18 May 2011

Who Wants To Dam Online Streaming?

Image: Brownlee Dam by WaterArchives.org on Flickr

5642421956_6b83b92356_z

Do you stream content from the Internet?
Could it be that you fall under the category of users involved in an illegal streaming? Well, if you do and are also identifiable as an US resident, this blog article may contain some bad news for you.
Why?
Because Victoria Espinel, Obama administration’s IP Enforcement Coordinator, has recently published a white paper on legislative recommendations that asks lawmakers to declare streaming a

Copyright Infringement

and hence a felony.
Not exactly the sort of good news blogs usually provide, huh?

When I first saw the story at Ars Technica, my first reaction was to ask

Who Needs A Change In Legislation?

Then I read the white paper and found that Ms Espinel’s recommendations very clear:

It is imperative that our laws account for changes in technology used by infringers. One recent technological change is the illegal streaming of content. Existing law provides felony penalties for willful copyright infringement, but felony penalties are predicated on the defendant either illegally reproducing or distributing the copyrighted work. Questions have arisen about whether streaming constitutes the distribution of copyrighted works (and thereby is a felony) and/or performance of those works (and thereby is a not a felony). These questions have impaired the criminal enforcement of copyright laws. To ensure that Federal copyright law keeps pace with infringers, and to ensure that DOJ and U.S. law enforcement agencies are able to effectively combat infringement involving new technology, the Administration recommends that Congress clarify that infringement by streaming, or by means of other similar new technology, is a felony in appropriate circumstances.

It turns out that the current US copyright framework is to some extent ambiguous as to whether streaming should be considered a distribution or performance of a work. This ambiguity results in a loophole which Ms Espinel is now proposing to fill.

This is strange, because the US have ratified the

WIPO Copyright Treaty

(WCT) and implemented it by the Digital Millenium Copyright Act (DMCA). The US nevertheless omitted to introduce the so called “right of communication to the public” or also known as the “making available right” in their legislation. Ms Espinel would not have the problem now, had the Clinton administration taken care back in 1998.

Having said that, one might ask how the legislation of the

European Union

does classify streaming?

Well, the EU has also implemented the WCT and introduced the “making available right” in its Info Society Directive (2001/29/EC).
This means that the legislations of the single member states define streaming as either a broadcast (in the case of point to multipoint) or a communication to the public (in the case of point to point or the on demand use).

Either way and even though it is so popular among Internet users, (illegal) streaming falls foul of the law on copyright.

However, what is

Illegal Streaming

anyway supposed to mean?

Right holders speak of illegal streaming each time when their content is distributed, performed, broadcast or made available on the Internet without said right holders’ permission.

It seems, however, that streaming has become an important part of our online consumer behaviour. We consume content every day and the rise of new technologies has made this type of consumption quite convenient. The reason why some users are lured into illegal offerings basically lies in that they are not offered legally sound ones.

In that respect, right holders should reconsider their business models and keep pace with their “potential” customers and not attempt to dam the streaming instead.

What is your opinion on Ms Escivel’s recommendation? How is streaming regulated in your jurisdiction and what impact does this regulation have on illegal or lawful offerings?

17 May 2011

Click And Gone: 3 Tips How Not To Get Wrapped By An Agreement

Because of the advent of the Internet, many suppliers will more and more often omit to serve their customers with paper based contracts.

In fact, do you ever remember to have signed a real contract with, say, Facebook or Twitter? Good, those may not be the best examples as they (still) provide their service for free. But, what if you were to enter into a consideration based contract and you were not provided an old-fashioned paper copy, but asked to click through a web form instead?

This is the question I would like to address in this blog article. Particularly, I shall show you how to read, understand and deal with such agreements.

Having got started, let me first explain what a

Click-Wrapped Agreement

is supposed to mean.

Terms such as click-wrap and browse-wrap are being more and more used to describe agreements where customers indicate their acceptance to an agreement as well as their readiness to “execute” said agreement by pressing a button on a website.

