Apologies to all the followers- for the long absence-i am officially back online!!
Things seem to be going much smoother now, finished my first semester @ the Law School, now undergoing the second semester - the field attachment - for 4months..pheeeeww!
Miss MK
Thursday, December 10, 2009
Wednesday, September 23, 2009
Adwords Policy NO TradeMarks infringement?
Advocate General considers that Google’s AdWords policy has not infringed trade marks
source: law-now.com
Advocate General Poiares Maduro issued his long-awaited opinion on 22 September 2009 in relation to the link between sponsored search engine keywords and trade mark infringement. He decided in favour of Google’s controversial AdWords system, which permits advertisers to purchase competitors’ trade marks as keywords in order to trigger sponsored links in search results.
The Advocate General’s Opinion is aimed at ensuring, (in his own words), “that the legitimate purposes of preventing certain trade mark infringements do not lead to the prohibition of all trade mark use in the context of cyberspace”.
The key findings are as follows:
1. The offer and selection of keywords which result in a link being displayed does not of itself constitute an act of trade mark infringement.
2. The Trade Mark Directive does not enable the proprietors to prevent registration or use of keywords in generating links (although the actual advertisements displayed could do).
3. It makes no difference if a mark is a mark with a reputation – the extended form of protection is not of assistance.
4. The provider of a paid keyword service cannot be considered to be an information society service in the context of the E-Commerce Directive.
Importantly, the Opinion does not consider whether the text of the advertisements displayed from keywords could amount to trade mark infringement, only the process of registering such keywords and causing such advertisements to be displayed from search enquiries.
The Advocate General also considered a more general concept, as to whether Google might be liable for some form of contributory infringement because the subsequent use of keywords could result in infringement. The Advocate General was clear that the act of contributing to infringement by a third party, whether actual or potential, would not be an infringement in itself.
source: law-now.com
Advocate General Poiares Maduro issued his long-awaited opinion on 22 September 2009 in relation to the link between sponsored search engine keywords and trade mark infringement. He decided in favour of Google’s controversial AdWords system, which permits advertisers to purchase competitors’ trade marks as keywords in order to trigger sponsored links in search results.
The Advocate General’s Opinion is aimed at ensuring, (in his own words), “that the legitimate purposes of preventing certain trade mark infringements do not lead to the prohibition of all trade mark use in the context of cyberspace”.
The key findings are as follows:
1. The offer and selection of keywords which result in a link being displayed does not of itself constitute an act of trade mark infringement.
2. The Trade Mark Directive does not enable the proprietors to prevent registration or use of keywords in generating links (although the actual advertisements displayed could do).
3. It makes no difference if a mark is a mark with a reputation – the extended form of protection is not of assistance.
4. The provider of a paid keyword service cannot be considered to be an information society service in the context of the E-Commerce Directive.
Importantly, the Opinion does not consider whether the text of the advertisements displayed from keywords could amount to trade mark infringement, only the process of registering such keywords and causing such advertisements to be displayed from search enquiries.
The Advocate General also considered a more general concept, as to whether Google might be liable for some form of contributory infringement because the subsequent use of keywords could result in infringement. The Advocate General was clear that the act of contributing to infringement by a third party, whether actual or potential, would not be an infringement in itself.
Monday, September 21, 2009
Newsfeed
fibre cable-based communications infrastructure.
East Africa is on the eve on a communications revolution, which will be brought about by the landing of the region’s first undersea cables to the outside world in 2009. Governments and corporate users in the region need to prepare for the transition from a predominantly satellite-based communications infrastructure to a fibre cable-based communications infrastructure.
east african outsourcing and contacting center
With the landing of two undersea cables in East Africa in 2009, the region will have the international broadband capacity at competitive prices to enter the world outsourcing market as a serious player. Kenya, Uganda, Tanzania and Rwanda each have developed national BPO, KPO and/or ITO strategies and are at different stages of implementing them.
EAC-CyberSecurity
the EAC countries are in different stages in formulating the relevant laws to ensure cybersecurity, east african internet governance forum -how to reap the benefits in a secure and non-compromised environment and the that confidentiality and privacy laws must be implemented to ensure this,
so far the laws are inadequate to resolve emerging opportunites and challenges posed by the internet - looking at the Ugandan and Kenyan legal frameworks that are in place so far,
most recently the need of cybersecurity is in need due to the increase of cyber crimes - in Tanzania, the TRA Systems in place have proven to be a haven for fraudsters to steal profits - such loopholes in the systems need to be governed and regulated in order to avoid such losses by the government-
source: the east african -sept 21/the citizen
so far the laws are inadequate to resolve emerging opportunites and challenges posed by the internet - looking at the Ugandan and Kenyan legal frameworks that are in place so far,
most recently the need of cybersecurity is in need due to the increase of cyber crimes - in Tanzania, the TRA Systems in place have proven to be a haven for fraudsters to steal profits - such loopholes in the systems need to be governed and regulated in order to avoid such losses by the government-
source: the east african -sept 21/the citizen
Friday, August 28, 2009
IT Services & OutSourcing Contracts
Because the cost of having an internal IT department can be too expensive, a company cuts costs by asking an outside company who specializes in IT function to provide the same kinds of services. However, it often goes beyond costs and includes strategic considerations as well.
Once the decision to outsource an activity has been made, managers are faced with issues related to the management of the relationship with their service providers. A critical element of relationship management is the contract itself, which defines, more or less completely, the nature of the services to be rendered and of the relationship itself.
AVAILABLE AT: http://www.computerweekly.com/Articles/2009/08/28/237476/bp-the-challenges-of-strategic-multi-sourcing.htm
BP: the challenges of strategic multi-sourcing
BP has reduced the number of IT suppliers it works with from 40 to five in a bid to lower costs and simplify its supplier relationship management.
It expects to make savings of around $500m over five years through the supplier consolidation, which will see Accenture, IBM, Wipro, TCS and Infosys take over application development and maintenance, service desk and SAP across the BP group.
Frank Ridder, research director at Gartner, says that many companies are now changing their supplier relationship strategy to consolidate suppliers in a bid to reduce costs. "Multi-sourcing is about finding the best strategic fit. Consolidating suppliers reduces the expense of procurement and vendor management."
ADVERTISEMENT
BP will use Accenture to manage and develop its SAP system, IBM will support its service desk, while the Indian providers will support and develop applications for business units in the BP oil and gas supply chain.
"A company like BP is too big to allow it to consolidate everything. Instead it has used a mix of traditional outsourcers and services from Indian outsourcers, separating the contracts by business unit." Ridder says this makes sense for BP, because each business unit is very distinct, so the structure of the company makes it simpler to split the work.
Companies are using strategic multi-sourcing through supplier consolidation to cut costs, but making a success of strategic multi-sourcing agreements is notoriously difficult, Ridding warns. In fact, many businesses fail to succeed with contracts involving multiple suppliers. A recent Gartner benchmark study found that 55% of global organisations manage their sourcing activities tactically and at an operational level, failing to add a strategic management layer and invest enough in developing critical multi-sourcing competencies.
Lee Ayling, managing director of Equaterra, says multi-sourcing contracts make sense in terms of risk, control and internal management overhead. It also maintains competition. However, BP may struggle to complete its supplier consolidation strategy. "I doubt that they will remove all the other suppliers as numerous issues will be identified in transition by the strategic suppliers, and BP may find that this erodes benefits," he says
BP is not the only company taking this route.
Last April Shell signed three IT outsourcing deals with EDS, AT&T and T-Systems. In this contract EDS is effectively a prime contractor, providing end-user computing services and integrate Shell's infrastructure services AT&T provides network and telecommunications and T-Systems supports datacentre computing including hosting, storage and most of Shell's SAP services. However, Shell retains overall control of the other suppliers and its IT strategy.
Businesses like BP and Shell are attempting to cut out costs from their companies by simplifying supplier relationships. Strategic partnerships with a few key suppliers is clearly better than managing several, but to succeed in strategic multi-sourcing, governance becomes critical.
Once the decision to outsource an activity has been made, managers are faced with issues related to the management of the relationship with their service providers. A critical element of relationship management is the contract itself, which defines, more or less completely, the nature of the services to be rendered and of the relationship itself.
AVAILABLE AT: http://www.computerweekly.com/Articles/2009/08/28/237476/bp-the-challenges-of-strategic-multi-sourcing.htm
BP: the challenges of strategic multi-sourcing
BP has reduced the number of IT suppliers it works with from 40 to five in a bid to lower costs and simplify its supplier relationship management.
It expects to make savings of around $500m over five years through the supplier consolidation, which will see Accenture, IBM, Wipro, TCS and Infosys take over application development and maintenance, service desk and SAP across the BP group.
