Wednesday, 28 January 2009

Investigation - private sector investigation and human rights

The following post is not the first on the RIAA (Record Industry Association of America) investigations about piracy. Nonetheless, it highlights more than ever the problems there is in letting private associations enforcing copyrights infringement laws.
Given the amount of money available to the RIAA, how can an individual defend him/herself against their claim, especially if they have a computer but never downloaded the files? Could we argue that the coercion exercised by the RIAA is as stringent as the one a State can display through its criminal procedure? Would follow some constraints imposed on the RIAA that they currently don't have...

"RIAA Found To Have Sued Yet Another Woman Without A Computer" (TechDirt, 27 January 2009)

Sunday, 25 January 2009

Interception of communications - French view on UK policy

According to JDN (journal du net), the UK policy to intercept communications is not unique in Europe. Already, France and Germany allow so. The framework in which those "hacks" are conducted is no clearer whichever side of the Channel.

"La police anglaise s'apprête à réaliser des intrusions informatiques" (JDN, 6 January 2006) (English police ready to intrude/hack into computers)

I would argue that the practice is probably done in the open rather than secretly, although the lack of serious constraints does not give much more transparency to the persons subjected to it, whether criminal or not. And that is scary.

Contentious searches...

Laptops and now mobile phones... "Mixed Decisions Concerning Police Searches Of Your Mobile Phone On Arrest" (TechDirt 13 January 2009)

De facie illegal seizure by the FBI

Unless new facts reveal the seizure was grounded, the FBI action looked very much illegal, and because it is the US, unconstitutional (violation of 4th Amendment). The question is: why did the FBI feel threatened by ACLU and EFF to the extent of taking such an extreme measure?
"EFF And ACLU Sue FBI Over Seizure Of Activists' Computers" (TechDirt, 15 January 2009)

Analysis of cybercrime risks and trends

It's always difficult to assess risks and trends, but fraud remains a top 5 with new developments using the social networking sites
"La croissance des escroqueries" (JDN, 19 January 2009) (the increase in frauds)

And for the countries at risk: "Emerging markets at greater risk of cybercrime" (, 14 January 2009)

The difficult adaptation of police forces

It's about India, but frankly, the same article could probably be written in any country. The basic police officer has not been trained to detect and investigate cybercrimes. Nothing to be ashamed off, but something to act upon by various measures.
"Cyber crime still an enigma for cops" (reported by CCRC, 6 January 2009)

Idem for Kenya. "Police retrain officers to fight cyber " (Sunday Nation, 3 January 2009)

Otherwise, it leads to silly decisions like that of banning Wi-Fi..."Police In Mumbai Shutting Down Open WiFi" (TechDirt, 16 January 2009)

Twitter's uses and abuse!

For a description of Twitter's use among the mighty and celebrities, see the article of the Independent, on Thursday 23 January 2009, "Why Britain is suddenly all a-twitter". The Independent joined the club, and opened a twitter "profile"

Given the propensity of users to reveal personal facts, crime could not remain far away. "Twitter hack details revealed" (, 7 January 2009). The easiness of the hack seemed to be due to a lack of security measures, the login process being easy to break through.
See also, "Hacker used 'happiness' to access Twitter accounts" (CCRC, 8 January 2009). This issue of choosing passwords reminds me of Umberto Eco's novel The Pendulum of Foucault, with the main character trying to log in a (disappeared) friend's computer. At the time, internet was nearly non existent and the password "no" discovered out of exasperation would not sustained the scrutiny of a detection password software.

The good and bad sides of Facebook

Once more, Facebook can turn both ways: a helpful tool for hackers to commit fraud with a variation of the 419 scam, or for police officers to find criminals.
"New Zealand Cops Credit Facebook With Arrest" (TechDirt, 15 January 2009)
"Facebook's Lack Of Hacking Resolution System For Nigerian Scammers" (TechDirt, 22 January 2009) and the French confirmation that social networking frauds are on the increase "Des menaces plus précises sur les réseaux sociaux" (JDN, 19 January 2008) (Threats more precise on social network sites)

Offensive content: no need to filter? The (US) FCC chairman's position

He does not believe in filtering internet content because people choose what to look at rather than are bombarded with what they do not want to look at (unlike TV packages it seems).
Technically this is true. In addition, we would add that filtering the internet is nearly a lost battle unless we build firewalls like China's. And we certainly do not want to go down that route.

