Posted: November 29th, 2010 | Author: Billy Barnes | Filed under: Privacy | No Comments »
In R. v. Gomboc, released last week, the Supreme Court considered whether the police violated the accused’s s. 8 rights by asking his electrical utility to install a digital recording ammeter to monitor his electrical usage. The majority held that it did not for various reasons (4 held that there was no expectation of privacy in such data, 3 that the expectation was defeated by regulation allowing the accused to opt-in to confidentiality). McLachlin C.J. (with Fish J.) dissented, stating “when we subscribe for public services, we do not authorize the police to conscript the utilities concerned to enter our homes, physically or electronically, for the purpose of pursuing their criminal investigations without prior judicial authorization.”
Posted: November 24th, 2010 | Author: Emily Shepard | Filed under: Featured, Internet, Policy, Privacy, Technology | No Comments »
Despite a recent spate of research and prosecutions, botnets still pose one of the most alarming threats to internet security.
A botnet is a network of infiltrated computers (called “zombies”) that receive commands from a centralized server to perform certain activities. This network, once assembled, is an online army that can launch any number of illegal attacks including spamming, phishing, recording confidential information, shutting down a website (through “distributed denial of service” attacks) and paving the way for the installation of more malware on a computer. These attacks have evolved from cocky hackers’ competitions to coordinated, criminal networks that exist in multiple countries.
Governments have struggled to keep pace with these developing threats. A recent wave of enforcement highlights the different approaches to tackling the decentralized, sophisticated groups running botnets.
Zeus is the aptly named god of botnets. First detected in July, 2007, Zeus is a Trojan horse that steals banking information by recording the users’ keystrokes of an infected computer. Zeus, or “Zbot,” has infected millions of computers and its owners have started selling Zeus’s services online. A co-ordinated investigation between US and European authorities (“Operation Trident Breach”) recently led to the arrest of Zeus operators in the US, the Netherlands, the Ukraine and the United Kingdom.
This investigation revealed a vast vertical network surrounding Zeus. A group of “money mules” was responsible for moving funds from compromised bank accounts, while those running the technical side of the bot ran the operation. money mules.” Many of those arrested play minor roles, and the Zbot continues to actively infect computers.
One of the oldest botnets, Cutwail was first detected in January, 2007. It has been responsible for installing Trojan viruses and launching denial-of-service attacks on sites including the CIA, the FBI, Twitter and Paypal.
LastLine, a security firm in the US, co-ordinated an international operation which led to shutting down twenty of the thirty servers controlled by Cutwail with the co-operation of host ISPs. Without the guidance of the centralized servers, many of the “zombie” computers stopped sending out spam messages. Cutwail has recovered from ISP shutdowns in the past, however, and so shutting down servers may do little to hamper the long-term success of this bot.
Starting in May, 2009 the Mariposa botnet had a glorious year of facilitating financial theft until it became the subject of a concerted international effort to find those responsible. The Mariposa Working Group formed in response to the bot, and included the FBI, the Spanish police, and various research institutes such as PandaLabs.
Three young men were arrested as a result of the operation (two operators in Spain, and one in Slovenia), and will face trial under the laws of their countries. This poses another problem: national laws are often not up to the modern challenge of cybercrime, and thus those responsible may not be adequately punished or deterred.
While this operation managed to dismantle the Mariposa bot, this was not a very sophisticated operation in comparison with more recent bots.
An obvious anagram, Koobface uses Facebook and other social media to send out messages from a user’s account containing a link to malware. Once installed, this malware “clicks” on online ads that generate revenue for the botnet owner. This 2009 bot is one of the most evasive and sophisticated – it siphons small amounts away from online advertisers and earns a profit from fake anti-virus software.
Another international coalition sprang to life to dismantle Koobface. After creative and extensive research, [PDF] this group successfully requested the shutdown of three servers that were central to Koobface’s operations. This shutdown is only a minor setback, however, and no Koobface operators have been arrested.
Who is to blame for the proliferation of botnets? Individual computer users, ISPs, software developers, and governments all bear some responsibility. While users have the ability to stop the spread of some botnets by installing and updating the appropriate anti-malware programs, there is no incentive for users to be this vigilant. Most botnets do not directly affect the computer owner, who is a passive pawn in a larger scheme.
Prosecuting and jailing those responsible may work to shut down small operations, but is not a likely solution for massive, transnational criminal operations. Instead, government should look to technical solutions to permanently shut down these botnets or to prevent them from spreading in the first place. Software developers should also be encouraged to develop attack-proof programs and provide patches to address new threats.
This leaves the ISPs as possible referees of online activity. Allowing ISPs to control traffic has always been controversial, and the notion of “quarantining” infected computers by banning internet access is impractical. As suggested by Jennifer A. Chandler in her article, “Liability for Botnet Attacks” [PDF] ISPs may be most effective in providing the technical support to prevent denial-of-service attacks on websites.
