Computer Law & Security Report Premium Article Archive

This Premium Article Archive offers the last 12 months of articles from Computer Law and Security Report. Each summary takes you through to our Science Direct Pay Per View service which will allow you to buy 24 hour access to the article for just $30.

NB. Subscibers to this publication can view these articles for free through the subscriber zone.

Like to subscribe? Click here for details

Tracking developments in EU law relating to IP, IT and telecommunications - Vol 21 (2005) no 4

Computer Law & Security Report
Volume 21, Issue 2

Foundations of computer forensics: A technology for the fight against computer crime

With the rapid advance in computer and network technology, computer-based electronic evidence has increasingly played an important role in the courtroom over the last decade. Computer forensics, a growing discipline rooted in forensic science and computer security technology, focuses on acquiring electronic evidence from computer systems to prosecute computer crimes, national security threats, and computer abuse. It has lost its mystique as a technique used solely by law enforcement and intelligence agents, and has become a popular and powerful application employed by corporations for civil disputes, employee terminations, and intellectual property proceedings. This article provides an introduction to computer forensics and outlines the associated inspection steps.

Computer Law & Security Report
Volume 21, Issue 2

Identity theft in an online world

With the aid of an example case of identity theft used to perpetrate an apparent benefits fraud and consideration of other undesirable online activities, the authors examine the motives and methods of Internet-based identity theft. Consideration is given to how such cases may be detected, investigated and prevented in the future. The problem of trust relationships and validation of identity tokens is discussed and recommendations for the prevention of identity theft are given.

Computer Law & Security Report
Volume 20, September/October 2004

Using technology to protect copyright works

Significant changes were made to copyright and neighbouring rights by the Copyright and Related Rights Regulations 2003, implementing Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society.1 The main thrust of the Directive (itself a response to the WIPO Copyright and Performances and Phonograms Treaties) was to bring copyright and other rights up to date to reflect technological change in particular, though not limited to, the use of the internet as a means of disseminating and exploiting copyright works and other subject matter. Although the Directive should have been implemented by 22 December 2002, the Regulations did not come into force until 31 October 2003. This was largely a reflection of the scale and complexity of the changes brought about by the Directive. This article reviews the implementation that has occurred.

Computer Law & Security Report
Volume 20, September/October 2004

The protection of databases under EU and US law – the sui generis right as an appropriate concept? Part II

The continuation of Jorg Hladjk's article analysing the legal protection of databases in the EU and US and particularly the economic effects of the new sui generis right.

Computer Law & Security Report
Volume 20, September/October 2004

The world's current legislative efforts against cyber crime

We now know and understand the problem; cyber crime. We have experts all over the world developing ways to stop and track it. The problem now becomes: how do we fight this international problem? The very strength of cyber crime is the very weakness of our efforts to control it: being able to cross international lines. A click of a button can digitally transport thieves and terrorists 5 000 miles and across 20 borders. Attempting to monitor and prosecute these type of criminals is possible but requires cooperation across those borders; cooperation that the criminal need not acquire. A system needs to be developed that will allow nation victims of cyber crime to swiftly prosecute these criminals without stepping on the toes of another nation's sovereignty. Nations must have in place their own domestic cyber laws but must also have a system that allows for collaboration with other countries. Many systems have emerged globally and many of the big pieces may already be in place to harmonize cyber law worldwide.

Computer Law & Security Report
Volume 20, July/August 2004

The protection of databases under US and EU law

Sui generis right as an appropriate concept? – Part I – US law

Computer Law & Security Report
Volume 20, July/August 2004

Data protection and business sales – risks and solutions?

Buying and selling businesses can create some difficult data protection issues. How can the seller, for example, disclose employee and customer information to prospective buyers for due diligence purposes without breaching the Data Protection Act? To what extent can customer data collected by the seller be used by the buyer for new or different purposes going forward? Similar issues arise in outsourcing transactions where the outsourcing service provider may want access to employee or other data to conduct due diligence. In this article, we examine the key data protection rules and identify pragmatic solutions to manage these risks.

Computer Law & Security Report
Vol 20 (2004), no 4

Software licensing under the competition law spotlight – the new technology transfer block exemption
Mark Turner1 and Dominic Callaghan

The new technology transfer block exemption regulation ("the new TTBER") came into force on 1 May 2004. For the first time software copyright has been bought within the block exemption. The new TTBER radically reforms the treatment of technology agreements under EU competition law. It thrusts software licensing firmly into the competition law spotlight and will lead to a closer scrutiny of the background to software licences and of individual provisions. This article examines the new rules and explores the issues involved.

