ByteLawyer Briefings

Odex fails action against PacNet for disclosure of identity of downloaders

2007-08-25T13:34:00.000+08:00

In what appears to be a straightforward case of licensors of Animeware - ODEX - for illegal downloading of pirated copies by thousands, Odex filed suits against all the local commercial ISPs to obtain the identities of those who downloaded the pirated Anime. Odex was able to obtain orders against Singnet and Starhub but not against Pacific Internet.

According to the Straits Times report, District Judge Ernest Lau gave a 14 page judgment explaining his grounds for his refusal to allow for the application by Odex against PacNet. Odex has in his view failed to prove its case against PacNet to the required level to prove that the ISP must be compelled to divulge the identities of the alleged wrongdoers. Judge Law likened their demand for the identities from the ISPs as an Anton Piller order. As AP orders are viewed as draconian and damaging, such ofrders should only be granted if the Plaintiff is able to prove that it has an extremely strong prima facie case. This high standard should be applied in the case of Odex case as to protect the public interest element. ISPs owe a duty to its subscribers to keep their identities confidential.

As for the Odex case itself, it was not able to prove that it was the copyright owner as it did not have the exclusive license from the copyright owners as required by the Singapore Copyright Act. As it was neither the copyright owner nor exclusive licensee, it did not have the locus standi to bring the action.

Further, the Judge also mentions that he was not satisfied with how Odex was able to arrive at it identified the alleged downloaders. As such, Odex did not fulfil its standard of proof to obtain the order.

The impact of this decision will be felt in more than IP suits against downloaders and ISPs. Other suits such as defamation, fraud or even commercial transactions will have to prove to a high standard to obtain the identities of account holders before they can commence the substantive action itself.

For more information as reported by Straits Times, CLICK HERE.

How would the Singapore regulatory framework treat Eros LLC?

2007-08-20T12:04:00.000+08:00

Day 1 of State of Play Conference.

Interestingly the latest case reported of the synthetic worlds is the case of EROS LLC suing Volkov Catteneo” who broke the sex program’s copy protection and sold unauthorized copies. So naturally Alderman (owner of ErosLLC) filed a civil lawsuit in U.S. District Court (real court not Second Life court) in Tampa, Fla., last month for the alleged copyright breach.

For me, the interesting question is not about copyrightability of the software but whether national regulatory controls over pornography would treat the Eros programme itself as prohibited material. In the Singapore Films Act, Films includes videos games. Question is - whether this is a game?

Please be aware that the YouTube video may offend as it has images of nude avatars.

State of Play Conference BEGINS

2007-08-20T10:44:00.000+08:00

Finally the long awaited conference has begun. Last night at the opening dinner for participants, meeting all the thought leaders, academics and businesses involved in the building and use of synthetic environments is exciting. There was a great presentation by IDA on the INSIGHT 2015 and how Singapore is going to adapt and capitalise the interactive digital technologies. Also there was a great prelaunch viewing of the movie "IdealWorld" that is a documentary of Second Life activities and entities there.

Check out their site here and have a look at it as a primer for the legal regulatory issues that is beginning to become the centre of focus for tech lawyers and professors.

IDEALWORLD MOVIE.

Is the next generation of portable computing already here?

2007-08-11T15:51:00.000+08:00

It has been some time since new hardware or software developments excited me to an extent where I can forsee a sea change in the way we do computing. Some time back OLED technologies promised the coming of cheap and maleable screens. A couple of weeks ago I read about 60GB solid state memory now being produced making hard disk drives for portable computers almost a silly option. Much like the robustness of memory cards, these new huge solid state memory storage would promise to make portable computers even more portable in both weight and power usage.

The most interesting software development I just discovered this week was the company called PortableApps.com. This company champions portable computing in a manner that would cause an uproar with the portable computer manufacturers if it caught on. In short, the PortableApps software run applications from the ubiquitous Thumbdrive.

It even provides for free download its PortApps Suite that has an antivirus, web browser, instant messaging, Openoffice suite, Soduku puzzle game, and email client and it all runs comfortably on a 512MB thumb drive.

