Wednesday, January 24, 2007

(Blog alert: Taking Vista By "Storm")

Just a note to say I have updated the Birmingham-InfraGard blog with a couple entries that might be of interest to readers here.

Tuesday, January 23, 2007

Italian Court declares itself Friend of Pirates (or does it?)

I couldn't believe this one.

The Associated Press reported yesterday that Italian high court says file-swapping is not illegal.

In this case, two college students from Turin Politechnic Institute were accused of piracy in 1994, after using the school's network to build a peer-to-peer file sharing network for their classmates.

On January 7, 2007, the Cassation (Italy's equivalent of the Supreme Court) declared that downloading music, videos, and programs from the Internet, even when they are clearly covered by copyright, was not illegal as long as the goal was not distribution for monetary gain.

George Assuma, the President of Italy's watchdog group on copyright law, SIAE (the Italian Society of Authors and Editors), points out that in fairness these students could only be judged by the laws as they stood at the time of their crime. (See his reaction at: Il Presidente Assumma su sentenza Cassazione: Reato downloading non autorizzato di opere.) Since that time, Assuma points out, there are at least four laws which have been added to the court's arsenal which may address these issues more appropriately, not the least of which is the European Union Directive on Copyright, which came into force in October of 2003. But do they help?

A look at the
EU Directive on Copyright shows that Article 5.2(b) says:

in respect of reproductions on any medium made by a natural person for private use and for ends that are neither directly nor indirectly commercial, on condition that the rightholders receive fair compensation which takes account of the application or non-application of technological measures referred to in Article 6 to the work or subject-matter concerned;

So it would seem that this may be a case where the initial panic will subside when people actually understand the true context of the case. The European Directive on Copyright, which would certainly apply in Italy, clearly says that EVEN FOR PRIVATE USE the "rightholder" must "receive fair compensation".

Let's hope the Italians get this cleared up in a way that the Associated Press can understand.


Wednesday, January 17, 2007

First CAN-SPAM Jury Conviction?

Although its not the first conviction under the CAN-SPAM Act of 2003, the AOL phisher conviction this week is still newsworthy. At test? Can a Jury actually understand a spam case.

One of the arguments we've seen repeatedly as we try to get prosecutors to push forward with spamming cases is that they are "too technical" or "too boring" for jury appeal. The convictions so far have been largely based on the fact that, when faced with overwhelming evidence, spammers cop a plea.

So what was this case about?

Jeffrey Brett Goodin, a 45 year old resident of Azusa, California, hacked into a large number of EarthLink accounts (poor passwords and dictionary attacks, I believe), and used those accounts to send emails to AOL users. The AOL customers would receive a spam telling them that their AOL billing information needed to be updated, or that they would lose their service.

Following the link in the email would lead to an AOL phishing site - a fake website that looked very official - which would ask personal questions including their billing information.

Although the headline says "AOL Phisher Faces up to 101 Years in Prison", this blogger bets that on the June 11th sentencing we'll be lucky to see 7 years.

One note on "swift action" . . . Goodin was arrested on January 26, 2006 - so just 10 days short of one year later for a trial.

Goodin, who went by the creative hacker alias "The Hacker", had been a fugitive from the law for four months prior to his ultimate capture. On July 24, 2006, Goodin's photograph was posted on the FBI's "wanted" website as a fugitive. The original arrest press release, which credited the Los Angeles Electronic Crimes Task Force, and the Ontario Police Department with supporting the arrest, said Goodin faced up to 30 years in prison.

The additional charges occurred as a result of crimes committed during his four months of "fugitive" status after failing to appear for his bond hearing, according to this later Press Release from the LA FBI office. The additional charges includes Failure to Appear, and Witness Harassment.

Congratulations all around and all that, but ONE jury conviction in three years? With spam comprising 90% of all the email on the planet? Let's get that fixed!


Saturday, January 06, 2007

Evidence Handling

Just a link to another article where I blog on Birmingham InfraGard:

Best Practices in Electronic Evidence