Wednesday 27 May 2009

Privacy

Number 10 will not investigate Phorm (ZDnet.co.uk, 20 May 2009) - not as bad as the title lets it think. No investigation by the Executive because the Information COmmissioner is competent. Separation of powers...

But this is as bad as it gets: Google would look at its employees' behaviours to detect those who wish to leave the company... "Google recherche maintenant dans les cerveaux de ses employés" (JDN. 21 May 2009)

Tuesday 19 May 2009

House of COmmons' control on Government's policy and EU

The House of COmmons' European Scrutiny Committee delivered its 8th report (may 2009) and analyse, in particular, the UK Government's implementation of EU policy on cyber attacks. Pages 19 to 21, after having summarised the EU policy, the Committee analyses the Government's responses and note the lack of clarity of the Minister's reply.

http://www.publications.parliament.uk/pa/cm200809/cmselect/cmeuleg/19-xvi/19-xvi.pdf

Distorting offences

"Guy Convicted Of Hacking For Uploading Naked Picture Of Himself" (TechDirt, 7 May 2009)

control on the internet

Facebook filters (no!) so as not to be caught in the Pirate Bay issue. Once more, this shows how a lack of reflection on providers' roles creates intolerable situations violating liberties.

"Legal Questions About Facebook's Blocking Of Links To The Pirate Bay" (TechDirt 8 May 2009)

A computer to be controlled by thoughts

The French agencies of Inserm (medical research) and Inria (technology research) presented a software which enables control of a computer by thoughts. The project called openvibe started in 2005 and requires a specific helmet to capture electrical activity of the brain. The software is free of charge!


"Contrôler un ordinateur par la pensée, est-ce possible ?" (JDN, 15 May 2009)

with more info on http://www.journaldunet.com/hightech/magazine/actualite/la-recherche-met-au-point-l-ordinateur-commande-par-la-pensee/la-recherche-met-au-point-l-ordinateur-commande-par-la-pensee.shtml?f_id_newsletter=1040

Fight against fraud

"Soca puts a clamp on cybercrime" (ZDnet.co.uk, 15 May 2009)

"The Rise Of Corporate Identity Fraud" (TechDirt, 11 May 2009)

Strike - just a note

Not about criminal law (well unless going on strike is criminal, which in some countries is) but just to notice the courage to go on strike when countries' culture and law are not in favour at all.
Baidu, the chinese Google (state owned?), is partly paralysed because of its workers' strike to obtain better pay after a 30% cut, and for some not to be forced to resign to meet increased sale targets with a lesser salary
Le Google Chinois paralysé par une grève (JDN, 18 May 2009)

Intent to incite: context and variations

Found guilty of incitement to financial panic for posting on Twitter that one should take one's money out of the corrupt banks. If facts are to be believed, this seems ignoring 1) context of the comments which is about corruption, not about the financial crisis as such, 2) incitement implies intention to do so - the context seems to motivate against such finding-, 3) Twitter is given a power on people and their lifes I wonder if it really has?

"El Efecto Streisand As Guatemala Arrests Twitterer" (TechDirt 15 May 2009)

Cyberbullying: worth criminalising?

I just thought that this post was well written and interesting for lawyers. It asked the basic questions before legislating once more: are they already some offences? do they fit the facts or can they without the definition being distorted? is it worth creating a new crime or do we respond emotionally to an issue rather than with objectivity?

"What is Cyberbullying Anyway?"(TechDirt, 11 May 2009)

The law, especially criminal law, has symbolic aspects. But in no way should it be distorted or used purely on those grounds... Justice is not simply about appearing to defend the victims. "Prosecutors Want To Give Lori Drew 3 Years In Jail For Symbolic Reasons" (TechDirt, 7 May 2009)

Data collection and use by police

Quite a bit of irony here when thinking about the debate on whether ISPs should collect data and keep it available to police. The ACPO (Association of Chief Police Officers) considers that the sheer number of CCTV data makes it unusable to the police to track suspects! What a waste of money and time of all those concern who opposed the CCTV coverage in England. As politicians do not seem to agree (fear factor?), it may well be a long time before we see less CCTV
"ACPO: Police swamped by CCTV data" (ZDnet.co.uk, 15 May 2009)

and "UK Police Learn That More Surveillance Data Doesn't Mean Better Surveillance Data" (TechDirt, 18 May 2009)

