Ireland against the Data Retention Directive: AG nixes constitutional attack

From Digital Rights Ireland: (and thanks to Judith Rauhofer for the tip off)

"The Advocate General of the European Court of Justice has just given his Opinion (summary, PDF) on the Irish Government’s challenge and has recommended to the Court that the challenge should be rejected, holding that the Data Retention Directive was correctly dealt with as an internal market measure rather than a criminal justice measure (which would have required unanimity to pass). Opinions of the Advocate General aren’t binding but are generally followed by the Court, making it more likely that the Government’s challenge will now fail.

It’s important to point out, though, that this ruling only relates to the procedural way in which the Directive was passed. It doesn’t affect our case that the Directive breaches fundamental principles of human rights, and we still await a decision from the High Court referring these issues to the European Court of Justice."

Pangloss is speaking tomorrow at a Parliamentary and ISPA event on the UK consultation on implementing the DRD by March 2009, so this is rather timely. However as DRI points out, to some extent this is almost a side issue: the real issue continues to be whether it is proportional to the aim of reducing crime and terrorism to retain all forms of e-communications by te entire UK population for up to two years. In the UK consultation, a year's retention is recommended for e- and telecoms traffic to help cut down on serious crime; yet almost every example but one given in the document relates to an investigation which was solved using data retained for a matter of hours, days or weeks, not a year. How thus is one year the "proportionate" response to the invasion of privacy sanctioned?

I think it was Ray Corrigan (though I can't seem to find the reference, sorry!) who pointed out the bad science involved in the much quoted statement in the consultation, that retention for a full year was justified because, in a trial month in 2005:

"there were 231 requests for data relating to communications that had taken place between 6
and 12 months earlier. 60% of these requests were in support of murder and terrorism investigations and 26% of the requests were in support of other forms of serious crime including armed robbery and firearms offences. "

But the key point for such stats is how many requests were made in 2005 in TOTAL? Privacy International quote that figure as 439,000, drawn from government stats. Thus assuming a similar rate of request across the year, the requests for data over 6 months old were only 0.006% of all requests made in 2005. Does that justify retention for a year for every type of communication data, given the privacy implications? (And given the anecdotal evidence so far that such data is being requested by local authorities for purposes other than catching serious criminals or terrorists??

A nice quote, also from DRI and via B2fXX: ""Laws requiring monitoring of the entire population are astonishing in a democracy."

E-money Rides Again, at the Least appropriate Time Possible

This report from El Reg on the Commission's new Working Document on e-payments is so gloriously cynical that I'm not even going to try to re-write it.

"The European Commission has launched a new legal framework to boost the use of "electronic money" within the EU, even as we all realise we had even less real money than we thought.

The Eurocrats have admitted that earlier utopian predictions that we’d all be loading cash on our mobile phones, travel cards or internet accounts have proved to be somewhat overblown. In part, it is blaming itself, saying current rules “have hindered the takeup of the electronic money market, hampering technological innovation”.

Translated, this means the foolish peasants (the rest of us) have refused to stop keeping anachronistic wads of notes and piles of coins in stupid places like pockets, in wallets, under mattresses, that sort of thing, when what they really should be doing is paying smart young things to take their money and convert it into cyber cash, loaded on trustworthy items like phones, Oyster cards, servers and deelie boppers.

So, in the interests of keeping the dream alive, Brussels has proposed a new framework for “issuing electronic money”. This will include a “technologically neutral and simpler definition”, ie that electronic money is “monetary value stored electronically on receipt of funds and which is used for making payment transactions". This will include e-cash stored on devices in the holders' possession or “remotely at a server.” "

Internal capital requirements for EMIs will be reduced to 125,000 Euros - "“enabling market entrance for smaller players" - is this really what we want to encourage at a time when giants like HBOS etc are dropping like flies?! What happens when an EMI goes under? Does the relevant national underwriting guarantee apply? We have all the potential problems of Icesave staring us in the face as a stark example that national guarantees do not transpose well to virtual banks.

As all IT lawyers know, the main problem with the old EMI Directive was indeed that it was not technology-neutral at all, but modelled around smart card money, which was terribly hip before all the schemes like Mondex etc quietly flopped and failed. When in reality it turned out that what people wanted was credit, not debit, in times of free fast credit thrown at you from all directions, and/or alternately to use anonymous, data-protecting, handy account-based systems like Paypal (complete with useful guarantee for eBay transactions) rather than carry round yet another card whose loss might result in loss of actual money, without guarantee of repayment.

