Web 2 and Web 3, and legal issues for cyberspace

economickiteInternet και Εφαρμογές Web

21 Οκτ 2013 (πριν από 3 χρόνια και 7 μήνες)

67 εμφανίσεις

1



Web 2 and Web 3,
and legal issues for cyberspace

Cyberspace Law Notes Oct 2011

Contents

What is Web 2.0?

................................
................................
................................
................................
...................

2

DiNucci 1999: One of the
first to use the term ‘Web 2.0’

................................
................................
.

2

Summary of Legal Aspects of Web 2.0

................................
................................
................................
..........

2

Terms of Use and Click
-
wrap contracts

................................
................................
................................
...

2

Jurisdiction

................................
................................
................................
................................
..........................

3

Privacy

................................
................................
................................
................................
................................
..

4

Employee Actions

................................
................................
................................
................................
.............

4

Copyright

................................
................................
................................
................................
.............................

4

Defamation

................................
................................
................................
................................
..........................

5

Web 2.0 and Cybercrime

................................
................................
................................
...............................

5

Rise of Web 2.0 Malware

................................
................................
................................
..........................

5

“Cyber Crime 2.0 versus the Twittering classes”, Department of Parliamentary Services
Report

................................
................................
................................
................................
...............................

8

Web 3.0

................................
................................
................................
................................
................................
...

10

Semantic web

................................
................................
................................
................................
..................

11


2


What is Web 2.0?

DiNucci 1999:

One of the first to use the term ‘Web 2.0’

“The defining trait of Web 2.0 will be that it wo
n’t have any visible characteristics at
all. The Web will be identified only by its underlying DNA structure


TCP/IP (the
protocol that controls how files are transported across the Internet), HTTP (the
protocol that rules the communication between comput
ers on the Web), and URLs
(a method for identifying files). As those technologies define its workings, the Web’s
outward form
-

the hardware and software that we use to view it


will multiply...
The Web will be understood not as screenfuls of text and grap
hics but as a transport
mechanism, the ether though which interactivity happens. It will still appear on
your computer screen, transformed by video and other dynamic media made
possible by speedy connection technologies now coming down the pike.”

1

But is
it already over? Our lives were changed by Web 2.0 platform technology, but
according to an industry watcher its days are numbered. John Naughton, “The death of
Web 2.0 is nigh…”,
The Observer
, 7 August 2011
2

Summary of Legal Aspects of Web 2.0

From Coa
tes et al Report 2007
3

Terms of Use and Click
-
wrap contracts

Generally, Platform Members are required to enter into a

TOU agreement with the Platform
Provider.

The purpose of the TOU is to:



set out the conditions of participation on the

Platform;



define th
e rights and obligations of the parties;

and




ensure that the Platform Provider can exercise

control over the Platform at the
Platform

Provider’s discretion.

The TOU may appear on the Platform’s website in two forms:




1

DiNucci, D. (1999). "Fragmented
Future"
Print

53

(4): 32.
http://www.tothepoint.com/fragmented_future.pdf

2

http://www.guardian.c
o.uk/technology/2011/aug/07/web
-
2
-
platform
-
end
-
naughton


3

Coates, Jessica M., Suzor, Nicolas P., Fitzgerald, Anne M., Austin, Anthony C., Pappalardo, Kylie M., Black,
Peter J., et al. (2007)
Legal aspects of Web 2.0 activities : management of legal risk
associated with use of
YouTube, MySpace and Second Life.

Queensland University of Technology, Brisbane, Queensland.
http://eprints.qut.edu.au/32008/

3




as a click
-
wrap agreement, which requir
es Platform Users to check a box or click an
onscreen button or icon as part of the sign
-
up process; or



as a browse
-
wrap agreement which is linked to at the bottom of each page of the
Platform Provider’s website, arguably in an attempt to bind those Platfo
rm Visitors
who have not entered into the click
-
wrap agreement.

TOU agreements are standard form agreements, with little (if any) room for negotiation of
their terms. Each potential Platform Member is presented with the option of either
accepting the stand
ard agreement or not using the Platform. These agreements are,
accordingly, written in terms very favourable to the Platform Provider.

Because TOU agreements usually place Platform Members in weaker legal positions
compared to Platform Providers, it is cri
tically important that organisations fully
understand the terms of the agreements.

Jurisdiction

Many Web 2.0 oriented website such as Facebook, MySpace and YouTube use the TOU to
outline the procedures to follow when a conflict of laws arises.

