• Selected
• Entire List

Abstract:
The future of both law and technology will require reconciling users' desire to self-disclose information with their simultaneous desire that this information be protected. Security of personal information and user privacy are potentially irreconcilable with the conflicting set of user preferences regarding information sharing behaviours and the convenience of using technology to do so. Social networking sites (SNSs) provide the latest and perhaps most complicated case study to date of these technologies where consumers' desire for data security and control conflict with their desire to self-disclose. Although the law may provide some data control protections, aspects of the code itself provide equally important means of achieving a delicate balance between users' expectations of data security and privacy and their desire to share information.

privacy, social networking, data protection

Abstract:
Information systems are increasingly important to the efficient operation of government, corporations and society in general. With that importance has come an increasing risk of information security breaches, compounded by systems’ networked nature. That makes effective information security a public policy issue of far broader impact than technical information technology policy. This chapter examines the tools used by cybercriminals to breach information system security; the impact of cybercrime; and the legal responses of the UK, European Union and Council of Europe.

data breaches, privacy, security, denial of service, botnets, malware, Computer Misuse Act, Cybercrime Convention

Abstract:
The report, presented to the World Intellectual Property Organisation, examines the role of online intermediaries, and liability for copyright infringement. The authors discuss the difficulties found in disclosure identity requests under various data protection regimes, and the liabilities for file-sharing.

online intermediaries, copyright infringement

Abstract:
Lessig's well-known theory of "code as law" suggests that since events in cyberspace are regulated by architectures of software and hardware, the builders of this code can imbue it with their chosen values, largely without the constitutional restraints on conventional legislators, yet with effects on social welfare. In the domain of privacy, Lessig and other writers seem to assume that the values embedded in code will by default be privacy-invasive unless deliberate efforts are made to build PETS (Privacy Enhancing Technologies). This paper takes a social shaping rather than a technologically deterministic view, and suggests that technologies are in essence value-neutral and that the social and market forces which may produce privacy-invasive or privacy-enhancing code need careful analysis in each case. Some examples are given of cases where market forces have produced privacy-enhancing code as a saleable "feature" not a "bug", including the development of filtering systems for spam, the privacy management features of the social software platform, Live Journal, and the identity management system, CardSpace. By contrast, similar forces produced privacy-invasive code in the recent example of Google's email system, Gmail. Since code is often more enforceable than law as a regulatory mode in cyberspace (or " code trumps law"), privacy (and other digital rights) advocates might be advised to lobby for general constitutional rules for legal regulation of the values embedded in code.

law, internet, code, regulation, privacy, privacy enhancing technologies, privacy invasive technologies, Lessig

Abstract:
Over a decade since the Internet became an acknowledged mainstream commercial medium, it still retains its less than savoury reputation as a happy hunting ground for pornography and other types of distasteful content.

Some of the basic issues in this area which this chapter addresses, from a European and comparative perspective, are:

• Has the Internet created novel problems in this area which can not be adequately regulated by the existing legal and regulatory framework?

• Can such laws be enforced successfully in the environment of the Internet and if not, what steps should be taken?

• Should control of content be undertaken only by state law enforcement agencies and courts, or by private bodies such as ISPs and search engines?

• Should states and private institutions seek to control access to prohibited or unwelcome Internet content and by technological (“code”) means such as filtering, rather than by legal means? What are the implications for free speech of such online filtering?

The chapter observes a dangerous international trend towards non transparent and non accountable censorship online, not only in non democratic countries like China but increasingly in Europe and elsewhere. The author proposes a speech impact assessment process be put in place before new systems of top-down state-endorsed Intenet filtering are implemented.

Internet filtering, censorship, ISPs , speech impact assessment, IWF, child pornography, illegal content, Europe, UK, law

Abstract:
This chapter traces the journey from relatively simple example of direct marketing online (spam) to more recent exercises in which consumers are more subtly tracked, profiled and targeted by advertisers. This targeting has appeared first on-line but increasingly offline tracking will be used too, using digital technologies such as RFID and sensor data collectors. Tracking technologies have evolved from simple “cookies”, first regulated in the Privacy and Electronic Communications Directive (“PECD”) in 2002 , to far more complex technologies of commercial surveillance. These are currently perplexing privacy advocates, privacy commissioners and the European Commission alike, while users are still largely ignorant of their existence. Will our individual and collective privacy suffer from this new type of scrutiny, and can data protection (DP) law still adequately manage to protect European users? In particular, this chapter takes the debate around the Phorm “Webwise” system in the UK and Europe as a case study to illustrate how difficult it is for the law to tackle these issues.

internet, targeted marketing, gmail, adwords, phorm, profiling, RFID, GPS

Abstract:
The chapter deals with the regulation of "spam" (unsolicited junk emails), and "cookies", which typically store personal data about a user's transactions. Specifically, the author focusses on the European and UK laws to deal with spam and cookies and what the implications are of this for online privacy. Privacy invading technologies are discussed, together with the possible economic impact of unsolicited mail to discuss what the outcome for the consumer, internet service provider, and e-commerce traders, might be.

spam, cookies, privacy, technologies

Abstract:
The article discusses the prevalence of CCTV (close circuit television) specifically in Britain, as one of the most watched societies in Europe. The notion of "the surveillance society" and subsequent invasion of privacy is contrasted with its counter argument, of CCTV as a means of reducing crime. Questions, not merely whether CCTV should be regulated, but the extent of regulation, are highlighted in attempts to assess the appropriate balance to be met.

