Tuesday, 8 December 2009

Surveillance

"Rather Than Blaming Twitter, NY Police Using It To Track Gang Activity" (TechDirt, 01 December 2009)

Virtual worlds and theft

Apparently, somebody has been arrested for theft for hacking into accounts, use avatars and steal the virtual possessions. "Real-world arrest for man who stole RuneScape virtual characters" (Times, 30 November 2009)
For disapproval, "If You Gain Unauthorized Access To A Character In A Virtual World, Is It Theft?" (TechDirt, 01 December 2009)
Contra: "Is virtual boom our industrial revolution?" (TheGuardian, 10 September 2009)
http://www.guardian.co.uk/technology/2009/sep/09/victor-keegan-virtual-world-revolution

Two controversial decisions

How on earth is it possible? That is my first immediate reaction. Compliance with rith to privacy dictates that private people cannot obtain access to what police forces can obtain... "Police right to hand over seized hardware, says judge" (ZDnet.co.uk, 17 November 2009)

And for encryption issues, "UK Man Jailed For Refusing To Decrypt His Files" (TechDirt, 02 December 2009)

Towards an international protection for privacy

The CNIL (French quango to protect freedom of information and liberties) website reports of a conference to elaborate/create international standards that would overcome the patchy protection offered by national legislations to internet users. The article is in English, and is also available in French
"Privacy Policy: a first step towards international standards" (CNIL, 10 November 2009)

Different issues on fraud and malware and a few arrests/suspicions

Well, I would have thought they were an obvious target? "Online bank fraud targeting corporate accounts" (ZDnet.co.uk, 04 November 2009)

"Facebook denies mass hijack was down to flaw" (ZDnet.co.uk, 11 November 2009) but a few weeks later, decides to change its approach to security as company policy! "Facebook forms safety advisory board" (07 December 2009)

I think here Google is over optimistic. Actually data security and privacy is the very reason why I choose not to use the different services available, despite the fact that it would have made my life much easier. "Google: Data is more secure in the cloud" (ZDnet.co.uk, 03 November 2009)

"UK police make Zeus Trojan arrests" (ZDnet. co.uk, 19 November 2009)
"Former YouSendIt chief accused of DoS attack" (ZDnet.co.uk, 02 November 2009)

Surveillance

"US gov't agencies sued over Facebook surveillance" (ZDnet.co.uk, 02 December 2009) Different watchdogs decided to ask the US federal government for their guidelines in how they use social networks to monitor citizens' behaviours.

A similar policy would not be amiss in the UK given the new UK cybersecurity Centre and the complete inadequacy of the RIPA to protect citizens' privacy from interference by whichever government agencies "Government curbs councils' Ripa powers" (ZDnet.co.uk, 04 November 2009)

"UK cybersecurity centre starting operations in March" (ZDnet.co.uk, 13 November 2009)

and the more general view of Thomas Berners-Lee "Web under threat from 'snooping' authorities" (Euractiv, 04 December 2010)

Nasa Hacker....

FYI, "MPs urge Nasa hacker clemency" (ZDnet.co.uk, 12 November 2009)

because "Home secretary considers Nasa hacker plea" (ZDnet.co.uk, 11 November 2009)

"McKinnon case puts IT ethics in the dock" (ZDnet.co.uk, 05 October 2009)

The end of the road...

"'Godfather of Spam' sentenced to four years" (ZDnet.co.uk, 25 November 2009) and £ 150,000 to forfeit, if Alan Ralsky has them....

Smartphones and malwares

Not a surprise that smartphones start to be the target of viruses and other malwares. They are powerful computers when one think of their size.

"iPhone worm could be used to create botnets" (ZDnet.co.uk, 23 November 2009)
"Un nouveau virus s'attaque à l'iPhone" (JDN. 24 November 2009)

which in turn, means good jobs for technicians and ex-hackers/malware writers "Rickroll virus author hired by iPhone app company" (ZDnet.co.uk, 27 November 2009)

The new UK piracy Bill and the anti-piracy lobby

The new Bill works on the model of the three strikes law, with obviously no intervention of an independent body. Anybody can request the ISP to file a notice and it is the ISP that makes the decision. What about a fair trial in the UK?
Moreover, the list of 'offenders' can be requested by anybody victim of copyrights infringement. But in the past, did we not need a search warrant? i.e. a judge assessing the claim made by prosecution/victims?
For the bill itself, http://www.publications.parliament.uk/pa/ld200910/ldbills/001/10001.i-ii.html

For a preview before the Bill went to Parliament, "Mandelson puts 'three strikes' internet plan in motion" (ZDnet.co.uk, 28 October 2009)

"Digital Economy Bill gets tough on file-sharers" (ZDnet.co.uk, 20 November 2009)

"Digital Economy Bill: Industry disputes gov't claims" (ZDnet.co.uk, 20 November 2009)
"Web giants attack Digital Economy Bill" (ZDnet.co.uk, 02 December 2009)

"GCHQ supplier pans government file-sharing plans" (ZDnet.co.uk, 27 November 2009) and
"UK Politicians Pushing Back On Mandelson's Digital Economy Bill" (TechDirt, 03 December 2009) but on the contrary, "Virgin Media to monitor traffic for file-sharing" (ZDnet.co.uk, 26 November 2009)

"Yes, But Will Sergey Brin Take Peter Mandelson Out To Dinner At A Fancy Resort?" (TechDirt, 02 December 2009)

The funny side of things is that mobile industry cannot identify offenders. So guess what? do not use your home computer. Use your smartphone! "Mobile industry 'cannot identify pirates' " (ZDnet.co.uk, 24 November 2009)

To put the whole debate in perspective, read this interesting article that shows how powerful is the lobby against piracy. There is nothing about morals here, but only about economic gain, and some cynics may add, about economic greed. "European ISPs attack secret Acta copyright talks" (ZDnet.co.uk, 02 December 2009)

See also, more generally on the use of the internet for surveillance purposes but without the traditional safeguards of a warrant, the interview of Tim Berners-Lee, the "Web inventor: 'Snooping' authorities threaten Internet" (Euractiv.com, 03 December 2009)

And the EU stand against this new trend of legislation, even before the UK Bill was drafted: "European 'internet freedom' law agreed" (ZDnet.co.uk, 05 November 2009) "One promise needed for internet freedom" (ZDnet.co.uk, 05 November 2009)

Monday, 7 December 2009

Origins of copyrights -

I am just in the middle of writing an article on criminal law and virtual worlds and I am reviewing quite a bit of materials to understand the offences of theft, larceny and the related offences. That meant reviewing the concept of property. Two interesting bits came up:
  1. first, Blackstone's understanding of property was that of physical property (one author calls it physicalisation of property, Vandevelde K, "The new property of the nineteen century: the development of the modern concept of property", (1980) 29 Buffalo Law Review 325 ; most of us still use the term of tangibility) and that of exclusivity of property. Obviously, with information, the two paradigms are challenged: full intangibility with no possibility to transform it into something tangible; no exclusive control that would exclude per se the (legal) intervention of another
  2. secondly, the origins of copyrights are indeed into protecting the printing guilds. They had the right to copy; protection of the book trade. With the licensing system being abolished in 1694, the printing "firms" could not benefit from copy rights. Hence, they demanded that the authors should be granted copyrights, a request made with the hope that they, as printing press, would benefit indirectly from this right in the same way that they benefited from the original copyrights existing prior to 1694. The lobbying of Parliament resulted in the Statute of Anne 1709. Hammon G., "The legal protection of ideas", (1991) 29 Osgoode Hall Law Journal 93. I found this piece of history fascinating because most articles published (but not books!!!) do not bring a single penny to their authors, but do allow publishers to make a living out of it ... like in the good old days of the licensing system enforced at the time when printing was invented. Not that everything is bad with the new system, but, as I highlighted earlier, copyrights are not simply about the authors. The problems we face with online piracy should be seen under that light.

Thursday, 26 November 2009

Failure to act as crime?

Wonder why indeed it is considered as a crime. Criminal law rarely accepts omissions or failure to act as constituing the offence. Plus which offence?