Frank Ridder, research director at Gartner, says that many companies are now changing their supplier relationship strategy to consolidate suppliers in a bid to reduce costs. "Multi-sourcing is about finding the best strategic fit. Consolidating suppliers reduces the expense of procurement and vendor management."
ADVERTISEMENT
BP will use Accenture to manage and develop its SAP system, IBM will support its service desk, while the Indian providers will support and develop applications for business units in the BP oil and gas supply chain.
"A company like BP is too big to allow it to consolidate everything. Instead it has used a mix of traditional outsourcers and services from Indian outsourcers, separating the contracts by business unit." Ridder says this makes sense for BP, because each business unit is very distinct, so the structure of the company makes it simpler to split the work.
Companies are using strategic multi-sourcing through supplier consolidation to cut costs, but making a success of strategic multi-sourcing agreements is notoriously difficult, Ridding warns. In fact, many businesses fail to succeed with contracts involving multiple suppliers. A recent Gartner benchmark study found that 55% of global organisations manage their sourcing activities tactically and at an operational level, failing to add a strategic management layer and invest enough in developing critical multi-sourcing competencies.
Lee Ayling, managing director of Equaterra, says multi-sourcing contracts make sense in terms of risk, control and internal management overhead. It also maintains competition. However, BP may struggle to complete its supplier consolidation strategy. "I doubt that they will remove all the other suppliers as numerous issues will be identified in transition by the strategic suppliers, and BP may find that this erodes benefits," he says
BP is not the only company taking this route.
Last April Shell signed three IT outsourcing deals with EDS, AT&T and T-Systems. In this contract EDS is effectively a prime contractor, providing end-user computing services and integrate Shell's infrastructure services AT&T provides network and telecommunications and T-Systems supports datacentre computing including hosting, storage and most of Shell's SAP services. However, Shell retains overall control of the other suppliers and its IT strategy.
Businesses like BP and Shell are attempting to cut out costs from their companies by simplifying supplier relationships. Strategic partnerships with a few key suppliers is clearly better than managing several, but to succeed in strategic multi-sourcing, governance becomes critical.
Thursday, August 13, 2009
legislating adult content
Read article at: http://www.infoworld.com/t/regulation/kenya-tanzania-eye-legislation-adult-content-272
piracy of data
Tuesday, July 28, 2009
By Daughtrey, William H., Jr. Publication: Rutgers Computer & Technology Law Journal
"Currently, courts and legislatures are facing issues raised by businesses conducted over the internet. Failing to blanket current developments, old law leaves new problems exposed for litigation and requires attorneys and judges to explore uncharted seas of legal complexity. Although the continued application of traditional laws that are unresponsive to changes in the underlying society may promote injustice, a judicial activism that randomly develops "new law" to remedy inadequacies is equally deficient".
Friday, June 26, 2009
Truth and the Internet
Truth is a powerful solvent. Stone walls melt before its relentless might. The Internet is one of the most powerful agents of freedom. It exposes truth to those who wish to see it. It is no wonder that some governments and organizations fear the Internet and its ability to make the truth known.
But the power of the Internet is like a two-edged sword. It can also deliver misinformation and uncorroborated opinion with equal ease. The thoughtful and the thoughtless co-exist side by side in the Internet's electronic universe. What's to be done?
There are no electronic filters that separate truth from fiction. No cognitive "V-chip" to sort the gold from the lead. We have but one tool to apply: critical thinking. This truth applies as well to all other communication media, not only the Internet. Perhaps the World Wide Web merely forces us to see this more clearly than other media. The stark juxtaposition of valuable and valueless content sets one to thinking. Here is an opportunity to educate us all. We truly must think about what we see and hear. We must evaluate and select. We must choose our guides. What better lesson than this to teach our young children to prepare them for a new century of social, economic and technological change?
Let us make a new Century resolution to teach our children to think more deeply about what they see and hear. That, more than any electronic filter, will build a foundation upon which truth can stand
Available at ISOC.
Principles of the Law of Software Contracts
i very highly recommend a read through the overview and remarks made by Bob Hillman as can be found on the ContractsProfBlog for better understanding of the principles and their aim.
Thursday, June 18, 2009
Online bloggers cannot expect privacy
Available at: Law-Now.com
In a landmark decision relating to confidentiality on the Internet, a police officer who wrote an anonymous blog has lost the legal battle to keep his identity secret.
Detective Constable Richard Horton, of Lancashire Constabulary, chronicled his behind-the-scenes experiences of frontline policing in his cult pseudonymous NightJack blog, which in April won this year’s Orwell blogging prize for political writing. He was also courted by agents and publishers hoping to secure the rights to his work.
When a journalist from The Times uncovered Mr Horton as the blog’s author, Mr Horton sought an injunction from the High Court to prohibit the newspaper from publishing the information. At the hearing to decide the issue, which took place on 4 June 2009, Mr Justice Eady granted “temporary cover” to restrain publication of the information, at least until he had considered the parties’ arguments and made his judgment.
At the hearing, Mr Horton’s counsel argued that his name should remain secret as Mr Horton was at risk of disciplinary action for breaching police regulations. Certain cases that he reported on the NightJack blog, although anonymised, could still be traced back to genuine prosecutions and, in places, Mr Horton roundly criticised the criminal justice system. Mr Justice Eady rejected this argument as “unattractive”, adding, “I do not accept that it is part of the court’s function to protect police officers who are… acting in breach of police discipline regulations.”
Mr Horton’s counsel also argued that there was a public interest in allowing bloggers to share their opinions but not their names. He said that thousands of bloggers would be “horrified” if they could be unmasked similarly.
Counsel for the Times responded that there was a public interest in exposing a police officer’s breach of his obligations under the statutory police code and under his general public law duty to protect information obtained during the course of a police investigation.
On 16 June 2009, Mr Justice Eady handed down his judgment. He removed the interim injunction that had been in place since 4 June 2009, ruling that Mr Horton could have no reasonable expectation of privacy “because blogging is essentially a public rather than private activity”. Mr Horton’s identity did not have the requisite “quality of confidence”, as defined in the leading case relating to breach of confidence, Coco v A N Clark. Its publication would not, therefore, contravene the right to privacy afforded by Article 8 of the European Convention on Human Rights. In any event, the court added that the public interest inherent in revealing Mr Horton’s identity as a police officer would outweigh any right to privacy claimed.
For authors of blogs wishing to remain anonymous, particularly authors of blogs that reveal confidential or controversial information about their employer, this judgment serves as a warning that the courts will generally not offer protection if their identities are discovered and threatened to be published.
Wednesday, June 17, 2009
Final Report: Digital Britain
The Digital Britain Report sets out the Government's plans across a broad range of communications technologies to ensure Britain's communications infrastructure and content remain as competitive, inclusive and forward-looking as possible.
Friday, June 12, 2009
France: three-strikes rule knocked for six
Law-now.com
In France, the government has turned the prevention of P2P downloading into a political issue of great importance. The Creative Works and Internet Law (CNIL) recently came into force, passing through the French Parliament on the second attempt. CNIL created an independent enforcement authority designed to protect intellectual property on the Internet called the "Haute Autorite pour la diffusion des oeuvres et la protection des droits d’auteur sur Internet" (HADOPI), similar to the proposed Digital Rights Agency.
HADOPI was intended to be the means to implement a ‘three-strikes’ policy. If an alleged infringement of IP rights were detected HADOPI would send a customer a warning letter reminding him of his obligations and possible sanctions. If another infringement occurred within six months, HADOPI would send a second warning letter. If a further infringement occurred within a year of the second warning, HADOPI would suspend the account for between one month and one year, during which time the customer would not be allowed to enter into another agreement with another service provider to get access to the Internet. Internet Service Providers (ISPs) were required to comply with HADOPI’s rulings or be fined up to 5000 Euros.
Fundamental freedoms
On 10 June 2009 the French Constitutional Council ruled that the three-strikes procedure was unconstitutional. The Council was critical that the procedure empowered an administrative body to perform a role that ought to be performed by the judicial function. The French Constitutional Council also defended freedom of expression and communication as so valuable that their exercise is a "prerequisite for democracy". Any attacks on it would have to be necessary appropriate and proportionate. The new law was illegal as it breached citizens’ fundamental rights to privacy and free access to online communications.
Guilty until proven innocent
The Council also noted that the CNIL and the nature of the sanctions it was designed to impose presupposed guilt. While the procedure had an appeal mechanism, the burden of proof was on the Internet user to demonstrate his or her innocence. The Council ruled that it is a fundamental principle of French law that a person is innocent until proven guilty, and that the French legislature could not establish a presumption of guilt in this case even when they had left the decision making to an administrative body.
What next?
The decision would appear to send the CNIL back to the drawing board. However the French Government may resubmit the law, modified to take the court’s objections into account, for example by creating a special judicial court.
