tag:blogger.com,1999:blog-34728666376510906152024-03-13T21:04:19.543+00:00< mooseabyte > a blog about technology and lawLachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.comBlogger22125tag:blogger.com,1999:blog-3472866637651090615.post-60743384946274655632016-10-20T17:51:00.001+01:002016-10-20T17:51:08.464+01:00Blog InactiveApologies, this blog has not been used for some time - if you are still interested in my work - I maintain another blog about research now. It is available <a href="https://lachlansresearch.wordpress.com/">here. </a><br />
Thanks :) Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-62319612097300355852013-04-18T10:44:00.000+01:002013-04-19T18:01:51.483+01:00It lives...It has been far too long since my last post on here, almost an entire year(!). After a great time as a research assistant at the University of Strathclyde for a little while, I then moved and started as a PhD researcher last September at the University of Nottingham Horizon Digital Economy Centre. This centre focuses on the range of social and technical issues surrounding the digital economy, ubiquitous computing and the 'lifelong contextual footprint'. I've been increasing my multidisciplinary credentials beyond IT law by studying human computer interaction, creating maps in geospatial information services, basic programming in Java, learning qualitative techniques and quantitive statistics, building mobile apps and even considering philosophy of technology in science and technology studies.<br />
<br />
<br />
Given all these new ideas buzzing around, I've felt the increasing urge to revise the Mooseabyte blog. I used to really enjoy doing fuller freelance blog pieces for Naked Security, but of late I've struggled to do these, so I hope these shorter commentaries here might satisfy in the interim. That is not to say I haven't been writing...
I recently did a piece for the Society of Computers and Law called "The Aerial Gaze - Regulating Domestic Drones in the UK". Perhaps unsurprisingly it considers the range of issues posed for effective regulation of civilian UAV's operating in UK airspace. It maps out a tentative legal framework drawing on channels that address privacy, surveillance and air safety concerns. If this sounds of interest, you can read the full article <a href="http://www.scl.org/site.aspx?i=ed31354">here </a>
It builds on earlier presentations where I outlined the issues at the University of Edinburgh SCRIPT Conference, and <a href="http://www.blogger.com/www.gikii.org/wp-content/uploads/2012/04/Urquhart.pdf">GikII 2012</a>, which was hosted by the University of East Anglia at their London campus. I'll be presenting again at a "Spy in the Sky" conference at the University of Ljubljana next month with my talk <a href="http://www.blogger.com/www.inst-krim.si/fileadmin/.../provisional_programme_Spy_in_the_Sky.pdf">"Smile - drones operating overhead"</a>
I also have a couple of other pieces I've been working on including one entitled "European Data Protection Reform and digital memories of objects", which I'm hoping to develop further.<br />
<br />
<br />
I was at BILETA 2013 at the end of last week and had a great time catching up with other IT law researchers - albeit whilst I was plagued by a cold(!). It was extensively live tweeted by many at the event and you can see these messages if you search the #Bileta13 hashtag. I listened to many fascinating sessions on the future of cyberlaw, issues with developing a Liverpool smart city, data protection and big data, drones and international humanitarian law, ethics of autonomous systems, why the ICO is an (in)adequate regulator, the US FISA law and surveillance in the cloud... the list goes on! There was an interesting talk with qualitative and quantitive results from the CONSENT FP7 project with discussion consumer attitudes to online privacy and consent. Results are <a href="http://consent.law.muni.cz/">here</a>, and worth checking out. I always really enjoy these conferences as they provide intellectual reinvigoration, and they let me re-calibrate with the IT law community, which is important as I'm no longer based in a law school environment.<br />
<br />
Another highlight of the year thus far was during early 2013, I had the pleasure of attending the Living in Surveillance Societies (LiSS) /Centre for Research in Information, Surveillance and Privacy (CRISP) doctoral training school. This week long event involved lots of workshops, seminars and activities led by leading academics from the field of surveillance studies. I met some fantastic people, and it confirmed my conviction that I wanted to incorporate a significant 'surveillance studies' angle into my PhD research (which will be looking at effective governance of privacy and surveillance in ubiquitous computing environments).<br />
<br />
So despite my lack of virtual activity at least I've been far from virtually inactive...(sounded better in my head)<br />
<br />
Also two humorous snippets from TV shows I've been watching which have a vague law/tech/privacy theme - the <a href="http://www.youtube.com/watch?v=ZP7ebyqBn_M">first </a>from the wonderful Parks and Recreation, with Ron Swanson discovering cookies...then Google Earth -<br />
<br />
The <a href="http://www.youtube.com/watch?v=F1C4gWyW1Ng&noredirect=1%20">second </a>is from Scotland's own Limmy's Show with a funny sketch about User Agreements.<br />
<br />
Enjoy :) Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-78679515003663839532012-05-14T11:52:00.002+01:002012-05-14T11:52:20.964+01:00Government Snoopers charter announced, many questions left unanswered<br />
<span style="font-size: small;">Last week's Queen's Speech showed the Coalition's wish list of
law proposals and reforms for this Parliamentary legislative agenda. This included a little bit more information on the </span><span style="font-size: small;">government plans for updating law enforcement access to
communications data that have been circulating under the Communications
Capabilities Development Program (CCDP) name since late 2011<a href="http://nakedsecurity.sophos.com/2012/02/22/imp-or-ccdp-who-cares-its-still-storing-your-data/">/early 2012</a>.<br /> </span><br />
<span style="font-size: small;">We now know it's called the draft <a href="http://www.scribd.com/TheGift73/d/92981449-Draft-Communications-Data-Bill">Communications Data Bill</a> and it "intends to bring forward
measures to maintain the ability of the law enforcement
and intelligence agencies to access vital communications data under
strict safeguards to protect the public, subject to scrutiny of draft
clauses"
<br />
<br />
Luckily, the Bill was moved out of the fast stream "Home Office/Ministry
of Justice crime and courts bill" to be considered on it's own merits
as a standalone bill.
<br />
<br />
This is good news because extensive scrutiny and public consideration of
draft clauses are essential to fully understanding the implications of
this 'Snooper's Charter'.
<br />
<br />
Nick Clegg has promised the Bill won't be 'rammed through Parliament'
and the Home Office pledge to include <a href="http://www.guardian.co.uk/world/2012/may/09/snoopers-charter-crime-bill-facebook">strong safeguards.</a><br />
<br />
Nevertheless, the very existence of this proposal is curious given the
2010 Coalition <a href="http://www.cabinetoffice.gov.uk/sites/default/files/resources/coalition_programme_for_government.pdf">pledge</a> to "end the storage of internet and email records without
good reason". <br />
<br />
<u>Current System</u><br />
<br />
It's important to remember that communications data is not actual
content, but the metadata about phone and Internet communications.
<br />
<br />
This includes the email addresses of sender and recipient, user
location, phone numbers, equipment used, the time and duration of a
phone call.<br />
<br />
Since 2009, UK ISPs and Telcos have retained communications data
collected in the course of business (for billing etc) for 1 year under
powers derived from the EU Data Retention Directive.<br />
<br />
Under the Regulation of Investigatory Powers Act 2000, law enforcement
agencies and other authorised bodies can already access this data, for
many reasons including fighting crime and maintaining the economic well
being of the country.<br />
<br />
So how will this new bill change the current system? It will:<br />
<br />
1) Update the framework for collection and retention of communications data by communication service providers (CSPs)
<br />
<br />
2) Update the framework on lawful access to such data for authorised
government bodies including the police and intelligence agencies.
<br />
<br />
3) Create 'strict safeguards' including: <br />
- A 1-year limit on data held by CSPs <br />
- Measures to protect data from unauthorised access or disclosure.<br />
- Extension of the Interception of Communications Commissioner oversight<br />
- Provide an independent Technical Advisory Board for CSPs<br />
- Extend powers of the Investigatory Powers Tribunal for investigating individual complaints
<br />
<br />
4) Remove communications data laws that have lower standards of protection. <br />
<br />
Problematically, this outline doesn't really provide much detail on the nuts and bolts of the new Bill.
<br />
<br />
There are many key practical areas I think have to be addressed
including: What additional powers will be provided for oversight bodies?
Do CSPs have to install dedicated 'black box' deep packet inspection
technology? Who will pay for this infrastructure and
maintenance of interception algorithms? How will the new law handle
encrypted communications?<br />
<br />
Requiring data from third party services, often outside the UK, raise
many questions too: How will US third parties, like Google, Microsoft or
Facebook, fit in with UK police seeking social networking and instant
messaging comms data? How will CSPs accurately
separate the content of communications from the metadata? And how will
real time access to data work in practice?
