Wednesday, 29 April 2009

Help of technologies in investigations

Police eye tech for reporting live crimes via video (ZDnet.co.uk, 27 April 2009) and use of image-recognition technology to detect crime
Criminal procedure will have to regulate the use of this technology

Botnets

Finjan finds botnet of 1.9m infected computers (ZDnet, 24 April 2009)

Botnet expert: Cut cash flow to cybercriminals (ZDnet. 23 April 2009)
self explanatory even though fraud can probably not apply

Spying

Cyberspies breach US fighter-jet project: Report (ZDnet.co.uk, 21 April 2009)

and the hype around viruses/worms that hide more important issues for international peace: Forget Conficker — focus on the real threats

US official: We are under cyberattack all the time (ZDnet.co.uk, 22 April 2009) China is the usual suspect.
the wording is not as silly as it may appear. The parallel with banks under attack is probably better in reflecting the situation. It's not war all the time, but there is certainly a regularity in trying to get access to information.
Which makes me think of the work of a PhD student he presented at the BILETA 2009 conference at Winchester. Titiriga Remus explains about Cyber warfare and Law of the nations. A missed rendez-vous. In short, the concept of attack in international law rarely fits cyber warfare and maybe there should be some conceptual changes made. (for conference abstracts, see http://www.winchester.ac.uk/?page=10664)

Tuesday, 21 April 2009

Twitter - good and bad uses

"Police Learning To Make Good Use Of Twitter" (TechDirt, 15 April 2009)

"Latest Unsubstantiated Claim: Twitter Makes You Immoral" (TechDirt, 14 April 2009)

Indeed, technology is neither good or bad, but it is never neutral. On that theme, see Hildebrandt, in particular "Ambient Intelligence, Criminal Liability and Democracy"
Crim Law and Philos (2008) 2:163–180, esp. 174

data retention, sale and fraud

"Report: Online black market for personal data thriving" (EurActiv, 16 April 2009) building on the Symantec report for 2008.
as long as data is detained/retained, risks about its use exist. Hence the interesting step taken by a Swedish ISP which destroys its data as it has no obligation to keep (just that of handing it in) "Swedish ISP Starts Deleting Log Files To Protect Users From IPRED Law" (TechDirt, 17 April 2009). It is certainly the safiest option, providing one cannot read on the computer disk image with specialised softwares of course!
But no doubt a new law will require retention of data, like the French law which nonetheless is so vague (no statutory instrument enacted to give details of what should be retained) that it creates uncertainties about what should be kept. "Vivement la publication du décret de l’article 6-II de la LCEN sur la conservation des données d’identification ! " (Juriscom, 25 March 2009)

Use of courts or mediation?

Beyond cybercrime obviously, but touching on an important issue: speed. France launched an experiment, that to use mediation instead of going to trial for small issues when linked with the use of internet. There is no obligation to use mediation but the success rate in dealing with cases per annum is about 85%, so this is a strong incentive to avoid long delays. Should I add that avoiding courts costs is not necessarily an incentive in France as those costs are minor, especially compared to those of the UK.
"La justice teste la médiation pour régler les litiges d'Internet" (01net, 8 April 2009)

Should we go for more powers or more effective controls?

"Congress Ponders Cybersecurity Power Grab" (TechDirt, 20 April 2009)
another bill and for more powers to control people. The article touches upon a theme touched upon in a book I am currently reading, that of McGuire, Hypercrime - The new geometry of harm (Routledge, 2007). The idea is that with each technology, comes more control for government. Etymologically, to control is to contrarotulare, to check against the rolls. Hence writing gave as much power to government as it gave to users. Internet is no different, or at least should be no different. The problem is that fear of crime and of technology seems to fuel a movement where liberties fiercely obtained in the 18th century against governments are being given away or, ironically, back to governments.
A similar idea is developped by Hildebrandt in her work on Ambient Law. The structure of cyberspace is badly regulated and we do not know what people do, whether governments or companies or individuals. There is a total lack of transparency which takes away from us the very liberties we take from granted, but the evolution is invisible/non-visible.

Wednesday, 8 April 2009

Google and Obama's team: close links, conflict of interests?

A very interesting analysis from the French JDNet, 7 April 2009 of the link between Obama's team and Google.
It's no secret that Obama used the web extensively to promote his campaign and that donations of 10 dollars only succeeded in gathering millions (- think of what it says also for scammers!!!).
Here are the links highlighted by the journalist:

1) Google received 7,5 millions from Obama's team to advertise their campaign. In comparison, Yahoo received 1,5 million and Facebook 643,000 dollars.

2) Officially neutral, Google's director Eric Schmidt never hid during the campaign that he favoured Obama's candidacy; Google's employees gave 100,000 dollas; only half the amount for Hillary Clinton.
So far not too problematic, but Eric Schmidt has been named as a potential candidate for one of the US administration key job in technology...

3) Katie Jacobs Stantion, product manager at Google, was appointed as the director for citizens participation which entails notably to develop the tools for American citizens to express themselves and be linked with the White House...

4) Vivek Kundra, the first DSI, was closely involved with YouTube... and helped in 2008 to city employees to move to Google Apps away from Microsoft Office

5) Obama's team reiterated to be attache to Netneutrality, with Google being one of the lobbyists for it

6) YOuTube is used to transmit the saturday's speech; and not Yahoo...

7) Google launched GOogleHealth where people can stock their personal health information and share it with others of their choice. Apart from the fact that nothing stops Google to legally sell this information (!!!), the White House just put 19,2 millions in promoting e-prescription systems for doctors, which means in the long run that Google Health could see its use and revenue increase dramatically.