Just for a moment consider if we put all these technologies together - how would it look like to you? Well, it looks to me that the future computing looks interesting again - if only the mega manufacturers knew how to keep their costs low.

What is the Second Life phenomenon?

2007-07-26T16:45:00.000+08:00

Leading up to the State of Play conference next month in Singapore, I will be putting up some useful or background posts on electronic environments. In this post, this video is a useful introduction to Second Life for new comers.

STATE OF PLAY CONFERENCE V : Building the Global Metaverse

2007-07-18T14:44:00.000+08:00

I am very proud to announce that Centre for Asia Pacific Technology Law & Policy at NTU is co-organising an international conference here in Singapore on the impact of Virtual World technologies on education, law and society. The conference is jointly organised by Harvard Law, Yale Law and Trinity and Nanyang Technological Universities.

The conference will be held at the Marina Mandarin Singapore from 19th to the 22nd August. In addition to the multidisciplinary tracks in the conference proceedings, CAPTEL will also be conducting a workshop on the last day of the conference on Virtual World's legal issues on business in particular on Asian businesses and opportunities.

Have a look at this site to register for the conference - STATE OF PLAY homepage.

Biomedical Data Protection proposed in Singapore

2007-06-15T19:58:00.000+08:00

The Singapore Bioethics Advisory Committee (BAC) is reviewing the need to protect the privacy of personal data of individuals involved in biomedical research. The key proposal is to remove or protect all the personal information that links an individual to the biomed information so that there will not be any tracing back to the individual.

It was also proposed that biomed researchers are to specifically request consent from the research participants after explaining the research project, and any possible risks. Further, the research participants should have the right to withdraw consent at any time without explanation or prejudice.

It is also incumbent on the researchers to prevent breaches of privacy by employing safeguards against loss, unauthorised access, or copying of data.

Singapore Spam Control Act 2007 passed into Law

2007-04-26T22:56:00.000+08:00

The Spam Control Act 2007, passed in Parliament on 12 April 2007, will provide the means to address the still-growing and global phenomenon. The law was developed by the Infocomm Development Authority of Singapore (IDA) and the Attorney-General’s Chambers of Singapore (AGC), with inputs from the public, people and private sectors, over the last three years.

The press report from the IDA is viewable here. The SPAM Bill itself can be downloaded here.

This piece of legislation is not without controversy and detractors. The effort to prevent or control spam has often been described as a lost cause. Its been recorded that in Singapore more than 80% of the spam received here are from overseas and as such the local legitimate businesses has registered their views that they are being targetted while the real abusers are out of reach of the new law. While there is some degree of truth in that issue, this new law has some value for the creation of a trusted infrastructure. The provisions of how acceptable commercial information emails can be sent is critical to Singapore becoming a recognised place where business communication are regulated.

Cybercrime does not pay

2007-01-09T18:17:00.000+08:00

Mr Song Yick Biau was reported by CNA as having pleaded guilty to nine charges under the Computer Misuse Act at the Singapore Subordinate Courts yesterday.

His modus operandi was to chat with the victim and send them a program which would allow him control and access to the victim's computer. He then stole the person's identity, adopted her persona and changed the password so that the person could not access her own MSN account. He successfully usd this ploy more than once. He also gained access to the accounts of three young women, aged between 18 and 21. He then threatened to post edited "naked" pictures of one of them unless she sent him photos of her breasts. The victim of this threat reported the matter to the police which resulted in the investigation and charges made.

Song pleaded guilty to nine charges under the Computer Misuse Act - each of which carries a fine of up to $50,000 and jail terms not exceeding two to 10 years. He can also be jailed up to two years on a charge of criminal intimidation. The judge will pass sentence on the charges on Monday 15th Jan 2007.

It is worth noting that the accused is an intelligent undergraduate, made the mistake of believing that such activities online will not be reported nor prosecuted. It would be very unusual if the accused will not be given a stiff custodial sentence. Update on the sentencing when it is reported.