The Telecoms Package
The French Constitutional Council’s view is wholly consistent with the views of the European Parliament, which recently voted on an amendment to the wording of the proposed Telecoms Package stating that a user's Internet access may not be restricted without a prior ruling by judicial authorities. This amendment (actually a reinstatement of an old amendment that had been removed) means that the European Parliament have chosen a position that is at odds as regards the Telecoms Package compromise they had agreed with the European Council. As a result the Telecoms Package must go back to a renegotiation process known as conciliation.
The British Approach
Meanwhile the UK government has its own plans to legislate to address P2P file sharing. The government consulted on legislative options to tackle this issue last summer. This consultation revealed that there was no consensus between content owners, ISPs and consumer organisations about how best to prevent the current widespread and unauthorised downloading of copyright protected material (see here for more details). Having taken on board a variety of views, the government outlined its vision for the future in its Interim Digital Britain Report. The report recommended the creation of a Digital Rights Agency to coordinate attempts to prevent illicit file-sharing on the Internet. Recently the UK Intellectual Property Office canvassed views on how the Digital Rights Agency should operate.
The government is due to set out its plans, and to begin a fresh consultation on the issue, in the final Digital Britain Report which is due to be published on 16 June 2009. Giving an indication of what it may contain, Andy Burnham, who until recently was the Culture Secretary before being moved to the Department of Health, in a keynote speech at Music Week’s ‘Making Online Music Pay’ conference on 4 June referred to possible ‘technical solutions’ that could be employed as sanctions. It is not yet clear what those "technical solutions" would be, although Mr Burnham said they would involve ways to "limit or restrict" file-sharing activity.
The recent French decision is not binding on the UK Government but does highlight the importance of many of the underlying issues, such as consumers’ fundamental freedoms and the need to have appropriate judicial safeguards in place. This closely reflects the underlying provisions of the Convention on Human Rights, which are common to both jurisdictions. We keenly await the UK Government’s proposals to tackle P2P file-sharing in the Digital Britain Report.
In France, the government has turned the prevention of P2P downloading into a political issue of great importance. The Creative Works and Internet Law (CNIL) recently came into force, passing through the French Parliament on the second attempt. CNIL created an independent enforcement authority designed to protect intellectual property on the Internet called the "Haute Autorite pour la diffusion des oeuvres et la protection des droits d’auteur sur Internet" (HADOPI), similar to the proposed Digital Rights Agency.
HADOPI was intended to be the means to implement a ‘three-strikes’ policy. If an alleged infringement of IP rights were detected HADOPI would send a customer a warning letter reminding him of his obligations and possible sanctions. If another infringement occurred within six months, HADOPI would send a second warning letter. If a further infringement occurred within a year of the second warning, HADOPI would suspend the account for between one month and one year, during which time the customer would not be allowed to enter into another agreement with another service provider to get access to the Internet. Internet Service Providers (ISPs) were required to comply with HADOPI’s rulings or be fined up to 5000 Euros.
Fundamental freedoms
On 10 June 2009 the French Constitutional Council ruled that the three-strikes procedure was unconstitutional. The Council was critical that the procedure empowered an administrative body to perform a role that ought to be performed by the judicial function. The French Constitutional Council also defended freedom of expression and communication as so valuable that their exercise is a "prerequisite for democracy". Any attacks on it would have to be necessary appropriate and proportionate. The new law was illegal as it breached citizens’ fundamental rights to privacy and free access to online communications.
Guilty until proven innocent
The Council also noted that the CNIL and the nature of the sanctions it was designed to impose presupposed guilt. While the procedure had an appeal mechanism, the burden of proof was on the Internet user to demonstrate his or her innocence. The Council ruled that it is a fundamental principle of French law that a person is innocent until proven guilty, and that the French legislature could not establish a presumption of guilt in this case even when they had left the decision making to an administrative body.
What next?
The decision would appear to send the CNIL back to the drawing board. However the French Government may resubmit the law, modified to take the court’s objections into account, for example by creating a special judicial court.
The Telecoms Package
The French Constitutional Council’s view is wholly consistent with the views of the European Parliament, which recently voted on an amendment to the wording of the proposed Telecoms Package stating that a user's Internet access may not be restricted without a prior ruling by judicial authorities. This amendment (actually a reinstatement of an old amendment that had been removed) means that the European Parliament have chosen a position that is at odds as regards the Telecoms Package compromise they had agreed with the European Council. As a result the Telecoms Package must go back to a renegotiation process known as conciliation.
The British Approach
Meanwhile the UK government has its own plans to legislate to address P2P file sharing. The government consulted on legislative options to tackle this issue last summer. This consultation revealed that there was no consensus between content owners, ISPs and consumer organisations about how best to prevent the current widespread and unauthorised downloading of copyright protected material (see here for more details). Having taken on board a variety of views, the government outlined its vision for the future in its Interim Digital Britain Report. The report recommended the creation of a Digital Rights Agency to coordinate attempts to prevent illicit file-sharing on the Internet. Recently the UK Intellectual Property Office canvassed views on how the Digital Rights Agency should operate.
The government is due to set out its plans, and to begin a fresh consultation on the issue, in the final Digital Britain Report which is due to be published on 16 June 2009. Giving an indication of what it may contain, Andy Burnham, who until recently was the Culture Secretary before being moved to the Department of Health, in a keynote speech at Music Week’s ‘Making Online Music Pay’ conference on 4 June referred to possible ‘technical solutions’ that could be employed as sanctions. It is not yet clear what those "technical solutions" would be, although Mr Burnham said they would involve ways to "limit or restrict" file-sharing activity.
The recent French decision is not binding on the UK Government but does highlight the importance of many of the underlying issues, such as consumers’ fundamental freedoms and the need to have appropriate judicial safeguards in place. This closely reflects the underlying provisions of the Convention on Human Rights, which are common to both jurisdictions. We keenly await the UK Government’s proposals to tackle P2P file-sharing in the Digital Britain Report.
Wednesday, June 10, 2009
IT staff snooping on colleagues on rise: survey
By Tarmo Virki, European technology correspondent
HELSINKI (Reuters) - More than one-third of information technology professionals abuse administrative passwords to access confidential data such as colleagues' salary details or board-meeting minutes, according to a survey.
Domain Name Disputes
Googling about and looking for posting material i came across this website with an intensive and well round discussion of Domain Name Disputes check it out.
"The law and policy-makers have had to surmount not only a steep learning curve but also in some cases a foundation that is wrought with mistakes when it comes to the treatment that should be given to virtual property. The Domain Name System (DNS) is the best example of a form of virtual property that has given rise to challenges in law making and administration. The ‘ land grab’ of domain names in the World Wide Web (WWW) have given rise to a virtual tsunami of registrations and this has led to the subsequent erection of levees in the form of a challenge regime. This paper will identify and consider the problems that the DNS is facing and suggest the changes that have to be made to it in order for it to withstand the forces of what will be an increasingly rising sea of domain names on the WWW." - Article by Warren B. Chik Lord of your domain, but master of none: the need to harmonize and recalibrate the domain name regime of ownership and control I.J.L. & I.T. 2008, 16(1), 8-72
"The law and policy-makers have had to surmount not only a steep learning curve but also in some cases a foundation that is wrought with mistakes when it comes to the treatment that should be given to virtual property. The Domain Name System (DNS) is the best example of a form of virtual property that has given rise to challenges in law making and administration. The ‘ land grab’ of domain names in the World Wide Web (WWW) have given rise to a virtual tsunami of registrations and this has led to the subsequent erection of levees in the form of a challenge regime. This paper will identify and consider the problems that the DNS is facing and suggest the changes that have to be made to it in order for it to withstand the forces of what will be an increasingly rising sea of domain names on the WWW." - Article by Warren B. Chik Lord of your domain, but master of none: the need to harmonize and recalibrate the domain name regime of ownership and control I.J.L. & I.T. 2008, 16(1), 8-72
Tuesday, June 2, 2009
Technological Opinions of Judge Sotomayer
- In Specht v Netscape, she wrote a decision regarding the placement of a download button on a web page. All in all, she denied the defendant's motion to compel arbitration as it was believed that the Plaintiff was not a direct beneficiary under the agreement.
- In Storey v Cello, she wrote an opinion that an adverse outcome from an admiminstrative proceeding did not have preclusive effect on a suit brought under the the Anticybersquatting Consumer Protection Act.
- In Mattel v. Barbie-club she rejected the argument that the federal court jurisdiction could be created in any federal district merely by providing written evidence of the domain registration with the trial court.
Monday, June 1, 2009
Case Comment: - Solid Host v. NameCheap
Contributory Cybersquatting and the Impending Demise of Domain Name Proxy Services?
By Eric Goldman available on his Tech&Marketing Law Blog.
Solid Host, NL v. NameCheap, Inc., 2:08-cv-05414-MMM-E (C.D. Cal. May 19, 2009)
By Eric Goldman available on his Tech&Marketing Law Blog.
