Entries Tagged "laws"

Page 12 of 35

Demands from Law Enforcement for Google Data

Google releases statistics:

Google received more than 15,600 requests in the January-June period, 10 percent more than the final six months of last year. The requests in the latest period spanned more than 25,400 individual accounts worldwide – a tiny fraction of Google’s more than billion users.

[…]

The highest volume of government demands for user data came from the U.S. (5,950 requests, a 29 percent increase from the previous six-month stretch); India (1,739 requests, up 2 percent); France (1,300 requests, up 27 percent); Britain (1,273 requests, up 10 percent); and Germany (1,060 requests, up 38 percent).

[…]

The company usually complies with at least a portion of most government demands. Google has said that it often has little choice because it must obey laws in the countries where it operates. The alternative is to leave, as it did last year when it shifted its search engine to Hong Kong so it wouldn’t have to follow mainland China’s censorship requirements.

In the U.S., Google gave federal, state and other agencies what they wanted 93 percent of the time. The nearly 6,000 requests affected more than 11,000 user accounts during the January-June period.

In India, Google honored 70 percent of the 1,739 requests, which targeted more than 2,400 users, the second highest totals.

Google, which is based in Mountain View, Calif., rejected the most government demands for user information in Argentina, where 68 percent of the requests were denied. Less than 50 percent of the government requests for user data were complied with in Canada, Chile, France, Hong Kong, Mexico, the Netherlands, Russia, Turkey and South Korea.

I’m sure they have an office full of attorneys versed in the laws of various countries.

Another article.

Posted on October 26, 2011 at 5:54 AMView Comments

Discovering What Facebook Knows About You

Things are getting interesting in Europe:

Max is a 24 year old law student from Vienna with a flair for the interview and plenty of smarts about both technology and legal issues. In Europe there is a requirement that entities with data about individuals make it available to them if they request it. That’s how Max ended up with a personalized CD from Facebook that he printed out on a stack of paper more than a thousand pages thick (see image below). Analysing it, he came to the conclusion that Facebook is engineered to break many of the requirements of European data protection. …

The logical next step was a series of 22 lucid and well-reasoned complaints that he submitted to the Irish Data Protection Commissioner (Facebook states that European users have a relationship with the Irish Facebook subsidiary).

EDITED TO ADD (11/14): The 22 complaints are here

Posted on October 18, 2011 at 6:34 AMView Comments

Three Emerging Cyber Threats

On Monday, I participated in a panel at the Information Systems Forum in Berlin. The moderator asked us what the top three emerging threats were in cyberspace. I went last, and decided to focus on the top three threats that are not criminal:

  1. The Rise of Big Data. By this I mean industries that trade on our data. These include traditional credit bureaus and data brokers, but also data-collection companies like Facebook and Google. They’re collecting more and more data about everyone, often without their knowledge and explicit consent, and selling it far and wide: to both other corporate users and to government. Big data is becoming a powerful industry, resisting any calls to regulate its behavior.
  2. Ill-Conceived Regulations from Law Enforcement. We’re seeing increasing calls to regulate cyberspace in the mistaken belief that this will fight crime. I’m thinking about data retention laws, Internet kill switches, and calls to eliminate anonymity. None of these will work, and they’ll all make us less safe.
  3. The Cyberwar Arms Race. I’m not worried about cyberwar, but I am worried about the proliferation of cyber weapons. Arms races are fundamentally destabilizing, especially when their development can be so easily hidden. I worry about cyberweapons being triggered by accident, cyberweapons getting into the wrong hands and being triggered on purpose, and the inability to reliably trace a cyberweapon leading to increased distrust. Plus, arms races are expensive.

That’s my list, and they all have the potential to be more dangerous than cybercriminals.

Posted on September 23, 2011 at 6:53 AMView Comments

An Interesting Software Liability Proposal

This proposal is worth thinking about.

Clause 1. If you deliver software with complete and buildable source code and a license that allows disabling any functionality or code by the licensee, then your liability is limited to a refund.

This clause addresses how to avoid liability: license your users to inspect and chop off any and all bits of your software they do not trust or do not want to run, and make it practical for them to do so.

The word disabling is chosen very carefully. This clause grants no permission to change or modify how the program works, only to disable the parts of it that the licensee does not want. There is also no requirement that the licensee actually look at the source code, only that it was received.

All other copyrights are still yours to control, and your license can contain any language and restriction you care to include, leaving the situation unchanged with respect to hardware locking, confidentiality, secrets, software piracy, magic numbers, etc. Free and open source software is obviously covered by this clause, and it does not change its legal situation in any way.

Clause 2. In any other case, you are liable for whatever damage your software causes when used normally.

If you do not want to accept the information sharing in Clause 1, you would fall under Clause 2 and have to live with normal product liability, just as manufacturers of cars, blenders, chainsaws, and hot coffee do.

Posted on September 23, 2011 at 5:22 AMView Comments

The Legality of Government Critical Infrastructure Monitoring

Mason Rice, Robert Miller, and Sujeet Shenoi (2011), “May the US Government Monitor Private Critical Infrastructure Assets to Combat Foreign Cyberspace Threats?International Journal of Critical Infrastructure Protection, 4 (April 2011): 3–13.

Abstract: The government “owns” the entire US airspace–it can install radar systems, enforce no-fly zones and interdict hostile aircraft. Since the critical infrastructure and the associated cyberspace are just as vital to national security, could the US government protect major assets–including privately-owned assets–by positioning sensors and defensive systems? This paper discusses the legal issues related to the government’s deployment of sensors in privately owned assets to gain broad situational awareness of foreign threats. This paper does not necessarily advocate pervasive government monitoring of the critical infrastructure; rather, it attempts to analyze the legal principles that would permit or preclude various forms of monitoring.

