CyTRAP Labs - EU-ReguStand

Article 24(8) of Regulation (EC) No 45/2001 - dates back to December 2000 but took until 2008-06-03 to be adopted by the EU Commission.

Last week brought us the publication in the online version of the European Union’s Commission Decision of 3 June 2008 adopting implementing rules concerning the Data Protection Officer pursuant to Article 24(8) of Regulation (EC) No 45/2001

- on the protection of individuals with regard to the

- processing of personal data by the Community institutions and bodies and on the free movement of such data.

I wonder why it has taken so long to adopt these rules, since Regulation 45/2000 dates back to December 2000.

Article 24(8) of Regulation (EC) No 45/2001, data protection, EU Commission, privacy

Some users may have thought of the Facebook site as a harmless way to catch up with friends. However, such people surely do not appreciate the risks of posting jokes or other potentially embarassing details about their friends and colleagues.

The High Court in London just handed down a verdict that will play an important role in the emerging privacy law and breach of privacy on social network sites. The significance of this case is that it shows that if what you post on the web or on a social network site is not correct, this can have serious and costly consequences.

Get the inside story - I discuss how this may mark a trend for social networking sites and people wanting to protect their privacy when using such sites as MySpace, Facebook or Bebo.

In a highly-publicised ruling Mr. Mosely won £60,000 in compansation after the News of the World released photos and video extracts of him undulging in a sadomaschostic sex session with a group of prostitutes in March.

Get the ruling of Mr Justice Eady in Mosley v News Group Newspapers Ltd [2008] EWHC 1777 (QB)

Interesting about the above case is that the News of the World had to fork out £60,000 plus an estimated £830,000 in costs. Nonetheless, the News of the World got plenty of attention through this case. Moreover, the increase in advertising revenue and web-traffic most likely offset these costs.

More recent is the Facebook case that is estimated to open a new front for libel law suits. Facebook has grown to become the 4th most-trafficked website in the world, with more than 90 mio active users. Mathew Firsht brought this libel action after coming across a Facebook group titled

Has Mathew Firsth lied to you?

As the court documents state:

It contained material which was admittedly defamatory of Mr Firsht and of Applause Store. Neither the profile nor the group was set up by Mathew Firsht. Both were set up using a computer with Grant Raphael’s IP address, that is to say, using a computer at the flat where he then lived. That is all common ground. The main issue which I have to decide is whether Grant Raphael was responsible for putting up the false profile and for creating the group.

These false claims about Mathew Firsht’s sexuality, religion and political views resulted in a guilty verdict for the accused.

Get the ruling of Deputy Judge Richard Parkes in Applause Store Productions Ltd. & Anor v Raphael [2008] EWHC 1781 (QB)

Bottom Line

Mathew Firsht was awarded €28,000 (£22,000 to be exact - £15,000 for libel and £2,000 for breach of privacy). This is a big hit because in contrast to Mosely, a private individual has been ordered to pay an ex-school friend €28,000, plust costs. The costs (legal fees, etc.) could be 20 to 40 times the amount of the fine (i.e. € 560,000 to over 1 mio). That is quite painful.

Please check out:
follow us on Twitter	the wrong way - online privacy and social networks	EU-Regustand trend spotting - lawyer fees for Blackberry lawsuit big enough to joke a judge
be the first to know - subscribe	2 data security breach regulation - data theft: will EC bring new regulation that helps citizens?	Financial Times - is blogging good value?

breach of privacy, damages, facebook, High Court in London, landmark libel action, libel suit, Loreena McKennitt, Mathew Firsht, Mosley, News of the World

AT&T, Time Warner, Lighthouse Networks, Verizon and other ISPs might be faced with an FCC ruling demanding a strict transparency policy regarding the throttling of broadband Internet use.

In the U.S., Comcast has been throttling broadband (sometimes also using packet forgery), the practice of slowing internet service down for heavy users, for some time. This is an unpopular means of discouraging peer-to-peer filesharing using BitTorrent in particular.

While users may continue to see ISPs manage their networks, this ruling if passed August 1, 2008 will result in consumers having greater access to the policies that manage their information.

AT&T, Comcast and Verizon have been accused of slowing the internet speeds of bandwidth-heavy users. The news garnered a public backlash for Comcast.

Now, Comcast’s attempts to throttle user bandwidth my be ruled unlawful by the US’ Federal Communications Commission (FCC). At this point, FCC Chairman Kevin Martin’s words are non-binding, as his decision must be voted on by the other five members of the FCC commission. Martin is looking to impose sanctions on Comcast. With the two other members of the commission supporters of network neutrality, it appears that Kevin Martin’s recommendations will become enforceable.

Nevertheless, it does not appear that Comcast will face anything tremendously costly. For starters, Comcast has already adopted a “protocol agnostic” throttling policy. This, in theory, does not focus on any particular network. To illustrate, if a BitTorrent user and a Skype user are consuming a disproportionally high amount of upstream bandwidth, both will be managed to alleviate pressure on the ISP’s network.

This is opposed to the past BitTorrent-only policy that got Comcast into trouble in the first place. To make this more practical and fair, Comcast has been meeting with bandwidth intensive firms such as BitTorrent, Vonage, and Pando to establish some policies and procedures under which such a system may work smoothly.

Comcast is moving toward a “protocol agnostic” form of network management, meaning it will focus on all traffic rather than just peer-to-peer. The new method is being rolled out in some test markets in the US. Using a protocol agnostic form of network management does, however, foreclose some alternatives. Finally, its use may result in users having to pay more for more usage.

Tidbit

This change may not have happened if Marvin Ammori would not have filed the complaint against Comcast to the FCC. In turn this resulted in the FCC investigating the matter.

Mr Ammori filed the complaint in his function as the “general counsel” of the Free Press — a non-profit organization that promotes a democratic free press by arguing against excessive consolidation of media organizations by corporations, and more recently, the tenets of network neutrality. Marvin Ammori was the person who filed the complaint against Comcast to the FCC, which resulted in their investigation in the matter

What happens now

The FCC Chairman Kevin Martin has circulated an order recommending enforcement action against Comcast last Friday (2008-07-11) among his fellow commissioners. The FCC commissioners will vote on the measure at an open meeting on Aug. 1, 2008.

Martin, a Republican, will likely get support from the two Democrats on the commission, who are both proponents of the network neutrality concept. Those three votes would be enough for a majority on the five-member commission.

Also check out this:
Comcast packet forgery and the US Criminal Code Section 103	EU telecom regulation - important issues remain
CyTRAP Labs Viewpoint - public vs. private interest on the Internet	EU telecoms market - European Parliament - what it means for InfoSec

BitTorren, Comcast, FCC, Federal Communication Commission, network neutrality, packet forgery, peer to peer, throttling broadband

2008-07-07 two of the European Parliament’s committees voted on the European Commission’s proposals to reform the EU Telecom rules.

Even though the final view of the European Parliament will only be known once the Plenary has voted on the Commission proposal on 2007-09-03, the votes are important steps towards shaping the final legislative texts to be adopted by the European Parliament and the Council.

During November 13, 2007 the European Commission proposed regulation to better administer the single European Telecoms Market for 500 million consumers as we discussed here:

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL establishing the European Electronic Communications Market Authority (presented by the Commission) COM(2007)699 rev 2.

Now two committees - ITRE and IMCO - have voted on the proposed legislation and its ammendments. We provide a summary below:

European Parliament

On Monday evening (2008-07-07), the:

- Industry, Research and Energy Committee (ITRE) and the
- Internal Market and Consumer Protection Committee (IMCO)

of the European Parliament voted on around 1,000 changes to the EU Telecom rules, consolidated into over 30 amendments. The compromise proposal put forward by the ITRE Committee, Catherine Trautmann and Pillar del Castillo Vera as well as the IMCO Committee, Malcolm Harbour for the draft framework directive was accepted.

What happened?

ITRE accepted a number of the Commission’s key proposals, including things such as:

A) addition of functional separation to the toolbox of national regulators to ensure competition.

In Monday’s vote the Parliamentary Committee agreed that national regulators should be able to require a dominant operator to separate its access network infrastructure and service arms, in order to give other competitors a fair chance to offer services using that infrastructure.

B) strengthening the cooperation of national telecoms regulatiors by creating a new body composed of independent telecoms regulators (called Body of European Regulators for Telecommunications).

This new structure has substantially less powers than proposed by the Commission. In contrast to the Commission’s proposal, the new regulatory body called Body of European Regulators in Telecommunications (BERT), is also not mainly financed from the EU budget, but will have to be paid, by 2/3, by national taxpayers.

