Canada: Internet Users Have “No Reasonable Expectation of Privacy”
In a very interesting case reported out of the Ontario Superior Court, a judge has ruled that there is “no reasonable expectation of privacy” in subscriber information kept by ISP’s.
Furthermore, this case presents a potential privacy nightmare where Canadian police may be able to utilize IP addresses to find out the names on-line users without any need for a search warrant. (Apparently, the judge also accepted the arguments of the prosecuting attorney that the IP information is similar to a simple phone book!)
According to the National Post (Canada):
A police officer in St. Thomas faxed a letter to Bell Canada in 2007 seeking subscriber information for an IP address of an Internet user allegedly accessing child pornography. The court heard that it was a “standard letter” that had been previously drafted by Bell and the officer “filled in the blanks” with a request that stated it was part of a child sexual exploitation investigation.
Bell provided the information without asking for a search warrant. The name of the subscriber was the wife of the man who was eventually charged with “possession of child pornography” and “making available child pornography.”
I have not read the full ruling yet, but expect to to become available via Canada’s excellent case law database CANLII.
Presently, Canada does have the Personal Information Protection Electronics Documents Act (PIPEDA) which does allow ISP’s to surrender records to police, as long as they have “lawful authority.” But the case seems to turn on the definition of “lawful authority.” According to several articles, the judge interpreted the phrase as the act of turning over the records to the “lawful authority” (a police officer) and therefore does not require a proper warrant.
One wrinkle in this equation is that most ISPs in Canada require search warrants to turn over subscriber information unless it is a child pornography investigation. What is not clear is that the difference in warrant requirements between “possession of child pornography” and “making available child pornography.”
E-Privacy Law in Economic Stimulus Bill
When they say there is something for everyone in the current economic stimulus bill, they weren’t kidding. Inside this mostly economic bill (American Recovery and Reinvestment Act of 2009) is a entire section dedicated to promoting various aspects of health-care information.
Approximately $19 billion total: $2 billion in grants to create a national system of computerized health records and $17 billion in higher Medicare and Medicaid reimbursements for doctors and hospitals to adopt the technology.
The bill also would tighten restrictions on the sale of medical data and require patients be told when their records are disclosed. There are several other provisions (grants for using health-information technology, more in Medicaid and Medicare payments, penalties, etc.) but most of the privacy language can be found in Sec. 13400 et. seq. of the bill. THOMAS, the Library of Congress’ legislative information portal, has the entire bill, reports, and summaries.
New IP Bill Signed into Law
On Monday, President Bush signed into law [press release] a bill that will provide for additional intellectual property (IP) rights enforcement resources and stronger penalties for violators of those rights. The “Prioritizing Resources and Organization for Intellectual Property Act of 2008″ [full text] allows treble damages to be awarded against counterfeiters of protected goods, strengthens criminal laws relating to IP infringement, and allows the government broad authority to seize any materials or goods relating to infringement investigations.
It also creates a position for an Intellectual Property Enforcement Coordinator, a presidential appointee who would coordinate IP investigations among government agencies (dubbed the “IP Czar”). The Recording Industry Association of America, in an obvious PR move, had strongly supported the bill, saying that it will help protect the interest of copyright holders. On the other side, the public advocacy group Public Knowledge has criticized the bill, saying that it will exacerbate problems with existing U.S. IP laws which put too many restrictions on the use of what should be public information. Reuters has more.While the majority of our reading in class covers the U.S., it is important to note that other countries are also increasing efforts to expand the scope of protected intellectual property. Canada for example,
introduced new federal copyright legislation [full text] in July, designed to strengthen penalties against infringement.
In February, the International Intellectual Property Alliance(IIPA), released a report [full text] asserting that China, Russia and Canada are the main violators of U.S. copyright law.
Palin’s Hacker Tracked via Proxy Server Logs
FBI agents used proxy server logs to track down the hacker who broke into Sarah Palin’s Yahoo e-mail account. The hacker gained access to the Republican Vice Presidential candidate’s account by re-setting her password. He then foolishly posted details of his adventures up on an on-line forum. That information is now leading reporters and federal investigators to the suspect – 20-year-old David Kernell, Tennessee university college student, and son of state democratic representative Mike Kernell, who goes by the ‘net name “Rubico.”
He forced a password reset by answering questions about Palin’s birthday, zip code and where she met her spouse, Wasilla High School. Of course, by being the Republican candidate for Vice President, this information is all very easily found on the Internet. Rubico used a proxy server that shields the source IP address from website logging scripts. But aren’t proxy servers supposed to anonymize your information? Yes and no. To prevent abuse of the service – such as the occasional bomb threat or other illegal act that’s been known to happen - the admin of the proxy server logged each user’s IP address, along with the time and web destination.
CNET reports that the FBI searched Kernell’s apartment over the weekend, and local media reports suggest that three of his roommates could testify before a grand jury in connection to the case this week.
New Lawsuit: U.S. Warrantless Surveillance Program
On the heels of 2006’s lawsuit against AT&T, the Electronic Frontier Foundation (EFF) on Thursday filed a class action lawsuit [Full text complaint] seeking injunctive, declaratory and equitable relief from the National Security Agency(NSA) warrantless surveillance program. EFF is arguing against the NSA’s unprecedented access to over 300 terabytes of data concerning communication sent and received by AT&T customers.
The suit names the defendants as the U.S. government, the NSA, President George W. Bush, Vice President Dick Cheney, and several other officials. EFF alleges violations of the First and Fourth Amendments, the Foreign Intelligence Surveillance Act(FISA) and other federal electronic surveillance law. The complaint also argues that the surveillance program violated the Federal Administrative Procedure Actbecause it exceeded Congressionally-mandated limitations established by FISA, and alleges that it violates the Constitutional separation of powers principle “because it was authorized by the Executive in excess of the Executive’s authority under Article II of the United States Constitution … and exceeds the statutory limits imposed on the Executive by Congress.”
