Category Archives: Law

Nothing to Hide, Nothing to Fear?

Interception of Communications Commissioner“If you’ve nothing to hide then you’ve nothing to fear” is often trotted out in the debate around privacy and secrecy. Superficially it seems reasonable but even with a modicum of critical thinking, the adage becomes trite and flawed. However, even if you did believe that “nothing to hide, nothing to fear” was reasonable, then the latest report from the British 2011 Annual Report of the Interception of Communications Commissioner (.pdf) ought to give food for thought.

The report covers the Regulation of Investigatory Powers Act (RIPA) which includes the postal service, telephony and electronic forms of communication, and can be carried out for both law enforcement and national security purposes. There are two distinct areas, the first being the interception of communications and the second being the acquisition of communications data. Simplistically, the first area is about directly listening in on a communication and the second is about who, when and where a communication took place.

In 2011, the total number of lawful interception warrants for the UK was 2911, and this all seems quite reasonable, given the population of the UK (60-odd million). However, in amongst the successful security operations, we also find that the security and associated agencies made 42 mistakes (1.4%), usually through typographic errors. In all instances, the error was discovered before the intercept took place or else all the material associated with intercept was destroyed.

Communication data requests cover information about communications, mainly subscriber data, service use data and traffic data, rather than the content of the communication itself. There were 494 078 communication data requests in 2011, an 11% decrease on the previous year. As you might guess, there were a few errors there too, with 895 mistakes being reported. Although this represents an error rate of only 0.18%, I’m sure it will be of little comfort to the two wholly innocent individuals who were arrested by the police because of these mistakes. Again typographic errors in the transcriptions of phone numbers or IP addresses were largely to blame but of additional concern was that nearly 100 of the errors were identified by auditors and weren’t recognised at the time of the requests.

If you think that because you’ve nothing to hide then you’ve nothing to fear, think again. You’ve everything to fear from the transposed digit, the wrong post code look-up and the minimum-wage flunky copying and pasting from the wrong records.

Probably not what you were worried about at all.

Judge Dismisses Patent Lawsuit: Apple vs. Motorola

U.S. Federal Judge Richard Posner of U. S. District Court for the Northern District of Illinois ruled on Friday, June 22, 2012, that Apple cannot seek an injunction against Motorola Mobility in Apple’s lawsuit about smartphone patents. Judge Posner has thrown out the case “with prejudice”, which means that neither Apple nor Motorola can refile this case. There is the potential for an appeal to be filed.

Judge Posner has not been pleased with this lawsuit from the beginning. He has already ruled that the testimony of some expert witnesses was inadmissible. Earlier this month he came to the conclusion that the case would be dismissed, and he canceled the trial date. But later on, Apple requested for a hearing where both Apple and Motorola could make their arguments for damages claims. Judge Posner agreed to that. After hearing the arguments, Judge Posner was very unimpressed.

In regards to why he threw out this case “with prejudice”, Judge Posner said:

“It would be ridiculous to dismiss a suit for failure to prove damages and allow the plaintiff to refile the suit so that he could have a second chance to prove damages”.

In short, the Judge concluded that Motorola can’t obtain an injunction against Apple in relation to patents that Motorola licensed under FRAND, (which stands for fair, reasonable, and nondiscriminatory) terms. Once you do that, the implication is that a royalty is adequate compensation for a license to use that particular patent.

He described Apple’s legal tactics as follows:

“A patentee cannot base a claim to an injunction on a self-inflicted wound, such as sponsoring a damages expert who prepares a demonstrably inadequate report”. He also went on to say: “in its latest written and oral submissions Apple attempts what I told its legal team at a pretrial conference I would not let it do in the liability trials then envisaged: turn the case into an Apple verses Motorola popularity contest. Apple wanted me to allow into evidence media reports attesting to what a terrific product the iPhone is”.

Image: Stock Photo Gavel by BigStock

Facebook Will Have to Pay $10 Million Settlement

Have you ever gone on Facebook, and noticed an ad at the side of the page that had a photo of one of your friends in it? How often have you seen a Facebook ad that pointed out that one of your friends “likes” a particular product or company? These types of advertisements are called “Sponsored Stories”, and Facebook has gotten into a lot of trouble for creating them.

