Orin Kerr recently blogged about a 9th Circuit decision that held that scraping a public web site (probably) doesn't violate the Computer Fraud and Abuse Act (CFAA)... On its surface, it makes sense – you can't steal something that's public – but I think the simplicity of the rule is hiding some profound questions. One, I believe, can most easily be expressed as "what is the cost of the 'attack'"? That is, how much effort must someone expend to get the data? Does that matter? Should it? more
A recent telephone poll conducted by professors at Berkeley and the University of Pennsylvania concluded, "Contrary to what many marketers claim, most adult Americans (66%) do not want marketers to tailor advertisements to their interest." The study's authors claim that their poll is the "the first nationally representative telephone (wireline and cell phone) survey to explore Americans' opinions about behavioral targeting by marketers." ... But what is most surprising about this poll is not that 66% of users said they do not want tailored online ads, but that 34% of users said they did! more
The UK cares about its citizens' privacy to the tune of a $229 million (US) fine of British Airways for a breach that disclosed information of approximately half a million customers. It's exciting -- a significant fine for a significant loss of data. I think GDPR will lead to improved security of information systems as companies scramble to avoid onerous fines and start to demand more from those who provide information security services and products. more
Michael Geist writes: "The bills contain a three-pronged approach focused on information disclosure, mandated surveillance technologies, and new police powers. The first prong mandates the disclosure of Internet provider customer information without court oversight. Under current privacy laws, providers may voluntarily disclose customer information but are not required to do so. The new system would require the disclosure of customer name, address, phone number, email address, Internet protocol address, and a series of device identification numbers." more
In follow up to reports on ICANN's termination of notorious domain name registrar, EstDomains due to fraudulent activities, the Internet oversight agency is now preparing to transfer domain names of its customers to other registrars... However the question asked by experts is whether any other registrar would have an interest in inheriting EstDomains questionable domain names. more
Wout de Natris: "In this decision OPTA revokes the registration of Diginotar as a so called Trusted Third Party. Diginotar issued certified certificates for digital signatures. The security breach by Iranian hackers over the summer, which Diginotar did not report to the authorities, lead to severe credibility issues for all Diginotar certificates issued before. This included Dutch government websites, but also led to severe breaches of privacy for Iranian end users, in multiple countries. As a result of OPTA's decision all certificates issued by Diginotar have to be revoked, while at the same she is forbidden to issue new ones. more
On April 30, 2016, ICT Ministers of the "G7 group" concluded their deliberations in the beautiful city of Takamatsu, Kagawa prefecture in Japan. After months of preparatory work and two full days of discussions, the ICT Ministers of the USA, UK, France, Italy, Japan, Canada and Germany plus the European Union issued a joint declaration that: recognizes our digitally connected world; commits to mutual goals and, once again; reaffirms the multistakeholder model for the governance issues facing the deployment, development and evolution of the global Internet. more
The Uniform Domain Name Dispute Resolution Policy (UDRP) limits parties' submissions to complaints and responses; accepting "further statements or documents" is discretionary with the Panel (Rule 12, Procedural Orders), although the Forum (in Supplemental Rule 7) but not WIPO provides for supplementing the record with the proviso that "[a]dditional submissions must not amend the Complaint or Response." For some panelists, Rule 7 contradicts the Policy. more
A 32-year-old Russia man was sentenced on Friday to 27 years in prison for computer hacking crimes that is reported to have caused over $169 million in damages to small businesses and financial institutions. more
While having a backup plan is usually a good idea, it's often not an effective way to obtain someone else's domain name - at least not when Plan B consists of a company filing a UDRP complaint with the hope of getting a domain name to which it is not entitled and could not acquire via a negotiated purchase. "Plan B" as a derogatory way of describing an attempted domain name acquisition usually arises in the context of a domain name that is not protected by exclusive (or any) trademark rights, or where the complainant clearly could not prevail in a UDRP proceeding. more
Established in 1998 by the Global Anti-Counterfeiting Group (GACG), "World Anti Counterfeiting Day" is held annually in June to raise awareness of the international impacts of counterfeiting and piracy. According to the International Chamber of Commerce (ICC), the cost of counterfeiting is a $600 billion a year problem. MarkMonitor estimates the cost of online counterfeit trade at $200 billion annually. more
Under the previous rules for the Uniform Domain Name Dispute Resolution Policy (UDRP), domain name registrants that had a complaint filed against them were supposed to be notified of the complaint by the trademark owner that filed it. Then, a revised set of UDRP rules that went into effect in 2015 eliminated the complainant's obligation to notify the respondent. Instead, the new rules only require the UDRP service provider (such as WIPO or the Forum) notify the respondent, presumably after the registrar has locked the domain name, preventing any transfers. more
Although filing fees in domain name disputes are usually paid for by the trademark owner that files a complaint, the Uniform Rapid Suspension System (URS) contains a little-noticed provision that, in large cases, requires the domain name registrant to pay a fee to defend itself. The so-called "Response Fee" is only required in URS cases that include 15 or more disputed domain names. more
The White House has expressed its full support on the need for permanent reauthorization of Section 702, created "to address an intelligence-collection gap that resulted from the evolution of technology in the years after FISA became law in 1978." more
U.S. authorities announced today that they have shut down one of the largest spam operations in the world, an extensive network with ties to Australia, New Zealand, India, China and the United States. The group, dubbed 'HerbalKing' by spam fighting organizations, had been active as far back as 2005 and became notorious as the number one worst spam gang on the Internet for much of 2007 and 2008 according to Spamhaus, a non-profit anti-spam research group. more
A World-Renowned Source for Internet Developments. Serving Since 2002.