The TOU fo
r many of these Platforms state that, irrespective of conflict of laws principles,
the agreement itself and any disputes arising between the Platform Provider and a
Platform User are governed by the law of the a specific jurisdiction such as the State of
C
alifornia

This means a user in Australia may have difficulty in litigating against a platform provider.

Arguably, a wide view of online jurisdiction was adopted by the High Court of Australia in
Dow Jones & Co Inc v Gutnick
.

This involved a defamation di
spute in which the Court held that jurisdiction with regard to
materials published over the internet could be asserted in the place where the defamatory
material is accessed or downloaded.



This means that a person or organisation making material available

online,
including organisations, could potentially be sued in any jurisdiction where the
Platform can be accessed.



However this decision has been the subject of much criticism and it is unclear
whether it would apply to other fact situations or areas of
law.



It does highlight the complexity of this issue and the potential reach of foreign law
and foreign courts when individuals and organisations are utilising the internet.

4


Privacy

Where a Platform Provider has attempted to bind Platform Users to the Pl
atform’s TOU by
both click
-
wrap and browse
-
wrap methods, issues will arise as to the effectiveness and
enforceability of the TOU.

The decision of the Federal Court in
eBay International AG v Creative Festival Entertainment
Pty Ltd

[2006] FCA 1768 (18 Dece
mber 2006) indicated that while a click
-
wrap agreement
may be enforced, a browse
-
wrap agreement is less likely to be binding unless it can be
shown that the terms have been properly brought to the website user’s attention.

Employee Actions

An organisation

will be vicariously responsible for any actions by its employees in the
scope of their employment. It is important for appropriate policies to be in place to ensure
that employees do not unlawfully interfere with the rights of others when operating in
vir
tual or online environments.

The internet is often perceived as borderless and users operating in the online
environment often do so with a false sense of anonymity. It is therefore particularly
important that employees are made fully aware of all policie
s relating to their behaviour
and actions online.

Copyright

One of the most important legal issues that will arise with the use of Web 2.0 platforms will
be the use of copyright material that is not owned by the platform member.


The exact rights granted
to copyright owners by the Australian
Copyright Act 1968
vary
between different categories of material, but in general include the exclusive right to
reproduce, communicate, publish and perform the material.

Others cannot undertake any of these actions wi
th a copyright work without the copyright
owner’s permission, unless their use falls within one of the exceptions provided by the
Copyright Act 1968

A failure to seek the permission of the relevant copyright owners could potentially result in
the platform

user having to withdraw the uploaded material, a Platform Provider removing
the uploaded material, or even the suspension or revocation of the platform user’s
membership.

An example of this occurred when the United Kingdom Cabinet Office was forced to re
move
public service videos they had uploaded to YouTube after it was discovered that the videos
contained copyright infringing

Material

Under certain circumstances, one of the defences or exceptions to copyright infringement
set out in the
Copyright

Act 19
68
may permit an organisation to use material without
permission.

5




The most commonly used of these are the fair dealing exceptions, which provide a
defence to copyright infringement where an individual deals with copyright
material in a way that is “fair”
and is carried out for the purpose of and research or
study; criticism or review; parody or satire; reporting news; or judicial proceedings
or professional advice.

Of particular relevance to government use of copyright material is the statutory licence for

use of copyright material for the services of the Crown. Copyright is not infringed by use of
material by government organisations (whether Commonwealth, State or Territory) if the
use is made “for the services” of the government and arrangements for comp
ensation are
made or payment is made to a declared collecting society.



However, as the
Copyright Act 1968
exceptions are judged on a case
-
by
-
case basis
and can be difficult to interpret, it is by no means certain that they would apply to
the government org
anisation's proposed activities. In most cases, they are less likely
to apply to large
-
scale public uses such as government publicity campaigns or
distribution online.

Defamation

In the last few years, significant changes have been made to all defamation

laws across
Australia, which have resulted in largely standardised laws being established throughout
all Australian jurisdictions.

Under the new uniform Defamation Acts a plaintiff will have an action for defamation
where they can establish that the defen
dant published a defamatory matter about them.

Under these new laws, “published” includes publication over the internet. Consequently,
material uploaded by an organisation to a social networking site could give rise to an action
for defamation, as long as
it is found to satisfy one of the following three tests:



The material is likely to injure the reputation of the plaintiff by exposing them to
ridicule, contempt or hatred;



The material is likely to make people shun or avoid them; or



The material has the te
ndency to lower the plaintiff’s reputation in the estimation of
others.