Solid Host, NL v. NameCheap, Inc., 2:08-cv-05414-MMM-E (C.D. Cal. May 19, 2009)
Facts
This case involves an alleged domain name theft. Solid Host is a web host and initial owner of the domain name solidhost.com, which it registered through eNom in 2004. Solid Host claims that in 2008, a security breach at eNom allowed an unknown interloper (Doe) to steal the domain name and move the registration to NameCheap. Doe also acquired NameCheap's "WhoisGuard" service, a domain name proxy service that masked Doe's contact information in the Whois database. Solid Host contacted Doe and sought the domain name; Doe asked for $12,000, and Solid Host took a pass. Instead, Solid Host demanded that NameCheap hand back the domain name and identify Doe, but Doe claimed that he had bought the domain name legitimately. NameCheap, apparently feeling like the cheese in a sandwich, demurred to Solid Host's requests. Solid Host then got a TRO ordering NameCheap to transfer the name and reveal Doe's identity, both of which occurred. For unclear reasons, Solid Host hasn't amended the complaint to name the Doe, but it is proceeding against NameCheap on various claims, including an Anti-Cybersquatting Consumer Protection Act (ACPA) claim.
The Opinion
Who is the Registrant?
My understanding of domain name proxy services is that the service acts as the legal registrant, thus supplying its contact information, but it registers the domain name for the benefit of its customer, making the customer the beneficial registrant. An analogy: a bank may take legal title of a property as part of securing a loan on the property, but the borrower retains beneficial title to the property.
So, for purposes of the ACPA, is the proxy service the “registrant” of the domain name? ICANN’s agreement with registrars seemingly contemplates this characterization in Section 3.7.7.3 of its Registrar Agreement, which says “A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm.” However, it’s not clear to me that a proxy service “licenses” the domain name, especially if you accept my lender-borrower analogy above. Alternatively, if the proxy service is the “agent” of the customer, the licensing analogy also breaks down.
Whether the proxy service is the registrant matters a great deal to the legal outcome, and unfortunately, the court’s analysis of this important question was cursory, muddled, and possibly internally inconsistent.
In this case, the court’s inquiry is made more difficult by the fact that NameCheap acted as both the registrar and the proxy service provider. As a registrar, an ACPA claim against NameCheap should be squarely preempted by the domain name registry/registrar safe harbor enacted as part of the ACPA (15 U.S.C. §1114(2)(D)). For example, 1114(2)(D)(iii) says:
A domain name registrar, a domain name registry, or other domain name registration authority shall not be liable for damages under this section for the registration or maintenance of a domain name for another absent a showing of bad faith intent to profit from such registration or maintenance of the domain name
(This provision only moots damages, not an injunction, but since Solid Host has the domain name back in its possession, damages seem like the only remaining issue).
The court concludes that NameCheap is not eligible for the domain name registrar safe harbor because NameCheap is the domain name registrant. It says, "NameCheap is, by virtue of the anonymity service it provides, the registrant of a domain name that allegedly infringes Sold [sic] Host’s trademark." Thus, NameCheap is ineligible for the registrar safe harbor, which applies only when the registrar acts as a registrar.
But, having rejected the domain name registrar safe harbor because NameCheap was the domain name registrant, the court then inconsistently says that NameCheap is not the registrant for purposes of the prima facie ACPA claim. Instead, for ACPA purposes the court treats Doe as the registrant, leaving NameCheap exposed to a possible secondary ACPA liability claim. (The court acknowledges that NameCheap would defeat a direct ACPA claim because NameCheap did not have any bad faith intent to profit from the domain name. Offering the proxy service wasn't enough to qualify as a bad faith intent to profit).
Wait a minute—how can NameCheap simultaneously be both the registrant (no safe harbor) but not the registrant (thus, subjected to a secondary claim)? The court does not acknowledge or explain this apparent inconsistency.
Contributory Cybersquatting
Courts have rarely discussed a contributory ACPA claim. The only one cited by the court was a 2001 case (the Ford Motors vs. Greatdomains.com case) and I can’t think of any others. Perhaps this isn’t surprising because (1) as the Greatdomains.com case indicated, a contributory ACPA claim is available "in only exceptional circumstances," and (2) registrars are the most likely targets of a contributory ACPA claim, and the domain name registrar safe harbor effectively eliminates their contributory ACPA liability.
Adopting the analysis in the Greatdomains.com case, this court equates contributory ACPA liability with the Ninth Circuit’s 1999 Lockheed standard for online contributory trademark infringement (as opposed to ACPA liability), which requires that "a plaintiff must prove that the defendant had knowledge and ‘[d]irect control and monitoring of the instrumentality used by the third party to infringe the plaintiff’s mark.'"
So how did NameCheap have the requisite control over Doe's instrumentalities? Good question. The court tosses out this gem: NameCheap was "the “cyber-landlord” of the internet real estate stolen by Doe." WHAT??? The court continues:
NameCheap’s anonymity service was central to Doe’s cybersquatting scheme. If NameCheap had returned the domain name to Solid Host, Doe’s illegal activity would have ceased.
The second sentence is true with respect to NameCheap, but it is also true of every registrar for every domain name they register--and we know from the 1999 Lockheed case that registrars lack control over the instrumentalities of their registrants. So the proxy service seems to make a legal difference, but how does the proxy service evidence NameCheap's greater control over the registrant's instrumentalities? I think something is amiss here.
To complete the prima facie contributory ACPA claim, in addition to control, Solid Host must show that NameCheap has the requisite knowledge of Doe's ACPA violation. The court sets a high scienter bar--mere notice from an aggrieved party isn't enough--but the court conclusorily says that the complaint alleged enough knowledge to survive the motion to dismiss.
Why This is a Troubling Ruling
As I trust is clear, I think the court's analysis is questionable at best. I’m also troubled about the normative implications. Most obviously, this case could portend the demise of domain name proxy services. Read literally, every proxy service is exposed to potential contributory ACPA liability for every domain name it services. I can’t imagine proxy service providers will be excited about that liability exposure, and some may choose to exit the business.
If proxy services evaporate, domain name registrants will have a tougher time maintaining their privacy. This could affect at least two groups. First, businesses seeking to register domain names for unlaunched new brands often want to procure the new brand's domain names without publicly announcing their intentions through the Whois database. (Of course, some businesses register such domain name through agents or shell companies, but at a much greater expense than a proxy service). Second, gripers, whistleblowers, critics and others may want to use proxy services to make it harder for their targets to unmask their identities. This ruling jeopardizes the potential privacy options available to both groups.
I’m also troubled by this ruling’s narrow reading of the domain name registrar safe harbors. There haven’t been many cases interpreting those safe harbors, and this case might influence other courts to read them narrowly.
A Mini-Trend of Lawsuits Against Registrars
I’ve noticed a small but troubling increase in lawsuits against domain name registrars in the past few months. In addition to this case, see the Vulcan Golf v. Google lawsuit (which named some registrars as defendants), OnlineNIC cases, Philbrick v. eNom and uBid v. GoDaddy. Personally, I believe this litigation trend mirrors the expansion of new and legally untested non-registration services offered by registrars. I explored this issue with Elliot Noss of Tucows in the most recent installment of TWiL (worth listening to, IMO). Discussing the uBid lawsuit, Elliott explained how registrars monetize dropped domain names before being returned to the available pool of unregistered domain names. The delay is putatively for the benefit of customers who mistakenly let a registration lapse; but this also has the happy (?) by-product of letting registrars create new ad inventory that they are monetizing.
In the past, a lot of the legal attention regarding domain names has focused on trademark owners vs. registrants. From my perspective, those lawsuits are becoming passé. The real litigation growth industry appears to be trademark owner vs. registrar lawsuits over new registrar service offerings that trademark owners don't like. Rulings like this one, with a broad reading of contributory ACPA liability and a narrow reading of the domain name registrar safe harbor, raise the specter that registrars may find more legal trouble than they anticipated.
See also: DOMAIN NAMES NEWS
Saturday, May 30, 2009
Obama on net neutrality & cyber security
LA Times:
"Let me also be clear about what we will not do. Our pursuit of cyber-security will not -- I repeat, will not include -- monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans. Indeed, I remain firmly committed to net neutrality so we can keep the Internet as it should be --
BBC reportsopen and free."
US President Barack Obama has announced plans for securing American computer networks against cyber attacks.
Youtube Link - discussion on cyber security
"Let me also be clear about what we will not do. Our pursuit of cyber-security will not -- I repeat, will not include -- monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans. Indeed, I remain firmly committed to net neutrality so we can keep the Internet as it should be --
BBC reportsopen and free."
US President Barack Obama has announced plans for securing American computer networks against cyber attacks.
