Tuesday, 30 September 2008

Crime and the influence of the internet

"What Does The Internet Have To Do With The Finnish School Shooting?" (24 September 2008) ask Mr. Masnik. Well, at first sight, nothing really. But the debate is not restricted to violent crimes. It is at the center of whether to or not to criminalise hate crimes, a subject I am working on currently. I would say that the internet like any other form of communication (radio) is neither neutral. Responsible behaviours should exist; and yes, it can be used for spreading negative feelings and hatred; and yes, it can have an impact. Now, to which extent there is an impact will probably be a subject of debate for a long time, as long as there is no proper studies on it (there are studies but further research needs to be done). However, if one takes the example of radio, one cannot deny that it was at the heart of the Rwandan genocide. It is radio which was mainly used to spread hatred and callings to murder and genocide. This incitement to hatred can be criminalised. That the US chose not to is actually a very minor position in a world that chose to take the other options with often proper safeguards.

This issue is however different, I think, from the claim that ebay drives people to shoplift! "Retailers Blame eBay For Driving Good People To Shoplift" (24 September 2008)

Interception of communications

Yes, interception of communications is a criminal offence; the question is what do we require and understand as a criminal intent to intercept? The City of London Police thinks it cannot be proved about BT's use of Phorm in trials. The reasoning is unclear. I just wonder if there is not a confusion here between motivation/motives and intent. Intent to intercept is knowledge that the action taken, here the use of Phorm, will lead to the ability to know about e-mails' communications by BT customers. Whether it is to improve the customer service or not is of no relevant to the criminal intent given that this would constitute the motive not the intent.

See https://nodpi.org/2008/09/22/city-of-london-police-to-complex-to-spend-public-money/ and "UK Says Phorm Clickstream Tracking Is Okay... If Clearly Explained To Customers" (19 September 2008) - well I think it is slightly different but...

Addition: obviously BT has not been detered to reuse the technology (29 September 2008) but at least customers will be asked their consent

Investigations - luck or display of forces?

The main problem of cyberspace is always tracking done the authors of offences. Some crimes will never be solved, unless maybe their authors unveil later on their methods; some may be solved although the more time elapsed the more unlikely there are chances to find the offenders. “The 10 Most Mysterious Cyber Crimes” (26 September 2008)
See also “Cybercrime expert to educate MSU engineers on "Gen Next Terror" (23 September 2008)

Comp with “Second TJX hacker pleads guilty” (24 September 2008) (also under "Second alleged hacker pleads guilty in TJX case") and maybe the silliness of the Palin’s hacker: hacking a high profile person is more likely to create a surge of investigatory reactions and actions than hacking a business, even if no real damage was done. “Palin Hacker's IP Address Linked to Tennessee College Dorm” (22 September 2008)

Censorship and cyberspace

Back to the 18th century and before? One of the battle of the Enlightenment was to fight mandatory registration for any type of publication, so as to avoid censorship and freedom of expression to become a reality rather than a debated idea. “Has Italy Outlawed Unregistered Blogs?” (26th September 2008)

See the more serious issue of "Malaysia Jails Blogger For Two Years Without Trial"

Defamation in cyberspace - a reminder

Hardly surprising, but worth a reminder. Diffamation/libel still applies on cyberspace and more importantly, in some countries like France it is a criminal offence and does not engage civil liability. "Reminder: Defamation Still Applies To Bloggers" (29 September 2008)

Friday, 19 September 2008

Defamation, MySpace and fake profiles

Case rejected against those children who created a fake profile of their headmaster; lucky because in some countries like France defamation is a criminal matter not usually a civil law issue like in the US and UK (well criminal law does get involved but rarely).
Principal Loses Lawsuit Against Students and Parents Over Fake MySpace Page--Draker v. Schreiber (Eric Goldman - 22 august 2008)
Draker v. Schreiber, 2008 WL 3457023

But it does not mean disciplinary action cannot be taken. See "Judge Says School Can Suspend Student For Fake MySpace Page Of Principal" (19 September 2008)

A change of standard in the law? Sorry have not read yet the case, so can't comment much "UK High Court Recognizes That Defamation Standard Should Be Lowered For Online Forums" (11 August 2008) Judgment is available on the BBC website in PDF format

Cyber-attack: politics

"Georgia accuses Russia of co-ordinated cyberattack" (11 August 2008) ; a war of words?