NTU student stole MSN IDs, chatted and threatened blackmail [Channelnewsasia.com]

3 years' jail for WiFi tapping

2006-11-15T16:15:00.000+08:00

On November 10 it was reported in the local papers that a teen Mr Garyl Tan Jia Luo (17) was charged in court for having committed an offence under the Computer Misuse Act. Apparently the act that he committed was to use his notebook computer to access the WiFi network belonging to his neighbour without authority on May 13th. Under the CMA as long as there had been unauthorised access - whether there had been security firewalls or passwords being used - an offence would have been committed by the mere access of the network. Details of the case has not been published and the trial is to be heard today - 15th Nov. It would be interesting to learn whether this was a one off incident or whether Mr Tan had carried on this unauthorised access for some time.

To read about the first report - click here: Report: Singapore teen faces 3 years' jail for tapping into another's wireless Internet - iht,asia,Singapore Internet Charges - Asia - Pacific - International Herald Tribune

Singapore's push to become the secure and safe haven for E-Business

2006-06-23T14:54:00.000+08:00

Singapore will be launching its new National Cyber-threat Monitoring Centre early next year (see the report from CNA thru the link below). It will work with other similar centres all over the world to deal with the threats from viruses, hackers and terrorists in cyberspace as well as to protect the interests of businesses, individuals and the government online.

Under the masterplan, IDA is also studying the possibility of a Cybersecurity Act to protect data and privacy, and is also pushing for Anti-Spam Act (draft has been in discussion for some time - check IDA.gov.sg for more information).

This strategic move to develop such a centre as well as establishing a slew of new laws and regulation dealing with cyber threats is continuing the efforts to make Singapore as an attractive location for companies planning to move their operations and data systems into the region.

While the national cyber-threat monitoring centre will be one of the first in the region, it will be likely that our neighbours will be following suit which can only mean that it will make the region much less attractive for hackers and e-terrorists. The centre is expected to provide early warnings about impending cyberthreats as well as establish processes to mitigate such threats.

Will this centre be duplicating the CERT team that is in place? While I have no official response to that question, technically it would appear that the new centre would compliment the CERT functions. It would however make sense for the consolidation of these two entities to have both a means to monitor and respond effectively to all kinds of online threats.

Channelnewsasia.com

Australian families to get free Internet porn filters

2006-06-22T01:36:00.000+08:00

The Australian government has decided to equip Aussie families with software filters for free to deal with the flood of porn coming into the home via the home PC. The idea is to help families let their children surf the net safely and free from Porn - if it is possible.

It looks like the authorities has stepped up in their war against porn but its commonly known that filters have limited success against the ever virulent porn that seems to be able to ingeniously find new ways to insidously enter into the home PC. Nevertheless, this concerted effort will be a public step in the right direction in the global fight to keep porn away from children.

Channelnewsasia.com

Forum Operators CAN be liable afterall

2006-05-10T20:34:00.000+08:00

In many jurisdictions including Singapore there are statutory defences for forum owners/providers for action to make them liable for statements and actions made by their users on their servers. In essence the carrier defence - that they are merely telephone service providers and thus not able nor have the capacity to monitor or manage the content being published on the servers. The defence in most countries is restricted by the condition that they neverthelss are required to act when informed of the offending material. Also, forum owners are not under a duty to actively search or moderate offending material.

In an surprising result in Hamburg, judges had thrown out that view of defence available to Forum owners. According to the judge at the first instance, providing Internet forums is, a type of business operation. Accordingly, operators are considered to be able to hire staff with legal training to be able to handle such operations.

According to the district court of Hamburg - "If the number of forums and comments in them is so great that the opposing party does not have the staff or technical means to review comments before they are published, they either have to expand their in-house resources or [...] reduce the scope of their business operations."

Unfortunately the Hamburg court did not clearly state its opinion on whether every Web forum could be held liable or only restricted to the services of the press. The court did however stated that the decision also applied to companies that disseminate content via the Internet. Consequently, every Internet forum probably falls under this category because the judges did not make any further distinctions.

