A pub owner in the U.K. has been fined £8,000 because someone used its open wireless hotspot to download copyrighted material unlawfully.

The managing director of the hotspot provider The Cloud, Graham Cove, told ZDNet UK that the case, brought in the civil courts, is believed to be the first of its kind in the UK. He would not identify the pub concerned, however, because the pub had not yet given permission for the case to be publicized. Cove did advise that the fine had been levied in a civil case “sometime this summer”. The Cloud’s pubco clients include Fullers, Greene King, Marsdens, Scottish & Newcastle, Mitchell & Butlers and Punch Taverns.

The law surrounding open Wi-Fi networks and the liability of those running them is a grey area. Although copyright owners have brought infringement cases against individuals before in the UK, this case is believed to be the first where the operator of a hotspot – a place where people can buy or get free access to a high-speed wireless internet connection – has been successfully sued.

Based on the facts made known to date, this decision appears to be somewhat anomalous. As Professor Lilian Edwards, a professor of internet law at Sheffield Law School, told ZDNet UK, businesses operating a hotspot for customers or visitors should be “not responsible in theory” for users’ unlawful downloads, under “existing substantive copyright law”.  Anomalous or not, however, this must be a real cause of concern for businesses that provide their customers with wireless access (as well as their liability insurers). “You’re probably OK for now in terms of data retention,” Edwards said, “but watch out for the pile of copyright infringement warnings coming your way.”

This decision may have implications for the U.K.’s upcoming and controversial Digital Economy Bill, with measures that could include disconnection of the account holder, and could make matters worse for businesses with open Wi-Fi hotspots. At a wireless hotspot, it is not possible to determine the IP address of an individual who has downloaded infringing material because the IP address that is recorded will be that of the hotspot. A rights holder who seeks to identify an infringer of a copyright is therefore not able to distinguish the hotspot operator from the end user of the downloaded copyrighted material. Referring to the fact that it is currently not yet clear as to whether those facing disconnection would get their chance to appeal before or after being cut off, Edwards said businesses should “lobby for the upcoming Code of Practice to allow an early appeal against [warnings] before rather than after you get disconnected”.

Read More: CNET-News; The Guardian

   Send article as PDF   

The occurrence and frequency of cyber breaches are not as transparent as one might expect.  Or hope, for that matter.  To the contrary, the FBI’s chief cyber crimes investigator recently admitted that “thousands” of cyber crimes have gone unreported due to companies’ fears about the impact of adverse publicity on their reputations and bottom lines.

According to Shawn Henry, assistant director of the FBI’s Cyber Division, hackers regularly access computer security systems and steal millions of dollars and credit card numbers without such incidents ever being publicly reported.  Indeed, Mr. Henry has acknowledged that “[o]f the thousands of cases that we’ve investigated, the public knows about a handful…There are million-dollar cases that nobody knows about.”

And the problem is not limited to Fortune 500 and other large companies such as TJX and Heartland, which have voluntarily disclosed cyber intrusions.  Indeed, the incidence of cyber attacks on such companies is growing marginally or even shrinking, as these entities implement more complex security systems.  The more frequent target has become medium-sized and small companies which do not have the resources or perhaps the ability or interest to enhance their cyber protections.  The same goes for private citizens whose personal wealth and, equally troublesome, personal secrets may be at risk as their personally identifiable information is wrongfully retrieved and then used to access their bank and other investment accounts.  Needless to say, no one wants to admit they’ve been hit or that their resources have been stolen.  The stigma alone is a major deterrent to such public disclosures. (“Hey Joe… guess what… I was just robbed of $10 million!! And, they learned that I’ve been cheating on my spouse for the past ten years… How about that!!!”).

For cyber insurers, a prospective policyholder’s unwillingness to disclose such intrusions can be a major problem, both from an underwriting and claims perspective.  As always, the key is proper detailed due diligence up-front.  Underwriters can not take for granted that they would or should know about an intrusion at a potential account.  They must ask the right questions, require the proper warranties, and “pull back the curtain” to ensure that the risks they take on are just that – risks – rather than cyber intrusions waiting to happen.  “Penny-wise, pound foolish” is particularly apt.  Spend the time and money to vet your proposed accounts.  The cost of a claim or related coverage litigation will dwarf the expense of a thorough underwriting investigation.  Unlike the availability of insurance, that is a guarantee.

