While New Zealand waits for its "three-strikes" act to kick in, the Irish are finding their version troublesome. It was set up in an agreement with the biggest ISP there, Eircom, and the music industry in 2009.

Will the Irish experience be mirrored in New Zealand? This is an excellent reminder and warning that presumed guilty upon accusation laws are not fair.

Thanks to @lawgeeknz for the EDRI-gram.

 

 

Irish "three strikes" system investigated by Data Protection Commissioner

15 June, 2011

The Irish Data Protection Commissioner is investigating the Eircom / music industry three strikes system, a report in the Sunday Times has revealed. According to the story by Mark Tighe, predictions that Eircom would end up falsely accusing innocent users have now proved correct, with over 300 users wrongfully being sent a "first strike" letter accusing them of sharing music.

Eircom have admitted to the mistakes, stating that "this was due to a software failure caused when the clocks went back last October". However, far from being a technical sounding "software failure", this appears to show up failings in relation to a very basic aspect of network management - i.e. making sure that the server clock reflects daylight savings time. As a result, it seems that users found themselves being accused on the basis of what somebody else did from the same IP address either an hour earlier or an hour later. Consequently, the users who were wrongfully accused should consider themselves lucky that this incompetence did not lead to their being accused of a serious crime - for example, being arrested and having their homes searched due to the wrong time being used (as has previously happened e.g. to a number of Indian users).

The significance of this case goes well beyond simple technical failings however, as the complaint to the Data Protection Commissioner has triggered a wider investigation of the legality of the entire three strikes system. According to the Sunday Times, "the DPC said it was investigating the complaint 'including whether the subject matter gives rise to any questions as to the proportionality of the graduated response system operated by Eircom and the music industry'."

This is unsurprising. When the Eircom / music industry three strikes settlement was being agreed, the Data Protection Commissioner identified significant data protection problems with it. These problems remain, notwithstanding the deeply flawed High Court judgement which permitted the parties to operate the system - a judgement which, for example, decided on the question of whether or not IP addresses are personal data without once considering the views of the Article 29 Working Party. The Data Protection Commissioner was not convinced by that judgement (it was problematic at least in part because the Commissioner was not represented - the only parties before the court had a vested interest in the system being implemented). However, until a concrete complaint arose no further action could be taken.

The complaint in this case has now triggered that action, and it seems likely that the Commissioner will reach a decision reflecting his previous views that using IP addresses to cut off customers' internet connections is disproportionate and does not constitute "fair use" of personal information. If so, the Commissioner has the power and indeed the duty to issue an enforcement notice which would prevent Eircom from using personal data for this purpose - an outcome which would derail the three strikes system unless Eircom successfully challenges that notice before the courts, or unless the music industry were to succeed in its campaign to secure legislation introducing three strikes into Irish law.

Eircom investigated after falsely accusing customers of piracy (5.05.2011)
http://www.thesundaytimes.co.uk/sto/news/ireland/article642095.ece

Data Protection Commissioner investigating Eircom's "three strikes" system (11.06.2011)
http://www.tjmcintyre.com/2011/06/300-false-accusations-data-protectio...

(Contribution by TJ McIntyre - EDRi-member Digital Rights Ireland)

Subscribe to Newsline | NZCS Website

NZCS Newsline
17 June 2011

Your weekly dose of ICT news and views

This week:

• Paul Matthews: Best Practice is a Myth
• Juha Saarinen: Ethics of security
• Jay Daley: Why you need DNSSEC
• Garry Roberton: Recent ICT Enrolment and Job Trends

Newsline edited by Juha Saarinen

  This Week at NZCS

Best Practice is a Myth
by Paul Matthews, NZCS Chief Executive

As those in IT will know, there are a number of frameworks, processes and groups set up to pursue the somewhat elusive Best Practice.
I have to confess to having a bit of a dislike for the term Best Practice, especially in our field. ICT is far too young to have such a thing as can be evidenced by the fact that frameworks such as ITIL are constantly reviewed and modified. Logic dictates that something cannot be "the Best way possible" if it requires revision (unless the environment or other factors change, of course). Think about it - how can something be the best possible practice if it can be, and is frequently, improved?

Continue Reading

  Taku Waimarie Hoki!

Ethics of security
by Juha Saarinen, Newsline Editor

Computer security is a fascinating area mainly because it sits at the border of quantised digital information and analogue humanity.
Those two aren't natural matches for one another which one reason so many unexpected security breaches occur. Fascinating it may be but computer security can also be quite impenetrable (ha. ha. ha.) for normal people, which is why I was pleased to hear from Patrick Clair in Australia, who kindly suggested I publish this video clip.

Continue Reading

Contributed content is the opinion of the author only, and not necessarily the view of NZCS.

  Contributions

Why you need DNSSEC
by Jay Daley, CEO, NZRS

The Domain Name System (DNS) that underpins much of the Internet is something that we take for granted and use day-to-day without thinking about it a great deal.
However, the DNS has a security weakness that has been inherent in it since its original design. What's worse, this weakness is being increasingly exploited by attackers.

