A new blog is born: FBHive!!

CyberPanda is loving the new blog FBHive which deals with all things related to Facebook: the news, the rumours, and the controversies!! And this new blog has started with a bang as it has disclosed a major security flaw which enables any user to access the basic information of other users even when such information has been protected by its owner (via privacy settings). Amazingly, the blog reports that it took Facebook 15 days to deal with this issue!!!

The flaw has now been fixed but you can still see how it could have been done in the past by checking out the FBHive blog. Amazing footage!!! As a security expert from Sophos has noted, what is worrying is that such a flaw existed and that users` data have been at risk for an unknown period until the flaw was fixed. In addition, users do not whether their data have been 'hacked' into by any other user in this manner. So many privacy issues are raised by this latest Facebook related issue.

From Digital Britain to Twitter.

It has been a long time since CyberPanda has written a post but she has been trying to put together a massive chapter and hence the prolongued absence.

However these past few weeks have been full of technology-legal news: where does one start? The UK Digital Report has been published last week attracted some criticisms regarding its proposals which many view as just not being enough.

The world has not been the same since the Iranian elections and the elections have rocked the world of Twitter as the latter has become a very important forum of exchange of information and views on what is currently taking place in Iran. Many Iranians are able to tell the world what is happening via Twitter and this is becoming even more important with news today that the BBC`s correspondent in Tehran has been asked to leave Iran and other alleged reporting restrictions.

Finally and on different note, the alleged cybersquatting of Facebook`s newly launched username option where third parties are alleged registering the names of well-known persons with a possible view to reselling those at a later stage.

CyberPanda will definitely try to post more often in the future!!

Proposals for monitoring social networking sites

There is an outcry today by privacy activists about the government`s proposal to monitor social networking sites such as Facebook and Bebo. Under the proposal, the details of users of such sites will be kept in a central database which is operated by a private company.

The Government is quick to point out that it is not interested by the content of the exchanges passing between users. However, it is not clear what safeguards it will put in place to ensure that the content per se is protected from such monitoring. However, and perhaps more crucially, it still does not deal with the objections related to the use/storage of personal and sensitive data by the Government. The Government justifies this proposal on the grounds of enabling the police and security services to keep up-to-date with the technological advances. However, it seems that the proposal does not contemplate imposing conditions for monitoring such sites (e.g. a minimum threshold before the details of a user are deemed to qualify for monitoring). Under the current proposals, the Government seems to be asking for a 'blank cheque' liberty to monitor all the data of all users of social networking sites which is not commensurate with the alleged security interests.

Of blurring technologies and mapping technologies

The launch of Street View in the United Kingdom was never going to be a quiet affair. Beyond the usual fanfare of publicity and the slogans presenting it as the thing we need most, Street View was also going to attract a lot of issues related to protection of privacy of the individuals who are captured on the displayed images.

Hence it does not surprise CyberPanda in the least that Street View had to pull some of the displayed images after receiving a number of complaints from the individuals who were shown in those images. The images captured a lot of moments deemed to be private as an individual entering his home or individuals being arrested. Street View acted promptly and removed the offending pictures as soon as the complaints were received.

However the real issue is why such pictures were deemed fit to appear on the website in the first place. It is surely obvious to any data controller that such pictures will infringe the expectations of privacy of those captured in the images. To be fair to Street View, this situation is not entirely its fault. Other equally important actors are involved, namely, the Information Commissioner and legislators. The Information Commissioner gave the go ahead earlier in 2008 for such web sites to used images deemed to be private as long as identifying features as faces or registration plates were blurred. However, what the IC has failed to recognise is that the use of blurring technology is not sufficient on its own to displace the expectations of privacy of captured individual who can still be easily identified by his/her attire, location and other seemingly innocent but yet incriminating information. Finally, the notion of reasonable expectation of privacy is not easily protected in the UK when it comes to such websites as the legislators and policy-makers are yet to decide on when virtual spaces are private or public. The challenge of course is to determine the boundaries of such a divide which is not an easy task in cyberspace in any event.

Disclaimer: The image used above is subject to the intellectual property rights of third parties. Click here to view the image in its original context.

Another week where Facebook is in the press for the wrong reasons...

Another week and Facebook is yet again in the news for all the wrong reasons. It has been reported by BBC News that Facebook has been hit by five different security attacks in the past 7 days. The aim of these attacks have been to access the personal information of millions of Facebook users and resale them to third parties as commodities for various purposes including fraud and identity theft.

The attacks were concealed in what are commonly known as 'rogue applications.' This brings to light yet again Facebook`s worrying practice of not vetoing third party applications before they are published on the site. As a matter of fact, any individual can create an application and publish it on the site. S/he, then, has access to all the personal data of all the users of Facebook, irrespective of whether or not the users have subscribed to the application. Facebook justifies this practice on the grounds on 'open source,' namely, any user should be able to participate in the Facebook both as a user and as a developer of applications. However, this only serves to highlight the problem of the concept of open source or creative commons. The unfettered and unchecked proliferation of code by net users in such websites not only threatens the fundamental rights of other net users but also, and more importantly, yet again highlight the increasing risk posed by a regulatory framework which is based on technological determinism.

Disclaimer: The rights to the image used above belongs to a third party. The original image can be accessed here.

Another Facebook row...

The Facebook row this week has been a very well documented one. Facebook changed its terms of service earlier this week. The new terms in essence gave to Facebook wider control over its use, storage and dissemination of the personal data of its users. The change was met with a general outcry from its users (who formed a group on Facebook called "People against the new terms of service" which had over 90, 000 members within a day) and privacy watchdogs (e.g. Electronic Private Information Centre). Facebook initially resisted the complaints but eventually reverted to its old terms of service, whislt considering the nature of the complaints raised.