Youtube Link - discussion on cyber security
Wednesday, May 20, 2009
My Reading for June
TONGUE-IN-CHEEK: HOW INTERNET DEFAMATION
LAWS OF THE UNITED STATES & CHINA ARE SHAPING GLOBAL INTERNET SPEECH
BY: Nicole Hostettler
Cite as 9 J. HIGH TECH. L. 66 (2009)
http://www.jhtl.org/docs/pdf/HOSTETTLER_Tongue_in_Cheek.pdf
Minimum Contacts in Cyberspace:
The Classic Jurisdiction Analysis in a New Setting
BY: Tricia Leigh Gray
http://www.jhtl.org/docs/pdf/TGRAYV1N1N.pdf
Mixing Oil with Water: Resolving the Differences Between
Domain Names and Trademark Law
BY: Jonathan O. Nilsen
“The Internet has evolved from its inception as primarily a research network
into a full-blown commercial marketplace.”
http://www.jhtl.org/docs/pdf/JNILSENV1N1N.pdf
The Internet Bankruptcy: What Happens When the Bell Tolls
for the eCommerce Industry?
BY: Warren E. Agin
Swiggart & Agin, LLC
Boston, Massachusetts
Cite as: 1 J. HIGH TECH. L. 1 (2002)
http://www.jhtl.org/docs/pdf/WAGINV1N1LA.pdf
LAWS OF THE UNITED STATES & CHINA ARE SHAPING GLOBAL INTERNET SPEECH
BY: Nicole Hostettler
Cite as 9 J. HIGH TECH. L. 66 (2009)
http://www.jhtl.org/docs/pdf/HOSTETTLER_Tongue_in_Cheek.pdf
Minimum Contacts in Cyberspace:
The Classic Jurisdiction Analysis in a New Setting
BY: Tricia Leigh Gray
http://www.jhtl.org/docs/pdf/TGRAYV1N1N.pdf
Mixing Oil with Water: Resolving the Differences Between
Domain Names and Trademark Law
BY: Jonathan O. Nilsen
“The Internet has evolved from its inception as primarily a research network
into a full-blown commercial marketplace.”
http://www.jhtl.org/docs/pdf/JNILSENV1N1N.pdf
The Internet Bankruptcy: What Happens When the Bell Tolls
for the eCommerce Industry?
BY: Warren E. Agin
Swiggart & Agin, LLC
Boston, Massachusetts
Cite as: 1 J. HIGH TECH. L. 1 (2002)
http://www.jhtl.org/docs/pdf/WAGINV1N1LA.pdf
Tuesday, May 19, 2009
Case Comment: Click-wrap Arbitration Clause found enforceable
Clickwrap Contract Enforcement: Arbitration & Forum Selection Clauses
Recommended Reading: For lawyers seeking to understand the contest and enforceability of clickwrap agreements, an article written by Rachel Cormier Anderson and published by the Shidler Journal of Law
Link:
http://www.lctjournal.washington.edu/Vol3/a011Cormier.html
In three recent cases, courts have invalidated portions of consumer clickwrap agreements containing either forum selection or binding arbitration clauses. In the first case, the Washington State Court of Appeals invalidated a forum selection clause found in a clickwrap agreement because the clause was contrary to state consumer protection policies. In the second case, the California Court of Appeals rejected a clickwrap agreement calling for binding arbitration in a specified forum when the plaintiff sought to bring a class action claim. Finally, the U.S. Court of Appeals for the Fifth Circuit recently declared a binding arbitration clause because it was unconscionable. Although these cases address a relatively new form of contracting known as "clickwrap agreements," the essential issue in each case was not new. These cases suggest that courts are willing to accept the validity of clickwrap agreements in general, but have invalidated specific clauses based on traditional contract doctrines such as unconscionability and public policy. This Article examines these recent cases in light of existing precedent concerning the enforceability of clickwrap agreements
Clickwrap Contract Enforcement Often Depends on the Specific Facts and Jurisdiction
The legal status of shrink wrap contracts in the US is somewhat unclear. One line of cases follows ProCD v. Zeidenberg which held such contracts enforceable (see, e.g., Brower v. Gateway) and the other follows Klocek v. Gateway, Inc., which found the contracts at hand unenforceable (e.g., Specht v. Netscape Communications Corp.), but did not comment on shrink wrap contracts as a whole. These decisions are split on the question of consent, with the former holding that only objective manifestation of consent is required while the latter require at least the possibility of subjective consent.
In particular, the Netscape contract was rejected because it lacked an express indication of consent (no "I agree" button) and because the contract was not presented directly to the user (users were required to click on a link to access the terms). However, the court in this case did make it clear that "Reasonably conspicuous notice of the existence of contract terms and unambiguous manifestation of assent to those terms by consumers are essential if electronic bargaining is to have integrity and credibility." Specht, 356 F.3d 17. It may be worth noting that the user in the Zeidenberg case had purchased and opened the packages of multiple copies of the product, and therefore could not easily prove he remained ignorant of the contract/license; whereas in many cases, the so-called shrink-wrap "license" agreement has not been reviewed at the time of purchase (having been hidden inside the box), and therefore is arguably not part of the sale of the copy, and thus not enforceable by either party without further "manifestation of assent" to its terms. In general, a user is not obligated to read, let alone consent to any literature or envelope packaging that may be contained inside a product; otherwise such transactions would unduly burden users who have no notice of the terms and conditions of their possession of the object purchased, or the blind, or those unfamiliar with the language in which such terms are provided, etc.
Via Viente Taiwan, L.P. v. United Parcel Service, Inc., 2009 WL 398729 (E.D. Tex. February 17, 2009)
A federal court in Texas held the clickwrap agreement between United Parcel Service and one of its customers was binding. After plaintiff Via Viente sued UPS in Texas, UPS moved to transfer venue to the Northern District of Georgia, citing to a forum selection clause in a license agreement governing Via Viente’s use of a UPS-provided software Via Viente argued that the clickwrap agreement (and by extension the forum selection clause) was not binding because a UPS technician installed the application on a Via Viente computer, and therefore Via Viente never had a chance to agree to the terms. The court rejected that argument for the following three reasons:
• Via Viente was a sophisticated company and “should have been aware that terms of service were forthcoming” after having signed the general Carrier Agreement with UPS that required the use of the software;
• It was “difficult to believe” that Via Viente would have left the UPS technician installing the software unsupervised. Moreover, it was not UPS’s practice to install the software unsupervised;
• Via Viente had kept the benefit of the bargain (convenience and “palatable” shipping costs) so it would have been inequitable to allow it to disavow provisions it did not like.
After finding the clickwrap agreement to be binding, the court went on to find the forum selection clause enforceable, and transferred the matter to the Northern District of Georgia.
Available at: http://blog.internetcases.com/page/2/
Recommended Reading: For lawyers seeking to understand the contest and enforceability of clickwrap agreements, an article written by Rachel Cormier Anderson and published by the Shidler Journal of Law
Link:
http://www.lctjournal.washington.edu/Vol3/a011Cormier.html
In three recent cases, courts have invalidated portions of consumer clickwrap agreements containing either forum selection or binding arbitration clauses. In the first case, the Washington State Court of Appeals invalidated a forum selection clause found in a clickwrap agreement because the clause was contrary to state consumer protection policies. In the second case, the California Court of Appeals rejected a clickwrap agreement calling for binding arbitration in a specified forum when the plaintiff sought to bring a class action claim. Finally, the U.S. Court of Appeals for the Fifth Circuit recently declared a binding arbitration clause because it was unconscionable. Although these cases address a relatively new form of contracting known as "clickwrap agreements," the essential issue in each case was not new. These cases suggest that courts are willing to accept the validity of clickwrap agreements in general, but have invalidated specific clauses based on traditional contract doctrines such as unconscionability and public policy. This Article examines these recent cases in light of existing precedent concerning the enforceability of clickwrap agreements
Clickwrap Contract Enforcement Often Depends on the Specific Facts and Jurisdiction
The legal status of shrink wrap contracts in the US is somewhat unclear. One line of cases follows ProCD v. Zeidenberg which held such contracts enforceable (see, e.g., Brower v. Gateway) and the other follows Klocek v. Gateway, Inc., which found the contracts at hand unenforceable (e.g., Specht v. Netscape Communications Corp.), but did not comment on shrink wrap contracts as a whole. These decisions are split on the question of consent, with the former holding that only objective manifestation of consent is required while the latter require at least the possibility of subjective consent.
