Archive for the ‘Uncategorized’ Category

Bi-annual post

October 25, 2007

Haven’t posted here in quite some time. Decided to start a Hebrew blog instead. Well – maybe a good opportunity to link to a couple of articles I wrote recently.

Court Imposes Israeli Law on Gibraltar Gambling Website

February 4, 2007

An Israeli Magistrate’s Court ruled last week that the operation of a Gibraltar-based gambling website constitutes a criminal offence in Israel under Israeli law (Israeli Police v. Michael Carlton (in Hebrew)). The website, is based in Gibraltar, where gambling is legal. Judge Abraham Hyman reasoned that the website targeted Israeli customers by providing a Hebrew interface and advertising on billboards in Israel, and is therefore deemed to have operated in Israel, despite the foreign location of its web servers and corporate headquarters. Judge Hyman added, that in the context of online commerce the locus of the activity is the end user’s PC (country of destination rule), as opposed to the Website’s servers or corporate establishment (country of origin rule). Judge Hyman’s decision tackles the dense problem of personal jurisdiction in the online environment. The law usually allocates jurisdiction according to the geographical location of the activity or one of the parties (typically, the defendant). Yet, as Joel Reidenberg once explained, “the entire architecture of the Internet is based on the principle of geographic indeterminacy”. Determining where a particular action took place (between websites, advertisers, hosts, servers, routers, end users’ PC) is very difficult in cyberspace. Indeed, Michael Geist named his 2001 article on the subject “Is There a There There? Toward Greater Certainty Internet Jurisdiction” (BERKELEY TECH. L.J. 1345 (2001)), questioning whether any useful distinctions can be made based on geographical location in cyberspace. The Israeli court’s application of a country of destination rule is not surprising, particularly given this was a matter of consumer protection and criminal law, where the law of the forum typically prevails. Judge Hyman referred to the Yahoo v. LICRA affair, where Yahoo sought protection from an American court against enforcement of a French court’s judgment for violation of French laws prohibiting the sale of Nazi-era memorabilia. Judge Hyman effectively applied a “targeting test”, imposing jurisdiction due to the Website’s “purposeful availment” of its services in Israel. The targeting and purposeful availment tests are taken from US jurisprudence on the topic, namely the oft-cited Zippo test (Zippo Mfr. Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119 (W.D. Pa. 1997)), the Calder test (Calder v. Jones, 465 U.S. 783 (1984)), and Professor Geist’s own contractual  and technological targeting tests. The problematic aspects of such extensions of jurisdictions are clear: criminalizing activities which may be legal where performed, issuing unenforceable decisions (e.g., the Yahoo case itself), and instigating potential diplomatic incidents.

Googled to prison?

January 30, 2007

Privacy and data protection in search engine data has taken center stage last year, with the unfortunate revelation by AOL of detailed search records of over 600,000 users (ultimately leading to the resignation of the company’s CTO), and Google’s legal battle with the US government over use of search logs for law enforcement purposes (See US District Court decision, accepting the governments request for data in part, here). Search engines collect a massive amount of highly personal data concerning our interests, hopes, desires, health, finances, travel plans, job searches and more. This invaluable asset attracts the interest not only of the government, but also of private litigants (e.g., copyright enforcement by the music industry, husband-wife custody battles), advertising companies and hackers. Hence, for example, in a recent 7th Circuit Court of Appeals case, a wireless hacker was convicted based on his Google search records. In a North Carolina case last year, a man was found guilty of murder in part because he searched for the words “neck,” “snap,” “break” and “hold” before his wife was killed. The Norwegian press reported yesterday that the Norwegian Data Protection Authority is investigating Google’s vast data storage pratices. Google responded that it can only link a search request to an IP address, not to the individual person behind such address, and in any event is not willing to pass on such information to others. The problem is that Google (and other search engines, for that matter) can personalize the data by use of cookies and additional services, such as the ubiquitous Gmail, and that even anonimized data may be linked to individuals, as illustrated by a NYT reporter in the AOL case. (I am lecturing on the topic at the upcoming annual meeting of the Israeli Internet Association on February 19).

Judges Cite Wikipedia

January 30, 2007

My students must love this: according to the NYT, courts are increasingly citing Wikipedia in judicial decisions. More than 100 judicial rulings have relied on Wikipedia beginning in 2004, including 13 from circuit courts of appeal. The Supreme Court thus far has never cited Wikipedia. As far as judges go, they don’t get much more conservative than Richard Posner of the United States Court of Appeals for the Seventh Circuit in Chicago. So if even Judge Posner says — “Wikipedia is a terrific resource. Partly because it so convenient, it often has been updated recently and is very accurate” — law students can probably be expected to do so too.