"Georgian president suffers cyberattack" (21 July 2008)

Liability of auction sites

Following Yahoo! case: what for e-bay? "Belgian Court Agrees With US Court That eBay Not Liable For Fake Products" (13 August 2008)

Blocking access to content or removal of

Certainly if content is not illegal, there is no obligation to take it down, whether we like it or not. See "No One Is Obligated To Take Down Perfectly Legal Content You Don't Like" (3 September 2008).
However, that is not really our point. Blocking access or asking content to be removed should go before the courts or at least an impartial body/institution/authority who could hear both sides and decide if the suspicious or litigious content is really illegal. That would save us from unregulated censorship (censorship for printed publications used to be regulated - even if nobody really agreed with the principle of censorship). After all, for movies, whether it's porn or not is the decision for most countries of accreditated bodies; why should it be different on the internet? A question of unpracticability (too much requests)? no study has been made and if nobody tries, we're just then giving up on fair trial's rights. See Thailand and China "Thailand Continues To Try To Mimic China With Internet Censorship" (4 September 2008)

in that sense, the US DMCA takedown notice is more respectful of rights than simple requests: it must meet some important conditions that, if met, compel the ISPs or host to takedown the litigious copyright material. See "But What If A Takedown Notice Isn't Actually A DMCA Takedown?" (22 August 2008) and "Judge Says Copyright Holders Must Consider Fair Use Before Sending DMCA Takedowns" (21 August 2008)

Jurisdiction issues

About an India Court's ordering Google to communicate a blogger's identity and the right to do so when author and offence are committed in the US with no material elements in India...
Absurd? Mr Masnik argues that the stricker laws get to be applied. Not far of the mark if we compare with the case of privacy where the European standards of privacy have overcome the American conception of privacy.
On the other hand, should the most liberal laws get the upper hand? An interesting problem of diversity and unity familiar to the comparatist

"Indian Court Demands Google Hand Over Anonymous Blogger's Identity" (15 August 2008)

Nasa hacker - last episodes

Catching up - I was enable to keep the blog up to date - with the Nasa hacker story.
The last episode is first a protest against his extradition (3 september 2008), and the last possible appeal for Mr. McKinnon before the Hight Court. The grounds of appeal is unfitness to stand trial in the US, and thus asking the trial to take place in the UK... which means applying UK laws, not US laws, thus sentencing will be much more favourable. Home office decides

see also: http://www.crime-research.org/news/29.08.2008/3542/ (29 August 2008)
Note that none of the articles seems to give an accurate account of what the US is claimins as damages suffered...

Blocking access - China again

Everybody knows about the Great Firewall of China although officially it does not exist. Talk to take it down during the Olympics, but rumours are of course unfounded!!
"China Blocks iTunes After Olympic Athletes Download Pro-Tibetan Music" (21 August 2008)

"So About That Plan To Drop The Great Firewall For Olympics Reporters? Yeah, Forget That..." (30 July 2008)

Investigations - finding criminals and new technologies

The problem with new technologies remains identical as with the old ones: how do we ensure that police does not misuse them? Traditional way is obtaining a warrant, which often (but not always) mean going before the judge. Loopholes do not serve the public interest; first because the evidence may be discarded by the judge because obtained unfairly (on HR principles); second because the only barrier or difference between the goodies and the badies is playing or not by the rules: not to play by the rules is ultimately to abandon the very values sought to be protected.
"GPS Device Data Increasingly Being Used By Police To Determine Where You Were" (3 September 2008)
"German Authorities Raiding Homes To Find Skype Tapping Whistleblower" (18 September 2008)
or the troublesome FBI view on searches "FBI Asks Congress To Ignore The Whole 'Probable Cause' Part Of The 4th Amendment" (22 August 2008) and "DHS: Laptop Border Searches Are Bad... Except When We Do It" (17 September 2008)and our previous posthttp://cybercrimeatessex.blogspot.com/2008/07/cyber-investigations-and-human-rights.html (13 July 2008)

Thursday, 18 September 2008

Laptop searches in the US

"DHS: Laptop Border Searches Are Bad... Except When We Do It" http://www.techdirt.com/articles/20080917/1048522292.shtml (17 September 2008)