"Kevin Martin Opposes Regulating Internet Content?" (TechDirt, 13 January 2009)

So where does it leave us? First, there is no doubt that offensive content exists. Its definition may vary from country to country, but most do recognise that offensiveness has legal consequences. If we do not question that basis, the question is how do we imagine the legal consequences to be? Traditionally, faced with offensiveness, states have forbidden or regulated by rating. Problem with the internet is that prohibition is nearly a lost cause, and rating is difficult. Those who worked on hate crimes are worried about enclosure, rather than about distribution, i.e. enclosure of those filled with hatred within their own world; and thus they propose as a way forward dialogue.
When it comes to chatrooms, newsgroups and the like, dialogue or at least responses from non haters are easy.
When it comes to websites and distribution of materials, it's more difficult to promote dialogue because per se the technology used is not based on dialogue. On the other hand, filtering etc... is problematic and questionable. Should we then use the ISPs to put a warning, like some of the watchdogs have, instead of being cops like for copyrights issues?
"UK Government To Force ISPs To Become Copyright Cops" (TechDirt, 19 January 2009)

Child porn and teens' behaviours

Facts: teens post pictures of themselves nude or in pornography positions (at least, sexually explicit). Pennsylvania took the view of charging girls for distributing child porn, boys for receiving and thus possessing it.
"20% Of Teens Send Sexually Explicit Photos Of Themselves?" (TechDirt, 8 January 2009)
"Teens Face Child Porn Charges... For Taking Nude Photos Of Themselves" (TechDirt, 20 January 2009)

Sociologically, to be a teenager means to be interested by sex, and that's human nature (hopefully). However, what does it say of ourselves, adults, if our own children do not see the difference between sending a picture of oneself nude/sexually explicit to people who are not even their lover? What does it say of our capacity to create relationships a bit more meaningful?
Legally, the charge seems to run counter the spirit of the law. I do not believe the prosecution can protect the "children" and it will certainly not help them if they are found guilty and appear on the sex offender register.

Influence of video games on criminality

A recurrent theme that appears from time to time. Well, of course video games do not create criminality. However, to deny them any effect seems to me troublesome. Sociologically, if there are other conditions creating an absence of structure in one's life, video games, played hours on end every day, do influence one's behaviour. Maybe not to the extent of pushing someone to decide to murder, but in putting someone in such a frame of mind that anger, stress and lack of boundaries make the person unable to rationalise and control one's feelings and impulsions. And the problem with violent crimes is that they are acted upon impulse. So yes, I do believe video games can influence somebody, although they certainly are not the main factor triggering the person to act.
In that sense, the new study may well have flaws, like the others....
"New Research Shows No Link Between Violent Video Games And School Shootings" (TechDirt, 22 January 2009)

That said, the sociological influence does not fit within the legal definitions of what defences are. Thus, it is not a surprise if courts deny the claim any validity. Should they modify the law? I do not think so; this is criminal law and strong reasons of social policies motivate towards admitting defences only rarely. In this particular case, there is no abolition of consciousness.
'The Video Game Made Me Kill My Parents' Defense Rejected" (TechDirt, 13 January 2009)

UK institutions victims of viruses

Hospitals first, with hopefully only a few appointments cancelled as damage.
"Downadup virus hits PCs at five Sheffield hospitals " (, 22 January 2009)
More serious in terms of national security, and certainly more worrying, is the MoD's system victim of viruses. "Virus causes Ministry of Defence outages " (, 16 January 2009)

Extradition or no extradition? The latest events about the Nasa hacker

Hearing for judicial review was granted on 24 January 2009, the ground being that the decision to extradite failed to take into account Mr. McKinnon's health (Asperger's syndrome). "Nasa hacker wins right to appeal against extradition " (, January 2009)