It sounds like Brussels has now finally recast the definition of an EMI to firmly cover the likes of Paypal. (See the now defunct argument about this via Andres Guadamuz here.) Which is sort of amusing when PayPal itself long gave up on the clunky EMI framework and instead just became a bank in Luxembourg. And when the bottom has dropped out the credit market so thoroughly that pre-pay debit cards might just possibly become saleable again.. (though I wouldn't hold my breath. The Oyster card/debit car all-in-one model however should be useful whenever they iron out the commercial holdups.)

What will be really interesting to see is how far the proposed new rules cover mobile- phone-as-e-wallet - which is the development that was already looking set to revitalise the digital payments sector, if anything could.

Also the problem remains that paying by Paypal , even when linked to a credit card, is not covered by the usual guarantees of the EC consumer credit legislation - or at least not according to the UK Banking Ombudsman and the FSA - and should thus really be discouraged for dubious or large purchases (eg travel companies about to go bust, unknown ebay sellers).

I doubt the consultation touches this , being mainly concerned with capital requirements and the like, but I'll report back when i've actually read it properly , ok?

EDIT: OK, an hour later..

The consultation does indeed refer to MNOs (MObile Network Operators)) as another problem for the definition of e-money, along with "server-based" systems like Paypal.

It is starkly admitted that traditional smart card systems a la Mondex are dead. Contactless transport cards as e-money are catching on yes (22 in the Czech Republic), but still almost exclusively used at unmanned sites such as transport turnstiles or car parks. Public shows no sign of wanting to use e-cash more extensively. (This may explain the mysterious failure of the Oyster system to expand to small value real world purchases eg newspapers..)

The only major problem asserted with the current ElMI system apart from the definition issues is the high internal capital requirement - hence the suggestion to reduce from 1 m Euros to an eighth of that!

There is no mention of the difficulties with credit card like guarantees for paypal etc payments, unless it is dealt with tangentially in the under discussion harmonisation of EU payment laws under the Payments Directive, currently due to be passed November 2009.

Similarly money laundering - which is known to be increasingly used by criminals to get funds past national borders, especially to Africa and Eastern Europe - is left to be dealt with as and when by financial fraud legislation.

Overall, a remarkably unambitious and pretty redundant consultation. One suspects it might habve been more sensible if politically difficult to shelf this document entirely untiul the dust settles a bit on the current financial meltdown.

Fun Times for Phishing

The credit crisis is doing interesting things to computer crime. One might have predicted that a background of banks crashing, closing access to depositors and being bailed out would be seventh heaven for phishing emails, with uses failing to distinguish real reassuring emails from fake ones in the confusion. And so it has transpired - with Chase, Wachovia and Bank of America among the most popular targets with scammers, according to the US's watchdog, the FTC.

But of course what are you phishing FOR? As credit dries up, the old standby of stealing personal id so as to apply for limitless amounts of credit loses its efficacy. Soon, the days of easy credit cards will be gone. So instead, phishing attacks have switched from ID theft to to faking credentials to allow withdrawals from existing accounts. This is interesting - surely such attacks should be more visible than plain old ID theft? Would this not be a good time to look at banking security and supervision with a view to automatedly spotting upsurges in microwithdrawals from multiple accounts?

The HL recently reiterated its call for banks to be legally held liable for phishing losses to bank accountholders. At the moment, despite the lack of mandatory control, banks usually, though not universally , pay up. As margins tighten and liquidity disappears, and as phishing attacks mount (already up 180% in the UK from January to June 08 compared to the same period in 2007, according to Apacs) it will grow ever more tempting for banks to find ways to get out of reimbursing phishing losses eg by claiming that users failed to take adequate security steps. Considering the imbalance in technical knowledge and control between banks and users, this must be resisted. Phishing liability needs to be put on a legal basis, and soon.

Statute of Limitations & Privacy Round-Up

Brief moment of self aggrandisement - looking something up, I notice I've just missed the three year anniversary of this blog, having started in September 05. Cor. The private lawyer in me notes that the first claims for negligent misstatement or defamation should now be time barred.