Incidentally, BERT will be composed of the 27 national regulatory authorities. This is an alernative proposal to the European Electronic Communications Market Authority (EECMA) advocated by the Commission.

Previously, the Commission proposed that the new regulatory body would be combined with the existing European Network Information and Security Agency (ENISA), to create synergies while avoiding the creation of an additional EU agency as we reported about here:

CYTRAP Labs regulation watch - EU Commission wants to reform telecoms rules - will ENISA be shut down?

ENISA is, however, not to be comgined with the new regulatory body for the telecoms market.

Instead the Committees voted to prolong the mandate of ENISA until 2012.

C) enhancing transparency on pricing and conditions while improving number portability

This will enable consumers to shop around for competitive offers. Disabled users will also benefit from better access to telecoms services such as 112 or TV channels’ subtitles.

Challenges left to be resolved

1) The compromise introduces the wording ‘lawful content’ into the telecommunications packages. This does, however, create a copyright regulation component within the law.

In turn, Member States would thereby been given the possibility to add their own regulations. So France could include its own three-strikes-and-you-are-out policy against persistent internet pirates in the directive.

2) One of the Commission’s key proposals to oblige operators to warn consumers when their private data are compromised (i.e. data security breach), has been watered down.

Timetable for the legislation

3 September 2008: Vote on the EU Telecoms Reform Proposals in the European Parliament’s plenary.

27 November 2008: the Council of Telecoms Ministers could, under French Presidency pave the way for finalising the legislative texts.

Also check out this:
2008-07-08 - European Parliament - press release: Telecoms package: EU-wide spectrum management for full benefits of wireless services	Votes by the two Committees - European Parliament - Telecoms package: EU-wide spectrum management for full benefits of wireless services
the wrong way - online privacy and social networks	EU telecoms market - European Parliament - what it means for InfoSec

BERT, Body of European Regulators in Telecommunications, Catherine Trautmann, data loss, data security breach, EECMA, European Electronic Communications Market Authority, IMCO, Industry, Internal Market and Consumer Protection Committee, ITRE, regulation, Research and Energy Committee, taxpayer, telecoms market

EBay’s launch of its competing Kijiji site …
eBay used its shareholder status to plant on Craigslist’s board of directors the individual responsible for launching and/or operating Kijiji.
Conflict of interest? Bad corporate governance by EBay or abuse of trust and misuse of insider information by EBay? The courts will have to decide.

Craigslist is one of the top ten largest web sites in the world. Ut provides mostly its free classified ad service for millions of people in 567 cities around the world.

Craigslist is owned by a private company. In November 2004, an early shareholder sold his shares to the online auction giant EBay - the world leader in online auctions and payment services. EBay purchased the minority stake as part of its strategy to get into classified advertising in North America and europe. As a result, EBay is a minority shareholder in Craigslist.

Initially Craig Newmark (founder) and Jim Buckmaster (CEO) agreed to the sale because they were impressed by EBay’s stated common values. BAsed on Ebay’s founder and chairman Pierre Omidyar and his widely publicized philanthropic activities the even asked him to be Ebay’s representative.

Unfortunately, things started falling apart very quickly as Ebay demanded more control over Craigslist and access to competitive information. The falling out between the two companies is now the subject of of two lawsuits filed against each other.

A) Ebay has complained that Craigslist illegally reduced its minority holding and last week ( EBay’s suit in Delaware Chancery Court),

B) Craigslist complained that Ebay stole proprietary information and engaged in other nefarious activities (Craigslist’s suit in California Superior Court in San Francisco).

The Craiglist blog states it as follows:

“We filed a complaint in California today, charging eBay with unlawful and unfair competition, misappropriation of proprietary information, deceptive passing-off, business interference, false advertising, phishing attacks, free-riding, trademark infringement, trademark dilution, and breaches of fiduciary duty.
We respectfully ask the Superior Court in San Francisco to enjoin this conduct and order eBay to
(1) make full restitution to Craigslist,
(2) disgorge their related profits
(3) restore to craigslist all shares of the company acquired by means of, or for the purpose of unfair competition, and
(4) pay punitive damages for their malicious behavior.”

An example of how this looked on the Yahoo! search engine is shown here:

Get the full view of the above here:

Yahoo search result being served to the user with a sponsored link from EBay for its with Craigslist competing Kijiji serviceEBay and Craigslit compete directly in the United States and a dozen other countries, with Kijiji tailoring its ads to young families in contrast to Craigslist’s open flea-market style.

“In the months leading up to the launch of its competing Kijiji site … eBay used its shareholder status to plant on Craigslist’s board of directors the individual responsible for launching and/or operating Kijiji.”

Full text of complaint is available here:

html or as a pdf file for your archives.

What is also strange is that some people who have listed a classified on Craigslist are shortly thereafter the recipient of an e-mail message that looks like this:

details on how EBay supposedly spams Craigslist advertisers - based on insider info?

Corporate Governance

It is obvious that the EBay board representative that was also in charge of launching and managing the competing Kijiji service from EBay

Must have had numerous occasions where he was in a clear conflict of interest between either serving Craigslist’s best interest or else those from EBay that was building up a service in direct competition with Craigslist.

This is a classical case of information asymmetry. EBay gained insider information by witholding critical information to fellow Craiglist board members and sharholders/investors. Surely, EBay’s representative would have never been granted a seat on the board, had it kown that he was responsible for and managing the launch of a competitive product on behalf of EBay.

Silicon Valley Watcher Tom Foremski’s take on the case

Craigslist’s complaint alleges that EBay used its position as a minority shareholder to pressure Craigslist into a full-scale acquisition deal by eBay.

Craigslist argues eBay used its position to gather competitive information that led to the launch of eBay’s rival classifieds business. It charges eBay code-named this its “Craigslist killer” in internal strategy discussions.

Whatever EBay did, moral it surely was not. As well, this puts a bad light upon the company’s management. Furthermore, Ebay’s founder and chairman Pierre Omidyar and his widely publicized philanthropic activities may be worth zero for reputation management purposes.

How much worth are his philantorpic activities when his company does such things. This seems a classic case where reputation management fails due to greed and stupidity by some.

California Superior Court in San Francisco, corporate governance, Craigslist, Delaware Chancery Court, EBay, independent directors, insider information, Kijiji, liability, reuptation management

MySpace stripped of myspace.co.uk domain victory.The Nominet UK Dispute Resolution Service appeals panel (Tony Willoughby, Claire Milne and Sallie Spilsbury) ruled that the myspace.co.uk domain — which was registered by Total Web Solutions before the “real” MySpace came into existence — did not after all have to be turned over to MySpace Inc, owners of the hugely popular myspace.com.

Total Web Solutions registered myspace.co.uk August 1997 with the intention for providing customers with e-mail and webpage hosting services. The judgment reveals that still today 18 of its customers use e-mail addresses with the @myspace.co.uk domain.

About July 2004 myspace.co.uk Total Web Solutions decided to park the domain with Sedo. The latter enterprise offers target advertising links on unused domains.

In 2005, following the growing popularity of MySpace, the Sedo algorithm began serving Total Web Solutions’ domain with advertisements for services such as “MySpace Friend Adder.”

The appeal panel dismissed the assertion by MySpace that it was entitled to the disputed site on the ground that it was entirely descriptive of its business. Nor did it consider the earlier registration to be abusive. The panel added:

“To date experts and Appeal panels have reasonably consistently taken the view that if a registrant acqUires a domain name in advance of the coming into existence of the complainant’s rights, the registrant is entitled in principle to hold onto the domain name and to use it, notwithstanding that confusion of the ‘initial interest’ variety may be inevitable. Similarly, experts and Appeal panels have concluded that in such circumstances it is not of itself abusive for the registrant to demand a high price from the complainant for transfer of the domain name in recognition of its enhanced value.”

The judgement also states:

“The registration of domain names is still a first-come, first-served system and the panel is reluctant to place any duty on a registrant, who has merely had the good fortune (or maybe ill-fortune) to register a domain in good faith, which subsequently, through no fault of his own, provided he does nothing to actively exploit his position [appeals panel emphasis].”

also of interest:
unified communications - what it means with Twitter, Friendfeed, Stumble Upon, Del.icio.us	The ComMetrics Index
Yahoo! Search Marketing vs. Mr SPICY - English High Court Decision	methodology - how we measure social media efforts

Bottom Line Even if Total Web Solutions has not done anything wrong, the mere fact that it has gained substantially through no effort of its own is not actionable in a court of law. Accordingly, nothing wrong with mere confusion as long as it is not deliverately induced.

