Saturday, January 31, 2009

Global Game Jam 2009

I am at the London Metropolitan University’s Accelerator, where the English chapter of the Global Game Jam is meeting, creating and producing games following the Theme given by the organizers. There are people from different arrays of life -students from different universities, former London Met students, people from the game industry, media and other wild animals- divided into eight groups, and they are all using different tools and techniques to develop a computer game (one per team) in 48 hs. If you ever wondered how creative people that knows what they are doing actually work, on the Global Game Jam there is a link to the live feed of our webcam (you need to go to the website and click on London).

For those of you who think that computers, games and Internet have been all invented so lawyers have something new to care about, the games that are been produced will be posted tomorrow and will be available under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0

So, get ready and from tomorrow join the globe, which is playing and jamming

Wednesday, January 14, 2009

Knowing how to live with Facebook

Facebook has become ubiquitous; this is not news, or it is yesterday’s news. However, and regardless the level of new media literacy that people are supposed to have, more and more Facebook users get entangled in its web when the information posted there is used for purposes not originally thought of. It is important to note that every time that you engage in a discussion about uses of new media the common perception is that there are certain things that you don’t need to teach or even address anymore when dealing with young learners, because they are so new media savvy that you are in danger of making a fool of yourself if trying to explain things to them. But there it a fundamental mistake in that perception: knowing what buttons to press does not mean knowing how to use a technology. Using a technology implies knowing what buttons to press (a sine qua non requisite) but also knowing what is the impact that pressing that button will or may have in your own life and on that of others, and Facebook represents a prime example of the fact that many people have the ability to use new media, but do not know how to use it. Some recent situations show why.
In the Kiwi city if Queenstown the police arrested a burglar after posting security camera images of the suspect on the police’s Facebook page. Although in this case the information suggests that people identified the burglar through the Facebook’s posting but not through his Facebook profile, you can imagine a situation where the police posts a photo or video (there are several videos of suspects posted too) and, if the suspect does have a Facebook account (which is becoming more and more likely), a Facebook friend reports the suspect, all done and dusted within Facebook environment. If you think that no criminal or delinquent in any form would be so dumb to commit a crime and have a Facebook profile with a photo, just remember the case where the owner of a restaurant in Melbourne identified five customers that had oysters, trout and expensive wine and then left without paying the hefty bill, not before asking to the owner about a former waitress. The owner contacted the former employee and together searched in her Facebook friends where they found one of the culprits…furthermore, you even have people that commit crimes and then boast about them in Facebook…
The legal issues on the previous situations are not as straightforward as one may initially think. In the case of the police in New Zealand, one would imagine that the law allows the police to make public information that they may have obtained by lawful means with the purpose of fighting crime, and one would also imagine that the law has been properly updated to make sure that “make public” includes the use of any known information technology and on any platform. Although it is clear that most of us will support the use of new technologies to find a criminal, it is imperative to remember that while citizens are allowed to do everything that the law does not expressly prohibits, the state can only do what the law expressly allows it to do (while in the last few years laws have been passed giving very broad and swiping powers to different states, that is technically a transvestite of the rule of law and it is to expect that future governments understand that regarding how right they think they are, it has been the rule of law what has continuously differentiated us from the dictators of the moment). So, a general power to “take any measure for the prevention of crime” would not (should not) do it. A more precisely tailored and explicit authorization for the use of information in such way would be needed (which we can assume that New Zealand has). The situation with the bill dodgers and their “friend” the former waitress things look different. Taking into account that the restaurant owner is not a public authority, here in Europe it can be strongly argued that the use that the former waitress made of the bill-dodgers information would constitute a breach of data protection legislation (since processing has been defined in such all-encompassing form, it seems that the waitress could be deemed data processor too…). Furthermore, showing user’s profile and the photo to the restaurant owner could also be interpreted as a breach of Facebook’s terms of services, that clearly establish that the user is “granted a limited license to access and use the Site and the Site Content and to download or print a copy of any portion of the Site Content to which [he/she has] properly gained access solely for your personal, non-commercial use…[and] any other use of the Site Content is strictly prohibited”.
On the other hand, there are also those who try to give to things that are posted on Facebook more value than they actually have, and others that don’t understand that the information that their Facebook friends make available to them in Facebook does not automatically becomes public because of that. While I was writing this post a student came to see me because a teacher had reprimanded him for posting on his Facebook status that he may had gotten a mark higher than he actually got, and that other students had complained why they had not gotten high marks too. Without entering into the fact that I don’t understand how a student can complain about not getting the same mark (or similar) that a classmate (what I actually don’t understand is how a teacher would entertain that conversation), the issue there is that the student/s that transmitted the information to the teacher probably did not have the right to do so. In addition to Facebook’s terms of service, explained above, the law has clearly established that information shared with many still can be of private nature, as in Douglas and Jones v Hello [2001], which could lead to the understanding that the students in question committed the tort of breach of confidence, being the requirement that the information should have the necessary degree of confidence and provided in circumstances importing an obligation of confidence satisfied by the fact that the information is available only to Facebook friends who are part of a network that prohibits non-personal use of it (the triviality issue established in Faccenda Chicken Ltd v Fowler [1987] is a matter of fact to be analysed in each particular case).
So, it seems that we are all using it, but not many knowing how…