<br />
<br />
The current EU Data Retention laws have often been criticised for
creating a system of <a href="http://www.statewatch.org/eu-data-retention.htm">mass surveillance</a>.<br />
<br />
Yet, instead of rolling back these powers, this Bill wants to further
expand and entrench this culture of storing everything 'just in case' it
becomes useful.
<br />
<br />
Whilst it's <a href="http://www.independent.co.uk/news/uk/politics/the-queens-speech-snoopers-charter-attacked-by-campaigners-7728305.html">claimed </a>'modernisation' is needed to stop
terrorism, paedophile rings and other organised criminal activity,
these criminal groups will doubtless use encryption technologies and <a href="http://arstechnica.com/business/2011/10/anonymous-takes-down-darknet-child-porn-site-on-tor-network/n">anonymised </a>networks keeping them off the grid anyway.<br />
<br />
This just leaves the general population unjustifiably under the gaze of a decentralised network of private surveillance.
<br />
<br />
Until specific details of the plans are released the many questions
outlined above will remain unanswered, preventing any real debate.<br />
<br />
However, even when more information becomes available, it remains
impossible to envision how treating the entire UK population as a '<a href="http://www.bbc.co.uk/news/technology-17769375">nation of suspects'</a>
is necessary and proportionate in a democratic society.</span>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com2tag:blogger.com,1999:blog-3472866637651090615.post-9963249917138304912012-05-14T11:39:00.002+01:002012-05-14T11:39:51.714+01:00Roundup of my Naked Security Articles 20 March to 14 May<br />
20/03/2012 - <a href="http://nakedsecurity.sophos.com/2012/03/20/cyber-war-hype-or-reality/">Cyberwar: Hype or reality?</a> - Is "cyberwar" really upon us? Is a "digital Pearl Harbour" imminent? And
is an international agreement on "cyberarms" a plausible solution? These are just some of the questions I address in this piece.<br />
<br />
29/03/2012 - <a href="http://nakedsecurity.sophos.com/2012/03/29/stopping-the-zombies-introducing-the-new-fcc-anti-botnet-code/">Stopping the Zombies: Introducing the new Federal Communications Commission anti-botnet code</a> - A new voluntary code of conduct for ISPs in the US creates new measures for addressing botnets. Does it go far enough?<br />
<a href="http://usefulsocialmedia.com/awards/logos/4f916e40c3054.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="184" src="http://usefulsocialmedia.com/awards/logos/4f916e40c3054.jpg" width="320" /></a><br />
10/03/2012 - <a href="http://nakedsecurity.sophos.com/2012/04/10/a-new-cookie-recipe-the-international-chamber-of-commerce-uk-cookie-guide/">A New Cookie Recipe: The International Chamber of Commerce Cookie Code</a> - As of next month, the ICO will be enforcing new(ish) rules on cookies
and consent, but is the business world ready? And if not, will the
International Chamber of Commerce's UK Cookie Guide provide the tools to
help them comply?<br />
<br />
18/04/12 - <a href="http://nakedsecurity.sophos.com/2012/04/18/new-porn-censorship-private-member-bill/">New Bill in UK wants Internet to be censored from porn by default</a> - A new Bill wants to protect children by requiring all users to opt-in if
they want to access porn. This would create a system of censorship by
default. Is this necessary when parents already have access to
porn-management tools?<br />
<br />
30/04/12 - <a href="http://nakedsecurity.sophos.com/2012/04/30/acta-update-the-fight-goes-on/">ACTA Update the Fight goes on</a> - ACTA has received considerable criticism from a number of high-profile
sources, but don't write it off just yet. there is still a chance it
could become law.<br />
Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-17772744777794042262012-03-13T14:30:00.000+00:002012-03-13T14:37:49.548+00:00Naked Security Articles 27.02.12 to 09.03.12<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: inherit;">This is a quick post just to link to a few more articles on Naked Security:</span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="background-color: black; color: white;"><i><b><a href="http://nakedsecurity.sophos.com/2012/02/27/controversial-acta-is-referred-to-the-european-court-of-justice/">Controversial ACTA is referred to the ECJ </a>on </b></i></span><b style="background-color: black; color: white;">27.02.12</b><span style="background-color: black; color: white;"> </span><span style="background-color: black; color: white;"> </span><span style="background-color: black; color: white;">The heated debate across Europe about ACTA has led the European Commission to refer the controversial agreement to the European Union's highest court.</span></span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="background-color: black; color: white;"> <i><b><a href="http://nakedsecurity.sophos.com/2012/03/02/new-privacy-guidelines-for-mobile-app-developers/">New GSMA privacy guidelines for mobile app developers</a> on </b></i></span><b style="background-color: black; color: white;">02.03.12</b><span style="background-color: black; color: white;">- </span><span style="background-color: black; color: white;">Host of the Mobile World Congress, the GSMA, have launched new guidelines for mobile app developers to increase transparency and trust between users and companies. Will it work?</span></span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="background-color: black; color: white;"> <i><b><a href="http://nakedsecurity.sophos.com/2012/03/09/smartphone-apps-sending-your-data-to-china/">Smartphone apps are sending your data to China</a> on </b></i></span><b style="background-color: black; color: white;">09.03.12</b><span style="background-color: black; color: white;">- </span><span style="background-color: black; color: white;">A Sunday Times report found that many smartphone apps are collecting too much personal data and then sending it outside the EU to the US, Israel, China and India. But do these countries meet EU data protection standards?</span></span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: inherit;">Enjoy :) </span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: inherit;">Lachlan</span></div>
<div style="text-align: justify;">
<br /></div>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-38431515469539863312012-02-22T21:00:00.002+00:002012-02-24T15:40:00.414+00:00Roundup of new articles over at Naked Security<div style="text-align: justify;">
<u><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>New Naked Security Articles </b></span></u></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">I've been busy writing more articles for <a href="http://nakedsecurity.sophos.com/author/nslachlan/">Naked Security</a> and I thought it might be a good idea to periodically provide an update of them here too. The links to the original articles are provided with a little blurb and any important updates since the stories were posted too. Please check them out, and (hopefully) enjoy!</span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: left; margin-right: 1em; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="http://static.guim.co.uk/sys-images/Media/Pix/pictures/2012/2/15/1329307694889/Acta-Bulgaria-007.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="192" src="http://static.guim.co.uk/sys-images/Media/Pix/pictures/2012/2/15/1329307694889/Acta-Bulgaria-007.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">ACTA Protests in Bulgaria - Photo from The Guardian</td></tr>
</tbody></table>
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>1) <i><a href="http://www.blogger.com/goog_333829939">What's all the fuss about ACTA?</a> on 06/02/2012</i> </b>- In this article I was discussing myths floating around about ACTA, and what can be done to re-instill some democracy into the secretive negotiation and signing process. Widespread protests, following signing in Europe, spread through Poland and other European countries. This brought awareness of ACTA to the fore, and since writing the article further protests have led Germany, The Netherlands and Bulgaria to denounce and<a href="http://www.guardian.co.uk/technology/2012/feb/15/acta-loses-more-support-europe?newsfeed=true"> refuse to ratify</a> ACTA. Just today it was announced that it will be referred to the <a href="http://www.telegraph.co.uk/technology/news/9098744/ACTA-referred-to-European-Court-of-Justice.html">European Court of Justice for consideration.</a></span></div>
<div style="text-align: justify;">
<div style="text-align: center;">
<br /></div>
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">Importantly, negotiations of another sinister trade agreement based acronym are underway in private...the TPP or <a href="http://arstechnica.com/tech-policy/news/2012/02/beyond-acta-next-secret-copyright-agreement-negotiated-this-weekin-hollywood.ars">Trans-Pacific Partnership</a>. I'm intending to write about this in the near future too.</span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2009/7/16/1247747191795/Gary-McKinnon-001.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="192" src="http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2009/7/16/1247747191795/Gary-McKinnon-001.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Gary McKinnnon - Photo from The Guardian</td></tr>
</tbody></table>