The NY Times has excellent coverage.
Comcast to Appeal Web Blocking Decision
Comcast is appealing an FCC ruling that the company is improperly blocking customers’ Web traffic, triggering a legal battle that could determine the extent of the government’s authority to regulate the Internet. The Comcast case arose from complaints by users of file-sharing software often used to download large data files.
In a precedent-setting move, a divided FCC last month determined that the company is violating a federal policy that guarantees unfettered access to the Internet.
The FCC noted Comcast’s network management practices were “discriminatory and arbitrary” and that the company’s practices “contravene industry standards and have significantly impeded Internet users’ ability to use applications and access content of their choice.” Full text here.
Interestingly, the FCC opinion also expressed the FCC’s desire to be “the” administrative agency involved with Internet regulation. Their opinion utilizes the FCC’s New Principles Preserve and Promote the Open and Interconnected Nature of Public Internet, which Comcast has stated is merely a policy, not an enforceable law. (Full text Appeal here)
This action is the first test of the FCC’s network neutrality principles, which may mean that there is no need for Network Neutrality legislation in the future, although both Presidential candidates currently have positions on the issue.
Rights Holders Must Consider Fair Use for DMCA Takedown
The “good faith belief” standard for issuing a DMCA takedown notice requires copyright holders to consider whether the use of a copyrighted work falls within fair use exceptions to the Copyright Act (Lenz v. Universal Music Corp., N.D. Cal., No. 07-3783).
In a matter of first impression, Judge Jeremy Fogel held that, though an extensive investigation is not required, a copyright holder must have a subjective belief that a use of a copyrighted work is infringing and does not fall within fair use exceptions in order to issue a DMCA takedown notice in good faith. He also stated that “Though Congress did not expressly mention the fair use doctrine in the DMCA, the Copyright Act provides explicitly that ‘the fair use of a copyrighted work… is not an infringement of copyright[,]‘ ” at 17 U.S.C. § 107. The plaintiff, Stephanie Lenz, videotaped her young children dancing in her family’s kitchen. The song “Let’s Go Crazy” by the artist known as Prince played in the background. The video is twenty-nine seconds in length.
The record company failed to consider fair use, and issued a takedown notice solely to appease an artist whose song played in the background of a video clip uploaded to YouTube. These allegations were sufficient to state a DMCA misrepresentation claim against the label, the court held.
MA Court blocks MIT students from showing MBTA hack
A U.S federal judge in Massachusetts has ordered three MIT students to cancel a presentation for Sunday (8/11) at the infamous Defcon hackers’ conference in Las Vegas. The students planned to show security flaws in the automated fare system used by Boston’s very own Massachusetts Bay Transit Authority (MBTA) subway system (called the Charlie Card). The MBTA sued the students and MIT in United States District Court in Massachusetts on Friday, claiming that the students violated the Computer Fraud and Abuse Act (CFAA) by delivering information to conference attendees that could be used to defraud the MBTA of transit fares. (We will talk about the CFAA more in class)
The temporary restraining order (full text pdf), issued by a Massachusetts U.Sdistrict court judge prevented the college students from demonstrating how to use the vulnerabilities to get free rides.
Federal Bill to Create IP Czar
Sens. Patrick J. Leahy (D-Vt.) and Arlen Specter (R-Pa.) introduced the Enforcement of Intellectual Property Rights Act of 2008 on July 24th. The bill, S. 3325, is the Senate counterpart to the Pro-IP Act, H.R. 4279, which passed the House in May. Like the IP enforcement provisions in the Trade Enforcement Act of 2008 (H.R. 6530) introduced a week earlier by Rep. Charles B. Rangel (D-N.Y.), the Leahy-Specter bill seeks to bolster anti-piracy enforcement tools at the executive-branch level.
The law would allow the DOJ to bring civil actions for copyright infringement, and create a new “advice-and-consent” level intellectual property coordinator within the executive branch. This position has been dubbed the “IP Czar” by the media.
While IP Czar is a nice title, the position would actually be titled “Intellectual Property Enforcement Coordinator.” This person would require Senate confirmation and serve in the executive office of the president to coordinate inter-agency enforcement of intellectual property rights.
Also the bill would delete the registration requirement for a copyrighted work before a criminal infringement suit could be brought.
The bill will be referred to the Senate Judiciary Committee. Congress expects final legislation will be presented to the president by the end of the year.
Some advocates are worried. Gigi B. Sohn, president of the citizens’ advocacy group Public Knowledge, criticized the bill’s enhanced executive-branch enforcement authority. In a published statement, Sohn claimed that the bill “would turn the Justice Department into an arm of the legal departments of the entertainment companies by authorizing the DOJ to file civil lawsuits for infringement, forcing taxpayers to foot the bill.”
UK Parents may be Punished for Childrens’ Piracy
The UK government recently announced a deal with ISP’s that would punish parents whose children download music and films illegally. The parents will be blacklisted and have their Internet access curbed. Initially parents would have a warning period, under a rule similar to a measure under consideration in France (”three strikes and you’re out”). However, parents that ignore warnings would be subjected to on-line surveillance and their Internet speeds will be purposely reduced. More available here. Also, the Guardian reports that this move is related to an overall goal of decreasing illegal file-sharing of music and films in the UK by up to 80% over the next three years.
Will ASCAP and RIAA try to broker a similar deal in the US?
-
Flickr Photos
More Photos -
Cyberlaw101 RSS Feed