Get the verdict here:

MySpace stripped of myspace.co.uk domain name victory full text of the decision (16 pages - pdf file - 2008-04-18)

domain name dispute resolution, myspace, MySpace.co.uk, social media, Yahoo

A UK law firm was criticized over £5m (Euro 6.2m, $10m) trial fees for a five-day trial by a High Court judge in the UK
Research in Motion - maker of BlackBerry device - racked up this much in lawyer fees in a dispute with Visto, a US-based wireless technology company

The issue in this litigation goes way beyond the UK because it represent a more global battle over the validity of Visto’s portfolio of patents relating to wireless e-mail communications. Research in Motion claims this to be a brazen effort to in effect shut down the BlackBerry service.

Research in Motion has been in various types of litigations involving intellectual property rights and racked up millions of Euros or Dollars in lawyer fees, such as:

July 2003, a US federal judge ordered Research In Motion, to pay 80% of the $5.25 million in legal fees incurred by NTP, Inc., plaintiff in a successful patent infringement case brought against the company (get the judge’s decision - pdf file, 193KBs - 4pages).

Who charged how many hours?

From a cost management perspective this case is interesting because it shows that UK law firms are under increasing pressure to contain the spiralling costs of litigation. While London wants to remain the jurisdiction of choice for complex patent litigation, the costs are becoming prohibitive. For instance, in this case the charges were:

- 5000 hours for trainees and paralegals = £1m;

- Nicola Dagg (partner leading this case) spent 1,387 hours on this case;

- 9 man years have been spent over 15 months to prepare for the trial that took 5-days;

- 2,252 hours by one senior associate working on the case, while another spent 2,291 hours

Interestingly, if one takes the two associates referred to - their hours total around 4500.

This equates to £444.44/hour as the associate rate. If one takes 1500 hours p.a. as having been billed (that means billing 70-90% of your time - what a nice situation for the one billing), this implies a billing total for each associate of £666,666 per year - amazing.

My question is where did these associates and partner have any time for skills upgrading that they should do each year, for doing the public service work lawyers are so famous for, as well as helping trainees acquire the skills they must and much more.

Partners in consulting firms have one thing in common with lawyers, they are extremely savvy when it comes to charge for their work. Accordingly, charing 8 days is an absolute minimum and 12 days expected while moving up to senior level is helped greatly being able to charge 14 days or more each month. Most large consulting firms are happy if their partners manage to bill 12 days of work each month throughout the year. Naturally, consultants have about 5 weeks of vacation and at least 1 week of public holidays during which no charging can take place. The rest of the time is needed for doing:

- public service work,

- running operations (e.g., attending interal meetings, hiring people, etc.),

- acquisition work - visiting and talking to potential clients and

- many other things such as skills upgrading and attending a conference or two each year.

Apparently, lawyers work in a different world. Here little if any time is needed for accomplishing the things listed above.

Most times we never hear about these litigation costs since they are paid by private parties to their lawyers. And even if we hear about them, it is usually unclear how these huge fees were accumulated.

However, under the United Kingdom’s “loser pays” rule for lawsuits, those hours become public knowledge. And Justice Christopher Floyd of London’s High Court has slammed Allen & Overy, one of the city’s top law firms, for “some really shocking” costs.

If this post was helpful to you, please consider stumbling this post from CyTRAP Labs
CyTRAP Labs tip - 12 best Twitter tools	5 data security breach regulation - judge is spelling out the exact costs for TJX
ranking lawyers - Avvo.com - imperfect but one way to get info	EU-ReguStand trend spotting - Twitter - e-discovery requires managing your risk exposure smartly

By the way - who is Visto?

In 2005, Visto raised $70m from venture capitalists to pay for product investment, field investment and - last but not least - legal fees.

The firm has 30 existing patents - all of which relate to the areas of synchronization, remote access and security.

Visto is keen to prevent RIM from selling its BlackBerry in the US.

Visto is also suing Microsoft and other major software vendors for possible patent infringments.

80% of cases that go to trial in the Eastern District of Texas, Visto’s court of choice, are decided in favour of the plaintiff.

Bottom Line

The London decision was an important milestone for RIM in light of pending US litigation. From a risk exposure point of view, one could state that:

- the business at stake is huge,

- the amount at risk is huge, and accordingly

- one can justify a huge fee.

The problem is just that the judge has invoked some moral issues besides the above ‘rational points’ when trying to comprehend the fees that were being charged. Others have raised the issue that Mr Justice Floyd is really just making a judgment that Visto should not have to pay for the RIM’s desire to leave no stone unturned.

The judge refused to award Research in Motion its full costs. He said that he was bound to prevent a party from recovering “unnecessary and unreasonable” expenses. The case is being referred to a specialist costs judge for a full assessment of the amounts due.

It doesn’t necessarily follow that A&O will be putting all this forward as costs. It’ll be interesting to see how much A&O will recover when they go before the costs judge.

As well, trainees and paralegals do what they are told. Like the sorcerer’s apprentice, they will carry on doing it until they are told to stop. Accordingly, if the hours are high it is surely the lack of time and cost management imposed on this case by the partners of A&O.

I do not believe that it is just the fault of the partner in charge of this case, Nicola Dagg. In fact, the responsibility lies with the managing partner and the most senior brass who failed to put internal controls into place to contain costs. Instead, they decided to milk the case for all it was worth. Greed shows its ugly head once again.

Finally, High Court judges have raised concerns about escalating costs in a series of recent disputes in the UK. This could be interpreted as a “warning sign” to solicitors about their billing practices.

Tidbit

All parties probably only paid a few thousand pounds in total court fees over the length of the case to occupy the trial court for 5 days and for their costs hearing - at what expense to the Court Service?

As well, to cut costs, the Commercial Court Working Party examined ways in which to cut down on the amount of work required in these litigations. Among the recommendations:

a) Limit the length of written pleadings to 25 pages, and

b) limit opening arguments at trials to two days

Keep it short and sweet - KISS. We think this indicates a trend that better cost management and internal controls will have to be applied to litigation to contain lawyer fees that are getting out of control.

Allen & Overy, BlackBerry, EU Regustand trend spotting, intellectual property rights, Justice Christopher Floyd, Londons High Court, Nicola Dagg, patent litigation, Research in Motion, RIM, Visto

Twitter - a microblogging tool - is becoming ever more popular. However, please remember that in the US, Federal Rules of Civil Procedure render electronic communications ­from both defendants named in a lawsuit and third parties who may have information pertaining to the case ­admissible in court.
Accordingly, can you produce Twitter records or those from Facebook if asked in court during e-discovery?

Is your enterprise ready for this new challenge? We tell you the ropes to skip and how to reduce your risk exposure

In the past social networking and keeping in touch happend either by:

- having coffee (tea if you prefer) with our co-workers or hanging out around the coffee machine or

- visiting the local Starbucks coffee shop and meeting friends or strangers to do social networking.

These days, people use social networks to stay in touch with close and not so close acquaintances and friends. One of the latest fads used for staying in touch is microblogging during a conference with the help of Twitter.

Nevertheless, using Twitter and similar tools, whilst working in the office or attending a conference, raises some legal issues. We addressed this matter here:

e-discovery - how it works and what it means for your enterprise

Just to be clear, tweets mailed out to one’s followers (people who have subscribed to one’s feed on Twitter) are similar to a text message or an SMS. Therefore, they are prone as e-mail to being subpoenaed as evidence in a lawsuit.

The Case

In August 2004, New York was the place where delegates to the Republican National Convention assembled. You may remember the rolling protests. These were described as they happened in text messages that spread from mobile phone to mobile phone in New York City and beyond.

Institute of Applied Autonomy and txtMob messaging code

Feb. 4, 2008, the New York City Law Department issued a subpoena to Tad Hirsch, who wrote the code that created TXTmob asking for:

1) all text messages sent via TXTmob during the convention,
2) the date and time of the messages,
3) information about people who sent and received messages, and
4) lists of people who used the service.

In a letter to the Law Department, David B. Rankin, a lawyer for Mr. Hirsch, called the subpoena “vague” and “overbroad,” and wrote that seeking information about TXTmob users who have nothing to do with lawsuits against the city would violate their First Amendment and privacy rights.

Legal experts claim that if the New York City Law Department changes its request and restricts it to the 50 or so people involved in the court case, the judge might go for it.