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">2) <i><b><a href="http://nakedsecurity.sophos.com/2012/02/10/should-having-autism-be-a-legal-defence-to-hacking-charges/">Should having autism be a legal defence to hacking charges?</a></b> <b>on 10/02/2012</b> - </i>I tried to answer this tricky question posed on <a href="http://www.blogger.com/goog_333829982">Channel 4</a></span><span class="Apple-style-span" style="font-family: arial, helvetica, sans-serif;"><a href="http://www.blogger.com/goog_333829982"> </a></span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><a href="http://www.channel4.com/news/can-autism-be-used-as-hacking-defence">News</a>. The cases of <a href="http://freegary.org.uk/">Gary McKinnon</a> and alleged Lulzsec hacker <a href="http://www.bbc.co.uk/news/uk-13916090">Ryan Cleary</a>, both who have Asperger Syndrome, have raised legal questions about the impact of their condition.</span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"> Here is an excerpt of my thoughts from one of my comments. </span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><span class="Apple-style-span" style="line-height: 16px;"><br /></span></i></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><span class="Apple-style-span" style="line-height: 16px;">People with autism have a very clear understanding of the notions of right and wrong. Professor Baron Cohen found that for Gary McKinnon, his Asperger Syndrome led him to weigh up right and wrong in a manner that seemed morally right to him at the time. However, he did not fully appreciate or foresee the severity of the consequences due to his condition (and "<a href="http://en.wikipedia.org/wiki/Mind-blindness">mind blindness</a>").</span></i></span><span class="Apple-style-span" style="line-height: 16px;"> </span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><span class="Apple-style-span" style="line-height: 16px;"><br /></span></i></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><span class="Apple-style-span" style="line-height: 16px;">For Gary, he believed finding and disseminating information to the world about UFO's was the right thing to do because it would benefit humanity. This is despite having to hack into NASA &The Pentagon etc to get the information.</span></i></span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><span class="Apple-style-span" style="line-height: 16px;"> </span></i></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><span class="Apple-style-span" style="line-height: 16px;"><br /></span></i></span></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><span class="Apple-style-span" style="line-height: 16px;">This balancing of interests clearly contrasts with the conclusion someone without the condition may reach. For them the awareness of breaking many laws and fear of prison would be enough incentive to stop hacking. </span></i></span></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><span class="Apple-style-span" style="line-height: 16px;"><br /></span></i></span></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><span class="Apple-style-span" style="line-height: 16px;">Is it fair then that someone, who by virtue of their autism has an altered perception of the situation, could be treated the same as someone without the condition?</span><span class="Apple-style-span" style="line-height: 16px;"> </span></i></span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><span class="Apple-style-span" style="line-height: 16px;"><i>I am trying to say that because autism is a spectrum disorder it affects all individuals differently. Therefore, any argument should be on a case-</i></span></span></span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i>by-case basis, with expert assessment.</i></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><br /></i></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i>Perhaps there should be more provisions in place within the legal system to handle a range of outcomes. This is why I don't think having autism should provide an absolute defence. There has clearly been wrongdoing when hackers with autism break into computer systems searching for UFO evidence or otherwise. </i></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><br /></i></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i>However, maybe there should be other legal measures in place to reflect the defendant's position, like creating a partial defence allowing lowering of charges, or a shortening of sentence. </i></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><br /></i></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i>Although these measures could be achieved when sentencing is carried out (by incorporating mitigating circumstances), maybe it needs to be a bigger factor than just in the sentencing stage."</i></span></div>
<div style="text-align: justify;">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><i><br /></i></span></div>
<div>
Please read the whole article though and let me know what you think.</div>
<br />
<b><a href="http://nakedsecurity.sophos.com/2012/02/10/should-having-autism-be-a-legal-defence-to-hacking-charges/">3) <i>Who has better privacy laws: USA or European Union?</i></a><i> on 15/02/2012 - </i></b><br />
<br />
In my opinion, the European Union, by far. When reading an article in <a href="http://www.pcworld.com/article/249558/protect_our_data_a_digital_consumer_bill_of_rights.html">PCWorld</a> proposing a US digital consumer bill of rights , I was struck by how many of those rights already exist in Europe. This led me to discuss the current sate of EU Data protection laws and outline how reforms in the new Data Protection Regulation will further change data subject protections.<br />
<div>
<br /></div>
<div>
I noted how the new law will "<i>create pro-consumer rights including a broader interpretation of what data is personal, demands for 'explicit' consent for data processing, develop a right to be forgotten, a right to object to data profiling and require greater portability of electronic data. In respect of data loss, there are new 24-hour data breach notification obligations</i>."<br />
<br />
In contrast I noted how the US have a "<i>more fragmented approach, with use of industry self-regulation, sector-specific standards (for finance, children rights, federal bodies and healthcare), and state-level rules. Broad constitutional privacy protections in the Fourth Amendment exist too. The US Federal Trade Commission plays an enforcement role, has privacy guidelines, and pushes initiatives like <a href="http://news.cnet.com/8301-31921_3-20123158-281/ftc-official-do-not-count-on-do-not-track-just-yet/">Do Not Track </a>for online marketing. But there is no single body with a sole data protection focus in the US</i>."<br />
<br />
<b><a href="http://nakedsecurity.sophos.com/2012/02/17/canadian-politician-accuses-bill-opposition-of-siding-with-child-porn-peddlars/">4) <i>Canadian politician accuses bill opposition of siding with child porn peddlars</i></a><i> on 17/02/2012</i></b><br />
<br />
The Canadian Bill C-30 seeks new rules for lawful access by law enforcement. It was comments by Canadian Pubic Safety Minister, Vic Toews that brought the bill into popular media last week. He stated that critics of the bill were on the side of child pornographers. This ridiculous statement did nothing for allowing a rationale debate and I wanted to look past this to see what Bill C-30 actually proposes. <br />
<br />
It establishes rules for regulation of surveillance, including interception guidelines and obligations. Controversially, it also includes rules permitting law enforcement to approach telecoms companies (telcos) and Internet service providers (ISPs) to demand subscriber data without applying for a warrant. </div>
<div>
<br /></div>
<div>
The government have argued this is just the modern equivalent of phone book information but when you look at s16(1) of the bill it shows it includes your IP addresses, subscriber ID email address, phone number, name and address.<br />
<br />
Professor Michael Geist provided some very useful ideas on improving the Bill to find a compromise, which I discuss and quote in the article. Regulation of surveillance legislation plays a very important role in protecting privacy, and therefore it is important Bill C-30 doesn't fail. It has been pulled back for further revision by the government, and hopefully they will find a middle ground between law enforcement interests and privacy.<br />
<br />
UPDATE 24/02/2012 - Michael Geist has <a href="http://www.michaelgeist.ca/content/view/6339/125/">suggested 12 recommendations</a> on how to fix Bill C-30, well worth reading.<br />
<br />
<b><i><a href="http://nakedsecurity.sophos.com/2012/02/22/imp-or-ccdp-who-cares-its-still-storing-your-data/">5) Interception Modernisation Programme or Communications Capabilities Development Programme? Who cares its still storing your data</a> </i>on <i>22/02/2012</i></b><br />
<br />
Today I uploaded a story about the Coalition resurrecting the lambasted Interception Modernisation Programme (IMP), which is now known as the Communications Capabilities Development Programme (CCDP). </div>
<div>
<br />
The Coalition parties slated Labour for the IMP, rightfully calling it "reckless". When they came to power they committed to ending storage of internet and email records without good reason.</div>
<div>
<br />
Nevertheless, we somehow have the CCDP, with <span class="Apple-style-span" style="font-family: arial, helvetica, sans-serif;">the formal plans to be published by the end of April 2012, and implemented by the end of June 2015.</span> As <a href="http://www.openrightsgroup.org/press/press-releases/email-and-internet-spy-plans-revived-by-coalition">Jim Killock</a>, Executive Director at the Open Rights Group said "<i>Labour's online surveillance plans have hardly changed but have been rebranded. They are just as intrusive and offensive."</i> <br />
<br />
The CCDP wants, like the IMP, to have ISPs and telcos create databases of communications data for spooks and police to access at their convenience. According to a <a href="http://www.telegraph.co.uk/technology/internet/9090617/Phone-and-email-records-to-be-stored-in-new-spy-plan.html">Telegraph report</a>, it will define the "who, when and where" of data subjects, including email addresses, IP addresses, phone numbers, time, location, data sender and recipient. It also allows spooks to monitor real time email and text traffic, and social media communications like instant messages on Twitter and Xbox Live. <br />
<br />
Once again, there are many things to object to with this, not least its lack of necessity and impact on privacy. There are laws on interception and access to communications data already in place, and the justification of a mass surveillance mechanism like this is unfounded.<br />
<br />
Beyond this there are security issues of privately held databases, policy issues incorporating companies into public policing practices (despite their lack of public accountability/transparency) and importantly, the potential for scope creep by storing data "just in case" it becomes useful. <br />
<br />
I discuss these in more depth in the article, so please check it out and let me know what you think.</div>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-4644914575971574862012-01-12T21:27:00.001+00:002012-01-12T21:36:54.092+00:00Writing on Naked Security blogFollowers of my Twitter feed may have noticed I have been writing for the Naked Security blog lately. This award winning news service is run by computer security firm Sophos. I am writing about legal IT current affairs and although I am not posting as frequently on this domain, I will regularly be writing about current developments in the IT world with a legal twist <a href="http://nakedsecurity.sophos.com/author/nslachlan/">here</a>.<br />
