Tuesday 15 April 2008

Tangible/intangible? digital goods' nature at stake

Given that the debate in criminal law always turns towards the tangible/intangible nature of what is stolen, deceived..., this proposal from a Californian politician is quite interesting, although at first sight it does not concern criminal law, but simply tax law.

"California Lawmaker Wants To Change Law To Tax iTunes; Pretending Infinite Goods Are Tangible" (9 April 2008) http://www.techdirt.com/articles/20080408/152311789.shtml

Fraud and crime - statistics

As noted in David Wall's new book on Cybercrime - The transformation of crime in the information age -, statistics about e-crime are scarce; so it is interesting to have those of the joint research of the FBI and the NWCCC, in the 2007 Internet Crime Report. Fraud, not surprisingly, is the trendy crime (= big money for small efforts to make. See http://www.crime-research.org/news/07.04.2008/3294/ : “A cyber criminal is only looking for a less than 1% return on all the e-mails he sends out, because he can still make money hand over fist,” said Hambrick, FBI -); but surprise, surprise, the UK is on top of the list as a harbour/haven for criminals.

"UK nears US in cyber-crime, ahead of Nigeria, Romania" (10 April 2008)
http://www.crime-research.org/news/10.04.2008/3303/
"UK a hotbed of cybercriminal activity" (9 April 2008)
http://news.zdnet.co.uk/security/0,1000000189,39382596,00.htm

Will that make the Government think a bit more about establishing a specific task force? or at least give money to tackle more efficiently the problem? Or at least the police? See this article about what seems to be the US:
"Cyber crime: Police not taking it seriously" (8 April 2008)
http://www.crime-research.org/news/08.04.2008/3299/

For more statistics: "Cybercrime Losses Decline for Third Consecutive Year " (31 March 2008) http://www.crime-research.org/news/31.03.2008/3282/

Cyberattacks - prevention by Governments

Four interesting articles about preventing cyberattacks. The first is about creating a real-scale cyberattack to see how the different targets would react and their level of vulnerability.
"International cyberattack drill tests nations' responses " (10 April 2008) http://news.zdnet.co.uk/security/0,1000000189,39383325,00.htm

The second is about the response to an attack, i.e. an early-warning system, a bit like for tsunamis in the pacific?
"US plans cyberattack early-warning system" (video- 10 April 2008) http://news.zdnet.co.uk/security/0,1000000189,39383335,00.htm

With the European COmmission (EU) urging Europe to strengthen its cyber defences "Commission eyes common cyber defences " (9 April 2008) http://www.euractiv.com/en/infosociety/commission-eyes-common-cyber-defences/article-171476

and finally NATO! "NATO agrees common approach to cyber defence" (4 April 2008) http://www.euractiv.com/en/infosociety/nato-agrees-common-approach-cyber-defence/article-171377
"Nato creates cyber-defence command" (9 April 2008)http://news.zdnet.co.uk/security/0,1000000189,39382597,00.htm, with the irony of creating a centre in Estonia! http://www.crime-research.org/news/16.05.2008/3368/ (16 May 2008)

ISPs' criminal liability - YouTube and MySpace

Facts: an internet version of "happy slapping" which has nothing of happy but the name, for it is simply to beat someone up and diffuse the filming by phone or by the internet, here it was via YouTube. Can't see how one can legally argue criminal liability of YouTube: the company obviously did not know about the action before it was committed and can't in any way shape or form "aid, abet, advice..." to committing assault. Hopefully people seem to see sense.
The only liability could be if YouTube did not remove the video once informed of it...

"Video of teen beating raises questions" (11 April 2008)
http://news.yahoo.com/s/ap/20080411/ap_on_hi_te/teen_beating_ethics;_ylt=Aq3pQbSMs7fYFJrAKoBqUvch2.cA

Monday 14 April 2008

Sentencing/ preventive measures

Rare are the decisions on sentencing and preventive measures. Yet for cybercrime, knowing which sanction is most appropriate is crucial. Ban of computer use may seem obvious, but apart from the question of being feasible, lies the issue of the extent of the ban. The following US example is quite enlightening and maybe the judge could have done with a bit of common sense. Cybercrime may be different (although that is still argued) but it does not mean it should escape logical reasoning. In an alleged $90000 (about £45 000) in tax fraud in New-York, a woman was banned from using computers. A bit too broad a preventive measure; it's like banning somebody to travel around the world for having trespassed in a park...

http://www.upi.com/NewsTrack/Top_News/2008/04/09/fraud_suspect_banned_from_computers/1256/
http://www.techdirt.com/articles/20080410/010534808.shtml (11 April 2008)

and the NY Times http://www.nytimes.com/2008/04/10/nyregion/10indict.html (10 April 2008)

ISPs as enforcers of the law

Nothing new really, but more obvious now. Section 230 (c)(2) CDA (the other part of section 230 is the infamous "child porn provision") allows for ISPs to filter contentious contents. Spam being illegal, ISPs are allowed to filter content, i.e. here e-mails and block the account holder. Law enforced by private companies which are probably quite happy about it because spam is a hindrance to their services. Decision of 10 April 2008 (Northern District Court of Illinois)
http://www.spamsuite.com.nyud.net/index.php?q=node/387
the PDF version (and full decision) is available on http://www.circleid.com/pdf/come360-counterclaim.pdf