The above obviously should make us think about any type of data mass collection: "Bad Idea: UK Launches Database Of Info On Every Child" (TechDirt, 18 May 2009)

Update: "British Cops Creating Nationwide License-Plate Surveillance System" (TechDirt 22 May 2009)

Thursday 7 May 2009

Twitter uses

Self-explanatory:

"Move Over, Craigslist: Twitter Gets Prostitution Ads" (TechDirt, 29 April 2009)

Virtual worlds - copyrights claims to be sustained?

Not directly linked to criminal law, despite the offence of piracy that could appear, the opinion of the Electronic Frontier Foundation attorney Fred von Lohmann is of interest as it questions the parallel made between real laws/worlds and virtual worlds. Applying copyrights laws to virtual worlds like Second Life creates havoc as even publishing the view of a street could infringe a user's copyright. My question is this - and so far, I have no answer-: is it the principle of applying real world law that fails, or is it copyrights law themselves that are completely inadapted to the digital age (but not non-copyrights laws) as the Pirate Bay case illustrates?

"EFF Agrees That Copyright In Second Life Is A Mess" (TechDirt, 4 May 2009)

Piracy and ISPs' attitude in Sweden

Exploiting a gap in the law, Swedish ISPs do not keep any content nor any log on their customers. A radical stand to maximise privacy against the Governments' trend (like the UK) to want to keep data.

"More Swedish ISPs Decide To Keep No Logs To Protect Users" (TechDirt, 29 April 2009)

The movement is linked with the piracy case against Pirate Bay which is also a party with a seat in the EU Parliament "Swedish Pirate Party may win EU Parliament seat" (ZDnet.co.uk, 6 May 2009). Maybe there'll be a change in policy in the future?

For the origin of piracy, a truely international crime at the time, see "A Look Back At The History Of The Word 'Pirate'" (TechDirt, 30 April 2009) who refers to a SSRN paper "The Framing of 'Piracy': Etymology, Lobbying & Policy" from K. Matthews Dames

Cyberthreats - importance of botnets or virus?

It is obviously silly to leave computers infected whatever the reasons. The regulation applied here should simply be modified. The article is however interesting for another reason: the scale of the use of internet to connect medical devices and the threat to health this can create. Apparently, nobody has quantified the risk, which is scary when one thinks of the threat to the electric grid that happened a few weeks ago. It actually made me think of Beck's argument in the Risk Society (our use of inadequate criteria to assess risks because the type and scale of risks have changed since the 19th century)
"US red tape leaves Conficker on medical devices " (ZDNet.co.uk, 5 May 2009)

The Conficker worm also reveals that the real and most dangerous threat is invisible. This is particularly stressed in the French article where it is explained that the purpose of botnets is not be noticed, to be as invisible as possible even though the damages can be enormous for the person infected or for others not related.
"Forget Conficker — focus on the real threats" (ZDnet.co.uk, 29 April 2009)
Frédéric Guy (Trend Micro)"Nous identifions 800 à 1300 nouveaux virus par heure" (JDN, 20 April 2009)
"Un botnet ciblant les ordinateurs Mac" (JDN, 17 April 2009) with the scale of the threat being minimum given the few users of Apple
"Le zapping de la sécurité (avril 2009)" (JDN, April 2009)

Concerns of privacy

An interesting story that shows the gap between the world before and with internet. Although he has a point, that what is on the internet is not necessarily private, Justice Scalia did not understand the scale of communication and availability of details on people's life. To be offended by a research done by the US law professor Joel Reidenberg is not to understand that anyone can do so and retrieve facts with ease and within a few minutes.
I did it for myself and, having always been careful, I found what I knew would be there. The only odd thing was that there is another Audrey Guinchard living in Besançon (France) with a Facebook page and confusion of identity could be made
"Supreme Court Justice Scalia Given Lesson In Internet Privacy" (TechDirt, 5 May 2009)