Five Facebook members filed a class-action lawsuit in federal court in San Jose, California. They said that Facebook violated California law by publicizing when a user clicks “like” on the pages of certain advertisers and putting that information into its “Sponsored Stories” feature. Facebook did not give users a way to opt out of having their “likes” included in advertisements in this way, and it did not pay the users whose likenesses or opinions that it used.

The case was heard by U.S. District Judge Lucy Koh about a month ago, but the results of the case are just being made public now. The Judge decided that the Facebook users who filed this lawsuit were able to show that “economic injury could occur through Facebook’s use of their names, photographs, and likenesses”. The state of California has a law that protects a person’s name and likeness against it being appropriated for the advantage of the person or company that decided to just go ahead and use it, without having the permission to do so.

As a result of this lawsuit, Facebook will be paying $10 million to a charity. I haven’t seen anything that states which specific charity the money will go to.

I find this entire case very interesting, because I’ve always wondered about the hidden, inner workings of Facebook that resulted in seeing my friend’s faces appear in their “Sponsored Stories” advertisements. Sometimes, I’ve wondered if my Facebook friends were seeing my photo, or my name, attached to some company that I “like”. I live in California, so, it seems to me that I won’t have to wonder about this any longer.

It does raise a question, though. Can Facebook continue to use the photos, likenesses, and “likes” of users who live in a state that doesn’t have laws that prevent companies from using this type of stuff in their advertisements (without asking, or paying, the users who it takes them from)? Are my family members who use Facebook, and who live outside of California, protected from having their face wind up in a “Sponsored Story?”

Image: Photo Hand Cursor Thumb by BigStock

RIAA Says LimeWire Owes it $72 Trillion

Around four years ago, the Recording Industry Association of America (RIAA) filed a lawsuit against LimeWire. The RIAA was suing on behalf of several music labels. In short, the RIAA claimed that LimeWire’s P2P software, which allowed people to download and distribute copyrighted songs for free, caused the music industry to lose millions of dollars. The RIAA won that case. All that was left was to figure out how much LimeWire now owed the RIAA as a result.

The RIAA came up with a figure that most people would find to be astounding. They want LimeWire to pay them $72 trillion. The RIAA feels that since LimeWire allowed thousands, (or maybe millions), of people to illegally download one, or more than one, of the 11,000 songs that the RIAA owns that it means the members of the RIAA are now entitled to statutory damages for every single illegal download that occurred.

Judge Kimba Wood has called that figure “absurd”. Judge Wood went on to say, in a recent decision:

“An award based on the RIAA calculations would amount to more money than the entire music industry has made since Edison’s invention of the phonograph in 1877.”

It is also worth noting that the estimated wealth of the entire world is around $60 trillion. I’m not sure why the RIAA thought that LimeWire would be able to somehow come up with more money than what all of the people in the entire world, all together, are estimated to have. To me, this sounds impossible.

Instead, it appears that LimeWire is facing statutory fines of up to $150,000 for each violation of copyright that they allowed to occur. That could mean that LimeWire may end up owing the RIAA around $1 billion dollars. How LimeWire would manage to pay that much money in damages is unknown.

Apple to the DOJ: You are Wrong.

Apple vs DOJ As I reported before Apple and various publishers have been sued by the DOJ for price-fixing and collusion in US VS Apple. Apple responded today with a brief statement saying “ it’s not true.” Apple stated that they broke Amazon’s e-book monopoly and therefore did a good thing.  Others, myself included would argue that the agency model has artificially raised prices for the consumer. This is a case where clearly the market is being manipulated to the advantage of a certain segment. In Apple’s statement they pointed out that before the iBook Amazon controlled ninety percent of the e-book market two years later it is down to 60 percent. The question may become whether which is more important the percentage of the market in numbers that a business controls or is it the ability to control pricing within that market. Apple controls less than 40 percent of the eBook market but because of their agreement with the publishers they and the publishers control the prices. Many legal experts think that it maybe difficult for the DOJ to win this case, especially the collusion charge. The papers filed by the DOJ clearly show that the various publishers met in secret in an attempt to block Amazon’s ability to sell their books at a discount. However there is little evidence that Apple participated in those meetings. Apple can argue that the publishers may have colluded but they had nothing to do with that. Apple definitely has the money to fight this case, so don’t expect a quick settlement. Sit back and relax, because this fight has just begun.