CCTV, surveillance society, regulation

Abstract:
This editorial focusses on the topic of internet security; its real, or perceived threats to individuals, and the regulatory framework in place to deal with cybercrime. Edwards suggests some obligations for computer owners as an attempt to ensure the security of their computer.

internet security, cybercrime

Abstract:
Few people seem to have noticed an apparently routine parliamentary question reported in May, about controlling access to child porn on the Internet. By the end of 2007, said the Home Office, all ISPs offering broadband are to block access to all websites containing illegal images of child abuse, identified by the Internet Watch Foundation. If this target is not met voluntarily - then, it is heavily hinted, mandatory laws will be put in place.

ISP, Internet, Cleanfeed, Access, Information Technology

Abstract:
The authors were asked to comment as legal experts upon the proposed amendments to a set of key EU Directives governing telecommunications and related services, and known as the "Telecoms Package". In particular we were asked to clarify whether its provisions might by stealth give legal grounding to national measures, such as the law recently proposed by Sarkozy in France, which permit summary disconnection of a user's Internet access, without initial recourse to a court, in response to allegations of infringement of copyright (ie, file-sharing and downloading of copyright music and movies). Such measures have been popularly referred to as 'graduated response' or 'three strikes and you're out' and have already been condemned by the European Parliament as in breach of fundamental freedoms and due process rights..

On the basis of our analysis, we argue that it is clear that the package does, or at least can, provide a mandatory basis for the "warnings" part of a French-style connection sanctions law (the "strikes") (see para 12 of brief), and also potentially provides a means by which public CSPs (ISPs and the like) can be compelled by the national regulator to work with rightsholders to implement a disconnection scheme ("promoting cooperation") - the "you're out" - see para 19 of brief.

Furthermore, crucial safeguards for due process and orther fundamental rights such as privacy and freedon of expression, inserted into the text by the European Parliament, have been deleted by the Council of Ministers, and are still the subject of horse trading among political interests at time of writing.

Finally we identify other threats to human rights which might possibly emerge from the text in its current state of ambiguity ; including the threat of sanctions such as traffic slowing and filtering imposed by ISPs, also without due court process; and the possibility of unlimited length of time retention of traffic data by ISPs and telcos, under the figleaf of "network security".

The political process of the Telecoms Package is not yet concluded as of this brief's publication on 12 November 2008; this brief is being published now to assist legislators and lobbyists in focusing on what are (and are not) the true potential threats to justice and human rights in the Package. Good European law cannot be made when sectoral agendas are hidden within nested sets of amendments, obscure definitions by reference, and overly wide and vague terminology. The purpose of this brief has been to open up these obfuscated agendas to the light of day.

EC law, intellectual property, filesharing, downloading, P2P, telecoms package, three strikes and you're out, graduated response, data retention

Abstract:
What is "personal data" as defined by European and UK data protection legislation? The article considers how the scope of "personal data" has been narrowed in the UK at least by the controversial Court of Appeal decision in Durant v FSA . Although the case itself is about disclosure of information in the financial services sector, somewhat unpredictably the main impact of Durant has been in what at first blush seems to be a remotely connected area, that of the field of legal regulation of closed circuit TV cameras (CCTV).

CCTV, personal data

Abstract:
In the struggle to keep up with the deluge of cyberlaw case law, statutes, regulations, commentaries, opinions from the technical, economic and political presses, international treaty activity, European Directives, rounds of government consultations, conference proceedings and industry Codes of Practice, it is often difficult for those who observe the domain to stop and look at the general trends which make cyberlaw in 2004 a very different animal from when this writer began teaching her first cyberlaw course in 1997. This article discusses trends in the subject of cyberlaw, including the impact of technological developments and their outcomes to reflect on the possible direction for the future of cyberlaw.

cyberlaw, law disputes

Abstract:
The article discusses the problems of internet jurisdiction, using the Bonnier Media case as an example. Legislative measures - the European Commission's Brussels 1 and 2 - are drawn on to highlight the complexities of disputes as they arise in 'cyberspace' in an attempt to understand the "where" of "where [...] do things happen in cyberspace".

jurisdiction, internet, cyberspace

Abstract:
Introduction to a special edition of SCRIPT-ed online journal focussing on the regulation of privacy, in light of new and changing technologies. The edition discusses privacy as a human right, or as a commodity, and presents articles from invited participants to an expert panel on the same topic, held in Edinburgh during September 2005 and convened by Edwards.

privacy, e-commerce, human rights, commodity

Abstract:
Claims by the music, film and video industries that downloading via peer to peer (P2P) networks is destroying their ability to make profits have become ubiquitous in print and on screen . Whether they are true is the stuff of heated battle in the blogosphere. This short article asks whether the steps currently being proposed in the UK, France and globally to enforce laws against illegal downloading, by enrolling ISPs as “copyright cops” (also known as "three strikes") meet the standards laid down by the European Convention of Human Rights in respect of fundamental values such as privacy, freedom of expression and due process, and by more recent instruments in relation to access to essential services. Finally it asks what alternatives still exist that could better reconcile protection of copyright for rightsholders, and fundamental rights for users.

filesharing, P2P, copyright, law, enforcement, ISPs, three strikes, ECHR, Europe, UK