This case in my opinion has wide implications. However, based on the judge's view of how businesses that goes into providing forum services ought to have the sufficient manpower to manage offensive and liable content there is some fair justification for the outcome of the case. The problem I perceive is whether all countries will follow by policy - agree with the ratio decidendi. Telco and Web service providers will be up in arms to refute such developments - I am sure.

heise online - First-instance district court of Hamburg says forum operators are liable for comments

Worldwide laws still unable to contain cybercrime

2006-04-25T20:31:00.000+08:00

At this year's e-Crime Congress in London an interesting survey was carried out on the delegates. It was not surprising that 74% of the participants believe that the current state of international laws is unable to contain cybercriminals from their activites.

The three main threats being phishing, computer hacking and denial of service attacks. Of the 20 countires, 110 respondents cite the lack of global co-operation and inadequate police resources as the main reasons why internet criminals are not being prosecuted. Worse, even some 61 % seem to believe that the current legislation is unenforceable. Many believe that a stronger legislation, such as the Council of Europe’s cybercrime convention, will improve how hackers, virus writers and extortionists are prosecuted internationally.

Personally, the results of this report is unsurprising. But I think it takes far more than mere tough legislation to thwart cybercrime. It has to be a strong commitment (which means resources and capital must be put into the effort) by governments to work together to establish strong laws as well as to assist each other in cross jurisdictional investigation and prosecution. International organised cybercrime if left unchecked in the near future will make the mafia and triad organisations look like amateurs in terms of how they can affect the stability of businesses, economies and governments.

It looks like it may take yet another Sept 11th on the Internet network before the governments wake up to the call.

Worldwide laws fail to fight cyber crime - Computing

Google expected to be ordered to release search data

2006-03-15T14:13:00.001+08:00

In the continuing struggle online between privacy v. the enforcement of crime and security laws - the latest news is from NewsFactorNetwork regarding the Department of Justice proceedings to force Google to hand over search data records. It was reported that U.S. District Judge James Ware said he will order Google to turn over some of its records to DOJ officials as part of the Bush administration's effort to revive a law meant to shield children from online pornography. While Yahoo, AOL and MSN had previously complied with the request from the DOJ, Google refused to comply. The refusal amongst other reasons was due to concerns about user privacy.

This case highlights the potential problem of how large databases with collated information about user behaviour can become controversially used by both unethical advertisers as well as law enforcement - without the knowledge nor approval of the users.

Judge Will Order Google To Release Search Data on Yahoo! News

RIAA wants to ban CD ripping - trying to get the genie back in the bottle?

2006-02-20T01:03:00.000+08:00

In what appears to be a relentless effort on the part of RIAA to take the initiative to recover its perceived loss of rights as a result of the use of technologies that allows music enthusiasts to rip music off CDs and listen in MP3 format - RIAA has applied to the US government to make the claim that the act of ripping a purchased CD itself to be illegal. Their case is argued that the widespread practice of ripping CDs does not make it right nor legal.

While the law is clear that it is in the copyright owner's court, what is surprising is that it is a complete reversal of its position when RIAA in last year's MGM v Grokster case described that ripping a CD is "perfectly lawful".

Unfortunately, music enthusiasts have little to turn to for a legal defence of copyright breach as 'fair use' here is not available for the act of . If RIAA is able to convince the law makers to agree to its point of view (and the law makers must realise this as a matter of policy) what does it intend to do? Clearly it has two choices (either one or both is open to them) - to go after the people that enables users to rip CDs or go after the users who rip their CDs. Both are unsavoury outcomes for the music enthusiasts. Whatever it may be, it seems inevitable that the RIAA will become very unpopular with the public as well as tech businesses that provides the ripping software.

RIAA aims to ban CD ripping - PC Magazine

FBI 2005 Survey on Cybercrime Reflects a New Generation of Abegnales

2006-01-25T12:06:00.000+08:00

The report reads like there is a growth industry of new Frank Abegnales - the man made famous in the movie "Catch Me If You Can". The statistics garnered from 2000 surveys taken from the public and private organisations shows alarming responses.