Monday, January 12, 2009

Laws to keep us all secure in the digital era…you are joking, aren’t you?

Starting 11 September 2001 and reinforced after the Atocha and London terrorist attacks, the law in both side of the Atlantic has been adapted, changed and twisted so security agencies have more a more rights to intercept, search and store everything we do online with the clear and specific purpose of keeping us safe…or so the governments say. We will need not a post on a blog neither a book but a library to go through all the instances where in the last seven years the US and European governments have decided that the centuries old protections against the state interference with people’s communications without a reasonable cause sustained by an oath of affirmation have been good to defeat communism and fascism but would not do it against a bunch of lunatics that follow a guy that lives in a cave…and they keep doing it…but only against its citizens (who are normally simply exchanging information) and not against those that are actually using information technologies to help groups or countries deemed not friendly (by acts, politics and law).
Some reports have recently referred to the problems, in fact, finances and law that the transposition of the EU Directive 2006/24/EC on Data Retention would bring to most countries in general and to UK in particular. Fore example, it seems that the Government (means us, the taxpayers) will have to pay more than £25 million to ensure the law is obeyed, which would include the cost of recording every single e-mail which arrived to every email addres, including spam, but since only the fact that an email has been received and not its content is going to be recorded, we could well end in trouble due to being guilty by association…and the solution is not to also retain the content but to use the existing and proper principles of law that say that we are all innocent until proved otherwise. Strangely enough, while Lord Falconer has defended the not very nice ruling of Justice Eady in the Mosley case, saying that “the human rights convention does say we've got a legitimate entitlement to privacy”, does not seem to have the same view when the information of every resident in UK is going to be appropriated, without any reasonable cause, by the authorities. But what seems even more outrageous is that, once somebody is actually found commiting a crime via electronic networks, hiding the identity of the owners of large sums because the transfer in question were prohibited and that “somebody” is one of the big banks that only recently needed public money (again, our money), only a fine and a slap in the wrist is what is given. British bank Lloys TSB accepted that is had criminally hidded information about illegal transfers with Iranian and Sudanese customers in the US.