Web 2.0 and Cybercrime

Rise of Web 2.0 Malware


In 2007, when Web 2.0 was in its

infancy, there were just over

10,000 malicious software
samples

reported to be spreading via

social net
working sites. This

figure rose to over
25,000 during

2008 and the statistics for the last

year will undoubtedly be

significantly
higher again, in line

with an overall trend in malware

growth rates.

6


So why are Web 2.0 attacks on

the rise? It all comes dow
n to

economies of scale and
effectiveness:

cybercriminals will always

go where the crowds are. Social

networking sites
have experienced

exponential growth in

usage
-

in fact it is estimated that

around 80 per
cent of all

Internet users accessed social

net
working sites in 2009, equivalent

to more than
one billion

people. The ever
-
entrepreneurial

cybercriminals have

been quick to identify
this

‘market’ opportunity and the

fruits of their labour


for

example, stealing passwords
and

confidential information t
hat

can be sold or used for profit


have proven successful
with

malicious code distributed via

social networking sites proving

to be 10 times more
effective

than malware spread via email.

A Web 2.0 attack will typically

comprise one or
more social

network
ing sites, a malicious

website (often set
-
up for the

purpose of
extracting money

from the unsuspecting visitors)

and a victim. Web 2.0 attacks

take advantage of technological

factors


such as out
-
of
-
date
or

unlicensed software


as well as

human traits, e
xploiting the

trust, curiosity and
sometimes

naivety that is often associated

with these seemingly ‘friendly’

social
networking sites.

Without doubt, Web
-
based malware is a security concern for many users. Unfortunately,
the root cause that allows the Web
to be leveraged for malware delivery is an inherent lack
of security

in its design

neither Web applications nor the Internet infrastructure
supporting these applications were designed with a well
-
thought
-
out security model.
Browsers evolved in complexity t
o support a wide range of applications and inherited
some of these weaknesses and added more of their own. While some of the solutions in this
space are promising and may help reduce the magnitude of the problem, safe browsing will
continue to be a far sou
ght
-
after goal that deserves serious attention from academia and
industry alike.

AVG Report

A new report commissioned by the internet security company AVG reveals how the
explosion in size and complexity of global cyber crime, combined with the surprising
complacency of younger users, is putting lives at risk.
4
The report, authored by the research
agency The Future Laboratory, reveals that while cybercriminals and malicious programs
are becoming increasingly sophisticated and difficult to detect, users are,
alarmingly,
becoming less vigilant about protecting their online devices. The combination of these two
factors presents a potentially disastrous cybercrime scenario.

Also highlighted in the report is the phenomenon of so
-
called 'wetware', in which the wea
k
link in the security chain is not the technology but rather the human user. The growing risk
stems not just from technology (software or hardware) but increasingly from human action
(wetware).




4

h
ttp://web2.sys
-
con.com/node/1982332

7


A third of Europeans surveyed by AVG and Future Poll don't u
pdate their antivirus
protection. It seems that increasingly cyber criminals are focusing on deceiving the human
rather than the machine, fooling the user into downloading and installing malicious
software by posing as anti
-
virus providers or another trust
ed source. This means of
entering a user's computer bypasses the normal security checks, and makes the 'wetware'
the weakest link.

The key findings of the report were as follows:



Cybercrime is on the increase as the tools and tactics which

were previousl
y used by
hackers to cause disruption to machines and

networks have been monetized by
criminal gangs through bank fraud and ID

theft.



Smartphones are no longer just phones, they are mini PCs,
and c
onsumers fail to
realize that this makes them as vulnerable

to

cybercrime as a computer. Just 4% of
French internet and smartphone

users are concerned about smartphone viruses.



Consumers are aware of the need for antivirus protection but

nearly one in ten of
those surveyed fail to keep their protection

updated. A
larmingly, the 18
-
35 age
group (often cited as the group which

is most digitally aware) is particularly
complacent about this.

Sophos Report

Another report, by the IT security and data protection firm Sophos has called upon social
networking websites such
as Twitter and Facebook to do more to protect their millions of
users, as new research is published examining the first six months of cybercrime in 2009.

The Sophos Security Threat Report examines existing and emerging security trends and
has identified t
hat criminals are doubly exploiting social networks, using them first to
identify potential victims and then to attack them, both at home and at work.