Now that I am finally installed properly in Sheffield as of this week, I hope this blog will return to more rgular service than of late :-)

Advance warning - Ian Brown and I have just completed this year's Macafee Virtual Criminology Report 2008 and it should be launched week beginning Dec 8th. Clear your virtual desks in antici-pation!!!

More bathetically, in a bid to encounter friendly natives, I will be at the Sheffield Law Society Halloween bash on Oct 31st!! If you're in the area and want to meet the (in) famois Pangloss do say hi! I believe costumes are mandatory however so I will be unrecognisable, and probably dressed as a Russian botnet. Should be fun :-)

Two actual items of content: one, the very in(famous) Mr Mosley, of Nazi orgy fame, is to petition the ECHR to change privacy law and require the media to notify people before they punish stories about them. Briefly this seemed a nice idea to Pangloss, but of course all it would do is enable preliminary gagging of the press by immediate seeking of injunctions in every case. One cannot see this going anywhere as the essence of the libel/freedom of speech compromise is that post factum damages are preferable to prior restraint. I can't see any reason why this policy balance should be unsettled by reference to privacy rather than defamation. Still, interesting times.

Secondly, an oldy but a goody - yet more evidence that no one reads privacy policies. Well, if you tried to, it would take you anything from ten minutes to half an hour.

"Were people to actually read the policies and charge for that time it would cost $652bn a year.

Though that figure has limited usefulness, because people rarely read whole policies and cannot charge anyone for the time it takes to do this, the researchers concluded that readers who do conduct a cost-benefit analysis might decide not to read any policies."

As a former reader of fantasy, I love law and economics ...

The OPA rides again..

http://www.theregister.co.uk/2008/10/06/obscene_publication_girls_aloud/

Bleeding heck. This and the UK extraditing someone for denial of Holocaust, a crime we don't actually have here, all in one week?

I hate to say it, but both the Lib Dems and the Telegraqh are dead right on this one. I'm all for reasonable restraints on freedom of speech, of which this certainly is one, but the correct approach should then be a public debate in the UK as to whether this is a crime we wish to recognise (or introduce) not a blank cheque to the receiving country's police. That way lies extraditing Western citizens to Saudi Arabia for sever penalties for (say) sleeping with married women. No please.

The Girls Aloud stuff is equally vile but the principle has long been understood: no more prosecutions of literature, stick to obscene pix. Even the IWF now says it is after "images of child abuse" not "child porn". As Wendy Grossman pointed out, if this prosecution is successful, will the IWF have to start considering the artistic worth of stories and fan fiction, so as to add it after complaint to its block list. Really no please. That is for courts.

Are conservative values reasserting themselves in recession or is it just autumn and time for some Internet moral panic stories?

ps this is my first blog post written on my beautiful new and very tiny Acer 1: staggeringly cheap, fast, decent keyboard, virus free Linux OS, built in web cam. I am a total convert. All I need now is mobile Internet sub and I can happily write all my articles on the train to Sheffield :-)

SCL POlicy Forum transcripts

The Society for Computers and Law organised for the third year running its blue-skies policy forum earlier this week in London, on Legislating for Web 2.0. This year, Chris Marsden was ably in charge, and as ever Herbert Smith hosted and wined and dined us most pleasantly. The conference was broadly on the policy and legislative agenda opening up in the next few years as we see the legal reform of the information society from both the content and carrier ends. viz

• The Audiovisual Media Services Directive was enacted on 18 December 2007 and is currentky being implemented;
• The new review of the Electronic Communications Services Framework (5 Directives and a Regulation) is taking place in the course of 2008;
• The Electronic Commerce Directive remains under constant review and is in tension with several national laws;
• The Consumer Acquis (8 Directives) is currently being reviewed.

I personally found day 1 of the conference a real learning curve as I struggled with the economics of broadband next gen networks roll out, and the politics of spectrum. Funny how eerily cosy and familiar it suddently felt, as we eased onto content issues like protection of minors, and media issues like public sector broadcasting, and then downright freewheeled down to the familiar battles of regulating web 2.0 services, intermediary hosting immunities, and copyright enforcement online on day 2. Old e-commerce and IT law hands like me need days like this to teach us that infrastructure issues are just as basic as contracts and copyright to making the Internet work.

