ByteLawyer Briefings

Odex fails action against PacNet for disclosure of identity of downloaders

2007-08-25T13:34:00.000+08:00

In what appears to be a straightforward case of licensors of Animeware - ODEX - for illegal downloading of pirated copies by thousands, Odex filed suits against all the local commercial ISPs to obtain the identities of those who downloaded the pirated Anime. Odex was able to obtain orders against Singnet and Starhub but not against Pacific Internet.

According to the Straits Times report, District Judge Ernest Lau gave a 14 page judgment explaining his grounds for his refusal to allow for the application by Odex against PacNet. Odex has in his view failed to prove its case against PacNet to the required level to prove that the ISP must be compelled to divulge the identities of the alleged wrongdoers. Judge Law likened their demand for the identities from the ISPs as an Anton Piller order. As AP orders are viewed as draconian and damaging, such ofrders should only be granted if the Plaintiff is able to prove that it has an extremely strong prima facie case. This high standard should be applied in the case of Odex case as to protect the public interest element. ISPs owe a duty to its subscribers to keep their identities confidential.

As for the Odex case itself, it was not able to prove that it was the copyright owner as it did not have the exclusive license from the copyright owners as required by the Singapore Copyright Act. As it was neither the copyright owner nor exclusive licensee, it did not have the locus standi to bring the action.

Further, the Judge also mentions that he was not satisfied with how Odex was able to arrive at it identified the alleged downloaders. As such, Odex did not fulfil its standard of proof to obtain the order.

The impact of this decision will be felt in more than IP suits against downloaders and ISPs. Other suits such as defamation, fraud or even commercial transactions will have to prove to a high standard to obtain the identities of account holders before they can commence the substantive action itself.

For more information as reported by Straits Times, CLICK HERE.

How would the Singapore regulatory framework treat Eros LLC?

2007-08-20T12:04:00.000+08:00

Day 1 of State of Play Conference.

Interestingly the latest case reported of the synthetic worlds is the case of EROS LLC suing Volkov Catteneo” who broke the sex program’s copy protection and sold unauthorized copies. So naturally Alderman (owner of ErosLLC) filed a civil lawsuit in U.S. District Court (real court not Second Life court) in Tampa, Fla., last month for the alleged copyright breach.

For me, the interesting question is not about copyrightability of the software but whether national regulatory controls over pornography would treat the Eros programme itself as prohibited material. In the Singapore Films Act, Films includes videos games. Question is - whether this is a game?

Please be aware that the YouTube video may offend as it has images of nude avatars.

State of Play Conference BEGINS

2007-08-20T10:44:00.000+08:00

Finally the long awaited conference has begun. Last night at the opening dinner for participants, meeting all the thought leaders, academics and businesses involved in the building and use of synthetic environments is exciting. There was a great presentation by IDA on the INSIGHT 2015 and how Singapore is going to adapt and capitalise the interactive digital technologies. Also there was a great prelaunch viewing of the movie "IdealWorld" that is a documentary of Second Life activities and entities there.

Check out their site here and have a look at it as a primer for the legal regulatory issues that is beginning to become the centre of focus for tech lawyers and professors.

IDEALWORLD MOVIE.

Is the next generation of portable computing already here?

2007-08-11T15:51:00.000+08:00

It has been some time since new hardware or software developments excited me to an extent where I can forsee a sea change in the way we do computing. Some time back OLED technologies promised the coming of cheap and maleable screens. A couple of weeks ago I read about 60GB solid state memory now being produced making hard disk drives for portable computers almost a silly option. Much like the robustness of memory cards, these new huge solid state memory storage would promise to make portable computers even more portable in both weight and power usage.

The most interesting software development I just discovered this week was the company called PortableApps.com. This company champions portable computing in a manner that would cause an uproar with the portable computer manufacturers if it caught on. In short, the PortableApps software run applications from the ubiquitous Thumbdrive.

It even provides for free download its PortApps Suite that has an antivirus, web browser, instant messaging, Openoffice suite, Soduku puzzle game, and email client and it all runs comfortably on a 512MB thumb drive.

Just for a moment consider if we put all these technologies together - how would it look like to you? Well, it looks to me that the future computing looks interesting again - if only the mega manufacturers knew how to keep their costs low.

What is the Second Life phenomenon?

2007-07-26T16:45:00.000+08:00

Leading up to the State of Play conference next month in Singapore, I will be putting up some useful or background posts on electronic environments. In this post, this video is a useful introduction to Second Life for new comers.

STATE OF PLAY CONFERENCE V : Building the Global Metaverse

2007-07-18T14:44:00.000+08:00

I am very proud to announce that Centre for Asia Pacific Technology Law & Policy at NTU is co-organising an international conference here in Singapore on the impact of Virtual World technologies on education, law and society. The conference is jointly organised by Harvard Law, Yale Law and Trinity and Nanyang Technological Universities.

The conference will be held at the Marina Mandarin Singapore from 19th to the 22nd August. In addition to the multidisciplinary tracks in the conference proceedings, CAPTEL will also be conducting a workshop on the last day of the conference on Virtual World's legal issues on business in particular on Asian businesses and opportunities.

Have a look at this site to register for the conference - STATE OF PLAY homepage.

Biomedical Data Protection proposed in Singapore

2007-06-15T19:58:00.000+08:00

The Singapore Bioethics Advisory Committee (BAC) is reviewing the need to protect the privacy of personal data of individuals involved in biomedical research. The key proposal is to remove or protect all the personal information that links an individual to the biomed information so that there will not be any tracing back to the individual.

It was also proposed that biomed researchers are to specifically request consent from the research participants after explaining the research project, and any possible risks. Further, the research participants should have the right to withdraw consent at any time without explanation or prejudice.

It is also incumbent on the researchers to prevent breaches of privacy by employing safeguards against loss, unauthorised access, or copying of data.

Singapore Spam Control Act 2007 passed into Law

2007-04-26T22:56:00.000+08:00

The Spam Control Act 2007, passed in Parliament on 12 April 2007, will provide the means to address the still-growing and global phenomenon. The law was developed by the Infocomm Development Authority of Singapore (IDA) and the Attorney-General’s Chambers of Singapore (AGC), with inputs from the public, people and private sectors, over the last three years.

The press report from the IDA is viewable here. The SPAM Bill itself can be downloaded here.

This piece of legislation is not without controversy and detractors. The effort to prevent or control spam has often been described as a lost cause. Its been recorded that in Singapore more than 80% of the spam received here are from overseas and as such the local legitimate businesses has registered their views that they are being targetted while the real abusers are out of reach of the new law. While there is some degree of truth in that issue, this new law has some value for the creation of a trusted infrastructure. The provisions of how acceptable commercial information emails can be sent is critical to Singapore becoming a recognised place where business communication are regulated.

Cybercrime does not pay

2007-01-09T18:17:00.000+08:00

Mr Song Yick Biau was reported by CNA as having pleaded guilty to nine charges under the Computer Misuse Act at the Singapore Subordinate Courts yesterday.

His modus operandi was to chat with the victim and send them a program which would allow him control and access to the victim's computer. He then stole the person's identity, adopted her persona and changed the password so that the person could not access her own MSN account. He successfully usd this ploy more than once. He also gained access to the accounts of three young women, aged between 18 and 21. He then threatened to post edited "naked" pictures of one of them unless she sent him photos of her breasts. The victim of this threat reported the matter to the police which resulted in the investigation and charges made.

Song pleaded guilty to nine charges under the Computer Misuse Act - each of which carries a fine of up to $50,000 and jail terms not exceeding two to 10 years. He can also be jailed up to two years on a charge of criminal intimidation. The judge will pass sentence on the charges on Monday 15th Jan 2007.

It is worth noting that the accused is an intelligent undergraduate, made the mistake of believing that such activities online will not be reported nor prosecuted. It would be very unusual if the accused will not be given a stiff custodial sentence. Update on the sentencing when it is reported.

NTU student stole MSN IDs, chatted and threatened blackmail [Channelnewsasia.com]

3 years' jail for WiFi tapping

2006-11-15T16:15:00.000+08:00

On November 10 it was reported in the local papers that a teen Mr Garyl Tan Jia Luo (17) was charged in court for having committed an offence under the Computer Misuse Act. Apparently the act that he committed was to use his notebook computer to access the WiFi network belonging to his neighbour without authority on May 13th. Under the CMA as long as there had been unauthorised access - whether there had been security firewalls or passwords being used - an offence would have been committed by the mere access of the network. Details of the case has not been published and the trial is to be heard today - 15th Nov. It would be interesting to learn whether this was a one off incident or whether Mr Tan had carried on this unauthorised access for some time.

To read about the first report - click here: Report: Singapore teen faces 3 years' jail for tapping into another's wireless Internet - iht,asia,Singapore Internet Charges - Asia - Pacific - International Herald Tribune

Singapore's push to become the secure and safe haven for E-Business

2006-06-23T14:54:00.000+08:00

Singapore will be launching its new National Cyber-threat Monitoring Centre early next year (see the report from CNA thru the link below). It will work with other similar centres all over the world to deal with the threats from viruses, hackers and terrorists in cyberspace as well as to protect the interests of businesses, individuals and the government online.

Under the masterplan, IDA is also studying the possibility of a Cybersecurity Act to protect data and privacy, and is also pushing for Anti-Spam Act (draft has been in discussion for some time - check IDA.gov.sg for more information).