In Sophos's opinion, Web 2.0 companies are concentrating on growing their user base at
the expense of pr
operly defending their existing customers from internet threats. "What's
needed is a period of introspection
-

for the big Web 2.0 companies to examine their
systems and determine how, now they have gathered a huge number of members, they are
going to prot
ect them from virus writers, identity thieves, spammers and scammers," said
Graham Cluley, senior technology consultant at Sophos. "The honeymoon period of these
sites is over, and personally identifiable information is at risk as a result of constant atta
cks
that the websites are simply not mature enough to protect against."
5




5

http://www.prwire.com.au/pr/13229/web
-
2
-
0
-
woe
-
sophos
-
threat
-
report
-
reveals
-
cybercrime
-
in
-
firs
t
-
half
-
of
-
2009

8



Cyber Crime 2.0 versus the Twittering classes

, Department of Parliamentary
Services Report

At
:
http://www.aph
.gov.au/library/pubs/bn/sci/Cybercrime.pdf

The matter of internet security or cyber security has recently reached the scientific literature.
Frederick R. Chang from the Department of Computer Science at the University of Texas at
Austin noted, in Science
journal, that:


Computers can be infected merely by surfing the Web. By attacking a single Web
site, attackers can potentially infect the computers of all visitors to that site. Using a
technique known as SQL (Structured Query Language) injection, an atta
cker can
insert malicious code into the database associated with the Web Site. Using another
technique, cross
-
site scripting,…users visiting legitimate Web sites were invisibly
redirected to a server that downloaded malicious software onto the user’s
machi
ne….Botnets are responsible for attacks including spam, phishing, distributed
denial of service, data harvesting, click fraud and password cracking. A bot is a
computer that has been infected such that it can be remotely controlled: a botnet is
a large net
work of bots…. (Botnet)
Storm also made sophisticated use of social
engineering techniques: it was highly effective at inducing people to take action
(such as to download and execute files), thereby infecting their computers with
malware….A key problem is
that too much software today is insecure….If security is
to be built into the software: then the software must be free of known bugs that can
be exploited to compromise security… Building security in is not a new problem.
Fortunately, important technical a
dvances over the past 25 years have improved the
ability of developers to build more fundamentally secure systems. Technology
advances alone will not solve all the problems. …A key question is why social
engineering techniques continue to be so successful.

As technical measures improve
the security of systems, the end
-
user will increasingly become the weakest link.

6

O
n 24 February 2010, the Department of Parliamentary Services released a report on the security
issues posed for individuals
and

government ag
encies as a result of the growing use of online
social networking technology (Report). The Report focuses on cyber crime
and

security policy in
the context of
web

2.0 (e
-
security policies). In particular, it identifies the range of security
threats that us
ers of
web

2.0 technology are vulnerable to
and

the current policy approaches in
Australia
and

overseas designed to address cyber crime.

7

The Report draws on a number of Australian
and

international reports
and

submissions
concerning cyber security. Some
of the cyber crime scenarios
and

risks identified include:



phishing:

fraudulent emails used to gain access to personal information for illegal
purposes;




6

F R Chang, ‘Is your computer secure’,
Science
, vol. 325, 31 July 2009, pp. 550

551

7

http://www.aph.gov.au/library/pubs/bn/sci/Cybercrime.pdf

9




social networking sites:

such as instant messaging, peer
-
2
-
peer
and

web

2.0; eg
the harvesting of perso
nal information shared for use in identity fraud;



denial
-
of
-
service (DoS) attacks:

on corporate or government systems causing loss
of productivity
and

critical data;



malicious software (malware) and viruses:

computer programs designed to
cause undesirable
effects on computer systems (eg DoS attacks). Malware is often
combined with social engineering techniques, aimed at convincing users to do
things they otherwise would not (eg Facebook applications);



smartphones and multimedia messages:
eg advanced capabil
ities such as
Bluetooth increase the risk of infections from malware or viruses
and

for personal
information to be stolen for unlawful purposes;
and



bots and bot neworks (botnets):
mechanisms used by hackers to infect
and

remotely comm
and

multiple computer
s for a wide variety of purposes, eg to launch
attacks on high
-
profile
web
sites. Social networking sites such as Facebook
and

Twitter have been used to comm
and

'botnet' armies of infected computers.


Statistics show that half of online Australians have no

up
-
to
-
date online security
mechanisms, such as firewalls or anti
-
virus protection. This is of particular concern
considering the ever
-
increasing

interconnectedness
found in the age of high
-
speed
broadb
and
, that is the convergence between the personal
and

home security of individuals
and

the security of major institutions
and

processes, such as financial institutions
and

government.

Intending vendors of the National Broadb
and

Network should be particularly aware of the
high
-
level of risk these conditions pr
esent. Centralised computer systems also face attack
and

are vulnerable to online terrorist attacks. This deems cyber security a growing national
concern, considering the threats posed to Australia's economic interests, integrity of public
information
and

systems
and

the wellbeing of the public.