The diferent attitudes of telecoms and e-commerce academics were fascinating; at root the former seemed to reply 90% on economic justification for policies, the latter 90% on normative issues (fairness, equality, human rights). Similar rooted differences as to the worth of market and regulatory forces showed up between the American and US attendees, especially in the data privacy arena. It made it very plain just how difficult international legal harmonisation of any kind is. The most heated session as a result was on whether Google, as the dominant player in the European search market, should be more explicitly regulated, whether by competition law or other means. Just about all the US, UK and European academics could agree on was that they were all sure they weren't as keen on regulation as Germans. (the speaker himself, Nico van Eijk of IVIR , was proudly Dutch.) Pangloss was amused at the idea of the new US:EU data "safe harbor" wars that seemed potentially on the horizon, and may be driven to write her own paper on Google-regulation yet.

MP3s etc of all the presentations, including the heated ISP immunities session Pangloss chaired , and her own presentation on music copyright enforcement, "3 strikes" and the new UK MoU, can be found on the SCL website

Stil not dead. Well, not QUITE.

Just back from the third instalment of GikIII, exhausted, flu-ridden and exhilarated. Horrible to puff one's own baby, but I continue to be staggered at people's inventiveness, cleverness and sheer powerpoint bravado when they pull the stops out for GikIII. Best quote I've seen so far from virgin attendee, machinima geek and Twitter blogger Hugh H:

"What's fascinating about this conference - well, one of the things - is the level of showmanship. It's like a very lawyerly open-mic night."

I think that really sums it up :-)

More coherence soon , when I am over my man-flu (and decided it really isn't leprosy. Andrea, I expect my eye patch to be in the e-post).

Powerpoints will also I imagine be up very shortly as soon as Andres has got over his hangover, er jetlag. (Actually some of them are already here.)

Many thanks to the as ever consummately efficient Ian Brown for chairing this year (while organising a few million pound grants on the side in teabreaks) and the attendees and participants for as ever putting their and soul into this conference. Next year: possibly in Amsterdam! and certainly earlier in September to avoid start-of-term clashes which kept a few regulars away. Watch this space! Also please let me know if you blog GikII and I might conceivably have missed it.

Still Not The End of the World: No Britains Dead

Wired blog reports on a remarkable recent example of hacking, in no less a venue than the Large Hydron Collider in Geneva at CERN :

"Shortly after physicists activated the Collider on Wednesday, hackers identifying themselves as Group 2600 of the Greek Security Team accessed computers connected to the Compact Muon Solenoid detector, one of four key subsystems responsible for monitoring the collisions of protons speeding around the 18-mile track near Geneva, Switzerland.

A few scientists had worried that the experiment could inadvertently create a planet-swallowing black hole. Physicists called this impossible, or at least extraordinarily unlikely. But the hack raises a different sort of worst-case scenario: the largest and most complicated science experiment in history, intended to reveal basic information about the composition of matter, derailed by malevolent intruders."

According to the Telegraph, the hackers were "one step away" from the computer control system of one of the huge detectors of the machine, a vast magnet that weighs 12,500 tons, measuring around 21 metres in length and 15 metres wide/high.

Fun as it might be to speculate on whether hackers could have generated The End of the World (movie rights opending, surely) it's very clear that the worst that could have been done would have been the derailing or contamination of the experiemental results. But considering that £4.4 billion was spent on the LHC, even that would have been somewhat more serious than hax0r tricks.

If the US wants to sentence Gary McKinnon to life, what would they do to these guys if they get hold of them? Luckily for them if they ever get caught, the jurisdiction would presumably fall to the Swiss or Greek courts!

ICO Speaks Total, Utter Sense

No irony meant, honest.

OUT-LAW again say: "Organisations must not use the Data Protection Act as a smokescreen for not giving out information, privacy regulator the Information Commissioner's Office (ICO) has warned.The ICO has identified the most common data protection myths which it says are used to avoid transparency or that have just developed through ignorance of the actual law.

Deputy Commissioner David Smith said that "The Data Protection Act does not impose a blanket ban on the release of personal information. What it does do is require a common sense approach," he said. "It should not be used as an excuse by those reluctant to take a balanced decision."