Here are some of the findings listed on their webpage:

Frequency of attacks. Nearly nine out of 10 organizations experienced computer security incidents in a year's time; 20% of them indicated they had experienced 20 or more attacks.

Types of attacks. Viruses (83.7%) and spyware (79.5%) headed the list. More than one in five organizations said they experienced port scans and network or data sabotage.

Financial impact. Over 64% of the respondents incurred a loss. Viruses and worms cost the most, accounting for $12 million of the $32 million in total losses.

Sources of the attacks. They came from 36 different countries. The U.S. (26.1%) and China (23.9%) were the source of over half of the intrusion attempts, though masking technologies make it difficult to get an accurate reading.

Defenses. Most said they installed new security updates and software following incidents, but advanced security techniques such as biometrics (4%) and smart cards (7%) were used infrequently. In addition, 44% reported intrusions from within their own organizations, suggesting the need for strong internal controls.

Reporting. Just 9% said they reported incidents to law enforcement, believing the infractions were not illegal or that there was little law enforcement could or would do. Of those reporting, however, 91% were satisfied with law enforcement's response. And 81% said they'd report future incidents to the FBI or other law enforcement agencies. Many also said they were unaware of InfraGard, a joint FBI/private sector initiative that battles computer crimes and other threats through information sharing

FBI Cybercrime Survey 2005

Another example of convergence making DMCA outdated?

2006-01-23T16:27:00.000+08:00

A small company in Mass., US, has begun selling IPODs with movies from the DVDs purchased by their new owners uploaded. On the face of it, such sales of IPODs with copyrighted and tech protected DVD movies have breached the DMCA provisions. However interestingly the business continues to do this despite the legal risk. Apparently the owners of the business argue that the DMCA is outdated law and claim that moving the content onto the device is a one-way transfer, which since the purchaser gets both the original and the copy it is legal under their fair use provisions of their Copyright law. Will content owners sit by and less this continue? Keep a look out for updates here.

TVMyPod ventures into copyright gray area CNET News.com

NEWS: Privacy Advocates v. Pornography Prosecutors

2006-01-20T12:02:00.000+08:00

Google, Yahoo and MSN refused to assist when they were asked by Anti Porn legislator to hand over search statistics. As a result, they had been subpoenaed by the Bush Administration for the information they asked for in their effort to fight Porn online. All three search engines responded differently. The various issues raised in their defence was the protection of the privacy of its users, lack of useable specific data retained and that the information handed over did not include personal information.

As a bystander observer, is such a process of obtaining data reflective of the Bush Administration's view of its position regarding privacy protection? Unfortunately the problem with porn appears to far outweigh that concern. Hopefully, the process will in fact not result in the breach of the privacy of the users of these search engines.

TechWeb Search Engines, Free Speech Google, Yahoo, MSN Subpoenaed In Anti-Porn Effort

UPDATE: CNET NEWS.com has published some useful FAQs on the Google subpoena by the US Justice Department on its database statistics. CLICK HERE for the FAQ

Yet another pricing 'blunder' at an online store

2006-01-16T18:15:00.000+08:00

A problem that seems to be reported with some familiarity is the error in pricing on webmalls as to the pricing of their goods. The problem has been around since the boom on online commerce but despite the growth of ever more stable and reliable solutions, the pricing mistakes continue to happen to the displeasure of many customers. The latest reported here is Apple's Online Education Store that priced an Olympus camera at only 98.70 sterling pounds. The camera normally retails for 600 pounds.

In the past retailers online succeeded in avoiding concluded electronic contracts on the defence that the buyer had bought the goods in bad faith - usually shown by the purchased of dozens of the mispriced items. The problem for Apple and other retailers is - if a buyer only buys one unit of the goods - is there grounds to allege bad faith?

With the ever growing outrage of how easy retailers can renege on the agreements made online, is it an impossibility for law makers to raise the retailer's liability to strict liability for their pricing? While this is a matter of conjecture for now - consumer protection for online transactions - especially for those who legitimately bought the goods believing the price to be right as well as with good faith - should have some recourse and protection.