In particular, the Netscape contract was rejected because it lacked an express indication of consent (no "I agree" button) and because the contract was not presented directly to the user (users were required to click on a link to access the terms). However, the court in this case did make it clear that "Reasonably conspicuous notice of the existence of contract terms and unambiguous manifestation of assent to those terms by consumers are essential if electronic bargaining is to have integrity and credibility." Specht, 356 F.3d 17. It may be worth noting that the user in the Zeidenberg case had purchased and opened the packages of multiple copies of the product, and therefore could not easily prove he remained ignorant of the contract/license; whereas in many cases, the so-called shrink-wrap "license" agreement has not been reviewed at the time of purchase (having been hidden inside the box), and therefore is arguably not part of the sale of the copy, and thus not enforceable by either party without further "manifestation of assent" to its terms. In general, a user is not obligated to read, let alone consent to any literature or envelope packaging that may be contained inside a product; otherwise such transactions would unduly burden users who have no notice of the terms and conditions of their possession of the object purchased, or the blind, or those unfamiliar with the language in which such terms are provided, etc.
Via Viente Taiwan, L.P. v. United Parcel Service, Inc., 2009 WL 398729 (E.D. Tex. February 17, 2009)
A federal court in Texas held the clickwrap agreement between United Parcel Service and one of its customers was binding. After plaintiff Via Viente sued UPS in Texas, UPS moved to transfer venue to the Northern District of Georgia, citing to a forum selection clause in a license agreement governing Via Viente’s use of a UPS-provided software Via Viente argued that the clickwrap agreement (and by extension the forum selection clause) was not binding because a UPS technician installed the application on a Via Viente computer, and therefore Via Viente never had a chance to agree to the terms. The court rejected that argument for the following three reasons:
• Via Viente was a sophisticated company and “should have been aware that terms of service were forthcoming” after having signed the general Carrier Agreement with UPS that required the use of the software;
• It was “difficult to believe” that Via Viente would have left the UPS technician installing the software unsupervised. Moreover, it was not UPS’s practice to install the software unsupervised;
• Via Viente had kept the benefit of the bargain (convenience and “palatable” shipping costs) so it would have been inequitable to allow it to disavow provisions it did not like.
After finding the clickwrap agreement to be binding, the court went on to find the forum selection clause enforceable, and transferred the matter to the Northern District of Georgia.
Available at: http://blog.internetcases.com/page/2/
Monday, May 11, 2009
electronic records mngt - something for the lawxul students!!
Do you know where your data is?
It is often said that technology is the problem and the solution. This is surely appropriate for data security. After all, more than 95 per cent of corporate data is held electronically.
Perhaps the best approach is to distinguish between data security – preventing unauthorised disclosure – and litigation/regulatory readiness – managing authorised disclosure effectively. The legal rules of data protection and the civil courts require those responsible for the relevant data to consider what technology is available to better avoid unauthorised and manage authorised disclosure. This fact alone dictates that IT and legal experts should communicate and collaborate.
The Data Protection Act imposes a duty to ensure an appropriate level of security. This involves a consideration of the nature of the data, and the likelihood of loss, cost and developments in technology. It is not sufficient for the risks around storing and using high volumes of electronic data to appeal to the legal framework alone.
The potential damage to brand and reputation is too often underestimated.
When 1,500 Standard Life savers’ personal details were lost en route between HM Revenue and Customs (HMRC) offices in Newcastle and Edinburgh, the data was encrypted to the highest degree. But two lost HMRC CDs containing Child Benefit Agency information were protected by only one password.
Subcontracting is another example of risk – one that led to Marks & Spencer (M&S) losing an unencrypted laptop and being found by the Information Commissioner to have violated the law.
What about the litigation/regulatory risk? Few organisations appreciate the burden, time and cost of a request from an opponent in litigation or from a regulator to produce documents. Most are blissfully unaware of what is involved.
What are you going to do when asked to produce substantial volumes of data against a tight deadline? Where is the data? How are you going to search for it? What happens if you do not produce files when requested but they subsequently come to light? The low priority accorded to this risk could prove disastrous.
What should companies be doing?
First, the risks must be appreciated and managed. Make data management an organisational priority. Instigate ongoing communication and collaboration between the IT function and the legal team. For example, is there a policy about the removal of mobile devices from company premises? What about the use of removable media such as memory sticks? Who is controlling that data?
Second, draw up and enforce appropriate policies that should be kept under constant review. Keep audit trails so that a course of action can be justified later if necessary.
The use of encryption is not as widespread as may be thought, as the M&S incident testified. Training is vital, and every contract within the organisation should be reviewed in relation to the data management risk.
Whether your technology is in-house or outsourced, those responsible will need to appreciate the different data protection laws in different countries, the prevention of over-writing backup procedures during the preservation and collection phase, and the challenges presented by differences in local language and culture where data has to be collected across continents.
Volume reduction is essential to confine data within reasonable parameters such as date ranges, file types, and relevance, to eliminate unnecessary duplication.
A documented and defensible methodology to justify decisions is indispensable. And project management skills to review the data for confidentiality, privilege and non-relevance is essential to stop costs spiralling out of control.
Legal teams must understand what technologies are available, and IT managers must understand the rules governing the retention, destruction and disclosure of electronically stored information.
What better way to start taking control than for IT and legal to talk to each other?
Mark Surguy is a senior associate at international law firm Pinsent Masons
Data protection disasters
* HMRC lost two unencrypted CDs containing the details of 25 million child benefit recipients. It appears that it was a breach of company policy to use the internal post (a courier) rather than recorded mail that led to the loss, and not a breach of any encryption requirement.
* M&S used a consultancy to prepare pensions statements. The evening before a meeting, the company’s data was downloaded to a laptop in unencrypted format, and the computer was stolen. M&S immediately put into operation an encryption programme for all its laptops.
* When Arthur Anderson staff shredded documents in connection with the Enron affair, the fatal damage to the company was caused by a failure to comply with a document-destruction policy. Had the shredded documents been destroyed in accordance with the policy, no complaint could have been made and the organisation would still be in existence today.
Available at: http://techlaw.computing.co.uk/
It is often said that technology is the problem and the solution. This is surely appropriate for data security. After all, more than 95 per cent of corporate data is held electronically.
Perhaps the best approach is to distinguish between data security – preventing unauthorised disclosure – and litigation/regulatory readiness – managing authorised disclosure effectively. The legal rules of data protection and the civil courts require those responsible for the relevant data to consider what technology is available to better avoid unauthorised and manage authorised disclosure. This fact alone dictates that IT and legal experts should communicate and collaborate.
The Data Protection Act imposes a duty to ensure an appropriate level of security. This involves a consideration of the nature of the data, and the likelihood of loss, cost and developments in technology. It is not sufficient for the risks around storing and using high volumes of electronic data to appeal to the legal framework alone.
The potential damage to brand and reputation is too often underestimated.
When 1,500 Standard Life savers’ personal details were lost en route between HM Revenue and Customs (HMRC) offices in Newcastle and Edinburgh, the data was encrypted to the highest degree. But two lost HMRC CDs containing Child Benefit Agency information were protected by only one password.
Subcontracting is another example of risk – one that led to Marks & Spencer (M&S) losing an unencrypted laptop and being found by the Information Commissioner to have violated the law.
What about the litigation/regulatory risk? Few organisations appreciate the burden, time and cost of a request from an opponent in litigation or from a regulator to produce documents. Most are blissfully unaware of what is involved.
What are you going to do when asked to produce substantial volumes of data against a tight deadline? Where is the data? How are you going to search for it? What happens if you do not produce files when requested but they subsequently come to light? The low priority accorded to this risk could prove disastrous.
What should companies be doing?
First, the risks must be appreciated and managed. Make data management an organisational priority. Instigate ongoing communication and collaboration between the IT function and the legal team. For example, is there a policy about the removal of mobile devices from company premises? What about the use of removable media such as memory sticks? Who is controlling that data?
Second, draw up and enforce appropriate policies that should be kept under constant review. Keep audit trails so that a course of action can be justified later if necessary.
The use of encryption is not as widespread as may be thought, as the M&S incident testified. Training is vital, and every contract within the organisation should be reviewed in relation to the data management risk.
Whether your technology is in-house or outsourced, those responsible will need to appreciate the different data protection laws in different countries, the prevention of over-writing backup procedures during the preservation and collection phase, and the challenges presented by differences in local language and culture where data has to be collected across continents.
Volume reduction is essential to confine data within reasonable parameters such as date ranges, file types, and relevance, to eliminate unnecessary duplication.
A documented and defensible methodology to justify decisions is indispensable. And project management skills to review the data for confidentiality, privilege and non-relevance is essential to stop costs spiralling out of control.
Legal teams must understand what technologies are available, and IT managers must understand the rules governing the retention, destruction and disclosure of electronically stored information.
What better way to start taking control than for IT and legal to talk to each other?
Mark Surguy is a senior associate at international law firm Pinsent Masons
Data protection disasters
* HMRC lost two unencrypted CDs containing the details of 25 million child benefit recipients. It appears that it was a breach of company policy to use the internal post (a courier) rather than recorded mail that led to the loss, and not a breach of any encryption requirement.