Too bloody true. Unfortunately the examples given by the ICO are mainly related to the public sector: universities refusing to send results to anyone but the students themselves, schools refusing to let people take photos of children in school plays. In Pangloss's experience these bodies are usually fairly reasonable; eg there are often good reasons not related to DP law to reveal results to no-one but students in person, to do with confidentiality, trust and over demanding relatives, and as a bright line it still seems the best policy. Most universities will however send results to a student's home address on request, which deals with the "student off abroad and parents desperate to know" problem.

Those who really choose to use the DPA as the Don't Tell Anyone Anything Act are notoriously not non profits like schools, but the commercial sector and in particular, communications, banking and utility companies who cynically use the slice of lime factor of " it's against DP law" to cynically get rid of annoying customers and minimise customer service. Pangloss, eg, has spent many an unhappy hour trying to pay money INTO various accounts to pay for TV, cable, Internet and other bills and been told this wasn't possible "because of the data protection act". What possible release of personal data to the payer need this involve?

Another problem is what happens when one member of a couple has set up an account eg for telephone, and they then split up acrimoniously. It is hardly sensible, and potentially even dangerous, to advise the other partner that they cannot later acces or alter the details of their account without getting the estranged partner to ring. Indeed in some seperations, communication may have entirely broken down and it may be vital to change details eg if the matrimonial home is rented to a new tenant. All utility and similar companies should have sensible procedures in place to deal with such situations (an, crucially, which are trickled down to call centre level).

Should using the DPA to repel honest enquiries or non-privacy-invasive transations be regarded as a kind of corporate fraud? So long as there is effectively no real hard infringement of DPA law, large companies will continue to use the DP as a stonewalling excuse, because the nature of bureacracy is to gather as much data and reveal as little of it to others as possible. the evaporation of personal service in favouir of anonymised call centres with pre written scripts also has a great deal to answer for.

Suicide is Painful (If You're an ISP?)

The government has announced it is legislating to clamp down on suicide websites (a good vote getter while the electorate panics alternately about theur savings, their mortgage and when Brown wil resign? says Pangloss, who has her mortgage with IF aka HBOS and is having a stiff drink..)

"The law on "suicide websites" is to be rewritten to ensure people know they are illegal, the government has said.

It follows concerns people searching for information on suicide are more likely to find sites encouraging the act than offering support.

It is illegal under the 1961 Suicide Act to promote suicide, but no website operator has been prosecuted.

The law will be amended to make clear it applies online and to help service providers police the sites they host."

Pretty clearly this is not new law at all, but mainly a sop to worried parents after the blanket publicity around the WElsh village of ABridgend as a suicide hot spot.

"Justice Minister Maria Eagle said "Updating the language of the Suicide Act, however, should help to reassure people that the internet is not a lawless environment and that we can meet the challenges of the digital world."

One wonders what relation this law will have to the familiar ECD Art 14 hosting immunities. Will ISPs be given a specific time limit for notice and take down, as in the E-Commerce Directive terrorism regulations? I'd gamble yes.

Will the IWF add suicide websites to their encrypted cleanfeed blocklist despite the acknowledged difficulties in spotting the difference between a site promoting suicide and one providing support to the suicidal? Yes again, I'd say.

Will the change in law be enforced against sites hosted abroad? Hmm - With great difficulty, and..

Will the legislature remember suicide law is different in Scotland and that there is not only no statute but no clear common law on the illegality of assisting or promoting suicide? I do hope so, otherwise we might see an upsurge in suicide websites hosted on Scottish servers!

We now return you to your regularly scheduled panic-stricken watching of Newsnight...

More Scottish info privacy news

While we're making Scotocentric comments on HBOS meltdown day, another snippet, slightly late, from OUT-LAW on 12/9/08:

The Scottish Government has asked a panel of experts to produce rules for public bodies to follow so that personal information and privacy is better protected. The move follows a series of UK-wide data breaches involving public authorities.

The panel will produce guidance for public bodies to ensure that they are treating personal information properly. That guidance will be subject to public consultation before any adoption by the Scottish Government.

The group of experts includes representatives from the public and private sectors and includes Rosemary Jay, a privacy law expert at Pinsent Masons, the law firm behind OUT-LAW.COM.

