Internet Law News this morning reports that Australia will propose national legislation to criminalize identity theft.

I am not sure I understand the story. Presumably Australia has laws against fraud. The story mentions using another person’s credit card and stealing personal information to open bank accounts and take out loans in the name of the victim. Would not such actions already be illegal? They certainly would be here.

It is arguable that it should be illegal simply to acquire the personal information, without actually using it – but then would protective or limiting measures be needed to prevent abuse, or . . . [more]

The Register has an interesting report on crimes in virtual worlds.

According to a study [PDF] by the European Network and Information Security Agency (ENISA), there is a lot of crime in virtual worlds, and it can be lucrative.

Quoth the author of the study: “While annual real-money sales of virtual goods is estimated at nearly €2bn ($2.51bn) worldwide, users can do very little if their virtual property is stolen. They are a very soft target for cybercriminals.”

There is of course an action plan – indeed a 12-step program – one step of which is “Clarification of virtual property . . . [more]

An English court has recently held that the fact that a defamatory comment has been published online does not mean that anyone has read it. The plaintiff must show that the comment has been accessed as well.

In the English case, Brady v. Norman [2008] EWHC 2481 (QB), described on OutLaw.com, the question was one of qualified privilege, and whether some people without an interest in knowing the information had nevertheless been given access to it.

While this is reminiscent in some ways of the Bangoura case in Ontario, where the only visitors to the online defamation appeared . . . [more]

The Australian government has just started a public consultation on the desirability of ratifying the UN E-Communications Convention in that country. The page containing the public notice also offers a link to the consultation paper in PDF or Word.
The American Uniform Law Commission (formerly NCCUSL) has a Committee to study implementation of the Convention in the US. The working group met recently to discuss options for implementation.
In Canada, there appears to be little action since the Uniform Law Conference meeting on the topic in August. Professor Gautrais’ paper on the impact of the Convention on Quebec law [PDF] . . . [more]

According to Out-Law.com this morning:

Companies have to provide a means of contact on their websites in addition to their postal and email addresses, the European Court of Justice has ruled. A telephone number, or a contact form that is answered within 60 minutes, were deemed acceptable.

This holding flows from the E-Commerce Directive, which says that companies:

"shall render easily, directly and permanently accessible to the recipients of the service and competent authorities, at least the following information:

(a) the name of the service provider;

(b) the geographic address at which the service provider is established;

(c)

. . . [more]

European courts have had something to say lately about whether disclosing encryption keys would amount to self-incrimination, and whether disclosing an IP address involved an undue disclosure of personal information.

An English court (R. v. S and A [2008] EWCA Crim 2177) held that compulsory disclosure of an encryption key was not improper. Out-Law.com has the story:

"In this sense the key to the computer equipment is no different to the key to a locked drawer," said the judge. "The contents of the drawer exist independently of the suspect: so does the key to it. The contents may

. . . [more]

The states of Nevada and now Massachusetts require that holders of personal information must encrypt that information. Nevada imposes this requirement on businesses with respect to some kinds of information — names associated with social security numbers or various other kinds of access codes. Massachusetts imposes the requirement on everybody and applies it to storage on mobile devices and transmission through open networks.

A memo by the Chicago firm of Wildman Harrold describes both laws and gives citations.

Do we need this kind of rule in Canada? PIPEDA and its provincial counterparts require holders of personal information to keep it . . . [more]

Two stories on cell phones, with a question or two:

1. An article from London Review of Books ("Short Cuts" by Daniel Soar) on how cell phone location records and use records can categorize the users — for marketing, for finding terrorists (or people who may be terrorists …), etc.

Is there a cure for this, besides just using land lines? Or is it a problem, rather than an opportunity?

2. A judicial decision in US district court [opinion of Magistrate Judge | order on appeal] saying that the state needs reasonable and probable grounds before . . . [more]

Badasa v. U.S.: Here's a US immigration case in which the US government offered information from Wikipedia to support its argument about the status of Ethiopian travel documents. The appeals court eventually found that this was not a good source of evidence, and sent the matter back for reconsideration.

ArsTechnica has the story.

Does this sound right to you? Would a print encyclopedia be any better?

I don't see in this story any concern about the hearsay nature of the evidence — like that of any website, pretty well, surely — though that might depend on the use being . . . [more]

The federal, provincial and territorial justice ministers had a meeting for several days this week and in their final press release said, among other things:

Mandatory reporting of child pornography
Ministers agreed that Canada's response to child pornography could be enhanced by federal legislation requiring any agency whose services could be used to facilitate the commission of online child pornography offences to report suspected material.

Will "any agency" include telecoms? ISPs? Search engines? What others?

Will the response to this problem be ehanced by mandatory reporting? …Are the various "agencies" contemplated here now reluctant to assist, so that legislation is . . . [more]

[Slaw editor's note: John Gregory is, among many other things, a Slaw member and also the manager of a highly successful and interesting private email list, ULC_ECOMM, on e-commerce and related matters. He is kind enough to allow Slaw to republish his provocative contributions to that list. We hope that, as they do on his list, they will stir up some discussion here on Slaw.]

Internet Law News today tells us this:

YALE STUDENTS NAME ALLEGED HARASSER IN WEB LIBEL SUIT [Boston.com]
Two female students at Yale Law School who say anonymous, defamatory comments were made about

. . . [more]