Senator Clinton: Putting Privacy on the Agenda

January 29, 2007

Wired reports Hillary Clinton has placed privacy and data protection on her Presidential candidate agenda. Senator Clinton supports a “Privacy Bill of Rights“, which would protect citizens’ right to know what’s being done with their personal information, and offer consumers an unprecedented level of control over how such data are used. Quite a refreshing notion after the Bush administration’s approach to this fundamental right. Indeed, perhaps as a countermeasure to Bush’s notorious USA-PATRIOT Act, Senator Clinton announced she will introduce the PROTECT Act (Privacy Rights and Oversight for Electronic and Commercial Transactions Act) to enact this Bill of Rights. Under the proposed Act,  consumer information will be shared only when consumers “opt-in”, consumers will be notified immediately if their credit or identity is compromised, and they will have a cause of action for damages if their privacy rights are violated. In addition, the Act would recreate the position of a high-level privacy czar, charged with oversight into the workings of government departments and the power to make sure privacy laws are followed. This position was last held by current Ohio State University law professor Peter Swire, under Senator Clinton’s husband’s tenure as president. 

Big Brother’s Little Brother: Your ISP

January 25, 2007

The US is debating proposed legislation requiring Internet service providers to retain data concerning user traffic for law enforcement purposes. Privacy advocates’ strong opposition to such “data retention” requirements aligns them, oddly enough, with ISPs, which fought similar requirements in Europe. ISPs are concerned with the cost burden of the mass storage and with commercial and legal difficulties such retention poses for their relations with customers. The EU adopted a new Data Retention Directive in March 2006, following the UK’s push after the London terrorist attacks. The government usually points to terrorism and child pornography as the ultimate evils which must be eradicated by online snooping. This is true, yet massive data retention subjects the vast majority of Internet users, who are innocent, to serious privacy risks. Indeed, in a precedential decision, a New Jersey state appeals court held yesterday that computer users can expect the personal information they give their ISP to remain private. A three-judge panel held a computer user whose screen name hid her identity has a “legitimate and substantial interest in anonymity,” referring to an “informational privacy” right in the state Constitution.


RFID: A chip on your shoulder

December 17, 2006

One of privacy advocates‘ prime suspects have long been RFID systems, enabling data to be transmitted via a portable device, called a tag, to an RFID reader and processed according to the needs of a particular application. RFID, which started as a benign replacement of the barcode, allowing Wallmart to perfect its inventory control process, is increasingly appearing in privacy-compromising applications. Last week, U.S. Department of Homeland Security Secretary Michael Chertoff defended national ID cards, established by a federal law called the Real ID Act in May 2005, as vital for security and consistent with privacy rights. Among other concerns, national ID cards may carry RFID tags, despite a recent DHS advisory committee report advising against using RFID for tracking humans. More prosaic, a report by researchers at the University of Washington warns against surreptitious surveillance of joggers by their Nike+iPod Sport Kit, which consists of an RFID chip. The EU Article 29 Working Party has last year warned against the dangers of RFID in an official report. The bigger problem lurking behind RFID is that of privacy in an age of ubiquitous computing, where every object, not only cellphone but also table or spoon, is a computer. 

“International Law: Between War and Peace”

December 7, 2006

mishp.jpg The definitive hebrew textbook on public international law? With “International Law: Between War and Peace” (Ramot 2006), Orna Ben Naftali and Yuval Shany (College of Management School of Law and Hebrew University Faculty of Law, respectively) make an invaluable contribution to a field more important and relevant in Israel than, perhaps, anywhere else in the world.

Spam goes “Bam”

December 7, 2006

Bill Gates predicted spam would be a thing of the past by 2006. Well, it is making a big comeback after an off year in 2005. In the last six months, the problem has gotten measurably worse. The NYT reports worldwide spam volumes have doubled from last year and unsolicited junk mail now accounts for more than 9 of every 10 email messages sent over the Internet. The negligible costs of orchestrating an attack and significant trouble of preventing one do not help. For an overview of anti-spam legislation see David Sorkin’s Spam Laws.

The DHS presents: ATS

December 5, 2006

The US Department of Homeland Security revealed its new big data mining program: the Automated Targeting System (ATS), successor to the former Total Information Awareness (TIA), Computer Assisted Passenger Pre-screening System (CAPPS-2) and “Secure Flight” programs. For the past four years, ATS has assigned millions of international travelers, including American citizens, computer-generated scores rating the risk they pose of being terrorists or criminals. The scores are assigned to passengers entering and leaving the US after computers assess their travel records, including where they are from, how they paid for tickets, their dates of birth, motor vehicle records, past one-way travel, frequent flier account details, hotel accommodations, meal requests  and seating preference. Privacy advocates are responding with alarm.