Fact is that, unfortunately, a text messag or an SMS is as prone as e-mail to being subpoenaed as possible evidence in a lawsuit.

If this post was helpful to you, please consider stumbling this post from CyTRAP Labs
CyTRAP Labs tip - 12 best Twitter tools	Twitter - means getting a better conference experience
Twitter - why this technology could cause employers a headache	EU-ReguStand trend spotting - Twitter - e-discovery requires managing your risk exposure smartly

Trend SpottingThe above case indicates that whenever one provides such a service for political activists, it is a smart move to make sure that personal information is not being stored. Neither should data about who is accessing what and communicating with whom be kept.

Over-broad government request or court subpoenas can put people at risk. In the US as well as some European countries, national security and criminal investigations might be used to build lists and dossiers of protesters for surveillance purposes.

What about corporations and Twitter?

Twitter stores personal information about whoever’s accessing the service and who is following whose tweeds, etc.

Text messaging via Twitter allows workers or activists to communicate and centrally manage large crowds or groups of people. These could be spread over wide geographic areas. Put differently, during the recent Forrester Conference with a Twitter tag of *forrmarketing08 , people at the conference were getting messages from those watching the online video feed in far away places.

Imagine a lawsuit whereby somebody claims that with the help of Twitter another party stole some intellectural property from the claimant during the Forrester conference. Forrester might also be named in the lawsuit as a party. Who will the judge ask to provide records. Probably Twitter but also the conference organizers will have to produce some records subpoenaed by the court.

The most important thing to remember is that Twitter opens a whole new bag of worms regarding the collection of information and its safekeeping. Once e-discovery happens your corporation may be asked to produce:

A) all tweets that were sent during the conference and tagged with *forrmarketing08 ,

B) the date and time of the tweets,

C) information about people who sent and received messages (i.e. conference delegates as well as others watching online video feed), and

D) lists of people who used the service during the conference.

To be forwarned is to be forarmed. This means that you must prepare to be able to satisfay regulation and the court when during e-discovery stage of a court case. Unless these records have been archived and labelled properly you will fail to produce them in the limited time given by the court. A not so pleasant and possibly extremely costly experience - don’t forget reputation and trust in the costs your firm will incurr. Unless you can archive and label these streams of messages properly today, you will be in deep trouble when e-discovery happens tomorrow.

*forrmarketing08, e discovery, EU Regustand trend spotting, Forrester Research, managing risk exposure, political activism, public protests, Republican National Convention, SMS messages, subpoenaed, Tad Hirsch, tweets, Twitter

George Orwell has arrived. Some users’ every click and keystroke that comes down the line is being monitored in order to provide them with profiled advertising.
This is a follow-up on our story entitled: The Russian Mafia is Raising its Ugly Head - this Time in Sheep’s Clothing - be Careful

We have pointed out that Internet Service Providers (ISPs) have begun to work with companies that can harvest the stream of data for clues to a person’s interests. In turn, ISPs are making money from advertisers who use the information to target their online pitches.

The practice represents a significant expansion in the ability to track a household’s Web use because it taps into Internet connections.

Meanwhile the Federal Trade Commission has proposed guidelines for behavioral targeting of online advertising. Comments are due April 11.

But some experts have stated that these guidelines regarding behavioral advertising have been outpaced by the technology. Worst is that they do not address the practice of deep-packet inspection on the Internet directly. Therefore, the regulation might be futile and of little use unless it is improved beforehand. We discuss this in more detail here:

- Phorm offers today’s oximoron - eavesdroppers protect your privacy

Nevertheless, deep-packet inspection is similar to having your phone company tap your phone calls. While you do not want this, you neither want your ISP tapping your web traffic.

Citizens or consumers are concerned what will happen with this information, which third parties will get access and how.

For online publishers and media houses the technology offers the opportunity to offer me advertising that is not based on the content of the page I am visiting but, instead, knowing that it is me who is looking at it. Big brother watching you for sure.

The revelation, first detailed on our sister blog InfoSec, might lead to legal action by any of the UK users who can show their data were used. WHY you ask? Well legal minds claim that the technology seems to breach the following regulation in the UK:

Regulation of Investigatory Powers Act (RIPA) 2000 Chapter 23

The above regulation makes it a criminal act to intercept communication traffic on a public network without prior consent or a warrant. Hence, we are hopeful that a case will be brought against the ISPs involved in the UK to make sure that we will not soon be faced to accept ISP contracts that stipulate opting-in clauses as conditions of service

also of interest:
Russian cyber criminals give CyTRAP Labs’ news service ’stamp of approval’ resulting in massive denial of service attack	CyTRAP Labs’ legislative watch - Germany - Federal Constitutional Court rejects law permitting government snooping of PCs
Russian bot herders got away while adware criminals get record European fine	CyTRAP Labs’ legislative watch - European Court of Justice - C-275/06 judgment - P2P file-sharing stays private

If this was helpful - subscribe to feeds from CyTRAP Labs.

CyTRAP Labs legislative watch, eavesdropping, EU Regustand trend spotting, European regulation, phorm, privacy battles, protecting privacy, Regulation of Investigatory Powers Act, RIPA, Russian Mafia

2008-03-27, the World Intellectual Property Organization (WIPO) expressed its anxiety about current trends in cybersquatting.

The flier for the press release reads, in relevant part:

Against the background of an unprecedented number of cybersquatting cases in 2007, the evolving nature of the domain name registration system (DNS) is causing growing concern for trademark owners around the world. Last year, a record 2,156 complaints alleging cybersquatting - or the abusive registration of trademarks on the Internet - were filed with the World Intellectual Property Organization’s (WIPO) Arbitration and Mediation Center (Center), representing an 18% increase over 2006 and a 48% increase over 2005 in the number of generic and country code Top Level Domain (gTLDs and ccTLDs) disputes.

You can get the full document here:

DNS Developments Feed Growing Cybersquatting Concerns

The material also points out that the United States of America (USA), France and the United Kingdom remained the most frequent bases for complainants, while the USA, the UK and China remained the most represented countries by respondent party (Table 2 - see below).

WIPO Complainant Country Filing Table 2

Bottom Line

We at EU-ReguStand are not surprised about this trend. In fact it might very well be far worse than WIPO’s statistics suggest, since where cybersquatters:

1) use sites actively it becomes realistic to pursue them through the courts and secure damages or an account of profits,

2) don’t use sites actively, reputable traders have to be quite selective as to which ones they proceed against before WIPO, national equivalents or anyone else because of the huge toll in terms of time, money and effort, and

3) take advantage of the proliferation of top level domains by registering brands and corpo0rate trademarks under such domains as .biz, .name, .mobi, etc. where reputable firms have to be once again selective because of the huge costs.

also of interest:
List of Internet top-level domains	Why benchmark?
WIPO Domain Name Dispute Resolution Statistics	WIPO Overview of WIPO Panel Views on Selected UDRP Questions

abusive registration, cybersquatting, cybersquatting concerns, CyTRAP Labs, domain name dispute, domain name registration system, EU Regustand trend spotting, ReguStand, top level domain, trademark, trademark owners, wipo, wipo arbitration

Everybody gives lip serve to how important privacy is when it comes to our data as well as children surfing the net.
How can it then be that a project under the patronage of Viviane Redding did maybe follow the letter of EU Directive 95/46 but not the spirit of the directive?
One of our blogging school children pointed out to us the possibility of privacy violation by the Safer Internet Project by publishing names and e-mails of people coordinating national efforts?

We are all quite thankful for the EU Directive 95/46 or Privacy Directive,

The directive serves an important function for helping protect our privcay when it comes to personal data.

Safer Internet Day 2008 is an important project that tries to focus our attention on improving information security and surfing experience for our children. We have participated in this project and praised its focus, aims and bottom line results in various places, such as:

- Safer Internet Day 2008 - Stalking - Nachstellung - § 238 Strafgesetzbuch (StGB) - Germany

- Safer Internet Day 2008 - 7 reasons why campaigns against online pedophiles must be coordinated

- 2008 - Safer Internet Day

Unfortunately, one of the school children participating in the Safer Internet Day 2008 one-day blogothon discovered a slightly puzzling if not annoying thing. She pointed out that a list of participating countries was published online. The school kid was wondering if it did not violate EU regulation by publishing names of country coordinators and their e-mail addresses in full:

Get a larger image here if need be

We see this as one example demonstrating that doing more for our children’s awareness about IT security issues does make a difference. Nonetheless, it requires more than brochures but in depth discussion about these issues as well as hands-on practical examples why it matters to them personally. Our pupil was surely aware about the privacy issue when seeing the problem and asked us to inform the organization running Safer Internet Day.