Recently I had to examine a click-wrapped non-disclosure agreement (NDA) provided by a technology giant known for its preference for web hosted documents.
I was asked a simple question: “Can I sign it (or have it signed)”?

Though I am technology-focused, I had some initial doubts. Sure, I was familiar with click-wrap licenses appearing on your monitor prior to either the download or the installation of a software as well as what courts had ruled on them. But an NDA? It felt somehow strange.

So, tip #1 – read the terms of the agreement.
Check whether it provides for the

Creation Of A Binding Contract

between two (or more) parties.

Basically, you need an offer, which is accepted with the intention to be legally bound. Should this work by clicking an HTML button?
Hmm, why not?
The act of clicking would be the expression of an unconditional acceptance to the terms of the agreement and hence fully sufficient.

Now that we have proved the valid formation of the contract, we should consider our next point:

Who May Press

the button?

Are you a party to the agreement, you can make the click. But what, if someone else should press it?

Time for tip #2 – check whether the person supposed to press the button is also authorised to do so. This is important because the lack of authorisation is likely to challenge the validity of the contract.

Once having identified the proper “signatory” you need to secure your

Evidence

At this stage, you should distinguish between two things: (1) you need an evidence that a contract has come into existence and (2) you must ensure that the content of the contract shall not subsequently be modified or manipulated.

Hence my tip #3 – make sure you are sent an email copy of the contract you have executed by clicking. The copy should bear the execution’s date and all relevant details such as name, address, signatory name etc.
Print out the copy, sign it personally (or have it personally signed by the signatory) and thereafter file it with your lawyer or, depending on your jurisdiction, with a notary public. This is how you can secure at least a prima facie evidence with respect to (1) and (2) above.

Concluding Thoughts

Click-wrapped or browse-wrapped agreements are driven by the online technologies and are ostensibly easy to handle. You have to know that courts have held them to be enforceable, though merely in single instances. Once you have executed such a click-wrap agreement, you should endeavour to better your stand applying an adequate contract management.

Why? In order not to be gone right after your click!

13 May 2011

Why You Cannot Trademark Free Speech

Image by opensource.com on FLickr

4968547682_6577a6d12f_z

In the free speech context, the function of trade marks can be quite complicated. In recent time, trade marks have become a general purpose device for private parties to use when they want to suppress speech they do not like. And they are trying to suppress the speech of others not merely to protect their legitimate economic interests but because of aesthetic and political disagreements.

Anyway, to understand how intertwined trade marks and free speech are, you need first to

Understand Trade Marks

in general.

You should think of consumer protection in order to best understand trade mark law: trade marks are instruments that help consumers orient in an ocean of goods and services and, help them make respective choices. Therefore, trademarks are protectible; albeit to the extent they represent the quality or reputation associated with a product or service. The proprietorship over a trade mark allows trade mark owners to claim damages, when their trade marks are infringed.

But what is a

Trade Mark Infringement

in the first place?

Usually, this is one trader’s act of unauthorised use of a sign that is similar or identical to another trader’s trade mark. First trader’s  unauthorised use must be with respect to products or services identical or similar to those of the second trader, it must further occur in the course of commerce and be likely to create confusion among the consumers as to the origin of first trader’s goods. Why will the consumers be confused? Because they will think the first trader is the source of the products or services and not the second one.

Indeed, this is all legitimate in a commercial context, but should it apply to

Non-Commercial Expressions

of political views?

This question has already been the subject of judicial review, for instance, in Lucasfilm Ltd. v. High Frontier, 622 F. Supp. 933, 934 (D.D.C. 1985) and MasterCard International, Inc. v. Nader 2000 Primary Committee, Inc. 70 U.S.P.Q.2d (BNA) 1046 (S.D.N.Y. 2004).
The judicature’s answer has steadily been a clear “no”.

