Friday, 26 June 2009
Child Porn Blacklist Group Claims Its Approach Is Working, But There Are Lots Of Questions(TechDirt, 30 April 2009)
See previous post http://cybercrimeatessex.blogspot.com/2009/02/transparency-in-cybercrime.html
The information originates from the Financial Times with its correspondent.
Surprise: Beijing Court Sides With Victim Of Internet Censorship (TechDirt, 27 May 2009)
Victim of Beijing internet censorship wins landmark court ruling (FT, 26 May 2009)
and a French summary of the report on JDN 17 June 2009
Swedish Appeals Court Denies Pirate Bay Retrial -- Says No Bias By Judge(TechDirt, 25 June 2009)
No access to internet for a maximum of a year; any attempt to reinstate the connexion would attract up to 2 years imprisonment and 30 000 euros fine (about 21 000 pounds). I find it fascinating that at a time where copyrights regulations, hence piracy, are strongly criticised in their very existence, the Government chose to take a stand harsher than what happened sometimes when somebody's life and well being is at stake. In other words, money linked with copyrights has more value than the protection of the person, say on social networks. This discrepancy in priorities is typical of the regulatory approach to the internet (think of the US where striking down the legislation on child porn in the name of free speech meant property is better protected than the child's person/body abused by adults), but I can't get over it, and hope I actually won't get over it.
Moreover the procedure used will not involve a contradictory debate but will be one of those simplified ordonnance type of procedure, which when one thinks that freedom of communication is at stake here (including jobs because today one cannot work without internet), is pretty troubling.
Un texte plus répressif pour sanctionner le piratage (JDN 25 June 2009)
Given that the basis of those networks is to share information, often without consent, the recommendation would be a blow to those technologies. I personally think it is not the way forward; rather, we should differentiate between those participating in the network and those not participating. Those in, by the fact of subscribing, should have a opt-out; those not in should have an opt-in.
More sensible is the recommendation that social networks warn clearly and extensively at the level of disclosure faced by their users and how that information could be used against them or their family and friends.
See the summary on Euractiv
For the report itself, Article 29 Data Protection Working Party
It is worth comparing with the 2007 report from ENISA, the rather silent EU agency on cyber issues, Enisa Position Paper EU agency for network and information security suggests updating legislation to face new social networking-related risks (25 October 2007)
Thursday, 25 June 2009
Hence the importance of the Agreement on Mutual Legal assistance http://www.statewatch.org/news/2009/may/uk-eu-usa-extradition-mutual-assistance.pdf
Position on the processing of traffic data for “security purposes” (21 March 2009) on the statewatch website
beaware: Europol exists since 1992
UK launches dedicated cyberattack agency (ZDnet.co.uk, 25 June 2009)
Pentagon moves to protect military networks (ZDnet.co.uk, 24 June 2009)
Before it was even adopted by Parliament, the French bill that promoted the three strikes policy in its attempt to fight piracy was doomed.
The EU Parliament condemned it (See TechDirt, 6 May 2009) EU Says No To Three Strikes On Accusation Only; Requires Court Order
and even the UK TalkTalk ISP (TechDirt, June 9, 2009) director considered it was silly to forbid, "pirats will always win" UK ISP Boss: 'The Pirates Will Always Win'
Without surprise, the bill, passed by an empty Assembly, was declared unconstitutional by the Constitutional Council and thus in effect can only become a Statute if the unconstitutional provisions are withdrawn.
