[kictanet] Day 5 of 10: IG Discussions, Legal Issues

Sat Aug 16 10:17:17 EAT 2008

G8 links!

The introduction to this topic was on the presumption that consumers were the criminals proceeding to outline law enforcement challenges. The most convenient and common form of misrepresenting cyber crimes and law -- first take away all their rights then they struggle to regain one after the other... It is good that Mike presents both sides of the story.
Telecommunication companies hold massive data on all individuals and they ensure that their on their "Terms of Use" and contracts users are "guilty until proven innocent" and the companies are at liberty to do whatever they please with our personal data.   

Consider below extract from a local telecommunication company's Terms of Use: -
------------
5. Use of your information

(The Company) may hold and use information provided by you for a number of purposes, which may include:

(a) Carrying out any activity in connection with a legal, governmental or regulatory requirement on (The Company) in connection with legal proceedings or in respect of crime or fraud prevention, detection or prosecution.

(b) Monitoring or recording of your communications for (The Company)’s business purposes such as marketing, quality control and training, prevention of unauthorised use of  (The Company)’s telecommunications system and ensuring effective systems operation in order to prevent or detect crime. 

---------

"May include" does not mean "limited to" - implying that they are allowed, for example, to share, sell, etc private data to their partners... Exactly what Mike points out to on the Business Week link.  

Framed in ways suggestive of company "law enforcer" (illegal roles) onto "guilty" users. Notice how "Intellectual Property" is conveniently repeated. Or is it be assumed that consumers do not have any "intellectual property" they would wish protected? the companies should abide to also protect. BTW, There is an IGF Dynamic Coalition movement calling for a balance between Intellectual Property and development which includes Access to Knwoledge (A2K).<http://www.ipjustice.org>. Very resourceful!    

Supposing earlier proposed M-Medicine went ahead in East Africa? Sold ailments data to pharmaceutical companies, that would hike medicines prices in outbreak zones at selected locations... You go to a bank with a water-tight business proposals and all bank turn you down. Reason? They have shared your medical history and they think you will soon "sleep in the shamba" your excellent business proposals notwithstanding.

In summary, unless Data Protection and Privacy Laws are enacted, the default should be to deny all telecommunication companies legal loophole to trade with personal information. And it should be seen to be enforced.

On a lighter note, should I sue a WiFi company for trespassing when their signals enter my laptop, or should they sue me for illegally access of their signal? Over to Ben Shihanya. 

Thanks again Mike!      

--- On Fri, 8/15/08, Mike Theuri <mike.theuri at gmail.com> wrote:

> From: Mike Theuri <mike.theuri at gmail.com>
> Subject: Re: [kictanet] Day 5 of 10: IG Discussions, Legal Issues
> To: alex.gakuru at yahoo.com
> Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
> Date: Friday, August 15, 2008, 2:11 PM
> Not a legal opinion: It would be very difficult to apply
> existing common law
> (analogous to jurisprudence) to electronic crimes committed
> in a new era,
> atleast within the local context.
> 
> For these reasons it is necessary to define the crimes
> under distinct and
> separate legislation. Due to the borderless nature of the
> Internet (see
> shared link), it is necessary for such legislation to take
> a broad
> approach into account.
> 
> For instance there ought to be provisions that allow local
> authorities to
> seek the arrest and extradition of foreign based suspects
> from other
> jurisdictions for electronic crimes committed against
> citizens or local
> infrastructure owned by individuals or entities even though
> the suspects at
> the time of commission of the crime were present in other
> jurisdictions.
> 
> The same provision can allow private parties to pursue
> civil remedies in a
> similar matter and give them the basis where possible to
> enforce the
> judgement in the defendant's jurisdiction.
> 
> This for example would close the possible jurisdictional
> loophole
> of individuals crossing borders so as to commit electronic
> crimes from a
> country that lacks electronic crime laws. Current law is
> ill equipped in
> ensuring civil remedies, prosecution or arrest of local or
> international
> cyber criminals, 419ers, lurers of minors, harassers,
> electronically
> transmitted or created threats (threats to a person,
> threats to
> infrastructure by way of viruses, malaware, DoS etc) etc
> neither is it
> likely to be in a position to ensure serious consequences
> or deterents for
> the same or allow for the definition of crimes as
> distinguished here for an
> international gang of culprits:
> http://www.secretservice.gov/press/GPA15-08_CyberIndictments_Final.pdf
> 
> It was recently reported that a bill or regulations to
> protect the data of
> consumers would be brought about as a means of regulating
> the CRBs. This
> could be model legislation/regulations to adopt to ensure
> that the public
> has a say in the manner in which their private information
> is used.
> 
> At the same time consumers ought to be able to instruct
> companies with whom
> they have business relationships with not to share that
> same information
> with 3rd parties without their prior consent (ie
> opt-in/out). This is only
> effective if there are laws or regulations to provide for
> consequences when
> businesses violate the same.
> 
> As CRBs take root, there will be a likelihood that similar
> bureaus or
> entities will eventually start sharing information in real
> time, for example
> an underwriter of an insurance policy might want to check
> an individual's
> claim history across the industry to determine the level of
> risk the insured
> poses in determining policy premiums. Similarly an
> organization may want to
> conduct background checks for prospective employees in
> privately maintained
> electronic databases.
> 
> It is important that instead of regulations or laws being
> formed for sectors
> of the economy, that national data privacy laws and
> regulations be defined
> (or ammended) and on that basis refinement of specific
> regulations/laws
> could be made for sectors that require specific data
> requirements. Such
> regulatory foresight can reduce or avert the occurence of
> issues such as
> those seen here:
> http://www.businessweek.com/magazine/content/08_31/b4094000643943.htm?campaign_id=rss_null
> 
> 
> On Fri, Aug 15, 2008 at 12:21 AM, John Walubengo
> <jwalu at yahoo.com> wrote:
> 
> > Mornings,
> >
> > Today and next Monday, we intend to thrash out the
> legal dimensions of
> > Internet Governance. The typical issues revolve
> around:
> > -Jurisdiction & Arbitration (who resolves
> e-disputes)
> > -Copyright & IPR (are they pro or
> anti-development?)
> > -Privacy and Data Protection (how is the e-Citizens
> data abused/protected?)
> >
> > I do hope the 'learned' friends will chip in
> since I cannot pretend to be
> > an expert here as I introduce the general legal
> principals.  Basically,
> > dispute resolutions can be done through,
> > ·       Legislation;
> > ·       Social norms (customs);
> > ·       Self-regulation;
> > ·       Regulation through code (software solution);
> > ·       Jurisprudence (court decisions);
> > ·       International law.
> >
> > There is however two broad conflicting schools of
> thought when it comes to
> > resolving disputes occasioned by the Internet. One
> group claims that
> > whatever happens online does have an equivalent
> 'off-line' characteristics
> > and as such existing laws can easily be applied.  E.g
> stealing money
> > electronically is no different from stealing money
> physically and so Robbery
> > charges and subsequent jurisdictional procedures could
> apply.  However, the
> > second group feels that electronic crimes have a
> totally different context
> > and must have a separate and totally new set of
> legislation or methodologies
> > for resolutions.
> >
> > The borderless nature of the Internet brings to fore
> the Challenges of
> > Jurisdiction and Arbitration as in yesterday's
> example, where content in one
> > country may be illegal but is legal in another.
> Copyright and Intellectual
> > Property Rights issues are also explosive as
> demonstrated by the Napster
> > Case, where some young software engineers created
> software that facilitated
> > sharing of (SONY) Music files across the Internet.
> Also related was the case
> > of Amazon.com trying to Patent the
> 'single-click' method of buying goods
> > online.
> >
> > Other cases touch on Data Privacy where Business
> Companies have been known
> > to sell customer records to Marketing firms without
> express authority from
> > the Customers. Other times customer data is simply
> hacked into and
> > Businesses are unable to own up (going public) to the
> detriment of the
> > Customer.
> >
> > Most of these issues are under discussion
> internationally at the Internet
> > Governance Forum (IGF), World Intellectual Property
> Organization (WIPO)
> > amongst other fora. They present emerging legal
> challenges and it would be
> > interesting to know if stakeholders in the East
> African region are/should be
> > involved in shaping the outcomes of any of these
> issues.
> >
> > 2days on this one, today and next Monday and feel free
> to belatedly respond
> > to Day 1 through Day 5 issues.
> >
> > References:
> > http://www.diplomacy.edu/ISL/IG/
> > http://en.wikipedia.org/wiki/Napster
> >
> >
> >
> >
> >
> > _______________________________________________
> > kictanet mailing list
> > kictanet at lists.kictanet.or.ke
> > http://lists.kictanet.or.ke/mailman/listinfo/kictanet
> >
> > This message was sent to: mike.theuri at gmail.com
> > Unsubscribe or change your options at
> >
> http://lists.kictanet.or.ke/mailman/options/kictanet/mike.theuri%40gmail.com
> >
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
> 
> This message was sent to: alex.gakuru at yahoo.com
> Unsubscribe or change your options at
> http://lists.kictanet.or.ke/mailman/options/kictanet/alex.gakuru%40yahoo.com