Posts Tagged 'law'

Lawyers get hacked

Over in the UK data loss isn’t a new problem, actually quite a common occurrence. So let me recap the chain of events for this particular law firm. Collect personal data from ISP for lawsuit, then get hacked, have data distributed on said Internet available for all to see, prepare to get sued by angry porn addicts. Not quite the standard plan but let’s see how this works out. ACS: Law suffered a major data breach exposing the tawdry details of some 5,300 Sky broadband customers. Apparently the firm was targeted specifically and their database and contents pilfered from under their noses. Privacy proponents argued that the data was not secured, not even encrypted thus leaving the data exposed for cyber criminals. The Information Commissioner is investigating.

Canada getting tough on copyright

So the party may be over for Canadian downloaders. Companies now have the right to go after infringers to the tune of $100 to $5,000 for breaking digital locks for the purpose of copying. The penalty goes up to $500 to $20,000 per offense for commercial activities. So much for Bill C-61. Some specific incidents that are mentioned are: PVRs are ok, legally purchased CDs to pcs and ipods are ok, cell phone unlocking is ok. The new bill also requires ISPs to keep tabs on what their customers are downloading. Ruh roh.

Torrent sites are also in danger for legal action. Backups are legal. It would appear on the surface it attempts to balance the rights of the content developer vs the consumer. The bill is still open to ongoing amendments and could possibly change as technology becomes available. In the meantime, start using private torrent sites.

Make sure to use your ‘real’ name on MySpace

Recently Lori Drew was charged with violating the Computer Fraud and Abuse Act for signing up for a MySpace account under a fake name. While the larger circumstances were quite shocking (and have been covered enough I don’t think I need to go into them), she was charged for nothing more than pretending to be someone else on the Internet. The indictment calls this a felony, under title 130 section (a) (2) (c) of the US Code, which criminalizes anyone who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer if the conduct involved an interstate or foreign communication.” The access to MySpace was unauthorized because using a fake name violated the terms of service. The information from a “protected computer” was the profiles of other MySpace users.

If this is found to be a valid interpretation of the law, it’s really quite frightening. If you violate the Terms of Service of a website, you can be charged with hacking. That’s an astounding concept. Does this mean that everyone who uses Bugmenot could be prosecuted? Also, this isn’t a minor crime, it’s a felony punishable by up to 5 years imprisonment per count. In Drew’s case she was charged with three counts for accessing MySpace on three different occasions. (link)

(excuse me while I delete a few MySpace accounts…)

Google adds privacy link to homepage

Bowing to criticism from privacy groups, Google added a “privacy” link to its homepage over the holiday weekend, even axing its own name from the page’s copyright notice so as to keep word weight in check.

Google is (in)famous for its adherence to a spartan aesthetic, and nowhere is that design sensibility more apparent than on the Google home page. The goal is to keep the word count low, which means that only the absolutely most important words—like “advertising programs” and “business solutions”—make the cut. But “privacy”? Nowhere to be found. Hey, you can always Google for it!

This, in fact, was Google’s response when it was criticized earlier this year by privacy activists who claimed that California law required a link to the privacy policy on the home page. It was also the response given a bit later when it emerged that Google was bucking the common practice of the Network Advertising Initiative (a trade group that includes Yahoo and Microsoft) by not including the notice. Google had nothing to hide, it said, it just cared deeply about the purity of the page. (link)

France: No Internet for you … if you illegally download

“Anyone who persists in illicit downloading of music or films will be barred from broadband access under a controversial new law that makes France a pioneer in combating internet piracy.

“There is no reason that the internet should be a lawless zone,” President Sarkozy told his Cabinet yesterday as it endorsed the “three-strikes-and-you’re-out” scheme that from next January will hit illegal downloaders where it hurts.”

This seems like a knee jerk response to a long standing issue. I think Sarkozy needs to understand the issues before he institutes this silly policy. Is he taking a page from the playbook of Bush? (Scare tactics 101)

“Under a cross-industry agreement, internet service providers (ISPs) must cut off access for up to a year for third-time offenders.

In a classical French approach the scheme will be enforced by a new £15 million a year state agency, to be called Hadopi (high authority for copyright protection and dissemination of works on the internet).” (link)

This is passing the buck. The forces the ISPs to police it’s users and then would punish them for lack of enforcement. This is cowardly. How much are they gonna spend on this? You think they could have thought up a better name than ‘Hadopi’.

Identity theft still on the rise despite more awareness

Over the past five years, 43 US states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published a state-by-state analysis of data supplied by the US Federal Trade Commission (FTC).

“There doesn’t seem to be any evidence that the laws actually reduce identity theft,” said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper’s authors.

Romanosky’s team took a state-by-state look at FTC identity theft complaints filed between 2002 and 2006 to see whether there was a noticeable impact on complaints in states that had adopted data breach notification laws such as California’s SB 1386, which compels companies and institutions to notify state residents when their personal information has been lost or stolen. Their paper is set to be presented at a conference on Information Security Economics held at Dartmouth College later this month.

Since 1999 the FTC has invited identity theft victims to log information about their cases on its Web site. The data are then made accessible to law enforcement, which uses the information to help analyze crime trends. A lot of people complain, but it represents only a subsection of all identity theft cases. In 2006, for example, the FTC logged 246,035 identity theft complaints, while a Javelin Strategy survey estimated that there were 8.9 million ID theft victims that year. (link)

Twitter’s Terms of Service causing a storm

Microblogging/social messaging service Twitter has become the center of a new debate about online harassment and what services’ responsibilities are the protect their users. What started out as the fairly run-of-the-mill harassment of a female user has turned into a much larger controversy over terms of service, the definition of a community, and what protections the site might have under the law.

The sequence of events began like this: Ariel Waldman, now community manager for Twitter competitor Pownce (but was apparently not in this position when the issue began) became the subject of what she characterizes as harassing “tweets” (140-character messages sent to the service, usually broadcast to the public) last June containing her full name, e-mail address, and disturbing comments. At that time, she reported it to Twitter’s community manager, who subsequently removed the offending user’s updates. (ArsTechnica)


Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 29 other followers

Technorati – Blog Search

Add to Technorati Favorites

submit express