Hopefully a Bill is being introduced since then (1 October 2008), the Senators not being kin of the searches "Senators Not Thrilled About Laptop Searches At The Border" (ZDnet.uk, June 2008)

and our previous post
http://cybercrimeatessex.blogspot.com/2008/07/cyber-investigations-and-human-rights.html (13 July 2008)

Cybercrime sanctions = disciplinary action

an other facet of cybercrime, disciplinary action for what could constitute criminal offense
http://www.crime-research.org/news/10.09.2008/3565/ (10 sept 2008) "Carleton collars hacker"

Theft and security measures - analogies with the past

I like this post for this is where I start my seminar on theft in cyberspace: the analogy with the security measures of the past. "Gartner: Authentication systems are 'fatally flawed' "http://resources.zdnet.co.uk/articles/0,1000001991,39486978,00.htm?r=1 (12 september 2008)
By the way, the clarity with which Gartner describes the system of authentication is chilling and I still can't understand why it's there and has not been replaced by something better.

Social networking and investigation

it speaks for itself "Facebook app herds PCs into botnet"http://news.zdnet.co.uk/security/0,1000000189,39485526,00.htm?r=1 (8 september 2008)

and refers back to a post in july 2008 http://cybercrimeatessex.blogspot.com/2008/07/social-networking-privacy-and.html

ISPs and search engines blocking accesss to content

  1. It's a behaviour not peculiar to criminal law issues, but it is certainly troublesome when it comes to criminal law. Again, ISPs take action before any judgment has been passed, before any court involvement and the like. Such blocking of content by physically removing the materials does not comply with international standards of presumption of innocence; plus it means that the ISPs act as judges, especially if nobody challenges their decision, a route that could be explained for purely financial reasons.
Obviously, in addition there is the freedom of speech issue.

"Will YouTube Ban Videos Of Putting Your Head In The Sand Next?" http://www.techdirt.com/articles/20080917/1401402295.shtml (17 septembre 2008)

"Thousands Of Anti-Scientology Videos Taken Down From YouTube Via DMCA Takedowns" (8 september 2008) http://www.techdirt.com/articles/20080908/0221022195.shtml

"Google Taking Down Private Videos For Copyright Infringement?" http://www.techdirt.com/articles/20080904/0301492164.shtml (8 September 2008)

  1. The dangers underlined above appear in the following case. A grandfather posting on windows live the images of his family, with no possible access by outsiders, was ordered to withdraw some photographs within 48 hours or the site would be shut down. Having no clue of what the problem was, he went to see which pictures were so problematic and it was his grandson taking the bath with his dad, so obviously child naked with adult (male - because if female, I am pretty sure the host would not have raised an eyebrow). Had the case been refered to the court, the ISP/host would have lost: impossibility to prove the mens rea of putting child porn images (the family context with restricted access to family members whose identity can be easily verified); impossibility for the pictures to be found constituting child porn given that the adult was not engaging in any indecent act.
  2. and at the end, I think this is an infringement on privacy which is too great not to be noticed

Wednesday, 17 September 2008

Tracking down hackers

An interesting article from CCRC about unresolved cybercrimes. The last three are from 2008, so it may be a bit early to say the offenders have not been tracked down, although as with any type of forensics, time is of the essence. "The 10 Most Mysterious Cyber Crimes" http://www.crime-research.org/news/26.09.2008/3597/ (27 September 2008)
Overall, the article highlights the main difficulty of cybercrime: tracking down the authors.
Comp. with "Cybercrime expert to educate MSU engineers on "Gen Next Terror" "(23 September 2008)

See in comparison "Second TJX hacker pleads guilty" (24 Septembre 2008) and the track for Palin's hacker which seems quite disproportionate in comparison with more damaging cybercrimes that just this one, "FBI Closing In On Palin Hacker " (22 September 2008)
"FBI on the trail of hackers after Palin's emails made public" (The Guardian, 19 September 2008)

and for statistics by DOJ (US) in september 2008

Hackers and their skills for policing purposes

A recurrent theme, this time in New Zealand,
"New Zealand Hacker Released As Police, Judge, Prosecutors All Praise His Mad Hacking Skillz"(16 July 2008)
as the charge was dropped "NZ teenage hacker charges dropped " (BBC, 16 July 2008)

see also my post of 14 March 2008