Wednesday, May 31, 2006

EU infrastructure security proposals

The EU has released a Communication on a strategy for a Secure Information Society – “Dialogue, partnership and empowerment” COM(2006) 251. This seems to be a serious atempt to advance the preservation of the Internet as critical infrastructure from the various current security threats - viruses, worms, DoS, hacking, spoofing et al. This was first advanced as an EC priority in Communication “i2010 – A European Information Society for growth and employment”( COM (2005) 229 final of 1.6.2005). The EU's press release announces that the Commission will report to Council and Parliament in the middle of 2007 on the activities launched, the initial findings and the state of play of individual initiatives, including those of ENISA (the European Network and Information Security Agency established in 2004, also as a result of the i2010 document) and those taken at Member State level and in the private sector. If appropriate, the Commission will then propose a Recommendation on network and information security (NIS).

The Communication identifies three key threats to Internet security.

"Firstly, attacks on information systems are increasingly motivated by profit rather than by the desire to create disruption for its own sake... [Secondly] The increasing deployment of mobile devices (including 3G mobile phones, portable
videogames, etc.) and mobile-based network services will pose new challenges, as IP based services develop rapidly. These could eventually prove to be a more common route for attacks than personal computers since the latter already deploy a significant level of security... [Thirdly} Another significant development is the advent of “ambient intelligence”, in which intelligentdevices supported by computing and networking technology will become ubiquitous (e.g. through RFID11, IPv6 and sensor networks). A totally interconnected and networked everyday life promises significant opportunities. However, it will also create additional security and privacy-related risks... The emergence of certain “monocultures” in software platforms and applications can greatly facilitate the growth and spread of security threats such as malware and viruses. Diversity, openness and interoperability are integral components of security and should be promoted."

What solutions does the Communication propose?

".. given the ubiquity of ICTs and information systems, network and information security is a challenge for everybody:
• Public administrations need to address the security of their systems, not just to protect
public sector information, but also to serve as an example of best practice for other players;
• Enterprises need to address NIS more as an asset and an element of competitive
advantage than as a “negative cost”;
• Individual users need to understand that their home systems are critical for the overall “security chain”.

In order to successfully tackle the problems described above, all stakeholders need reliable data on information security incidents and trends... one of the cornerstones in developing a culture of security is improving our knowledge of the problem... [And] Wherever possible, therefore, NIS should be presented as a virtue and an opportunity rather than as a liability and a cost. It needs to be viewed as an asset in building trust and consumer confidence, a competitive advantage for enterprises operating information systems, and a service quality issue for both public and private sector service providers."

PanGloss finds all this rather pleasing, as she has recently spent much time recommending , like the new EU instrument, a "holistic approach" to computer security, rather than one based, as at present, primarily on the ineffective tool of criminal law.

We are also promised a specific work programme which includes:

- two specific Communications on (i) spam, spyware and related threats; and (ii) cybercrime, including law enforcement authority co-operation.
- the scheduled review of the regulation of electronic communications due within 2006, to be expanded to include consideration of network and information security (NIS)
- the creation of a European multilingual info sharing and alert system (this to be a goal for ENISA)
- a "multi stakeholder dialogue" on economic, business and societal drivers towards NIS
- allocation of resources to NIS research under the 7th Framework programme

And in among the succeeding detail, is a para which sparks this writer's own little obsession - how far ISPs - and indeed software companies - should be held responsible for creating the new more secure Internet.

"3.3.2 The Commission also invites private sector stakeholders to take initiatives to:
• Develop an appropriate definition of responsibilities for software producers and
Internet service providers in relation to the provision of adequate and auditable levels of security. Here, support for standardised processes that would meet commonly agreed security standards and best practice rules is needed."

This is fascinating and much needed stuff. More comment when I have had time to look in more detail.

And the IT-Dino!

My correspondent Douglas Spencer points out that the tale of the cat who wasn't there (post below)is by no means the only recent domain name dispute to involve cute anthropomorphicised animals.

"I am reminded of a dispute between a purple dinosaur and a six-year-old boy [DRS1544]: HIT Entertainment PLC produce Barney, a stuffed purple dinosaur, together with a TV show and lots of valuable merchandise, and they disputed the registration of barney.co.uk by a certain Tim Loosemore, who had a son called Barney.