Continue Reading

 

Recent ICT Enrolment and Job Trends
by Garry Roberton, Programme Manager, Wintec

The ratio between availability of ICT graduates versus industry demand significantly impacts the ICT sector and New Zealand as a whole. The trend of both has caused considerable concern in recent years and resulting in a significant international skills shortage.
This week Garry Roberton (Programme Manager IT at Wintec) provides some background and a brief update on recent ICT enrolment and job trends.

Continue Reading

Email NZCS
Email Newsline editor   Want to contribute?

Newsline is collaboratively written and we're always looking for new material to publish. Whether it's your views in a guest editorial or "in depth" expert detail, please send your 750-1200 word piece to the editor above.

Copyright ? 2011 New Zealand Computer Society Inc. All Rights Reserved.

I get a lot of email, and don't normally notice things like formatting or even images. Once in a while something sticks out like a sore thumb though, which is what happened today in an HTML email from Microsoft's PR people.
The MS logo was slow to load, and Gmail displayed the URL to it while it happened. Here it is:
http://www.asociatiapavel.ro/userfiles/Logo_Microsoft.JPG
As .ro is one of the those top level domains, the ones that set off alarm bells to anyone vaguely interested in IT security, I stopped the download of the file.
I mean, why would Microsoft's PR agency host a graphics file on a Romanian server? Something must be wrong.
The site above seems harmless enough, albeit sad, a Romanian association for parents who have children with cancer and leukaemia.

They might be wondering why their webserver is getting so many hits from New Zealand.

Phone scam costs victims an average of US$875, with three percent of people answering the survey actually falling for it.

Software developed by New Zealand-based Unlimited Realities was selected by processor design company AMD to showcase the capabilities of its next-generation PC processor, the AMD A-Series Accelerated Processing Unit (APU).

Software developed by New Zealand-based Unlimited Realities was selected by processor design company AMD to showcase the capabilities of its next-generation PC processor, the AMD A-Series Accelerated Processing Unit (APU).

Ericsson Money available across seven European countries, makes sending, receiving and spending money on mobile phones easy and instant.

Ericsson Money available across seven European countries, makes sending, receiving and spending money on mobile phones easy and instant.

Company to acquire global leader in the development of mobile, broadband and enterprise communications software and services, for US$ 1.15 billion.

Company to acquire global leader in the development of mobile, broadband and enterprise communications software and services, for US$ 1.15 billion.

A successful trial of 100 Gigabits per second prototype transmission equipment has just been completed on the Southern Cross twin cable network.

A successful trial of 100 Gigabits per second prototype transmission equipment has just been completed on the Southern Cross twin cable network.

As part of the celebrations of its 100 years, IBM provides community service in over 120 countries, starting in New Zealand.

As part of the celebrations of its 100 years, IBM provides community service in over 120 countries, starting in New Zealand.

Episode 15 of the NZ Tech Podcast brings more discussion on last week's E3 Conference and Apple's WWDC event. We cover the happenings on Nintendo, Sony and Xbox from E3 and dive into Apple's iCloud, iOS 5, OS X Lion. Recent Codemasters and Epic hac... (more in the full post)

Episode 15 of the NZ Tech Podcast brings more discussion on last week's E3 Conference and Apple's WWDC event. We cover the happenings on Nintendo, Sony and Xbox from E3 and dive into Apple's iCloud, iOS 5, OS X Lion. Recent Codemasters and Epic hac... (more in the full post)

Enabling immersive computing experiences in consumer notebooks and desktops, the AMD A-Series APUs enable brilliant HD graphics, supercomputer-like performance and over 10.5 hours of battery life.

Enabling immersive computing experiences in consumer notebooks and desktops, the AMD A-Series APUs enable brilliant HD graphics, supercomputer-like performance and over 10.5 hours of battery life.

HP invited a group of bloggers (including myself) to attend the HP Discover 2011 conference in Las Vegas. The infrastructure provided was incredible: accommodation, transport, special blogger lounge on the exhibition floor, communications, gatherings, reserved seats to all keynotes (including power and ethernet connections), plus the opportunity to meet many HP and partners' executives at the lounge during "coffee talks" available to our group only.

The number of posts still coming out of the group is quite large. So I decided to put together a "link blog". The DiscoveringHP is a meta blog listing all posts I could find, coming from this group, plus a blogroll where you can find your way to their blogs' main pages.

I understand some are still working on other posts, and I will update the DiscoveringHP blog with more links as they become available. I will also try and keep it alive during the upcoming HP Discover 2011 event in Vienna (Austria) - the European version of HP Discover.

HP invited a group of bloggers (including myself) to attend the HP Discover 2011 conference in Las Vegas. The infrastructure provided was incredible: accommodation, transport, special blogger lounge on the exhibition floor, communications, gatherings, reserved seats to all keynotes (including power and ethernet connections), plus the opportunity to meet many HP and partners' executives at the lounge during "coffee talks" available to our group only.

The number of posts still coming out of the group is quite large. So I decided to put together a "link blog". The DiscoveringHP is a meta blog listing all posts I could find, coming from this group, plus a blogroll where you can find your way to their blogs' main pages.

I understand some are still working on other posts, and I will update the DiscoveringHP blog with more links as they become available. I will also try and keep it alive during the upcoming HP Discover 2011 event in Vienna (Austria) - the European version of HP Discover.