This strategic move to develop such a centre as well as establishing a slew of new laws and regulation dealing with cyber threats is continuing the efforts to make Singapore as an attractive location for companies planning to move their operations and data systems into the region.

While the national cyber-threat monitoring centre will be one of the first in the region, it will be likely that our neighbours will be following suit which can only mean that it will make the region much less attractive for hackers and e-terrorists. The centre is expected to provide early warnings about impending cyberthreats as well as establish processes to mitigate such threats.

Will this centre be duplicating the CERT team that is in place? While I have no official response to that question, technically it would appear that the new centre would compliment the CERT functions. It would however make sense for the consolidation of these two entities to have both a means to monitor and respond effectively to all kinds of online threats.

Channelnewsasia.com

Australian families to get free Internet porn filters

2006-06-22T01:36:00.000+08:00

The Australian government has decided to equip Aussie families with software filters for free to deal with the flood of porn coming into the home via the home PC. The idea is to help families let their children surf the net safely and free from Porn - if it is possible.

It looks like the authorities has stepped up in their war against porn but its commonly known that filters have limited success against the ever virulent porn that seems to be able to ingeniously find new ways to insidously enter into the home PC. Nevertheless, this concerted effort will be a public step in the right direction in the global fight to keep porn away from children.

Channelnewsasia.com

Forum Operators CAN be liable afterall

2006-05-10T20:34:00.000+08:00

In many jurisdictions including Singapore there are statutory defences for forum owners/providers for action to make them liable for statements and actions made by their users on their servers. In essence the carrier defence - that they are merely telephone service providers and thus not able nor have the capacity to monitor or manage the content being published on the servers. The defence in most countries is restricted by the condition that they neverthelss are required to act when informed of the offending material. Also, forum owners are not under a duty to actively search or moderate offending material.

In an surprising result in Hamburg, judges had thrown out that view of defence available to Forum owners. According to the judge at the first instance, providing Internet forums is, a type of business operation. Accordingly, operators are considered to be able to hire staff with legal training to be able to handle such operations.

According to the district court of Hamburg - "If the number of forums and comments in them is so great that the opposing party does not have the staff or technical means to review comments before they are published, they either have to expand their in-house resources or [...] reduce the scope of their business operations."

Unfortunately the Hamburg court did not clearly state its opinion on whether every Web forum could be held liable or only restricted to the services of the press. The court did however stated that the decision also applied to companies that disseminate content via the Internet. Consequently, every Internet forum probably falls under this category because the judges did not make any further distinctions.

This case in my opinion has wide implications. However, based on the judge's view of how businesses that goes into providing forum services ought to have the sufficient manpower to manage offensive and liable content there is some fair justification for the outcome of the case. The problem I perceive is whether all countries will follow by policy - agree with the ratio decidendi. Telco and Web service providers will be up in arms to refute such developments - I am sure.

heise online - First-instance district court of Hamburg says forum operators are liable for comments

Worldwide laws still unable to contain cybercrime

2006-04-25T20:31:00.000+08:00

At this year's e-Crime Congress in London an interesting survey was carried out on the delegates. It was not surprising that 74% of the participants believe that the current state of international laws is unable to contain cybercriminals from their activites.

The three main threats being phishing, computer hacking and denial of service attacks. Of the 20 countires, 110 respondents cite the lack of global co-operation and inadequate police resources as the main reasons why internet criminals are not being prosecuted. Worse, even some 61 % seem to believe that the current legislation is unenforceable. Many believe that a stronger legislation, such as the Council of Europe’s cybercrime convention, will improve how hackers, virus writers and extortionists are prosecuted internationally.

Personally, the results of this report is unsurprising. But I think it takes far more than mere tough legislation to thwart cybercrime. It has to be a strong commitment (which means resources and capital must be put into the effort) by governments to work together to establish strong laws as well as to assist each other in cross jurisdictional investigation and prosecution. International organised cybercrime if left unchecked in the near future will make the mafia and triad organisations look like amateurs in terms of how they can affect the stability of businesses, economies and governments.

It looks like it may take yet another Sept 11th on the Internet network before the governments wake up to the call.

Worldwide laws fail to fight cyber crime - Computing

Google expected to be ordered to release search data

2006-03-15T14:13:00.001+08:00

In the continuing struggle online between privacy v. the enforcement of crime and security laws - the latest news is from NewsFactorNetwork regarding the Department of Justice proceedings to force Google to hand over search data records. It was reported that U.S. District Judge James Ware said he will order Google to turn over some of its records to DOJ officials as part of the Bush administration's effort to revive a law meant to shield children from online pornography. While Yahoo, AOL and MSN had previously complied with the request from the DOJ, Google refused to comply. The refusal amongst other reasons was due to concerns about user privacy.

This case highlights the potential problem of how large databases with collated information about user behaviour can become controversially used by both unethical advertisers as well as law enforcement - without the knowledge nor approval of the users.

Judge Will Order Google To Release Search Data on Yahoo! News

RIAA wants to ban CD ripping - trying to get the genie back in the bottle?

2006-02-20T01:03:00.000+08:00

In what appears to be a relentless effort on the part of RIAA to take the initiative to recover its perceived loss of rights as a result of the use of technologies that allows music enthusiasts to rip music off CDs and listen in MP3 format - RIAA has applied to the US government to make the claim that the act of ripping a purchased CD itself to be illegal. Their case is argued that the widespread practice of ripping CDs does not make it right nor legal.

While the law is clear that it is in the copyright owner's court, what is surprising is that it is a complete reversal of its position when RIAA in last year's MGM v Grokster case described that ripping a CD is "perfectly lawful".

Unfortunately, music enthusiasts have little to turn to for a legal defence of copyright breach as 'fair use' here is not available for the act of . If RIAA is able to convince the law makers to agree to its point of view (and the law makers must realise this as a matter of policy) what does it intend to do? Clearly it has two choices (either one or both is open to them) - to go after the people that enables users to rip CDs or go after the users who rip their CDs. Both are unsavoury outcomes for the music enthusiasts. Whatever it may be, it seems inevitable that the RIAA will become very unpopular with the public as well as tech businesses that provides the ripping software.

RIAA aims to ban CD ripping - PC Magazine

FBI 2005 Survey on Cybercrime Reflects a New Generation of Abegnales

2006-01-25T12:06:00.000+08:00

The report reads like there is a growth industry of new Frank Abegnales - the man made famous in the movie "Catch Me If You Can". The statistics garnered from 2000 surveys taken from the public and private organisations shows alarming responses.

Here are some of the findings listed on their webpage:

Frequency of attacks. Nearly nine out of 10 organizations experienced computer security incidents in a year's time; 20% of them indicated they had experienced 20 or more attacks.

Types of attacks. Viruses (83.7%) and spyware (79.5%) headed the list. More than one in five organizations said they experienced port scans and network or data sabotage.

Financial impact. Over 64% of the respondents incurred a loss. Viruses and worms cost the most, accounting for $12 million of the $32 million in total losses.

Sources of the attacks. They came from 36 different countries. The U.S. (26.1%) and China (23.9%) were the source of over half of the intrusion attempts, though masking technologies make it difficult to get an accurate reading.

Defenses. Most said they installed new security updates and software following incidents, but advanced security techniques such as biometrics (4%) and smart cards (7%) were used infrequently. In addition, 44% reported intrusions from within their own organizations, suggesting the need for strong internal controls.

Reporting. Just 9% said they reported incidents to law enforcement, believing the infractions were not illegal or that there was little law enforcement could or would do. Of those reporting, however, 91% were satisfied with law enforcement's response. And 81% said they'd report future incidents to the FBI or other law enforcement agencies. Many also said they were unaware of InfraGard, a joint FBI/private sector initiative that battles computer crimes and other threats through information sharing

FBI Cybercrime Survey 2005

Another example of convergence making DMCA outdated?

2006-01-23T16:27:00.000+08:00

A small company in Mass., US, has begun selling IPODs with movies from the DVDs purchased by their new owners uploaded. On the face of it, such sales of IPODs with copyrighted and tech protected DVD movies have breached the DMCA provisions. However interestingly the business continues to do this despite the legal risk. Apparently the owners of the business argue that the DMCA is outdated law and claim that moving the content onto the device is a one-way transfer, which since the purchaser gets both the original and the copy it is legal under their fair use provisions of their Copyright law. Will content owners sit by and less this continue? Keep a look out for updates here.

TVMyPod ventures into copyright gray area CNET News.com

NEWS: Privacy Advocates v. Pornography Prosecutors

2006-01-20T12:02:00.000+08:00

Google, Yahoo and MSN refused to assist when they were asked by Anti Porn legislator to hand over search statistics. As a result, they had been subpoenaed by the Bush Administration for the information they asked for in their effort to fight Porn online. All three search engines responded differently. The various issues raised in their defence was the protection of the privacy of its users, lack of useable specific data retained and that the information handed over did not include personal information.

As a bystander observer, is such a process of obtaining data reflective of the Bush Administration's view of its position regarding privacy protection? Unfortunately the problem with porn appears to far outweigh that concern. Hopefully, the process will in fact not result in the breach of the privacy of the users of these search engines.

TechWeb Search Engines, Free Speech Google, Yahoo, MSN Subpoenaed In Anti-Porn Effort

UPDATE: CNET NEWS.com has published some useful FAQs on the Google subpoena by the US Justice Department on its database statistics. CLICK HERE for the FAQ

Yet another pricing 'blunder' at an online store

2006-01-16T18:15:00.000+08:00

A problem that seems to be reported with some familiarity is the error in pricing on webmalls as to the pricing of their goods. The problem has been around since the boom on online commerce but despite the growth of ever more stable and reliable solutions, the pricing mistakes continue to happen to the displeasure of many customers. The latest reported here is Apple's Online Education Store that priced an Olympus camera at only 98.70 sterling pounds. The camera normally retails for 600 pounds.