<br />
<a href="http://a3.twimg.com/profile_images/1499907421/naked-security-square-logo.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="http://a3.twimg.com/profile_images/1499907421/naked-security-square-logo.jpg" width="200" /></a>Some of my recent posts are:<br />
<br />
1) Yahoo!'s $610m anti spam win and why it is <a href="http://nakedsecurity.sophos.com/2011/12/08/is-yahoos-610-million-anti-spam-win-meaningless/">meaningless</a>. <br />
2) Forced decryption/password disclosure and the 5th Amendment in the USA with US v Fricosu.<br />
I also looked at how the equivalent situation might pan out in the UK <a href="http://nakedsecurity.sophos.com/2012/01/09/can-you-be-forced-by-law-to-decrypt-your-computer-us-v-fricosu-court-case-rages-on/">under RIPA s49</a>.<br />
3) Most recently looking at the new ICANN gTLD registration program and the risks from <a href="http://nakedsecurity.sophos.com/2012/01/12/icann-now-accepting-new-gtld-applications-are-cybersquatters-still-a-real-risk/">cybersquatting</a>.<br />
<br />
Please keep an eye on Twitter for these short articles. Thanks. <br />
<br />
<br />
<br />
<br />Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-91389554610555359082011-11-30T00:17:00.001+00:002011-12-01T00:09:06.146+00:00Early impressions of the new UK Cyber Security Strategy<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://images.defensetech.org/wp-content/uploads//2010/05/Computer-Hackers1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="212" src="http://images.defensetech.org/wp-content/uploads//2010/05/Computer-Hackers1.jpg" width="320" /></a></div>
On Friday 25th November, the UK Government released their <a href="http://www.cabinetoffice.gov.uk/news/protecting-and-promoting-uk-digital-world">Cyber Security Strategy for "Protecting and promoting the UK in a digital world"</a>. This document follows closely on the heels of the FCO organised '<a href="http://www.fco.gov.uk/en/global-issues/london-conference-cyberspace/">London Conference on Cyberspace</a>' at the beginning of the month. Such high profile events are showing the importance of cybersecurity and management of threats on the UK Government mainstream political agenda. The declaration of cyber-security as a Tier 1 threat, and the much-cited investment of £650 million into the four-year <a href="http://www.bbc.co.uk/news/technology-13599916">National Cyber Security Programme</a> (NCSP) further prove the commitment. This document sets out a UK strategy to be achieved by 2015 and provides the outline for future regulatory approaches to these developing risks.<br />
<div class="MsoNormal">
<br />
It states in rather utopian language (taking lessons from the UN clearly...) -</div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
"<i>Our vision is for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society</i>"<o:p></o:p><br />
<br />
Despite this laudable sentiment, there has been criticism that the Strategy provides insufficient coherency for realisation of many of its aims. The <a href="http://www.bcs.org/content/conWebDoc/42963">Chartered Institute of IT</a> notes that a framework for greater integration between public bodies, industry and individual citizens is required. Overlooking the lack of explicit detail at this stage, the Strategy does indicate key areas of investment and development for the next three years. I provide discussion of a few aspects that I found interesting. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
In relation to the NCSP fund mentioned above, the Strategy provides indication of the financial breakdown. The two highest sums are 59% (£383.5m) going to a "Single Intelligence Account" to build cross cutting capabilities including Information Assurance (for classified purposes at GCHQ) and 14% (£91m) going to the Ministry of Defence (for mainstreaming cyber in defence). The Home Office is next in line with 10% (£65m) then another 10% (£65m) to Government ICT. The Cabinet Office gets 5% (£32.5m) and BIS 2% (£13m).<br />
<br />
The Strategy clearly acknowledges the importance of strong intelligence and the expertise of GCHQ. The Government wants the UK to pave the way as a leading environment for secure e-commerce and online activity. Development of the 'public/private hub of expertise on cybersecurity' is going to provide practical assistance in this regard. The development of defence technologies by increasing partnerships between GCHQ, private firms and academia is an area where the government foresees growth. Beyond this, a proactive approach to cyber-defence is also creating <a href="http://www.telegraph.co.uk/news/uknews/defence/8916960/Britain-prepares-cyber-attacks-on-rogue-states.html">offensive </a>technologies, which William Hague noted in <a href="http://www.telegraph.co.uk/technology/internet/8833268/William-Hague-Britain-faces-growing-cyberspace-arms-race.html">October</a>. This highlights the UK's role within the increasingly publicised <a href="http://www.post-gazette.com/pg/11296/1183849-109-0.stm">global cyber arms race</a>.<br />
<br /></div>
<div class="MsoNormal">
GCHQ estimates "<i>80% or more of currently successful attacks exploit weakness that can be avoided by following simple best practice</i>". The strategy frequently reiterates the need to <i>detect </i>threats and to empower individuals and firms. NATO at the Lisbon Summit also acknowledged the need to prevent, <i>detect</i> and defend against and recover from cyber attacks. Considering that such a high percentage of risk is attributable to avoidable weaknesses, it is important to question how detection systems (through intelligence and surveillance) can operate in a manner that addresses these weaknesses but still respects rights of individuals, particularly privacy. The strategy makes several acknowledgements of the importance in maintaining privacy. In s3.5 privacy is mentioned in relation to individual and collective security and secondly alongside the need to protect intellectual property (s3.6). With regard to intellectual property, an interesting development is its newly defined determination as part of critical infrastructure (when its loss causes significant economic damage to the UK). Integration of IP protection into cybersecurity policy seems a curious path and suggests future legislative developments with formal consideration of IP with national security interests as opposed to merely economic ones. Importantly for this, the parameters of what is defined as relevant IP will be key. Protecting IP pertaining to military designs and certain industrial property has clear correlation with national interests if considered in relation to cyber-espionage. In other contexts defining the relevant forms of IP to protect may be less obvious.<br />
<br />
It is noted that because most of cyberspace infrastructure is owned by private companies, there is great need for "<i>private organisations to work in partnerships with each other, government and law enforcement agencies, sharing information and resources, to transform the response to a common challenge and actively deter the threats we face in cyberspace</i>". These partnerships are recognition of the need for new governance methods, and as long as respective interests are balanced they seem a positive development. However, Lessig in the bible of cyberspace regulation, Code v2.0, noted the risks of seamless integration of law and technological architecture to create a system of perfect regulation in cyberspace. He acknowledges the necessity of a trigger to force this interaction, in this case security issues. It is important to remember that as new security centric governance structures are developing, balanced and proportionate regulation is essential. Proportionality is mentioned in the Strategy, but as many post 9/11 legislative developments have shown, when faced with balancing security and privacy, the government often struggles to achieve the correct balance. The real challenge for this Strategy is foreshadowing effective governance structures that addresses security challenges whilst maintaining respect for individual rights.<br />
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
An interesting facet of the strategy is building <i>international</i> consensus through the 'soft law' mechanisms of 'norms of behaviour' in cyberspace. The Internet is already fragmented by regional territorial implementation of distinct norms where online practices in one country are well-established, but vehemently rejected in other (by government and citizens). These vary from cultural, religious and political filtering to shutting down communications infrastructure for controlling freedom of speech and association to increasing roles of online intermediaries to tackle issues like IP piracy. Attempting to establish norms in relation to a sensitive topic like national cyber-security seems even less likely to bear productive results. Ultimately it seems more likely internationally the result shall be diplomatic agreements and political commitments, that can be derogated from without formal sanction.<br />
<br />
In terms of hard international laws, the UK as Chair of the Council of Europe for six months has made a renewed commitment to persuade other countries to develop compatible laws with the Cybercrime (Budapest) Convention. There is also a commitment at a domestic level to raising awareness of cyber specific sanctions for cyber offences within the UK judiciary. Considered in conjunction with the review of the Computer Misuse Act 1990, this may result in a range of new offences in the revised legislation, fit for purpose in this age. Another area of focus is cross border law enforcement with cooperation and prevention of safe havens. Although this approach seems more plausible in Europe (where information sharing system like <a href="http://www.npia.police.uk/en/9619.htm">Schengen I</a> - with II on its way - already exist) for other non-European countries this seems a more unobtainable. Domestically, the establishment of a cyber crime unit in the new <a href="http://www.homeoffice.gov.uk/crime/nca/">National Crime Agency</a> (NCA) will draw on expertise of <a href="http://www.soca.gov.uk/">Serious Organised Crime Agency </a>(SOCA) and the <a href="http://www.met.police.uk/pceu/">Met Police Central e-Crime Unit</a> (PCeU). </div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The Government indicates increased self-regulation of risks by the public. The <a href="http://www.getsafeonline.org/">Get Safe Online</a> campaign, security kitemarks and increasing responsibilities of ISP's to guide individuals are some of the education focussed measures mentioned. Although there is a clear role here for consumer awareness, the efficacy of these measures will remain to be seen, particularly with kitemarks. On first appearance they sound like a bit of a red herring and susceptible to fraudulent applications. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Whilst this Strategy provides interesting reading of developments to expect over the next three years, there are certain risks and pitfalls. The extrapolation of specific frameworks from this Strategy will be essential for creating proportionate and balanced regulatory structures. Without doing so, the damage to UK online business, national security and individual rights will be significant.</div>