However, the giant media empire was dreadfully incompetent in assembling its case, and the boy's father is a major mover in organisations like Wired, FaxYourMP, and NTK.

The stuffed dinosaur lost. Visit Barney on the web".

Thanks, Doug!! sadly , the arbiter in this case, Andrew Lothian, declined to exposit further on the reality or otherwise of either fuzzy dinosaurs or six year olds.

the ITKat :-)

Discovered, with great delight via Discourse.net, a domain name arbitration around the well known trademark Morgan Stanley, in the US, where defendant's argument was, basically, that he was a cat.

"Respondent maintains that it is a cat, that is, a well-known carnivorous quadruped which has long been domesticated. However, it is equally well-known that the common cat, whose scientific name is Felis domesticus, cannot speak or read or write. Thus, a common cat could not have submitted the Response (or even have registered the disputed domain name). Therefore, either Respondent is a different species of cat, such as the one that stars in the motion picture "Cat From Outer Space," or Respondent's assertion regarding its being a cat is incorrect.

If Respondent is in fact a cat from outer space, then it should have so indicated in its reply, in order to avoid unnecessary perplexity by the Panel. Further, it should have explained why a cat from outer space would allow Mr. Woods to use the disputed domain name. In the absence of such an explanation, the Panel must conclude that, if Respondent is a cat from outer space, then it may have something to hide, and this is indicative of bad faith behavior.

On the other hand, if Respondent's assertion regarding its being a cat is incorrect, then Respondent has undoubtedly attempted to mislead this Panel and has provided incorrect WHOIS information. Such behavior is indicative of bad faith. See Video Direct Distribs. Inc. v. Video Direct, Inc., FA 94724 (Nat. Arb. Forum June 5, 2000) (finding that the respondent acted in bad faith by providing incorrect information to the registrar regarding the owner of the registered name). ...

The Panel finds that Respondent's assertions that it is a cat provide sufficient evidence to conclude that the Respondent registered and is using the disputed domain name in bad faith. And this despite the fact that the Panel, unlike Queen Victoria, is amused."

Thursday, May 25, 2006

Blogging for fun and profit, er, strife and ruin?

NY Times report incidents of people sacked or not hired for having work related blogs

"On the first day of his internship last year, Andrew McDonald created a Web site for himself. It never occurred to him that his bosses might not like his naming it after the company and writing in it about what went on in their office.
For Mr. McDonald, the Web log he created, "I'm a Comedy Central Intern," was merely a way to keep his friends apprised of his activities and to practice his humor writing. For Comedy Central, it was a corporate no-no — especially after it was mentioned on Gawker.com, the gossip Web site, attracting thousands of new readers.

"Not even a newborn puppy on a pink cloud is as cute as a secret work blog!" chirped Gawker, giddily providing the link to its audience."



Oops.

But no one's reading this, right?:-)

Wednesday, May 24, 2006

panGloss

As you may have noticed , BlogScript has now officially changed its name to PanGloss. I'm not changing the URL currently, but to give due warning, I may well migrate this blog elsewhere in the next few months.

Why the change? Well, Blogscript was never exactly a catchy name. It was supposed to be the "blog for SCRIPT"; and SCRIPT was the acronym I dreamt up, six or seven years back, for the loose conglomeration of IT and IP law scholars at Edinburgh Law School , who later became the AHRC Centre for Intellectual Property and Technology Law in 2002. SCRIPT stood for Scottish Centre for Research into IP and Technology (Law) - rather easier to remember than the current research-council imposed name, you must admit:-) The original idea was this blog would feature contributions from the postgraduate students at the AHRC Centre, with a bit of help from myself and Andres Guadamuz, my co-teacher. In the end though, as ever, you can take a student to water, but you can't make him/her drink :-) and so, predictably, I ended up writing the content exclusively myself, and to my surprise, like most bloggers, becoming mildly addicted to the process.

And now I'm leaving Edinburgh, it seems a good time to formalise this as MY blog, not a blog for a particular course or university; and thus to dump the clunky "SCRIPT blog" name in favour of something with a bit more juice to it.