Computer Law & Security Report
Vol 20 (2004), no 4

Press reigned in by House of Lords decision
Marcus Turle

On 6 May 2004 Naomi Campbell walked victorious from the House of Lords [Campbell (Appellant) v MGN Limited (Respondents)] after successfully claiming against the Daily Mirror for invasion of privacy.

Computer Law & Security Report
Vol 20 (2004), no 3

"The voice of reason" … finding middle ground in IT contracts
Kit Burden, Report Correspondent, Co-Head

As most IT-focused lawyers will confirm, there are a number of contract provisions which will almost always be the subject of debate during negotiations. Whilst describing a particular approach as being in line with "market practice" is not necessarily the best tactic to adopt, it is nonetheless helpful to have in mind the kinds of compromise positions which have been commonly reached in other circumstances, so as to get a feel for where the middle ground may be. principles.

Computer Law & Security Report
Vol 20 (2004), no 3

International data transfers between the United States and the European Union: are the procedural provisions of the Safe Harbor solution adequate?
Alexander Zinser Dr., jur, LLM, Senior Attorney

Data transfers out of the European Union are only admissible if the third country ensures an adequate level of protection. With regard to the United States, organizations may adhere to so-called Safe Harbor principles whereby an adequate level of protection is admitted. This article reviews the relevant procedural provisions on granting the Safe Harbor status. It concludes that the current system does not really safeguard compliance with the Safe Harbor principles.

Computer Law & Security Report
Vol 20 (2004), no 3

Validating identity for the electronic environment
Stephen Mason, Barrister

Many politicians the world over consider that it is cheaper and more effective for government agencies to communicate with citizens electronically, via the internet, in the future. For example, it will be compulsory for all businesses in the United Kingdom to submit certain types of End of Year Returns electronically by 2010. However, the fraudulent use of individual identity has increased at an alarming rate. The use of electronic communications and reliance upon electronic databases poses serious problems relating to the validation, verification and authentication of identity in the electronic environment. This article will consider some of the implications surrounding the issues relating to the identification of a person. It does not consider the authentication of the computer application.

Computer Law & Security Report
Vol 20 (2004), no 3

The Court of Appeal's interpretation of "personal data" in Durant v FSA – a welcome clarification, or a cat amongst the data protection pigeons?
Simon Chalton, Solicitor and Consultant

This article considers the effect of the Court of Appeal's judgment in Durant v FSA on the scope of data protection regulation, and the possibility of conflict with EU Directive 95/46.

Computer Law & Security Report
Vol 20 (2004), no 2

Carnivore in an ECHELON world - Part II
Talitha Nabbali, BSc (Hons) Graduate 2002 and Mark Perry, Assistant Professor Faculty of Science (Computer Science) Faculty of Law

Carnivore is a surveillance technology, a software program housed in a computer unit, which is installed by properly authorized FBI agents on a particular Internet Service Provider's (ISP) network. The Carnivore software system is used together with a tap on the ISP's network to "intercept, filter, seize and decipher digital communications on the Internet". The system is described as a "specialized network analyzer" that works by "sniffing" a network and copying and storing a warranted subset of its traffic. In the FBI's own words "Carnivore chews on all data on the network, but it only actually eats the information authorized by a court order". This article, in two parts, provides an overview of the FBI's Carnivore electronic surveillance system.

Computer Law & Security Report
Vol 20 (2004), no 2

The airline passenger data disclosure case and the EU-US debate
María Verónica Pérez Asinari, Researcher and Yves Poullet, Dean of the Faculty of Law, Director of the CRID

In the aftermath of the events of 11 September 2001, decisions have been taken unilaterally by US authorities requiring air line companies to provide direct access or transfer of data concerning passengers and cabin crews flying to, from or within the US to certain US administrations. These decisions have been challenged by EU authorities insofar they constitute a violation of EU privacy and personal data protection law which is considered to be of public order. The debate is still pending. This article will comment on this complex and multi-featured discussion opposing two fundamental societal values: on the one hand, the right of the citizens to be protected from terrorism and the obligation of a sovereign State to fight against it and safeguard public security, [1] and on the other hand, the individuals' right to personal data protection and privacy and the obligation of the EU, in the light of international and supranational commitments, to protect them in this arena. After a short presentation of the US decisions and their context, the authors will analyse the EU position, its claim for adequate personal data protection to be ensured by the US authorities and the legal grounds for this position. Finally, a synthetic approach to the adequacy of the US decisions vis-à-vis the EU legal provisions will be proposed.