Just before that, the Home Secretary in the UK decided to suspend the extradition process until the director of public prosecutions takes a decision about whether or not prosecute in the UK Mr. McKinnon. The decision is interesting because in terms of politics, it means that the Home Secretary was ready to upset the US, unless it means that the US have implicitly agreed to a UK prosecution? McKinnon's lawyers said so far the US remained silent... even after the plea to Bush for pardon (
"Nasa hacker appeals to Bush for pardon", 16 January 2009)
Overall, I would certainly not claim to be safe; it is just a respite, but the uncertainty to remain in the UK is as important as ever. The US may have said nothing but it may well be because more important matters occupy the Government with the Bush/Obama transition to power.

"Nasa hacker: I'm safe until prosecution decision" (, 21 January 2009)

Meanwhile, the McKinnon "side" fires 'all cylinders' to push towards a UK prosecution that would lower significantly the risks of being jailed for a long time.
"MP calls for justice for Nasa hacker" (, 16 January 2009)
"Nasa hacker's mother appeals for UK trial" (, 19 January 2009)

And I am not sure to which extent pleading guilty to the UK director of public prosecutions will help his case. The US may well take offense that McKinnon who denied all along having hacked suddenly changes his mind to avoid once more extradition.
McKinnon extradition on hold until February (, 20 January 2009)
"Nasa hacker legal team awaits prosecution decision" (, 16 January 2009)
"Nasa hacker: I'll plead guilty in the UK " (, 12 January 2009)

Private sector collaboration with investigatory forces

Two stories about the private sector wanting to or already collaborating with police forces, at least in the UK. That the firms stop avoiding the issue is a good sign and it is sad to say that it takes a financial crisis to lead the firms to realise that cybercrime is not a minor issue.
E-crime police see UK firms pledging techies' time (, 20 January 2009)
UK site offers bounty for DDoS attackers (, 22 January 2009)

Wednesday, 7 January 2009

Investigation - Interception of com... - terrorism

I always found the whole idea and process of Guatanamo scary, unjustifiable and a flagrant violation of what we stand for, i.e. human rights. The use of terrorism legislation is part of the problem as it circonvenes most if not all safeguards democracy took so long to implement in the course of criminal investigations and trials. After centuries of fighting for fairness, in less than a decade, we went back to the Middle Ages and for the UK, the Star Chamber.
This issue of warrantless wiretapping is just one example out of many..."Warrantless Wiretapping Lawsuit Allowed To Move Forward Despite Ridiculous Levels Of Secrecy" (TechDirt, 6 January 2009)
Is it the legacy we want to give to our children?

Cybercrime - statistics

Don't know how they gather the numbers and the information, but the French journal Journal du Net (JDN) publishes a series of tables for November 2008, for viruses, phishing, black market of credit card data (marche noir) and the use of technics to attack on the net.
"L'état de la menace informatique dans le monde (novembre 2008)" (JDN, 7 January 2009)

Tuesday, 6 January 2009

Wi-Fi piggybacking (late update)

"On The Criminality Of WiFi Piggybacking..." (TechDirt, 19 June 2008)

Offensive contents filtering

"The Power Of Intermediaries To Silence Speech Online" (TechDirt, 7 July 2008)

"France to block offensive content" (10 June 2008)

Censorship - China and its policy focus

A good point, which shows how much China censorship is political: "If China's Great Firewall Is So Effective, Why Can't It Stop All The Malware Hosted There?" (TechDirt, 25 June 2008)

Liability - websites - France (late update)

"French Courts Still Very Confused About The Difference Between A Platform And A User" (TechDirt, 10 June 2008)

and for similar criticisms, with more legal input, "Affaire Hermès c/ eBay : Quel régime de responsabilité pour les éditeurs de services de communications au public en ligne ? " (, 9 June 2008)

Hacking - twitter and security staff


"Twitter hack targets Obama, Britney" (, 6 January 2009)

"Yeah, Your IT Guy Is Probably Reading Your Email" (TechDirt, June 2008)

Investigation - Police forces (need of and training)

The difficult adaptation of police forces

Police e-crime unit calls for industry aid

Inadequate training of police forces - collateral damages Tuesday, 25 November 2008

New e-crime police - a welcomed addition?

