Several people abroad have started mailing me and others asking if rumors of new legislation to be passed in Sweden on the 17th of June is for real. There are also reports in international forums starting to pop up. This is fairly old news, and I think that most of us are surprised that this has not generated more press both inside and outside Sweden earlier. This legislation will allow for the Swedish National Defense Radio Agency (FRA) to wiretap Internet traffic leaving the country... more
Earlier this year, I wrote glowingly about the new CIRA whois policy, which took effect today and which I described as striking the right balance between access and privacy. The policy was to have provided new privacy protection to individual registrants - hundreds of thousands of Canadians - by removing the public disclosure of their personal contact information... Apparently I spoke too soon. more
The approach is growing in popularity, and Google, Microsoft and Amazon are among the many large companies working on ways to attract users to their offerings, with Google Apps, Microsoft's Live Mesh and Amazon S3 all signing up customers as they try to figure out what works and what can turn a profit... In the real world national borders, commercial rivalries and political imperatives all come into play... The issue was recently highlighted by reports that the Canadian government has a policy of not allowing public sector IT projects to use US-based hosting services because of concerns over data protection. more
A recent story today about discussions for an official defense Botnet in the USA prompted me to post a question I've been asking for the last year. Are some of the world's botnets secretly run by intelligence agencies, and if not, why not? Some estimates suggest that up to 1/3 of PCs are secretly part of a botnet. The main use of botnets is sending spam, but they are also used for DDOS extortion attacks and presumably other nasty things like identity theft. But consider this... more
My weekly technology law column focuses this week on the new CIRA whois policy that is scheduled to take effect on June 10, 2008. The whois issue has attracted little public attention, yet it has been the subject of heated debate within the domain name community for many years. It revolves around the whois database, a publicly accessible, searchable list of domain name registrant information (as in "who is" the registrant of a particular domain name). more
The New Jersey Supreme Court has issued an important decision on Internet users' right to privacy. The case involves a dispute about whether an ISP violated a user's privacy rights by turning over subscriber information (name, address, billing details) associated with a particular IP address. It ends up that the subpoena served on the ISP was invalid for a variety of reasons. As the user had a 'reasonable expectation of privacy' in her Internet activities and identifying information, and because the subpoena served on the ISP was invalid, the New Jersey court determined that the ISP should not have turned over the personal data... more
Bell filed its response to the Canadian Association Of Internet Providers (CAIP) submission to the Canadian Radio-television and Telecommunications Commission (CRTC) on its throttling practices yesterday, unsurprisingly arguing that its actions are justified and that there is no need to deal with the issue on an emergency basis. Several points stand out from the submission including its non-response to the privacy concerns with deep-packet inspection... and its inference that P2P usage could be deemed using a connection as a "server" and therefore outside the boundaries of "fair and proportionate use" under typical ISP terms of use. more
Last week Sen. Snowe filed bill S.2661, the Anti-Phishing Consumer Protection Act of 2008, or APCPA. While its goals are laudable, I have my doubts about some of the details. The first substantive section of the bill, Section 3, makes various phishy activities more illegal than they are now in its first two subsections. It makes it specifically illegal to solicit identifying information from a computer under false pretenses, and to use a domain name that is deceptively similar to someone else's brand or name on the web in e-mail or IM to mislead people... more
The Internet Commerce Association (ICA) has posted a position paper and analysis of S. 2661, introduced on 2/25/08 in the US Senate. While we are firmly opposed to phishing and other criminal activities that may utilize domain names we are very concerned about the provisions of the proposal that appear to provide trademark owners with a means to avoid both UDRP and ACPA actions and alternatively bring private claims against domain names with a lower burden of proof and the potential for far higher monetary damages, without even requiring an allegation that the DN was in any way being utilized in a phishing scheme... more
A new book by David Lindsay, an academic at Monash University's Law School and a widely published expert on internet law, intellectual property law and privacy, has recently been published. ...In this path-breaking work the author examines the extent to which principles of national trade mark law have been used in UDRP decisions. It will be essential reading for anyone, whether academic or practitioner, interested in internet law, intellectual property, and e-commerce law. more