What made our pupil so cautious was this blog entry she helped prepare with her classmates and the teacher in honor of Safer Internet Day 2008:

- Safer Internet Day 2008 - 8 Regeln zum besseren Datenschutz fuer Schueler die bloggen

Incidentally, on behalf of the student we contacted Safer Internet Day 2008 this morning. They have now removed the e-mails as well as names of the contact people from the webpage:

Safer Internet Day 2008 - National Contacts - Participants

If this post was helpful to you, please consider stumbling it or Digg this EU-Regustand post from CyTRAP Labs
Also of interest from around the Web:
CyTRAP Labs’ legislative watch - European Court of Justice - C-275/06 judgment - P2P file-sharing stays private	Safer Internet Day 2008 - 7 reasons why campaigns against online pedophiles must be coordinated
How to Benchmark your Sponsoring Efforts in Sports and the Arts	ISACA, Cobit, IT Governance Institute - getting a failing grade

Remember - ask people for an e-mail address and make sure to get their permission to use it for people to contact them. HOWEVER, this does not mean you should publish the person’s identity or their e-mail address online. Instead, considering today’s spamming problem, require people to fill out a contact form without divulging e-mail addresses to spammers.

Follow the letter as well as the spirit of the law when you have to deal with personal information.

Key is - privacy regulation is there to help us protect ourselves against identity theft and spam - to make it work as intended we need to be vigilant and cautious every day - too important a task to leave it to others to take care of this matter.

CyTRAP Labs, EU Directive 95/46, EU Regustand, identity theft, privacy protection, Safer Internet Day 2008, Safter Internet Day, SID, SID 2008, spam, Viviane Redding

Recently we brought you:

- CyTRAP Labs trend monitor - paying bribes to catch tax evaders

Today we continue this issue illustrating how regulation that is not being enforced properly may actually endanger our health in more ways than one.

Brazil

Brazil is the world’s leading beef exporter and the EU is the country’s leading export market.

2008-01-31 the European Union began with its temporary ban of Brazilian beef imports. The EU felt that such drastic measures were necessary after inspections during 2007-11 found Brazil’s animal health and traceability systems failed to meet EU requirements. The latter were in regard to farm registration, animal identification and movement controls.

Traceability is being demanded so as to be able to prove that Brazilian animals slaughtered for export to the EU are from regions that are free from foot-and-mouth disease, and whose facilities comply with EU standards. However, Brazil has maintained that its exports to the EU are of boneless and matured meat.

While the disease is fatal to animals it is not to humans. Foot-and-mouth disease is a viral illness that strikes cloven-hoofed animals like cows, goats, sheep and pigs. Brazil has filed a complaint with the World Trade Organization.

The above example is a difficult one because it is not clear how much the EU’s behavior is driven by economic interests and not necessarily to protec citizens’ health. But below, the issue is the meat supply in the U.S. that is at odds with the country’s own regulations. Nonetheless, national business interests may prevent it from happening again, read on it is shocking.

U.S.: largest ever beef recall

Westland/Hallmark Meat, based in Chino near Los Angeles, was required to recall more than 143m pounds of raw and frozen beef. This followed after the U.S. Department of Agriculture had stated that the meat was unfit for human consumption. Click on the link below to get a look at the video, be warned - contains very graphic footage

HSUS Investigates Slaughterhouse (video - warning - contains graphic footage)

The reason was that the company’s plant was slaughtering downer cattle. The latter are cows that cannot walk (as the above video shows). In such cases meat inspectors have to be called in to check if Bovine Spongiform Encephalpathy, or mad cow disease may be the cause of the cows’ inability to stand.

As the chart to the right from the Humane Society U.S. (HSUS) show, the beef being recalled from downer cattle has been trucked all across the U.S. Today, most of the recalled meat has been consumed already.

The U.S. Department of Agriculture stated that by slaughering downer cows the plant had violated USDA regulations. Food regulations are usually quite strict to avoid problems in the human food chain (e.g., see Canadian food regulations regarding imported foods):

good practice often a regulation

CyTRAP Labs take on this issue

Whenever animals that are possibly disease carriers are introduced into the food chain, we increase the risk for humans to get infected.

Hence regulation and best practice is an important thing for our health and safety. The U.S. example shows (see video) how checks and balances do not seem to be working as intended by legislators. For instance, the meat inspector shows up around 6:30 and 11:30 every day to inspect the cows. As long as they can walk by the place where he stands, they pass. 10 minutes after he is gone in the video they may fall down….. and be subjected to much pain to make sure they walk to the place where they are being slaughtered.

We have pointed out in several places that regulation can be a good thing but without strict enforcement, especially in areas such as food and privacy regarding information, regulations are useless. In fact, they can be outright dangerous because they can give the public a feeling of being safe when their health is at risk and their rights have been violated already.

Think about it next time you do not blow the whistle on another action that violates regulations that supposedly make our lives safer.

xxxxxxxxxxxxxx

MORE INFOS THAT RELATE TO THIS MATTER

- what have Peer Steinbrueck, Klaus Zumwinkel and Prince Alois of Liechtenstein in common?

- 5 Banking bail-out - the fair way to tax private equity

- 4 - ZKB - C - failure of internal controls - tax evasion

- CyTRAP Labs trend monitor - paying bribes to catch tax evaders

============>

If this post was helpful to you, please consider stumbling it or subscribing to feeds from CyTRAP Labs. Cheers.

============>

ban of Brazilian beef imports, Bovine Spongiform Encephalpathy, Brazil, European Union, foot and mouth disease, mad cow disease, USDA regulation, USDA regulations, Westland/Hallmark Meat

This case clarifies law on keywords and sponsored search results. Mr. Wilson is the proprietor of a Community trade mark for the words MR SPICY, registered in respect of food, sauces and spices and provision of food and drink. Mr Wilson complained that sponsored links to third parties’ websites appeared when a user typed “MR SPICY” into Yahoo!’s search engine - arguing infringement of his trade mark by the defendants.

Very curious is that although the judge handed down his decision 2008-02-20, this story has not shown up on either Yahoo! or Google News or been published in any media we are aware of. Why this decision has been kept so quiet for a fortnight remains a mystery to us.

The press release states:

Yahoo! UK Ltd and its sister company, Overture Services Ltd (trading under the name “Yahoo! Search Marketing”), in a groundbreaking trade mark infringement case concerning keywords and sponsored search results. The English High Court decision handed down on 20 February 2008 determined that when Yahoo! Search Marketing matched search terms entered by users to keywords bid on by advertisers in order to display sponsored links, there was no use of a trade mark by the Defendants for the purposes of infringement.

See this press release: Landmark case clarifies law on keywords and sponsored search results

The Yahoo! companies argued that advertisers whose sponsored links appeared had not purchased “MR SPICY” as a keyword. Instead, sponsored links appeared due to matching technology which responded to the input of “MR SPICY” by displaying sponsored links to advertisers who had bid on related keywords, such as “SPICY”. Mr Wilson claimed this was also trade mark infringement. The judge did not see it this way.

What it means

What the verdict does not clear up is the case whereby the:

- trade mark proprietor also registers his mark in respect of the service of providing results through the use of search terms on the internet.

In a case like the above, what will happen? Would Mr. Wilson have won against Yahoo! then? So while this case clarifies a few things it still leaves that one open to interpretation.

Get the full text of the High Court Justice Morgan here:
Neutral Citation Number: [2008] EWHC 361 (Ch) Case No: 1HC 710/07 IN THE HIGH COURT OF JUSTICE CHANCERY DIVISION INTELLECTUAL PROPERTY DIVISION Royal Courts of Justice Strand, London, WC2A 2LL Date: 20/02/2008 Before: MR. JUSTICE MORGAN (pdf file, 19 pages)

If this post was helpful to you, please consider stumbling it or Digg this ReguStand post from CyTRAP Labs and subscribe to our feeds.
Also of interest:
- CyTRAP Labs’ legislative watch - European Court of Justice - C-275/06 judgment - P2P file-sharing stays private	European Union - changes in intellectual property rights
the mission of ComMetrics	we don’t nickel and dime you

Bird & Bird, community trade mark, High Court Justice Morgan, Landmark case clarifies law on keywords and sponsored search results, Mr. SPICY, Mr. Wilson, online advertising, overtures services ltd., Yahoo! Search Marketing, Yahoo! UK Ltd

Last week we pointed out the dicsussions that were held in Geneva regarding the Microsoft’s Open Extensible Mark-up Language or OXML

- 3 ISO - how JTC1 develops a proposal into an international standard

3,522 comments were submitted by national bodies. The ISO meeting had 1,100 items on the agenda. Unfortunately, there was only enough time to deal with 200 during the five day meeting.