Likewise, the US District Court for the District of Utah has recently delivered a ruling dismissing the claims of Koch Industries, a billion dollar company, against Youth For Climate Truth, a group concerned about climate change.
In particular, the honourable Justice Dale A. Kimball held

“On its Lanham Act claims, Koch lacks any evidence or plausible theory as to how Defendants could have profited commercially from an anonymous spoof website that sold no products and solicited no donations, that was disclosed only to reporters, and that was only online for a matter of hours. Defendants’ speech proposed no commercial transaction. Instead, it sought to draw public attention to Koch’s controversial stance on a political issue. Koch’s trademark and unfair-competition claims, therefore, fall outside the scope of the Lanham Act and are foreclosed by the act’s commercial-use requirement.”

You can check EFF’s website for further details on the case or read Eileen Rumfelt’s brilliant analysis on trade marks and the First Amendment for further deliberations.

In this respect it appears also worth referring to some French and hence

European Jurisprudence

on political/social uses of a trade mark.
In Greenpeace v. Esso the Paris Tribunal de Grande Instance held that

“the constitutional principle of the freedom of expression implies that the Greenpeace Association…can, in its writings or on its internet site, denounce, in whatever form it feels appropriate to the objective pursued, the environmental damage and the risks caused to human health by certain industrial activities. Although this freedom is not absolute, it can nevertheless only be subjected to the restrictions necessary for the protection of the rights of others …the Greenpeace Association through the modifications… clearly shows its intention…without misleading the public as to the identity of the author of communication…the E$$O symbol… even if it refers to the trademarks held by the respondent company, it is clearly not intended to promote the marketing of products or services…it is of a polemical character that is alien to business life.”

In Greenpeace v. AREVA the same court followed the Esso principles.

What are then the

Consequences

of this all?

It seems that both, legislature and judicature in western-type democracies have provided for the specific purpose of trade marks law: to be a shield against infringement in a commercial context. By the same token, legislature and judicature have well restrained trade mark owners from using the rights conferred by trade marks law as sharp-edged weaponry to pierce the right to political and hence non-commercial speech.

Still asking why no one can trademark free speech? It is simple: trade marks and free speech are fundamentally at odds.

Thoughts?

9 May 2011

Long Arm Jurisdiction: Long Enough To Cross The Atlantic?

Image by Jim Linood on Flickr

2749268746_f4fbbf15f4_z

Imagine you live in the United States and write a blog, compose articles for Wikipedia and contribute for the forum of an online newspaper. You are a really engaged author, but some of your materials happen to defame an individual who lives in the United Kingdom. He is upset and threatens you with a lawsuit, unless you cease writing about him.

Will you comply or will you feel safe being fenced by approximately 9 000 kilometers and at least one different jurisdiction?

Well, if you say that you will rather feel safe, then you should definitely

Read This Post To The End

Why? Because the English High Court held that Mr Louis Bacon was entitled to serve Automatic (the company that runs WordPress), the Wikimedia Foundation (needless to introduce them) and a newspaper based in Denver with so-called Norwich Pharmacal orders (NPO).

The online platforms made available by above entities had been used by the defendants in suit who had published statements, which in the judgment of Mr Justice Tugendhat “passed the threshold of being a good arguable case in defamation”.
The identity of the defendants could yet not be determined.
Now Automatic, the Wikimedia Foundation and the Denver Post will be served with NPO and will have to disclose log details and IP address information and thus support claimant to identify the defendants.

Do you still feel safe?

In fact, Mr Justice Tugendhat has acknowledged the difficulty of the question that had been referred to him.
Nevertheless, he has made great efforts to cite all the authority that supports his holding.

Hence, what is the message to writers of publicly accessible statements that are likely to be considered defamatory?

First, make your research. No matter how harmful your writings are, you cannot be pursued for defamation once you can prove that your contentions are true.
Second, learn about defamation or ask for professional advice in order to determine the border line between being critical or defamatory, and
Third, be careful in choosing the subject of your criticism, because it turns out that English (or other countries’) courts may rely upon a

Long Arm Jurisdiction

reaching across the Atlantic or maybe even farther.

How do you feel about your safety now?

