disLEXia

Friday, 31. January 2003

Short notice from the latest hearing on the IP-Law reform in germany.

... and welcome to blogging land, Olaf!
16:12 | permanent link | mail this

Saturday, 25. January 2003

Fighting terrorism means banning Internet gambling? from CEI

CEI C:\SPIN

This issue - Regulation Roulette: E-commerce and Terrorism.

This week's c:\spin is by Braden Cox, Technology Counsel, Project on Technology and Innovation, CEI, January 22, 2003.

On January 7, 2003, Rep. James Leach, R.-Iowa, introduced yet another internet gambling bill, the Unlawful Internet Gambling Funding Prohibition Act (H.R. 21 surely just a coincidence to the card game 21 or Blackjack ). The bill is the same text as H.R. 556, a bill passed by voice vote in the House last Congress that failed to move in the Senate before the end of session. The bill does not prohibit internet gambling outright. Rather, it indirectly shuts down online gambling by prohibiting banks from processing bank instrument transactions that involve unlawful internet gambling web sites. Those in the technology industry should follow the movements of this bill because it attempts to regulate electronic commerce in the name of fighting terrorism.

The means by which consumers and gambling site owners interact credit card payments and wire transfers also happens to be a medium open to abuse by those with criminal intentions. If you prohibit the credit card payments, then you negate the possibility that some of these payments will go to terrorists. According to Rep. Joseph Pitt, R-Pa, it may be impossible to keep illegal gambling sites off the World Wide Web, but it is entirely possible to prevent American credit card companies from completing these transactions that these crooks need to make their money. The text of the bill states that law enforcement has identified internet gambling as a significant money laundering vulnerability (emphasis added).

The bill s line of reasoning goes something like this: internet gambling consumers pay by use of credit cards and wire transfers; credit cards and wire transfers are payment mechanisms often utilized by criminal money laundering operations; terrorists utilize money laundering schemes; therefore, some consumers of internet gambling may in fact be criminals laundering money to further terrorism. ... [Politech]
11:44 | permanent link | mail this

Thursday, 05. December 2002

Japan halts mobile porn scam

Parliament outlaws a scam in which unsuspecting callers are tricked into calling sex lines, then charged vast amounts for the call. [BBC News Online]
09:59 | permanent link | mail this

Wednesday, 04. December 2002

New law bans "wangiri" calls

TOKYO &151; The Diet enacted Wednesday a law on outlawing so-called "wangiri" mobile phone calls, or random single-ring calls by commercial businesses aimed at making profits on return calls.

In a Wednesday morning plenary session, the House of Councillors approved a bill to revise the Wire Telecommunications Law, which already passed the House of Representatives.

Under the revised law, offenders could face up to one-year prison terms or 1 million yen in fines.

The new law will take effect 20 days after the government publicly promulgates it.

The law defines an act of wangiri as "the ringing of a telephone by a commercial business operator who uses a machine that rings a phone user and then immediately hangs up without conversing."

Wangiri operators use computer programs to make a massive number of random calls in the hope of having return calls to their paid telephone services.

Often made by operators of adult services, the wangiri calls ring only once, but because the caller's number remains on the mobile phone's display, receivers often return the call.

They are then usually directed to a taped phone sex message or information on other types of adult entertainment, and those who stay on the phone are often later charged hefty fees.

The term wangiri is derived from combining the English word "one" pronounced "wan," and the Japanese word "kiri" meaning " cutting off."

Such operators inundate the switching stations of Nippon Telegraph and Telephone Corp (NTT) with calls, thus disrupting the ordinary phone services for many citizens. (Kyodo News) [Japan Today: Crime]
22:40 | permanent link | mail this

Wednesday, 27. November 2002

nadian Lawful Access Legislation

"In Canada, existing legislation covers access to telephone records, disclosure of customer information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other means compelling the release of information. However, the laws regulating access to these networks for Canadian law enforcement and national security groups are only under development. The Department of Justice has released their Lawful Access Consultation Document to get feedback from all the stakeholders including industry, civil liberties groups, and the legal community." [Slashdot]
11:48 | permanent link | mail this

Monday, 25. November 2002

DoJ moves fast to use new wiretapping powers

More information on the US DoJ's rush to use its new wiretapping powers, as granted by last week's FISA review court decision .

Justice Department officials, emboldened by last week's decision, say they are moving quickly to allow prosecutors and intelligence agents to share information routinely to avoid missteps.