Most people are more aware about privacy issues though and are notably conscious that when they use the net they leave tracks easily retrievable... But also most people (60% according to the poll) do not want to sacrifice privacy to security measures, which is quite reassuring and counteracts the Governments' claim that security measures ought to be implemented at whatever costs.
"Sécurité IT : l'ingérence de l'Etat inquiète les internautes" (JDN, may 2009)

Uses of false identity - the boundaries of criminal law

Distorting criminal offences has always been a temptation when the law does not fit exactly the fact. Except that criminal law is bound by the principle of strict interpretation and reasoning by analogy should not be allowed. It is thus reassuring to see that the use of a fake identity created from "scratch" does not fit the offence of ID fraud as defined in the US. This is not surprising given the definition of the offence:

  • "knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law;"
  • Identity Theft and Assumption Deterrence Act of 1998, amending Section 1028(a) of title 18, United States Code
And yet the US prosecution managed to claim a different interpretation up to the Supreme Court. What a waste! "Supreme Court Tells Gov't It Can't Use ID Fraud Laws Against Illegal Immigrants" (TechDirt, 5 May 2009)


The use of a fake identity, again fictional rather than of a real person, let to another story, as sad and distressing as the previous albeit for different reasons. This time, the fake identity led to the recipient of the 'friendship' to commit suicide. The law is indeed powerless as so far ID fraud has been built on the use of a real identity but by another person.

"Congressional Rep Wants To Put Internet Trolls In Jail" (TechDirt, 6 May 2009)


THe two cases certainly raise issues of the adaptability of criminal law. Fraud and ID fraud are offences targeting the use of real identity with the aim for fraud to obtain money. Phishing is just an adaptation to the internet of the traditional means to commit fraud. (see "Facebook fends off two days of phishing attacks", ZDnet.co.uk, 1 May 2009)
The protection of a person's feelings with the use of this false identity was never taken into consideration. Should it with the internet? I would be reluctant to affirm so. The two cases reported here revolve around either immigration issues or the use of internet by children or vulnerable people. The latter is a matter of education: not to take at face value what is said online and understanding that anybody can invent an identity purely fictional like in games or Second Life.

Wednesday 6 May 2009

Cybercrime policy - US, EU, France and the world

All but one in French, but I haven't finished going through my English newsletters, so should be able to complement later on with English language articles:

"International experts launch anti-cybercrime plan" (ZDnet.co.uk, 29 April 2009): not so international as it may appear as it involves primarily the US and the UK, but at least the Cyber Security Knowledge Transfer Network (KTN), a UK government-funded organisation, is supposed to "liaise[...] between agencies around the world, co-ordinated the formulation of the roadmap". A plan by N. Jones from KTN was published that argues that businesses should be more proactive and important partners in security.
"Building in… Information Security, Privacy and Assurance - A high-level roadmap" on KTN website

Viviane Reding is the European commissioner on new technologies; she suggests to create a European post/job of "internet police/policing officer" so as to coordinate European responses to cyberattacks and develop a strategy to increase cybersecurity
"Un Monsieur sécurité pour défendre l'Europe contre les cyber-attaques ?" (JDN, 27 April 2009)

This very much echoes what has already started in the US, with a change of policy under Obama new presidency, where Melissa Hathaway has already highlighted the new trends in cybersecurity the US will focus on, with notably a multi agencies and institutions cooperation "La cybercriminalité dans le collimateur de l'administration Obama" (JDN, 24 March 2009)

And for France, this interesting article decrypting the French President's promises during the election campaign and their outcomes in 2009. "Sécurité et libertés : les données personnelles en danger ?" (JDN, 5 May 2009). On security, what has been delivered so far is a Report (Livre blanc/White Book) on Defence and Security in June 2008 which highlighted the policies up to 2020 notably in terms of warfare.
In terms of right to privacy, the biometic passport has been launched despite the CNIL (a quango) opposition to it; the obligation for ISPs to block paedophilia websites, and the three strikes law on copyrights infringement. Generally, the CNIL tends to be sidelined as none of its advices has been followed by the Government.