"French Constitutional Council Guts 'Three Strikes' As Unconstitutional" (TechDirt, 10 June 2009)
Legally, the decision is particularly enlightening when it comes to the grounds of unconstitutionality. The Council found several flaws, all in line with what I have been writing about in this blog:
- violation of freedom of speech and communication because the sanction was not decided by a court, but by an administrative agency; I keep saying that a court/ the judiciary has to decide on withdrawing illegal content as much as who committed any other illegal behaviour
- "16. Considérant que les pouvoirs de sanction institués par les dispositions critiquées habilitent la commission de protection des droits, qui n'est pas une juridiction, à restreindre ou à empêcher l'accès à internet de titulaires d'abonnement ainsi que des personnes qu'ils en font bénéficier ; que la compétence reconnue à cette autorité administrative n'est pas limitée à une catégorie particulière de personnes mais s'étend à la totalité de la population ; que ses pouvoirs peuvent conduire à restreindre l'exercice, par toute personne, de son droit de s'exprimer et de communiquer librement, notamment depuis son domicile ; que, dans ces conditions, eu égard à la nature de la liberté garantie par l'article 11 de la Déclaration de 1789, le législateur ne pouvait, quelles que soient les garanties encadrant le prononcé des sanctions, confier de tels pouvoirs à une autorité administrative dans le but de protéger les droits des titulaires du droit d'auteur et de droits voisins ;"
- violation of presumption of innocence by reversing the burden of proof to the accused; it is what I always found disturbing in those cases where the RIAA in the US bring lawsuits/charges before the Court and it is most of the time for the defendant to find proof s/he did not commit the action.
- "18. Considérant, en l'espèce, qu'il résulte des dispositions déférées que la réalisation d'un acte de contrefaçon à partir de l'adresse internet de l'abonné constitue, selon les termes du deuxième alinéa de l'article L. 331-21, " la matérialité des manquements à l'obligation définie à l'article L. 336-3 " ; que seul le titulaire du contrat d'abonnement d'accès à internet peut faire l'objet des sanctions instituées par le dispositif déféré ; que, pour s'exonérer de ces sanctions, il lui incombe, en vertu de l'article L. 331-38, de produire les éléments de nature à établir que l'atteinte portée au droit d'auteur ou aux droits voisins procède de la fraude d'un tiers ; qu'ainsi, en opérant un renversement de la charge de la preuve, l'article L. 331-38 institue, en méconnaissance des exigences résultant de l'article 9 de la Déclaration de 1789, une présomption de culpabilité à l'encontre du titulaire de l'accès à internet, pouvant conduire à prononcer contre lui des sanctions privatives ou restrictives de droit ;"
- 27. Considérant que la lutte contre les pratiques de contrefaçon sur internet répond à l'objectif de sauvegarde de la propriété intellectuelle et de la création culturelle ; que, toutefois, l'autorisation donnée à des personnes privées de collecter les données permettant indirectement d'identifier les titulaires de l'accès à des services de communication au public en ligne conduit à la mise en oeuvre, par ces personnes privées, d'un traitement de données à caractère personnel relatives à des infractions ; qu'une telle autorisation ne saurait, sans porter une atteinte disproportionnée au droit au respect de la vie privée, avoir d'autres finalités que de permettre aux titulaires du droit d'auteur et de droits voisins d'exercer les recours juridictionnels dont dispose toute personne physique ou morale s'agissant des infractions dont elle a été victime ;
Censure du Conseil constitutionnel : pas d'happy end pour l'HADOPI (Juriscom. 10 June 2009)
"French court curbs internet piracy legislation" (ZDnet.co.uk, 11 June 2009)
David El Sayegh (Snep)"Couper l'accès Internet comme on envoie les contraventions établies par les radars" (JDN, 11 June 2009)
Use of 3D games to train pilot - positive use of technology, but one cannot be left but to wonder whether the reality of those games could have adverse effects in certain conditions and be responsible for more violence?
And what if the robots copy 'bad' behaviours and commit crimes? fiction? not so much if one believes this article about a child robot which memory increases by copying real human behaviour. "CB2 : parfait pour un prochain film d'horreur" http://www.journaldunet.com/hightech/salon-multimedia/dossier/ils-sont-la-et-nous-ressemblent-les-robots/cb2-parfait-pour-un-prochain-film-d-horreur.shtml
this made me think about the work of Michelle Hildebrand from Rotterdam/Brussels...
