Version 2/27/07
Support Material: Hackers, Hits and Chats
Keyterms: business models, click fraud, copyright, cybersquatting, free software, identity theft, intellectual property, IP Address, ISP, keywords, license, open source, pay per click, patent, phishing, privacy, rfid, scalability, streaming media, trademark

Law Privacy and Security Issues


The internet is a global marketplace without a truly global set of rules. Rules (laws) are typically set at the nation / state level, and harmonizing those rules at the global level is a complicated process. Without a truly global set of rules, the development of the internet as a global marketplace is impacted. Countries with the least prohibitive set of laws will tend to draw companies that want to exploit those laws in order to do business, as it really matters little where a business is set up, when it plans to operate on the global internet. This has occured for businesses that are registered in states and countries with less onerous tax codes for example.

Global agencies such as UNCITRAL and the WTO attempt to harmonize rules that are important to the functioning of the global internet. Whether these are rules with respect to intellectual property rights (first to file versus first to use with respect to trademarks for instance); freedom of speech and e-commerce in general (contracts and digital signatures: What Does It Mean When You Click: I Agree?: e-commerce contracts, digital signatures).

Specific Laws that have been developed to address the internet have been primarily targeted at copyright and the protection of children (which has in turn become a freedom of speech issue). These laws include:


Who has juridiction over transactions over the internet is a complicated question. Prior to the internet, most transactions occured with the physical presence of both the buyer and the seller, within one specific jurisdiction. The very nature of the internet creates scenarios where multiple jurisdictions are likely to be 'involved' in any single transaction. It will be important to note: Two and three may well be in the same jurisdiction, but there are good reasons why a business may want to host its servers in a location other than where the business is registered. These reasons include cost, the need to protect the data from a local government (Google has recently moved data out of China), and the need to move data from an IP address that has been 'blocked'.

Thus now a customer can be based in the UK, purchasing from a US-based business, whose servers are actually based in Australia.

If a chinese national, traveling in Russia, sends a communication, while in Moscow, to an Australian national, who receives the communication while traveling in the UK, who has legal jurisdiction ? Note, the communication, while traveling through the internet, travels via ISPs based in the US.

If a US national, gambles online using a site that is based in a jurisdiction where online gambling is legal, who has broken the law, the site or the US national ?

Content Filtering

Given that customers are liable to abide by their local laws it would make sense to use some form of filtering at the local level (customer's ISP for instance) to make sure the content that can be accessed by the customer is appropriate for the local laws. This is a stance adopted by more restrictive regime's such as China and Burma, but has not been implemented with any degree of success in a more open society such as the United States.

The reasons for the lack of adoption of filtering technologies on a broad level are twofold:

  1. They are somewhat ineffective

  2. They change the role of the ISP to that of a publisher, which changes their liability
The ineffectiveness stems from two aspects: Internet Filter : Censorship in cyberspace

Two Industries: Pornography: Gambling

Online Gambling
The US has onerous gambling laws and is also attempting to make online gambling illegal, even with sites that are based in jurisdictions where online gambling is legal. The US complains that online gambling potentially enables money laundering. Online Gambling-General Legal Issues

The issues related to jurisdiction allows businesses to operate in legal environments that are less of a burden, even if the business itself would create legal concerns in the home state of the customer. The US is also attempting to make it illegal for these sites to accept payments from US-based credit cards, in order to curb their ability to gain customers from the US.

The United States has pretty limiting gambling laws. Other parts of the world do not. Online gambling sites generate about $12 b in revenue from the US as these sites allow US citizens to do something they are not able to do in the physical world around them.

Internet Pornography
As we have discussed previously, the Porn Industry has been a pioneer in many aspects of internet development. This ranges from the development of early business models; security and privacy issues and the development of streaming media. The industry does however present major concerns from a legal standpoint. The three broad legal issues it faces are:

  1. Prohibition of types of porn in various jurisdictions

  2. Accessibility of porn to those underage

  3. Age of the models

For the first issue the biggest concern is Child Pornography, which most jurisdictions agree is unlawful. Some jurisdictions do disagree as to what consistutes the legal age of a child however (16 or 18); which creates a problem for images of models under 18 (over 16) that can be viewed in the US for instance.

A major issue for Porn sites is how to verify the age of the customer. Using a credit card is one method, on the assumption that ownership of a credit card implies a specific age. Sites also have customers 'click' on age verification agreements, but of course anyone can click on a notice online. There are third party sites that can be used as a clearinghouse to verify age, but really this is an area which has not proved conclusive. The physical nature of purchasing porn in an offline world provides much more tangible proof for age verification.

Sites also need to verify the performers that are used are of legal age.

Internet Pornography-Legal Status


Internet Fraud is a significant cost to business and consumers online. Fraud can range from Click Fraud, which is designed to manipulate pay per click programs; Hurricane Katrina fraud, costing aid agencies significantly by posing as benevolent funds; Nigerian Scam (the movement of large sums of money out of a country like Nigeria, which requires the receiver pay a small downpayment in order to share in the imaginary windfall); and phishing used for identity theft. Internet Fraud exploits the anonymity of the internet and the scalability of communications.

