October 27, 2005
Evidence Laws Fall in the Rush to Embrace the Anti-Terrorism Bill
As part of the federal government's terrorism response, changes will be made to the laws of evidence during trials of suspected terrorists. Andrew Lynch* writes that the proposals deserve close examination if Australia wants to retain the integrity of its courts and justice system.
Posted by Jaani at 9:58 PM | Comments (0)
October 15, 2005
Howard Attacks Stanhope over Anti-Terrorism Bill Leak
The Prime Minister has described the ACT Chief Minister's decision to place the draft anti-terrorism laws on the Internet as irresponsible.Posted by Jaani at 6:33 PM | Comments (0)
October 8, 2005
First Anti-Phishing Law Enacted in California
Phishing is an increasingly common practice employed by fraudsters to procure an individual's access credentials, typically in relation to an online financial service such as a bank or eBay. It normally involves an e-mail directing users to 'verify their password', 'confirm their account' or the like, but upon clicking on the link the user is taken to a lookalike website that secretly posts their login data to the phishing server.
With internet fraud on the rise, Nathaneal writes with word that the Californian legislature has introduced legislation designed to allow civil recovery against phishers. Assuming the culprits could be found and were still connected with the missing funds (which are pretty big assumptions), the victim would have a cause of action giving rise to damages:
Arnold Schwarzenegger, governor of California, signed a bill yesterday that makes phishing a civil liability. According to MSNBC, the new law is the first of its kind in the country: 'The bill, advanced by state Sen Kevin Murray, is the first of its kind in the United States and makes 'phishing' ... a civil violation. Victims may seek to recover actual damages or $500 000 for each violation, depending upon which is greater." This is an expensive penalty for phishers who are litigated against, but do the lack of criminal accountability and the burden of action on the victim hinder the effectiveness of this bill?'
From the article:
In my opinion, this legislation -- whilst a positive step -- is unlikely to be effective or applicable in most cases. The phisher will normally either elude capture, spend the money or in any case reside outside California. The best solution is prevention, and the best way to prevent is to educate. Here is a good tutorial on how not to 'get hooked'. Here is another excellent summary of precautions and advice.The State Senate approved Bill 355 in August, and moved it to the Governor's desk in September. The bill now makes it illegal for anyone to solicit, request or induce a consumer to provide personal information by using e-mail, Web sites or the Internet to fraudulently impersonate a legitimate business.
Posted by Jaani at 10:28 AM | Comments (0)
October 6, 2005
Finland Adopts New Copyright Legislation
Anonymous Coward writes "Finland has adopted European Union Copyright Directive with new changes to its national legislation, giving Finland one of the most record label friendly pieces of legislation in Europe. The article has a good summary of the new law's changes to the old, rather flexible legislation."Posted by Jaani at 9:55 PM | Comments (0)
Congress mulls 'post-Grokster' legislation
Considering the coup de grâce
The Senate Judiciary Committee on Wednesday welcomed testimony from parties seeking the legislative final solution to P2P networks during a Capitol Hill hearing confidently entitled "Protecting Copyright and Innovation in a Post-Grokster World."…
Posted by Jaani at 9:54 PM | Comments (0)
September 20, 2005
NSW Considers Anti-Scalping Laws (eBay Worried)
'The NSW government will consider bolstering its power to act against ticket scalpers, including the introduction of laws similar to those in Victoria which give authorities power over the sale and distribution of tickets for major events.'
Given the amount of ticket scalping that takes place on eBay, especially around this time of year.
Posted by Jaani at 5:18 PM | Comments (0)
September 13, 2005
The Anticybersquatting Consumer Protection Act: Key Information
'The Anticybersquatting Consumer Protection Act [US] has been effectively used to combat gripe sites; improper profiting from the commercial use of another's mark; and tarnishing of a mark by using it in the domain of a Web site with pornographic or other undesirable content. Martin H. Samson, a partner at Phillips Nizer, explains how to efficiently harness the ACPA to prevent the misuse of your mark in another's domain.'Posted by Jaani at 8:49 PM | Comments (0)
August 24, 2005
US Patent Law Reform
'"Lawmakers in Washington are considering changes to the patent code that would bring U.S. law closer to intellectual property standards in the rest of the industrialized world." The stated result of the Patent Reform Act of 2005, HR 2795 is supposed to make the system work "more efficiently" and be "less prone to litigation."'Posted by Jaani at 12:49 PM | Comments (0)
August 17, 2005
Australian Search Engines Alleged to Contravene Online Gaming Laws
'According to a ZDNet report, authorities in Australia are investigating Google and a few other search engines for possible breach of the country's online gambling laws. The Interactive Gambling Act 2001 (Cth) prohibits advertising of gambling services on Web sites where "it is likely that the majority of that site's users are physically present in Australia". Banned services include online casino-style gaming services such as roulette, poker, craps, online poker machines and blackjack. Breaching the Act carries a maximum penalty of AU$220 000 ... per day for individuals and AU$1.1 million ... per day for corporations.'