Copyright Notice: What Is Next To The C In A Circle?

Have you ever visited Quora? It is a questions and answers site with some social network characteristics. I visit it twice to thrice a week, mostly on weekends.
When I am there, I look for questions concerning subject matters I believe to be competent in and write corresponding answers.
Why am I saying this all?
Well, because during my visit today, I encountered a question regarding the institute of the copyright notice, particularly what the years’ entries following the © stand for.

I agree, this is something that not many are aware of, but do not worry – I did write this blog post to provide you with the answer!

Let me start spending some words on copyright notices in general.

The copyright notice is a formality developed under US copyright law. It is placed on copies of a work of copyright and basically serves to claim the copyright in such work. Copyright owners were obliged to apply copyright notices on their works in order to attract copyright protection, but since 1 March 1989 this mandatory regime has turned into a voluntary one.
By contrast, the vast majority of authors’ rights countries never relied upon copyright notices.
Hence, all you need to know about them is that they are no mandatory

Conditions

to attract copyright in a work.

Despite, there is a practical effect one should not underestimate: the defence of innocent infringement shall not succeed if the defendant had access to copies bearing a copyright notice.
Thus owing to the emerging globalisation and knowing that the US represent the largest market for works of the mind, even non-US copyright owners apply a copyright notice to their works. What is nowadays’ copyright notices’ primary field of application? I would say it comprises of websites and computer software.

Good, but what does the year following the copyright symbol (that would be the year 2007 in the sketch above) stand for?

This is the

Date Of First Publication

of the work.

Why is this date important? Because under the Berne Convention this is the date that activates a work’s copyright protection. Since copyright is subject to a certain duration, the counter for that work’s protection starts ticking on the date of its first publication.

But sometimes there is another date applied to the copyright notice and it follows the date of first publication, somewhat like the year 2011 in the burlesque sketch above – what is it?

Well, now you are about to enter an area that is reserved only for specialists.

The second date is the date on which the author or copyright owner (or someone authorised by the author/copyright owner) has completed a

Derivative Work

out of the original work.
Derivative work? What is this?

17 US Code, Section 101 defines the derivative work as a work based upon one or more preexisting works. In the realm of a website, for instance, this may be a major update incl. new pictures added, design changes and so on.

Why is the date of completion important? Because derivative works also qualify for copyright protection. Applying the date of their completion equals the signal gun announcing their duration’s countdown.

That would be my answer.
I have not missed something, have I?

6 May 2011

VPR v John Does: IP Subscribers ≠ Copyright Infringers

Anonymous-Suit-black High Resolution PNG (2404 x 3890)photo © 2010 OperationPaperStorm | more info (via: Wylio)

Who remembers Depeche Mode’s People Are People?
It basically says that people are different: they are different colours and have different needs.
In a more or less similar spirit, a court order issued by the Honourable Harold H. Baker, justice at the United States District Court for Central Illinois, says that people are different from IP Addresses.
Not that we did not know it, but now it is official.

I guess that, during the last couple of months, you have obtained knowledge of the much criticised mass litigation conducted by (alleged) right-holders in Europe and, particularly in the United States.

In fact, one could speak of an

Emerging Business Model

that had some success, but now seems to have been dampened.

Why? What happened?

VPR, a Montreal-based producer of adult entertainment content (claimant) filed a complaint against 1,017 John Doe defendants who had allegedly involved in file-sharing. Claimant was not aware of the identity of the alleged infringers, but was in the possession of their Internet Protocol (IP) addresses. Since Internet Service Providers (ISP) assign IP addresses to their subscribers, claimant moved to obtain so-called Doe subpoenas directed to the ISP with the clear aim to determine the identity of the Does.
ISP would have been under an obligation to reveal their subscribers’ identity, had claimant only been granted the subpoenas.

Yes, you may trust your eyes:

His Honour denied

claimant’s motion in an outright manner.