Label Exec Arrested For Not Using Twitter To Disperse Crowd At Mall To See Singer (TechDirt, 23 november 2009)

Wednesday, 18 November 2009

Facebook again: bad and good uses

Yes, Bad People Use Facebook Too (TechDirt, 17 november 2009)

Identity, prosecution and Facebook

A strange story, the type that always makes me think of the novel The Count of Monte-Christo.
Emprisonment for a theft he has not committed, a man managed to be freed and charges dropped after his lawyer tracked down a message he sent at the precise time when the robbery happened.
Obviously, the alibi has been corroborated by witnesses; hopefully also, when one thinks of the ease it is on facebook to fake identities.

Sauvé de la prison grâce à Facebook (o1net., 13 november 2009)
Facebook As Your Alibi (TechDirt, 12 November 2009)

L'usurpation d'identité, côté juridique (Les Echos, 7 October 2009)

Hadopi 2; the piracy matter in France

As already pointed out, France enacted its legislation after the first censorship by the Constitutional council. Except that the law went back to the Council a second time (22 October 2009)... and Parliament was censored for not having explained in details what the procedure will be (incompetence negative). Hence, a third version of the statute: a future Hadopi 3.

Frankly, given the short comings of the Hadopis, one really wonders whether Parliament should not have just paused and thought a bit, rather than rushing about.



See (all in French) Marinese http://www.juriscom.net/actu/visu.php?ID=1157 (3 november 2009)
Rojinsky, http://www.juriscom.net/actu/visu.php?ID=1155 (28 October 2009)
Thoumyre being interviewed, 3 November 2009 http://www.pcinpact.com/actu/news/53927-claire-chazal-reponsabilite-diffamation-hadopi.htm
And for a longer analysis by V. Benabou, Glose de la loi favorisant la création et la protection de la creation (dite HADOPI) (Juriscom.net. 7 november 2009)

And the link towards the two Acts: http://www.service-public.fr/actualites/001268.html?xtor=EPR-140 that are on Legifrance

Obviously, the UK contemplates introducing similar legislation and does not seem to be put off neither by the peripetieas of French law, nor by the criticism the system attracted/attracts.
UK Gov't Official: Innocent People Won't Get Kicked Off The Internet; Trust Us (TechDirt, 12 November 2009)

On the international dimension of piracy, there is the Anti-Counterfeiting Trade Agreement (Rees, 9 November 2009, http://www.pcinpact.com/actu/news/54030-acta-hadopi-riposte-surveillance-internet.htm)

Thursday, 12 November 2009

Due process and Twitter

Due process....

Twitter Banning Satirical 'Fake' Versions Of Politicians? (TechDirt, 28 October 2009)

MySpace and the extent of school discipline

if the facts are accurate, I found it particularly scary. School discipline like for any discipline can only be applied for what happen within the institution. This is a clear breach of the disciplinary powers and an abuse of process.
Teens Sue School After Being Disciplined For MySpace Photos (TechDirt, 2 November 2009)

Forensics tools

Until it withdrew it, Microsoft allowed its COFFEE auditing tools to be shared, allowing whoever uses it to access Windows. It also provided it to law enforcement agencies.
According to comments, the tools are not very good and 'bad guys' use better tools. For the UK, that relates to section 3A of the revised CMA 1990.
Microsoft's COFEE Computer Forensic Tools Leaked (techDirt, 9 November 2009)

China and censorship

Quite a funny one and not about political censorship, but about a Governmental Chinese report on copyrights whose access has been blocked... by the software GOogle used to avoid malwares.
That's Rich: China Accuses Google Of Censorship (TechDirt, 28 October 2009)

Virtual worlds and money makers

well, anybody ready this blog would have guessed that the title of the post attracted me. It's about scams in virtual worlds to get people to sign/buy things they don't really need. It's a technique which builds up on what virtual worlds are made for, earning money, although the technique is in itself quite inadmissible and should be distinguished to the features offered to participants such as additional memberships etc...
But what really is interesting are the comments made after that post. I particularly liked one made by JGM on NOvember 9th, who explained, if I understood him/her well, that virtual goods are a valid business model because it is programmers selling the fruit of their labor in a very competitive market. As such, the sale of virtual goods was completely different from scam/spams which rely on illegal actions to force somebody into spending money (=fraud).

Virtual Goods, Scams, Investigative Reporting And The Media (TechDirt, 9 November 2009)

Another kind of fish?

Well, of course, lawyers are people and can be as silly as others. Although I wonder to which extend they can fall into the trap given that their training should also make them smart(er) .... or shouldn't?

Advance Fee Scams Are Based On Greed, So Their New Favorite Target? Lawyers! (Tech Dirt, 22 October 2009)

Wednesday, 11 November 2009

Twitter issues

A judge banned the use of Twitter in the courtroom; it is a form of broadcast in the sense that put all together the threads form a good picture of what happened; on the other hand, one does not need to be journalist to tweet.
Judge Says No Twittering From The Courtroom (TechDirt, 10 November 2009)


THis is rather silly and a complete misunderstanding of what Twitter as a company does. Levi Johnston's Lawyers Threaten Twitter, Despite No Legal Basis (TechDirt, 9 November 2009)

And the issue of spam also seems a bit hyped up. It Doesn't Matter How Many Twitter URLs Are Malware... Only If People Are Clicking (TechDirt, 30 October 2009)

Three strikes law in the UK?

France having enacted its legislation after the Constitutional Council's disapproval of the original draft, the UK is thinking of adopting the same law despite the EU's opposition.

Will Three Strikes Ever Really Get Implemented In The UK? (TechDirt, 30 October 2009)

As Expected, Mandelson To Introduce Plan To Kick File Sharers Off The Internet (TechDirt, 28 October 2009)

UK Law Enforcement Tells UK Gov't: Please Don't Kick File Sharers Offline (TechDirt, 27 October 2009)

France Agrees To Kick File Sharers Off The Internet Again; Lobbyists Call It 'Consumer Relief' (TechDirt, 22 October 2009)

Tuesday, 27 October 2009

Monday, 26 October 2009

Burglary outcomes

How silly can some be? to burglar and then bosts on line by contacting the victims?! Home Burglar Returns To Taunt Couple Via Facebook? (TechDirt, 17 August 2009)

ISP & co Liability

Google Not Liable For 'Defamatory' Search Result Snippets In The UK (TechDirt, 17 July 2009)

Fraud and Russia

Self-explanatory. Soca: Russian cyber gang bribed police (ZDnet.co.uk, 22 October 2009)

Virtual property or no property?

with obviously its repercussion on criminal law which is based on the notion of having property rights... Why Virtual Property Doesn't Make Sense (TechDirt, 17 August 2009)

Linden Lab Sued Over Copied Virtual Goods (TechDirt, 18 September 2009)

sex offenders and the use of social networking

Illinois Says Sex Offenders Can't Use Social Networks (TechDirt, 13 august 2009)
Well, I would not put it that way, but the point is valid in legal terms. ID theft is theft only to the extent that the information has been accessed, but it is not to be confused with the use of the information, i.e. mainly fraud.
Is It ID Theft Or Was The Bank Robbed? (TechDirt, 19 August 2009)

Is It Identity Theft Or A Bank Robbery, Part II: Couple Sues Bank Over Money Taken (TechDirt, 11 September 2009) - well the side effect of crime: civil liability for the banks, especially if they were grossly negligent. However, in criminal terms, there is rarely crime by omission.

Funny side of sentencing

I found it really funny: a spammer realising that the fine cannot be paid by his insurance!
Spammer Discovers His Insurance Policy Doesn't Cover $6 Million Spam Fines (TechDirt, 3 August 2009)

Use of Twitter in courts

Again, the issue about adapting or not juries to the 21st century, i.e. in a world where writing is predominant and oral transmission of information does not represent anymore 95% of the transmission of information
Michigan Supreme Court Issues New Stop Twittering Rule For Juries (TechDirt, 17 July 2009)

Google blocking account

Quite an extreme measure for misplaced 'post', even if ordered by a court. I am unsure we would have acted identically had post mail been used. I don't see a court order for a citizen not to receive his mail until further notice. Is it because of the ease with which one can block e-mail accounts that we resort to such extreme measures?

Google deactivates Gmail account after bank error (ZDnet.co.uk, 29 September 2009)

IT expertise for law enforcement

Police hunt down IT forensics expertise (ZDnet.co.uk, 02 october 2009) the Metropolitan police puts £32 millions aside to buy IT equipments...