   Send article as PDF   

Personal information and data can be captured and aggregated in the most unlikely of ways. Take, for example, television viewing habits.

In the past, data aggregators such as A.C. Neilson have used a variety of techniques to measure television audiences’ viewing habits in order to assemble ratings and assist networks and advertisers in identifying viewership and demographic rankings. It began with people compiling viewing information in journals. As technology progressed, Neilson and other data aggregators used “black boxes” attached to televisions to compile the all-important viewership and demographic information. Some people equated these activities to a form of “Big Brother” watching over us, but in virtually all cases, the “Neilson families” did so willingly and were compensated for their voluntary participation.

Just as everything else, we have now progressed well beyond the activities of yesteryear.  The latest news on the viewership and demographic aggregation front comes from Google, which has announced that it is teaming up with TiVo, the digital video recording company, to assist advertisers in measuring how and when their ads are viewed by consumers.  As most people know, TiVo and its progeny allow viewers to “fast forward” through commercials so that they can view only the content they elect to watch. While a boon to viewers who hate commercials, this capability frustrates advertisers who pay tens of thousands if not tens of millions of dollars to television and cable networks to promote their services and products.  According to Google, this new service is an attempt to re-create its AdWords and AdSense models on the small screen.

The hitch is that most TiVo users typically catch the beginning or end of a commercial or other unwanted programming as they attempt to watch their selected shows.  Only the most prolific of remote controllers can precisely fast forward their recorded programming to view only what they want and not what they don’t want. Having now had TiVo for 7-1/2 years, I still suffer the fate of imperfect fast forwarding and consequent rewinding.  I just can’t totally avoid those pesky commercials, no matter how hard I try.  And believe me, I try.

Google is of the view that even that momentary viewership of the undesirable commercials, while not a full ad impression, is meaningful to advertisers.  Thus, it plans to use “anonymous second-by-second DVR viewing data” to track how viewers see ads placed through Google TV Ads and to assemble data on viewers’ television habits.

So, what can we as TiVo users do about it?  Google has not yet announced if viewers can “opt-out” of this service.  If that option is not available, then the only options seem to be that we participate as willing or unwilling (and uncompensated) participants, or give up our TiVo.  Needless to say, that latter option is not realistic.  I love my TiVo.  I won’t give it up.  But at what cost?  The price of my privacy, it seems.

   Send article as PDF   

The issue of defamation on the internet is an interesting one because, perhaps contrary to intuition, the tort of defamation is generally considered to occur in the location where defamatory material is accessed, rather than where it is published. Dow Jones & Company v. Gutnick, a 2002 decision of the High Court of Australia, was the first case to reach a final court that considered the nature of defamation on the Internet. Dow Jones, a US company, allegedly defamed an Australian businessman in an article on the Internet. Dow Jones argued that the suit should be heard in the US, not Australia, because that is where the article was uploaded. They argued that the Internet, being such a revolutionary development in communications, deserved a new legal response; that the High Court should develop a global theory of defamation liability. The High Court declined to do so, holding that long-established principles of Anglo-Australian defamation law were applicable to online defamation. Canada appears to have followed suit.

The consequence is that regardless of whether online defamatory material has been posted and hosted in the United States, case law developments with respect to internet defamation in foreign jurisdictions may be quite relevant in determining the liability of a U.S. resident for posting defamatory content.

For a good review of the Dow Jones case, see A Result Contrary to Intuition: Defamation on the Internet and the High Court of Australia.
.

   Send article as PDF   

In actions for libel and slander, “publication” refers to the communication of defamatory material to a third person. Does hyperlinking to a website containing defamatory material amount to publication of that material in the eyes of the law?