So why panGloss? Well, blame Paul Maharg. A month or so back, at the very enjoyable BILETA 2006 conference in Malta, Paul gave a storming talk entitled " ‘Borne back ceaselessly into the past’: Glossa, hypertext and the future of legal education". Paul's argument was loosely that some very interesting similarities can be observed between legal education in the centuries before the invention of the printing press, and curent electronic publishing and social software practice. Paul pointed out that in the pre Caxton world, when original texts were rare and expensive - texts like the Bible, or in law, the Roman Institutes and Digests - the practice arose of annotating them in hand writing round the edges, often in different colours and styles. These commentaries - "glosses" - were then sometimes published themselves, arranged as marginalia around the original text, as studiable texts in their own right. These glosses then over years themselves became the subject of scholarly lectures, debate and analysis, with a dense web of mutual cross referencing arising. Such glosses contributed enormously to the development of law in most of Western Europe. The analogies to blogs and hyperlinking are both obvious and irresistably enticing, and the Scottish contingent at BILETA, raised in the mixed legal system tradition on stories of the medieval Glossators and Post-Glossators, were almost too excited to stay in their seats.

So the idea of a law blog as a modern "gloss" stuck in my mind. I once edited a hard copy fanzine called Gloss (gosh! how twentieth century!) so the new electronic Gloss had to be called something slightly more exciting. eGloss was too generic. iGloss was fun and a la mode, but sounded too much like an Apple product, or maybe a paint commercial. GLawss was clever but far too cutesy. panGloss , with its echoes of Voltaire and the best of all things in the best of all possible worlds seemed to strike a suitably optimistic and technophilic note. So panGloss it is. Be seeing you!

Law and the Semantic Web

WWW06 is on in Edinburgh right now. I'm not at it, for various reasons, but I am intrigued by the reports, because it's being run by my future home, Southampton University, in my current home, Edinburgh; and because we're getting the first inklings that there may be as many legal problems about Web 2.0 as we've already had with Web 1.0.

"Hugh Glaser of the University of Southampton ..describing the semantic web, an attempt to make the web more intelligent... [said] Privacy problems could occur,.. because the semantic web deliberately combines multiple sources of information about people and places."

This problem has already reportedly come up in real life with various Grid projects emanating from the E-Science Centre (also in Edinburgh). Large distributed databases are being mined for results by researchers asociated with the high-speed "Internet 2" that is the Grid, working from different institutions in different countries. In such circumstances, it is hard to identify and seperate data controllers, processors and subjects, let alone work out what legal system has jurisdiction, and hence what information privacy rules operate. It looks like the Semantic Web takes this trend one step further. I hope to be working on these kinds of problems with colleagues at Southampton very soon.

Monday, May 22, 2006

Americans wouldn't give a triple ex for that domain name..

The Beeb reports a challenge to the US blocking of the .xxx domain.

"ICM has filed Freedom of Information requests against the US Department of Commerce and Department of State to get uncensored copies of official documents that relate to the creation of the .xxx domain.

In its Freedom of Information filing, ICM said it expected the documents to "shed light on what role the United States government played in the Internet Corporation for Assigned Names and Numbers' (Icann) consideration of ICM's proposal to create and operate a new .xxx domain".

Members of the board voted against the ICM agreement based on inaccurate information about the written statements of various governments concerning .xxx
Icann voted on 10 May to reject ICM's plans following a year of delay over a final decision on the domain. "

Oooohhhh!!! (she says, insightfully).

As various other commentators have said, the US (and one assumes, religious right) opposition to .xxx seems mighty peculiar. Implementing the domain won't create more porn or make it easier to find - it'll just make it easier for ISPs and parents to filter it out. This is what they want, right? (My own feeling is that it's an unintersting squabble anyway, because you are hardly going to convince the Russians and Moldovans to put their porn sites in .xxxx if that DOES mean they'll be more easily filtered..).

How about a domain for .phish ? :-)

Sunday, May 21, 2006

Kitchens of Distinction

Sunday observations on opt in/opt out and junk email ..

Blogscript just finally bought a new cooker. This is something of a personal triumph, but why should you be interested?