New UK e-crime police training

Response to cybercrime: specialised investigation forces? Wednesday, 19 March 2008

Response to cybercrime: hackers as security guards? Friday, 14 March 2008

Fighting cybercrime: police forces

Case study: Nasa hacker Mr. McKinnon

Nasa hacker - delayed update (Asperger's syndrome) Tuesday, 6 January 2009

Nasa hacker - last episodes

Hacking (Nasa hacker) - jurisdiction and policies Friday, 29 August 2008

Investigations - search for confessions of criminals

An old post I just managed to read, "Japanese ISPs Decide That Criminal Confessions Should Be Blocked Online" (TechDirt, 2 July 2008)

Investigation - no obstacle of encryption?

"RIPA ruling closes encryption key loophole" (The Register, 17 October 2008)

and on the wide use of encryption: "When Everything On The Internet Is Encrypted..." (TechDirt, 10 July 2008)

Investigations - interception of communications

After "UK Releases Details, But Delays, Plan To Surveil Every Bit Of Communication" (TechDirt, 17 October 2008),
it seems to finally come into force "UK Police Now Allowed To Hack Home PCs Without Court Approved Warrant" (TechDirt, 5 January 2009)
"Police set to step up hacking of home PCs" (Times, 4 January 2009)

"Plan to extend police-hacking powers gathers pace " (, 5 January 2009)

However, I have a problem with the way the issue is presented. The Home Office has no legislative power; the main legislation regulating this area is the RIPA 2000 and statutory instruments implementing the legislation have to comply with its requirement. If the Home Office's plan becomes/is a SI, then the question is whether the RIPA provides sufficient protection.

Concerning the Brussels' move, note it is not EU Parliament but the Council of Minister's decision. It is extremely controversial if it is a means to avoid legislation restricting covert operations. Note that the ECHR Court is extremely severe in its safeguard of privacy against covert investigations.

Fraud ring - organised crime

Self-explanatory: "Massive Stolen Credit Card Number Site Shut Down" (TechDirt, 17 October 2008) and "Police smash DarkMarket cybercrime ring " (, 17 October 2008)

Hacking e-mail - fraud and prosecution

Interesting facts, pretty scary also because it would not be easy to be so suspicious about the e-mail. "Negros doc warns vs. email hackers" (CCRC, 16 October 2008)

and on the importance of criminalising the simple act of hacking whatever the outcome is... "Is The Indictment Of The Palin Email Hacker Legally Correct?" (TechDirt, 15 October 2008)

Forcing ISPs and others to act via shaming

There seems to be a trend here. Shaming seems to be a very effective method to force ISPs and others (search engines for example) to filter their contents and to stop retaining data. Or is it bullying or threats or mob's justice? The difference between the two may well be nault and this is worrying when are at stake human rights. Here, the independence and impartiality of the institution making the request and for which purpose (censorhip vs protecting privacy) are crucial elements to draw the line

"Is Public Shame Enough To Keep ISPs From Doing Bad Stuff With Your Data?" (TechDirt, 15 October 2008)

"Why Is Andrew Cuomo Pushing ISPs To Use Spyware On Everyone's Internet Traffic?" (TechDirt, 17 October 2008)

"China Adds Search Engines To Its Censorship-By-Guilt Plan; How Will Google Respond?" (TechDirt, 5 January 2009)

Nasa hacker - delayed update (Asperger's syndrome)

Reactions to revelations that McKennon has Asperger's syndrome vary from annoyance to bemusement. The Home Office considers that lateness prevents the revelation to be a valid claim, but I would certainly disagree. Many mental health issues are discovered late, and in relation to crime, often after the illegal behaviour has been committed.
Contempt for hacker's autism defence (CCRC, 16 October 2008)

Appeal lost, whatsoever. "Nasa hacker loses second Home Office appeal" (, 14 October 2008)

Saturday, 3 January 2009

MPAA Also Likes The Idea Of ISP Enforcers For File Sharing (TechDirt, 29 December 2008)

Defamation: civil or criminal matter?