And the US Governement is looking for 10000 IT experts US on hunt for 1,000 cybersecurity experts (ZDnet.co.uk, 05 October 2009)

And the new Centre for Secure Information Technologies (CSIT), has been opened at Queen's University Belfast (ZDnet.co.uk, 24 september 2009)

Diversity of access to computers/information

URL website based to distribute malware:
Trojan swipes money from your banking site (ZDNet.co.uk, 30 september 2009)

with a similar method:
Facebook closes fake profiles spreading malware (ZDnet.co.uk, 2 oct 2009)
Fake Outlook Web Access update sets malware trap (ZDnet.co.uk, 16 October 2009)

Un botnet s'attaque aux résultats de recherche des moteurs (JDN, 05 October 2009) with a botnet allowing fraud/spread of malware resulting from clicks on results from search engines, the click redirecting towards a website. See its English version, Botnet click fraud hits a high (ZDnet.co.uk, 23 October 2009)

Access/use of webmail accounts
Phishing attack hits thousands of Hotmail accounts (ZDnet.co.uk, 06 october 2009)
and a resurgence of the 419 scams! Washington Post Says Economy Is Bad... No, Good... No, Bad For Nigerian 419 Scammers (TechDirt, 10 August 2009)

Hacked web mail accounts used to send spam (ZDnet.co.uk, 09 October 2009)

Reports of crime: difficulties in the UK

Whereas France has now a unique website to report cybercrimes, the UK still struggles, with no sight of relief yet.

E-crime victims uncertain where to turn (ZDnet.co.uk, 27 August 2009)

hacking in the US

Three indicted in largest-ever US hacking prosecution (ZDnet.co.uk, 18 August 2009)

with one of them pleading guilty to ID theft

Hacker pleads guilty to ID thefts worth millions (ZDnet.co.uk, 2009)

DoS attack - Australia

Australian gov't calls on experts over DDoS attack (ZDnet.co.uk, 10 September 2009)

and Australian police probe government cyberattack (ZDnet.co.uk, 09 september 2009)

Uses of social networking

Research was done to understand where the eye is set on various pages: Facebook, YouTube, Twitter. It is the technology of eye-tracking with the movements of the eyes being captured and giving an image of where the eye goes. The study is in English by OneUpWeb (oneupweb.com) but the comments are here in French by Journal du Net -26 August 2009. In red, is where the internet user stays, in green where s/he barely has a look.
It is quite fascinating in terms of what it reveals: how people use different websites and adapt to them, how adverts could better target consumers...

For a less positive outlook on social networking, a series of reports/news:
- the EU preoccupation with Facebook as a portal to cybercrime. Facebook: A new battleground for cyber-crime (Euractiv, 27 July 2009)

- the security issues Facebook faced and that allowed for data to be 'stolen'. Warning as rogue Facebook apps steal log-in data (ZDNet.co.uk, 20 August 2009)

Twitter, Facebook and DoS: security and hactivism

Facts of 1st attack: a Georgian account in Twitter, Facebook and Google' blogger, was targeted by multiple attacks. It caused Twitter to shut down, Facebook had problems. And the suspicion is on Russia, obviously (although it remained to be proved).
Apart from the costs of it all, what is interesting is the fact that the attack against one person/entity triggered problems for everybody else using the services of Twitter, Facebook and Google. The collateral effects are damning.

Blogger targeted in Twitter, Facebook DoS (ZDnet.co.uk, 7 August 2009) and Cyberattack That Brought Down Twitter & Facebook Only Highlighted The Guy It Hoped To Silence (TechDirt, 10 August 2009)

French version: Twitter rendu indisponible par une attaque visant un internaute (JDN, 7 August 2009)


Facts of 2nd attacks:

Twitter suffers outage following fresh attack (ZDnet.co.uk, 12 August 2009)

To which extend the botnet was part of the 2 attacks, it remains to be seen: Security firms reveal botnet on Twitter (ZDnet. co.uk, 17 August 2009)

Nasa hacker: the last episode?

Obviously, Mr McKinnon lost its action before the High Court to avoid extradition Nasa hacker loses bid to avoid extradition (ZDNet.co.uk, 31 july 2009)
For an explanation on the Court's reasoning, the interview of Karen Todner on 31 July 2009 is extremely useful despite its brevity (1mns 20). The Court did not think the DPP had enough evidence to charge Mr McKinnon in the UK; and the secretary of State's decision on the basis that the Asparagus syndrome was not serious enough was also justified.
McKinnon's lawyer notes that the process has been going on for the past 7 years. How much waste of money and time will trigger a revision of the US-UK extradition treaty?


This lost suit triggered a series of appeal to compassion, although one has to note that compassion is usually a ground for sentencing...

Cameron: 'No compassion' in hacker decision (ZDnet.co.uk, 31 july 2009)

and a video from Mr. McKinnon's mother (ZDnet.co.uk 31 july 2009)


Given that the appeal against the High COurt's decision is unlikely to succeed, the last option is for the prison sentence, if to be pronounced, to be executed back in Britain rather than in the US. Political support builds for Nasa hacker (ZDnet.co.uk, 3 August 2009)
This depends on the US willingness to do so, often on the condition not to release the prisoner on other grounds than medical.

Since, some MPs thought of asking for an appointment with the US ambassador (ZDNet.co.uk, 10 September 2009)

And McKinnon filed suit, for the second time, before the European Court of Human Rights: Nasa hacker fight heads to Europe (ZDnet.co.uk, 09 October 2009)

For a more general outlook on the case in relation to IT professionals and work ethic: McKinnon case puts IT ethics in the dock (ZDnet.co.uk, 05 October 2009)

Friday, 24 July 2009

Twitter hacked

Twitter has been hacked again (previously it was Barack Obama's account). This time it seems that the hacker obtained the passwords from an employee (probably involuntarily given by the employee) allowing him/her to access many internal documents, some confidential. So probably a mixture of lack of security and lack of careful use of computer systems.

"Twitter hacké : 310 documents confidentiels volés" (JDN, 16 July 2009)

Cybercrime trends and security issues

Quite obvious: "US prosecutor: Cybercrime will follow the cloud" (ZDnet.co.uk, 13 july 2009)

More surprising: "Cisco reports rise in text-message scams" (ZDnet.co.uk, 15 July 2009)

And quite welcome: France now has its Agence nationale de la sécurité des systèmes d'information, or National Agency for security of information systems, with a budget of 90 millions euros and 120 people working and potentially 250 by 2012. Its role is to detect and prevent cyberattacks on information systems (=the net)

"La cybersécurité hissée au rang de priorité nationale" (JDN, 09 July 2009)

Spam and scam: trends confirmed

why spam continues to fill up our boxes? because some of us continue to fall for it, enough obviously to make spam a viable option.
12% of Americans do open spam messages and fall in the trap according to the Messaging Anti-Abuse Working Group (MAAWG)

Le spam séduit 12% des internautes nord-américains (JDN, 16 July 2009)

which seems in line with the following story: that the social networking firm Tagged.com spammed in order to get people to subscribe to its services. Le 3ème résau social US accusé de spammer l'Internet mondial (JDN, 10 July 2009). Obviously in breach of CAN-Spam Act and fined by the Federal Trade COmmission

Update on Mr. McKinnon's case

"Tories champion Nasa hacker in parliament" (ZDnet.co.uk, 15 July 2009): in this one, it is interesting to note that Home Secretary Johnson does not see the point of a reform or discussion of reform of the Extradition Act 2003

Nasa hacker 'more hopeful' (ZDnet.co.uk,

McKinnon judicial review application on Tuesday (ZDnet.co.uk, 13 July 2009)

Thursday, 23 July 2009

Views on regulation on the net

Axel Pawlik, managing director of the Ripe NCC, writes about regulation on the net. He considers that ISPs should not take an active role in regulation, notably in relation to piracy. THey should be treated like telecom companies which list calls and that's all.
The article is definitely not a cybercrime perspective as such: there is piracy, but I think the issue of piracy is first of all an issue about what we want with copyrights; domain names attribution is looked at and again there is no incidence in criminal law for that.
However there is an interesting parallel with telephone companies when it comes to surveillance. We all know that surveillance of contents on phone conversation requires preliminary investigation: governments are not allowed to wiretap telephone conversations just to find out about illegal contents (or let's put it that way: in democracies, they are not supposed to do random wiretapping without warrant). Why should the net be treated different? Apart from the non feasibility of spying on all contents, it's nothing different and privacy is key.