Computer Law & Security Report
Vol 20 (2004), no 2

Implementation of the e-Privacy Directive in the UK – understanding the new rules
Colleen Donovan, Partner

Any legislation implementing EU rules in an area of developing technology is bound to bring with it questions of interpretation. The UK's Privacy and Electronic Communications (EC Directive) Regulations 2003/2426 (which implement the e-Privacy Directive (2002/58/EC) and replace 1999 Regulations implementing the Telecoms Data Protection Directive (97/66/EC)) are no exception, particularly in relation to direct marketing communications, on which subject the e-Privacy Directive lacks clarity in several key areas. This article explores the new rules and assesses their implications.

Computer Law & Security Report
Vol 20 (2004), no 1

Regulation of electronic communications networks and services in the UK – Part II
Andrew Sharpe and Charles Russell

Part I of this Article dealt with the general conditions of entitlement (the "General Conditions") published as part of the authorisation regime introduced to regulate electronic communications networks and services ("ECNS") under the Communications Act 2003 (the "Act") as at 1 September 2003. This Part II will cover the other changes to the regulation of electronic communications that the Act introduces. In particular, it will deal with OFCOM's enforcement powers, the new disputes and appeals procedure introduced by the Act, the notification and administrative charging regime that replaces the Telecommunications Act 1984 ("T Act") licence fees regime and the replacement of the T Act Telecommunications Code with the Electronic Communications Code. It will also cover the changes to the regulation of spectrum, including the introduction of spectrum trading and the grant of recognised spectrum access, included in the Act. Lastly, this Part II will also pick up on any developments in the General Conditions since the publication of Part I and any other regulation developments up until 7 November 2003.

Computer Law & Security Report
Vol 20 (2004), no 1

Draft directive on the patentability of computer-implemented inventions

The European Parliament's amendments - have the proposals been wrecked?

Alexander Batteson

This article explores the current state of play in the attempts by the European Commission to secure the passage of the proposed directive on computer implemented inventions.

Computer Law & Security Report
Vol 20 (2004), no 1

UK implementation of the Copyright in the Information Society Directive
Trevor Cook

On 31 October 2003 the Copyright and Related Rights Regulations 2003[1] ("the Regulations"), which implement EC Directive 2001/29/EC on the Harmonisation of Certain Aspects of Copyright in the Information Society ("the Directive"), came into force. They extensively, and yet further, amend the Copyright Designs and Patents Act 1988 ("the Act"), the increasingly ragged patchwork of a statute which reflects the ravages wrought over the last decade on UK copyright law by the harmonisation programme of the European Commission in this area. This article reviews the UK's implementation and concludes that there is still work to be done at Community level.

Computer Law & Security Report
Vol 19(2003), no 6

Regulation of electronic communications networks and services in the UK – Part I
Andrew Sharpe and Charles Russell

This Article sets out in detail the authorisation regime introduced to regulate electronic communications networks and services under the Communications Act 2003, with Part I setting out the general conditions of entitlement as at 1 September 2003. The Act also provides for the regulation of spectrum use, including the introduction of a power to develop new mechanisms to enable spectrum to be traded and a scheme of recognised spectrum access. These matters will be covered in Part II.

Computer Law & Security Report
Vol 19 (2003), no 2

Cyber Crime - A new breed of criminal?
Kit Burden and Creole Palmer

The "cyber criminal" sounds like a term to be applied to someone from a William Gibson book, and yet is all too real, and on a day to day basis wreaks havoc in our increasingly online world. In April 2001, the Government responded to this threat by announcing a $25 million initiative involving the creation of a National High-Tech Crime Unit to counter the growing use of the Internet for criminal activity. The online world is becoming increasingly vulnerable to criminal activity with 43% of the public identifying cyber crime as a `problem'.

This article accordingly seeks to summarize the key areas of online criminal activity in order to summarise the types of crime which we are dealing with, and to seek to place them in an appropriate context in which their impact can be judged.

At the outset, we should seek to distinguish between "true" cyber crime (i.e. dishonest or malicious acts which would not exist outside of an online environment, or at least not in the same kind of form or with anything like the same impact), and crime which is simply "e-enabled" (i.e. a criminal act known to the world before the advent of the worldwide web, but which is now increasingly perpetrated over the Internet).