Yahoo Sues Facebook Over Ten Separate Patents

Yahoo has filed a patent infringement suit against Facebook. The case has been filed in federal court in San Jose, California.

Yahoo says that it is suing over ten patents that are related to web-based advertising. Yahoo is also suing because the company says that Facebook is using a social networking model that is based on Yahoo’s patented social networking technology.

In plain English, here are the things that this dispute is about:

US Patent 7454509 Online Playback system with community bias
This refers to a music station that selects what songs to play based on what you and your friends have indicated that you like to listen to.

US Patent 7599935 Control for enabling a user to preview display of selected content based on another user’s authorization level
This one is basically talking about the News Feed page in Facebook. Everything you see is there because your friends decided to share that content with you.

US Patent 5983227 Dynamic Page Generator
The easiest way to describe this is to say that it is talking about an individualized homepage that you can modify and customize to better suit your own personal interests.

US Patent 7747648 World Modeling using a relationship network with communication channels to entities.
In short, this patent is talking about a system that allows you to send a private message to someone else that you have connected with within a particular social media system. It is talking about the “e-mail” that you get within Facebook.

US Patent 7406501 System and method for instant messaging using an e-mail protocol
This patent refers to the instant messaging system that you can use to talk to other people who are also on Facebook. In other words, the chat function.

US Patent 6907566, US Patent 7100111, and US Patent 7373599 Method and system for optimum placement of advertisements on a webpage
These three patents are all referring to when Facebook places an ad on its website that is based on things you have done before. Those ads that sit on the side of your Facebook page are specifically targeted to your interests, based on what you clicked on or “liked” in Facebook.

US Patent 7668861 System and method to determine the validity of an interaction on a networking
This patent refers to the system that Facebook uses to figure out if someone who joined Facebook is a real person. It uses the data posted by said user to make that determination.

US Patent 7269590 Method and system for customizing views of information associated with a social network user.
Have you ever logged into Facebook and noticed that one of your friend’s current profile photos has been displayed? This patent refers to the system that is used to decide which friend’s photos you will see.

Image: Facebook Social Media by BigStock

The Data Retention Act vs Protect Our Children from Pornography Act

justiceWhat if I told you there was a bill that would make it easier for law enforcement to stop child pornography and protect children, would you be for it. What if I told you that there was a bill that forced ISP to retain their customer names, addresses, phone numbers, credit card numbers, bank account numbers and temporary assigned ISP addresses. What would you think of that bill. Well, what you say if I told you it was all the same bill, well it is. The House Judiciary Committee passed HR 1981- The Protecting Children from Internet Pornographers Act of 2011. If this bill passes the full House and Senate and becomes law it would require ISPs to keep 12 months worth of personal information. Anyone with access to the information would be able to tell what web sites you visited and what content you posted on-line. Those who support the legislation say it will help law enforcement fight child pornography, because there will be a semi-permit record to follow and the pornographers will not be able to hide their tracks. Those who oppose the legislation including the EFF say it assumes that everyone is guilty and that it erodes the rights of everyone online.

Of course the title of this bill, makes being against it difficult. What nobler cause is there then being against child pornography. The problem with this line of thinking is that it is so easy to give up rights in the name of security or to protect a vulnerable group, it is a path we should only take if absolutely necessary. There are already various laws and technologies that deal the same issue including the 2008 “Protect Our Children Act” which already requires ISP’s to report any time they have actual knowledge of possible transmission of child pornography. If this bill does become law and once the data is collected don’t be surprised if other interest including the RIAA and the MPAA will begin to want access to this same data in their ongoing fight against piracy.

Not only does this bill erode users rights and privacy, but it puts a burden on the ISPs to not only maintain those records, but to protect that information from hackers. Recent history has shown that this is very difficult and costly. Larger ISP can handle the cost, smaller ISPs may not have the means to handle the burden. This may lead to less choice for the consumer in the long run Also the more tech savvy pornographers will find ways around the system by using Tors, open wi-fi, bots and other methods. The question becomes how much privacy and rights of the innocents are we willing to give up to maybe stop the guilty.

Are We All Thieves?

The history of advancing technology is long littered with accusations of copyright infringement along with charges of outright thievery.

The problem seems to stem from ever-changing definitions of what comprises a song, a performance, or a book. Back in the days when the player piano was invented, musicians themselves seemed to define a song as a live performance. Hence, the spreading invention of mechanical player pianos and reproduced sheet music would somehow destroy music itself.