Conclusion: none of the above are necessarily troublesome. Apart from point 7, I think each of the decisions can be justified in themselves. Point 7 troubles me because I wonder to which extent the lobbying has been such that the decision taken may be bias and not a good policy decision for the country.

Finally, the article explains that Christine Varney was appointed to the anti-trust division and she does not like Google. A safe net for the White House? Let's face it: Google products are good, very good. I don't use all of them because I have reserves/concerns about privacy. But I can't deny the products are excellent and so easy to use. Contrary to Microsoft, I think they came in the market by their own efforts (I seriously believe Microsoft had a monopoly and that it acts like it, especially with Vista - well it backfired at the end, because Vista 'pissed people off') and are there because they develop good products at the right time. Only the future will tell us if the ties are too close. Meanwhile, the White House has to be careful because this is the type of story that can damage them more than anything.

"L'influence de Google sur Barack Obama" (JDN, 7 April 2009)

Games and no crime

Self-explanatory and for those who don't speak French: companies/firms use games, sometimes created for them, to either train employees or filter applicants.

"10 jeux vidéo très sérieux pour mieux manager" (JDN, 7 April 2009)

Databases and data retention: are we giving up our liberties?

the five databases on custody, crime, intelligence, child abuse and domestic abuse should be put together via the use of new technologies.
Apart from the usual privacy issues, I don't think it is bad in itself. Let's face it: it was bound to happen because that what new technologies do. When fingerprinting arrived in 19th century, massive information (especially at the time) was collected and used. Nobody sees anything against it nowadays. And whatsoever, it is one way or another controled by the courts as it is related to criminal offences

"Police database is 'major new weapon' against crime" (ZDNet.co.uk, 6 April 2009)

On the other hand, I find it troubling that internet data can be retained. Apart from the technical side of how to use the data (frankly, if one does not use traditional investigatory techniques, how do you go through the materials?), I am puzzled by what it means in terms of control on citizens. Schematically, internet is used for e-mail, blogs (and the like), and website/shopping.
I don't see where Government can justify spying on e-mail traffic: one of the greatest advances in human rights in the 18th century was the privacy of letters (contents and where they go); why should it be different with the internet? the fear of crime CANNOT be an excuse to give away one of our liberties that our ancestors thought for, sometimes risking their lives in order to obtain those liberties.
Similarly, I don't see how we can justify spying on blogs/facebook type of traffic: do we spy on phone conversations? Well officially you need a warrant, don't you?
Similarly, for the rest of the traffic: I can't understand the basis of such a measure.

At the end of the day, our liberties are eroded in the name of crime and fear of crime. Liberties are not better protected by giving them up. Time to stand up. In that sense, I just finished going through the near 300 pages of Hypercrime. the new geometry of Harm by M. McGuire (Routledge, 2007). Although I don't agree with all what the author is saying, it conforts what I always thought: before affirming that the internet is per se different, let's compare with what happened in the past. McGuire's study is sociological and very valuable; I wish a lawyer could write the same book on a legal perspective. It would deflate the Government and media's hype we keep hearing about cybercrime.

Child porn and prosecution policy: bias charges?

The story is problematic for several reasons:

1.1) the charges, as reported below, should never have existed as the image is not even pornographic - this is purely a legal argument/point

1.2) the charges should not have been started either given the context of the case. The principal is the one who has ordered the investigation; his employee reported it and obviously the student's mother had an interest in damaging his reputation. Because he was a man, it was easy to label him (and libel). That the prosecutors refused to see the context and proceeded with the charges is contrary to any good policy of prosecution - that the policy argument/point

2) the background of the case is those children/teenagers sending photos of themselves or others nude via mobile phones. Two issues: what kind of society are we where it is viewed as trendy to be exposed nude to everybody? I am not prude, but frankly, I don't see the point; the offence of child porn is protect children against adults: can it be to protect children against themselves?

"School Administrator Accused Of Child Porn Because He Investigated Sexting At School" (TechDirt, 6 April 2009)

Sunday, 5 April 2009

Costs of cybercrime

self-explanatory Apparently, Cybercrime Isn't Actually A Trillion-Dollar Business (TechDirt, 31 March 2009)

ISPs and investigations - report of abuse

Absolutely right, ISPs should not be the primary interface into dealing with investigations. The threat does not justify to forgo our liberties.

New Jersey The Latest To Try To Regulate Social Networks... For The Children (TechDirt, 3 April 2009)

Same reflection: since when Government asks us the names in our address book? That it is online is absolutely no excuse.

"British Goverment Wants To Know Who Your Facebook Friends Are" (TechDirt, 31 March 2009)

Criminalisation -

Well, it might be new for West Virginia, but in some countries it's not. Posting false information can indeed be defamation, but also a misdemeanour depending what one views as important or not.

"West Virginia Looks To Criminalize Online Harassment" (TechDirt, 1 April 2009)

For piracy, I would agree that the laws are inadequate because the principle they try to enforce is outdated. Thus both Sweden and France should have thought twice.
"Swedish Antipiracy Law Goes Into Effect... Internet Traffic Drops" (TechDirt, 1 April 2009)

China, internet and surveillance/spying

Since when spies acknowledge they do?

"Online Espionage Network, Based In China, Exposed" (TechDirt, 30 March 2009)

"China refutes computer-spying allegations " (ZDnet.co.uk, 31 March 2009)

"Researchers uncover global cyber-spying operation" (ZDnet.co.uk, 30 March 2009)