Some ISPs have also shown a willingness to cooperate with international investigations and shut down servers that are being used to host botnet operations. According to a recent report [PDF] from the Organization for Economic Cooperation and Development (OECD), only fifty ISPs (most of which are well known) host nearly half of the infected machines internationally. Working with these ISPs may be one of the most effective ways to at least temporarily stop botnet operations.
The botnet phenomenon is only going to grow: Botnets took off in 2009, and almost one-third of malware was created in 2010. With new tools to “build-your-own botnet,” it has become easier to harness this technology for online fraud. Newer botnets are smarter, harder to detect and less offensive, and will prove harder to shut down and prosecute.
Posted: November 22nd, 2010 | Author: Catherine Marchant | Filed under: Intellectual Property, Patent, Technology | No Comments »
The Canadian wireless company WiLAN has filed a lawsuit against Time Warner, Comcast and Charter Communications, alleging that the cable companies have violated one of its patents by marketing and selling cable modems. The suit, filed in Texas, is one of a long line of recent patent infringement suits by the Ottawa-based company; recently, it has also sued Sony Ericsson, LG, Dell, Apple, Acer, HP and Lenovo, among others. WiLAN’s patent covers “hybrid multichannel data transmission system utilizing a broadcast medium.”
Posted: November 21st, 2010 | Author: Giselle Chin | Filed under: Copyright, Copyright Reform, Policy | No Comments »
In another attempt to toughen up Canada’s copyright laws, the hearings for Bill C-32 on Parliament Hill are set to begin in the next few days. Bill C-32 is an Act to amend the Copyright Act, first tabled on June 2, 2010. The proposed legislation would legalize certain activities commonly engaged in by Canadians, such as copying a CD and time shifting, which is the recording television programs for later viewing but not for the purposes of building up a library. The bill would also prohibit breaking digital locks placed on gadgets and media. Michael Geist, a law professor at the University of Ottawa and where he holds the Canada Research Chair of Internet and E-commerce Law, answers some of the more controversial questions surrounded the proposed legislation.
Posted: November 17th, 2010 | Author: Matthew Derricott | Filed under: Copyright, Featured, Intellectual Property, Patent, Trademark | No Comments »
I recently read an article by Richard Stallman where it was suggested that “if you want to think clearly about the issues raised by patents, or copyrights, or trademarks, the first step is to forget the idea of lumping them together, and treat them as separate topics”. The essence of the article is that lumping copyrights, patents, and trademarks together and calling it “intellectual property” can be distorting and confusing. Seeing as how I am in my first year of law school and pretty much everything seems distorting and confusing I decided that it might be helpful, at least for me, to briefly visit the basics of each area.
Patents
The World Intellectual Property Organization describes a patent as an exclusive right granted for an invention, which is a product or process that provides a new way of doing something, or offers a new technical solution to a problem. In Canada patent rights last up to 20 years.
Patents fulfill several useful functions. The first is creating an incentive to invent. The Canadian government’s guide to patents states that “without the possibility of patent protection, many people might not take the risk of investing the time or money to create or perfect new products”.
Another function of patents is to benefit the public at large by encouraging disclosure of innovations to the public. In Canada patent applications are made public 18 months after filing. Making innovations part of the public record allows them to be exploited by anyone, after expiration of the patent, and encourages perpetual improvement by other inventors. In Canada 90 percent of patents are for improvements to existing patented inventions.
Copyrights
A copyright is an exclusive right to copy a creative work or to allow someone else to do so. Copyright covers such things as literary, dramatic, musical and artistic works. Creators automatically acquire a copyright when an original work is created. In Canada copyright exists for the life of the author plus 50 years following their death. The main function of copyright is to reward and protect creative endeavour.
One main difference between patents and copyright is the area of public disclosure. As Richard Stallman notes “copyright law was designed to promote authorship and art, and covers the details of expression of a work. Patent law was intended to promote the publication of useful ideas, at the price of giving the one who publishes an idea a temporary monopoly over it”. Taking an existing, patented invention and adding or modifying a single component can be lawful and may well lead to a new patent. Writing a new and improved ending, or an extra chapter, for an existing novel is deemed to be copyright violation even if such an addition were widely viewed as a marked improvement to the existing work.
Trademarks
The Canadian government’s guide to trademarks defines a trademark as “a word, a symbol or a design (or a combination of these features) used to distinguish the wares or services of one person or organization from those of others in the marketplace”. Trademarks serve to identify a particular business/organization as the source of a good or service. Registering a trademark is not essential to its creation and a trademark that remains in use can exist indefinitely.
The function of trademarks is to ensure clarity among consumers regarding the source of a product or service. A word or symbol may be deemed a trademark in relation to a particular product but this does not necessarily mean that other companies are barred from using the word or symbol in a different way. This was illustrated in 2006 when the Supreme Court of Canada ruled that a small restaurant chain named “Barbie” was not violating the trademark of Mattel because this use was not likely to create consumer confusion with Mattel’s dolls.