Of course, what actually happened was that rather than being destroyed, music was promoted and ultimately became more popular.

Music is not the piano rolls, nor is it vinyl records, audiocassettes, or CD’s. These are simply physical transmission mediums. It could also be equally argued that MP3 or other digital file formats are not the actual music either, though they are heavily intertwined.

Can’t we as consumers be honest? How is it that so many of us can think nothing of illegally downloading media, yet wouldn’t think of stealing a physical object without paying for it?

Those who continue to rationalize that it’s “okay” to illegally download copyrighted music, movies and other copyrighted materials are thieves. Would you enjoy having your stuff stolen? Are excuses popping up in your mind why wrong is right and right is wrong? If so, you failed the test. If you have to make an excuse to yourself or anyone else to justify your behavior, you are wrong. If you find yourself the victim of a thief, how can you then turn around and complain? Isn’t that the pot calling the kettle black?

The solution to the problem is easy. Get what you want by legitimately paying for it. If you don’t want to pay for it, don’t be a thief by stealing it.

On the other hand, if you don’t like the less-than-stellar behavior of certain media-production organizations, the solution is equally easy. Don’t consume their products. Turn them off. Pull the plug. The world won’t come to an end. You will survive. The age we live in is filled to the brim with alternative entertainment and information sources that make it possible to reduce or completely eliminate the need to consume copyrighted material, if that is your wish.

Google Acted Illegally in UK

Google LogoThe UK’s Information Commissioner today confirmed that Google breached UK’s Data Protection Act when the Street View cars captured personal data while collecting wi-fi network information.

As a result of this, Google will be required to sign an undertaking to take steps to ensure that breaches of the Act don’t re-occur.  Google will then be audited in nine month’s time to confirm that the required policies and training has taken place. Finally, once any legal obstacles have been cleared, Google will have to delete the personal data from the UK.

Currently, the Information Commissioner does not intend to fine Google, but will take further action if necessary

Information Commissioner's OfficeThe Commissioner, Christopher Graham said,  “It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act.  The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again – and to follow this up with an ICO audit.”

What’s interesting about this is that the Information Commissioner’s Office (ICO) had previously decided not to take action against Google because the sample data shown to the ICO was considered to be fragmentary and therefore unlikely to constitute personal data.

However, Google’s Alan Eustace admitted on Google’s own blog that, “A number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded). It’s clear from those inspections that whilst most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.”

The Commissioner then infers that because this happened in other countries, it happened in the UK, even if most of the data was fragmentary.  You can read the Commissioner’s letter to Google Inc here.

Personally, I’m pleased that Google is being held to account.  Far too often it seems that big business gets away with abusing our personal information.

13,000 Named in Adult Film Downloads

The names of thousands for BT & Sky broadband customers who had allegedly illegally downloaded adult material have been leaked on-line.  The lists appear to have been obtained from servers of a law firm ACS:Law by the notorious 4chan group.

ACS:Law had obtained the lists from ISPs Sky and PlusNet (owned by BT) and had been using the information to send out letters to the alleged copyright infringers demanding money.  Many of those accused have denied downloading any adult material.

Both PlusNet & Sky had been forced to hand over the information by a court order and sent the data by email.  It now transpires that BT failed to encrypt the data files during transmission.  However, it is believed that data was stolen by 4chan members after they accessed ACS:Law’s server and then posted on-line at the Pirate Bay.

In addition to the lists of users, confidential messages regarding the cases, money made and personal correspondence were also posted.  Reports vary in the total number named as the leaks keep coming but it appears to be over 13,000 people so far.

The UK’s Information Commissioner is now investigating ACS:Law for possible breaches of the Data Protection Act.  If found guilty, the Commissioner can fine organisations up to £500,000 ($750,000).  Christopher Graham said, “The question we will be asking is how secure was this information and how it was so easily accessed from outside. We’ll be asking about the adequacy of encryption, the firewall, the training of staff and why that information was so public facing.”

ACS:Law was already under investigation by the Solicitors Regulation Authority for its role and tactics when sending out the letters to the alleged filesharers.  PlusNet has an FAQ explaining its role in the debacle.

This story has been running for a couple of days, but it just gets worse and worse.