"We're working very quickly, and we want to get as much help out to the field as possible," said a senior Justice Department official who spoke... [zem]
12:20 | permanent link | mail this

Thursday, 21. November 2002

Germany, Austria take stand against EU ISP data retention laws

Big Brother laws welcomed by other European govts [The Register]
16:16 | permanent link | mail this

Germany, Austria take stand against EU ISP data retention laws

Big Brother laws welcomed by other European govts [The Register]
14:20 | permanent link | mail this

Sunday, 17. November 2002

EU-Rat will Anti-Hacker-Gesetzgebung verschärfen

Geht es nach dem Willen des Rats der Europäischen Union, drohen Sicherheitsprüfern im IT-Bereich und gutwilligen Hackern bald dieselben Strafen wie Cyberterroristen. In einer Stellungnahme zum umstrittenen Rahmenbeschluss der EU-Kommission zu Angriffen auf Informationssysteme, die heise online vorliegt, plädiert die Vertretung der EU-Mitgliedstaaten in Brüssel für eine gravierende Verschärfung des Kommissionsvorschlags. Auf Druck von Ländern wie Frankreich, Portugal, Großbritannien, Griechenland und Spanien wurde aus einem der Kernparagraphen der Vorlage, dem Artikel 3, das Privileg für Security-Experten zum freien Testen von Systemen gestrichen.

Übrig blieb allein die Formulierung: "Mitgliedsstaaten sollen mit Hilfe der notwendigen Maßnahmen sicherstellen, dass der absichtliche, nicht erlaubte, ganz oder teilweise erfolgende Zugang zu Informationssystemen strafrechtlich verfolgt werden kann." Die Definition von "Informationssystem" ist dabei denkbar weit gefasst und bezieht sich auf "Computersysteme und elektronische Kommunikationsnetzwerke sowie die durch sie bereitgehaltenen, verarbeiteten, empfangenen oder übertragenen Daten." "Nicht erlaubt" wird -- kaum stärker eingrenzend -- näher erläutert als "nicht durch den Besitzer oder Rechteinhaber des Systems autorisierter Zugang". Deutschland, Österreich und Italien wandten sich zwar gegen die Neufassung, konnten sich mit ihrem Votum allerdings nicht durchsetzen.

Experten fürchten nun, dass die Sicherheit des Netzes durch die verschärfte Klausel beeinträchtigt werden könnte. So wirft das Ratspapier, das in der zweiten Novemberhälfte in Brüssel weiter verhandelt wird, etwa die Frage auf, ob das Aufdecken von Schwachstellen selbst dann strafrechtlich relevant würde, wenn Systemadministratoren keine oder nur äußerst unzureichende Schutzvorkehrungen getroffen haben. Eine klare Festlegung des Gesetzgebers erscheint hier vor allem angesichts der sich in letzter Zeit häufenden Fälle notwendig, in denen findige Nutzer mit Cracker-, Einbruchs- und Diebstahlvorwürfen konfrontiert werden. So wurde jüngst etwa der Nachrichtenagentur Reuters vorgeworfen, sich durch die Eingabe einer noch nicht verlinkten Webadresse unrechtmäßiger Weise in den Besitz börsenrelevanter Informationen gebracht zu haben. Die Online-Versicherung HUK24 rief die Polizei, als Datenschutzexperten auf ähnliche Weise einer umfangreichen, vollkommen ungesichert im Web vorgehaltenen Kundenliste auf die Spur kamen. Nun drohen paradoxerweise nicht der nachlässigen Firma, sondern den Aufdeckern der klaffenden Lücke strafrechtliche und berufliche Konsequenzen.

In seinen Vorüberlegungen zur Änderung des Rahmenbeschlusses schreibt der Rat zwar, dass eine "Überkriminalisierung vermieden" werden müsse. Kleinere Vorfälle sollten nicht tragisch genommen werden. "Autorisierte Personen wie legitime private oder geschäftliche Nutzer, Manager, Controller und Netzwerkbetreiber" sollten genauso wenig ins Visier der Ermittler geraten wie "Personen innerhalb der Firma oder Externen, denen die Erlaubnis zum Testen der Sicherheit eines Systems gegeben wurde". Doch die gute Absicht der Verfasser des Papiers wird durch die dann folgenden Artikel weitgehend ad absurdum geführt.