The group also includes Gus Hosein of Privacy International, Scottish Government director of corporate services Paul Gray, assistant information commissioner for Scotland Ken Macdonald, Edinburgh University honorary fellow Charles Raab and Jerry Fishenden, Microsoft's lead technology advisor for the UK.""

Pangloss notes with approval this list of luminaries but feels slightly sad they didn't ask her, just when she's (sort of) moved back to Edinburgh. Ah, hubris!

Tweets! (and RSSs)

Ok, should you wish to subscribe to notifications of updates to this blog via Twitter you now can: just log into Twitter and subscribe to Panglossle at https://twitter.com/panglossle .

Pangloss herself is not quite sure of the point of this (but somone suggested it as a good idea): you'd have to go to the web to read the full thing anyway so why not just subscribe to Pangloss's RSS feed and see updates via whatever you read RRS feeds in (PG herself uses LiveJournal as her RSS reader but knows that isn't very professional - it works though)? Perhaps someone can enlighten me.

However this does remind me that I should publicise the RSS feed, which I will do once I get round to revamping the template which requires wholesale change since the Blogger upgrade (oh god, life is just so complicated..)

Atom link:
http://blogscript.blogspot.com/feeds/posts/default

RSS link:
http://blogscript.blogspot.com/feeds/posts/default?alt=rss


On that note, I'm worn out!

Twitterfeed

Testing out Twitterfeed for the greater good of my readership. Hang on in there a mo..

Law Blawging UK OK

Slightly belatedly, via Binary Law:

TimesOnline does the round up of the usual suspects (no Pangloss, helas!) on the UK blawging circuit. As Nick Holmes comments, the scene is really rather rosier than both the article and the comments seem to indicate.. in fact if you look at Charon QC's enormously usual single page of UK blawgers, there are many many blawgs I've never heard of or sadly never get the time to look at..

Actualy IMHO I am quite staggegered how many laws practitioners (as opposd to we feeble academics) find time to maintain decent readable blawgs. Where do they put it in time billing one wonders?

Burning Chrome

I've now seen in a few places (and been asked to comment) on this extract from Google's new browser Chrome's EULA: (see eg http://www.theregister.co.uk/2008/09/03/google_chrome_eula_sucks/)

The part people are worried about is

11.1 You retain copyright and any other rights that you already hold in Content that you submit, post or display on or through the Services. By submitting, posting or displaying the content, you give Google a perpetual, irrevocable, worldwide, royalty-free and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content that you submit, post or display on or through the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

My opinion FWIW (without prejudice etc) is that this is harmless. The part in bold is the important bit. Yes Google are getting a (non exclusive) license to your content but ONLY to show off and advertise theur toy. This is a very common clause: in fact I'm told Google have it as a standard clause in all their contracts and I'm sure they do and it's bothered nobody.

I remember Hugh Hancock from machinama land asking me about a very similar clause in (I think) a MS machinima license. Basically if someone provides a free cool web service, they want to use your cool content to show off in demos to clients, on the web etc etc. And they don't want to have to come ask you for copyright permision. In return for a free service, this doesn't seem unreasonable to me.

There is also a very outside chance that Google are protecting *themselves* against a claim of copyright violation for their browser being used to make a copy of someone site who then claims he didn't give permission for that. In other words, normal uses of a web browser.

What it does *not* mean is that Google are grabbing the right to steal your entire video blogsite accessed via their browser, package it into a Richard and Judy bestseller book, turn that into a best selling film and retire on your profits :)

Rest easy kids.

EDIT: Google are apparently going to retrospectively clarify the issue.

EDIT 2: and apparently already have : " As of 2 p.m. PT, it looks like the terms have changed. Section 11 now reads simply: "11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services."

And meanwhile...

.. while Pangloss continues its summer hiatus and if you want some light reading, you might be interested to know that many of my recent and even not so recent articles are now available in pre-print form on SSRN .

Many thanks to Nadine Ericksson-Smith for doing the admin involved in getting these there!

Happy soggy summer to all, ho ho ho..

Also to whet your appetite for the autumn, upcoming places to see Pangloss.. (gosh , it's just like the Edinburgh Fringe comedy tours!)

Scottish SCL Meeting, September 3rd - Edinburgh, Faculty of Advocates, Mackenzie Building (behind Fringe Office) High Street, Edinburgh - Facebook and the Law: CyberStalking Paradise 2.0?