Court documents say for more than a decade Lloyds had been falsifying data which
moved through U.S. institutions by "stripping out" of wire transfers any
references to business deals involving customers in the two countries.
Lloyds
officials acknowledged they feared if the U.S. had been aware of the deals they
would likely have been blocked because of restrictions on commercial deals with
Iran and Sudan.
"For more than 12 years Lloyd's facilitated the anonymous
movement of hundreds of millions of dollars from U.S.-sanctioned nations through
our financial system," said Acting Assistant Attorney General Matthew
Friedrich.
"Lloyds stripped identifying information from international wire
transfers that would have raised a red flag at U.S. financial institutions and
caused such payments to be scrutinized," he said.
Although the money must be
forfeited, under terms of the deal Lloyds will not presently be prosecuted
because it accepted responsibility and has vowed to abide by the U.S. laws.
After two years the U.S. will forego prosecution and formally drop the criminal
charge.

No. it is not a joke…if you receive an email that you haven’t requested from somebody that knows somebody that has a cousin of a friend of somebody that may have some link to an organization that may have some sympathy for some lunatic that may have been related to some terrorist activity, because the data of that email will be stored for a year and somebody needs to justify the existence of his/her job in order for a politician to justify that the legislation that he/she put forward was not a complete stupidity and a waste of government’s money (yes, our money), your communications will be investigated and you will be put in lists that will your life a little more difficult, but if you are the manager of a huge bank that authorizes the commission of a crime involving people that the law of some countries have certified have some links to at-least terrorist-friendly groups, then you don’t go to jail; your bank has only to pay a fine, for which it can use money that the government just gave to it to keep your job secure, government money that, yes, as you imagine, comes from the same taxpayer that is being investigated for receiving and unwanted email from somebody that knows somebody….

Wednesday, January 07, 2009

Twitter: security that leaves you twitchy

There have been several reports of the hacking of several Twitter accounts belonging to some famous people. Britney Spears' one was left with a message saying "Hi Yall. Brit Brit here, just wanted to update you all on the size of my vagina. It's four feet tall and has razor sharp teeth;" CNN newsreader Rick Sanchez had a post saying that he was high on crack and not going to work; and the Fox News Twitter site had a new post simply claiming newsreader Bill O'Riley was gay. The hackers even gained control of the First Twitter to-be and posted a message on President-elect Obama’s site asking readers to click onto a new website to do an Obama survey.
The hack originated in a hacker known as GMZ, who was able to use an automatic password generator (Twitter allows unlimited attempts to log on) to enter into a profile of a staff member called Crystal. The hacker thought that the account belonged to somebody famous but then it found that the employee (whose password was Happiness) had access to all profiles and passwords, so he changed the passwords to the 33 accounts and provided them to members of hacking forum Digital Gangster, who infiltrated the websites.
While not real damage was done, the issue could have been more serious and is not to be taken lightly if we take into account that Twitter was hit recently was a phishing scam too, especially if we observe that there could be several routes making Twitter liable in case of damages…the problem for Twitter is that it seems to not be following some basic forms of security, now standard in the market, that would make difficult for them to claim that they are using reasonable care and skills in the provision of their service. Somebody may quickly argue that following the language of s. 13 of the English Supply of Goods and Services Act 1982 is not correct because the company is not located in England and, if it were, the user does not provide consideration to have a contract with Twitter. However, and leaving the issue of jurisdiction appart (but remembering LICRA v. Yahoo!), if courts decide to find liability (I have always suggested that more times than not, courts decide whatever they want and then they make up the arguments to justify it), they could find that the effort required to set up Twitter represents enough consideration as the court find that inhaling the smoke of the smoke ball was enough consideration in Carlill v Carbolic Small Ball Co (1892). Even courts don’t find consideration, such a lack of care (not allowing unlimited attempts for a password and requesting members of staff with access to all accounts to have very strong passwords are very common/basic security measures that an IT company must follow) would probably attract some form of liability in negligence, what is what should start happening if IT companies are treated as the rest of mortals…

Tuesday, January 06, 2009

Seeking views from software developers…

Thomas Otter, one of the good guys and one that knows “a bit” about the confluence of IT and law, is surveying the understanding that software developers have about basic legal concepts in order to gear up the completion of his PhD. So, software developers of all countries, unite! (and give a hand to Thomas by clicking here and filling the survey...)