Many legislations have a civil suit and a criminal charge for defamation. The article about Colorado US is interesting in comparison with the proposal in France to stop allowing defamation charges that do not bear for example any hatred.
"Does It Make Sense To Have Libel Be A Criminal Offense?" (TechDirt, 5 December 2008)

Social-networking and rise of crime

Not a surprise really as people on those sites simply do not understand that they scream to the world private information they would not allow their enemy to hold. Criminal law can help, as the case about spam illustrates, but surely education is a better tool and should be a better way to spend the taxpayer's money.
"Facebook Wins Nearly $1 Billion From Spammer Who Will Never Pay Up" (TechDirt, 25 November 2008)

"Social-networking sites concern cyber-security experts" (CCRN, 30 December 2008)

New types of sentences?

  • First type of sentence:
- There seems to be a law obliging sex offenders to give their password to all their accounts. Two issues here: the effectiveness of the measure/sentence and the compatibility of the measure with human rights.
1) effectiveness of measure: depends on how sex offenders were led to commit their crimes. If they knew their victim in real life, I don't see how this would help detecting possible reoffending. If the internet is a first point of contact, then it might be useful, although is using their accounts the only way to commit crime?
2) the compatibility with privacy: giving passwords when accessing the internet is effectively being watched constantly when using the internet. Translated in real life terms, it is being monitored when being outside home where going shopping, talking to neighbours or just admiring the sky. In other words, the infringement of privacy is so strong, I hardly see how the measure can be compatible with right to privacy and family life (the two are linked in ECHR terms)
"Sex Offenders In Georgia Required To Hand Over Passwords... To Protect The Children" (TechDirt, 31 December 2008)

  • Second type of sentence

Shaming the offender - a form of social control. "Better Response To Crimes On YouTube: Force The Criminals To Apologize On YouTube" (TechDirt, 10 June 2008)

Child porn fights and technical understanding of the internet

Fighting child porn on the internet has created many issues, mainly related to the adaptation of criminal law to the internet. A series of cases in the UK showed that interpretating the concept of posssession of obscene materials was not as straightforward as one could think. Often the problems arise from the lack of understanding of the technical aspects of the internet. In that sense, see the following story "Did You Know Caching Is How Perverts Avoid Downloading?" (TechDirt, 18 December 2008)

Note that reading or viewing can hardly be criminalised without infringing on free speech and without condemning innocent people. We sometimes come across porn unvoluntarily and see porn: to criminalise viewing would lead to criminalise anybody. Plus the difficulties to prove that the person actually viewed for a few seconds or for hours?

Fraud via lack of security

Anyone buying on the internet will be familiar with the security logo or icon on the web browser. Not surprisingly security is never 100% so problems start to occur. Fraud is obviously the main issue, and one should be just more careful when using one's main bank account rather than a dedicated account for internet purchases. "Site Certificates Forged; Internet Security Not So Secure" (TechDirt, 30 December 2008)

Filtering for obscene behaviours

Facebook banned some images of breast-feeding women. Google for blogger does the same by the way, including about pictures in blogs not listed and not available to the public. It confirms that it is not OK for ISPs and the like to make their own decisions about what is obscene. And it's no proof that rating should not exist, rather that the law should get involved a bit more to avoid silly censorship.
"Breast-Feeding Photo Brouhaha Shows How Impossible It Is To Rate Websites" (TechDirt, 30 December 2008)

"UK Culture Secretary Andy Burnham Wants Websites To Be Rated... To Protect The Children" (TechDirt, 29 December 2008)

Obviously the issue I'll be curious to learn more about is the technical feasibility of rating when the internet holds millions of articles and images.