Politicians should stay out of internet policing (ZDnet.co.uk, 22 July 2009)

which is obviously not what the UK Government does as it poured 10 millions pounds on monitoring.
"Gov't boosts spending on web monitoring" (ZDnet.co.uk, 13 July 2009)

whereas in France, Mr. Alain Bravo for the Assemblee Nationale (Parliament), published his report on security and digital economy to explain six scenarios, from no control apart from big firms' to too much control... http://www.assemblee-nationale.fr/13/rap-info/i1670.asp

Update on Hadopi 2

lots of daily changes on the bill related to piracy. The amendment about e-mail surveillance has been withdrawn and the whole discussion postpones to early september. It's true the bill 'raised' 800 amendments!

Will France's Three Strikes Law Also Allow Gov't Email Surveillance? (TechDirt, 21 july 2009)

Le vote de la loi Hadopi 2 reporté au mois de septembre (JDN, 21 July 2009)

Friday, 10 July 2009

Boston Review — Evgeny Morozov: Cyber-Scare

Boston Review — Evgeny Morozov: Cyber-Scare

Does The US Government Really Need 'Wider Latitude' To Monitor Private Networks? | Techdirt

Does The US Government Really Need 'Wider Latitude' To Monitor Private Networks? | Techdirt

(9 July 2009)


Surprising that Prof Goldsmith would accept more monitoring of the net by Government, because education and information sharing are not proven methods to secure the internet.

Update on Hadopi 2 (Senate)

Juriscom.net - droit des technologies de l'information
Sandrine Rouja, Une deuxième loi "création et internet" pour juillet, versant pénal (25 June 2009)

Le Sénat adopte le projet de loi HADOPI 2
(Juriscom. 9 July 2009)
for the details (in French) on the French Senate website: http://www.senat.fr/dossierleg/pjl08-498.html

The bill has now been approved by Senate. Two main measures: one against the person pirating with the already existing 3 years prison and 300.000 euros fine, but with the additional sentence of forbidden access to the internet; the second measure is against the person who would not have secured her/his connexion once warned that his/her IP address was used for pirating, under the basis of "characterised negligence". The latter offence would be a misdemeanour.
The procedure remains that of the "ordonnance penale" thus an expeditive procedure used for mass offences (contentieux de masse) like driving offences. On that see Masnik's view from the US:

New French Three Strikes Law: Judges Will Get Five Minutes To Rule


On the general debate on intellectual property and whether the rules should be changed, a.k.a. created products should be available for free, Pierre-Yves Gautier, French Professor at Paris-Assas, was interviewed on 1st July 2009 in the (left-wing) newspaper Liberation. He notes the sociological phenomenom of illegal downloading and criticises the idea that intellectual property is not equivalent to property or is a sub-class of property not worthy of protection, and that their owners/inventors should beg to make a living out of it.

La propriété intellectuelle, un sous-droit (1st July 2009)


I feel it is a very simplified view of the matter, given that the people really opposing piracy are mostly linked with Hollywood and that artists like the Monthy Pythons chose a different route. For my own work, as an academic, I don't like the fact that my articles are not freely available once I published them. Frankly the publisher nowadays does not do much: I am the one typing the article, reviewing all references and proof-reading at least twice (publisher only once). The peer-review is done free of charge for the publisher who rarely pays the reviewers. And the cost of printing is becoming inexistent as most journals are available online or only online. yes there is all the coordination stuff; by experience, I know how time-consuming it can be. But worst of all if the argument of IP is that creators should get their share of the money, well: I am not paid a single bit of a penny to publish. Arguably, as an academic I am paid by the University which employs me, but I am certainly not paid per article, and publishing is just one out of three jobs I am supposed to fulfill. So why should my work not be freely available?

Thursday, 2 July 2009

Privacy: the cost of protecting it

Avis d’expert : Données personnelles : une dictature de la transparence sans les moyens de l’assurer ? par Patrick Deleau – Tribune Solutions (08 June 2009)

An analysis of the CNIL's 2008 report on its work to protect privacy. There seems to be a shift in liability from Government to private firms which, in French law, are responsible to protect access to private data and to ultimately destroy it. The liability is actually of a criminal nature with heavy fines, up to 1.5 millions of euros and 5 years emprisonment. Considering that most firms do not know what the law is about and do not have the capacity to comply with the legislation, this is quite scary. The CNIL also notes that it does not have the means to continue its role in the field as the audits, which would help the firms to understand what they need to do, cannot be financed.

China Tries To Ban Virtual Gold Farmers | Techdirt

China Tries To Ban Virtual Gold Farmers | Techdirt (30 June 2009)

China Government announced it was cracking on the practice. As noted in the post, hard to see why such a stance. The practice does not have an immense impact on the country's economy. Social rights of workers? hardly so. Does the Government want to control the practice in order to do it itself?

Update on Hadopi 2

Hadopi 2 jugée inconstitutionnelle, le gouvernement s'enferre - Journal du Net > e-Business (30 June 2009)

Interesting impact assessment of the new proposal conducted by the newspaper La Tribune. If 50 000 cases per year are to be treated, 109 posts would have to be created of which 26 for judges. In 80% of cases, the judge will use the abbreviated procedure of "ordonnance penale". The remainder will go to the equivalent of the Crown Court (Tribunal correctionnel)

Thieves 'using Google Earth to steal koi carp' - Telegraph

Thieves 'using Google Earth to steal koi carp' - Telegraph (28 June 2009)

It is not an accusation against Google, just an acknowledgment of the powerful tool that is Google Earth. In other words, thieves of rare fishes are smart enough to look at gardens from the sky to detect ponds and unusual features indicating potential rare catches.

Update on China's filtering software

China puts brakes on internet-filter rollout - ZDNet.co.uk (01 July 2009)

After the uproar when people learnt that China ordered computers made in the US to incorporate a filtering software, there seems to be a back up. Obviously, the Minister of Industry and Information Technology refused to acknowledge attempts to curtail free speech. As in the West, the official line is that filtering is necessary because of child porn. But I wonder what it really means? Will they do it next time without bothering to say anything, 'hidding' the software in the hard drive?

PC makers lobby, but prepare for China censorware (ZDnet.co.uk 29 June 2009)

See also in French:

Logiciel de filtrage Web : la Chine fait marche arrière (JDN, 1 July 2009)


I don't think the EU Chamber of commerce's opinion had any influence, although one never knows how much concerns about money may have weighted in the balance.

EU Chamber urges China to rethink internet filter (ZDnet.co.uk, 30 June 2009)






Friday, 26 June 2009

Security and cloud computing

Academics warn recently about the dangers of cloud computing, where softwares and data are stored in online companies' servers and accessible from the internet. E.g.: mobileme for Apple, Dropbox, etc... It's strange because it is one of the reasons why I have still not used those services, although I have to admit I am tempted sometimes for the sheer ease of accessing data anywhwere as long as I have a connection.

Cloud computing et confidentialité des e-mails (Euractiv, 17 June 2009)

From 30 April 2009, but valuable. It is about the UK Internet Watch Foundation, that self-regulatory body (yet using taxpayer's money), filtering the internet. We had already questioned the transparency of the filtering. The IWF own report does not reassure much about the utility of its role, not about the criteria it uses to do its job.

Child Porn Blacklist Group Claims Its Approach Is Working, But There Are Lots Of Questions(TechDirt, 30 April 2009)


See previous post http://cybercrimeatessex.blogspot.com/2009/02/transparency-in-cybercrime.html

ISPs and illegal contents in China

Not made to reassure about ISPs' behaviours towards China's regulations. It shows they ere on the side of caution, as usual. The only thing unusual is the Chinese Court's decision which was to condemn the ISP for not demonstrating that the content was illegal.
The information originates from the Financial Times with its correspondent.

Surprise: Beijing Court Sides With Victim Of Internet Censorship (TechDirt, 27 May 2009)


Victim of Beijing internet censorship wins landmark court ruling (FT, 26 May 2009)

Fraud and insider access to confidential data

The security/sofware company Cyber ARk released a report or survey on administrators' behaviours in firms. 35% of them use data they come accross because of their job or research that data in illegal ways. This is quite scary and shows how vulnerable companies can be.

http://www.cyber-ark.com/news-events/pr_20090610.asp

and a French summary of the report on JDN 17 June 2009

Un tiers des administrateurs informatiques tentés par le vol de données

Swedish piracy case and judge's impartiality

Justice must be seen as well as be done. A traditional ECHR principle stemming out of a English common law culture of impartiality which Sweden may well have forgotten in this case. A real shame when one thinks of the controversy around the justifications of piracy.