Justice Baker reasoned upon his order citing a press article which reported how a family was falsely raided by federal agents after a neighbour of that family had misused their WiFi connection to share illegal material. Not surprisingly, the agents had obtained a Doe subpoena prior to the raid.

Having carefully scrutinised the list of IP addresses attached to VPR’s complaint, His Honour found that it suggested, in at least some instances, a disconnect between IP subscribers and copyright infringers and that such disconnect could occur in another family or individual entering into a conflict with the law.
He thus refused to assume responsibility for causing harm to (very likely) innocent Internet users.

I say Justice Baker’s approach

Deserves Acclaim

Why?
Because mass-litigation conducted by copyright trolls relies on the speed kills principle: the proceedings must go fast, involve thousands of defendants and be cheap. Claimants seek to identify their victims and serve them with settlement agreements to make them pay amounts that undercut the cost necessary to procure legal defence. The victims must be put under pressure and have no or just very little time to react.
Hence, every obstacle on the way to a settlement agreement may prove decisive for a copyright troll’s business model.
Justice Baker’s dismissal is such an obstacle and it can make the Canadian copyright troll drop its claims.

Therefore, three cheers to His Honour and his responsible finding.
After all, IP subscribers and copyright infringers are not necessarily the same.

Or have I missed something?

4 May 2011

Who Can Win The Cold War Of Software Patents?

Looking out for Bilski: software patents v. FOSSphoto © 2010 opensource.com | more info (via: Wylio)

You know it already: Google got hit by a software patent (5,893,120).
Well, that was the decision of the court at first instance and Google is expected to appeal it, but nevertheless it must have hurt. Not the loss of USD 5 Million which Google can easily reimburse out of its petty cash account.
It is about more, far more.

According to Florian Mueller of FOSS Patents the decision is highly significant and will put all of Linux into doubt. On the other side there is Dana Blankenhorn who, citing the CTPN decision, disagrees.

Either way, the question here is why does a case like this attract such attention? I guess the reason lies in that it deals with the highly controversial issue of software patents…

What Are Software Patents All About?

A citation from Van Lindberg’s book  Intellectual Property and Open Source provides for a very good answer: Patents are the most expensive and powerful weapons in an IP arsenal. For some companies, particularly pharmaceutical companies, patents are the lifeblood of invention and the key to profitability. For other companies, particularly software companies, patents are the rough equivalent of madly proliferating nuclear weapon arsenal.

It is obvious: the current legislative framework in which software companies work and compete, allows the patenting of software-related inventions. As a matter of fact, software companies appear to amass software patents not to market and sell them, but to either drive a competitor out of business or to prevent that their competitors drive them out of business.

Having read this, you truly felt the frosty breeze of the Cold War, did you not?

Let me even further amplify this feeling: the Nuclear Non-Proliferation Treaty (NPT) signed during that time between the nuclear powers stands a good comparison to the nowadays patent cross-licensing agreements entered into by technology giants such as Microsoft, Apple, HP and Google.

But even when a nation has a

Powerful Nuclear Arsenal

it is still vulnerable to non-conventional attacks or asymmetrical threats of non abiding adversaries. Last two decades’ terror acts were a good demonstration thereof. They were not performed by the armed forces of “competing” nations, but rather by decentralised rogue organisations.

Likewise, Google’s participation in cross-licensing agreements or patent pools could not hold it harmless from the claims of Bedrock Computer Technologies (BCT).
But who or what is BCT?
It is not a technology vendor, but a so called non-practicing entity (NPE). Or a patent troll, if you prefer. Other such trolls that have gained public attention in recent time are NTPi4i and Acacia.

The end of the Cold War was accompanied by the rise of rogue organisations I mentioned above.
By the same token, patent infringement proceedings under the involvement of patent trolls emerged in the last couple of years. NPE v RiM, Software Tree (an Acacia affiliate) v Red Hat or i4i v Microsoft, to mention some.
Is this a sign that the software patent cold war is over? Well, not really and Nokia’s patent infringement lawsuit against Apple is a good demonstration. Will there be a winner? I strongly doubt it.

