, like most copyrights infringment by the way; defendant did not really challenge the fact that real world rules could be transplanted to virtual worlds. Is it because money is at stake? Second Life currency being exhangeable against real dollars?
See TEchDirt 27 March 2008 refering to
26 March 2008 on SignOnSanDiego
and even the Forbes newspaper mentioned it : "Lawsuit over online sex toys settled" (26 March 2006)

Facebook and harassment claim

An odd case, which facts are not yet very clear, at least for me. It seems that M. Hurst did a search on the internet about his ex-girlfriend and was added on the list of requests to be her friend on Facebook; she denied and then complained to the police who charged him with harassment under the 1997 Harassment Act. Well, on those facts alone, it is hard to believe that the prosecution could have any chance to win the case. So it begs the question of why it all started and spent the taxpayer's money on a charge unlikely to succeed?

See "First 'Facebook harassment' defendant cleared" (27 March 2008)

and with more details, the Birmingham Post (27 March 2008)

Friday, 21 March 2008

Investigations: clicking=guilty

Please read the following article carefully. It is about US law, but the practice could be more widespread and whether UK law on interception could protect people is questionable.

The facts are the following: honeypot (= fake website or similar created by law enforcement forces like the FBI here, to attract illegal behaviours) on child porn; Mr Vosburgh clicked on a link, did not look any further on the website, and found himself arrested by the FBI. Guilty verdict returned by jury; his lawyer tries to overturn the verdict, but chances of success are small.
I have several issues with the case:
1) in itself setting up a honeypot is not "kind of sad", contrary to what is said in the McCullagh's article. Entrapment always existed, especially for serious crime which detection causes difficulties. Nothing new here

2) entrapment is however regulated, for the obvious reason that innocent people may fall in the trap without knowingly engaging into illegal behaviours. And that's where the difficulties start. To click to a porn website cannot constitute a crime in itself if mens rea, intent to go to a porn website, does not exist. Mens rea cannot be deducted from the simple action of clicking. Anybody who used the internet knows how sometimes we end up on a website we surely never intended to go, for its contents does not reflect our original search. Therefore, I found it troublesome that the FBI relied on evidence based solely on clicking. The least that we can say is that evidence gathered by entrapment is never sufficient; other corroborative evidence must be brought. According to the article, it does not seem the case. In other words, by not engaging into other investigations that could corrobate the clicking action as proof of looking at child porn, the FBI simply did not investigate the case of the alleged offender. And this is more than troublesome. The life of this person found guilty is shattered until his death: if the conviction is not overturned, he will never find employment again in academia (and he is a PhD student; think of the amount of money one has to pay to do a 3 to 4 years PhD - you have to be wealthy or borrow a lot of money), and will be systematically stigmatised for something that looks like he has never done.
Last thing, even if he was interested in child porn, that simple fact NEVER discharges the prosecution to prove beyond reasonable doubt that the person engaged in the illegal activity. If it were, we would simply live in a dictatorship, like it used to be in the USSR where one could be found guilty and send to the goulag for "unauthorised thoughts". Criminal procedure is far too serious a matter to be played with simply because we think we are morally on the right side. Reading this article on Good Friday just reminds me that whether one believes or not in Jesus Christ, the story of Good Friday is there to remind us of our "dark side", what we tend to do when we think we are right. Agree: striking the balance is not easy; but criminal procedure is about finding that balance, not denying it per se.

M. Masnick "Click This Link, Go To Jail" (20 March 2008)

D. McCullagh "FBI posts fake hyperlinks to snare child porn suspects" (20 March 2008)

Thursday, 20 March 2008

Social networking and identity theft

I though I wrote about it but can't find the post (please tell me if you do). So the issue is about a fake profile created on Facebook involving a Morrocan prince. Apparently, the person has been discovered and since then sentenced to three years imprisonment in Morroco for identity fraud. Mr Masnick, from TechDirt, disagrees on the harshness of the sentence and the principle of prosecuting the offender. He thinks the reaction is disproportionate to the crime.
I can't disagree that three years, when there is no money gain and no defamatory statements, is harsh. But on the principle of prosecuting, sorry, I wholly agree. A fake profile in a CV or a newspaper would certainly have attracted prosecution, so why not when it's on the web? The public interest defended here is that of integrity of information. In that sense, resorting to a take down notice, as suggested in the article, does not seem appropriate. Moreover, this idea of constantly using take down notices is not particularly protective of freedom of speech, for there is absolutely no impartial control on who says what; the procedure actually bypasses completely judicial proceedings and as such attracts the same criticisms as it does for defamatory statements. "Moroccan Man Pardoned For Fake Facebook Profile" (19 March 2008)

Wednesday, 19 March 2008

Investigations of files and documents

Nothing new: we all know that documents keep track of their multiple modifications. Not to difficult to find out. Hence the French Government could have been a bit more careful when releasing its first Bill reforming liability of hosting providers a few days ago. A Word document was issued and it revealed important information of who intervened... and was not said to have been officially consulted! No military secret, but still a secret: openness/transparency could have been prefered really. "De curieuses traces dans le fichier de l'avant-projet Olivennes" (14 March 2008)

Second life: Second crime?

Rare are the articles or comments about Second Life and cybercrime. Here is an article in French (yes I know, there is no translation so far), which in substance says the following:
1) although a virtual world in theory, its impact on the real world exists simply because the currency in Second Life can be exchanged againts... real dollars. Hence a lawyer (!) suing the publisher LInden Lab for loss of 8000 dollars because he was evicted when buying property (he did not comply with some rules). What I have not investigated and is unclear from the article is whether the eviction was based on virtual rules designed to prevent fraud...

2) the charity Familles de France (literally Families of France) is suing the publisher ... because the contents on Second Life give easy access to children to violence and pornography. The First Instance Tribunal rejected the claim on the basis the evidence presented was not tangible enough. But what if it becomes? What about the other violent games available on the market whether through or outside the internet?

By the way the article is an interview first published in December 2007, Michael Malka "Le droit dans «Second Life» (interview) "