In the past retailers online succeeded in avoiding concluded electronic contracts on the defence that the buyer had bought the goods in bad faith - usually shown by the purchased of dozens of the mispriced items. The problem for Apple and other retailers is - if a buyer only buys one unit of the goods - is there grounds to allege bad faith?

With the ever growing outrage of how easy retailers can renege on the agreements made online, is it an impossibility for law makers to raise the retailer's liability to strict liability for their pricing? While this is a matter of conjecture for now - consumer protection for online transactions - especially for those who legitimately bought the goods believing the price to be right as well as with good faith - should have some recourse and protection.

Furthermore, the expensive web commerce solutions are nothing like the retail shops and malls where price labels are manually stuck on the goods. The system in many of these retailers have state of the art inventory and pricing systems that work in conjunction with their payment systems. Can they really be able to claim to an honest mistake by their pricing system?

Consider the Singapore Electronic Transactions Act which provides inter alia that the transactions sytem will be deemed as an agent of the owner. Thus if an 'agent' quotes a wrong price - the principal is bound to the agent's words. Unfortunately this provision has yet to be tested in the courts. But it is clear from this provision that the legislators do not place much credence on online retailers claiming that their machines are had not been properly configured and it is designed to make them accountable.

Apple pricing 'blunder' caught on camera - WebWatch - Breaking Business and Technology News at silicon.com

NEWS: New Year starts badly for Microsoft with discovered Windows flaw

2006-01-04T13:47:00.000+08:00

CNET just reported that there is a new flaw found in the Windows Meta File which may have spawned a series of attacks last week. The primary OS vulnerable are Windows XP with Service Pack 1 and 2 and Windows Server 2003. CNET reports that it is estimated 99 percent of computers worldwide are vulnerable to attack. Some attacks on the WMF flaw has already resulted in attacks such as the Exploit-WMF Trojan. The report however did indicate that while there is a real risk, the danger of another world wide threat is small.

I would recommend to keep a finger on the windows update icon to check on the possibility of new patches as well as updating all firewall and antivirusware.

Windows flaw spawns dozens of attacks CNET News.com

Is it possible? Free AND legal music online?

2005-12-21T02:28:00.000+08:00

The Mercora IMRadio was reported here by Seattle PI - as a product review - to provide free yet legal music online. Its not a P2P and does not distribute copies of illegal music to downloaders but rather users just merely listens to the files already stored on its servers. As this is not a download, it does not technically fall foul of copyright infringement by the visitor to the site.

The question however, is does this absolve any legal liability on the part of the Mercora to stream music to listeners everywhere? While the report is silent on this point, I am of the view that who ever owns the server will face the same responsibility as any radio station. For every song played, it has to pay dues or royalty to the copyright owner. So, while it may be free for users and listeners - it's still not completely free - at least not to the owner of the server.

Product Review: Free -- and legal -- music online

Sony finally withdraws CDs with DRM from shelves

2005-11-22T02:08:00.000+08:00

Security Pipeline reports what I had predicted earlier. As an internationally renowned brand, Sony could ill afford the negative impact that was spreading like wildfire through the blogsphere. They have since realised that they made a mistake and withdrew those CDs with the DRM off the shelves.

However despite the change in their position, their troubles are not over. The company faces charges of deceptive advertising, illegal spyware distribution, and computer crimes in three lawsuits according to SecurityPipeline.

Security Pipeline | Sony Plays The Blues As Bloggers Turn Up The Volume

Even Foxtrot makes a point about SONY's DRM

2005-11-21T19:15:00.000+08:00

While its not in the usual tone of my blog to trivialise current issues, I found that this particular cartoon strip by Foxtrot's Bill Amend brought home the dangers of how an unpopular method of implementation of an idea can result in it becoming the source of ridicule to others.

(cartoon has since been removed from source by cartoon publishers)

New Trojan Released to Exploit SONY's CD Music DRM

2005-11-12T14:09:00.000+08:00

Following the previous post about Sony's new DRM, a new trojan has been reported to exploit the root kit software that the Sony's DRM technology installs when playing the music CD. The new Trojan called Stinx had been reportedly spammed to UK email addresses thereby raising the risk of computers there being compromised.

Apparently spokepersons for Sony claims that the risk is very low right now - as the CD has to be purchased in the US with the DRM technology built into the CDs there. Nonetheless, it is curious that has been openly admitted that their DRM does open the PCs of users to criminal hackers. I think Sony will be relooking carefully their strategy on the use of this version of DRM.

Silicon.com - New Trojan exploits Sony DRM anti-piracy tool

Sony's DRM - potential offences under the Computer Misuse Act?

2005-11-09T11:56:00.000+08:00

An interesting development was reported by CNET today (do visit the link below). Sony was reportedly using a a copy protection technology that installs a DRM technology onto user's PCs. Apparently the mere listening of the CD music on the PC will launch the installation of the DRM software onto the PC without the permission of the owner.

It is reported that the software installs itself as a "root kit", which is a set of tools commonly used to make certain files and processes undetectable. Apparently root kits are considered by many as Trojan Horses. It was also reported that a Mr Mark Russinovich, who created a root-kit detection utility attempted to remove the DRM drivers discovered that the process actually broke his computer by disabling his CD drive.

Does two wrongs make a right? While it is wrong to rip music off a CD, the DRM technology which uses black hat technologies to covertly enter and install itself onto PCs makes out potential offences under the Singapore Computer Misuse Act (as well as the UK equivalent).

What about those who listen to the music on their PCs without ripping the CD? Their case against Sony is even morally stronger (I will post later what are the potential offences Sony faces under the CMA).

Interestingly as well, the fact that it damages the PC on removal - could also give rise to a separate civil cause of action for damage to property. I think if Sony does not rework their DRM software to only install on ripping process as well as provide effective and safe uninstall options, someone may eventually take out a private criminal prosecution as well as civil action for the damage to their PCs for this DRM technology.
DRM this, Sony! - CNET.com

SPLOGS - Are "spam blogs" illegal?

2005-10-27T00:48:00.000+08:00

SPLOGS or fake blogs are created by spammers to increase the search engine rankings of their web sites used to sell their wares. Technorati reported that over recent weeks there were 805,000 new weblogs created out of which 39,000 are new fake and/or spam weblogs.

Splogs have apparently caused losses for the blog service providers as well as search engines. With search engines registering useless results providing links to spam sites - causing a general perception of unreliability. But while spam regulation is being developed globally, this new direction taken by spammers appear to be a clever way of getting the attention of the public without being liable to any known law. However, as with spam, splogs are costing innocent businesses a fair amount of resource.

Will splogs ever be featured in the regulation against spam? Or should the solution be a technical one - to prevent the automatic creation of new blogs mechanically by software. All this somehow sounds very familiar.

WSJ.com - 'Splogs' Roil Web, and Some Blame Google

What are the Legal & Policy Challenges in the use of Biometrics?

2005-10-19T17:12:00.000+08:00

CNET reported that UK's National Identity Card system that incorporates Biometric technology will in fact turn out to be a probably security risk did not come as a surprise to many in the tech security industry. The UK system works on centralised database system and the dangers are well spelt out in the CNET Report found here. [print version] Microsoft exec: ID cards pose security risk | CNET News.com

However, its worthwhile considering the question posed in the header here. The answer, in my opinion is in two basic parts. The first relates to the regulation of the collection and protection of biometrics data. Second, the interaction of evidence law and biometrics.

Securing Biometric Data:
Biometric data is usually stored either on the token smart card or on centralized database systems. Unfortunately, a critical risk of centralized biometrics database system is the opportunity it provides to hackers and errant employees to exploit it.

Further, there is a real risk that once the biometric data of a subject is compromised (whether distributed or centralized), he or she will be permanently excluded from using the system unless new biometric data is scanned and stored – presuming those data have not already been compromised. It is critical to remember that each individual has a limited amount of biometric information. Hence, once the security of the biometric database has been breached, it cannot be cured by changing the authentication parameters (i.e. it is not possible to change the ‘password’) because the biometric identifiers by their nature are unique to the individual.

Further it is also important to realize that the compromise of one biometrics database security system will impact other third party biometric systems because all biometrics based systems essentially share a common biometric data (i.e. the same fingerprint or iris scan).

Accordingly, there is a need for some form of regulation to protect the manner of collection, storage and use of biometric data – possibly similar to the European Union Data Protection Directive - if biometrics is to take root in Singapore as a commonly utilized form of authentication. What
exactly then is envisioned by such regulation? Hopefully it would be able to mirror the provisions of the European directive and have the force of law as well as forceful sanctions for breach to prevent private organizations and private individuals from misusing the biometric data.

Biometrics use under the Law
As for the second issue, a central concern of biometrics is that of reliability. It must be understood that biometrics is not a panacea to problems of identification and verification as its reliability varies depending on the technologies used and the chosen calibration of the false rejection rate. The calibration allows for the statistical rate for scans to be accepted or rejected. Hence the process is clearly one determined by probability and not certainty.

It must also be noted that biometric information carries with it the risk of being tampered with or falsified. As such, everyone in the legal profession as well as in law enforcement must understand that biometrics does not create a fail safe environment vis-à-vis proof and that like all authentication system, its security and accuracy is only as good as its weakest link (whether systemic or user).