Ecma and Microsoft expected national standards bodies to analyze a 6,000 page specification. As well, 3,522 comments as well as 2,300 pages of proposed resolutions had to be reviewed.  Simply amazing to a bystander.

Some have raised the question if it was appropriate to fast-track the standardization of OOXML.

The 87 national standards bodies that voted in the 2007-09-02 ballot will now have 30 days ­ until 2008-03-29 to examine the revisions made and to reconsider their vote if they wish.

Find out more on the:

ConsortiumInfo.org - Standards Blog

ODF Alliance Statement

If this gets passed - Windows Vista problems might have been nothing compared to what OXML will do - just kidding. Nonetheless, we can only hope that the standard fails to pass the next hurdle, otherwise….

MORE INFOS THAT RELATE TO THIS MATTER

- 2 ISO - why and how JTC 1 works

- 1 ISO - Draft ISO/IEC DIS 29500 standard or Microsoft Office OXML failed to get approval

============>

If this post was helpful to you, please consider stumbling it or subscribing to feeds from CyTRAP Labs. Cheers.

============>

Draft ISO/IEC DIS 29500, ecma, iso, JTC 1, Microsoft’s Open Extensible Mark up Language, national standards bodies, Open Extensible Mark up Language, OXML, standardization

Microsoft’s Open Extensible Mark-up Language or OXML is reeling

By Friday - TOMORROW - we should know if the changes submitted by Redmond for Microsoft ISO/IEC DIS 29500 standard or Microsoft Office OXML got approved by the ISO’s JTC 1 - Working Group.

Microsoft Office OXML is one more standard for the same thing - the one already approved by ISO which is called : OASIS OpenDocument Format (ODF).

- Regulation that matters: What is the difference between a standard, policy, guideline and a procedure?

- 1 ISO - Draft ISO/IEC DIS 29500 standard or Microsoft Office OXML failed to get approval

is the first stage that a document goes through, during which it is still a purely internal document to the Working Group that is responsible for it.It is actually the third of six possible stages in the production of an International Standard:

Click on link URL - Login as guest - click on this link again and you get defintion - fast and easy

JTC1 Better information security awareness training thanks to data crunching
Stage	Description	Tidbits
Stage 0	preliminary: a study period is under way	the idea is being discussed
Stage 1	proposal: new work item proposal (NP) is under consideration	Before any technical work may start on developing an International Standard, an NP for the work must be approved by JTC1 and the work allocated to the appropriate Sub-Committee of JTC1.For software and standards it will most likely be JTC1/SC22.The latter has several Working Groups.In order for the NP to be approved it:a) must be supported by a majority of Participating Members, withb) at least five Participating Members of the relevant Sub-Committee committing themselves to active participation in the associated work or Working Group.
Stage 2	preparatory: a working draft (WD) is under consideration	This is the first stage that a document goes through, during which it is still a purely internal document to the Working Group that is responsible for it.
Stage 3	committee: a final committe draft (CD) is under consideration	This is the final public form of the Committee Draft of a proposed international standard, and must be identified as such before being submitted for a 4-month approval ballot amongst the Participating Members of the Sub-Committee.
Stage 4	approval: a final draft international standard (FDIS) is under consideration	An approved Final Committee Draft (CD - Stage 3), modified as necessary to accomodate comments submitted by National Body Members during, or after, the approval ballot, is then registered as a Final Draft International Standard (FDIS) (Stage 4). Votes in the FDIS approval ballot may only be Approve or Disapprove. Observing Members cannot vote. If the proosed standard is not approved (e.g., 2007-09-04 - Microsoft Office Open XML), then it must return to the Committee Draft stage and be approved by one or more CD ballots (e.g., first one should be in February 2008 for OOXML ), including a final CD ballot, before being resubmitted for FDIS approval.Once a Final Committee Draft (CD) has been approved it is then submitted to JTC1 for a 2-month Final Draft International Standard (FDIS) approval ballot.
Stage 5	publication: an International Standard (IS) is being prepared for publication	If the FDIS (Stage 4) is approved by a 2/3 majority of voting NB that are so-called Participating Members on the committee responsible for the proposed standard, then it is published as an International Standard.
Better information security awareness training thanks to data crunching

In the coming round after a Ballot Resolution Meeting (BRM) on 25-29 February2008 we have arrived at Stage 3 above. So far we do not know how it went. But here are the problems we see with Microsoft Office OXML as outlined in this document:

Open Document Format - ODF Alliance - Ecma’s Proposed Disposition of Comments on OOXML: How we got here; What is missing; Why you should vote No (10 pages pdf download)

In short, the above report states that the proposal does NOT address the critical need for:

a) review time;
b) harmonization,
c) a clear name;
d) a sound standard with no (new or old) technical errors;
e) interoperability;
f) support for legacy documents; and
g) consistency of “fixes.”

By February 29, Microsoft will be given another month to fix the final issues. For instance, the Bureau of Indian Standards technical committee has raised about 82 technical issues, of which about 10 have already been resolved.

CyTRAP Labs’ take on this issue

2008-02-27 Brussels fined Microsft a record Euro 899m for failure to comply with demands to end allegedly anti-competition business practices. Last month the Commssion said it would investigate suspicions that MS had abused market dominance of its Office software. Last week, Microsoft announced that it is taking steps to promote further interoperability in the software industry.

Unfortunately, if more openness means that we get more stuff similar to Microsoft Office OXML, a standard that is based on 6000 pages of documentation, we are not sure how this will help interoperability. It will surely add complexity to the work of software developers, who are trying to make their product operate smoothly with those from Microsoft.

But Microsoft’s motivation for more openness is based on its fear that it is in danger of being left behind in the Web 2.0 and Web 3.0 area. While Windows was the only software platform in town for which it was worthwhile to develop applications, IBM is supporting Linux, Google brought us another choice for Word and Outlook (albeit still not as fancy) and OpenOffice has always offered a great alternative to Microsoft Office.

Our believe is that, if Ray Ozzie wants to open Microsoft to more collaboration, we have to support him by rejecting a standard with more than 6000 pages of documentation. Let Microsoft adjust its software to become interoperable and offer users the already approved ISO standard called OASIS OpenDocument Format (ODF).

Unfortunately, I am not certain if the national standards organizations were able to withstand Microsoft’s lobbying efforts the last few weeks. They might just give Microsoft what it wants this week in Geneva. We will know soon.

============>

60% OF THIS ITEM’S READERS SUBSCRIBED ALREADY

CyTRAP Labs invites you to get info about our zero-day exploits, tools, benchmarking and regulatory intell or just become one of our readers by subscribing right now

============>

Also of interest:

- 2 ISO - why and how JTC 1 works

- 1 ISO - Draft ISO/IEC DIS 29500 standard or Microsoft Office OXML failed to get approval

============>

anti competition practices, best practice, cobit, CyTRAP Labs, draft iso, Draft ISO/IEC DIS 29500, ecma, ecma standard 376, IBM, information security, international organization for standardization, international standard, isaca, iso, legal compliance, microsoft open xml, microsoft open xml standard, odf, Office Open XML, OOXML, open source software, open system interconnection, open xml, open xml standard, opendocument format, OpenOffice, osi model, osi reference model, policy, Ray Ozzie, risk, risk management, roi, sarbanes oxley, security metrics, standard, standard iso, StarOffice, Sun Microsystems, the british library, trend, united states library of congress

The Federal Constitutional Court [FCC] of the Federal Republic of Germany has rejected provisions adopted by the State of North Rhine-Westphalia that allowed investigators to covertly search PCs online.

In its ruling, the court creates a new right to confidentiality and integrity of personal data stored on IT systems. The ruling expands the current protection provided by the country’s constitutional rights for telecommunications privacy and the personal right to control private information under the German constitution.

Nonetheless, the court also pointed out that this right is not absolute and justified exceptions can be made. Most important is that the judges stated that PCs can be covertly search but only:

…. if there is evidence that an important overriding right would otherwise be violated.

The above could, for instance, apply in case of possible terrorist acts or sexual exploitation of children. However, the court also pointed out that control mechanisms are needed to make sure that this possibility is not abused. The ruling makes clear that German law does not allow access to citizen’s PCs’ hard-drive wtihout real cause. This will constrain investigators’ efforts unless they can secure a court order based on just cause.