Computer Law & Security Report
Vol 19 (2003), no 2

European and American Privacy: Commerce, Rights and Justice - part II
Carter H. Manny

In a commercial context, there are strong moral arguments in favor of personal privacy using either a rights-based analysis or a justice-based analysis. The gap between European and American thinking about legal protection for personal privacy is partially explained by the emphasis that Europeans place on a rights-based approach, and the different way in which that approach is interpreted in the United States. This article suggests that the philosophical gap could be narrowed by placing greater emphasis on moral principles of justice in the European- US privacy dialogue. Part I of this article appeared in the last issue.

Computer Law & Security Report
Vol 19 (2003), no 1

European and American Privacy: Commerce, Rights and Justice - part I

Introduction
Governments in Europe and the United States have taken different approaches to protection of consumer privacy. Europe has comprehensive privacy statutes known as data protection laws covering all private and governmental organizations which collect and use personal data. Each European law is administered by state or national data protection agencies. Although the US has a privacy statute which applies generally to the federal government,1 there is no comprehensive privacy law covering the private sector. Instead, privacy is protected through a patchwork of sector-specific statutes, industry self-regulation and market forces.

Computer Law & Security Report
Vol 18 (2002), no 6

Electronic Workplace Privacy in France
Nancy E. Muenchinger

Electronic workplace privacy has emerged as a legal issue in France, coinciding with growth in the use of Internet, including its most popular feature, electronic mail, in the working environment. The article explores French policy towards the issue and where matters stand at present.

Computer Law & Security Report
Vol 18 (2002), no 5

Damned if you do, Damned if you don't? A look at data retention policies in the aftermath of Enron
Rowan Middleton and Herbert Smith

"...an unparalleled initiative was undertaken to shred physical documentation and delete computer files..... A systematic effort was also undertaken and carried out to purge the computer hard-drives and email system of Enron-related files".1 This was the claim made by the Department of Justice against the bankrupt energy company, Enron's auditor, Arthur Andersen, LLP. Andersen hotly contested this and the other allegations made against it, claiming that the indictment was "wholly unsupported by the facts".2 The jury disagreed and on 15 June 2002, found it guilty of obstructing the course of justice. This article explores the impact of the case on data retention policies under UK law

Computer Law & Security Report
Vol 18 (2002), no 4

The Evidential Issues Relating to Electronic Signatures - Part II
Stephen Mason

Both the Government and industry are keenly promoting the use of electronic signatures. It is assumed that the widespread use of electronic signatures will encourage greater use of the Internet as a means to buy goods and services. This article, in two parts, looks at the evidential issues relating to electronic signatures, and illustrates the weakness of the infrastructure which, in turn, highlights the risks that both users and recipients encounter when using electronic signatures.

Computer law & Security Report
Vol 18 (2002), no 3

The Evidential Issues Relating to Electronic Signatures - Part I
Stephen Mason

Both the Government and the industry are keenly promoting the use of electronic signatures. It is assumed that the widespread use of electronic signatures will encourage greater use of the Internet as a means to buy goods and services. This article looks at the evidential issues relating to electronic signatures, and illustrates the weakness of the infrastructure which, in turn, highlights the risks that both users and recipients encounter when using electronic signatures.

Computer Law & Security Report
Vol 18 (2002), no 2

Intellectual Property Issues in E-Learning
Gabriela Kennedy

The growth in the distance education market is leading to the commodification of education. Education is nowadays available beyond school, college and university, on CD-ROM or online.1 Private sector partners in joint ventures with traditional universities are entering the distance education/e-learning market and are competing with traditional universities. Several types of intellectual property rights are bundled in distance learning courses. Written texts or drawings attract copyright; special technology or business methods for the course may attract patent protection. Finally, the ultimate packaging and branding of a distance/e-learning course is an essential factor on which the effective marketing of the course depends. Traditionally, universities developed intellectual property policies that, by and large, dealt with inventions. The legal challenges of apportioning copyright in distance-learning materials and of managing trademarks and brands effectively are just beginning to be appreciated. These issues are discussed below.

Computer Law & Security Report
Vol 18 (2002), no 1

Europe in the E-economy: Challenges for EU Enterprises and Policies
Patrick Vittet-Philippe, Expert Advisor DG Enterprise

Europe is in the middle of an e-business revolution. Driven by information and communication technologies (ICTs), this revolution is not merely about technology. Nor is it simply about cutting costs and improving production processes. It is about radical structural changes in the economy -- changes within companies and in the relationships between companies; changes in the traditional roles of intermediaries, customers and competitors, changes in the way value is created. This article explores the challenges for the EU e-economy and what needs to be done in terms of policy development to compete in the new environment.