In conclusion, contrary to popular belief, biometrics should not be used as a replacement for passwords and that it is ideally used as an enhancement only (i.e. as the second of a two factor authentication process) or as the username function.

Will jail time end racist blogging?

2005-10-09T00:32:00.000+08:00

Associated Press reported that on Friday Oct 7th the Singapore courts sentenced the two Singapore bloggers for their racist remarks on their blogs as well as their posts on forums. Mr Koh was sentenced to a month jail time while Mr Lim was to spend a day's jail and fined $5000.

It’s important to note that both of them could have been sentenced to a maximum of 3 years. The AP reported the comments made by the Senior District Judge which lays the grounds why he sentenced both bloggers as he did.

To many observers round the world, the sentence may appear harsh especially from the view of liberal societies. This is especially so when the technology that allows users to universally blog freely appear now to be hampened by national laws.

Unfortunately for many users of the technology, it is easy to be deluded into the belief that cyberspace is the place to simply rant and vent all of one's personal irritations frustrations and bias - without any likelihood of recriminations. After all, they see it easily done by other users in blogsphere. The problem is while the blogsphere is one universal space where most believe that the free speech there is unregulated, the reality is that each individual is regulated and conversely protected by the laws of his or her domicile.

We may be the free citizens of the internet in theory but in reality, we are still very much the citizens of the country that issued our passports. And in the context of Singapore, while we are still undergoing the slow process of development and integration of social freedoms, we have to remember that we are located physically in a region where religious tolerance is absolutely key - something that the blogsphere does not concern itself about, the boundaries of national countries.

I suspect that very soon the educational institutions in Singapore will review their curriculum on the basis of our national harmony – racial tolerance by understanding the differences of our races and religion. Also, to learn that free speech while universally desired, it is not without any regulations or limitation when it harms individuals or classes of people. While this case may result in a reality check for many bloggers, I am not optimistic that it will stop completely how Singaporeans will blog with regards to sensitive issues.

Nevertheless, I hope to see a national effort put into place to educate children about the dangers of racist or defamatory speech. I think only then there may be real possibility of having the Singapore netizens use their combined energy to stop racist speech or other similar misconduct online.

Singapore Jails Bloggers for Racist Speech on Yahoo! News

Defamation liability issues on student blogs (I)

2005-09-27T13:21:00.000+08:00

Reported today in the papers as well as Reuters (linked here) that schools are coming down on students for posting defamatory remarks about their teachers, coaches and principals. It is reported as well that the age range of these offenders span from secondary school to junior college (13-18 year olds). Most of the offending remarks were found not at forums but in blogs and surprisingly, not a one off occurrence.

I have two issues to comment on this series of news reports about such a growing problem with student blogs.

First - are these student venting evidence of a bigger issue about general student angst regarding their schooling environment? Here are some questions I feel needs to be asked.

Are these cases the proverbial tip of the iceberg and those caught are merely those who have been not eloquent enough to post their thoughts in a more cohesive and considered manner?

Are those who had made careful and balanced record on their blogs of what has been happening in school have been overlooked by the news media and authorities?

OR are these cases evidence of how the youth of today taken their online freedom by the throat to a level where they feel that as students, they immune to being prosecuted for their misdemeanours online? Have their education failed them in some way to allow them to believe that they have a right to do or say what ever comes to mind regardless of what or whose rights they breach?

I have no answers to these questions - to which I must openly admit that I am no expert on nor have any empirical evidence to give any answer. However, I certainly hope that these questions will be raised before the authorities before the growing school violence amongst young children, the hate speech against teachers and schools and racist hate speech becomes more than mere online behavioural research topics.

The second issue I would like to raise is legal in implication. Should schools merely punish the students by demanding the removal of the offending posts or should schools and teachers take legal action by taking the children to court for having published seriously defamatory remarks affecting the good name and reputation of school staff? More on this on my next post.

Yahoo- Singapore schools punish cheeky student bloggers

Is Google Print the beginning of the Copyright Revolution?

2005-09-25T02:16:00.000+08:00

About a year ago, I had shared my thoughts with a group of diverse professionals at the poolside of the conference hotel, my wild crystal ball predictions I had about the future of copyright.

Ever since I begun my research of tech law, copyright has been challenged from all angles. It’s obvious even to a layman that of all the laws dealing with property, the one that has the most difficulty being kept as protectable property is Copyright.

I used a dramatic description - the French Revolution - for what I see may happen to copyright. As in the French Revolution where the common people rose up against the rich and royalty - the content poor of today could rise up against the content rich. Not just because they are content rich but because they had exploited the content poor for too long.

Content owners will continue to push the boundaries of their claimed rights and Prof Lawrence Lessig has an anecdote to illustrate (taken from his blog):

"Property law since time immemorial had held that your land reached from the ground to the heavens. Then airplanes were invented — a technology oblivious to this ancient law. A couple of farmers sued to enforce their ancient rights — insisting airplanes can’t fly over land without their permission. And thus the Supreme Court had to decide whether this ancient law — much older than the law of copyright — should prevail over this new technology. The Supreme Court’s answer was perfectly clear: Absolutely not. “Common sense revolts at the idea,” Justice Douglas wrote. And with that sentence, hundreds of years of property law was gone, and the world was a much wealthier place."

So, it would appear that Copyright needs to be adapted to the challenges of modern technology or face being made irrelevant or worse, a revolution from the content poor.

Has the content poor of the world today reached that point for a cyber revolution of the law of copyright? Well, some of today's events seem to point that way. For example, the growing number of users downloading MP3 music despite the retaliation by content owners in the US prosecuting hundreds from a cross section of society. This is being replicated all over the world. Oddly enough, despite the widespread knowledge that downloading copyrighted music, millions continue to do it regardless.

Now with the giant Google is challenging book authors and publishers’ rights of copyright by digitising books found in several university libraries (see previous post here), is this the beginning of the cyber copyright revolution or the adaptation of it to new technology?

Watch this space for updates on the Google Print suit.

Googled Books II - Writers Guild to Sue Google

2005-09-22T19:35:00.000+08:00

Techweb reports that several writers have commenced a class action suit against Google for Copyright breach of their works. Their main complaint is that Google has failed to obtain their permission for the the digitising of their books. The basis of the action is that Google is intending to digitally copy copyrighted works for commercial purposes without permission or license from the legal owners of the works.

Apparently the Google project is to digitise books from the libraries of Harvard, Stanford, the University of Michigan, the University of Oxford and the New York Public Library. According to Google the project will ultimately provide a searchable catalog of all books in all languages. In its own defence, Google is making the argument that their project is for the greater good. Also, they claim that any copyright owner can request to have their books excluded from the digitising project. The law however enshrine the rule that copyright owners have he right to make copies and anyone making copies must acquire permission from the owners first.

According to Techweb, Google however is not without a defence. In the US, there was a case in 2003 - Kelly vs. Arriba Soft Corp., where it was held that displaying thumbnail images of a protected is not a breach but fair use. Similarly that case can substantiate Google's claim that only selective pages of digitised books will be made available online for users to view and read.

In my view, Kelly v Arriba does not provide Google with a rock solid defence. In that case, the defendant created thumbnails and retained only thumbnails - a minature of the originals and they do not have the full detail of the original. As long as they do not retain nor use the full version of the images, they did not commit any breach. Google however, intends to digitise complete books and retain copies of these books in its database. It is inconsequential that only a few pages is made available online to the public. The fact that they physically copy whole books and digitise them is a clear breach of the rights accorded to copyright owners.

Having said that, it would be wonderful to see very rare works made available for the world to see, read and enjoy. This is yet another case of how new technologies challenges the rights accorded by old laws that needs structural change to balance the needs of authors and creators and public interest.

TechWeb News Writers Guild Confident In Suing Google

Is technology making us smarter or dumber?

2005-09-22T16:12:00.000+08:00

In a series of very interesting articles, CNET reports on how technology has affected the human brain and its development in comparison to our ancestors. The age old question answered by scientists and experts conclude that the brain today is highly adaptive and is measurably able to do higher level cognitive processes than those just a generation ago – apparently just because of the internet.

Also, the use of calculators and the internet has radically changed our notion of what is intelligence to function in the world we live in despite a concern that these technologies itself do make us wonder if we have grown less capable to calculate and remember facts.

I am not so sure whether I agree with the experts. For instance, just ponder for a little the implications of this bizarre and telling quote from CNET:

"It's true we don't remember anything anymore, but we don't need to."

This is according to Hawkins, the co-founder of Palm Computing and author of a book called "On Intelligence."

Intelligence in the Internet age CNET News.com
From ape to 'Homo digitas'? CNET News.com
Are we getting smarter or dumber? CNET News.com

Googled Books I: Will Google be to books as Napster was to music?

2005-09-20T21:04:00.000+08:00

Google is currently developing an ambitious new service to provide users access to its growing digital library of books. See Google's Books in Print Search

Google is also reportedly going to scan all kinds of books to make both copyrighted as well as public domain books available online. For many supporters of the project, Google's new Digital Books Library will be a boon for out of print and rare books.

However, many authors and publishers are very concerned that the new service will mean the loss of revenue as well the beginning of the end of printed books. See IT AsiaOne - Google to Put Copyright Laws to the Test

Will this development become a new Copyright threat to books as Napster was to music? Unlikely. Napster was a peer to peer solution that allowed uncontrolled copying and distribution of copyrighted music. Google Print is a search engine that will help users locate books, quotations and reference material to information inside books and much of the material though digitised will not be readily available for the public to download.