Find the press release about this ruling here (it is in German)

Vorschriften im Verfassungsschutzgesetz NRW zur Online-Durchsuchung und zur Aufklärung des Internet nichtig - html online

The full text of the court’s ruling as announced today can be found here:

BVerfG, 1 BvR 370/07 vom 27.2.2008, Absatz-Nr. (1 - 333), http://www.bverfg.de/entscheidungen/rs20080227_1bvr037007.html

CyTRAP Labs’ take on this issue

This ruling by the German Constitutional Court demonstrated that respecting laws and protecting citizens’ rights is vital for a democracy.  Unfortunately, while Germany is very good when it comes to protecting its citizens’ rights in the digital world - especially privacy - when it comes to tax inspectors and suspected tax evasion, constutitional rights do not seem to apply.

Remember the Lichtenstein authories has asked Bochum and Munich prosecutors for assistance regarding the the stolen data by the accused Heinrich Kleiber and unkown parties. And while the Danish government said it considered the BND list to hunt tax evaders ’stolen goods’ and would not ask to see it, it is not clear if it will use the information if it is ‘mailed’ to them:

- what have Peer Steinbrueck, Klaus Zumwinkel and Prince Alois of Liechtenstein in common?

How do the Lichtenstein tax dodger case relate to the German Constitutional Court’s decision regarding online snooping by police?

When it comes to tax rates, we will never achieve morals by agreement across sovereign countries. But as the German Consitutional Court demonstrated, respecting laws and protecting citizens’ rights is vital for a democracy. What remains to be addressed is if we can trust Germany, UK and others that have violated another state’s laws by acquiring stolen goods. In fact, the person who stole these data from LGT Treuhand told the court in Liechtenstein that he had given all data back to the financial institution. He lied to the court….

So we have the German Constitutional Court that tries its best to protect citizen’s rights and privacy online and offline. But when it comes to taxes, all gloves are off. Germany’s federal state violates international law when it comes to tax dodgers. Can we trust the State of North Rhine-Westphalia to change its provisions allowing investigators to covertly search PCs online? Only the future will tell us because Interior Minister Wolfgang Schaeuble already went in front of the press indicating that he still believes that online snooping will eventually be allowed unde German law.

As well, how can a state be so protective of its citizens and their rights when it comes to cyberspace (e.g., pedophiles) and privacy, however, have no qualms about using stolen goods to chase tax dodgers? Will this mean data snooping by police of citizens’ computers is permitted if tax evasion is being suspected (due cause) but not if we have to deal with  pedophile cases?  We hope that Germany begins to clarify this soon.

xxxxxxxxxxxxxx

MORE INFOS THAT RELATE TO THIS MATTER

- CyTRAP Labs legislative watch - Germany - Bundestag passes revised Telecommunications Monitoring Bill

- CyTRAP Labs’ legislative watch - European Court of Justice - C-275/06 judgment - P2P file-sharing stays private

- Regulation that matters - Germany - dragnet type data-mining methods against possible terrorist Muslim suspects is not permissable under the law

- Research that matters - Bundeskriminalamt conducted a field test of face recognition software

============>

If this post was helpful to you, please consider stumbling it or subscribing to feeds from CyTRAP Labs. Cheers.

============>

constitutional rights, cybercrime, CyTRAP Labs legislative watch, federal constitutional court, german constitution, Heinrich Kleiber, morals by agreement, online snooping, privacy, terrorist acts

While IE still dominates, it has and continues to loose market share against Firefox. In fact, in some European countries such as Poland, Slovakia, Slovenia and Hungary, more than 40% of users have switched to Firefox.

Get more info about the above percentages here:

b - usage varies enormously and Firefox is running faster than IE7

The European Commission has taken Microsoft to court claiming that it has abused its market position. We reported about this, including the court’s verdict here:

- CyTRAP Labs legislative watch - European Court of First Instance rules on Microsoft vs. European Commission - Looser is …?

-CyTRAP Labs legislative watch - European Court of First Instance rules on Microsoft vs. European Commission

When looking at the browser market, worldwide Microsoft may continue to have between 60% to 70% (see below) having dropped from over 90% during 2002.

The above graphic was taken from the Browser & Os Market Share White Paper (Jan. 2008) - see p. 15

If you cannot see the above figure clearly, get a nice shot here:

Microsoft Internet Explorer still dominates the browser market but ….

What is important is also that users are more likely to update their browser to the latest and more secure version of Firefox, than is the case with Microsoft Internet Explorer. We have outlined these issues here:

- Why Firefox helps your security efforts, while Microsoft Internet Explorer 7 fails you terribly

This is once again an example where competition helps improve the situation for users and consumers in particular. We hope that the European Commission will continue to fight abuse of market dominance by Microsoft, in turn, helping consumers and citizens across Europe.

Giving consumers a choice also means that it might be advantageous to force Microsoft to refrain from insisting that new PC hardware comes with pre-installed software. Examples are such as Microsoft’s Media Player or Internet Explorer 7. Users will likely choose a more secure and user-friendly alternative such as Firefox or Opera, instead of a Microsoft product. This is not necessarily bad is it?

xxxxxxxxxxxxxx

MORE INFOS THAT RELATE TO THIS MATTER

- The crazy world of finance - le rogue trader the Che of our times

- CyTRAP Labs’ legislative watch - European Court of Justice - C-275/06 judgment - P2P file-sharing stays private
============>

If this post was helpful to you, please consider stumbling it or subscribing to feeds from CyTRAP Labs. Cheers.

============>

browser market, court of first instance, european commission, european countries, european court of first instance, firefox, hungary, market dominance, market position, market share, Microsoft, poland, slovakia

‘Son, be careful what you do because the reputation you can build in a lifetime can be lost overnight.’

Germany’s tax-evasion scandal claims first scalp’ while prosecutors claim to be ’sitting on maountains of names.’ Another case why we need better data security breach regulation for sure, get more be reading on.

Many of us have read about this case so we thought we bring you a few facts.

Klaus Zumwinkel, the 64-year-old, a pillar of Germany’s corporate establishment who has led Deutsche Post for 18 years, came under pressure to go after prosecutors said they suspected him of dodging about 1 million euros in taxes by transferring money to tax haven Liechtenstein.

Then Germany’s finance minister Peer Steinbrueck went public before prosecutors could even submit and argue their case in front of a judge. He told N24-TV that Mr. Zumwinkel had admitted evading taxes.

Prince Alois of Liechtenstein and his family own the LGT, the principality’s biggest bank. LGT is part of the LGT Group, which is specialised in creating foundations. Details about Zumwinkel and another 750 individuals came from a disc that was stolen from LGT Treuhand. The latter is an independent subsidiary of the LGT group.

These data were stolen during 2002 by a then employee of LGT Group. The court case found the employee guilty of stealing property.

Already during summer 2007, LGT Treuhand came across information suggesting that customer data had been passed on to third parties illegally. An internal investigation was launched. LGT Treuhand claims that data in the hands of German prosecutors seem to have originated from those originally stolen during 2002.

Why Steinbrueck is playing a dangerous game?

Ever more information is being leaked that the prosecutor’s office paid Euro 5mio to either the LGT’s former employee who originally stole these data and was convicted for this illegal act by a Liechtenstein court or else a yet to be named party.

What cautious people would interpret as representing customer data is being interpreted in Germany as corpus delicti or elements of a crime. But do they? Let us explain below.
Why does Steinbrueck make such a fuss?

As a social democrat with an interest for the top job currently held by Chancellor Angela Merkel, the alleged tax-evasion scandal provides him with great media coverage domestically and internationally (like here or NOT).

But let us be clear, investing money in a foundation or holding trusts in Liechtenstein is, by itself, neither a crime nor proofs tax-evasion. But there are two problems:

1) Liechtenstein and Switzerland have a bi-lateral agreement with the EU that specifies that any investor who is a tax subject in the EU faces withholding taxes on any profits he makes in Liechtenstein or Switzerland. Part of that withholding tax is then being paid to the German exchequer or tax authorities. Unfortunately, trusts are excempt from this agreement. Hence the German states does neither get any portion of any kind of withholding tax made before profits or interests got paid and if the tax subject does not declare it ….. All is lost for the German exchequer….

2) If these German tax subjects including Zumwinkel did in fact, as suspected by state prosecutors in Bochum, have investments in un-declared trusts in Liechtenstein, then if proven they may have committed tax fraud.