Well the Sainsbury's website, whence from this appliance was purchased (at, I should say, a very competitive price) presents the following choice as the purchaser checks out:

Please indicate below whether you would like to receive these:
If you do not wish to receive information by post, tick yes/no box
If you do not wish to receive information by telephone, tick yes/no box
If you are happy to receive information by text email, tick yes/no box
If you are happy to receive information by text message, tick yes/no box

My instinct (and I'm betting that of several hundred thousand others) was to tick NO all the way down on automatic pilot. Then I noticed I actually had to say YES to third and fourth options to NOT get junk texts/emails.

Now Sainsburies are perhaps/probably acting in good faith here; having noticed that the PECD now requires affirmative consent of some kind re spam/texts.

But I still think it's bloody misleading , no??

About time we had a very small SI mandating a standard tick box for consumer opt in/opt out - as the NCC recommended several years back.

Thursday, May 18, 2006

Even Nova-er Terra Nova

New Scientist (inter alia) reports on what they call the "first ever virtual property" law suit:

"Marc Bragg, an attorney from Pennsylvania, US, filed the suit against the company behind Second Life, Linden Lab based in California, US. He accuses the company of deactivating his account after he discovered a loophole that enabled him to buy virtual land cheaply within the game.

The suit, filed in a local district court, seeks financial restitution for Bragg who claims he invested around $32,000 in the virtual land. "This is probably the first dispute of its kind," Bragg says in a statement posted online. "This suit challenges the legitimacy of a virtual intangible purchase of an asset."

Rather US centric, as there have been several other such suits reported already in Asian countries like Korea and China. But it looks like fun all the way - here's hoping neither side decides to settle!

Nul Points to the Royaume Uni..

Strangely little attention seems to have been paid to a rather significant written answer in the House of Commons, reported by that fine organ The Register.

"The government has given internet service providers until 2008 to block all access to websites containing illegal images of child abuse listed by the Internet Watch Foundation.

In a Parliamentary written answer on 15 May, Home Office Minister Vernon Coaker said progress had been made, but hinted that if the last paedophile services were not snuffed out of circulation soon the government might take steps itself to block people accessing them.

The industry-funded IWF had already seen a drastic drop in the number of illegal sites reported to be hosted in the UK, from 18 per cent in 1997 to 0.4 per cent in 2005.

All 3G mobile operators blocked access to paedophile sites over their networks, while all of the biggest internet service providers, representing 90 per cent of broadband domestic connections, were also willingly blocking access."

There is an awful lot of fudging going on here. Yes, the IWF has been staggeringly successful at removing child porn HOSTED in the UK. Those figures are true. This is not least because virtually all UK ISPs receive the IWF URL list of illegal child porn sites, and take action on it, since otherwise they would be liable to action as publishers on notice of illegal material under the EC E Commerce Directive.

But that doesn't mean there's any less kiddy porn out there. Au contraire, it just means it's hosted in other countries than the UK, where the laws are kinder or less well enforced: noteably the US, where hate speech, eg, still thrives under the protection of the First Amendment, and the outlaw lands of the former Soviet Union.

What the government are talking about here is enforcing, not takedown of child porn sites within the UK, which is indeed almost accomplished , but upstream censorship of all feeds coming into the UK so no one in the UK can access illegal porn from sites *outside* the UK. This access-filtering and blocking can be done very efficiently via the technology BT Internet have already implemented, known as Cleanfeed and which has already been rolled out by "agreement" (since many of those who sign up to BT wil know nothing of Cleanfeed and what it does) to those who signed up to get the Net via BT.

Now all this is OK so far, you are no doubt saying. If you want a child porn free feed so that eg your kids or partner can't get at it, then signing up with BT makes sense. Anyone else still has the ability to go to another UK ISP. And if it's illegal to possess child porn (which it is in almost every state in the world now) then why not command your ISPs to block it at source, so no customers can get at it?