Lebenslange Haftstrafen, wie sie das US-Repräsentantenhaus für böswillige Angreifer in besonders schweren Fällen befürwortet, sieht der EU-Rat zwar bislang nicht vor. Auf das Eindringen in Informationssysteme sollen mit ein bis zwei Jahren Gefängnis aber dennoch recht empfindliche Bußen stehen. Zusätzlich oder alternativ sollen die Mitgliedsstaaten Geldstrafen implementieren. Auf das Cracken oder Stören von IT-Systemen im Rahmen einer kriminellen Organisation oder in Fällen, in denen ein Angriff auf kritische nationale Infrastrukturen zielte oder substanziellen ökonomischen oder physischen Schaden anrichtete, stehen laut Plan des Rats mindestens zwei bis fünf Jahre Gefängnis. EU-Ländern soll es zudem überlassen bleiben, noch schärfere Strafen zu verhängen. Als Umsetzungsfrist für die strafrechtlichen Vorgaben ist weiterhin der 31.12.2003 im Gespräch. [heise]
17:42 | permanent link | mail this

Thursday, 14. November 2002

Justice Official Deems Internet Bets Illegal

Internet gambling experts this week criticized a recent Bush administration decision that would severely limit the ability of Nevada companies to cash in on the booming Internet wagering business. Assistant Attorney General Michael Chertoff's Aug. 23 letter to Nevada Gaming Control Board Chairman Dennis Neilander ended industry hopes that the Justice Department would reverse a Clinton administration opinion that Internet casino gambling is illegal under existing federal law. [NewsFactor Cybercrime & Security]
13:01 | permanent link | mail this

NZ bill requires ISPs to wiretap their customers

The New Zealand parliament will consider a bill that makes ISPs and telephone companies legally obliged to upgrade equipment to provide wiretapping access to their networks. The government will fund some of the technology necessary for voice networks, but ISPs will be required to pay the cost of intercepting their customers' email and internet access.

The Telecommunications (Interception Capability) Bill, tabled in Parliament yesterday, will mean telephone and internet service... [zem]
13:01 | permanent link | mail this

Yahoo News

Yahoo News - U.S. telcos must offer surveillance by June -FCC.

U.S. telephone companies, including mobile phone carriers, will have to provide law enforcement officials with some new surveillance capabilities by June 30, the Federal Communications Commission said on Thursday.

Carriers will have to provide upon request from law enforcement agencies the numbers dialed after a call is connected, numbers and associated signals of various parties who join a conference call or drop from one; call forwarding and call waiting signals; and signals related to obtaining messages left for a caller.

The U.S. Court of Appeals for the District of Columbia vacated those so-called punch-list requirements in 2000 because it said the FCC failed to address adequately privacy and cost concerns raised by carriers and privacy advocates.

The FCC issued a 57-page order upholding the four challenged capabilities and found that their implementation was cost-effective and would minimize costs on residential customers.

[Privacy Digest] [EPimentel: Security - Privacy News]
12:49 | permanent link | mail this

Wednesday, 13. November 2002

Security bill fails to pass in '01

A measure to encourage companies to share security data with the government and one another didn't win passage this year, but is expected to come up for consideration again in 2002. [Computerworld]
17:32 | permanent link | mail this

Calif. law says firms must disclose only online intrusions

[Politech]
07:36 | permanent link | mail this

CA Law Demands Public Disclosure Of Break-Ins

BusinessWeek has an article about a new California law passed that requires businesses to publicly disclose information about break-ins. The only loophole is if there is an ongoing investigation and if the disclosure would harm the investigation. IMHO Big companies will have the resources to set up investigations even when they know it is unlikely to get anywhere, and business will go on as usual for them. Small businesses that don't have the resources to maintain an investigation will have their reputations ruined. Also, the article doesn't mention the contingency where a break-in occurs because of a software/hardware issue for which there is no released technical solution (i.e. anyone else who has software X would be susceptible to the same type of break-in). This is not good. [Slashdot]
00:00 | permanent link | mail this

Monday, 11. November 2002

Abzockern die Grundlage entziehen

Abzockern die Grundlage entziehen Vortag | Heute | Folgetag

Erstellt am 11.11.2002, 15:41

Empfindliche Geldbußen gegen Abzocker, die mit 0190-Rufnummern die Verbraucher täuschen, hat die Bundesregierung angekündigt.

Nach einem Bericht des Focus wolle man durch eine umfassende Reform des Gesetzes gegen den unlauteren Wettbewerb den Abzockern die Existenzgrundlage entziehen, wird Mattias Berninger, Staatssekretär im Verbraucherschutzministerium zitiert. So soll es künftig möglich sein, die unrechtmäßigen Gewinne der schwarzen Schafe abzuschöpfen. Zentraler Punkt des neuen Gesetzes soll ein ãStraf-Schadenersatz&147; sein, den Richter verhängen könne, ohne dass ein Opfer geklagt hat. Auch Verbraucherschutzverbände sollen so vor die Gerichte ziehen dürfen. [PC-Magazin]
16:34 | permanent link | mail this

Saturday, 09. November 2002

Europe bans hate-speech

The Council of Europe has adopted a measure that would criminalize Internet hate speech, including hyperlinks to pages that contain offensive content.