<div>
<br /></div>
<div class="MsoNormal">
</div>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-88454278724690631562011-11-22T00:37:00.001+00:002011-11-26T11:25:46.246+00:00Creativity or Security? The increasing role of smartphone Malware<br />
<div class="MsoNormal">
Whilst in the midst of completing a longer blog post looking
at DDoS: law and technologies (still to be completed) I was taking a break and
listening to the Guardian online podcast, <a href="http://www.guardian.co.uk/technology/audio/2011/nov/15/tech-weekly-adobe-flash-mobile-phones">Tech Weekly</a>. Interestingly, the final
discussion on this week’s program was considering smartphone security, and
involved an interview with mobile security firm, Lookout. The report
highlighted a couple of interesting points that I felt worthy of constituting a
small blog post here. <o:p></o:p></div>
<div class="MsoNormal">
<br />
The extent of vulnerabilities in
this domain, are significant and a
report on <a href="http://arstechnica.com/tech-policy/news/2011/11/juniper-reports-skyrocketing-android-malware-infections.ars">ARS Technica</a> last Friday documented statistics from Juniper Networks showing
Android malware increased 500% since May 2011. This is on top of an
increase of 400% from Summer 2010 to May 2011. When one consider the recent <a href="http://stakeholders.ofcom.org.uk/binaries/research/cmr/cmr11/UK_Doc_Section_5.pdf">Ofcom Communications Market Report</a> from August 2011 showing that 27% of UK adults and 47% of teenagers own smartphones (with
59% obtaining them in the last year) the implications of malware growth for UK
citizens are increasingly significant. Within these statistics a large
component of smartphone ownership are Android devices, and on a global level
Android remain the dominant OS for smartphones with a <a href="http://www.wired.com/gadgetlab/2011/11/android-dominates-q3-2011/">52.5% dominance in 2011 Q3</a>. The Tech Weekly report highlighted, perhaps obviously, that
downloading of 'apps' from the app market places are the primary source of malware in smartphone handsets. The importance of this are when one considers the distinct
ideologies of retained manufacturer control over app marketplaces that create fragmented domains of threats. The arbitrarily imposed and commercially guided parameters that entities like Apple,
RIM, Windows and Google define can result in significant implications for mobile security. Furthermore, these governance procedures develop an environment where the user trades their relative freedom (to interact with content outside these arbitrary parameters) for a secure enclosed environment. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
To take an example, the closed, 'walled garden' of the Apple App Store is renowned for imposing strict and extensive limitations on app developers. Before even appearing on the App Store market, they have had to
comply with a comprehensive range of norms established by Apple. UAE academic Daithi MacSithigh, (who is speaking in Edinburgh on the <a href="http://www.law.ed.ac.uk/ahrc/events/eventslist.aspx">23rd </a>of November) has produced some fantastic <a href="http://www.scl.org/site.aspx?i=we22622">presentation</a>s documenting the unusual and at times humorous clauses in the Apple Developer agreement. The well-rehearsed arguments within Internet governance circles of <a href="http://futureoftheinternet.org/">Jonathan Zittrain's thesis 'The Future of the Internet'</a> have introduced the concept of 'generativity'. This is “<i>a system's
capacity to produce unanticipated change through unfiltered contributions from
broad and varied audiences</i> ". With more than a hint of romanticism regarding the role of 'generativity', he notes the role of and shift towards closed, 'sterile' technological
platforms, like Apple iOS. In contrast to the generative technologies of the 'PC/Internet' combination, the norms are no longer unfettered creativity for the end user, but instead extensive manufacturer retained control. He acknowledges within his own thesis that 'generativity' itself has led to the growth of 'sterile' technologies. This is because the virtues of creativity and freedom that
generative technologies provide are used by many to instead develop malicious software for nefarious purposes. In turn, to combat this companies
like Apple ensure the interests of their consumers are catered for by maintaining a closed domain for apps, reducing exposure to vulnerabilities within a highly regulated environment.</div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
In contrast, the Android market place is a relatively 'open' domain. A useful indicator of this fact is to conduct a comparison of the length of developer
user agreements. <a href="http://www.android.com/us/developer-content-policy.html">Android provide a short and easily accessible document</a> (unlike the seemingly unobtainable tome that is the Apple Developer agreement). The lack of scrutiny over developers guidelines and the uploading of
content, in the Android domain create a much more generative platform. However, there seems to be at least an ostensible link to
the growth in malware indicated in Friday's ARS Technica report. The significant extent of Android malware, also discussed in the <a href="http://www.scribd.com/doc/62909369/McAfee-Threats-Report-Q2-2011">McAfee 2011 Q2 report</a>, is contrasted against the low level of iOS/iPhone based vulnerabilities. To what extent this is attributable to the 'open' generative system is unclear, but the issue here is the impact on market guided regulation through consumer decisions. Shall the protection of the 'Apple model' increasingly determine the fate of more 'open' platforms like Android? Instead, could antivirus companies protect Android consumer interests and thus retain the relative creativity of a more generative platforms and app stores? Or could industry standards grow that incorporate minimal markers of security by design? Where if these standards are not adhered to then the app is clearly malware and not admitted into the marketplace?<br />
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
An interesting aspect raised on the podcast relates to the changing business model of companies providing antivirus (AV) services. Instead of relying on software on the terminal equipment, companies are indicating the benefits of cloud computing. <a href="http://www.circleid.com/posts/20111115_taking_the_leap_to_cloud_based_malware_inspection/">An article on CircleID</a> explains the shift and benefits of cloud based architectures for AV services, for both PC's and smartphones. They create the <i>scalability</i> to match the pace of increasing volumes of malware, increased <i>efficiency</i> in analysing malware in one location as opposed to on multiple terminals and it creates an ability to spot aspects of malware earlier, allowing an ex ante as opposed to ex post approach due to the broader <i>range of visibility</i>. In the mobile Internet domain, Lookout scan software in the app marketplace and spot trends in apps that indicate potential malware. This often results in removing the offending material before the consumer even has a chance to download it. It is often argued that education of risks to consumers is the answer to many online problems. Although awareness is undoubtedly useful, this approach of predicting risks in the marketplace (through technical markers) and removing malware before consumers download the offending product seems a positive one.</div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<o:p>What these developments suggest is that the business models of different smartphone platforms and app stores can increase vulnerabilities of consumers to malware, and consequently the negativity of their consumer experience. Instead of moving solely to systems where imbalanced levels of control are vested in the manufacturer, new business models from the antivirus market seem to provide a means of protecting consumers whilst still allowing more 'open' app distribution domains to survive. </o:p>In this regard, smartphone malware could appear as a dominant driver that will push consumers to vote with their feet and force new business models for smartphone manufacturers.The issues shall be will this be the less creative but more secure cosy sheltered domain of Apple or the wild 'open' and 'generative' app marketplaces. It seems to me that the most positive outcome is retention of the creative platforms, but increased integration with AV companies sniffing out threats and warding off wayward outlaws, whilst allowing the user relative freedom to continue on their own self determined path.<br />
<br />
Note 1 - This Wired article highlights the issues with cybercrime statistics and to take them as indicating a problem but perhaps with a pinch of salt, the huge figures cited of 900% increase in smartphone malware since Summer 2010 may be such an example... http://www.wired.co.uk/magazine/archive/2011/12/ideas-bank/cybercrime-stats </div>
<div>
<div id="ftn3">
</div>