Because - and this is to me a rather more immediate worry than the net neutrality debate - any filtering technology dependent on keywords or a URL list, that can efectively block all kid porn access, upstream, invisibly - and which is mandated to do so by the government and MUST be installed by every ISP - can very easily be extended to block any content AT ALL coming into the country that the government finds unlikeable. As also revealed by the parliamentary question,"The Home Office had admitted that it had considered blocking websites that "glorified terrorism" under the Terrorism Act (2006). It said it was not policy to require ISPs to block content, but added: "our legislation as drafted provides the flexibility to accomodate a change in Government policy should the need ever arise." (And there is some rumour that the govrnment had considered blocking "terrorist" material before this law ever came into force, and which thus may not have been illegal at all at the time.)

I'm no free speech nut, but that last sentence quoted sends chills down my spine. This is the technology that could turn us into China, tomorrow, and the nice bit is, most non-techy people would never even notice. Banned books get headlines, banned newspapers get marches in the streets : banned websites, or pictures, disguised behind the ubiquitous error messages of the Net, rarely get noticed. And while Google providing a censored service to its customers in China dominated the tech press in the US for weeks, here, the UK - the state, not a private company - proposing China style censorship tools as part of compulsory legislation for all ISPs, doesn't even seem to have made the BBC website. (And remember . we aren't China : they don't have to use these tools to close down sites abraod that are politically dubious. They could use them to block P2P downloading sites, or sites flogging warez, just as easily.)

Anyone else feel even a tad worried?

Vive La France!

One of the ideas I've toyed with a fair bit over the last year or so is whether there's an argument, for purposes as various as competition law, and public liability to implement human rights protection, to treat Google as a quasi-public body. Google earns about 80% of the search revenues of the word right now, has a clear stranglehold on the market and provides what almost everyone would now concede is an essential public service. Yet Google operate , quite reasonably, as a public corporation, accountable to no one but their share holders.

The situation would of cousre change if Google had a reasonable competitor - but both Yahoo! and MSN seem to have failed in that department. Now however the French have come to the rescue!! Or rather the EU, with an alleged "Google-killer" named Quaero, which as everyone with a Latin O Level knows means "I ask". According to the Beeb:

"European politicians seem worried about the supremacy of the Americans in cyberspace. French President Jacques Chirac has unveiled five grand Europrojects backed with public money to help counter the prevailing American technology influence.

Among them is something called Quaero, backed with some 250m euros of public funds. In most accounts of it, Quaero has been billed as an EU attempt to build a publicly funded Google killer. "

The whole project appears to be still under wraps with no details as yet. But even if it provides pinpoint search accuracy and makes drinks at the same time, will the English really choose to use a French search engine? -)

Tim Berners Lee: Network Neutrality part 2

In an attempt to get my head round this, I went back to the one item everyone and their pet llama has blogged: the father of the Web, TBL himself, coming out behind network neutrality..

"When, seventeen years ago, I designed the Web, I did not have to ask anyone's permission. [3]. The new application rolled out over the existing Internet without modifying it. I tried then, and many people still work very hard still, to make the Web technology, in turn, a universal, neutral, platform. It must not discriminate against particular hardware, software, underlying network, language, culture, disability, or against particular types of data.

Anyone can build a new application on the Web, without asking me, or Vint Cerf, or their ISP, or their cable company, or their operating system provider, or their government, or their hardware vendor.

It is of the utmost importance that, if I connect to the Internet, and you connect to the Internet, that we can then run any Internet application we want, without discrimination as to who we are or what we are doing. We pay for connection to the Net as though it were a cloud which magically delivers our packets. We may pay for a higher or a lower quality of service. We may pay for a service which has the characteristics of being good for video, or quality audio. But we each pay to connect to the Net, but no one can pay for exclusive access to me. "

Which makes it clearer to me that network neutrality isn't just about a pie in the sky demand for "one rate to rule them all" . To a large extent, I don't care if YouTube has to pay more to get access to the net so x million people can download silly videos of anime characters dancing to copyright-infringed West End musical tunes. Yes I know about freedom of expresion, and plurality of voices, but really, the world wouldn't come to an end. If it was M$ that was one of the most popular targets on the net, and so was being asked to pay a higher rate to receive traffic, would people be up in arms? I somehow doubt it.

But if network non neutrality requires external content identification of packets - that's another story. That's censorship and potential centralised control and all the horrors of the end of the end to end Internet we're used to hearing about from Lessig and Zittrain et al.

