Saturday, September 27, 2008

SCL POlicy Forum transcripts

The Society for Computers and Law organised for the third year running its blue-skies policy forum earlier this week in London, on Legislating for Web 2.0. This year, Chris Marsden was ably in charge, and as ever Herbert Smith hosted and wined and dined us most pleasantly. The conference was broadly on the policy and legislative agenda opening up in the next few years as we see the legal reform of the information society from both the content and carrier ends. viz

• The Audiovisual Media Services Directive was enacted on 18 December 2007 and is currentky being implemented;
• The new review of the Electronic Communications Services Framework (5 Directives and a Regulation) is taking place in the course of 2008;
• The Electronic Commerce Directive remains under constant review and is in tension with several national laws;
• The Consumer Acquis (8 Directives) is currently being reviewed.

I personally found day 1 of the conference a real learning curve as I struggled with the economics of broadband next gen networks roll out, and the politics of spectrum. Funny how eerily cosy and familiar it suddently felt, as we eased onto content issues like protection of minors, and media issues like public sector broadcasting, and then downright freewheeled down to the familiar battles of regulating web 2.0 services, intermediary hosting immunities, and copyright enforcement online on day 2. Old e-commerce and IT law hands like me need days like this to teach us that infrastructure issues are just as basic as contracts and copyright to making the Internet work.

The diferent attitudes of telecoms and e-commerce academics were fascinating; at root the former seemed to reply 90% on economic justification for policies, the latter 90% on normative issues (fairness, equality, human rights). Similar rooted differences as to the worth of market and regulatory forces showed up between the American and US attendees, especially in the data privacy arena. It made it very plain just how difficult international legal harmonisation of any kind is. The most heated session as a result was on whether Google, as the dominant player in the European search market, should be more explicitly regulated, whether by competition law or other means. Just about all the US, UK and European academics could agree on was that they were all sure they weren't as keen on regulation as Germans. (the speaker himself, Nico van Eijk of IVIR , was proudly Dutch.) Pangloss was amused at the idea of the new US:EU data "safe harbor" wars that seemed potentially on the horizon, and may be driven to write her own paper on Google-regulation yet.

MP3s etc of all the presentations, including the heated ISP immunities session Pangloss chaired , and her own presentation on music copyright enforcement, "3 strikes" and the new UK MoU, can be found on the SCL website

Friday, September 26, 2008

Stil not dead. Well, not QUITE.

Just back from the third instalment of GikIII, exhausted, flu-ridden and exhilarated. Horrible to puff one's own baby, but I continue to be staggered at people's inventiveness, cleverness and sheer powerpoint bravado when they pull the stops out for GikIII. Best quote I've seen so far from virgin attendee, machinima geek and Twitter blogger Hugh H:

"What's fascinating about this conference - well, one of the things - is the level of showmanship. It's like a very lawyerly open-mic night."

I think that really sums it up :-)

More coherence soon , when I am over my man-flu (and decided it really isn't leprosy. Andrea, I expect my eye patch to be in the e-post).

Powerpoints will also I imagine be up very shortly as soon as Andres has got over his hangover, er jetlag. (Actually some of them are already here.)

Many thanks to the as ever consummately efficient Ian Brown for chairing this year (while organising a few million pound grants on the side in teabreaks) and the attendees and participants for as ever putting their and soul into this conference. Next year: possibly in Amsterdam! and certainly earlier in September to avoid start-of-term clashes which kept a few regulars away. Watch this space! Also please let me know if you blog GikII and I might conceivably have missed it.

Wednesday, September 17, 2008

Still Not The End of the World: No Britains Dead

Wired blog reports on a remarkable recent example of hacking, in no less a venue than the Large Hydron Collider in Geneva at CERN :

"Shortly after physicists activated the Collider on Wednesday, hackers identifying themselves as Group 2600 of the Greek Security Team accessed computers connected to the Compact Muon Solenoid detector, one of four key subsystems responsible for monitoring the collisions of protons speeding around the 18-mile track near Geneva, Switzerland.

A few scientists had worried that the experiment could inadvertently create a planet-swallowing black hole. Physicists called this impossible, or at least extraordinarily unlikely. But the hack raises a different sort of worst-case scenario: the largest and most complicated science experiment in history, intended to reveal basic information about the composition of matter, derailed by malevolent intruders."

According to the Telegraph, the hackers were "one step away" from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12,500 tons, measuring around 21 metres in length and 15 metres wide/high.