E
-
security policies

Commentators argue that the growth in cyber crime techniques have not seen
corresponding security actions. Furthermore, the ability of law enforcement to investigate
and

prosecute individuals in
volved is made difficult by the trans
-
national nature of the
technologies used to commit cyber crime.

Australia announced new e
-
security arrangements in 2009 to tackle online security threats.
The Cyber Security Strategy created a new Computer Emergency Re
sponse Team (CERT) to
provide cyber security information
and

advice to all Australians. The strategy also brought
together a number of Australian Government agencies to perform various roles, including
the Attorney
-
General's Department (AGD) as the lead po
licy agency for e
-
security
and

the
Australian Communications
and

Media Authority to gather evidence
and

ensure ISPs
and

carriers are meeting their regulatory obligations.

10


The Report also briefly considers the development of cyber security policy in the US,

UK
and

Europe. It comments that UK government capabilities
and

policy developments are
more in line with Australia than in the US (with the UK program of work almost identical to
that in the AGD).

Policy outlook

The Report states the need to balance ICT
security, performance and privacy when
formulating e
-
security policies. This should be achieved by engaging all stakeholders, not
merely policy makers. Online security is largely a technical issue, in that the various
techniques of risk analysis used in se
curity assessment have weaknesses and
vulnerabilities that may not always be apparent to policy makers. As such, technical
considerations will need to be addressed in addition to jurisdictional boundaries,
identification aspects and policy linkages.

There
have been calls for Government to require ISPs to act to protect users in the same
manner as a bank would when protecting accounts and personal details. Policies must also
recognise events overseas, given the global and instant nature of the internet.

The
ultimate message appears to be that the hype surrounding the adoption of web 2.0 by
Australian industry, government agencies and the general populace has not been tempered
with appropriate e
-
security measures, and as such more efforts are required to "assu
age
the twitter risk".


Web 3.0

Web 3.0 will provide users with a personal web experience.


The experience that they enjoy
will be personal to them. "Web 2.0 was centered on user
-
generated content, where anyone
could be a publisher. We're now in the thir
d wave
--

I call it a social wave," said Travis Katz,
a former MySpace executive. The web has grown to the point where "there's too much
information," according to Katz. "Finding ways to filter out information and find what's
relevant to you is getting har
der and harder. The model of Google doesn't work at scale
--

especially when it comes to things where taste matters."

Katz predicted that the future of the Internet "is one where every page is going to be
personalized. If you plan a trip to Paris, you sho
uldn't see [search results listing] 900
hotels. You should see six hotels based on where you stayed before; the places you checked
in at on Facebook and Foursquare, and the places where your friends have stayed. It's not
something that's just relevant to t
ravel; it's something that makes sense for almost every
part of the Internet."

LinkedIn Chairman and founder, Reid Hoffman, has suggested the future of the web will be
all about data and how we use it. Like many others, he believes mobile will help to defi
ne
Web 3.0 but data is the main platform for the next online era.
Hoffman claims that Web 3.0
will use two forms of data; explicit and implicit. The former, data users willingly give to
social networks, tweets and blog posts; the latter, background data th
at is collected such as
geo
-
location information.

11


Semantic web

The first inventor of the World Wide Web, Tim Berners
-
Lee, says Web 3.0 is a semantic
web. This term explains the way machines can read web pages like humans; a place where
search engines and
software can browse the net and find what we're looking for, better
than we can. A semantic web enables new data integration, application operability and
makes data openly linkable and accessible in the form of web pages without much effort at
all. Ultimat
ely, Web 3.0 will be about technology thinking of its own accord. While Web 2.0
was defined as 'information overload', Web 3.0 is centered on organizing and filtering the
chaos for personal use.

Web 3.0 will offer businesses unprecedented capabilities to
connect and communicate with
customers, and to mine data about their online activities. The result will be a personalised
browsing experience for individuals and a flow of data that companies can apply to product
development, sales and marketing, and other

business operations, management consulting
firm Booz&Co predicts.
Although Web 3.0 is still a few years away, cutting
-
edge businesses,
particularly in retail and online media, are beginning to adopt the elements of the
transcendent web.

Amazon is using ar
tificial intelligence to provide recommendations to customers based not
only on their own browsing and buying histories, but also on the behaviour of customers
with similar histories.

Best Buy has added semantic technology to its website to allow
search en
gines to find detailed data on its product pages, gaining a 30% rise in traffic.

Dell
has created an online community of a million users, who help it test products and provide
feedback on their performance and design.