So, fortunately for the publishing industry Google is planning to only make selective pages downloadable and freely available for books that are protected by Copyright. This would as they hope - be in compliance with the Fair Use provisions of the US Copyright Law. The problem is, new technology threats to old ways of creating revenue - no matter how small or unlikely - is invariably seen by content owners and developers as serious threat until proven otherwise.

For those books where protection has since lapsed, whole books will be made both searchable and downloadable. For these books even publishers now will be hard put to squeeze a margin of profit by reprints.

Why Singaporean Youths Are Not Afraid of Anti-Piracy Laws

2005-09-20T00:20:00.000+08:00

Last month there was an arrest of three men in Singapore for illegally downloading copyrighted music. A recent survey taken in Singapore along the busy Orchard Road reflected the youth's belief that they will not be caught because of their naive belief that the probability of being caught is too small to be concern about it - and because 'everybody is doing it'. This is despite the many prosecutions all over the world including Singapore. Youths use Kazaa, BitTorrent and Baidu to get their pirated music. Surprisingly, some believe these technologies allow them to remain anonymous and free from prosecution.

So is their lack of concern for the Anti Piracy law grounded in reality? While it is true that the copyrighted owners will not be likely to prosecute all the offenders of MP3 downloads, betting on the belief that they will not be caught is too much a gamble to expect that someone else instead will be caught.

I personally think that it is of a grave concern - that for some reason, the youth in Singapore appears that they believe that can do whatever they wish online regardless of the law. Just consider the general response to the survey reported here and the growing problem of open racism online.

Somehow, for a reputedly highly IT skilled community and society, its quite hard to fathom how many actually believe that somehow - they can never be caught. Go figure.

IT AsiaOne - News - Who's afraid of anti-piracy laws?

NEWS - Microsoft Word Hidden Data Security Flaw Uncovered

2005-09-19T00:36:00.000+08:00

CNET reports that a software builder reported the danger of hidden data lurking in word documents that can cause embarrassment or loss. See the report here: Software maker exposes hidden data | CNET News.com

The problem is the hidden metadata in documents. Apparently there are 25 types of hidden metadata that can found in Microsoft documents. The risk escalates when the documents get passed around, the bigger the risk becomes."

A very public case was when British Prime Minister Tony Blair was embarrassed last year, when documents meant to bolster his cause for intervention in Iraq contained metadata with information that contradicted the official position. This year is there was yet another case where the British government was again embarassed by a letter from Home Secretary Charles Clarke. see Word blunder exposes U.K. split on terrorism | CNET News.com

Unfortunately, the solution appears to establish proper document management policies with the knowledge of these software flaws and the need to employ third party solutions - until Microsoft resolves the flaw.

NEWS - What? Yet another IE flaw?

2005-09-19T00:13:00.000+08:00

Windows XP Service Pack 2 was meant to reduce user's security risk. It did address many of the immediate threats of that day but not much longer. CNET yesterday reported that a newly discovered flaw in IE could enable a remote attack on systems running Windows XP with Service Pack 2. I would advise all readers to vigilantly keep checking their Windows Update as well as updating antivirus and antispyware. Lets all hope that MS will spare no effort in resolving security issues for WinXP users while they are working on the release of their new Windows Vista.

IE flaw puts Windows XP SP2 at risk | CNET News.com

Online Sedition III: Singapore's PM Lee emphasises zero tolerance for racism AND Sedition Act to be strengthened

2005-09-18T01:18:00.000+08:00

The PM's comments just reported hours ago on Channelnewsasia clarified that the three charged for sedition was intended to reflect the government's position on racist language here in Singapore. I am gratified to read as well that CNA reported that the PM also feels as I do that it is necessary to teach the young here about the importance of multi-racialism.

Further, CNA also reports that the Government intends to review the Sedition Act to determine whether it needs to be strengthened or updated to deal with the modern electronic communication technologies as well as updating the sanctions

PM Lee says racist remarks will not be tolerated in multi-racial SingaporeChannelnewsasia.com

Government reviewing Sedition Act to deter racial, religious hatred incitement Channelnewsasia.com

Online Sedition II: New Accused Charged

2005-09-17T23:10:00.000+08:00

When I predicted that the recent arrest and charge of two men in Singapore for sedition would be the start of the regulators expecting for a more balanced and composed speech online I had not expected that the next arrest would only be within days (see "COMMENT: Is Free Speech Online Become Too Costly for Society?").

The latest arrest is of a 17 year old who posted racist remarks on his blog. It is noteworthy that the ages of these three range from 17 to 27. This generation never saw the race riots in the early post war years. Unfortunately for them, they never experience the pain of intolerance. In the past few years the goodwill of tolerance and racial harmony built over the past few decades seemed to have been swept away by a new generation of bigots and chauvinists. Or are they?

I suspect that while some are – most are angst ridden and a frustrated lot. Hopefully the authorities in their sincere efforts to keep racial harmony, they will realise that racism is a symptom of greater problems. They need to deal with the illness and not the symptom of the illness. It is commonly known that racism begins when people are beset with failures and frustrations.

Also, there needs to be an establishment of a strong educational programme of about the benefits and needs of racial tolerance. Most critically, the new generation needs to know that free speech is not the right to say anything one likes without concern or care. It is about the right to speak without fear. However, the right to free speech is tempered by each individual’s legal rights as well.

Third person charged with sedition for racist remarks on blog site :Channelnewsasia.com

NEWS - Spam Control Bill Revisited now includes Mobile Spams

2005-09-14T11:17:00.000+08:00

InforComm Development Authority (IDA) and the Attorney General's Chambers just released a white paper seeking public views on inclusion of Mobile Spams under the proposed Spam Control Bill. The Bill was first made public in 2004 May and has until now been in the shadows from the public. With the second round announcement it appears that the authorities have firmed their resolve to somehow regulate the ever growing problem of unwanted electronic spam being received by the public.

The bill also seeks the extension of the right to bring civil action against spammers by network providers to include parties and individuals that had suffered loss as a result of spam. The condition placed for the excercise of such rights is actual proof of loss. There is also the statutory damages provision where the court may award up to S$25 per spam (maximum up to S$1 million in total).

Public responses are being solicited and submission will be closed on 14th October 2005.

IDA & AGC Seek Second Round Views on Proposed Spam Control Bill for Singapore

COMMENT: Is Free Speech Online Become Too Costly for Society?

2005-09-14T01:08:00.000+08:00

Contrary to how the rest of the world perceives Singaporeans today - conservative, straight laced, reserved and repressed - one need only to visit the Channelnewsasia forum pages (http://info.channelnewsasia.com/bb/index.php) to see how some Singaporeans exercise their rights of speech online.

So when today's Straits Times and Channelnewsasia.com reported that two men had been charged under the Sedition Act for having posted racist remarks on an online forum as well as a blog. It came as a surprise but not totally unpredicted. Channelnewsasia reported that there are already many racist blogs by Singaporeans. Will the arrest and charge bring about a chilling effect on these blogs and forums? Channelnewsasia.com reported that several prominent bloggers expects that it will.

With this case - and possibly others that follow - Singaporeans will learn that free speech is not a right to racist, sexist or defamatory speech. While being online creates an impression of anonymity, that perception is only an illusion. Unfortunately for these two bloggers, the absence of pervious efforts by the authorities to prosecute may have been mistaken as a hands-off policy for online speech.

Is this a mere one off case or the beginning of a more active and vigilant prosecution of online misdemeanours? What is the public opinion on this? Will bloggers be more circumspect with their postings?

While these questions will ultimately be answered in time, the immediate and positive outcome of these cases is that Singaporean bloggers and forumers will learn to be more circumspect of the rights of others.

Two bloggers charged under Sedition Act over racist remarks-Channelnewsasia.com

COMMENT: Another Outsourcing Risk - Data Theft

2005-09-11T15:35:00.000+08:00

Cnet reported a case in India where a call centre worker was caught copying personal information about its customers onto a compact disc. The employer had British and American clients from various industries. The stolen data has been alleged to be made available for a price.

With businesses all around the world looking to reduce their cost of operations, outsourcing has become an effective means to lower cost. India has been an established call centre for all kinds of industries. Unfortunately, with the loss of private data through theft by employees of these outsourcing companies, businesses stand to loose in the long term. How such risk can be avoided or managed is critical for the outsourcing market in India. Until that trust can be restored, businesses must be looking at how such risk can damage its business.
Indian call center worker arrested CNET News.com
Indian call center under suspicion CNET News.com

NEWS: 3 Arrested in Singapore for Sharing over 20,000 files

2005-08-19T14:55:00.000+08:00

Under the Amended Copyright Act, 3 youths aged between 16-22 was arrested for having allegedly illegally shared 20,000 copyrighted files. It was reported that these consisted of music and movie files. All three are facing the possibility of 5 years jail time and fines up to S$100,000.

This move by the Recording Industry Association of Singapore can be interpreted as the start of serious enforcement efforts by them against recalcitrant offenders.

Singapore Cracks down on Music File Sharing Offenders

NEWS: Spear Phishing - a new tool for scammers and eTerrorists?