Conclusion
So what do you think? Are the fundamental concepts behind, patents, copyrights and trademarks so different that it’s a grave mistake to refer to them all as “intellectual property”? Stallman also argues that the phrase is problematic in that it “carries a bias that is not hard to see: it suggests thinking about copyright, patents and trademarks by analogy with property rights for physical objects”. Is it time to retire “intellectual property”?
Posted: November 14th, 2010 | Author: Kathryn May | Filed under: Intellectual Property, Technology | No Comments »
A recent article in the New York Times provides a comprehensive look at the rapid rise of the involvement of organized crime in software piracy and counterfeiting, and Microsoft’s extensive efforts to combat it. The article raises many interesting issues, including the questions of whether lowering the prices that Microsoft charges for its products would lead to a reduction in piracy and counterfeiting, as well as ethical issues surrounding Microsoft’s hard-line approach against these practices in developing nations where most citizens are unable to afford “legitimate” copies and for whom illegal versions are thus the only means of accessing the educational and business benefits that can be derived from computer software.
Read the rest of this entry »
Posted: November 14th, 2010 | Author: Adam Friedlan | Filed under: Uncategorized | No Comments »
The Wall Street Journal recently ran an article describing how the natural efficiencies of large networks can yield an undesirable long term outcome: the monopolization of the internet by a small number of firms. The article draws comparisons to earlier technological monopolies. If the internet is inf fact moving into a similar age of monopolistic behaviour there may be a renewed interest in antitrust action.
Posted: November 13th, 2010 | Author: Giselle Chin | Filed under: Internet, Privacy | No Comments »
The Obama administration is preparing to strengthen Internet privacy by calling for new laws and the creation of a new regulatory position to oversee the effort, according to the Wall Street Journal. The strategy is expected to be unveiled in the coming weeks by the U.S. Commerce Department. Previous administrations had shied away from regulating the internet as that was seen to restrict innovation. But with personal information playing an ever greater role in the Internet economy, the White House has finally decided to step in. There are currently no comprehensive online consumer privacy law in the U.S., the country relying mainly on industry self-regulation. This means the recent crackdown on privacy of Facebook and Google have been led by Canada, Germany, the U.K. and other countries with stronger online privacy laws. With new U.S. legislation in the works, the next question is if it will have any teeth.
Posted: November 11th, 2010 | Author: Billy Barnes | Filed under: Featured, Privacy | No Comments »
It’s almost rote to state that the difference between privacy in Canada and the United States is that the Canadian regime is broad and general while the American is sectoral. At the federal level, Canada has a single overarching law, PIPEDA, while the US has a health privacy act, a video rental privacy act, a financial privacy act, and so on. In theory, this means that only sectors which are specifically legislated have privacy protection. However, as the recent judgment in Amazon v. Lay reminds us, privacy rights can be found everywhere.
In December 2009, the North Carolina Department of Revenue (DOR) requested information regarding all sales made by Amazon in their state for the purpose of assessing sales tax liability. Amazon complied by providing a list of all the items sold, but declined to give any identifying information about the purchasers. The DOR followed up with a request for names and addresses of the customers; Amazon refused and filed suit in Washington state. They sought a declaration that the request violated the First Amendment of the Constitution and the Video Privacy Protection Act.
That the First Amendment supports a right to privacy is not a novel claim. As various anonymous leaflet cases have shown, it is clear that the First Amendment protects the privacy of anonymous speakers. One can easily see how the same reasoning would extend to protect consumers. After all, there is little worth in freedom to express a controversial opinion if your audience isn’t free (or doesn’t feel free) to hear it. Amazon itself has succeeded on those grounds before. In 2006, Amazon was asked to turn over purchase records of books sold through Amazon from a particular publisher that was being prosecuted for tax evasion. In that case, the court held that the First Amendment prevented the government from peeking into the reading habits of specific individuals without their consent.
In Amazon v. Lay, the court held that the government was required to show a pressing need for the information and that there was no less restrictive means of acheiving the goal. Lacking that, and despite statutory subpoena powers, Amazon could not be compelled to turn over the information on purchasers of books, videos, and music through its service. There is one important limitation to its ruling, it only prevents the DOR from subpoenaing customer information while it is in possession of the list of specific purchases. The court allows for the DOR to destroy all copies of the original list and request a list containing only the amounts spent. This would not contain sufficient information about individual reading habits to engage the First Amendment.
Posted: November 10th, 2010 | Author: Pravin Thomas | Filed under: Uncategorized | No Comments »
As reported by IP-Watch (http://www.ip-watch.org/weblog/2010/10/29/compromise-un-protocol-treaty-against-biopiracy-adopted-in-japan/), in Nagoya Japan, members of the United Nations Convention on Biological Diversity adopted an international treaty to help ensure that benefits from using genetic resources are more fairly shared with their source country. The Access and Benefit Sharing Protocol or “Nagoya Protocol,” will presumably work to combat “bio-piracy.” Biopiracy is when a first world country commercially uses a naturally occurring biomaterial without fairly compensating the source (http://www.answers.com/topic/biopiracy).
Recent Comments