Swedish Appeals Court Denies Pirate Bay Retrial -- Says No Bias By Judge(TechDirt, 25 June 2009)

Hadopi: the new bill establishing sanctions and procedures to be followed

The tone of the new bill (projet de loi), not yet discussed by Parliament, is much harsher than the previous version struck down by the Constitutional Council.
No access to internet for a maximum of a year; any attempt to reinstate the connexion would attract up to 2 years imprisonment and 30 000 euros fine (about 21 000 pounds). I find it fascinating that at a time where copyrights regulations, hence piracy, are strongly criticised in their very existence, the Government chose to take a stand harsher than what happened sometimes when somebody's life and well being is at stake. In other words, money linked with copyrights has more value than the protection of the person, say on social networks. This discrepancy in priorities is typical of the regulatory approach to the internet (think of the US where striking down the legislation on child porn in the name of free speech meant property is better protected than the child's person/body abused by adults), but I can't get over it, and hope I actually won't get over it.
Moreover the procedure used will not involve a contradictory debate but will be one of those simplified ordonnance type of procedure, which when one thinks that freedom of communication is at stake here (including jobs because today one cannot work without internet), is pretty troubling.

Un texte plus répressif pour sanctionner le piratage (JDN 25 June 2009)

Report on privacy in social networking

The national privacy watchdogs (often administrative authorities) produced a report on privacy and social networking. They are particularly concerned about the level of disclosure and the lack of prior consent of all parties involved, whether what is disclosed are pictures, details of life in writing or videos. They recommend that whoever posts information, notably pictures, obtains prior consent of people involved or face exclusion from the social network.
Given that the basis of those networks is to share information, often without consent, the recommendation would be a blow to those technologies. I personally think it is not the way forward; rather, we should differentiate between those participating in the network and those not participating. Those in, by the fact of subscribing, should have a opt-out; those not in should have an opt-in.
More sensible is the recommendation that social networks warn clearly and extensively at the level of disclosure faced by their users and how that information could be used against them or their family and friends.

See the summary on Euractiv
http://www.euractiv.com/fr/societe-information/vie-prive-rseaux-sociaux-online-loupe-ue/article-183506

For the report itself, Article 29 Data Protection Working Party

It is worth comparing with the 2007 report from ENISA, the rather silent EU agency on cyber issues, Enisa Position Paper EU agency for network and information security suggests updating legislation to face new social networking-related risksPdf external (25 October 2007)

Thursday, 25 June 2009

US, EU collaboration - cybercrime

"US Officials Finally Going After Online Organized Criminals In Other Countries" (TechDirt, 10 June 2009) - I would not be as severe as the post's author but I have to say the US tend not to bother about the rest of the world, unless we are poor G. McKinnon

Hence the importance of the Agreement on Mutual Legal assistance http://www.statewatch.org/news/2009/may/uk-eu-usa-extradition-mutual-assistance.pdf

data retention - analysis of policies

The German Working group on data retention produced the following report:

Position on the processing of traffic data for “security purposes” (21 March 2009) on the statewatch website

Europol's improvement

COUNCIL DECISION of 6 April 2009 establishing the European Police Office (Europol) - the decision is available at http://www.statewatch.org/news/2009/may/europol.pdf

beaware: Europol exists since 1992

Best protection: technical vs legal

Nothing protects better against crime than testing one's vulnerabilities and strengths. A non legal response understood by Governments:

UK launches dedicated cyberattack agency (ZDnet.co.uk, 25 June 2009)

Pentagon moves to protect military networks (ZDnet.co.uk, 24 June 2009)

Hadopi, right to access a court of first instance and piracy policy

Before it was even adopted by Parliament, the French bill that promoted the three strikes policy in its attempt to fight piracy was doomed.

The EU Parliament condemned it (See TechDirt, 6 May 2009) EU Says No To Three Strikes On Accusation Only; Requires Court Order

and even the UK TalkTalk ISP (TechDirt, June 9, 2009) director considered it was silly to forbid, "pirats will always win" UK ISP Boss: 'The Pirates Will Always Win'

Without surprise, the bill, passed by an empty Assembly, was declared unconstitutional by the Constitutional Council and thus in effect can only become a Statute if the unconstitutional provisions are withdrawn.


"French Constitutional Council Guts 'Three Strikes' As Unconstitutional" (TechDirt, 10 June 2009)

Legally, the decision is particularly enlightening when it comes to the grounds of unconstitutionality. The Council found several flaws, all in line with what I have been writing about in this blog:

- violation of freedom of speech and communication because the sanction was not decided by a court, but by an administrative agency; I keep saying that a court/ the judiciary has to decide on withdrawing illegal content as much as who committed any other illegal behaviour
  • "16. Considérant que les pouvoirs de sanction institués par les dispositions critiquées habilitent la commission de protection des droits, qui n'est pas une juridiction, à restreindre ou à empêcher l'accès à internet de titulaires d'abonnement ainsi que des personnes qu'ils en font bénéficier ; que la compétence reconnue à cette autorité administrative n'est pas limitée à une catégorie particulière de personnes mais s'étend à la totalité de la population ; que ses pouvoirs peuvent conduire à restreindre l'exercice, par toute personne, de son droit de s'exprimer et de communiquer librement, notamment depuis son domicile ; que, dans ces conditions, eu égard à la nature de la liberté garantie par l'article 11 de la Déclaration de 1789, le législateur ne pouvait, quelles que soient les garanties encadrant le prononcé des sanctions, confier de tels pouvoirs à une autorité administrative dans le but de protéger les droits des titulaires du droit d'auteur et de droits voisins ;"

- violation of presumption of innocence by reversing the burden of proof to the accused; it is what I always found disturbing in those cases where the RIAA in the US bring lawsuits/charges before the Court and it is most of the time for the defendant to find proof s/he did not commit the action.
  • "18. Considérant, en l'espèce, qu'il résulte des dispositions déférées que la réalisation d'un acte de contrefaçon à partir de l'adresse internet de l'abonné constitue, selon les termes du deuxième alinéa de l'article L. 331-21, " la matérialité des manquements à l'obligation définie à l'article L. 336-3 " ; que seul le titulaire du contrat d'abonnement d'accès à internet peut faire l'objet des sanctions instituées par le dispositif déféré ; que, pour s'exonérer de ces sanctions, il lui incombe, en vertu de l'article L. 331-38, de produire les éléments de nature à établir que l'atteinte portée au droit d'auteur ou aux droits voisins procède de la fraude d'un tiers ; qu'ainsi, en opérant un renversement de la charge de la preuve, l'article L. 331-38 institue, en méconnaissance des exigences résultant de l'article 9 de la Déclaration de 1789, une présomption de culpabilité à l'encontre du titulaire de l'accès à internet, pouvant conduire à prononcer contre lui des sanctions privatives ou restrictives de droit ;"
- violation of privacy if the private institutions collecting data about illegal downloading use this data for other purposes; we know by experience that it is well possible, so I wonder how the Constitutional Council thought his "reserve of interpretation" will be complied with and which mecanisms will be used to ensure compliance.
  • 27. Considérant que la lutte contre les pratiques de contrefaçon sur internet répond à l'objectif de sauvegarde de la propriété intellectuelle et de la création culturelle ; que, toutefois, l'autorisation donnée à des personnes privées de collecter les données permettant indirectement d'identifier les titulaires de l'accès à des services de communication au public en ligne conduit à la mise en oeuvre, par ces personnes privées, d'un traitement de données à caractère personnel relatives à des infractions ; qu'une telle autorisation ne saurait, sans porter une atteinte disproportionnée au droit au respect de la vie privée, avoir d'autres finalités que de permettre aux titulaires du droit d'auteur et de droits voisins d'exercer les recours juridictionnels dont dispose toute personne physique ou morale s'agissant des infractions dont elle a été victime ;

Censure du Conseil constitutionnel : pas d'happy end pour l'HADOPI (Juriscom. 10 June 2009)

"French court curbs internet piracy legislation" (ZDnet.co.uk, 11 June 2009)

David El Sayegh (Snep)"Couper l'accès Internet comme on envoie les contraventions établies par les radars" (JDN, 11 June 2009)

Gaming, robots and criminal law

Jacques-André Dupuy (Operantis)"Nous faisons du serious game pour les pilotes d'avion" (JDN 25 June 2009)
Use of 3D games to train pilot - positive use of technology, but one cannot be left but to wonder whether the reality of those games could have adverse effects in certain conditions and be responsible for more violence?