2005-08-19T14:40:00.000+08:00

The Washington Post reports that a new method has been devised by fraudsters to gain sensitive information. Akin to a form of phishing, the target are usually employees and the perpetrator pose as senior execs who would use their false status to gain access to sensitive data. It appears that this new method is much more organised and aimed at specific organisations and tailored to that business. In companies with staff of thousands, the probability of an employee letting the fake senior exec access is not negligible.

Such illegal access method can easily be used by terroists desiring to access valueable or sensitive data. It appears that now more than ever the need to have verified emails or the adoption of digital signatures within organisations.

Online scammers pose as execs in 'spear-phishing'

NEWS: Spammer beaten to death: justice or overkill?

2005-07-27T23:27:00.000+08:00

When I read this report about how a Russian spammer was killed at home, I wondered whether the authorities had got it wrong to have suppected that the motive was related to his spamming. Nevertheless, in the scheme of things I believe many round the world harbour the desire to end the existence of spammers. This however still shocking that someone would actually act it out. Can spam really cause someone to premeditate a murder? Maybe this murder will make spammers think twice.

Russian spammer beaten to death - silicon.com

COMMENT: Terrorist War about to be Virtual?

2005-07-26T22:36:00.000+08:00

CNET reports that the UK police is asking for special powers to carry out cyber attacks on terrorist website. While no details had been released, it was suggested that denial of service attack would be carried out. This new power is fraught with dangerous possibilities. Just as the Brazilian bystander who was innocently shot to death, innocent websites overseas could become targets under this new powers. Worse still, as the report quoted a former policeman who posed the issue of what if the target is a government website overseas? Is this a declaration of an online war?

For me, what is obvious must be the logical conundrum that while cyberattacking a site by hackers (e.g. by Denial of Service Attacks) is clearly a crime - how could the law enforcement agencies be able to use the same method and conduct themselves in the same manner - but yet be legitimate?

I guess the best analogy is that criminals cannot use firearms to hurt or kill but the police can do so to prevent further harm and danger to the public even if it means killing the criminal. However, how many innocent websites will become a victim like the Brazilian in London before a true blue terrorist site is brought down?

U.K. cops want to attack terrorism Web sites CNET News.com

COMMENT: Have we become too e-connected?

2005-07-26T22:03:00.000+08:00

For the past three years since I started carrying the TREO Smartphone, many of my friends and colleagues asked and were bemused that despite the capability to access my email with it, I refuse to do so. Originally it was the cost of having to pay for the downloading of the emails through the carrier's network but soon I discovered, why should I pay for communications that should be dealt with in the office? I have seen many of my friends who started carrying their blackberries driven to near distraction every minute as a result of incoming emails. Conversations became more of a chore and effort. Then when emails became as ubiquitous as the phone in the workplace, finding time to actually get the work has become a challenge.

When I read the linked report, I just had to repeat the quote in bold here "The typical office worker is interrupted every three minutes by a phone call, e-mail, instant message or other distraction. The problem is that it takes about eight uninterrupted minutes for our brains to get into a really creative state."

I have been a strong advocate of structuring emails to be accessed twice a day. At the start of the work day and at the return from lunch. Each for 30 mins or maximum of 45 to get the urgent matters away and to structure two days (Wednesday and Saturday) as days to clear up all emails that had been held up.

The problem I see socially however, is that there appears to be a unspoken expectation (albeit unjustified) that emails are meant to be replied within the hour or the very least the same day. How this came about is still a mystery but I have always set my emails to be replied at least a day or two after to prevent that expectation from becoming the norm for me.

Hopefully, with this report about over distracted workers and overworked workers, there would be new technologies to help us sort out what needs to be done urgently and what to be set aside. But most importantly, we all need to culturally be realistic in our expectations on how quick others to reply if we are to slow down ourselves.

Lets try to unplug ourselves a little more everyday - get more work done - and take some time to breath...

ZDNet: Driven to distraction by technology

MasterCard says security breach exposed 40 million to fraud - It's time to make gatekeepers liable for failure to keep a secure system?

2005-06-21T01:48:00.000+08:00

It was reported today that as a result of a security breach at a processor used by MasterCard International - more than 40 million customemay be exposed to fraud.

Identity theft is a major problem for both individuals and institutions and has to be carefully prevented. But with this recent and largest security breacy of customer data of Mastercard accounts, the negative impact can affect many millions. The breach of security was discovered at Mastercard's Arizona-based CardSystems Solutions, a third-party processor of payment card data used by MasterCard. Mastercard reported that the breach was the work of an "unauthorised individual" that unlawfully entered the network. No other details was released. Mastercard also reported that they are now undertaking action to prevent further such breaches. In the same report by Channelnewsasia, there had been several banks and financial institutions that had been victims of attack that resulted in the loss of sensitive customer data.

Unfortunately the development of new security technologies will almost never keep up or keep out the criminals who are adept at using technology to break into the information vaults of financial institutions. The law in itself - while can be draconian even to cyber criminals do not in themselves protect the individual or provide any recourse whose information is lost.

This status begs these questions - where will the future of online commerce be in a few years if no one is made liable for the loss of sensitive information? Should personal banking information lost to hackers be grounds for customer to take action? If so, what would be the right measure of loss? Any jurisdiction with a reputable banking industry must have some form of banking secrecy provisions regarding customer data. The loss of such information has consequences. Consequently, when hackers who successfully steal information (supposedly well protected) from banks - should the banks be held liable?

To make the situation more tenous - will the banks honestly report that their systems had been compromised? Unlikely. The security breach here was reported by Mastercard of their own breach. I am sceptical that any bank would do the same. Should banks be compelled to disclose? What would be the impact be for the bank, industry, economy or nation?

While these questions appear to be far fetched, I suspect its very near the horizon that governments and banks need to address these issues. Technology in itself is not a solution of the security risk. Redistribution of risk and liability is the question. I will be looking forward to see how creative we can be in resolving this growing mess.

MasterCard says security breach exposed 40 million to fraud - Report from Channelnewsasia.com

NEWS: Federal Operation D-Elite stop StarWars III downloads

2005-05-27T22:34:00.000+08:00

At the FBI's website, a detailed press release was published by the Department of Justice confirming the shutdown of the EliteTorrent site as part of their efforts to clamp down on P2P copyright infringements. It did confirm that the Revenge of the Sith was indeed downloaded about 10,000 times.
See - First Criminal Enforcement Against BitTorrent Network Users

COMMENT: Be careful with websites using email addresses as UserID

2005-05-27T17:29:00.001+08:00

According to a new report, fraudsters have develop a string of new ways to obtain information about new targets. In essence they conduct Registration Attacks where the spammers and phishers automatically run thousands of e-mail addresses through the Web site's new registration process. As some sites return messages dialogue when an e-mail address is registered with the site the attackers then is notified that the address represents a registered customer. Similarly, a similar manner can be used to test a website's Password Reminder page. By testing thousands of email addresses, the fraudster will effective succeed to locate a few members registered with the email when a message "password sent" is flashed.

From there, the fraudster then begin their targetted Phishing spam attacks. For more information about these new methods of developing a Phishing database, read the report by bluesecurity located here: Hostile Consumer Profiling

NEWS: StarWar III Revenge of the Sith's Revenge on BitTorrent hub (Part 2)

2005-05-27T17:02:00.000+08:00

This is the website of EliteTorrent after being shutdown by the FBI for releasing copies of the movie StarWarsIII Revenge of the Sith. To see an enlarged version, click on the picture.

NEWS: StarWar III Revenge of the Sith's Revenge on BitTorrent hub

2005-05-27T16:49:00.000+08:00

The FBI in response to the the very public and embarrasing report of pirated copies of the film being released to the public - served search warrants on Elite Torrent website. That site has since been shut down. For more information, read the report via the link below.
Feds shut down BitTorrent hub CNET News.com
.

NEWS: StarWarsIII Revenge of the Sith - downloaded 16,000 times before launch

2005-05-23T01:57:00.000+08:00

CNET reported on 19th May that 16,000 people had already downloaded the movie through BitTorrent. What was truly surprising was that the print was leaked before the film was even released in theaters. In addition to the early leak, the unlicensed movie was time-stamped, suggesting it may have come from within the industry rather than from someone who videotaped an advance screening.

This begs the question the wisdom of the Motion Picture Association of America which spends its time and money prosecuting students and downloaders (see posts here several months ago) when it could have been better spent in also investing in better security over its prints.

In any case, this case would debunk the myth that Asia is the main problem for owners of electronic media entertainment. While there is indeed rife piracy, much of the problem that the MPAA has is very much homegrown.

See CNET - Final 'Star Wars' film leaked to the Internet

Netscape releases browser with antiphishing technology

2005-05-23T01:25:00.000+08:00

Following the thread of the previous post, CNET reports that Netscape has released a new version 8 of their browser that has the capability to stop users from visiting reported phish sites. Using Firefox technology, Netscape's effort to deal with the immediate and growing problem of phish sites is a refreshing and welcome change in the browser war. Users who wish to download the programme can do so here.

Screen Capture of Paypal Phish

2005-05-19T18:34:00.000+08:00

Following on from the previous post, I visited the phish site to see how the .CN site looked like. I attach below the screen capture of the page. Click on it and you will see a larger copy to see the URL.

Notice that the URL is clearly a China domain. Normally this will be hidden. The URL was clipped from the html email and pasted on the browser. Cleverly the Phishers also used Javascripts on all the links to prevent further copying of links.

How to catch a Phish: Case Study of an attempt from China on Paypal accounts

2005-05-19T17:35:00.000+08:00

I received this email today in my Outlook inbox. Have a look and see how cleverly it is crafted to compel recipients to click on the url.

