Categories
Articles

Digital Economy Act Code

Ofcom have at last published the Initial Obligations Code on how ISPs must deal with copyright infringement reports under the Digital Economy Act 2010. The accompanying notes, and in particular Annex 5, provide welcome recognition of the work that is already done by universities and colleges to reduce infringement on the Janet network, as well […]

Categories
Articles

DNS Logs for Incident Response

A number of talks at the FIRST conference this week have mentioned the value of Domain Name Service (DNS) logs for both detecting and investigating various types of computer misuse: from users accessing unauthorised websites to PCs infected with botnets to targeted theft of information (see, for example, Google’s talk). DNS is sometimes described as […]

Categories
Articles

Defamation Bill – Committee Discusses Moderation

One of the perverse effects of the current law on liability of website operators is that it discourages sites from checking comments and posts provided by others. Instead the law encourages the operator to do nothing until they receive a complaint. Earlier this week the House of Commons Select Committee considered whether an amendment was […]

Categories
Articles

Defamation Bill – Hints at Definitions and Processes

The 21st June sitting of the Commons Defamation Bill Committee provided some hints at answers to my questions about the Bill’s definitions and process. On the question of who will be a “website operator”, able to benefit from the new defences, the Minister suggested this should be left to the courts, who can adapt to […]

Categories
Articles

Defamation Bill Second Reading

The Defamation Bill had its second reading in the House of Commons on Tuesday. Most of the MPs who talked about the new defences for website operators (clause 5 of the Bill) seemed to appreciate the complex balance between protecting reputation and protecting free speech, and agreed with the Justice Secretary: our current libel regime […]

Categories
Articles

Defamation Bill – New Options for Websites?

Under current defamation law, if a website wants to avoid all risk of liability for material posted by third parties then its best approach is to not moderate postings when they are made, and remove them promptly when any complaint is made. As I’ve pointed out in various responses to consultations (and as now seems […]

Categories
Articles

Draft EU Regulation on eIdentities

The European Commission have proposed a draft eIdentity Regulation, to replace the current eSignatures Directive (99/93/EC). While the proposal is mostly concerned with inter-operability of national electronic IDs and improving the legal significance of digital signatures, timestamps, documents, etc. there are also some new requirements on “trust service providers”. According to Article 3(12), Trust Services […]

Categories
Closed Consultations

Notice and Takedown Consultations

Two consultations have come along at once – one from Westminster and one from Brussels – that both seem to recognise the problems with incentives that current liability rules create for sites that host third party content. Under both the UK Defamation Act 1996 and the European eCommerce Directive (2000/31/EC) hosts are discouraged from themselves […]

Categories
Articles

Choosing the Right Identifier

In discussing a legal framework for federated access management we’ve concluded that the right approach to use as a basis for exchanging attributes is that a particular attribute is “necessary” to provide a service. That implies both that service providers shouldn’t ask for attributes they don’t need, and also that where there is a choice […]

Categories
Articles

EU considers “Hacking Tools” offences

The  European Commission seems to be revisiting ground covered by the UK’s 2006 amendment to the Computer Misuse Act, attempting to criminalise certain acts relating to devices/tools used for committing offences against information systems. The problem is that many computer programs – for example for identifying vulnerable computers, monitoring wireless networks or testing password strength […]