However, unless proven guilty, all Steinbrueck has done is putting oil in the fire and interfered if not influenced the judicial process. This is unbecoming and irresponsible of a person who wants Germany’s top job. Making such errors in judgment must raise concerns about how much he can be trusted to make proper decisions under pressure.

What we do know since 2002, however, is that LGT Treuhand had a serious breach in personal data security. The lack of data security breach notification laws (Please click on the link, Login as guest - click on this link again and voila free access) makes this case another example, why we do need these laws that help better protect customers’ rights to privacy:

2 data security breach regulation - data theft: will EC bring new regulation that helps citizens?

LGT Group’s customers’ privacy was breached in this case but little if anything happened, see here:

- CyTRAP Labs’ disaster monitor: supposed tax-evasion scandal in Liechtenstein is a classical case of data security breach

Customers were not informed about what happened until about a month ago. This cannot be the same bank that claims to put customers first, really? Are LGT’s customers not affected if:

a) they had no dealings with LGT Treuhand, as LGT claims, AND

b) began doing business with LGT (the bank) beginning 2003

only time will tell. Until then we do not comment on this one. Unfortunately, the current regulatory framework does not allow a judge to force LGT Treuhand AG to pay damages to the ‘victims’ of this data security breach as this case indicates:

- data security breach regulation - judge is spelling out the exact costs for TJX

Juicy tidbit

If the accused tax dodgers can be prosecuted by German authorities who base their work on data they got from stolen property is not clear at this point.

The German authorities claim that they did not use the stolen data to make their case but would they ever have gotten search warrant from a judge without these data? We are curious how this case will pan out - stay tuned.

xxxxxxxxxxxxxx

MORE INFOS THAT RELATE TO THIS MATTER

- DHL - Express Mail - regulation that matters - thank your stars … - 2

- DHL Express - teuer und ein Ungeheuer

============>

If this post was helpful to you, please consider stumbling it or subscribing to feeds from CyTRAP Labs. Cheers.

============>

25m child benefit records lost, Bochum prosecutors, CyTRAP Labs disaster monitor, data security breach, data security breach notification laws, European Union, German exchequer, klaus zumwinkel, lgt, LGT group, lgt treuhand, peer steinbrueck, prince alois of liechtenstein, privacy, privacy breach, privacy regulation, reputation management, tax evasion scandal, TJX, trust

Transparency 2.0: The executive pay and financial reporting widget

There was a time when shareholders had no way of knowing exactly how much they were paying senior executives to run their companies.

We tell you, how you can find out quick and easy.

We have previously reported about how important transparency is when it comes to corporate governance:

stocks plunge worldwide makes a review of bankers’ remuneration packages necessary

Canada has the highest management fees by far for mutual funds out of 18 countries studied. Part of the reason for this is that management fees at mutual funds are not negotiated at arm’s length. See the paper here:

Servaes, Henri , Khorana, Ajay and Tufano, Peter, “Mutual Funds Fees Around the World” (July 23, 2007). HBS Finance Working Paper No. 901023 Available at SSRN: http://ssrn.com/abstract=901023

But thanks to regulation in the U.S. the story is a bit different as the above research paper shows. 2007-12 US Securities and Exchange Commission (SEC) undertook a major project to convert pay figures in the regulatory filings of 500 large companies from standard text to intelligent Extensible Business Reporting Language (XBRL).

The SEC’s objective in doing so was to show investors how XBRL or “interactive data” could improve their ability to research and compare company information in ways that had not been possible before. At the same time, the SEC made the XBRL-tagged pay and financial data available to any developer who wanted it.

iBanknet.com, a free bank research website that has been doing innovative things with the XBRL data that the 8,200 banks in the US are required to file with banking regulators in their “call reports.”

The firm took the SEC’s XBRL data and created a widget that allows one to add it to the webpage or blog to allow people to find two things:

1) finding financial institutions on such as our blog; and

2) check executive pay data for listed companies

To achieve this, the firm created the widget you see way below.

Jutin a second or two you can take what was once buried in 500 gray, unstructured blobs of HTML and make it available anywhere on the Web in a way that is really simple to use.
There is a growing number of these mini applications or widgets in the finance area springing up on the Web.

So how does it work. Well below just browse through the names. It currently searches through an inventory of over 3,500 U.S. financial institutions. Users can then click through to find between 800 to 1,500 financial data points per institution. All possible thanks to the SEC’s XBRL data that those institutions are required to submit to the U.S. regulator.

I hope something similar will come in the European Union soon, it would surely help transparency, accountability and trust regarding corporate governance by making thins a bit more transparent. That time is coming sooner than most people think.

see this (have to visit our website to see this and work with it)

============>

If this post was helpful to you, please consider stumbling it or subscribing to feeds from CyTRAP Labs. Cheers.

============>

Also of interest

- 3 - ZKB - B - failure of internal controls - personal greed

- 4 banking bail-out - the dangers of banking on risks - 5 lessons from the credit market’s downward spiral

============>

what pay do the bank’s executives get - sorry no Deutsche Bank, UBS, Credit Suisse, SocGen, Paribas or ZKB - U.S. banks only

So how does it work with the executive pay as shown below? Well, for you it’s simple. Just click on one of the industry links, choose a company, then select the executive whose pay details you want to see.

Alternatively, enter a ticker symbol of a company you’re interested in, say “C” for Citigroup. This will give you a list of reporting officers for the company. Click on any of their names to then see details of how much they were paid. In the case of Citibank, the now fired Citigroup, Chairman and CEO Chuck Prince was paid $26mio and there abouts.

see above (have to visit our website to see this and work with it)

============>

accountability, Ajay and Tufano, blobs, corporate governance, cto, Extensible Business Reporting Language, Henri, iBanknet.com, igoogle, innovative things, internal controls, international mutual fund, Khorana, management fees, mutual funds fees around the world, mutual funds, mutual fund fees, personal homepage, Peter, SEC, Servaes, shareholder value, single line, ticker symbol, transparency 2.0, trust, US Securities and Exchange Commission, XBRL

Germany has, in fact gone a step further than some countries and instituted a anti-stalking paragraph into its criminal code / penal code that you can find here:

D - Stalking - Nachstellung - § 238 Strafgesetzbuch (StGB)- Germany Click on link - choose the option - Login as guest - click on the link again and you get the defintion - fast and easy

How this code will pan out regarding cyber-bullying in and around the classroom and cyber-stalking nobody knows so far since we still need case law to see how German courts are interpreting the penal code on this matter.

There is also a very fine line between cyber-bullying and cyber-stalking according to the German penal code. In the case below, a teenager is being bullied terribly and possible sexually exploited without having given consent (at least this appears to be the case to a bystander). But the page has been up for more than a year harassing the teenager:

mobbing a German school kid here - why has the page not been taken from the net?

The page is apparently registered in (post-independence) East Timor (country domain TL)

But if we check, we find out it has the IP address 80.190.202.41

And the sub-domain is owned by and offers free web hosting to users by a firm in Nuremberg, Germany:

Bayern - Erlangen - Homepage Baukasten Gmbh

So why is the prosecutor’s office not going after the firm and then with its help against the cyber-bully who is sexually harassing and bad-mouthing this teenager?

Reason for this unacceptable situation could be:

a) it is a hoax…. but hard to believe,

b) the teenager does not know where to go for quick and easy help, and/or

c) prosecutor and/or police simply do not have the time to do anything about it, or

d) do not know about this case.

It is an important FIRST STEP to have regulation and/or a law against D - Stalking - Nachstellung - § 238 Strafgesetzbuch (StGB)- Germany Click on link - choose the option - Login as guest - click on the link again and you get the defintion - fast and easy

The challenge is the SECOND STEP to find the organizational procedures that help people to report such cases and, most importantly, allow public agencies to quickly and unbureaucratcially follow up on the matter.

xxxxxxxxxxxxxx

MORE INFOS THAT RELATE TO THIS MATTER

Safer Internet Day 2008 - Fallbeispiel Datenschutz

Safer Internet Day 2008 - why teachers need help
============>

If this post was helpful to you, please consider stumbling it or subscribing to feeds from CyTRAP Labs. Cheers.

============>

§ 238 Strafgesetzbuch (StGB), Baukasten Gmbh, case study, criminal code, cyber bullying, cyber stalking, Datenschutz, Fallbeispiel, germany, glossary, harassment, mobbing, Nuremberg, penal code, Safer Internet Day, Safer Internet Day 2008, sexual harassment, SID 2008, teachers need help