This was the issue that was recently considered by the B.C. Court of Appeal in the case of Crookes v. Newton, the first case at the appellate level in Canada to consider whether the creation of a hyperlink to a site that contains defamatory material can make the creator liable for the defamatory material.  The plaintiff, Mr. Crookes, claimed that he was defamed in various articles that first appeared on the Internet in 2005. The defendant, Mr. Newton, put up a post on his website under the heading “Free Speech in Canada”, and inserted hyperlinks to webpages that contained the defamatory articles. Significantly, Mr. Newton did not reproduce any of the content from the articles, nor did he comment on them in any way. The relevant post excerpt  (hyperlinks omitted) is as follows:

Under new developments, thanks to the lawsuit, I’ve just met Michael Pilling, who runs OpenPolitics.ca. Based in Toronto, he, too, is being sued for defamation. This time by politician Wayne Crookes. We’ve decided to pool some of our resources to focus more attention on the appalling state of Canada’s ancient and decrepit defamation laws and tomorrow, p2pnet will run a post from Mike [Pilling] on his troubles. He and I will also be releasing a joint press statement in the very near future.

When Mr. Crookes learned of the post, he asked Mr. Newton to remove the hyperlinks, but Mr. Newton refused. Mr. Crookes then sued Mr. Newton, taking the position that by creating the hyperlinks, Mr. Newton became a publisher of the impugned articles found at the hyperlinked websites. Mr. Newton brought a motion for summary judgment, arguing that that Mr. Crookes could not prove that the hyperlinks were brought to the attention of a third party and therefore “published”. Mr. Crookes was able to prove that Mr. Newton’s site had been accessed 1,788 times, but he could not prove whether any visitors to the site had ever clicked on the hyperlinks leading to the webpages containing the defamatory articles.

Mr. Crookes argued that there should be an automatic presumption of publication of the hyperlinked articles – such a presumption exists with respect to defamatory content in newspapers or broadcasts to the general public through the operation of ss. 2 and 12(2) of British Columbia’s Libel and Slander Act which provides:

s. 2. Defamatory words in a broadcast are deemed to be published and to constitute libel. 

s. 12(2).  The publication of a printed copy of a newspaper is proof, in the absence of evidence to the contrary, of the publication of the printed copy.

The Court refused to apply such a presumption, holding that since there is no such statutory provision in Canada providing for the presumed publication of communication distributed through the internet, it should be up to the Legislature, rather than the courts, to create such a presumption. Nor would the majority of the Court infer publication from the fact that Mr. Newton’s site had received 1,788 “hits”. Justice Saunders, speaking for the majority, noted that there was no evidence adduced with respect the volume of “hits” here compared to the norm, the usual behavior of internet readers or “surfers” or the jurisdiction in which they resided. As a result, there was insufficient information on which to infer that the hyperlinks had been accessed at all, let alone by Canadian viewers.

The court concluded that the mere fact that Mr. Newton hyperlinked the impugned sites did not make him a publisher of the material found at the hyperlinked sites. The Court referred to the 2005 case of Carter v. B.C. Federation of Foster Parents Assn., where it had held that a reference to a website in a printed newsletter, where there was no element of control by the defendant over that website, did not amount to publication of the defamatory material found at that site. In that case, a group of defendants had prepared a written newsletter which contained an internet address for an internet chat room which posted defamatory material, with the comment that “more news” could be found at that address. The Trial judge found that the reference in the written newsletter did not in the circumstances amount to publication by the Federation of the defamatory materials found at that site.

In this case, Mr. Newton advised that he saw the hyperlinks “as the equivalent of a footnote or biographical reference”, and the majority of the Court of Appeal agreed. The majority of the court found that there was no substantial difference between referring to a web address in a written article and a mere hyperlink; both required a decision on the part of the reader to access another website, and both required the reader to take a distinct action. Further, in this day of rapidly changing technology, the court was not persuaded that it would take any less effort to access a hyperlink than a web address in an article. Thus, according to the majority, if it is apparent from the context in which the hyperlink is used that it is being used merely as a biographical or similarly limited reference to an original source, without in any way actively encouraging or recommending to the readers that they access that source, then this would not amount to publication. However, the footnote analogy is not a complete answer to the question. If a hyperlink served as an invitation or encouragement to view an impugned site, or in some way adopted a portion of its contents, the hyperlink could be defamatory. For example, a statement that “The truth about [Person X] is found here, where “here” is hyperlinked to defamatory content may be sufficient to constitute defamation. Thus, the issue of whether a hyperlink promulgates defamatory content will require a contextual, fact-specific analysis.