* M&S used a consultancy to prepare pensions statements. The evening before a meeting, the company’s data was downloaded to a laptop in unencrypted format, and the computer was stolen. M&S immediately put into operation an encryption programme for all its laptops.
* When Arthur Anderson staff shredded documents in connection with the Enron affair, the fatal damage to the company was caused by a failure to comply with a document-destruction policy. Had the shredded documents been destroyed in accordance with the policy, no complaint could have been made and the organisation would still be in existence today.
Available at: http://techlaw.computing.co.uk/
Q&A
Last week on the 8th May, a blogger opinionised on the last post and asked an interesting question- which posed a great challenge...below is my opinion....i welcome further contributions.
The Challenge!
Do you think it would be better to have one all inclusive law or several laws covering say e-commerce, intellectual property etc
Singapore for example:
Tanzania Berne and Paris Conventions.
Importantly, a clarity between the connection of IP and e-commerce to beginners -
There are several reasons why IP is important to E-Commerce and e-commerce is important to IP. E-Commerce, more than other business systems, often involves selling products and services that are based on IP and its licensing. Music, pictures, photos, software, designs, training modules, systems, etc. can all be traded through E-Commerce, in which case, IP is the main component of value in the transaction. IP is important because the things of value that are traded on the Internet must be protected, using technological security systems and IP laws, or else they can be stolen or pirated and whole businesses can be destroyed.
Also, IP is involved in making E-Commerce work. The systems that allow the Internet to function - software, networks, designs, chips, routers and switches, the user interface, and so on - are forms of IP and often protected by IP rights. Trademarks are an essential part of E-Commerce business, as branding, customer recognition and good will, essential elements of Web-based business, are protected by trademarks and unfair competition law.
E-Commerce businesses and Internet related businesses are based on product or patent licensing. This is because so many different technologies are required to create a product that companies often outsource the development of some component of products, or share technologies through licensing arrangements. If every company had to develop and produce all technological aspects of every product independently, development of high technology products would be impossible. The economics of E-Commerce depends on companies working together to share, through licensing, the opportunities and risks of business. Many of these companies are SMEs.
Finally, E-Commerce based businesses usually hold a great deal of their value in IP; so the valuation of your E-Commerce business will be affected by whether you have protected your IP. Many E-Commerce companies, like other technology companies, have patent portfolios and trademarks that enhance the value of their business.
Available at: http://www.wipo.int/sme/en/e_commerce/ip_ecommerce.htm
The Challenge!
Do you think it would be better to have one all inclusive law or several laws covering say e-commerce, intellectual property etc
Such issues as with intellectual property should be dealt with separately, following examples of other such as the
Below is a good example of how we should move forward.....
Singapore for example:
Electronic Transactions Act (Cap. 88) Singapore covers matters such as:
- Electronic contracts;
- Electronic records and signatures;
- Secure electronic records and signatures;
- Effect of digital signatures and duties relating to such signatures;
- Duties of Certification Authorities and their subscribers;
- Regulation of Certification Authorities;
- Government use of electronic records and signatures; and Liability of network service providers
|
| |
- The need to conform to international standards and international models in order to be integrated with the global e-commerce framework;
- The need to avoid over regulation;
- The need to be flexible and technologically neutral to adapt quickly to a fluid global environment; and
- The need for transparency and predictability in our laws.
· Broadly, the Act seeks to do the following:
- Enact a Commercial Code to support e-commerce transactions;
- Provide for a Public Key Infrastructure;
- Enable Electronic Applications and Licences for the Public Sector; and
- Clarify Network Service Providers' liability for third party content.
The Internet has extended the reach of providers of information and other forms of content, but it has also changed radically the ease to reproduce, distribute and publish such information and content. This has posed new challenges for intellectual property protection. The laws providing for IPR should thus be reinforced
The amendments should aim to:
- Improve copyright protection and enforcement measures for copyright owners in the digital environment, thus promoting the use of the Internet for business.
For example, the amendments- - extended copyright protection to multimedia and interactive productions which qualify as intellectual creations;
- clarified that copyright owners enjoy protection against the making of electronic and transient copies of their work; and
- provided the conditions allowing an additional avenue whereby copyright owners may require Internet Service Providers to "take down" materials which may be guilty of copyright infringement, even before the owners initiate enforcement proceedings against the actual infringes.
- Promote legal certainty in the usage of the Internet by clarifying the rights and obligations of copyright owners, intermediaries such as network service providers, and users such as educational institutions.
For example, allowing end users to browse materials made available on the Internet such amendments should also spell out when intermediaries such as Internet Service Providers are exempted from liabilities.
Importantly, a clarity between the connection of IP and e-commerce to beginners -
There are several reasons why IP is important to E-Commerce and e-commerce is important to IP. E-Commerce, more than other business systems, often involves selling products and services that are based on IP and its licensing. Music, pictures, photos, software, designs, training modules, systems, etc. can all be traded through E-Commerce, in which case, IP is the main component of value in the transaction. IP is important because the things of value that are traded on the Internet must be protected, using technological security systems and IP laws, or else they can be stolen or pirated and whole businesses can be destroyed.
Also, IP is involved in making E-Commerce work. The systems that allow the Internet to function - software, networks, designs, chips, routers and switches, the user interface, and so on - are forms of IP and often protected by IP rights. Trademarks are an essential part of E-Commerce business, as branding, customer recognition and good will, essential elements of Web-based business, are protected by trademarks and unfair competition law.
E-Commerce businesses and Internet related businesses are based on product or patent licensing. This is because so many different technologies are required to create a product that companies often outsource the development of some component of products, or share technologies through licensing arrangements. If every company had to develop and produce all technological aspects of every product independently, development of high technology products would be impossible. The economics of E-Commerce depends on companies working together to share, through licensing, the opportunities and risks of business. Many of these companies are SMEs.
Finally, E-Commerce based businesses usually hold a great deal of their value in IP; so the valuation of your E-Commerce business will be affected by whether you have protected your IP. Many E-Commerce companies, like other technology companies, have patent portfolios and trademarks that enhance the value of their business.
Available at: http://www.wipo.int/sme/en/e_commerce/ip_ecommerce.htm
Sunday, May 3, 2009
time to regulate
Notably, there has been activities in drafting model laws to regulate cyber activities alongside Kenya "electronic Transactions Bill 2007" and other east african states (http://africa.bizcommunity.com/Article/111/23/18306.html)......Kenya, Uganda and Tanzania are in the process of adopting harmonized cyber laws to enable the establishment of e-government and e-commerce programs, according to the East African Community, the intergovernmental organization representing these three countries with a population totaling 82 million people. The cyber laws will cover data security, network security, cyber crime, information systems and electronic transactions (http://www.ibls.com/internet_law_news_portal_view.aspx?s=latestnews&id=1539)
in short the process of the legislature passing the laws in Tanzania needs to be fast-tracked in order for the country to reap out the benefits of e-commerce especially due to the fact that the first question asked by a foreign company, wanting to operate a website targeted at the Tanzanian audience, is about the laws dealing with online content.
i read an interesting article a few days ago, based on the Indian Information Technology Act whereby the author omits that in the absence of specific laws governing online content regulation, laws which have not specifically made for online content regulation will still apply to it. This is the principle of functional equivalence with statutes such as the Indian Penal Code, 1860 will be made applicable to online act’s and omissions. read more.....http://www.livemint.com/2008/01/14001653/Management--A-legal-framework.html
another interesting bit of info...in addition to one of my first articles on e-defamtion..
Civil Procedure Code + the Internet!
The Delhi High Court in the case of Frank Finn Management Consultants v. Subhash Motwani and Another (CS(OS) 367/2002) determined the scope of its jurisdiction under Section 19 of the Code of Civil Procedure, 1908 while making refrence to the availibility of the publication on the internet. The case concerned a suit for damages publishing libelous information. The defendant’s argument was that since the publication of the libelous material did not occur in the forum hence it did not have jurisdiction within the meaning of Section 19. The court intepreting section 19 held that, “publication in the sense of a libel is not the mechanical act of printing of the magazine but is of communication of the libelous article”. In reaching the conclusion that it had jurisdiction it held that, “…growing number of readers prefer to read newspapers and magazines via internet rather than in hard form. By putting the magazine on the internet, the magazine cannot be said to be for circulation within Mumbai only and is concluded to be having circulation all over India.” (available at: http://iltb.apargupta.com/?p=76)
in short the process of the legislature passing the laws in Tanzania needs to be fast-tracked in order for the country to reap out the benefits of e-commerce especially due to the fact that the first question asked by a foreign company, wanting to operate a website targeted at the Tanzanian audience, is about the laws dealing with online content.
i read an interesting article a few days ago, based on the Indian Information Technology Act whereby the author omits that in the absence of specific laws governing online content regulation, laws which have not specifically made for online content regulation will still apply to it. This is the principle of functional equivalence with statutes such as the Indian Penal Code, 1860 will be made applicable to online act’s and omissions. read more.....http://www.livemint.com/2008/01/14001653/Management--A-legal-framework.html
another interesting bit of info...in addition to one of my first articles on e-defamtion..