From "Court Tells Spammer That It's Not Illegal For An ISP To Filter Its Emails" (11 April 2008) http://www.techdirt.com/articles/20080411/150256827.shtml

Friday 4 April 2008

Sexual assault and ISPs' liability

Would be funny if not sad and serious. MySpace was sued by daughter and mum as being liable for sexual assault. Hard to see how in this case, for the daughter actually lied about her age and engage into correspondence with a much older man. This in criminal law terms translates itself in error on fact, which means that even the author of the assault may not be considered as having mens rea to commit the actus reus.
"Mother And Daughter Still Blame MySpace For Not Protecting Her From Sexual Assault" (1 April 2008) http://www.techdirt.com/articles/20080331/172442708.shtml

Since then it has been dropped "MySpace Still Not Liable For Sexual Assault Between Two MySpace Users" http://www.techdirt.com/articles/20080517/1524041148.shtml (19 May 2008)

Censorship and China (once more)

Again a week with China and the Olympics. Can't avoid the subject.
This one is interesting: the Olympic Committee has asked China to lift its Firewall. Put aside (momentarily) the cynism of the request, I love what the request stands for: the fact that China could well acknowledge it has a firewall, which it never did up to now (even denied it if I remember well).
Going to the request itself, well, two interpretations which actually can be found in the comments attached to the post on TechDirt: the request does not engage much more the Committee nor China, for what matters is.... making money. Better to lift the veil temporarily to get the maximum profits both for the West ... and for China! Or else the Committee would have a change of heart? well in that case, why not ask for lifting of censorship indefinitely, not simply while the games are there? Plus, is the COmmittee really serious about human rights when it has allowed games in a country not only reknown for its continuous violations of basic human rights but also for its constant refusal to improve (see Tibet as the latest example...) and make the slightest concession
"IOC: No Chinese Internet Filters During Olympics; All Other Times It's Fine" (1 April 2008)http://www.techdirt.com/articles/20080401/105659717.shtml

Similar issue with iTunes http://www.techdirt.com/articles/20080825/2219562089.shtml (26 August2008)

ID fraud under the flashlights

It seems to be the week of ID fraud. A documentary on the BBC yesterday 3 April 2008 pointing out the work of the City of London's Economic Crime Unit and of the anti-virus firm Sophos demonstrating how easy it is to install trojans and the like on anyone computers...
The documentary should undoubtedly raise awareness about ID fraud online and how to protect oneself efficiently
http://www.bbc.co.uk/bbcone/listings/programme.shtml?day=today&service_id=4223&filename=20080403/20080403_2100_4223_10817_60

http://www.sophos.com/security/blog/2008/04/1255.html

One thing that always buggers me is the fact that details of the civil registry and electoral rolls are freely available (date of birth...). At a time when ID fraud is thriving and difficult to detect before it is too late, I can't understand why these personal information databases remain accessible to anyone.

Lastly, it is astonishing to realise that some do not see the threat caused by ID fraud and do not want to criminalise the use of stolen personal information! "ICO urges gov't to retain data-theft laws" (2 April 2008) http://news.zdnet.co.uk/security/0,1000000189,39378353,00.htm

Danger of terrorism...

The US Defense is publicly annoucing it takes cybercrime seriously whether as a direct consequence of cyberterrorism or just simple cyberattacks. Nothing new, but ironically the internet was created by the US military... who now needs to train its own service member about security issues
"US reveals plans to hit back at cyber threats " (2 April 2008) http://news.zdnet.co.uk/security/0,1000000189,39378374,00.htm

"Army Sets Up Phishing Scam To See How Gullible Service Members Are" (3 April 2008) http://www.techdirt.com/articles/20080402/194347734.shtml


and businesses also take the threat seriously "Accenture and Sun aim to widen security scope" (2 April 2008) http://news.zdnet.co.uk/security/0,1000000189,39378365,00.htm

ISPs, prosecution and human rights

It seems that Yahoo! wishes to "clean up" its act: it offered $1m to study the link between the internet and international values, meaning human rights. After having contributed to giving in a chinese dissident, is Yahoo! willing to repent? The gesture could go into two different directions: a pure PR exercise destined to exorcise the bad name but with no real consequences and change of policy; or a strength to behave more responsibility and more in accordance with what the US and the West are supposed to embody, i.e. human rights. Where the wind will blow will undoubtedly depend on the quality of the research done, i.e. the methodology used and the people employed to do the work, as well as the lessons that will be learnt. There is no time frame given in the article, so we may well have to wait a while, forever? Because to declare there are "grey areas" which render doing business difficult international is an euphemism for not having the courage to stand by one's opinions and values and let greed take over. Yes fighting for freedom does not bring any penny in difficult situations, but that's the short term view is it?
"Yahoo CEO: Business overseas fraught with 'grey areas' " (4 April 2008)
http://news.zdnet.co.uk/internet/0,1000000097,39379891,00.htm