Intellectual Property

It is critical that IP laws are robust around the world to creat global commerce. Abuse of intellectual property rights has led to excessive piracy of software and music in certain parts of the world such as China. It is estimated that piracy costs the software industry about $30 b per year (a third of software in use has been pirated). There has been some debate about the "victimless crime" nature of software piracy, and the benefits piracy has on the industry in terms of distribution. Others also argue that all software should be free.

The three elements of intellectual property are:

Copyright provides rights to the author of a piece of work over a specific period of time. Specifically software (written code), books, music and films. Authors use a license to describe the use of the "property". Copyright protection is typically provided for a fixed period of time, and there is a 'fair use' clause that allows the use of the property in certain cases. For example, I am able to write notes about the books we use for this course as a result of the fair use clause.

Google has recently caused much consternation with its proposed Book Project, which is designed to copy and catalog libraries of books. This project is designed to allow users to easily search books and get extracts of content from books as a result of the searches. Opponents of the project cry copyright foul. In a related case Perfect 10 is suing Google over use of thumb nail images that Google uses for search. perfect 10 claims this damages their ability to sell these into the cell phone market.

A more unusual 'movement' on the internet is the free software movement, also known as open source. They use special licenses for their work that ensures the work remains 'free'. While copyright is designed to offer protection to authors, and therefore provide incentive to innovate, a belief of the free software movement is that this protection actually stifles innovation by removing the work from open access for others to innovate. Successful free software projects include Linux and Firefox.

Patent protects an invention, a process. Thus it matters little how the invention was created (the code), it is the process itself, the outcome, that is protected. Patent protection has received considerable criticism in software development, due to the trivial nature of some of the patents granted, and the ability to acquire patents for processes that have yet to be developed (essentially stifling access to innovation in certain markets).

Amazon has been criticized for the former with its one click purchase process. It has since changed its philosophy on the use of patents. RIM (Blackberry) has recently settled its Patent case with NTP. NTP acquired a Patent for a process it had not developed, in the early 1990s. This process was developed with the popular Blackberry service, which then fell victim of a lawsuit from the original patent holder. NTP has been accused of being a patent troll.

Trademark provides the rights of the owner of a name, symbol, mark for protection to avoid consumer confusion. This applies specifically in the acquisition of domain names that are appropriate for a business' trademark. Trademark protection has typically resided at the nation state level, and the global nature of the internet has caused problems with the use of certain domain names. A secondary issue is the difference in countries with respect to "first to use" versus "first to file".

Cybersquatting is the behaviour of acquiring a domain name with the intention of reselling to a third party which has a higher perceived value for that name, or to exploit 'traffic' that domain name generates based on consumers' presumption of the purpose of the domain name. Much cybersquatting is to exploit the need for trademark holders to acquire their appropriate domain names. Domain names are a limited resource and efforts have been made to expand the top level domain (TLDs) to offer the ability for multiple companies to acquire the same name with a different TLD. Clearly the .com is the perceived standard, and companies that acquire domains with different TLDs without the acquisition of the .com can lose traffic to its .com alternative. The White House falls victim to this problem.


Many of the privacy issues are covered in Chapter 8 of Search.

Who owns your personal date. The following includes a great discussion highlighting issues such as:

BJ's Wholesale Club Settles FTC Data-Protection Complaint highlights a case where a company had lax data protection processes in place. Crackers were able to access customer accounts, names, SSNs etc. and set up credit cards based on this information. The Leaky Corporation discusses this incident and the FTCs response to this case.

RFID TAGS - - IF YOU HAVEN'T HEARD OF THEM, YOU SOON WILL and like many other technologies RFID is a potential cause for concern for privacy advocates, some would argue much more vigorously the negative outcomes.

privacy versus personalization

California's "Shine the Light" Law Goes into Effect Jan. 1, 2005

online privacy US versus Europe: EU OKs Spam Ban, Online Privacy Rules


Viruses Key issues:

How the following are different from viruses and how we can protect against them: Dangers of downloading software from the internet. Common Spam techniques to trick users into opening malicious code. What Norton Security/Zone Alarm does What Norton Security/Zone Alarm doesn't protect against (eg. Difficulty of Trojans, key loggers) Cookies. Privacy issues Third party cookies Passwords, automatic screen locks General Password Construction Guidelines Poor, weak passwords have the following characteristics: Strong passwords have the following characteristics: Passwords should never be written down or stored on-line. Try to create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation. Here is a list of "dont's": If someone demands a password have them call someone in the Information Security Department. Do not use the "Remember Password" feature of applications(e.g., Eudora, OutLook, Netscape Messenger). Again, do not write passwords down and store them anywhere in your office. Do not store passwords in a file on ANY computer system (including Palm Pilots or similar devices) without encryption. Change passwords at least once every six months (except system-level passwords which must be changed quarterly). The recommended change interval is every four months. If an account or password is suspected to have been compromised, report the incident to the IT team and change all passwords. Credits: This is based on the security templates from