</div>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com1tag:blogger.com,1999:blog-3472866637651090615.post-71200156703763506992011-06-23T01:24:00.132+01:002011-06-24T14:58:22.190+01:00Deciding on our own digital death or forever stuck in the clouds?<h3 class="post-title entry-title" style="text-align: justify;"><span class="Apple-style-span" style="font-size: small; font-weight: normal;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">Last week I attended a fascinating seminar </span></span><span class="Apple-style-span" style="font-size: small; font-weight: normal;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">by <a href="http://www.computing.dundee.ac.uk/staff/wmoncur/">Wendy Moncur</a> </span></span><span class="Apple-style-span" style="font-size: small; font-weight: normal;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">on the postdoctoral research she is conducting into digital inheritance and what happens to digital data and assets after the data subject dies. It inspired me to outline some of my own thoughts below.</span></span></h3><div style="margin-bottom: 0cm;"><div style="text-align: justify;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.womanaroundtown.com/wp-content/uploads/2010/08/facebook-graveyard-image-1-6899212161-520x347.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="133" src="http://www.womanaroundtown.com/wp-content/uploads/2010/08/facebook-graveyard-image-1-6899212161-520x347.jpg" width="200" /></a></div><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">It is a fact not in need of repetition that we all die. But our online lives, through lack of individual management and frequent lack of online service providers (OSPs) guidance, do not fully reflect this fundamental certainty. Admittedly in the social networking world there is greater awareness, with online reminders of the fragility of life through memorialised Facebook profiles. This practice, in stark contrast to the conventional slab of engraved granite, provides an easily accessible and virtual memorial to the deceased user. It is also a practical response which stops the issues caused by friends of a deceased Facebook user being urged to get in touch and reconnect with a dead friend, causing clear emotional upset (see report <a href="http://www.telegraph.co.uk/technology/facebook/6445152/Facebook-introduces-memorial-pages-to-prevent-alerts-about-dead-members.html">here</a>). But, overall many OSPs don't have sufficient provisions in place for managing a user's digital assets upon death. Coupled with lack of user awareness this creates a problem which will grow in significance as online service users get older. </span></div></div><div style="margin-bottom: 0cm;"><div style="text-align: justify;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">Memorialising social networking profiles highlights one aspect of why lack of user awareness about use of data after death will become increasingly problematic. This is because these activities are using the deceased's data in a manner which they may not have consented to if they had been given the opportunity. It is up to others what information is preserved in the memorial, but when one considers the possibility that this may include compromising snapshots of overly drunken ventures or embarrassing past social updates, these being 'immortalised' on the world's favourite social network might not be the best way to be remembered. OSP users are not provided guidance from the OSP and will seldom provide expression of their own wishes, so this is how many might be remembered. Although one could argue that the deceased consented to their association with photos or activities whilst alive,but the problem is that upon death (without use of an Ouija board or TARDIS) the subject can no longer revoke their consent and disassociate, remove or destroy the content. Instead, this decision is being exercised by someone else who may not apply the same scrutiny as the deceased would have preferred. However, as shall be seen below, even if the deceased has made expressed wishes through a will or other means, the guidance may still not be actionable. </span></div></div><div style="margin-bottom: 0cm;"><div style="text-align: justify;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">The increased use by individuals of online services to store and manage digital assets results in these assets being stored outside the owner's direct control. The move to alternative storage methods shows no signs of slowing with recent announcements of new services like Google's Chromebook or Apple's iCloud which will move even more data into the respective clouds. The vast plethora of Web 2.0 applications, often from companies incorporated outside the UK, like Flickr, Facebook and Blogger, also highlight the difficulties caused by the global nature of the internet and the associated issues of ascertaining the location of servers, for example, to determine applicable law and relevant jurisdiction. Many OSPs bind the user with standard form contracts in the shape of privacy policies and end user agreements which contain non negotiable terms specifying jurisdiction and choice of law. As consumer contracts these may be interpreted in favour of the user but nevertheless other terms which may go against the interests of the deceased user and remain valid in the form contracts. Flickr for example states that upon death there are no rights of survivorship and no transferability of digital assets, to quote:</span></div><div style="text-align: justify;"><span class="Apple-style-span" style="line-height: 17px;"><span style="line-height: 1.5;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br />
</span> </span></span></div><div style="text-align: justify;"><span class="Apple-style-span" style="line-height: 17px;"><span style="line-height: 1.5;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">s26.9 - Your Yahoo! account is non-transferable and any rights to your Yahoo! ID or contents within your account will be cancelled upon your death. If we receive a copy of a death certificate, the relevant account may be cancelled and all its contents permanently deleted.</span></span></span></div><div style="text-align: justify;"><span class="Apple-style-span" style="line-height: 17px;"><span style="line-height: 1.5;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br />
</span> </span></span></div><div style="text-align: justify;"><span class="Apple-style-span" style="line-height: 21px;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">This clause is non negotiable and because so few users actually read terms of use, many may not be aware of this procedure upon death. As Flickr is a site for photographs there may be valuable digital assets attached to a user's account. But this OSP has already determined the use of data after death and </span></span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">the user, even if they had noticed this term, would still not have had any opportunity to negotiate. So, even if an individual had taken the foresight to specify their wishes for use of (economic and sentimental) valuables stored on Flickr or many other services by providing guidance or passwords through services like Legacy Locker or within their will, the contract may render these wishes irrelevant. </span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">This seems a rather unfair system and it could be questioned if the overly one sided and non-negotiable nature of form contracts with terms that are against the interest of the users assets be deemed them unfair contract terms and then legally challengeable? Furthermore, if contracts from various OSP's are all drafted differently then digital assets will be handled in a different manner depending on the OSP. Such a system seems clumsy and would be confusing for the family or executor trying to track down assets and wind up an estate. A far more efficient regulatory model, in my opinion, would find ways of adjusting succession laws to take greater consideration of managing digital data by requiring all OSP contracts to have fair and uniform terms for management of data upon death, effective use of bottom up societal responses through norms and adaptive innovations (like Legacy Locker...) but also through clever use of technological code.</span></div></div><div style="margin-bottom: 0cm;"><div style="text-align: justify;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br />
</span></div></div><div style="margin-bottom: 0cm;"><div style="text-align: justify;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">An interesting aspect of legal regulation is the potential use of copyright as a means of managing rights in creative works upon death. This may counteract the prevalence of unfair contract terms outlined in the Flickr example above. By using copyright to enforce rights of the deceased creator, could there be any claims for asserting liability or claiming compensation over assets which are locked into a platform or have then been deleted as per a term of a form contract? Could the executors assert the moral rights of the deceased in the copyrighted work and claim that the work should not have been destroyed? This seems an interesting route for protecting the deceased's works but might suffer from the fact that the deceased should have had other copies of the media and not purely rely on the copy uploaded to the platform like Flickr. Furthermore, the uploaded photo will only be a licensed form of the original and the author thinks that it would be difficult to assert that the contract term was unfair when it applies to a licensed copy and the onus probably existed on the deceased to have retained the original. </span></div></div><div style="margin-bottom: 0cm;"><div style="text-align: justify;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br />
</span></div></div><div style="margin-bottom: 0cm;"><div style="text-align: justify;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">Another area that I think may become problematic is in data which has been anonymised by an OSP for storage on servers and databases. Often this kind of data changes the applicable data protection laws, as they may reduce or remove the obligations on the data controller if the data is in anonymised form (jurisdiction dependent). Anonymised data, by its nature, is intended not to pertain to an individual, but the ease of correlating information to de-anonymise it and then rediscover who it relates to raises questions about how this anonymised data can be managed when the original subject has died. This data then re-establishes itself to the deceased but may not have even been considered within the remit of the estate or digital patrimony. Would it be possible to build identifiers into the anonymised data where a tag allows it to be identified with the correct encryption keys, and upon death of the subject, could allow all anonymised items of data to be reassigned to the deceased's estate and thus remove any of the risks described above? Not being a computer scientist this may be a ridiculous proposition, but with strong enough encryption, to my mind, it does not seem utterly stupid...</span><br />