And what if the robots copy 'bad' behaviours and commit crimes? fiction? not so much if one believes this article about a child robot which memory increases by copying real human behaviour. "CB2 : parfait pour un prochain film d'horreur" http://www.journaldunet.com/hightech/salon-multimedia/dossier/ils-sont-la-et-nous-ressemblent-les-robots/cb2-parfait-pour-un-prochain-film-d-horreur.shtml
this made me think about the work of Michelle Hildebrand from Rotterdam/Brussels...

Spam, fraud and mobile phones

"Proud, Bragging Spammer Alan Ralsky Pleads Guilty" (TechDirt, 24 June 2009) - the US spammer was finally caught ... for fraud and spam!!

For new areas of fraud coming up soon given the huge development of mobile phone banking:
Le m-paiement atteindrait 250 milliards de dollars d'ici 2012 (JDN, 23 June 2009)

Surveillance: EU Commission & responses to the Stockholm programme

In its Communication 262/4, on 10 June 2009, to the EU Parliament and the COuncil, the EU Commission seems to favour "wider freedom in a safer environment" so that there can be "An area of freedom, security and justice serving the citizen" (p. 2, 16).
http://www.statewatch.org/news/2009/jun/eu-com-stockholm-prog.pdf

The problem is as usual: safety is done through sharing of information. But how this information is collected and used remained very much undefined... So not surprisingly, there are oppositions to the Stockholm programme
See the Statewatch's summary: http://www.statewatch.org/future-group.htm (
and also the seminar organised on 31 may 2009 http://www.statewatch.org/news/2009/may/surveillance-states-seminar.pdf

with references to the European Civil Liberties Network's own analysis http://www.ecln.org/ECLN-statement-on-Stockholm-Programme-April-2009-eng.pdf

One can only agree when one looks at the EU Council's report of the "Check the Web" project launched in 2007 and presented by Europol to the COuncil on 15 May 2009 http://www.statewatch.org/news/2009/jun/eu-europol-use-of-personal-data-in-the-check-the-web-project-9604-09.pdf
and the analysis provided by Cryptohippie on Statewatch's website, which describes well what is a police state and how blissfully unaware we can be until it is too late http://www.statewatch.org/news/2009/jun/electronic-police-state-2008.pdf

See also, Watching the computers. Function creep allows EU states to use intrusive remote computer searches to target any crime, however minor (TheGuardian, 9 June 2009)

the fact that the surveillance attitude is widespread does not help Canadian Politicians Want To Pass Internet Snooping Legislation (TechDirt, 19 June 2009)

And contrary to the wide-spread feeling, security is not a justification per se for surveillance even if obviously increased CCTV and the like can help detecting crime As Google Agrees To Delete Unblurred Street View Images In Germany, One Is Used To Solve A Crime

Finally, see EU Parliament on the subject
with its "REPORT with a proposal for a European Parliament recommendation to the Council on strengthening security and fundamental freedoms on the Internet
(2008/2160(INI))"
(25 February 2009)

and the HL view on procedural rights in EU criminal proceedings http://www.statewatch.org/news/2009/may/eu-hol-ec-procedural-rights.pdf

"pro"-piracy policy, anti-piracy policy and distorted language and

Woman Who Owned No Computer, But Got Sued By The RIAA, 'Settles' Techdirt: "Woman Who Owned No Computer, But Got Sued By The RIAA, 'Settles'" (TechDirt, 19 June 2009)

As pointed out, one cannot settle when the facts established demonstrate an impossibility to commit the action. The RIAA is manipulating the language to appear victorious when its actions embody utter failure.
More troubling, is the issue of evidence. What would have happened if this woman owned a computer but never filed share? How is the RIAA collecting its evidence? Are we not here faced with illegal surveillance?

In that sense, Norway's position to avoid general surveillance for just an issue of IP makes much more sense.
Norway Decides Privacy Is More Important Than Protecting The Entertainment Industry's Business Model (TechDirt, 24 June 2009)

Obviously, Norway's position obliges to rethink piracy and the IP rules. The analysis of Shakespeare's work and how the famous poet and writer borrowed from traditional folk tales and their various interpretations by other authors is quite enlightening about the real issue IP legislation create, especially in a world which works on the basis of networks and sharing.
"Would King Lear Ever Have Been Written If Copyright Law Existed?" (TechDirt, 23 June 2009)
"The Guardian Embraces Crowdsourcing The News In Useful Ways" (techDirt, 24 June 2009) (The Guardian put online all the data on the MPs' expenses scandal - ordinary people digged out what they found interesting and journalists just check and put the information within a broader perspective

Misuse of criminal law

Student Found Guilty Of 'Disturbing The Peace' For Sending Nasty Political Email To Professor Techdirt: "Student Found Guilty Of 'Disturbing The Peace' For Sending Nasty Political Email To Professor" (TechDirt, 18 June 2009)

How sending an e-mail can breach the peace, I am puzzled. It was not a collective e-mail, say to the whole of the University, what would have justified (maybe) the analogy of the public forum. At most, the e-mail, if repeated at least once, would fall within harassment, but certainly not breach of the peace.
Disciplinary actions might also be foreseen if the university charter of conduct was breached

Tuesday, 16 June 2009

Nasa hacker

Court hears Nasa hacker 'at risk of psychosis' (ZDnet.co.uk, 9 June 2009)

Judges delay decision in Nasa hacker case (ZDnet.co.uk, 11 June 2009)

Nasa hacker petition tops 4,000 (ZDNet.co.uk, 15 June 2009)

Filtering,

EC: New net-neutrality law is unnecessary - ZDNet.co.uk: "EC: New net-neutrality law is unnecessary"

The Conseil constitutionnel (French Constitutional Court) rejected part of the Bill nicknamed Hadopi in its provisions that were allowing an administrative authority to cut the right to access the internet. The Authority, although independent, did not provide sufficient safeguards to the internet user, given that was at stake freedom of expression. Only a court, as part of the judiciary with its own requirements of independence and impartiality, could take such decision.

The decision is interesting for several reasons:
1- in relation to the "independent administrative authority" system which France is so fond of, the decision puts a halt to a recurrent trend to transfer legal issues from the courts to non judicial authorities.
2 - it is a reminder that freedom of communication and expression are so intrinsic to the internet, that any measure curtailing it, whatever the justification offered, must be assessed by the courts. Compared with what is happening with ISPs taking down materials, the decision makes one think about the appropriateness of those take down notices procedure not validated by courts...
3 - I am not as sure as the Commission that net neutrality is not needed; resorting to courts is not the main method within Europe. Harmonisation at EU level should be certain before engaging into a dangerous path

From filtering to software piracy

How the desire to control child pornography turns into a piracy/ illegal trade issue...Apparently, upon request of China, computers shifted from the US to China must contain a 'Chinese' filtering software... which code is partly stolen from a US company!

Chinese censorware has stolen code, says US firm (ZDNet.co.uk, 15 June 2009)

update: "US asks China to drop filtered software " (ZDnet.co.uk, 25 June 2009)

Wednesday, 10 June 2009

Firewall and control on PCs

Want to know what this headline reminds of? Hitler having successfully ordered the making of radios that did not allow for foreign stations to be received by German people and without the knowledge (and even less the consent) of the population. Let's hope Chinese people will not be blinded by their Government's policy and will learn that the controls are on the machines as much as on the internet itself.

"Local Version Of China's Great Firewall Now Required On All PCs In China" (TechDirt, 8 June 2009)

Twitter; ID fraud

The story runs as follow. Account was opened in Twitter under La Russa; it was a fake account. Some claimed that under threat of lawsuit, Twitter (the company) closed the account and donated money to charity. Twitter denied the story.
Two things spring to mind. Is the fake account doing any harm, for example by impersonating a real life person so well one could not easily guess what was true and false? if so, civil law at least applies and Twitter can delete the account. However, there should be court proceedings rather than threats and bullying.
"La Russa & The AP Claims Twitter Settled Lawsuit... Twitter Sets The Record Straight
"French Law has actually taking the step of making it an offence, with a maximum of one year emprisonment, following a few MPs whose name have been 'abused'. "Loppsi : 1 an de prison pour la fraude à l'identité sur Internet" (Numerama, 27 May 2009)

Then, this affair/case seems a matter of education of people and companies on the internet.