Fun as it might be to speculate on whether hackers could have generated The End of the World (movie rights opending, surely) it's very clear that the worst that could have been done would have been the derailing or contamination of the experiemental results. But considering that £4.4 billion was spent on the LHC, even that would have been somewhat more serious than hax0r tricks.

If the US wants to sentence Gary McKinnon to life, what would they do to these guys if they get hold of them? Luckily for them if they ever get caught, the jurisdiction would presumably fall to the Swiss or Greek courts!

ICO Speaks Total, Utter Sense

No irony meant, honest.

OUT-LAW again say: "Organisations must not use the Data Protection Act as a smokescreen for not giving out information, privacy regulator the Information Commissioner's Office (ICO) has warned.The ICO has identified the most common data protection myths which it says are used to avoid transparency or that have just developed through ignorance of the actual law.

Deputy Commissioner David Smith said that "The Data Protection Act does not impose a blanket ban on the release of personal information. What it does do is require a common sense approach," he said. "It should not be used as an excuse by those reluctant to take a balanced decision."

Too bloody true. Unfortunately the examples given by the ICO are mainly related to the public sector: universities refusing to send results to anyone but the students themselves, schools refusing to let people take photos of children in school plays. In Pangloss's experience these bodies are usually fairly reasonable; eg there are often good reasons not related to DP law to reveal results to no-one but students in person, to do with confidentiality, trust and over demanding relatives, and as a bright line it still seems the best policy. Most universities will however send results to a student's home address on request, which deals with the "student off abroad and parents desperate to know" problem.

Those who really choose to use the DPA as the Don't Tell Anyone Anything Act are notoriously not non profits like schools, but the commercial sector and in particular, communications, banking and utility companies who cynically use the slice of lime factor of " it's against DP law" to cynically get rid of annoying customers and minimise customer service. Pangloss, eg, has spent many an unhappy hour trying to pay money INTO various accounts to pay for TV, cable, Internet and other bills and been told this wasn't possible "because of the data protection act". What possible release of personal data to the payer need this involve?

Another problem is what happens when one member of a couple has set up an account eg for telephone, and they then split up acrimoniously. It is hardly sensible, and potentially even dangerous, to advise the other partner that they cannot later acces or alter the details of their account without getting the estranged partner to ring. Indeed in some seperations, communication may have entirely broken down and it may be vital to change details eg if the matrimonial home is rented to a new tenant. All utility and similar companies should have sensible procedures in place to deal with such situations (an, crucially, which are trickled down to call centre level).

Should using the DPA to repel honest enquiries or non-privacy-invasive transations be regarded as a kind of corporate fraud? So long as there is effectively no real hard infringement of DPA law, large companies will continue to use the DP as a stonewalling excuse, because the nature of bureacracy is to gather as much data and reveal as little of it to others as possible. the evaporation of personal service in favouir of anonymised call centres with pre written scripts also has a great deal to answer for.

Suicide is Painful (If You're an ISP?)

The government has announced it is legislating to clamp down on suicide websites (a good vote getter while the electorate panics alternately about theur savings, their mortgage and when Brown wil resign? says Pangloss, who has her mortgage with IF aka HBOS and is having a stiff drink..)

"The law on "suicide websites" is to be rewritten to ensure people know they are illegal, the government has said.

It follows concerns people searching for information on suicide are more likely to find sites encouraging the act than offering support.

It is illegal under the 1961 Suicide Act to promote suicide, but no website operator has been prosecuted.

The law will be amended to make clear it applies online and to help service providers police the sites they host."

Pretty clearly this is not new law at all, but mainly a sop to worried parents after the blanket publicity around the WElsh village of ABridgend as a suicide hot spot.

"Justice Minister Maria Eagle said "Updating the language of the Suicide Act, however, should help to reassure people that the internet is not a lawless environment and that we can meet the challenges of the digital world."

One wonders what relation this law will have to the familiar ECD Art 14 hosting immunities. Will ISPs be given a specific time limit for notice and take down, as in the E-Commerce Directive terrorism regulations? I'd gamble yes.

Will the IWF add suicide websites to their encrypted cleanfeed blocklist despite the acknowledged difficulties in spotting the difference between a site promoting suicide and one providing support to the suicidal? Yes again, I'd say.

Will the change in law be enforced against sites hosted abroad? Hmm - With great difficulty, and..

