Monday, January 22, 2007


BILETA is the gathering of the tribes of IT law in the UK and Europe: the must-be-seen-at conference for the old lags (or lagettes) of the Internet law game. It's been going for over 20 years and is always enormous fun. This year's is on 16-17 April at the University of Hertfordshire.

I, (for my sins) am organising what was described as a "GikII-like" (or GikII-lite?) stream at this event -

"Stream 2 - Horizon scanning
Looking somewhat speculatively into the future, this stream asks the question, where technology will go from here and also what the legal response should be to these suggested changes. The legal reality of science fiction meets BILETA!
Email submission to: "

The abstract deadline (c 500 words) has just been extended to Friday 2 March 2007, so plenty of time to get your world-upturning contribution in. (Plenty of other streams too - see ). I'll be there (though not so much scanning the horizon as furrowing my brow in worry at it) with , hopefully, a paper on the empirical work on ISPs, notice and takedown, notice and disconnection and disclosure of IDs by ISPs I've been working on with the AHRC Centre at Edinburgh.

Friday, January 19, 2007

A Swedish-Trojan tale

According to the Beeb

"Internet fraudsters have stolen around 8m kronor ($1.1m; £576,000) from account holders at Swedish bank Nordea. The theft, described by Swedish media as the world's biggest online fraud, took place over three months. The criminals siphoned money from customer's accounts after obtaining login details using a malicious program that claimed to be anti-spam software.
Nordea said it had now refunded the lost money to all 250 customers affected by the scam.

"What is important is that none of our customers will have lost their money," said a bank spokesman. "

Really? At a conference last Tuesday organised very helpfully by ISPA , the UK ISP Association, to discuss the upcoming HL Inquiry into Personal Internet Security, the view was informally expressed that the banks are not really hurting on this one yet. If and when they do, we'll start to suddenly see a trend for these kind of losses to be absorbed by the customers. One wonders how the bank offsets their losses - what do their own insurance policies cover? Or are they just using up profits?

It is generally believed on the high street that any misuse of money in consumer bank accounts is the responsibility of the bank. In fact the real law is much less clear - especially in cases like phishing where the customer is arguably the one in breach of duty of care. Cases like this where Trojans are implanted as key loggers or other forms of spyware are a middle ground, being (again arguably) neither the fault of customer or bank; and misuse of credit cards, as in ID theft, falls clearly (after the latest clarification as to use overseas) into the consumer credit protection guarantees of the EC ie the responsibility of the card issuer.

I've yet to see a really clear piece of work in the UK dealing with these issues and not sponsored by an obviously involved party eg a bank or a law firm who wants bank work. It might be a good PhD for someone, since we apear to be in PhD application season..:-) Better than doing electronic signatures AGAIN for sure!