Posted on September 7, 2011 at 2:32 PMView Comments

Data Privacy as a Prisoner's Dilemma

Good analysis:

Companies would be better off if they all provided meaningful privacy protections for consumers, but privacy is a collective action problem for them: many companies would love to see the ecosystem fixed, but no one wants to put themselves at a competitive disadvantage by imposing unilateral limitations on what they can do with user data.

The solution—and one endorsed by the essay—is a comprehensive privacy law. That reduces the incentive to defect.

Posted on July 28, 2011 at 6:27 AMView Comments

Status Report on the War on Photography

Worth reading: Morgan Leigh Manning, “Less than Picture Perfect: The Legal Relationship between Photographers’ Rights and Law Enforcement,” Tennessee Law Review, Vol. 78, p. 105, 2010.

Abstract: Threats to national security and public safety, whether real or perceived, result in an atmosphere conducive to the abuse of civil liberties. History is littered with examples: The Alien and Sedition Acts of 1798, the suspension of habeas corpus during the Civil War, the Palmer Raids during World War I, and McCarthyism in the aftermath of World War II.Unfortunately, the post-9/11 world represents no departure from this age-old trend. Evidence of post-9/11 tension between national security and civil liberties is seen in the heightened regulation of photography; scholars have labeled it the “War on Photography” – a conflict between law enforcement officials and photographers over the right to take pictures in public places. A simple Google search reveals countless incidents of overzealous law enforcement officials detaining or arresting photographers and, in many cases, confiscating their cameras and memory cards, despite the fact that these individuals were in lawful places, at lawful times, partaking in lawful activities.

This article examines the so-called War on Photography and the remedies available to those who have been unlawfully detained, arrested, or have had their property seized for taking pictures in public places or private places open to the public. It discusses recent incidents that highlight the growing infringement of photography rights and the magnitude of the harm that law enforcement officials have inflicted, paying particular attention to the themes these events have in common. It explores the existing legal framework surrounding photography rights and the federal and state remedies available to those whose rights have been violated. It examines the adequacy of each remedy including: (1) declaratory and injunctive relief, (2) Section 1983 and Bivens actions, and (3) state tort remedies. It discusses the obstacles associated with each remedy and the reasons why these obstacles are particularly hard to overcome in the context of photography. It then argues that most, if not all, of the remedies discussed are either inadequate or altogether impractical considering the costs of litigation. Lastly, this article will discuss the reasons why people should be concerned about the War on Photography and possible ways to reverse the erosion of photography rights.

Posted on June 14, 2011 at 1:45 PMView Comments

Tennessee Makes Password Sharing Illegal

Here’s a new law that won’t work:

State lawmakers in country music’s capital have passed a groundbreaking measure that would make it a crime to use a friend’s login—even with permission—to listen to songs or watch movies from services such as Netflix or Rhapsody.

[…]

The legislation was aimed at hackers and thieves who sell passwords in bulk, but its sponsors acknowledge it could be employed against people who use a friend’s or relative’s subscription.

While those who share their subscriptions with a spouse or other family members under the same roof almost certainly have nothing to fear, blatant offenders—say, college students who give their logins to everyone on their dormitory floor—could get in trouble.

Posted on June 7, 2011 at 5:32 AMView Comments

New French Law Reduces Website Security

I didn’t know about this:

The law obliges a range of e-commerce sites, video and music services and webmail providers to keep a host of data on customers.

This includes users’ full names, postal addresses, telephone numbers and passwords. The data must be handed over to the authorities if demanded.

Police, the fraud office, customs, tax and social security bodies will all have the right of access.

The social benefits of anonymity aside, we’re all more secure if these websites do not have a file of everyone’s plaintext password.

EDITED TO ADD (4/12): Seems that the BBC article misstated the law. Companies have to retain information they already collect for a year after it is no longer required. So if they’re not already storing plaintext passwords, they don’t have to start.

Posted on April 11, 2011 at 1:20 PMView Comments

Reducing Bribery by Legalizing the Giving of Bribes

Here’s some very clever thinking from India’s chief economic adviser. In order to reduce bribery, he proposes legalizing the giving of bribes:

Under the current law, discussed in some detail in the next section, once a bribe is given, the bribe giver and the bribe taker become partners in crime. It is in their joint interest to keep this fact hidden from the authorities and to be fugitives from the law, because, if caught, both expect to be punished. Under the kind of revised law that I am proposing here, once a bribe is given and the bribe giver collects whatever she is trying to acquire by giving the money, the interests of the bribe taker and bribe giver become completely orthogonal to each other. If caught, the bribe giver will go scot free and will be able to collect his bribe money back. The bribe taker, on the other hand, loses the booty of bribe and faces a hefty punishment.

Hence, in the post-bribe situation it is in the interest of the bribe giver to have the bribe taker caught. Since the bribe giver will cooperate with the law, the chances are much higher of the bribe taker getting caught. In fact, it will be in the interest of the bribe giver to have the taker get caught, since that way the bribe giver can get back the money she gave as bribe. Since the bribe taker knows this, he will be much less inclined to take the bribe in the first place. This establishes that there will be a drop in the incidence of bribery.

He notes that this only works for a certain class of bribes: when you have to bribe officials for something you are already entitled to receive. It won’t work for any long-term bribery relationship, or in any situation where the briber would otherwise not want the bribe to become public.

News article.

Posted on April 5, 2011 at 8:46 AMView Comments

1 10 11 12 13 14 35

Sidebar photo of Bruce Schneier by Joe MacInnis.