The provision, which was passed by the council's decision-making body (the Committee of Ministers), updates the European Convention on Cybercrime.
00:00 | permanent link | mail this

Friday, 18. October 2002

DOJ Responses to House Judiciary Committee Questions about USA PATRIOT Act

DOJ responds to House questions on PATRIOT Act.

The House Judiciary Committee has released the US Justice Department's answers to 28 of 50 questions [PDF] it posed in June 2002 regarding the implementation of the USA PATRIOT Act. Answers to some questions were classified. The ACLU has objected to the limited response and is pursuing full disclosure of relevant information under the Freedom of Information Act. [via JURIST]

I've printed this off and have started to read it. Interesting that in the little bit I've read how much of the requested information is either classified or gets a "we're not keeping statistics on this" response. As a former government employee, I found this a little odd, given that we seemed to keep statistics on everything. Maybe it's just getting used to the Act, maybe not. Anyway, good report to review if you're interested in what's happening with this Act.

[Leah's Law Library Weblog]
17:40 | permanent link | mail this

Tuesday, 15. October 2002

USA PATRIOT Act & Related Issues

The USA PATRIOT Act has been on my mind recently for a number of reasons. First, while at AALL in July, I wrote an article about the Hot Topic presentations on the Act. This article, Hot Topic Sparks Better Understanding of USA PATRIOT Act, has been published in AALL Spectrum, Vol. 7, Sept. 2002, at 16 and is finally available on the web. It's on page 12 in the online PDF version.

Second, I recently gave a presentation on the USA PATRIOT Act for a class of library science students. The PowerPoint version is here and an html version is here. I want to give credit to the ALA's Washington Office for their presentation, Libraries and the USA PATRIOT Act: Access, Openness, and Confidentiality, which I used as the basis for mine. I modified this to provide some basic legal information for the library students and to go into more detail on FISA, pen registers/trap & trace, etc. I also prepared a resource list, USA PATRIOT Act & Related Issues. Out of the 30 students, at the beginning only one acknowledged that she'd heard of the Act before. Between my presentation and the instructor, we had them fairly riled up by the end of the 2.5 hour class. They seemed to realize that librarians need to become advocates for the issues they believe in. I felt like I'd actually accomplished something.

Finally, on a somewhat related note, Bibliolatry pointed to this article today on the impact the removal of government information from the web is having on researchers. Several of the slides from the ALA (and my) presentation deal with how to determine what should be removed and who should determine it. No one has a handle on this issue, really, and it's hard to say who should. I'm just glad there are folks like OMB Watch and others who are keeping track of what's been removed.

[Leah's Law Library Weblog]
21:28 | permanent link | mail this

Friday, 04. October 2002

Rep. Boucher --finally-- introduces bill to rescind part of DMCA

Here's Boucher talking about this bill as far back as July 2001: http://www.politechbot.com/p-02308.html

I've put the text of the Boucher bill here: http://www.politechbot.com/docs/boucher.dmca.amend.100302.pdf

A similar bill, though not as widely supported, introduced by Rep. Lofgren is here: http://www.house.gov/lofgren/press/107press/021002_act.htm

News article on Lofgren bill: http://news.com.com/2100-1023-960531.html

-Declan

By Declan McCullagh, Staff Writer, CNET News.com, 3 Oct 2002

A proposal to defang a controversial copyright law became public on Thursday, after more than a year of anticipation and months of closed-door negotiations with potential supporters.

Formally titled the Digital Media Consumers' Rights Act, the new bill represents the boldest counterattack yet on recent expansions of copyright law that have been driven by entertainment industry firms worried about Internet piracy.

The bill, introduced by Reps. Rick Boucher, D-Va., and John Doolittle, R-Calif., would repeal key sections of the 1998 Digital Millennium Copyright Act (DMCA). It would also require anyone selling copy-protected CDs to include a "prominent and plainly legible" notice that the discs include anti-piracy technology that could render them unreadable on some players. [...]

http://news.com.com/2100-1023-960731.html

POLITECH -- Declan McCullagh's politics and technology mailing list. You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ [Declan McCullagh <declan@well.com> via risks-digest Volume 22, Issue 28]
16:02 | permanent link | mail this

disLEXia, a research project by Maximillian Dornseif