For new areas of fraud coming up soon given the huge development of mobile phone banking:
Le m-paiement atteindrait 250 milliards de dollars d'ici 2012 (JDN, 23 June 2009)
The problem is as usual: safety is done through sharing of information. But how this information is collected and used remained very much undefined... So not surprisingly, there are oppositions to the Stockholm programme
See the Statewatch's summary: http://www.statewatch.org/future-group.htm (
and also the seminar organised on 31 may 2009 http://www.statewatch.org/news/2009/may/surveillance-states-seminar.pdf
with references to the European Civil Liberties Network's own analysis http://www.ecln.org/ECLN-statement-on-Stockholm-Programme-April-2009-eng.pdf
One can only agree when one looks at the EU Council's report of the "Check the Web" project launched in 2007 and presented by Europol to the COuncil on 15 May 2009 http://www.statewatch.org/news/2009/jun/eu-europol-use-of-personal-data-in-the-check-the-web-project-9604-09.pdf
and the analysis provided by Cryptohippie on Statewatch's website, which describes well what is a police state and how blissfully unaware we can be until it is too late http://www.statewatch.org/news/2009/jun/electronic-police-state-2008.pdf
See also, Watching the computers. Function creep allows EU states to use intrusive remote computer searches to target any crime, however minor (TheGuardian, 9 June 2009)
the fact that the surveillance attitude is widespread does not help Canadian Politicians Want To Pass Internet Snooping Legislation (TechDirt, 19 June 2009)
And contrary to the wide-spread feeling, security is not a justification per se for surveillance even if obviously increased CCTV and the like can help detecting crime As Google Agrees To Delete Unblurred Street View Images In Germany, One Is Used To Solve A Crime
Finally, see EU Parliament on the subject
with its "REPORT with a proposal for a European Parliament recommendation to the Council on strengthening security and fundamental freedoms on the Internet
(2008/2160(INI))" (25 February 2009)
and the HL view on procedural rights in EU criminal proceedings http://www.statewatch.org/news/2009/may/eu-hol-ec-procedural-rights.pdf
As pointed out, one cannot settle when the facts established demonstrate an impossibility to commit the action. The RIAA is manipulating the language to appear victorious when its actions embody utter failure.
More troubling, is the issue of evidence. What would have happened if this woman owned a computer but never filed share? How is the RIAA collecting its evidence? Are we not here faced with illegal surveillance?
In that sense, Norway's position to avoid general surveillance for just an issue of IP makes much more sense.
Norway Decides Privacy Is More Important Than Protecting The Entertainment Industry's Business Model (TechDirt, 24 June 2009)
Obviously, Norway's position obliges to rethink piracy and the IP rules. The analysis of Shakespeare's work and how the famous poet and writer borrowed from traditional folk tales and their various interpretations by other authors is quite enlightening about the real issue IP legislation create, especially in a world which works on the basis of networks and sharing.
"Would King Lear Ever Have Been Written If Copyright Law Existed?" (TechDirt, 23 June 2009)
"The Guardian Embraces Crowdsourcing The News In Useful Ways" (techDirt, 24 June 2009) (The Guardian put online all the data on the MPs' expenses scandal - ordinary people digged out what they found interesting and journalists just check and put the information within a broader perspective
How sending an e-mail can breach the peace, I am puzzled. It was not a collective e-mail, say to the whole of the University, what would have justified (maybe) the analogy of the public forum. At most, the e-mail, if repeated at least once, would fall within harassment, but certainly not breach of the peace.
Disciplinary actions might also be foreseen if the university charter of conduct was breached
Tuesday, 16 June 2009
Court hears Nasa hacker 'at risk of psychosis' (ZDnet.co.uk, 9 June 2009)
Judges delay decision in Nasa hacker case (ZDnet.co.uk, 11 June 2009)
The Conseil constitutionnel (French Constitutional Court) rejected part of the Bill nicknamed Hadopi in its provisions that were allowing an administrative authority to cut the right to access the internet. The Authority, although independent, did not provide sufficient safeguards to the internet user, given that was at stake freedom of expression. Only a court, as part of the judiciary with its own requirements of independence and impartiality, could take such decision.