What does it mean? It means that the economy simply needs

Another Solution

Something in the sense of the SALT and START treaties which heralded the end of the Cold War. In addition, the economy needs protection against patent trolls whose objective is not to drive innovation but rather the opposite of it.
We as individuals and consumers have also a great interest in finding a solution since we pay the price of its procrastination.

The US Supreme Court missed its historical opportunity In Re Bilski.
Will it err also in i4i v Microsoft?

I hope not and will therefore provide it with a piece of advice, thereby citing (a portion of) the statement of Adobe’s Douglas Brotz during a hearing before the USPTO:

Let me make my position on the patentability of software clear. I
believe that software per se should not be allowed patent protec-
tion.  I take this position as the creator of software and as the
beneficiary  of the rewards that innovative software can bring in
the marketplace...
The problems inherent in certain aspects of  the  patent  process
for  software_related inventions are well_known, the difficulties
of finding and citing prior art, the problems of obviousness, the
difficulties of adequate specifications for software are a few of
those problems. However, I argue that software should not be  pa-
tented,  not  because it is difficult to do so, but because it is
wrong to do so.

 

30 April 2011

Sony PSN: Clueless And Breaching

Playstation 3: Sixaxis Wireless Controllerphoto © 2008 włodi | more info (via: Wylio)

Not that I wish to blog so often on data protection, but some technology giants would not give me a break.

Last week I covered the (very likely) unlawful data collection practice of Apple’s iPhone and this week I decided to spend some words on the fact that

Sony Leaked Personal Data

particularly credit card data from its Play Station Network.

Ars Technica have been reporting during the last few days, here is the most current update as of the writing of this article.
According to Sony, “It is possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained.”

What is this if not a

Personal Data Breach?

Some of you will remember that at the end of 2009 the European Union updated its Telecoms Package and, as a part thereof, the ePrivacy Directive. The European lawmakers sharpened the provisions on privacy and introduced a data breach notification requirement in order to prevent data loss debacles.

The updated ePrivacy Directive mandates that in the event of a personal data breach, providers of publicly available electronic communications services shall, without undue delay, notify the personal data breach to the competent national authority in charge for data protection.

Now read the italic type again. What providers does it cover? Only telcos, right? One could ask:

Must Sony Notify Its Breach?

Well, seemingly not under the ePrivacy Directive since Sony should not be defined as a telco.
Funnily, during the negotiations of the Directive’s final version, the European Parliament demanded that all providers of “information society services” be subjected to the data breach notification duty. Sony is, inter alia, a provider of information society services – check the definitions of the E-Commerce Directive (2000/31/EC). Hence, that demand would have covered Sony, had it only been implemented.

However, European Union Directives normally set only minimum requirements and leave member states with a certain amount of leeway as to the exact rules to be transposed.

Member states such as Germany, Spain, Austria and Ireland did not limit the data breach notification duty to only telcos. They rather chose to oblige the so-called data controller under the Data Protection Directive (95/46/EC). Thus, they have achieved a much broader scope of applicability.
Data controller’s definition clearly puts

Sony Under An Obligation

to notify the respective data protection authorities of above member states.
To the best of my knowledge, Sony has not yet undertaken such a notification – it has been dangerously clueless for more than two weeks instead.

What Is The Moral Of The Story?

The data breach notification was introduced as a consequence of recent years’ high-profile incidents of personal data loss across Europe.
Who forgot the T-Mobile data loss or the UK privacy debacles?
Now, it seems, Sony has joined the data breach elite.
See, what the consequence therefor will be.

 

29 April 2011

5 Tips To Avoid Troubles In The Cloud

Lightningphoto © 2010 scyllarides | more info (via: Wylio)

Couple of days ago I had to review an agreement on cloud computing services that one of the major suppliers in this realm had submitted. When I went through the terms and conditions, I could not gain the impression that the supplier has a great confidence in its capability to deliver the service in question. I found some of the terms even so onerous that I had to consider a strategy to protect my client from getting electrocuted in that supplier’s cloud!