Will the legislature remember suicide law is different in Scotland and that there is not only no statute but no clear common law on the illegality of assisting or promoting suicide? I do hope so, otherwise we might see an upsurge in suicide websites hosted on Scottish servers!

We now return you to your regularly scheduled panic-stricken watching of Newsnight...

More Scottish info privacy news

While we're making Scotocentric comments on HBOS meltdown day, another snippet, slightly late, from OUT-LAW on 12/9/08:

The Scottish Government has asked a panel of experts to produce rules for public bodies to follow so that personal information and privacy is better protected. The move follows a series of UK-wide data breaches involving public authorities.

The panel will produce guidance for public bodies to ensure that they are treating personal information properly. That guidance will be subject to public consultation before any adoption by the Scottish Government.

The group of experts includes representatives from the public and private sectors and includes Rosemary Jay, a privacy law expert at Pinsent Masons, the law firm behind OUT-LAW.COM.

The group also includes Gus Hosein of Privacy International, Scottish Government director of corporate services Paul Gray, assistant information commissioner for Scotland Ken Macdonald, Edinburgh University honorary fellow Charles Raab and Jerry Fishenden, Microsoft's lead technology advisor for the UK.""

Pangloss notes with approval this list of luminaries but feels slightly sad they didn't ask her, just when she's (sort of) moved back to Edinburgh. Ah, hubris!

Sunday, September 14, 2008

Tweets! (and RSSs)

Ok, should you wish to subscribe to notifications of updates to this blog via Twitter you now can: just log into Twitter and subscribe to Panglossle at .

Pangloss herself is not quite sure of the point of this (but somone suggested it as a good idea): you'd have to go to the web to read the full thing anyway so why not just subscribe to Pangloss's RSS feed and see updates via whatever you read RRS feeds in (PG herself uses LiveJournal as her RSS reader but knows that isn't very professional - it works though)? Perhaps someone can enlighten me.

However this does remind me that I should publicise the RSS feed, which I will do once I get round to revamping the template which requires wholesale change since the Blogger upgrade (oh god, life is just so complicated..)

Atom link:

RSS link:

On that note, I'm worn out!


Testing out Twitterfeed for the greater good of my readership. Hang on in there a mo..

Wednesday, September 03, 2008

Law Blawging UK OK

Slightly belatedly, via Binary Law:

TimesOnline does the round up of the usual suspects (no Pangloss, helas!) on the UK blawging circuit. As Nick Holmes comments, the scene is really rather rosier than both the article and the comments seem to indicate.. in fact if you look at Charon QC's enormously usual single page of UK blawgers, there are many many blawgs I've never heard of or sadly never get the time to look at..

Actualy IMHO I am quite staggegered how many laws practitioners (as opposd to we feeble academics) find time to maintain decent readable blawgs. Where do they put it in time billing one wonders?

Burning Chrome

I've now seen in a few places (and been asked to comment) on this extract from Google's new browser Chrome's EULA: (see eg

The part people are worried about is

11.1 You retain copyright and any other rights that you already hold in Content that you submit, post or display on or through the Services. By submitting, posting or displaying the content, you give Google a perpetual, irrevocable, worldwide, royalty-free and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content that you submit, post or display on or through the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

My opinion FWIW (without prejudice etc) is that this is harmless. The part in bold is the important bit. Yes Google are getting a (non exclusive) license to your content but ONLY to show off and advertise theur toy. This is a very common clause: in fact I'm told Google have it as a standard clause in all their contracts and I'm sure they do and it's bothered nobody.

I remember Hugh Hancock from machinama land asking me about a very similar clause in (I think) a MS machinima license. Basically if someone provides a free cool web service, they want to use your cool content to show off in demos to clients, on the web etc etc. And they don't want to have to come ask you for copyright permision. In return for a free service, this doesn't seem unreasonable to me.

There is also a very outside chance that Google are protecting *themselves* against a claim of copyright violation for their browser being used to make a copy of someone site who then claims he didn't give permission for that. In other words, normal uses of a web browser.

What it does *not* mean is that Google are grabbing the right to steal your entire video blogsite accessed via their browser, package it into a Richard and Judy bestseller book, turn that into a best selling film and retire on your profits :)

Rest easy kids.

EDIT: Google are apparently going to retrospectively clarify the issue.

EDIT 2: and apparently already have : " As of 2 p.m. PT, it looks like the terms have changed. Section 11 now reads simply: "11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services."