The decision is interesting for several reasons:
1- in relation to the "independent administrative authority" system which France is so fond of, the decision puts a halt to a recurrent trend to transfer legal issues from the courts to non judicial authorities.
2 - it is a reminder that freedom of communication and expression are so intrinsic to the internet, that any measure curtailing it, whatever the justification offered, must be assessed by the courts. Compared with what is happening with ISPs taking down materials, the decision makes one think about the appropriateness of those take down notices procedure not validated by courts...
3 - I am not as sure as the Commission that net neutrality is not needed; resorting to courts is not the main method within Europe. Harmonisation at EU level should be certain before engaging into a dangerous path
How the desire to control child pornography turns into a piracy/ illegal trade issue...Apparently, upon request of China, computers shifted from the US to China must contain a 'Chinese' filtering software... which code is partly stolen from a US company!
Chinese censorware has stolen code, says US firm (ZDNet.co.uk, 15 June 2009)
update: "US asks China to drop filtered software " (ZDnet.co.uk, 25 June 2009)
Wednesday, 10 June 2009
"Local Version Of China's Great Firewall Now Required On All PCs In China" (TechDirt, 8 June 2009)
Two things spring to mind. Is the fake account doing any harm, for example by impersonating a real life person so well one could not easily guess what was true and false? if so, civil law at least applies and Twitter can delete the account. However, there should be court proceedings rather than threats and bullying.
"La Russa & The AP Claims Twitter Settled Lawsuit... Twitter Sets The Record Straight
"French Law has actually taking the step of making it an offence, with a maximum of one year emprisonment, following a few MPs whose name have been 'abused'. "Loppsi : 1 an de prison pour la fraude à l'identité sur Internet" (Numerama, 27 May 2009)
Then, this affair/case seems a matter of education of people and companies on the internet.
"Lifelock Found To Be Illegally Placing Fraud Alerts On Credit Profiles" (TechDirt)
"So-Called 'Friendly Fraud' On The Rise" (TechDirt 27 May 2009)
"Lawyer: Home Office unlikely to U-turn on hacker " (ZDNet.co.uk, 8 June 2009)
But there may be some hope in the mid-term future: (ex) "Hacker joins US Homeland Security in advisory role" (ZDnet.co.uk, 8 June 2009)
with the following update: "Mitnick: from 'computer terrorist' to consultant " (ZDnet.co.uk, 23 June 2009)
I can't believe people are silly enough to sell on e-bay disks that have not been reformated with complete erasure of data, especially in high-risk domains.
"Des disques durs d'occasion très bavards sur eBay" (JDN, 13 May 2009)
And it is no better when data is not even encrypted like the Royal Air Force's data!
Vols de données dans l'armée de l'air britannique (JDN, 28 May 2009)
"Hacked ATMs let criminals steal cash, PINs" (ZDnet.co.uk, 5 June 2009)
"Judges Divided On Right Of Schools To Punish Students For Mocking Principals Online" (TechDirt, 9 June 2009)
Wednesday, 3 June 2009
Sébastien Darnault (MarkMonitor)"Nous bombardons les serveurs de mails frauduleux jusqu'à les faire tomber" (JDN 2 June 2009)
In terms of criminal procedure it is absolutely essential.
"Info sur le web : Le syndrome inversé de la fille du RER D" (JDN, 26 May 2009)
On a similar note, the explanations about information safekeeping/safeguarding, which is linked with its reliability. "Cycle de vie des données informatiques, du berceau à la tombe !" (JDN 7 mai 2009)
"Ces réseaux sociaux qui résistent à Facebook Sonico.com au Brésil" (JDN, 2 June 2009)
I wonder if their business models are better than those of Facebook. Note though that the Russian internet business man just 'bought' Facebook ...
"If You Rob A Bank, Perhaps You Shouldn't Brag About It On MySpace" (TechDirt 2 June 2009)
Not criminal as such, but interesting about the degree of non privacy (to be expected really):
"Analyzing Labor Data Via Facebook Status" (TechDirt, 2 June 2009) or how the words hired/fired on posting were used to analyse the trend in financial crisis management....