Friday, January 25, 2008


Blogzilla remins me that if you're interested in machinima you can now listen to Bloodspell director Hugh Hancock discussing his creation with Pangloss, Andres Guadamuz and Ian Brown last November. Thanks to Fernando Barrio (Electromate)for organising the event, and to Robin Scobey for the recording!

Facebook, the holiday romance

A rather nice comment on why Facebook will be a passing fling for 2008, not the love of our life :)

Tuesday, January 22, 2008

IP Addresses are Personal Data - official

Brief but important note, via the Asociated Press: the EU Art 29 Working Party group working on privacy, DP and Internet search engines (notably Google) has issued an early press release.

"Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google Inc., Yahoo Inc., Microsoft Corp. and others comply with EU privacy law.

He told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address "then it has to be regarded as personal data." "

Some may think this an obvious conclusion, but in fact a report on Personal Data commissioned by the UK ICO office a year or two back (and very sadly, no longer available on the ICO site) revealed considerable disparity on this across Europe; in many cases whether an IP adress was regarded as "identifying" depended on context, in the view of various Information Commissioners.

The significance is crucial; if IP addresses are personal data, then services which collect IP addresses but not actual names - as Google does when it collects search terms typed in by users from IP adresses - are still regulated by DP law.

Google's privacy chief Peter Fleischer has previously insisted IP addresses are should only be seen as personal data, if it is likely that a person can be identified from an IP address . (Despite this, Google recently caved in to EU pressure and reducing the duration of Google cookies from 30 years to 2 years.) He may now have to think again, at least in Europe. This should be no surprise however, as , as Fleischer himself admits, the ART 29 Working party gave the answer as far back as 2002, that if an IP address can be connected to a person (eg by the person's ISP), then it should be seen as personal data for all purposes, including use by other companies.

The UK's current law , by the way, is in Pangloss's opinion , rather nearer to Fleischer's interpretation than to Scharr's - see s 1 of the DPA 1998. So bad news may be coming not only for Google but for UK drafters and advisers.

Monday, January 21, 2008

EBay gets to the point..

BBC Radio Oxford have kindly informed me of concern by Oxford MEP Nirj Derva about the sale of flick knives on eBay to UK teens.

"Nirj Deva MEP has called on the internet auction site EBay to ban the sale of flick-knives online, following a dramatic increase in street crime in the UK.

...Whilst it is illegal for those under the age of sixteen to buy knives, a five-second search for the word "flick knife" on offers visitors, without any form of background or age check, the chance to buy a range of 3.75 inch Buck Protege serrated flick-knives. All "flick knives" with a blade of in excess of 3 inches are illegal under British law. "

Indeed. Under the Restriction of Offensive Weapons Act 1959, s 1 as amended in fact. It is an offense already to sell, offer for sale or expose for sale flick knives in the UK. So why do we need new laws for eBay?

Well, according to concerned MEP Deva, because although eBay UK have flick knives on their list of banned sale items, in fact you can instantly find these items on nonethless. In fact on a cursory glance as of today , 21/1/08, a search on "flick knives" on gave a zero result, not surprising as "flick knives" sub nom "switchblade knives" are one of the items banned on

However the page conveniently points you at the bottom to results that CAN be found -on in the USA. In fact although only two items were so indicated when Pangloss went to look, a quick direct search on reveals many thousands of knives that look prohibitively scarey for sale to rampant UK teens (the US term of art appearing to be more often "buck" knives than "flick" knives).

The real questions which arise out of this latest apparent attempt to hit the headlines are twofold.

First, can the UK effectively legislate for in the USA? Basically, no. Well, no, in strict law; but yes the bad PR might have an effect on US ebay prohibited listings rules (though Pangloss doubts it; and in any event US eBay already bans some forms of knives which may or may not correspond directly to UK flick blades but are damn like them - "switchblades" (which are "any knife having a blade which opens automatically (1) by and pressure applied to a button or other device in the handle of the knife, or (2) by operation of inertia, gravity, or both.") and "butterfly knives".) .

We have been here before of course, with Yahoo!, the French government and Nazi memorabilia. (Moral panics have no memory - maybe we need a directory of them, just as we have for urban myths?) The end of the Yahoo! saga was that Yahoo! (and in fact ebay) chose to ban the sale of Nazi paraphernalia to restrict bad press, in the US as well as in Europe. But how much of a result is that in more than symbolic terms??

We all know that eBay (.com or "banning" an item effectively means very little. Items can be hidden in more general categories of listings (eg "folding knives") or under synonyms, and eBay does not appear to police its listings other than automatically restricting certain listings under banned categories. Right now, eg, although "flick knives" gets you zero results on, "buck knives", the US term, gets you 50 results.