Furthermore, the expensive web commerce solutions are nothing like the retail shops and malls where price labels are manually stuck on the goods. The system in many of these retailers have state of the art inventory and pricing systems that work in conjunction with their payment systems. Can they really be able to claim to an honest mistake by their pricing system?

Consider the Singapore Electronic Transactions Act which provides inter alia that the transactions sytem will be deemed as an agent of the owner. Thus if an 'agent' quotes a wrong price - the principal is bound to the agent's words. Unfortunately this provision has yet to be tested in the courts. But it is clear from this provision that the legislators do not place much credence on online retailers claiming that their machines are had not been properly configured and it is designed to make them accountable.

Apple pricing 'blunder' caught on camera - WebWatch - Breaking Business and Technology News at silicon.com

NEWS: New Year starts badly for Microsoft with discovered Windows flaw

2006-01-04T13:47:00.000+08:00

CNET just reported that there is a new flaw found in the Windows Meta File which may have spawned a series of attacks last week. The primary OS vulnerable are Windows XP with Service Pack 1 and 2 and Windows Server 2003. CNET reports that it is estimated 99 percent of computers worldwide are vulnerable to attack. Some attacks on the WMF flaw has already resulted in attacks such as the Exploit-WMF Trojan. The report however did indicate that while there is a real risk, the danger of another world wide threat is small.

I would recommend to keep a finger on the windows update icon to check on the possibility of new patches as well as updating all firewall and antivirusware.

Windows flaw spawns dozens of attacks CNET News.com

Is it possible? Free AND legal music online?

2005-12-21T02:28:00.000+08:00

The Mercora IMRadio was reported here by Seattle PI - as a product review - to provide free yet legal music online. Its not a P2P and does not distribute copies of illegal music to downloaders but rather users just merely listens to the files already stored on its servers. As this is not a download, it does not technically fall foul of copyright infringement by the visitor to the site.

The question however, is does this absolve any legal liability on the part of the Mercora to stream music to listeners everywhere? While the report is silent on this point, I am of the view that who ever owns the server will face the same responsibility as any radio station. For every song played, it has to pay dues or royalty to the copyright owner. So, while it may be free for users and listeners - it's still not completely free - at least not to the owner of the server.

Product Review: Free -- and legal -- music online

Sony finally withdraws CDs with DRM from shelves

2005-11-22T02:08:00.000+08:00

Security Pipeline reports what I had predicted earlier. As an internationally renowned brand, Sony could ill afford the negative impact that was spreading like wildfire through the blogsphere. They have since realised that they made a mistake and withdrew those CDs with the DRM off the shelves.

However despite the change in their position, their troubles are not over. The company faces charges of deceptive advertising, illegal spyware distribution, and computer crimes in three lawsuits according to SecurityPipeline.

Security Pipeline | Sony Plays The Blues As Bloggers Turn Up The Volume

Even Foxtrot makes a point about SONY's DRM

2005-11-21T19:15:00.000+08:00

While its not in the usual tone of my blog to trivialise current issues, I found that this particular cartoon strip by Foxtrot's Bill Amend brought home the dangers of how an unpopular method of implementation of an idea can result in it becoming the source of ridicule to others.

(cartoon has since been removed from source by cartoon publishers)

New Trojan Released to Exploit SONY's CD Music DRM

2005-11-12T14:09:00.000+08:00

Following the previous post about Sony's new DRM, a new trojan has been reported to exploit the root kit software that the Sony's DRM technology installs when playing the music CD. The new Trojan called Stinx had been reportedly spammed to UK email addresses thereby raising the risk of computers there being compromised.

Apparently spokepersons for Sony claims that the risk is very low right now - as the CD has to be purchased in the US with the DRM technology built into the CDs there. Nonetheless, it is curious that has been openly admitted that their DRM does open the PCs of users to criminal hackers. I think Sony will be relooking carefully their strategy on the use of this version of DRM.

Silicon.com - New Trojan exploits Sony DRM anti-piracy tool