(Of course, therein lies the rub. The majority of the Court did not see encouragement in Mr. Newton’s post, likening the links to a footnote for a reader or card index in a library. The dissenting judge was of the view that the context of the post served as an inducement to readers to click on the hyperlink).

   Send article as PDF   

“Phishing” refers to the fraudulent process of attempting to acquire sensitive information such as usernames and credit card details by masquerading as a trustworthy entity by way of e-mail, instant messaging or some other electronic communication. The communciation will often directs users to enter details at a fake website that is almost identical to the legitimate one.  

To illustrate, in a recent example of spear-phishing launched from a web server in China, CEOs received an email message purporting to be from a federal court stating that a subpoena was being directed to the CEO with a link to a web address ending in “uscourts.com”. More than 1,800 CEOs clicked on the link. Once the victims arrived at the bogus site, they were asked to view court documents by downloading a browser plug-in, which was actually malware used to gain access to the victim’s computer.

On November 17, 2009, the FBI issued a cyber advisory warning that hackers appear to be targeting law firms and public relations firms. Here’s a not-so-clever example:

Subject: Attn: Pamela Pengelley

Alexander JLO – Solicitors
11 Lanark Square
Glengall Bridge
London E14 9RE
United Kingdom.
TEL:+44 794 4145 981
Fax:+44 794 4416 262

Good day: Pamela,

This is a personal E-mail directed to you and I request that
it be treated as such.

I am Barrister Wilson Baker, a solicitor at law. I am the personal attorney/sole executor to the late Engr Gerald Pengelley herein after referred to as’my client’ who worked as an independent oil magnate in my country and who died in a plane crash with his immediate family in December 2003.

Since the death of my client, I have written several letters to the embassy with an intent to locate any of his extended relatives whom shall be claimants/beneficiaries of his abandoned personal estate and all such efforts have been to no avail.

More-so, I have received official letters in the last few weeks suggesting a likely proceeding for confiscation of his abandoned personal assets in line with existing laws by the bank in which my client deposited a notably high amount of money.

On this note i decided to search for a credible person and finding that you bear a similar last name, I was urged to contact you, that I may with your consent, present you to the “trustee” bank as my late client’s surviving family member so as to enable you put up a claim to the bank in that capacity as a next of kin of my client.

I find this possible for the fuller reasons that you bear a similar last name with my client making it a lot easier for you to put up a claim in that capacity.

I propose that 35% of the net sum will accrue to you at the conclusion of this deal in so far as I do not incure further expenses.

Therefore, to facilitate the immediate transfer of this funds, you need, first to contact me via my private email:(wilsonbaker3@yahoo.co.uk) for better confidentiality, signifying your interest and as soon as I obtain your confidence I will immediately appraise you with the complete details as well as fax you the documents, with which you are to proceed and i shall direct you on how to put up an application to the bank.

However, you will have to accent to an express agreement which I will forward to you in order to bind us in this transaction.

Upon the receipt of your reply,I will send you by fax or E-mail the next step to take.I will not fail to bring to your notice that this proposal is hitch-free and that you should not entertain any fears as the required arrangements have been made for the completion of this transfer.

Like I said, I require only a solemn confidentiality on this.

Best regards,
Wilson Baker Esq

A word to the wise  –  proceed with caution before clicking on a link in an e-mail, even if the message appears to be from a reliable source. Better to seek confirmation from your information systems resources than fall victim to a spear-phishing scam. For more information, check out Microsoft’s webpage, “How to Recognize Phishing Emails and Links”.

   Send article as PDF   

On November 10, 2008, millions of people were left without electricity in two of Brazil’s biggest cities, São Paulo and Rio de Janeiro, as a result of a massive power failure. The outage also had a significant impact on telecommunications and the Internet routing system in a number of South American regions. According to CircleID Reporter, while Brazil took the largest hit, Paraguayan and Uruguayan networks also went out “as a result of the largest regional power outage to hit Brazil and its neighbors in several years.”