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br />
</span></div><div style="text-align: justify;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"></span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">By using code to enhance and improve existing technologies it creates a stronger regulatory system which can assist in managing the complex issues surrounding treatment of digital assets after death. These are just a few of the many issues caused by death and digital asset management and it is a fascinating area which has innumerable problems in need of solutions. Interdisciplinary approaches appear the strongest way forward and as always this requires a careful balancing of all law, code, norms and market to ensure good governance.</span></div></div>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-68985352208185365462011-02-08T23:17:00.000+00:002011-02-08T23:17:43.746+00:00blogofractal - xkcd<span class="Apple-style-span" style="font-family: Lucida, sans-serif; font-size: 16px; font-variant: small-caps; font-weight: 500;"></span><br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://imgs.xkcd.com/comics/blogofractal.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://imgs.xkcd.com/comics/blogofractal.png" width="287" /></a></div><h3 style="clear: both; font-family: Lucida, sans-serif; font-size: 12px; font-style: italic; font-variant: small-caps; font-weight: 800; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><a href="http://imgs.xkcd.com/comics/blogofractal.png">http://imgs.xkcd.com/comics/blogofractal.png</a></h3>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-39183138238740868092011-02-05T20:28:00.005+00:002011-02-05T20:46:47.159+00:00upcoming events<div style="margin-bottom: 0cm;"> Hello readers, I am writing to you from a rather storm battered but typically chilly Edinburgh. However, the weather is a small price to pay for living here because apart from the beautiful architecture, wealth of culture and its rich history it also means I can attend some of the events that are being run by Edinburgh University's SCRIPT Centre in the next couple of weeks (I had to try and link it in somehow...)</div><div style="margin-bottom: 0cm;"> This post is perhaps a bit eager as it would perhaps be more interesting for you to see what my thoughts are after I have attended the events but nevertheless I am quite excited about them so I just thought I would share that enthusiasm here! This post could also be seen as an advert to anyone in the central belt of Scotland who feels convinced by my enthusiasm that they would also like to attend! Anyway, I will post after I have attended to give a much more informative analysis but I for now here are my initial thoughts.<br />
The first event is a lecture from with Dr Rex Hughes looking at the concept of a 'Treaty for Cyberspace'. This is an interesting concept and on the basis of Dr Hughes past research I think it will be a treaty relating to issues of cybersecurity. This is highly topical when considered in light of proposals for new laws of engagement for cyberspace which are being discussed as I write at the 2011 Munich Security Conference. My initial feelings about such a concept seem drawn to issues raised by the dichotomy of state and non state actors online and how negotiation of a global instrument could address the broad range of stakeholder interests in a way which avoids an instrument marginalised by the most powerful lobbyists. The other issue for me is if a hard law instrument like a treaty could be drafted with enough flexibility to tackle new technological security challenges but not be so principle based to challenge its effectiveness. The fundamental concept is something that fascinates me and my concerns are more procedural than substantive.<br />
The second event is a conference/workshop looking at 'Wikileaks and the Law'. As you can see from my posts below I was fascinated by 'Cablegate' so I was naturally quite excited when I booked a place at this event last week. It has a broad remit dealing with the fundamental balance between security and privacy, the legal issues for the new kind of journalism Wikileaks embodies and jurisdictional issues pertaining to Wikileaks legal status. There are a broad range of contributors with legal practitioners, media representatives and academics, including Professor Lilian Edwards who is the new Professor of E-Governance (Internet Law) on my LLM course at Strathclyde University. It will be brilliant to listen to this wealth of opinion on such a fascinating topic.</div><div style="margin-bottom: 0cm;"> The third event is with Professor Charles Raab of Edinburgh University lecturing on reforms in information privacy policy from the UK perspective. I have been reading parts of his book the 'Governance of Privacy' and can recommend it as a comprehensive analysis in this area. The fairly recent Communication from the EU Commission looking at reform of the EU data protection landscape makes this again an area of key topical significance and I look forward to hearing what impact Professor Raab foresees the changes having on the UK. </div><div style="margin-bottom: 0cm;"> As already stated I will post some thoughts here after the events, but until then keep an eye on my Twitter feed for any nuggets of excitement from the micro-blogosphere.</div><div style="margin-bottom: 0cm;"><br />
</div><div style="margin-bottom: 0cm;">Thank you for reading :)</div><div style="margin-bottom: 0cm;"><br />
</div><div style="margin-bottom: 0cm;">Moose</div>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-56631064173715457942011-01-29T01:08:00.004+00:002011-02-02T11:38:10.234+00:00Twitter and Egypt Internet shutdownHello readers,<br />
<br />
As any of you may have noticed I have recently joined Twitter. It is a fantastic tool for keeping on top of developing news and provides a really useful constant feed of interesting information (although the usefulness does depend on what you choose to follow!). I wish I had started using it sooner instead of presuming it was merely a forum for people to post mundane details about their lives. I will have to try and avoid information overload though as there are many 'tweets' I wish to read and then 'retweet'.<br />
Anyway, I will be using Twitter quite a lot for highlighting what I feel are general points of interest but I will use this blog to cover bigger news stories and items requiring more in depth posts than the 140 characters allowed in Twitter.<br />
<br />
The unfolding situation in<a href="http://www.bbc.co.uk/news/technology-12306041"> Egypt</a> where the government has shutdown Internet, social networks and mobile phone access countrywide in an attempt to stop protests has been of great interest. It raises some interesting questions about the role of government in regulating internet intermediaries and also the capacity of the Internet as a communications tool to co-ordinate revolutionary movements. If one considers the role which social networking sites (SNS) during the recent Tunisian revolution and obviously the post election pro riots in Iran in 2009 it is clear why Mubarak is nervous of grassroots revolutionary movements being formed through SNS. Furthermore, the leaning of the government on the ISP's to use their technical capabilities for facilitating Internet shutdown sounds like a realisation of Lessig's prediction that government, given the political will, can and will use code to create a perfectly regulated space. There has been a wealth of commentary on this story and some key sources I have been using are academic Ethan Zuckerman <a href="http://twitter.com/#!/EthanZ">here</a>, Human Rights Watch <a href="http://www.hrw.org/">here</a> and the Harvard Berkman Center for Internet and Society <a href="http://cyber.law.harvard.edu/node/6603">here</a>.<br />
<br />
<br />
Moose<br />
<br />
EDIT 1: 02/02/11 - There is a podcast from the Guardian Tech Weekly with Aleks Krotoksi which features discussion on the Egyptian situation <a href="http://www.guardian.co.uk/technology/blog/audio/2011/feb/02/tech-weekly-podcast-egypt-internet">here</a>.<br />
It is also interesting to note the use of a new Google tool called "Speak to tweet" as a means of still communicating on SNS without Internet access. See <a href="http://www.techradar.com/news/internet/google-speak-to-tweet-helps-egyptians-stay-on-twitter-925451">here</a>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-23415868792831972112011-01-20T22:16:00.001+00:002011-01-20T22:17:07.176+00:00The Next Digital DecadeHello Readers,<br />
<br />
Apologies for my long absence over the festive period I have been snowed under with work. This is a quick post just to raise awareness about a fantastic new book released yesterday called The Next Digital Decade: Essays on the Future of the Internet. It has contributors such as Tim Wu, Jonathan Zittrain, Yochai Benkler and Milton Mueller. It looks very good and worth purchasing although it has also been released under a Creative Commons license and is available <a href="http://nextdigitaldecade.com/">here</a> if you would like it for free.<br />
<br />
Thanks<br />
MooseLachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-8322963254800060322010-12-15T00:22:00.004+00:002010-12-15T00:40:58.984+00:00"Wikileaks and the Information Wars"Good evening readers, there is a fantastic podcast which was released on the 08/12/10 available <a href="http://blogs.law.harvard.edu/mediaberkman/2010/12/08/radio-berkman-171/">here</a>. This has excellent commentary on the ongoing Wikileaks situation by eminent legal scholars Jonathan Zittrain and Lawrence Lessig. It is also available on iTunes if you subscribe to the Radio Berkman Audio Fishbowl podcasts. They are free and a fantastic resource for listening to current debate released by the Berkman Centre for Internet and Society at Harvard University. Zittrain has also published on this issue on his blog <a href="http://futureoftheinternet.org/blog">here</a>.<br />
<br />
MooseLachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-83723640934131053482010-12-10T12:09:00.002+00:002010-12-15T00:23:03.206+00:00Wikileaks<div style="margin-bottom: 0cm;">May I firstly extend my apologies to any followers of this blog as to the length of time it has been since my last post. I have been rather caught up in university work but had written down many proposals for blog ideas but never actually posted them. The result will be a flurry of posts over the next week or so. </div><div style="margin-bottom: 0cm;"><br />
