28 February 2011

Cybercrime in Australia

The Federal Attorney-General recently released a public consultation paper relating to Australia’s consideration of the Council of Europe Convention on Cybercrime. It is possible that Australia will become a signatory to the treaty.
It is, it seems, the only treaty dealing with the issues of online fraud, hacking, theft of data, child pornography and damage to data. That seems surprising, since it was agreed on 23 November 2001!
The convention is typical in that it prescribes matters that parties should adopt in local law, although Article 2 provides that it should deal with offences committed internationally as well. The principal areas dealt with are:   
  • Title 1 – Offences against the confidentiality, integrity and availability of computer data and systems
  • Title 2 – Computer-related offences (fraud)
  • Title 3 – Content-related offences (child pornography)
  • Title 4 – Copyright and related rights
  • Title 5 – Aiding, abetting, corporate liability
Each of the areas is to be governed by the criminal law (although parties have a discretion)
After setting out the offences, it goes on to deal with matters such as protection of rights, but also preservation of data for investigative purposes. The latter is where things can get murky, as it starts to delve into areas requiring ISPs to do certain things. While every business quite rightly has record-keeping obligations, I trust that these laws will be proportionate and not driven by self-interest of just one stakeholder.
Article 20 deals with real-time collection of traffic data, but notes that the law should be able to   
compel a service provider, within its existing technical capability… to produce traffic data, in real-time, associated with specified communications…
Let’s hope the focus here doesn’t just end up on theft of copyright material. Better still, let’s hope that rights holders find great ways to easily licence their material!
Matters such as extradition, information sharing for investigations and mutual assistance generally are also dealt with in Chapter III.   In summary, this Convention seems like a good thing, but as always, the devil is in the detail (or in this case, the local law).

Adobe Phishing Scam

Watch out for an email advertising new updates for Adobe Acrobat. The site is http://www.adobe-new-updates.com

While the email is quite amateurish, some people may be taken in, particularly given the frequency of updates to Acrobat.

The text is:

Adobe is pleased to announce that a new version of Acrobat PDF Reader was released today with new features, options and improvements.
What's new in this version :
* Read, search, and share PDF files.
* Convert to PDF.
* Export and edit PDF files
* Add rich media to PDF files
* Combine files from multiple applications
* Increase productivity and process consistency
* Streamline document reviews
* Collect data with fillable PDF forms
* Protect PDF files and content
* Comply with PDF and accessibility standards
To get more and upgrade to this version, go to  :
Start downloading the update right now and let us know what you think about it.
We're working on making Adobe Acrobat Reader better all the time !
Talk soon,
The people at Adobe       
Copyright © 2011 Adobe Systems Incorporated. All rights reserved.

Technorati Tags:

15 February 2011

Cyberspace March 2011

Better results

Google has launched an extension for Chrome named “Personal Blocklist”. It allows you to block certain domains from appearing in your search results such that if you regularly search for legal terms, and a useless or low quality site always turns up in the results, you can block it. Google will receive notification of the blocking, and may tailor its results to the world at large. The idea is simple - let the world edit out poor quality sites. No doubt people will attempt to abuse this by trying to block competitors or sites that they have a beef with, and I suspect Google has processes in place to detect this.

What are poor quality results? Sites that steal other people’s data, shallow aggregators, or those that use words caught by search engines but don’t deliver on the promise. Other descriptions are webspam and content farms. Content farms are proliferating and can be lucrative, as the idea is that a publisher pays writers to churn out (usually low quality) content that helps drive searchers to the site. The publisher makes money by placing advertising on the site.  Even reputable publishers are guilty of this type of poor quality from time to time, particularly when a ‘review’ of a product is nothing more than regurgitating a press release or release notes from a software update. Worse still, content is frequently simply copied from blogs and other sites (some of my pieces now appear on the internet under others’ by-lines).

Two factor security

Security is a hassle. Like being tidy, it involves more work than being slack - having strong passwords that are different for every site you use is a hassle. But the net is full of stories of the problems created when accounts are hijacked, such as the old ‘I was robbed in London’ story. An email account is cracked and an email is sent to the entire address book asking for a money transfer because of theft of wallet/passport/credit cards/etc. To prevent this you use multi-factor authentication. 

There are systems such as the RSA dongle my company uses for remote access, where I have to login using a username, password, and a 6 digit number from a keyfob that changes every 60 seconds. Even if you have my password you can’t do anything without the RSA device. Paypal also offers this facility, and Google is now offering two factor authentication for its accounts as well. The authorisation code is either an SMS, using an app on common phones, or even an automated phone call. Given that many businesses now use Google Apps for serious work this is a major enhancement to the platform.

Privilege and email

A recent USA case of Holmes v Petrovich Development Company, LLC (http://www.courtinfo.ca.gov/opinions/documents/C059133.PDF) noted that an email sent by an employee to her lawyer from her work computer was not a ‘confidential communication between a client and a lawyer’ within the meaning of the Californian legislation. i.e. there was no waiver of privilege, since there was no privilege in the first place. This particular legislation contemplates the use of email generally, and privilege is not affected by the general fact that third parties assist in the delivery of email.  However, the employee had acknowledged her workplace rule that communications are not private and may be monitored. The court likened this to claiming privilege when consulting her attorney in a workplace conference room in a loud voice with the door open.  The privilege legislation requires that the communication be transmitted by a means which... discloses the information to no third persons other than those who are present to further the interest of the client in the consultation...” It follows that even if she had been suing a third person there would have been no privilege in the emails since her employer had a right to read them.

03 February 2011

The Daily: my goodness

So Rupert Murdoch launched "The Daily" yesterday - it's a downloadable newspaper designed for the iPad. You can get a two week free trial, and after that it's USD$1 per week.

I installed it today, and what a piece of excrement it is.

The software works ok, provided you don't like to have feedback as to what your iPad is doing. There are a few clever ideas which make it a neat screensaver if your iPad is in a dock. But the content? That's where it collapses in a heap.

The Top Stories for 2 February 2011 are:

  • Egypt - riots against Mubarak
  • Snow in America
  • A look inside a USA maximum security prison
  • A dog disco in Manhattan
  • Natalie Portman is pregnant
  • The Super Bowl
I'm speechless. Even if you ignore the fact that a cyclone the size of France, Germany & Switzerland, with the power of Hurricane Katrina has passed across Australia in the last 24 hours, there might just be something more to write about than a doggie dance.

If you're not bored by all this, then you can read "Gossip" or "Sports" and a few other things. Oh, and you can enter your star sign to get more crap your horoscope.

Even if you accept that this is aimed solely at the USA, does Rupert think that iPad owners (let's face it, huge Geeks) want to read any of this rubbish? They're more likely to be reading Ars Technica or TechCrunch than wondering how Natalie's doing in her pre-natal classes.

I may not have the smarts of Mr Murdoch's minions, but I predict doom.