The second real issue underlying here is if duties should be placed on eBay to take pro active policing (or "filtering") action, without which liability will be imposed - or if , as at present, eBay's liability should be restricted to arising only if it fails to take action on notice and take down. See passim on this blog, discussion of the E-Commerce Directive, Arts 12-15 and the puzzling question of their applicability to UGC sites like eBay.

Art 14 of the EC Electronic Commerce Directive as implemented in the UK by the 2002 Regulations of the same name, reg 19 states that:

"Where an information society service is provided which consists of the storage of information provided by a recipient of the service, the service provider (if he otherwise would) shall not be liable for damages or ... for any criminal sanction as a result of that storage where -

(a) the service provider -
(i) does not have actual knowledge of unlawful activity or information and, where a claim for damages is made, is not aware of facts or circumstances from which it would have been apparent to the service provider that the activity or information was unlawful; or
(ii) upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information, and

(b) the recipient of the service was not acting under the authority or the control of the service provider.

Thus as regards criminal liability under the 1959 Act for "sale" or "exposure" of flick knives, eBay cannot it seems , be found liable "for any criminal sanction as a result of that storage" unless it has received actual notice - a reactive NTD paradigm. Whether this is right or not in ethics, it appears to be the law. (a really interesting question might be if a victim of a flick knife attack claimed civil damages against eBay for breach of duty under the 1959 attack. Pangloss does not know enough about the English law of title to sue in statutory duties, let alone causation, to follow that one further..)

A final interesting issue is if eBay is indeed the person doing the "sale" or "exposure for sale" under the 1959 Act. As in the previous contact lens dispute, it might well be argued by eBay that the "person" who should be criminally liable is each individual seller, not eBay the intermediary platform. Again the ethics - as well as the efficacy - if not the strict law of this result may be questioned.

However there would seem to be little Parliament can do about it until and unless the E Commerce Directive is amended in its upcoming review.

Wednesday, January 09, 2008

Second Life bans virtual banks..

.. reports the Register.

That's only banks practicing only in virtuality - LInden dollar lenders and investors - according to El Reg - "meatspace" licensed banks are allowed to continue to operate. The reason given is that virtual banks were proving unstable due to offering riunous rates of return on invested Linden dollars.

"Since the collapse of Ginko Financial in August 2007, Linden Lab has received complaints about several in-world 'banks' defaulting on their promises. These banks often promise unusually high rates of L$ return, reaching 20, 40, or even 60 percent annualized," wrote Ken D., yesterday.

"Linden Lab isn’t, and can’t start acting as, a banking regulator," he added.

Which is interesting given a question that floated my way over the holidays: are virtual worlds , like Linden Labs, which issue widely used in-game currencies, convertible to and purchasable with real-world currencies, issuers of "electronic money"? And if hould they be regulated as deposit-taking baks are - or alternately do they fall within specialised regulatory schemes like the well-known if under-used EC Electronic Money Issuer Directive?

The EMI Directive was originally clearly intended to regulate "digital cash" issued on stored-value smart cards, as with the MOndex scheme rolled out in the early 2000s. Such schemes have never really caught on (though are arising again in the form of transport stored value cards like Oyster) - but the EMI has since been used to regulate quite different paradigms of electronic money such as the Pay pal business.

One point, as the Register notes, is that Linden Labs themselves clearly do not intend to hold themselves out as an EMI (or in the US perhaps, simply a bank). Their own terms and conditions say:

""Linden Dollars are not money, they are neither funds nor credit for funds. Linden Dollars represent a limited license right to use a feature of the simulated environment. Linden Lab does not offer any right of redemption for any sum of money, or any other guarantee of monetary value, for Linden Dollars."

On the other hand it is a notable feature of both ordinary money and EMIDir "electronic money" that it can be redeemed for face value against the issuer at any time, and this is right ("claim" according to the EMI Dir). For more erasons why 2L is probably not an EMI, see the useful chapter by Guadamuz and Usher in (ahem) Edwards ed The New Legal Framework for e-commerce in Europe.

Pangloss wonders what each virtual bank's T & C say about redemption in the event of the bank being closed down involuntarily by the platform host virtual world. The point of both banking and EMI regulation is at least partially to ensure that in the event of bank failure or closure, capital reserves must be maintained such that users at least get their stakes back. If that matter is left purely to contract however, it might be quite legal for Virtual Bank of Third Life (say) to provide that in the event of closure by platform world, all reserves are void. Or it might simply have run out of money - a run on the banks will no doubt by now already have started - as El Reg add "Linden Labs has requested that the virtual banks settle up with investors by January 22, honoring withdrawals. That should be interesting." Indeed.

If banks do not pay up and Second Life will not intervene to protect their users, relying on their stance that they are neither a money issuer nor a bank regulator - Would real space governments be prepared to get involved ? Eat your heart out, Northern Rock:)