========================================
From: PayPal [mailto:paypal@email.paypal.com]
Sent: Thursday, May 19, 2005 5:20 AM
To: Tan Soo Kiat, Harry (Assoc Prof)
Subject: You've Added an Additional Email Address !

You have added DTT_Data@earth-online.com as a new email address for your PayPal account.

If you did not authorize this change or if you need assistance with your account, please contact PayPal customer service at:https://www.paypal.com/row/wf/f=ap_login

Thank you for using PayPal!
The PayPal Team

------------------------
PROTECT YOUR PASSWORD
NEVER give your password to anyone and ONLY log in athttps://www.paypal.com/ Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typingin the PayPal URL every time you log in to your account.
------------------------
Please do not reply to this e-mail. Mail sent to this address cannot beanswered. For assistance, log in to your PayPal account and choose the"Help" link in the header of any page. PayPal Email ID PP107
========================================

The Phishers here managed to spoof the sender's address and in this case, Paypal - and hide the real URL link which actually links to a identical Paypal page located in China. The actual address under the Paypal link is http://mail.postmail.com.cn/dmcfg/login-data/update/secure-server/SSL/encrypted/1/index.htm

[I suggest that viewers NOT to visit the link as there may be spyware downloaded on visiting that link. I hope to screen capture the phish page for viewers to see how it looks like later]

Note how they even assuringly included a paragraph on "Protect your password"!

I strongly advise that when ever one receives email that pertains to financial accounts they should ALWAYS:
(1) Download the email as html file; and
(2) Open the file with NOTEPAD to determine the veracity of the URLs in the email as being bona fide.
(3) IF in doubt - always login directly into your account via your brower to check any changes AND email the contact to confirm the communication. It will always be helpful for you to notify the organisation of the attempted phish.

Lets all work to keep the phishes out of our cyberstream. ;-)

Singapore Parliament discuss the Net Paedophile Threat

2005-05-18T02:09:00.000+08:00

It was reported in the Singapore Straits Times on Tuesday 17th May (page 3) that the Minister for Information, Communications and the Arts, Lee Boon Yang informed parliament that in 2004, there had been eight reported cases of internet related sex cases involving victims under 16 years of age. Such statistics are disturbing as one can only guess how many offences go unreported. Nevertheless, it is most heartening that even though this problem is a difficult issue to manage properly, members of parliament nevertheless were compelled to raise their concerns publicly about how such dangerous threats should be dealt with. Parliament was assured that the laws will be enforced strictly as well as training programmes for children to deal with such threats online. Newly minted teachers will be trained to become online mentors for teenagers. It was also reported that the Ministry will also consider monitoring chatlines and other media and work with the police in prosecuting these offenders.

While such efforts cannot deter a determined paedophile (and not a solution that will sit well with everyone – especially privacy advocates) it will – as I had submitted earlier here in previous posts – cause them to think twice before they commit any sexual crimes. They will never know if the table has been turned on them in a sting by the authorities.

Worrying trend of Singapore paedophiles using ICT to find victims

2005-04-29T00:15:00.000+08:00

In today's Straits Times (29th April 2005) there was three separate articles about internet related sex offences. The first, on the front page of ST was the shameful arrest of a 31 year old Singaporean teacher in Bangkok, Mr Darwis Rianto Lim who was reportedly caught by the Thai CID after a tip off by US and Australian Interpol investigators. Apparently Bangkok Post was quoted to have said that the Interpol officers were monitoring Lim in his efforts to purchase sex with Thai boys. (see Bangkok Post - Paedophile suspect held)

The second report was how Muhammad Khair Kamarudin, a 23 year old man who used net chat to befriend a 14 year old girl and ends his relationship after having sex with her (thus committing statutory rape). He was arrested (28 June 2004) and after trial was sentenced to 8 months in jail (which means he was probably just released from Custody). Its important to note that he would not have been caught if the 14 year old had not reported to her teacher.

The third report - an article by reporter Vivi Zainol who did a investigatory piece by actually visiting the IRC Chat site used by Kamarudin. She reports that she got a sex proposal within 10 minutes on being at that site. What is truly troubling is that she describes herself as a 15 year old girl and she gets proposed by these predators without hesitation despite it is common knowledge that such activity is illegal.

Admittedly, the use of the Internet for entrapping youths for sex is not a new phenomenon. I was just not prepared to learn that it happens here in Singapore with such overt brashness and disregard for the law.

I am piqued by how technically able the Interpol officers had been to 'observe' Mr Lim's online activities from afar. While I am glad for their alertness and capability to help stop men like Mr Lim but I cannot help but wonder if Interpol has become the proverbial unseen 'big brother'. I am however more concerned about local authorities apparent lack of obvious policing of the IRC chat site that Kamarudin used. I may be wrong here and the local authorities, like Interpol, is keeping a close eye on these chat sites and are in fact laying the trap to catch the paedophile offenders. I hope this is so.

Nevertheless, I feel that the law enforcement agencies need to take a more proactive role in policing chat sites to protect the public and especially the young children who do not know better and easily become victims. While it is impossible to stop all the potential crime that can occur on these chat sites, visible policing (much like the bobby on horseback in hydepark) can deter these predators. Indeed, the young needs to be educated about the dangers but often that is not enough. These chat sites are like the proverbial darkened street corners. They need to be lit up and properly patrolled so that the ordinary man woman or child can walk in it safely without having been tricked into becoming a victim.

Stem Cell Research: The Chimera Dilemma and its challenge to Ethics

2005-04-27T16:09:00.000+08:00

Maybe it's cynicism from aging but I have observed that with each ground breaking invention or discovery, we keep making the same mistakes. Lack of proper control, governance, regulation or ethical rules of practice have resulted in many of today's technologies becoming dangerous tools instead of benefiting mankind as a whole. Fundamentally, many of today's creative research and output is directed at making positive changes to the world around mankind.

Stem cell research at its most utopian is for preserving the quality of life. The problem lies in the actual practice of how such research is being conducted, how it affects our world around us, the risks that it brings weighed against its benefits. Private enterprise and Governments in favour of stem cell research will have us believe the benefits far outweigh the dangers.

I however propose caution - not because I feel that there is no grounds in the arguments raised by Stem cell research proponents but because we need to take the lessons learnt from past scientific research that turned to everyday life products and services.

Nuclear waste, global warming and antibiotic resistant strains of bacteria to name a few of the painful lessons of uncontrolled or poor long term management of technologies. Its not the research that is faulted but by the way the research is being exploited and abused.

In truth, there are two levels of ethics that need to be addressed. The ethics of the research process and the ethics of the exploitation of the research. New effort should be directed at addressing not only in developing ethically proper research process but how exploitation of new research can be managed safely. Maybe its time that the authorities need to consider getting business ethics and biotech ethics experts together.

Oddly enough, ethics is not a new discipline. Yet, it is absent from many if not all research programmes until recent history. For the nurturing of ethical professionals and researchers, it must pervade our pores to be effective. It is not like a body of rules that can be learnt at law school. Getting an A grade is no guarantee that the man will be an ethical professional. Setting up a body of rules is merely developing standards and cannot be the end of the ethical treatment of the subject matter. At the very least, it is a start in the right direction.

The greatest ethical challenge in biotech right now is the new set of ethical problems raised by creating organisms composed of cells from two different species, and in this case animals that include human cells. Should we be concerned about research involving such animals - which are called chimeras - that have been seeded with human cells? (see definition of Chimera)

The report linked below is about a group of scientist drafting rules on ethics of stem cell research. They are to lauded for their efforts to address such Chimera research. Their suggested rules indeed warrant serious consideration by watchdogs bodies.

My hope - albeit doubtful - is to see such efforts to:
(1) develop strong ethical standards and rules established everywhere to prevent the possibility of dangerous and often unknown outcomes;
(2) establish strong ethics in university undergraduate and graduate research programmes; and
(3) integrate ethics of both the process of stem cell research AND the exploitation of such research.

Unfortunately, my doubt is fueled by the demands of society for profits and returns on investment. So, will we always continue making the same mistakes - abusing the technologies we have, or will we make good?

The New York Times > Health > Group of Scientists Drafts Rules on Ethics for Stem Cell Research

Credit Card Data theft online still high

2005-04-18T13:45:00.000+08:00

Despite the progress of better security technologies, better educated banking customers as to online banking risk management techniques, password management etc, CNET reported that HSBC will be notifying 180k of its customers about the problem. Some MasterCard holders exposed to data theft CNET News.com

This follows a report where Lexis also had its databases compromised. LexisNexis break-in spurs more calls for reform - CNET News.com

These events will continue to plague online banks and their ongoing efforts to secure banking and their efforts to secure market share.

Where then is consumer online banking heading in the face of such threats? My suggestion is the creation of an association of international online banks to look at creating strong technical standards as well as to formalise rules on how banks can assist each other together with local enforcement agencies in cross jurisdictional apprehension and prosecution of hackers. I believe that this added function to the international proposals for cybercrime development will make prosecution possible as banks will have the funds and deep pockets to hire all the necessary people and equipment to locate the criminals who are usually located in another jurisdiction.

Property deals via email - does it make sense?

2005-04-10T21:54:00.000+08:00

Its been a while since 1998 when the Electronic Transactions Act was passed by Singapore's Parliament. I always expected that the ETA will change how business will be done but I had not expected that it would take so long and played so little in actual cases.