Having thought that sharing some tips on the Reguligence Weblog would be of interest for its readers, I have composed the following list:

1. Service Availability

This agreement reminded me of a telecommunications contract: the supplier basically grants recipient an access to its infrastructure environment and the recipient pays a use-based fee in return.
However, the supplier offers its service on an “as-is” basis and does not warrant any specific availability or quality.
Hence, you should not go for it, if you intend to run a mission critical system in the cloud or your business requires a reliable service performance. You can either endeavour to negotiate different terms or opt for a specifically tailored solution. In both cases the payments are very likely to increase. If you re-sell your services, you should endeavour to limit your liability towards your recipients.

2. Warranties

As mentioned in the beginning of the article – the service supplier seems not confident in its service capabilities. The supplier merely warrants to perform the service with a reasonable care and workmanship. Should you accept it? Well, unless your business model mandates otherwise… You could also suggest a discretionary payment language, something like payment shall be subject to recipient’s overall satisfaction and wait for supplier’s reaction.

3. Liability

What damage are you likely to suffer during such a service delivery? Hmm, maybe loss of data and loss of profit due to a service interruption or an outage? Yes, I guess they are the likeliest to occur, but I  feel you can already assume that, they are –  what? – excluded, what else?
So, make sure you have not entered into an obligation to recover your customer for such losses because this could ruin your business!

4. Data Security

From what I did read, I would never encourage you to upload sensitive data onto the cloud… Again, your supplier is neither liable to keep them secret and confidential nor to retrieve them if they happen to disappear.

5. Data Protection

Albeit this is the last topic on my list, it is very wise to pay special attention to it because data protection may be a very tricky issue under the jurisdiction of a EU member state. Beware if you have to upload personal data onto the cloud – your supplier has access to them and is eager to process them for its own purposes! And this is the catch: personal data must be obtained and processed only for a specified purpose. I bet your purpose will differ from the one of your supplier. Besides, as a general rule personal data must not be transferred outside the European Economic Area, so make sure you have read and understood your cloud services agreement or process previously anonymized data only.

My Final Say

Cloud services may be a great thing if you need a specific infrastructure whose purchase for a single project would not pay off.
On the other hand, cloud services agreements seem to be too much supplier oriented and, as a matter of fact, detrimental to the recipient.

Make sure you do not use cloud services to run mission critical tasks, at least not before you have spoken with your trusted lawyer!

Cloud Texture 11photo © 2009 Jacob Gube | more info (via: Wylio)

Questions, suggestions, opinions? Just use the comment function below.

27 April 2011

Draining The Spam Flood: FBI vs Coreflood Botnet

According to Wikipedia, Computer crime, or cybercrime, refers to any crime that involves a computer and a network, i.e. the Internet.
Since the Internet is a global network and can be accessed anywhere in the world, combating cybercrime has become a real challenge.

Therefore, I must say that I was all the more glad when I read Ars Technica’s report on

FBI’s Beheading Of The Coreflood Botnet

Coreflood is a malicious software used by its controllers to steal online banking credentials from a victim’s computer to loot their financial accounts. This means that the operators of Coreflood have made themselves guilty of several offences penalised by the

Cybercrime Convention

such as computer related fraud and computer related forgery.

The convention has been signed and ratified by the majority of the industrial states, thereby including the USA and the vast members states of the European Union.
The signatory states have undertaken to transpose convention’s catalogue of crimes into their own law.

For instance, the USA have addressed the most of them in the 18 USC § 1028 and I guess that the above acts of the FBI agents grounded thereupon.

However, it has not all been

Sunshine And Roses

The FBI seems to have used a stealth mode to access infected computers in order to remove the malware from them. Consequently, it would be the first time a government agency accessed and automatically removed code from Americans’ computers.

Although I appreciate what FBI did in terms of cyber security, I could never acclaim the government to access my computer, no matter how noble its purpose was.

What about you?