</div><div style="margin-bottom: 0cm;">My first topic will be the Wikileaks situation which has highlighted some very interesting issues in the sphere of internet governance. </div><div style="margin-bottom: 0cm;"><br />
</div><div style="margin-bottom: 0cm;">One of the key elements engaging my interest has been the involvement of hacktivist group <a href="http://en.wikipedia.org/wiki/Anonymous_(group)">Anonymous</a>. Last night I read a <a href="http://www.bbc.co.uk/news/technology-11935539">news report</a> that they had deployed a <a href="http://en.wikipedia.org/wiki/Denial-of-service_attack">DDoS</a> attack on the Mastercard website through a voluntary 'botnet' using the 'Low Orbit Ion Cannon'. This was because Mastercard, among others, had withdrawn their donation services to Wikileaks. This is the latest in a string of DDoS attacks launched by Anonymous including targeting Paypal, Visa and PostFinance (a Swiss bank). Next on the list is Amazon who removed Wikileaks from their cloud servers on the basis of violation of the terms of use policy. This seems pretty hypocritical given they are now selling a Kindle version of the leaked cables! The customer reviews <a href="http://www.amazon.co.uk/product-reviews/B004EEOLIU/ref=cm_cr_dp_all_helpful?ie=UTF8&showViewpoints=1&sortBy=bySubmissionDateDescending">here</a> give some humorous insights including a query as to the allowed means of payment - could they use Paypal or Mastercard/Visa credit card to pay for a copy...?</div><div style="margin-bottom: 0cm;"><br />
</div><div style="margin-bottom: 0cm;">I believe that control and regulation is needed on the Internet to guarantee continued 'freedom' but I do not like the notion of private entities controlling liberal democratic values like freedom of speech. Obviously I am not condoning the use of the illegal DDoS attacks as a method of punishing companies who may well have had legitimate reasons under terms of use agreements to terminate their services... But I think the whole unfolding situation highlights a deeper point about how the Internet can be used to route around attempts to stop the spread of information. It is allowing users to guarantee freedom of speech through its very architecture. Irrespective of the attempts of various parties to stop it through denial of hosting or donation services the underlying network and users have created other channels by setting up mirror sites or torrents to ensure the proliferation of the leaked cable information.</div><div style="margin-bottom: 0cm;">Bearing in mind the Cold War credentials of the Internet as a communications network designed to withstand nuclear war it is comforting to see that the original beast is still very much alive. Growing challenges to the network from the increased control of the <a href="http://en.wikipedia.org/wiki/Internet_service_provider">ISP</a>'s or the prevalence of layered identification technologies could easily have diluted the key features from the <a href="http://en.wikipedia.org/wiki/ARPANET">ARPANET</a> to the extent it no longer circumvents attempts to stifle the information flow. It appears to be showing the true potential of the network for guaranteeing fundamental free speech or expression rights. I find it very interesting for future regulation models that in a world of ever more controlled and tethered platforms that the underlying infrastructure can still reroute around 'terms of use' policies or political pressures to such an extent.</div><div style="margin-bottom: 0cm;"><br />
</div><div style="margin-bottom: 0cm;">EDIT - this story moves so fast things get out of date very quickly!</div><div style="margin-bottom: 0cm;"><br />
</div><div style="margin-bottom: 0cm;">-Anonymous decided to <a href="http://www.bbc.co.uk/news/technology-11957367">abandon</a> the attack on Amazon last night favouring to target Paypal again.</div><div style="margin-bottom: 0cm;">-Also the Internet Society has issued an interesting newsletter <a href="http://isoc.org/wp/newsletter/?p=2706">here</a> worth a read.<br />
- Anonymous have released a statement which gives some context to their intentions <a href="http://dump.no/files/467072ba2a42/ANONOPS_The_Press_Release.pdf">here</a><br />
<br />
Thanks, Moose</div>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com1tag:blogger.com,1999:blog-3472866637651090615.post-32525985756903249582010-10-14T14:15:00.001+01:002010-10-14T14:16:07.125+01:00updated map of online communities for 2010 from xkcd<div class="separator" style="clear: both; text-align: center;"><a href="http://imgs.xkcd.com/comics/online_communities_2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="640" src="http://imgs.xkcd.com/comics/online_communities_2.png" width="548" /></a></div>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-6151662043872669202010-10-12T13:33:00.003+01:002010-10-14T14:41:36.060+01:00History<object height="340" width="560"><param name="movie" value="http://www.youtube.com/v/9hIQjrMHTv4?fs=1&hl=en_US&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/9hIQjrMHTv4?fs=1&hl=en_US&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="560" height="340"></embed></object><br />
<br />
<br />
<span class="Apple-style-span" style="color: #990000;">This is a very good video giving a breakdown of the development of the technology which underpins the modern day Internet.</span>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-29024440089277012482010-10-12T13:28:00.000+01:002010-10-12T13:28:10.587+01:00Jefferson's Moose<span class="Apple-style-span" style="color: #cccccc; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 12px; line-height: 16px;"><span class="Apple-style-span" style="color: white; font-size: small;"><span class="Apple-style-span" style="font-size: 11px; line-height: normal; text-transform: uppercase;"><b><br />
</b></span></span></span><br />
<div class="widget-content"><div class="blog-list-container" id="BlogList1_container"><ul id="BlogList1_blogs" style="line-height: 1.2; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><li style="clear: left; display: block; list-style-image: none; list-style-position: initial; list-style-type: none; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0.25em; padding-left: 0px; padding-right: 0px; padding-top: 0.25em; text-indent: 0px;"><script src="http://reason.tv/embed/video.php?id=757" type="text/javascript">
</script></li>
</ul></div></div>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-13211760081947869452010-10-02T00:56:00.000+01:002010-10-02T00:56:15.678+01:00<span class="Apple-style-span" style="clear: left; float: left; font-family: Lucida, sans-serif; font-size: 16px; font-variant: small-caps; font-weight: 500; margin-bottom: 1em; margin-right: 1em;"><img alt="Working for Google" height="106" src="http://imgs.xkcd.com/comics/working_for_google.png" style="border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px;" title="I hear once you've worked there for 256 days they teach you the secret of levitation." width="400" /></span>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-36959002134730116452010-10-01T16:36:00.003+01:002010-10-14T14:30:41.591+01:00<div style="font-style: normal; font-weight: normal; margin-bottom: 0cm; orphans: 2; widows: 2;"><span style="font-family: Times;"><span style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial;"><span class="Apple-style-span" style="color: #990000;">Hello followers, if there are any, time for me to actually post something. Due to work constraints this blog has remained virtually inactive all summer. I have now commenced my masters in IT and Telecommunications law at the University of Strathclyde in Glasgow and I intend to keep a much more comprehensive log of my opinions and ideas. It seems like it will be a brilliant course - I will be completing modules in e-commerce and internet governance for the first semester. Regulation of cyberspace and the various theories that surround it are where my primary interests lie. I am fascinated by concepts like Lawrence Lessig's "law as code" and the debate expounded by Jonathan Zittrain on the future of the internet as shaped by generative (or not) technologies. I am hoping that as I research more deeply into the area of internet governance I will discover new theories which I will critique and share here in the blogosphere.</span></span></span></div><div style="margin-bottom: 0cm; orphans: 2; widows: 2;"><span class="Apple-style-span" style="color: #990000;"><br />
</span></div><div style="font-style: normal; font-weight: normal; margin-bottom: 0cm; orphans: 2; widows: 2;"><span style="font-family: Times;"><span style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial;"><span class="Apple-style-span" style="color: #990000;">In the meantime I'll be posting random technological items of interest and anything else that seems vaguely relevant.</span></span></span></div><div style="margin-bottom: 0cm; orphans: 2; widows: 2;"><span class="Apple-style-span" style="color: #990000;"><br />
</span></div><div style="font-style: normal; font-weight: normal; margin-bottom: 0cm; orphans: 2; widows: 2;"><span style="font-family: Times;"><span style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial;"><span class="Apple-style-span" style="color: #990000;">Thanks for reading.</span></span></span></div><div style="font-style: normal; font-weight: normal; margin-bottom: 0cm; orphans: 2; widows: 2;"><span style="font-family: Times;"><span style="background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial;"><span class="Apple-style-span" style="color: #990000;">Moose</span></span></span></div>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0tag:blogger.com,1999:blog-3472866637651090615.post-35346291202022094442010-06-20T17:54:00.003+01:002010-10-14T14:39:47.170+01:00welcome<span class="Apple-style-span" style="color: #990000;">Welcome to my new blog. As the name indicates I will primarily be posting about the interaction between law and technology. However, it will not always be limited to serious discussion and I will update it with cartoons or videos which will diversify the content and provide some humour. I hope you enjoy it and feel free to contact me or comment.</span><br />
<span class="Apple-style-span" style="color: #990000;"><br />
</span><br />
<span class="Apple-style-span" style="color: #990000;">Thanks,</span><br />
<span class="Apple-style-span" style="color: #990000;"><br />
</span><br />
<span class="Apple-style-span" style="color: #990000;">Moose.</span>Lachlanhttp://www.blogger.com/profile/14007797137313940985noreply@blogger.com0