The Straits Times reported on 2nd April and again on 10th April of the High Court decision of a dispute arising between two parties that negotiated a property agreement via email. Unforunately, the case was only reported in ST which has since became paid access online only (hence no link nor details available here). Anyway, ST reported the judge had decided that email can now be used to record property transactions. (NOTE: I will revisit this case when I get a chance to read the case report when it comes out)

My immediate reaction to the case was - was it the right decision for the economy and business?

While I agree that it is unavoidable that the future is in electronic communications technology like email (and other similar types including SMS), this case may end up being turned over on appeal if the lawyers woke up and realised that in the ETA section 4 provided that provisions of the electronic contracts and electronic signatures and records will not apply to property transactions. This section does not specifically say that one cannot make a property contract via email/electronically BUT rather that such agreements cannot rely on the ETA to enforce the transaction. What was the intent of parliament here? (I will leave this discussion until another case tests it again.)

I wonder though whether it is the right decision considering why common law required writing for property transactions. Fraud is always a concern and the bare technology of email is awfully risky. Its even implied that SMS may even be recognised for property deals.

So, I wonder will this case be tested? Yes and I am quite sure very soon. I think the situation needs to be rescued. A more balanced situation would be for Parliament to review the provisions and allow property transactions only via secured electronic transactions. (secured = with the use of digital signature or secured electronic signature).

The immediate impact of this case is that property transactions costs will now go up as property businesses are reacting to the new law and in all probability use security ware to prevent fraud.

Hackers Spoofing Microsoft Update Patch - due out Tuesday...

2005-04-09T13:38:00.000+08:00

When attackers are able to preempt the release of an OS Patch and use their 'warning' notices to dupe users to download their 'patch' which is in truth their trojan - you just have to admire how ingeniously devious they are.

I hope the Longhorn boys figured out a way to let us have an OS that could at the very least be patched safely.

(visit links: Fake Microsoft security updates circulate - CNET News.com; Hackers Spoof Microsoft Patch Alert Again - TechWeb)

The Digital Millennium Copyright Act: Worst US Tech Legislation in History?

2005-04-09T12:21:00.000+08:00

The DMCA has been the bugbear of many IP academics since its inception. When I was at UC Berkeley's Boalt Hall Law School back in 1999, Prof Pam Samuelson candidly explained the folly of protecting technologies that protected copyright works. It became clear for me that the DMCA - that it is a piece of law that has the interest of content owner's close to its heart, and that it effectively reduced the public's rights under copyright law.

While I support lawful protection of content owners of IP, such one sided legal development was clearly going to cause huge legal battles. Charles Cooper in his column reported a string of high profile cases from 2001 to 2003 where the DMCA was in issue. It is unfortunate for the owners of IP to find themselves being desperate in the face of digital replicating technologies. I can understand the motivations for having the DMCA but that does not mean that the DMCA is the right way to go. The law of copyright has to change in a balanced way. Copyright owners must realise that the future is not locking up the content. They must realise that they just can't keep it locked for long. Having the DMCA to support locking technologies will stop individuals breaking these locks. Remember DeCSS (that broke DVD protection)? Look at the cases reported by Cooper in CNET. Enough said.

Copyright is in real trouble this decade. Will it ever be developed even handedly? Looks like in the immediate future that would be a unlikely prediction - with the extension of copyright by another 20 years. Conversely, more individuals are working at breaking the protection technologies.

Ironically, while the DMCA is being attacked locally its provisions are insidiously spreading everywhere. In its defence, its basis for the spread is in the WTO agreements but now its one of the fundamental conditions of US entering into Free Trade Agreements. I hope to see these provisions challenged in the same way in the other jurisdictions. Unfortunately, I think that will highly unlikely. So, US's "Worst Tech Legislation" will live to see another day.

(visit link: Rethinking the DMCA Perspectives CNET News.com)

Yahoo! releases beta version of search engine for Creative Commons standard

2005-04-08T00:56:00.000+08:00

(visit link: Yahoo! Search - Web Search)

Yahoo has just launched a new engine that lets people search content that allows users limited reused. Such limited rights provided by the copyright owners agree to the standards developed by Stanford University's Creative Commons project - a nonprofit group that specializes in copyright issues formed under the leadership of Prof Larry Lessig. This new Yahoo engine now enables users to search for reuseable material under two categories: for commercial reuse or to modify, adapt, or build upon. Such reuse is unavailable to conventional copyrighted material. This laudable effort is indeed counterculture in the current climate of businesses searching for business value in their intellectual property.

To have the Creative Commons project as well as the Yahoo! dedicated search engine for CC compliant material - its a godsend for the educational industry. I hope that this is merely the first drops of water before the flood of creative output being produced for public consumption and creative reuse.

Ideas needs other ideas to flourish. If the law - in the name of encouraging and protecting creative output - in effect stymies learning, exchange and creative development, then it is time for the law to be changed. Sooner the better. Development of Intellectual Property law must be carried out in balance of the interests of everyone. It really should not be left only to the IP owners.

Education & Technology: Duke issues Free IPODs to students

2005-04-07T11:59:00.000+08:00

(Visit link: Duke puts restrictions on free iPod program CNET News.com)

Duke University made a most innovative move to push its educational environment ahead of the pack. To create the "digital student," they introduce high-tech perks such as campuswide wireless Internet access (which is NOT new), subsidized legal music download services (which is gutsy and highly valued by the youths) and free iPods. Are the iPODs used as a carrot to draw students? Or is it meant to be used as a learning tool? Cleverly, Duke offers classes that used the iPod - such as music and language classes are among the most frequent educational uses for the devices. Possibly these could also be used to download audio lectures.

Universities all round the world are already hard pressed to manage the bandwidth problems caused by music downloads. The additional woes of illegal or pirated music is a separate and real legal issue as well. Hence Duke's programme is seen by many as innovative but risky without any clear guarantee of positive outcomes.

The question is - did the decision makers thought through the potential danger of being perceived as encouraging copyright breaching activities? Even though the legal risk is somewhat remote, it is indeed quite laudable that the University is willing to follow through in the name of creating a true digital educational environment.

In any case, I wonder whether any university is working with a smartphone company to work out a similar programme to integrate a large digital storage facility on their Windows/Palm/Symbian smartphone so as to have the connectivity of wifi, gprs as well as large storage for digital data of music, movies, AV presentations etc. That would most certainly push the envelope of the "digital student" - at the very least increase the student applications for admissions. :-)

New Trojan attacks Symbian Smartphones

2005-04-07T10:40:00.000+08:00

(visit link: Trojan Destroys Mobile Phone Data, Forces Owners To Reformat - TechWeb News )

Symbian enabled mobile phones are under threat. The PDA/MobilePhone's operating system has been targeted by trojan writers. It appears to be the most damaging yet for any smartphone system as it reputedly destroys data and requires owners to reformat. It was a matter of time but it's rather surprising that Symbian and not the more popular MS or Palm platforms that is being targetted. The Mabir trojan infect the phones via IRC or P2P file-sharing to a PC, then install that malicious file on the phone. The good news is that the infection cannot happen with the mere use of the smartphone. When the phone gets plugged into an infected PC, the problem arise. With this trojan it appears only a matter of time before the other platforms are targetted.

Instant Messaging now under serious threat from Worms

2005-04-07T10:30:00.000+08:00

(Visit link: IM And P2P Malware Threats Nearly Triple - TechWeb News )

Instant Messaging has been to me for some years now - to be a solution looking for a problem. When Email technologies was first released, it was hailed as the next greatest business tool for communication. While it is now truly mainstream (in fact no self respecting businessman can afford to do business without one), there are always new technologies coming into play. SMS (then MMS) and Instant Messaging jumped to the forefront as even faster and more real time means to communicate. While IM is still a poor means to communicate with the public, businesses are using it more for internal communications (I am still unconvinced that it actually makes personnel more efficient or productive - the realspace Telephone works a whole lot better in my opinion).

With the growth of use of IM (and P2P) there is the consequential growth of IM worms and viruses. Apparently here it is reported that 270% jump has occurred. Does this mean that IM is here to stay or become mainstay (pursuant to my theory of how technology becomes mainstream when they become target or used for criminal purposes)? Unfortunately security threats continue to grow despite multilevel efforts to curb the problems.

Are Bloggers diarists or journalists?

2005-04-07T03:00:00.000+08:00

(visit link: The Future of Blogging CNET News.com)

Blogging has become almost mainstream only within the past three years. Since its conception there has been variations of blogs but at its core, it is essentially an open electronic diary for users to share their views. Critics condemned blogging as a mindless, time wasting process of posting thoughts that few take time to read. There is some degree of truth in that view but the blogs that edify, inspire and work far outweigh the value of all the other blogs put together. Many of the effective blogs are treated by bloggers as a means to report new happening in their vicinity. But if they do this, does that make them journalists under the law?

In the CNET report, there is this case where the courts are being asked to decide whether bloggers deserve the legal protection afforded to journalists in the US. While such rights do not exist elsewhere, it would be interesting to see whether bloggers will gain or lose the first case that will determine the right to say what they want to online. And that would include reporting of things they see and hear.

2005-04-07T02:22:00.000+08:00

Welcome to ByteLawyer's redesigned blogsite.
This new site will henceforth replace the old ByteLawBlog. While this blog will host all the new postings, the ByteLawBlog will continue to exist for those interested to read them. I hope that with blogger, my blogging will be more consistent and current. Do write me and provide me with your feedback. Thank you.

technorati ping

2005-04-01T19:03:00.000+08:00

Technorati Profile