But TBL himself still intuitively seems to have the idea that the market does play a role, albeit an unwanted one, in these things.

"When I was a child, I was impressed by the fact that the installation fee for a telephone was everywhere the same in the UK, whether you lived in a city or on a mountain, just as the same stamp would get a letter to either place. "

But it doesn't - as I said in my previous post, a second class postage stamp in the UK is now virtually a license for mail to arrive very late, or not at all; anyone who really wants mail to get there on time sends it first class. Which seems to me to be both a warning and an example: network neutrality in the sense discussed above may be vital, clearly, but if the telcos don't have the legal ability to implement what in other industries would be seen as sensible profit-making strategies, the srvice we all get may degrade. In the EC of course we'd say this was a case, if necessary, for essential/universal quality of service regulation - anyone know if the US has no equivalent?

EDIT : A nice simple video on the matter (via
Lessig blog
.) Reminds me that European universal service obligations do not at least as yet apply to VOIP, at least pre revision of TVF Directive ..

Wednesday, May 17, 2006

The Great Network Neutrality Debate

Boing Boing quotes Siva Vaidhyanathan, author of The Anarchist in the Library, on Net Neutrality -- audio and transcript now available:

There are a couple of different ways to look at this. There's the romantic way, right? The romantic way is that we want to have the Internet as the wild frontier for entrepreneurship, and that's a strong case. There's also the liberal free speech argument, which says we want the Internet to be a level playing field so a variety of voices can enter the public sphere. That's a fairly strong argument. But then you've got the economic argument, which is those of us who write checks every month to these companies, we want to be able to know that we are getting decent service for what we're paying. If my broadband company next week starts dialing down my Skype speed so Skype doesn't work as well for me, I might not even know it or notice it for a long time, until Skype starts frustrating me, and out of frustration, I'm just going to pick up my old phone and dial India the old-fashioned way and just pay for it because I know the call's going to go through. That's the sort of frustration and opacity we might start seeing on the Internet. So it is a service question, a competition question, an economic development question, a consumer question. And it really is dollars and cents.


Good straight talking but it makes me wonder if Siva realised he was also arguing for the opposition. I have had this lurking atavistic feeling throughout the network neutrality debate, that if Sony or AOL (say) want to pay for better service, then why shouldn't they be able to? People do the same in every other industry - cf business class air travel - including communications services like snail mail post.

The answer of course is more complex - that the Internet is an essential service and therefore must be subject to minimum service guarantees for everyone if it is to flourish. (yet the same could have been said of snail mail - and surely if I pay for first class mail this does indeed divert "bandwidth" from second class mail in exactly the same way? certainly judging by the standard of second class post in the UK right now :-) But it's good to see one of the "copyfighters" realising that economics will generally trump romantic rhetoric and (as with yesterday's post on privacy activists) the network neutrality samurai have got to be very aware of this in the debates.

I look forward to getting hold of Yochai Benkler's new book which will no doubt teach me the error of my ways:-)

Tuesday, May 16, 2006

I Told You So Pt 229.9 repeater

Bruce Schneier reports:

"While privacy remains a major concern for people around the world, a majority of consumers would share personal data if they knew the information was securely protected and if sharing it would make their lives easier, according to Unisys' Global Study on the Public's Perceptions about Identity Management. "

I do seem to have been saying this for some time..
Privacy activists can't simply shake their heads in horror. They need to understand this mindset - and when it is reasonable, and when it needs to be combatted, and when more facts are needed. Otherwise they are doomed to be fighting a losing battle.

Monday, May 15, 2006

BlogScript gets a chair (Not the Flatpack Variety)

I've also mysteriously failed to note officially here what many of you already know: I am delighted to announce I will be taking up a Chair of Internet Law at Southampton from 1 September 2006; where I look forward very much to working with, inter alia, Caroline Wilson and Stephen Saxby. Plans there include a new LLM course in Law and Technology, a monograph on privacy law and a 3rd edition of Law and the Internet. In 2006/7 I will be helping teach the undergraduate IT Law course with Caroline and investigating the Semantic Web with Wendy Hall! This will also make me rather more accessible to London and Oxford events, which I'm throughly looking forward to..