My take: it's difficult to see how Google, a foreign corporation, could be subject to Australian laws regulating advertising taking place on its United States-based servers. The Act was never designed to police foreign websites -- just to prevent them being setup and run out of Australia. This is unlikely to amount to anything.
Posted by Jaani at 12:14 PM | Comments (0)
October 13, 2003
Shifty Premises: the DMCA Strikes Again
First up on today's menu: more DMCA legal shenanigans, with a United States copy-protection software developer filing suit against a graduate student at Princeton University under s1201 of the Digital Millennium Copyright Act 1998.
SunnComm Technology alleges that one J Halderman engaged in circumvention of a protection measure when publishing a research paper, which detailed how to deactivate (or perhaps more accurately, subvert the activation of) a system designed to prevent CDs being duplicated or copied to a user's hard disk.
The ridiculous part of all this is that the 'circumvention technique' described by the research consists of little more than using the SHIFT key to disable a program from automatically executing when a protected CD is inserted, a process which Halderman successfully tested on a recently released audio CD published by Arista Records/BMG. Unfortunately, SunnComm has not taken too kindly to the publication of so obvious a method of circumvention, claiming that Halderman's paper incorrectly disparaged the 'robustness and efficacy' of the mechanism, harming their reputation:
This is an opinion that seems to be shared by their shareholders, evidently. Now, forgive my youthful naivety on matters of substantive law, but such a claim seems more suited to a tort action in defamation than a filing under a criminal provision of the DMCA. Their action seems destined to fail, at any rate. As one commentator has dubbed it, 'press shift to initiate lawsuit'. Fred von Lohmann, a cyberlawyer with the EFF was also vocal in his condemnation of the suit:
In order to successfully sue Halderman under the DMCA, SunnComm needs to prove that the circumvention method his paper described constitutes a device 'primarily designed or produced to circumvent'. Given that the SHIFT key is a standard feature of every computer keyboard, that the association of this 'device' with disabling autorun is a standard feature on all Microsoft, Apple, and many Linux operating systems, and that it performs many other functions (for instance, Capitalisation), it seems ludicrous to classify it as a device primarily designed to circumvent copy-proteciton mechanism. Arugably, it does not even constitute a 'device'.
Even if using a particular key to willfully disable a software protection measure does comprise a circumvention measure, Halderman's report probably falls under one of the exceptions to s1201: ss(d) (exemption for educational institutions), ss(g) (encryption research allowed), or ss(j) (testing access controls allowed with consent).
SunnComm also claims that by disabling the autorun mechanism a file is 'deleted'; strictly speaking, this is not correct, either. Rather, a file is prevented from being created. This is a critical distinction, because users ought to have control over which files are copied onto their digital property (though it would be a harder case to make that they should have control over all files already there). Were this action to succeed, a precedent would be created for denying end users the ability to disable potentially intrusive or malicious programs (eg, mal/spyware) that come bundled with CDs or DVDs and are subjected to "blanket protection" by the DMCA. Publishers could install 'helper' utilities that advertise their other CDs, monitor a user's listening habits, or even disable access to P2P sharing applications - yet under the DMCA, users would be powerless to attempt a removal of these devices, or publically disclose the full extent of their operation.
Sadly, this case highlights an all too frequent trend in American technology law: instead of using the incisive, voluntarily contributed research of a concerned member of the public (for which the company would otherwise have been charged an exorbitant amount of money) to improve their product, SunnComm has taken cover behind vaguely-worded provisisions to protect their own lack of foresight and poorly researched product. Anyone who invested in this company's copy-protection mechanism has only themself to blame, not Halderman.
Posted by Jaani at 1:58 PM | Comments (0)
September 27, 2003
Federal Spam Bill Set to Achieve Nothing
On the local (Australian) front (pardon the anchor cliché), the recent tabling of a tough national Spam law has received industry accolade, and looks set to pass when it is read for a second time next month.
Under the proposed legislation, entities engaging in electronic mass-mail practices face penalties of over $1 million a day. The penalties may be clear (and rather hefty, especially when compared to other, more serious, corporate practices), but far more hazy are details surrounding jurisdiction. Presumably, only Australian, for-profit organisations will be subject to the new law, which will render it pretty much useless.
Allow me to explain. Bandwidth in Australia is ludicrously expensive, thanks in no small measure to the other actions of Richard Alston in his capacity as Minister for Communications, IT, and the Arts. As a result, small or home-based businesses are forced to out-source their web hosting to the United States or Japan, where wholesale prices are far cheaper. What this means is that a vast majority of spammers are either going to be sending mail from the US or from former Soviet-bloc countries, where bandwidth is fast, cheap, and the relatively unregulated.
Those few businesses which do spam from within Australia are likely to be large enough to be able to afford a menacing legal team with which to artfully dodge any penalty (for example, by claiming the user is at fault or embedding indemnifying disclaimers into the e-mails themselves; even if these defences fail, they could always claim a rogue representative of the company sent the mail, or a satisfied customer, since it would be difficult to obtain the IP address from which the mail was sent). For these reasons the legislation is unlikely to be effective. We need a worldwide collaboration on unsolicited electronic mail if we're going to get anywhere.
Posted by Jaani at 1:42 PM | Comments (0)