Civil Procedure Code + the Internet!
The Delhi High Court in the case of Frank Finn Management Consultants v. Subhash Motwani and Another (CS(OS) 367/2002) determined the scope of its jurisdiction under Section 19 of the Code of Civil Procedure, 1908 while making refrence to the availibility of the publication on the internet. The case concerned a suit for damages publishing libelous information. The defendant’s argument was that since the publication of the libelous material did not occur in the forum hence it did not have jurisdiction within the meaning of Section 19. The court intepreting section 19 held that, “publication in the sense of a libel is not the mechanical act of printing of the magazine but is of communication of the libelous article”. In reaching the conclusion that it had jurisdiction it held that, “…growing number of readers prefer to read newspapers and magazines via internet rather than in hard form. By putting the magazine on the internet, the magazine cannot be said to be for circulation within Mumbai only and is concluded to be having circulation all over India.” (available at: http://iltb.apargupta.com/?p=76)
Friday, May 1, 2009
E-News!
Nigeria: That Delay on Cyber Crime Law is Dangerous!
By Zakariyya Adaramola dated 23 February 2009
Internet-based attacks and crimes are increasing in Nigeria as 'greedy' criminals continue to steal data from businesses and individuals....available at: http://allafrica.com/stories/200902231107.html
By Zakariyya Adaramola dated 23 February 2009
Internet-based attacks and crimes are increasing in Nigeria as 'greedy' criminals continue to steal data from businesses and individuals....available at: http://allafrica.com/stories/200902231107.html
Thursday, April 30, 2009
e-Defamation
The blogging phenomenon has hit Tanzania and individuals have started to express themselves, communicate and share information through blogging. Various fashion bloggers, news bloggers (such as the famous michuzi blogsite) etc. With such activities one must consider the law of defamation.
Here are some bullet points---theoretical aspects of e-defamation that have caught my attention!
What is defamation?
+it is the communication of a statement expressly or implied to be factual, that may give an individual, business, product, group, government or nation a negative image.
+the web has made it easier to disseminate defamatory statements to a worldwide audience with impunity.
For some time, courts have struggled with remedies for Web defamation. The problem has been magnified by the difficulty in identifying the perpetrator, and the degree to which Internet Service Providers (ISP's) should be held accountable for facilitating the defamatory activity.
+ see the New York case of Lunney v. Prodigy for internet defamation
++++Due to the novel methods in which defamation is perpetrated on the Internet, courts have been required to "stretch" the law in both substance and procedure. Although ISP's are theoretically immune from liability for defamation perpetrated by their members, they have been unable to escape being sued as a party to defamation lawsuits altogether. On the other hand, being forced by a court order to reveal confidential customer information may actually help an ISP by immunizing it from liability to its own members.
Do blogs have the same constitutional protection as mainstream media?
* yes, the US Supreme Court has held that "in the context of defamation law, the rights of the institutional media are no greater or no less than those enjoyed by other individuals or organisations engaged in the same activities".
What if I republish another person's statement? (i.e. someone comments on your posts)
& Generally, anyone who repeats someone else's statements is just as responsible for their defamatory content as the original speaker—if they knew, or had reason to know, of the defamation. In the United States Section 230 of the Communications Decency Act (http://www.eff.org/issues/bloggers/legal/liability/230), provides a strong protection against liability for Internet "intermediaries" who provide or republish speech by others.
How courts look at the context of a statement?
Blogs- start with the general tenor, setting, format of the blog, the context of the links through which the user accessed the particular entry.
- look at the specific context and content of the blog entry, analyzing the extent of figurative or hyperbolic language used and the reasonable expectations of the blog's audience.
The statutory limitation on libel cases? - 3 years as provided by the Law of Limitation
Stark differences between the laws of different countries have focused attention on the issue of when the court of a given country will assert jurisdiction over Worldwide Web content.
In the 1997 US Court of Appeal case of Zeran v. America OnLine, Inc., the plaintiff sued the defendant internet service provider (“ISP”) for unreasonable delay in removing defamatory messages posted by an unidentified third party, refusing to post retractions, and failing to screen for similar postings thereafter. The Court held that the Communications Decency Act barred such claims by immunizing commercial interactive computer service providers from liability for defamatory information posted by third parties.
In contrast to the American approach, an ISP in the 1999 English High Court case of Godfrey v. Demon Internet Ltd. was found liable in defamation after failing to remove defamatory remarks in a posting to a Newsgroup forum following a request to do so by the plaintiff who was alleged to have been the author of the posting. The comments in the posting were obscene and defamatory of the plaintiff and he denied being the author. He therefore requested their removal but the defendant company failed to do so. The High Court concluded that, since the defendant company knew about the defamatory content of the posting, they could not avail themselves of the protection of s. 1(1) of the English Defamation Act 1996.
other crucial factors to be considered....
1.stark differences between the laws of different countries ---JURISDICTION- must be determined --note: websites and e-mails are inter-jurisdictional---thus borderless --an agreement on jurisdiction/issues as to which substantive law would apply... the issue of jurisdiction is very complex this is seen by the different approaches taken by the US, UK and EU countries ...having not come to consensus as which approach should be adopted uniformly....to avoid conflict!--
Here are some bullet points---theoretical aspects of e-defamation that have caught my attention!
What is defamation?
+it is the communication of a statement expressly or implied to be factual, that may give an individual, business, product, group, government or nation a negative image.
+the web has made it easier to disseminate defamatory statements to a worldwide audience with impunity.
For some time, courts have struggled with remedies for Web defamation. The problem has been magnified by the difficulty in identifying the perpetrator, and the degree to which Internet Service Providers (ISP's) should be held accountable for facilitating the defamatory activity.
+ see the New York case of Lunney v. Prodigy for internet defamation
++++Due to the novel methods in which defamation is perpetrated on the Internet, courts have been required to "stretch" the law in both substance and procedure. Although ISP's are theoretically immune from liability for defamation perpetrated by their members, they have been unable to escape being sued as a party to defamation lawsuits altogether. On the other hand, being forced by a court order to reveal confidential customer information may actually help an ISP by immunizing it from liability to its own members.
Do blogs have the same constitutional protection as mainstream media?
* yes, the US Supreme Court has held that "in the context of defamation law, the rights of the institutional media are no greater or no less than those enjoyed by other individuals or organisations engaged in the same activities".
What if I republish another person's statement? (i.e. someone comments on your posts)
& Generally, anyone who repeats someone else's statements is just as responsible for their defamatory content as the original speaker—if they knew, or had reason to know, of the defamation. In the United States Section 230 of the Communications Decency Act (http://www.eff.org/issues/bloggers/legal/liability/230), provides a strong protection against liability for Internet "intermediaries" who provide or republish speech by others.
How courts look at the context of a statement?
Blogs- start with the general tenor, setting, format of the blog, the context of the links through which the user accessed the particular entry.
- look at the specific context and content of the blog entry, analyzing the extent of figurative or hyperbolic language used and the reasonable expectations of the blog's audience.
The statutory limitation on libel cases? - 3 years as provided by the Law of Limitation
Stark differences between the laws of different countries have focused attention on the issue of when the court of a given country will assert jurisdiction over Worldwide Web content.
In the 1997 US Court of Appeal case of Zeran v. America OnLine, Inc., the plaintiff sued the defendant internet service provider (“ISP”) for unreasonable delay in removing defamatory messages posted by an unidentified third party, refusing to post retractions, and failing to screen for similar postings thereafter. The Court held that the Communications Decency Act barred such claims by immunizing commercial interactive computer service providers from liability for defamatory information posted by third parties.
In contrast to the American approach, an ISP in the 1999 English High Court case of Godfrey v. Demon Internet Ltd. was found liable in defamation after failing to remove defamatory remarks in a posting to a Newsgroup forum following a request to do so by the plaintiff who was alleged to have been the author of the posting. The comments in the posting were obscene and defamatory of the plaintiff and he denied being the author. He therefore requested their removal but the defendant company failed to do so. The High Court concluded that, since the defendant company knew about the defamatory content of the posting, they could not avail themselves of the protection of s. 1(1) of the English Defamation Act 1996.
other crucial factors to be considered....
1.stark differences between the laws of different countries ---JURISDICTION- must be determined --note: websites and e-mails are inter-jurisdictional---thus borderless --an agreement on jurisdiction/issues as to which substantive law would apply... the issue of jurisdiction is very complex this is seen by the different approaches taken by the US, UK and EU countries ...having not come to consensus as which approach should be adopted uniformly....to avoid conflict!--
Subscribe to:
Posts (Atom)