"Lifelock Found To Be Illegally Placing Fraud Alerts On Credit Profiles" (TechDirt)

"So-Called 'Friendly Fraud' On The Rise" (TechDirt 27 May 2009)

Hacking -future of hackers

Just in case some might have some hope. It did not even occur to me that the change of Minister could modify Mr. McKinnon's situation, especially that the hearing before the Supreme Court (ex-House of Lords) is pending

"Lawyer: Home Office unlikely to U-turn on hacker " (ZDNet.co.uk, 8 June 2009)


But there may be some hope in the mid-term future: (ex) "Hacker joins US Homeland Security in advisory role" (ZDnet.co.uk, 8 June 2009)

with the following update: "Mitnick: from 'computer terrorist' to consultant " (ZDnet.co.uk, 23 June 2009)

Theft/acces to confidential data

BT researchers bought on e-bay 300 hard drives and checked their data content. The results are surprising and scary: 34% of the drives contain data easily identifiable to real persons or companies, some contained high security data such as log in of the French ambassador in Germany or information about US firms making missiles.
I can't believe people are silly enough to sell on e-bay disks that have not been reformated with complete erasure of data, especially in high-risk domains.

"Des disques durs d'occasion très bavards sur eBay" (JDN, 13 May 2009)

And it is no better when data is not even encrypted like the Royal Air Force's data!
Vols de données dans l'armée de l'air britannique (JDN, 28 May 2009)

"Hacked ATMs let criminals steal cash, PINs" (ZDnet.co.uk, 5 June 2009)

Defamation/insult online and disciplinary action

The basis for a disciplinary action is that the context is that of discipline. The offence has been committed within specific area/location (a school, an office, a prison) or in relation to a group often regulated specifically (e.g.: doctors) . The sanction aims at maintaining order within that location or within that group. I don't see how comments online outside school hours and outside the school itself can fit than notion of discipline. THen if it is not discipline, only civil law applies and in very rare cases, criminal law.

"Judges Divided On Right Of Schools To Punish Students For Mocking Principals Online" (TechDirt, 9 June 2009)

Wednesday, 3 June 2009

DDOS practice by security firms

In order to shut down those sending spam and scams (particularly phishing), security firms can identify the original server and then send e-mails to shut down the site

Sébastien Darnault (MarkMonitor)"Nous bombardons les serveurs de mails frauduleux jusqu'à les faire tomber" (JDN 2 June 2009)

Reliability of data

An interesting analysis of facts about the posting on YouTUbe of a video where a young man was attacked by a group of young women. The bloggers apparently questioned the reliability of the video and some thought it was a fake. It was confirmed later on it was real, but I like the idea (and in that sense I concur with the article's author) that people questioned what they saw and did not take it at face value.
In terms of criminal procedure it is absolutely essential.

"Info sur le web : Le syndrome inversé de la fille du RER D" (JDN, 26 May 2009)

On a similar note, the explanations about information safekeeping/safeguarding, which is linked with its reliability. "Cycle de vie des données informatiques, du berceau à la tombe !" (JDN 7 mai 2009)

Social networks: world and power

With always/often talk of Facebook, but this is not the only one on the web. Others in non English languages are actually attracting more customers, in China obviously, but also Brazil, Russia, Netherlands etc...
"Ces réseaux sociaux qui résistent à Facebook Sonico.com au Brésil" (JDN, 2 June 2009)
I wonder if their business models are better than those of Facebook. Note though that the Russian internet business man just 'bought' Facebook ...

"Judge 'Friends' Lawyer During Case, Influenced By Defendant's Website" (TechDirt 2 June 2009) or how a judge disqualified himself by contacting one party's lawyer with the new technologies during the trial!!! One wonders about the judge's sense of duty.
On collection of data/communication of data to the public:

Self-explanatory
"If You Rob A Bank, Perhaps You Shouldn't Brag About It On MySpace" (TechDirt 2 June 2009)

Not criminal as such, but interesting about the degree of non privacy (to be expected really):
"Analyzing Labor Data Via Facebook Status" (TechDirt, 2 June 2009) or how the words hired/fired on posting were used to analyse the trend in financial crisis management....

Wednesday, 27 May 2009

Privacy

Number 10 will not investigate Phorm (ZDnet.co.uk, 20 May 2009) - not as bad as the title lets it think. No investigation by the Executive because the Information COmmissioner is competent. Separation of powers...

But this is as bad as it gets: Google would look at its employees' behaviours to detect those who wish to leave the company... "Google recherche maintenant dans les cerveaux de ses employés" (JDN. 21 May 2009)

Tuesday, 19 May 2009

House of COmmons' control on Government's policy and EU

The House of COmmons' European Scrutiny Committee delivered its 8th report (may 2009) and analyse, in particular, the UK Government's implementation of EU policy on cyber attacks. Pages 19 to 21, after having summarised the EU policy, the Committee analyses the Government's responses and note the lack of clarity of the Minister's reply.

http://www.publications.parliament.uk/pa/cm200809/cmselect/cmeuleg/19-xvi/19-xvi.pdf

Distorting offences

"Guy Convicted Of Hacking For Uploading Naked Picture Of Himself" (TechDirt, 7 May 2009)

control on the internet

Facebook filters (no!) so as not to be caught in the Pirate Bay issue. Once more, this shows how a lack of reflection on providers' roles creates intolerable situations violating liberties.

"Legal Questions About Facebook's Blocking Of Links To The Pirate Bay" (TechDirt 8 May 2009)

A computer to be controlled by thoughts

The French agencies of Inserm (medical research) and Inria (technology research) presented a software which enables control of a computer by thoughts. The project called openvibe started in 2005 and requires a specific helmet to capture electrical activity of the brain. The software is free of charge!


"Contrôler un ordinateur par la pensée, est-ce possible ?" (JDN, 15 May 2009)

with more info on http://www.journaldunet.com/hightech/magazine/actualite/la-recherche-met-au-point-l-ordinateur-commande-par-la-pensee/la-recherche-met-au-point-l-ordinateur-commande-par-la-pensee.shtml?f_id_newsletter=1040

Fight against fraud

"Soca puts a clamp on cybercrime" (ZDnet.co.uk, 15 May 2009)

"The Rise Of Corporate Identity Fraud" (TechDirt, 11 May 2009)

Strike - just a note

Not about criminal law (well unless going on strike is criminal, which in some countries is) but just to notice the courage to go on strike when countries' culture and law are not in favour at all.
Baidu, the chinese Google (state owned?), is partly paralysed because of its workers' strike to obtain better pay after a 30% cut, and for some not to be forced to resign to meet increased sale targets with a lesser salary
Le Google Chinois paralysé par une grève (JDN, 18 May 2009)

Intent to incite: context and variations

Found guilty of incitement to financial panic for posting on Twitter that one should take one's money out of the corrupt banks. If facts are to be believed, this seems ignoring 1) context of the comments which is about corruption, not about the financial crisis as such, 2) incitement implies intention to do so - the context seems to motivate against such finding-, 3) Twitter is given a power on people and their lifes I wonder if it really has?

"El Efecto Streisand As Guatemala Arrests Twitterer" (TechDirt 15 May 2009)

Cyberbullying: worth criminalising?

I just thought that this post was well written and interesting for lawyers. It asked the basic questions before legislating once more: are they already some offences? do they fit the facts or can they without the definition being distorted? is it worth creating a new crime or do we respond emotionally to an issue rather than with objectivity?