GikII Workshop

I am running a one-day workshop at the World Computer Law Congress in Edinburgh in SEptember and have curiously failed to note it here - please note the call for papers has been extended to 30 June 2006. Attendance is FREE for everyone giving a paper, and some subsidy of travel and accomodation may be available on request. We've so far had some very interesting submissions on law, surveilance, popular culture, law and film, law and virtual worlds, law and online identity, law and computer games, law and entropy - it's looking good!
Young and international scholars, not necessarily from law, are especially encouraged.

GikII Workshop
Workshop Organiser: Lilian Edwards. Co-Director, AHRC Centre for Research into Intellectual Property and Technology; Chair of Law, University of Southampton (from September 06)
Tuesday 5th September 2006, VIth World Computer Congress, Law School, University of EdinburghWikipedia is the first encyclopaedia in the world where information is being amassed solely by the collaborative efforts of individuals working separately but together via on-line tools. Geeks are the people who contribute to this knowledge: fellow travellers on the digital omnibus, who delight in finding, publishing, inventing and sharing nuggets of joyful knowledge and innovation from the worlds of technology, science, popular culture, and technotrivia. LIIs are Legal Information Institutes: invaluable on-line temples of legal knowledge. The patriarch of the field is AustLII, but the concept has spread through the world bringing us BAILII, PacLII, CommonLII, and no doubt, many more bad puns to come.
GikII proposes to be the place where these worlds, institutions and players will come together for the first time at a major law and technology conference. We want to discuss whether geek law exists. If you have a paper burning for the oxygen of publicity on any aspect of law AND technology, science, geek culture, blogs, popular culture, wikis, science fiction or fantasy, computer games, digital culture, gender on-line, MMORPGS, virtual property or online human personae, then this is the workshop for you.
So if you long to find a venue where you can talk seriously about surveillance strategies in the novels of Harry Potter; why blawgs do well in the Technorati database; whether virtual worlds are the ideal try–out zones for law reform; whether characters in The Sims should be allowed the human right to private life ; the ethics of heroism post 9/11 as seen in the Spiderman movies; whether cyber-feminism still exists; and much, much more, then let us see your abstract.

Court of Appeal Denial of Service Shock Horror

.. well maybe if you're a DoS geek like me:-)

The Court of Appeal has ruled that a judge was wrong to throw out the case of a UK teenager accused of crashing a mail server with millions of emails. David Lennon, who is now 18 and can therefore be named for the first time, is alleged to have used a mail bombing programme called Avalanche to send approximately five million emails to his former employers, in early 2004, crashing the company's email server.

The case against him, brought under the Computer Misuse Act (CMA) 1990, was dismissed last November by District Judge Kenneth Grant at Wimbledon Magistrates' Court. Judge Grant had said that Section 3 of the Act, which concerns unauthorised modification of data, had not been breached, as emails sent to a server configured to receive emails could not be classified as unauthorised.

But on Thursday, judges at the Royal Courts of Justice sent the case back to the Magistrates Court, saying Judge Grant "was not right to state there was no case to answer". Mr Justice Jack said the judge should consider "what answer Mr Lennon might have expected if he had asked D&G" before starting the mail bombing.

This last sentence is terribly interesting. Yes, it blows the "authorised" act defense out the water, therefore saving the bacon of the CMA amendments on DoS curently wending their way through Parliamant and cricised extensively here for NOT plugging this particular loophole.

But this time the hole which is plugged is far too wide (oh my we are in the land of mixed metaphors, aren't we?) This potentially means, IMHO, that every unwanted search engine spider that traverses a site; every price comparison engine which comes sniffing to collect info the site would rather not give away to its competitors, but has to leave public for its customers; every deep linker who plans to put a link in to enhance their own site's content, but thereby cut out the ads and branding on the home page of the content originator -- has suddenly now committed a criminal act.

Welcome to the UK. Trespass to websites , long controversial even in the US of A as a civil wrong, has just become a crime in the UK :-)

((Ps. BlogScript is writing a family law book. It will re appear in a shower of exciting commentary in about two weeks, with a change of name and even of image!! be there or be orthogonal!))