The danger with online communities being regulated by such contractual arrangements as terms of service is that such system of governance does not have the usual checks (e.g. fairness, proportionality, transparency etc) which are present in centralised governance system (e.g. law). However, most online communities are regulated by such contracts to which the user has to agree before being able to become a member of the community. In most cases, the user agrees to these terms without being aware of the nature of the terms they are agreeing to. The rapid upsurge in such systems of decentralised governance in online communities raises significant issues of legality (e.g. unfair terms, lack of notice etc) and privacy (e.g. user agreeing terms authorising data processors to process their personal data in any way they see fit). It is vital for the survival of online communities for such concerns to be addressed by a system of governance which follows the principle of the rule of law and due process.

A case against Google Street Map? Or a case of DIY?

Many avid followers and readers of CyberPanda have complained about the lack of posts recently. So after a period of (unwanted and involuntary!) silence due to having only 12 hours in a day (how is a doctoral student suppose to stumble on a good idea with only 12 hours in a day!!), CyberPanda is back and will try to maintain more regular posts!

Some breaking news all the way from the Silicon Valley, where the US Courts have dismissed a case against Google Street View. The Plaintiffs sued Google Street View on various grounds including breach privacy and tresspass, following the publication of photos of their home by the mapping program. The Courts took the view that the Plaintiffs did not successfully prove their case in this instance. A factor that weighed heavily against the Plaintiffs was the fact that they did not take advantage of the self-help remedy that was available to them, namely, removing the photos from Google Street View. This is an interesting ruling which seems to judicial endorse the use of technological measures (as removal tools) as self-help measures for the protection of privacy interests in cyberspace. Hence it may be the case that net users will not have actionable causes of actions if they fail to use available self-help remedies. It would be interesting to see what the position would have been, had the Claimants availed themselves of the self-help remedy and still claimed damages for invasion of privacy.

Facebook: a new way to serve court notices?

The Times newspaper has reported a recent Australian case which has been making legal history in Australia on the issue of methods of service of court notices. The supreme court judge of the Australia Capital Territory has ruled that court notices served via Facebook are binding. The case is in stark contrast to a previous Australian ruling (by a district judge in Queensland) that service of legal documents via Facebook was not effective service as the Claimant failed to attempt to serve the documents via the methods provided by law (e.g. post).

This surprising ruling seems to turn very much on the facts of the case: the lawyers of the Claimant attempted to serve the court notice to the Defendants personally on several occasions, in compliance with the provisions of the law. However, they were unable to physically locate the Defendants.

The lawyer of the Claimant tracked down the Defendants on Facebook by searching for their email addresses (which the Defendants communicated to the Claimants earlier on) and date of birth. The judge accepted the argument advanced by the Claimant that this was indeed a lawful method of service despite not being the conventional one.

CyberPanda thinks that this is a very controversial ruling which raises a number of questions including privacy and legitimacy of notices served via online social communities as Facebook. CyberPanda is very doubtful that this ruling will have an impact in the UK: the Civil Procedures Rules in the UK have strict provisions as to the acceptable methods of serving legal documents on parties to a case and it is very difficult to see the rationale for expanding the scope of the existing rules to include online social communities. This case is setting a very dangerous precedent and CyberPanda will not be surprised if this ruling is distinguished (factually) in subsequent cases.

Guess which games made it to the Top 10 piracy charts.

TorrentFreak has released the much awaited piracy chart which list the ten most pirated video games in 2008. CyberPanda is not very surprised that Spore tops the piracy charts. The number of illegal dowloads of game is reported to be in the region of 1.7 million. The high level of piracy has been linked by many commentators to the DRM associated with Spore: initially users of Spore could only activate the game three times after its installation. Although the DRM associated with Spore has now been amended to allow users to install the game as much as they like, this has not reduced the level of piracy.

This is a very interesting point and one wonders whether the lack of correlation between the new DRM and the level of piracy is due to customer alienation (due to original DRM) or whether it is symptomatic of a bigger phenomenon, namely that the technology on its own is not enough to combat piracy. CyberPanda leans more towards the latter. Many cyber-regulatory scholars have also toll the bells of the demise of law as a tool of control online and have argued that the 'code' or technology is the key to controlling values traditionally protected by law (e.g. intellectual property right). As this case shows, the situation is hardly as simple as that and one is very far from a cyber-landscape where code is key to control.

Disclaimer: The rights to the image used above belongs to a third party. Click here to access the image in its original context.

Sequel to Wilson v Yahoo UK Ltd & Anor.

The attention of CyberPanda has been caught by the recent lawsuit filed by Interflora against Marks & Spencer and Flowers Direct Online. Interflora has filed the lawsuit against the two defendants on the ground on trademark infringement. The two defendants have purchased certain keywords from Google AdWords including 'interflora' which means that each time a user searches for the term 'interflora', it is directed to the sponsored links to the website of Marks and Spencer and Flowers Direct.

The lawsuit is reminiscent of the recent case of Wilson v. Yahoo! UK Ltd & Anor [2008] EWHC 361 (Ch) which was dimissed by the High Court earlier this year on the grounds that pruchase of the keywords 'Mr Spicy' by Yahoo! did not infringe the rights of the owner of the trademark 'Mr Spicy.' This case was covered in detail by CyberPanda in an earlier publication.

It will be interesting to see whether the Courts will adopt a similar line taken by the High Court in Wilson v. Yahoo or whether this present case will be distinguished from Wilson. The present case has the potential of being a landmark hearing if it is distinguished from Wilson on either a factual or doctrinal ground.