"What is Cyberbullying Anyway?"(TechDirt, 11 May 2009)

The law, especially criminal law, has symbolic aspects. But in no way should it be distorted or used purely on those grounds... Justice is not simply about appearing to defend the victims. "Prosecutors Want To Give Lori Drew 3 Years In Jail For Symbolic Reasons" (TechDirt, 7 May 2009)

Data collection and use by police

Quite a bit of irony here when thinking about the debate on whether ISPs should collect data and keep it available to police. The ACPO (Association of Chief Police Officers) considers that the sheer number of CCTV data makes it unusable to the police to track suspects! What a waste of money and time of all those concern who opposed the CCTV coverage in England. As politicians do not seem to agree (fear factor?), it may well be a long time before we see less CCTV
"ACPO: Police swamped by CCTV data" (ZDnet.co.uk, 15 May 2009)

and "UK Police Learn That More Surveillance Data Doesn't Mean Better Surveillance Data" (TechDirt, 18 May 2009)

The above obviously should make us think about any type of data mass collection: "Bad Idea: UK Launches Database Of Info On Every Child" (TechDirt, 18 May 2009)

Update: "British Cops Creating Nationwide License-Plate Surveillance System" (TechDirt 22 May 2009)

Thursday, 7 May 2009

Twitter uses

Self-explanatory:

"Move Over, Craigslist: Twitter Gets Prostitution Ads" (TechDirt, 29 April 2009)

Virtual worlds - copyrights claims to be sustained?

Not directly linked to criminal law, despite the offence of piracy that could appear, the opinion of the Electronic Frontier Foundation attorney Fred von Lohmann is of interest as it questions the parallel made between real laws/worlds and virtual worlds. Applying copyrights laws to virtual worlds like Second Life creates havoc as even publishing the view of a street could infringe a user's copyright. My question is this - and so far, I have no answer-: is it the principle of applying real world law that fails, or is it copyrights law themselves that are completely inadapted to the digital age (but not non-copyrights laws) as the Pirate Bay case illustrates?

"EFF Agrees That Copyright In Second Life Is A Mess" (TechDirt, 4 May 2009)

Piracy and ISPs' attitude in Sweden

Exploiting a gap in the law, Swedish ISPs do not keep any content nor any log on their customers. A radical stand to maximise privacy against the Governments' trend (like the UK) to want to keep data.

"More Swedish ISPs Decide To Keep No Logs To Protect Users" (TechDirt, 29 April 2009)

The movement is linked with the piracy case against Pirate Bay which is also a party with a seat in the EU Parliament "Swedish Pirate Party may win EU Parliament seat" (ZDnet.co.uk, 6 May 2009). Maybe there'll be a change in policy in the future?

For the origin of piracy, a truely international crime at the time, see "A Look Back At The History Of The Word 'Pirate'" (TechDirt, 30 April 2009) who refers to a SSRN paper "The Framing of 'Piracy': Etymology, Lobbying & Policy" from K. Matthews Dames

Cyberthreats - importance of botnets or virus?

It is obviously silly to leave computers infected whatever the reasons. The regulation applied here should simply be modified. The article is however interesting for another reason: the scale of the use of internet to connect medical devices and the threat to health this can create. Apparently, nobody has quantified the risk, which is scary when one thinks of the threat to the electric grid that happened a few weeks ago. It actually made me think of Beck's argument in the Risk Society (our use of inadequate criteria to assess risks because the type and scale of risks have changed since the 19th century)
"US red tape leaves Conficker on medical devices " (ZDNet.co.uk, 5 May 2009)

The Conficker worm also reveals that the real and most dangerous threat is invisible. This is particularly stressed in the French article where it is explained that the purpose of botnets is not be noticed, to be as invisible as possible even though the damages can be enormous for the person infected or for others not related.
"Forget Conficker — focus on the real threats" (ZDnet.co.uk, 29 April 2009)
Frédéric Guy (Trend Micro)"Nous identifions 800 à 1300 nouveaux virus par heure" (JDN, 20 April 2009)
"Un botnet ciblant les ordinateurs Mac" (JDN, 17 April 2009) with the scale of the threat being minimum given the few users of Apple
"Le zapping de la sécurité (avril 2009)" (JDN, April 2009)

Concerns of privacy

An interesting story that shows the gap between the world before and with internet. Although he has a point, that what is on the internet is not necessarily private, Justice Scalia did not understand the scale of communication and availability of details on people's life. To be offended by a research done by the US law professor Joel Reidenberg is not to understand that anyone can do so and retrieve facts with ease and within a few minutes.
I did it for myself and, having always been careful, I found what I knew would be there. The only odd thing was that there is another Audrey Guinchard living in Besançon (France) with a Facebook page and confusion of identity could be made
"Supreme Court Justice Scalia Given Lesson In Internet Privacy" (TechDirt, 5 May 2009)

Most people are more aware about privacy issues though and are notably conscious that when they use the net they leave tracks easily retrievable... But also most people (60% according to the poll) do not want to sacrifice privacy to security measures, which is quite reassuring and counteracts the Governments' claim that security measures ought to be implemented at whatever costs.
"Sécurité IT : l'ingérence de l'Etat inquiète les internautes" (JDN, may 2009)

Uses of false identity - the boundaries of criminal law

Distorting criminal offences has always been a temptation when the law does not fit exactly the fact. Except that criminal law is bound by the principle of strict interpretation and reasoning by analogy should not be allowed. It is thus reassuring to see that the use of a fake identity created from "scratch" does not fit the offence of ID fraud as defined in the US. This is not surprising given the definition of the offence:

  • "knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law;"
  • Identity Theft and Assumption Deterrence Act of 1998, amending Section 1028(a) of title 18, United States Code
And yet the US prosecution managed to claim a different interpretation up to the Supreme Court. What a waste! "Supreme Court Tells Gov't It Can't Use ID Fraud Laws Against Illegal Immigrants" (TechDirt, 5 May 2009)


The use of a fake identity, again fictional rather than of a real person, let to another story, as sad and distressing as the previous albeit for different reasons. This time, the fake identity led to the recipient of the 'friendship' to commit suicide. The law is indeed powerless as so far ID fraud has been built on the use of a real identity but by another person.

"Congressional Rep Wants To Put Internet Trolls In Jail" (TechDirt, 6 May 2009)


THe two cases certainly raise issues of the adaptability of criminal law. Fraud and ID fraud are offences targeting the use of real identity with the aim for fraud to obtain money. Phishing is just an adaptation to the internet of the traditional means to commit fraud. (see "Facebook fends off two days of phishing attacks", ZDnet.co.uk, 1 May 2009)
The protection of a person's feelings with the use of this false identity was never taken into consideration. Should it with the internet? I would be reluctant to affirm so. The two cases reported here revolve around either immigration issues or the use of internet by children or vulnerable people. The latter is a matter of education: not to take at face value what is said online and understanding that anybody can invent an identity purely fictional like in games or Second Life.

Wednesday, 6 May 2009

Cybercrime policy - US, EU, France and the world

All but one in French, but I haven't finished going through my English newsletters, so should be able to complement later on with English language articles:

"International experts launch anti-cybercrime plan" (ZDnet.co.uk, 29 April 2009): not so international as it may appear as it involves primarily the US and the UK, but at least the Cyber Security Knowledge Transfer Network (KTN), a UK government-funded organisation, is supposed to "liaise[...] between agencies around the world, co-ordinated the formulation of the roadmap". A plan by N. Jones from KTN was published that argues that businesses should be more proactive and important partners in security.
"Building in… Information Security, Privacy and Assurance - A high-level roadmap" on KTN website

Viviane Reding is the European commissioner on new technologies; she suggests to create a European post/job of "internet police/policing officer" so as to coordinate European responses to cyberattacks and develop a strategy to increase cybersecurity
"Un Monsieur sécurité pour défendre l'Europe contre les cyber-attaques ?" (JDN, 27 April 2009)

This very much echoes what has already started in the US, with a change of policy under Obama new presidency, where Melissa Hathaway has already highlighted the new trends in cybersecurity the US will focus on, with notably a multi agencies and institutions cooperation "La cybercriminalité dans le collimateur de l'administration Obama" (JDN, 24 March 2009)

And for France, this interesting article decrypting the French President's promises during the election campaign and their outcomes in 2009. "Sécurité et libertés : les données personnelles en danger ?" (JDN, 5 May 2009). On security, what has been delivered so far is a Report (Livre blanc/White Book) on Defence and Security in June 2008 which highlighted the policies up to 2020 notably in terms of warfare.
In terms of right to privacy, the biometic passport has been launched despite the CNIL (a quango) opposition to it; the obligation for ISPs to block paedophilia websites, and the three strikes law on copyrights infringement. Generally, the CNIL tends to be sidelined as none of its advices has been followed by the Government.