The losses arising from these types of outages can staggering. Recall in early July of 2008, when the network of Brazilian unit of Spanish telecom Telefónica (NYSE: TEF) was disrupted, leaving its 2.2mn Speedy broadband customers without internet access for about 36 hours in the state of São Paulo. According to Business News America, Zurich had said that it would set aside 24mn reais (US$15.2mn) for refunds to compensate for the service interruption.

Prompted by the internet losses, the Brazilian unit of Swiss insurer Zurich began offering a new civil liability insurance product in August of 2008 in the wake of a large-scale internet outage, reported the local financial daily Gazeta Mercantil. The product covers third-party damage and operational shutdowns resulting from service disruptions, according to the report.

According to Zurich Brasil’s financial insurance lines executive ,Vinicios Villela Jorge, “Many businesses were wanting to know whether the insurance market would make this type of product available so that they could require [clients] to get this policy when contracting their services.” It will be interesting to see whether new insurance products become available on the market as a result of this most recent network failure.

SOURCES: CircleID Reporter; BNAmericas

   Send article as PDF   

A New Decision on Facebook: Ex Parte Injunctions and Preservation Orders

Another Ontario decision dealing with production of Facebook profiles in personal injury lawsuits was released on October 29, 2009. In Schuster v. Royal & SunAlliance Insurance Company of Canada, the defendant brought a motion before a judge, without notice to the plaintiff, seeking an injunction requiring the plaintiff to preserve and produce her Facebook webpage.  The particulars of the decision are set out in detail, below.

The plaintiff claimed that, as a result of a car accident, she suffered injuries that impaired her ability to work and to participate in social and recreational activities. During litigation, she produced an “affidavit of documents” (a sworn list of all documents in a party’s possession, including electronic documents, that are relevant to the lawsuit) in which she failed to disclose the existence of her Facebook account.

The defendant hired a surveillance company and discovered the Facebook account, for which access was restricted to 67 “friends”, one being the plaintiff’s mother-in-law. The defendant was able to obtain photographs from the mother-in-law’s Facebook account in which there were pictures of the plaintiff dated before and after the accident, although she was just standing, sitting or reclining  (she was not engaged in any activities in relation to which she claimed to be impaired).

The defendant had brought the motion on an ex parte basis (that is, without notice to the plaintiff) seeking an Interim Order for the Preservation of Property under Rule 45.01 of Ontario’s Rules of Civil Procedure, R.R.O. 1990, Reg. 194). (Ex parte motions are typically granted where urgency arises because there is a reason to believe that the responding party, if given notice of the motion, will take steps to frustrate the process of justice before the motion can be decided). Rule 45.01 states:

INTERIM ORDER FOR PRESERVATION OR SALE

45.01 (1)  The court may make an interim order for the custody or preservation of any property in question in a proceeding or relevant to an issue in a proceeding, and for that purpose may authorize entry on or into any property in the possession of a party or of a person not a party. R.R.O. 1990, Reg. 194, r. 45.01 (1).

(2)  Where the property is of a perishable nature or likely to deteriorate or for any other reason ought to be sold, the court may order its sale in such manner and on such terms as are just. R.R.O. 1990, Reg. 194, r. 45.01 (2).

The Court noted that Rule 45.01(1) is “typically used to ensure that important documents, information or other items are preserved and available for the trial of an action where there is a strong likelihood that the defendant would destroy this evidence once notified of the proceedings”. As a result, an order under Rule 45.01 is similar to a civil search warrant and therefore subject to a higher threshold test than an “ordinary” ex parte injunction, pursuant to s. 101 of the Courts of Justice Act (“CJA”). (Note that Rule 40 of the Rules of Civil Procedure sets out the procedure to be followed in order to obtain an order under s. 101 of the CJA).

Justice Price noted that it was unclear whether the defendant was seeking access to just the web site, or the preservation and production of the website contents, and noted that an order granting the defendant access to the site would be far more invasive than ordering the plaintiff to preserve the contents of the site. Since an order granting the defendant access to the plaintiff’s Facebook account would have required the plaintiff to provide her username and password to the defendant (and was beyond the scope of her obligation to disclose relevant documents), the Court proceeded on the assumption that the defendant was only seeking an order for preservation of the site.