SCL 3rd Annual Policy Forum 2008 : Legislating for Web 2.0 – Preparing for the Communications Act? 22 & 23 September 2008 , London

GikIII 24th-25 September, Oxford: Data Protection 2.0: This Time It's Personal (Data?)

Practical Law Seminar, 30 September, London : Social Networking, privacy and Other Legal Issues

QMIPRI-SIIA Conference: Digital Publics - 2 October, London

Tel Aviv University, Israel, invited lecture - December 4th

Important Contact News and SCRIPT-Ed conference

Pangloss has temporarily moved back to lovely Auld Reekie pending resettlement at her new job as Professor of Internet Law at Sheffield University. I am currently looking for nice rented accommodation with garden for homeless cyberprof and two well (honest :-) behaved kitties should you know any useful slum landlords in the area (or, indeed, be one) ..

IMPORTANT: From September 1 2008 l.edwards@soton.ac.uk will CEASE TO OPERATE. (Rather unlike,it has to be said, lovely ed.ac.uk which two years on is still faithfully forwarding the odd email..)

My new email is lilian.edwards@sheffield.ac.uk . You can start using this as of now but it will become vital after September 1. Please note the odd spelling of my first name :)

I am also stepping down as Director of ILAWS. I remain Associate Director of SCRIPT/the AHRC Centre for Intellectual property and Technology at Edinburgh.

Talking of which , one of my happiest jobs in that capacity is to still act as a Managing Editor of SCRIPT-ed, the online journal of the AHRC Centre, whose remit is very broadly the interaction between law and technology. The most recent issue (Vol 5 No 1) includes papers on topics as varied as trade mark dilution, user attitudes to P2P services and the ethical issues surrounding 'bionic' athletes. We are always interested in prospective contributions for SCRIPTed, and we are also keen to hear from suitably-qualified referees to help peer-review submissions. One of the key strengths of SCRIPT-ed I think is that in a field as dynamic as IT and IP law we can usually guarantee swift publication, while retaining the rigour of peer-review.

Not content with running a journal, the managing committee are now organising the SCRIPTed Conference, to take place at the University of Edinburgh from 29-31 March 2009. Taking as its theme 'the Governance of New Technologies', it will focus on evolving and emerging technologies and new-technology-driven practices and their impact on the overlapping fields of healthcare, information technology and intellectual property. The Call for Papers is open until 15 November, whilst an outline programme is available. Dan Hunter is one of the special guests whom Panglos herself wil be very eager to meet again - Dan is one of the foremost experts in both the US and Australia on virtual worlds and the law.

So, why not make a date in your diaries for what promises to be a fascinating and enjoyable three days in the beautiful city of Edinburgh?

Ongoing Trends in Open Source Statistics

I was going to send this to my esteemed colleague Technollama and then I thought, no, everyone deserves to see this!!

I don't know whether this says more about the development of open source, the obesity epidemic, or both!!
(Via Andrew Ducker.)

And Another Depressing Copyright Post..

Bill Thompson has an excellent summing up ofthe state of play as UK ISPs like Virgin move towards helping the music industry "re-educate" its users and resist the move to 21st century business models.

"We need a space for experimentation, where we can test the limits of old laws and explore how they might be altered in future, but once ISPs decide that they are no longer neutral carriers of bits and choose to ally themselves with the content industry then we lose another sliver of freedom.

At the moment it's hard to use BitTorrent anonymously, although since the service itself is entirely legal and legitimate there should be no need to do so.

The moves by Virgin and other ISPs will simply spur the development of new ways of sharing files, just as the clampdown on Napster lead directly to the development of the current generation of peer to peer networks.

Virgin has just given its thousands of users an incentive to explore these new tools in order to confuse their administrators."

The Stae of Modern Copyright..

Via many people, a quote from William Patry on why he's closing his blog:

"Copyright law has abandoned its reason for being: to encourage learning and the creation of new works. Instead, its principal functions now are to preserve existing failed business models, to suppress new business models and technologies, and to obtain, if possible, enormous windfall profits from activity that not only causes no harm, but which is beneficial to copyright owners. Like Humpty Dumpty,the copyright law we used to know can never be put back together again:multilateral and trade agreements have ensured that, and quite deliberately."