Justice Price then considered whether the defendant had met the test for an ordinary ex parte injunction under s. 101 of the CJA:

101.(1)In the Superior Court of Justice, an interlocutory injunction or mandatory order may be granted or a receiver or receiver and manager may be appointed by an interlocutory order, where it appears to a judge of the court to be just or convenient to do so. R.S.O. 1990, c. C.43, s. 101 (1); 1994, c. 12, s. 40; 1996, c. 25, s. 9 (17)

Terms

(2)An order under subsection (1) may include such terms as are considered just. R.S.O. 1990, c. C.43, s. 101 (2).

In considering whether to grant the interlocutory  injunction, Justice Price applied the test set out by the Supreme Court of Canada in R.J.R. Macdonald Inc. v. Canada (A.G.):

1.)    Is there a serious question to be tried? Judge Price found that there was a serious question to be tried, namely, the extent to which the accident had prevented the plaintiff from earning and income and engaging in recreational activities.

2.)    Will the applicant suffer irreparable harm if the application is not granted? This is usually determined by considering whether damages will be an adequate remedy. In this case, the defendant argued that without the content of the Facebook webpage, it woudl be deprived of the opportunity to properly respond to the plaintiff’s claim. The Judge disagreed noting that proof of irreparable harm must be clear and not speculative ; there was no evidence that there were incriminating photographs on the plaintiff’s Facebook page. In fact, Justice Price held that since the plaintiff had not listed the Facebook page in her affidavit of documents, the presumption was that this was because the Facebook page did not contain any relevant information. Unlike in previous Ontario cases dealing with Facebook production, in this case, the judge was NOT prepared to draw an inference from the nature of Facebook itself or the plaintiff’s profile that her Facebook page was likely to contain relevant evidence, stating:

I do not regard the mere nature of Facebook as a social networking platform or the fact that the Plaintiff possesses a Facebook account as evidence that it contains information relevant to her claim or that she has omitted relevant documents from her Affidavit of Documents. The photographs that the Defendant has obtained from the Plaintiff’s account in the present case do not appear, on their face, to be relevant.

3.   Whom Does the Balance of Convenience Favor? In weighing the privacy interests of the plaintiff and the defendant’s interest in full disclosure, the court concluded that the balance favored the plaintiff:

• The plaintiff’s failure to disclose her Facebook account in her affidavit of documents should give rise to the presumption that the information on the webpage is not relevant to the litigation – the defendant has the opportunity to rebut this presumption by cross-examining her on her affidavit of documents if it so chooses.
• The defendant had been at liberty to question the plaintiff about her Facebook account at her examination for discovery.
• There was no evidence to support the defendant’s proposition that the plaintiff was likely to delete any relevant contents of her Facebook profile pending trial.

In considering the plaintiff’s privacy interests, Justice Price had regard to the Federal Privacy Commissioner’s “Report of Findings into the Complaint filed by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) Against Facebook Inc” under the Personal Information Protection and Electronic Documents Act, and concluded:

The Plaintiff has set her Facebook privacy settings to private and has restricted its content to 67 “friends”. She has not created her profile for the purpose of sharing it with the general public. Unless the Defendant establishes a legal entitlement to such information, the Plaintiff’s privacy interest in the information in her profile should be respected.

As a result of the foregoing, the Court concluded:

The Defendant has not established a basis for a preservation order in the present case, especially on an ex parte motion. The Defendant has not put forward evidence, beyond a bald assertion, that there is relevant evidence that needs to be preserved. It also has not put forward evidence beyond mere speculation to support a conclusion that an order is required on an ex parte basis to prevent the destruction of evidence after a notice of motion for production is given and pending the return of such a motion.

The Court did decide, however, that ”[b]ecause Facebook is a relatively recent phenomenon and the disclosure obligations and remedies are still being articulated in relation to it”, the Court was prepared to grant the defendant a further opportunity to cross-examine the plaintiff on her affidavit of documents if it chose to do so.

   Send article as PDF