no privacy right in identity linked to ip address

The Ontario Court of Appeal released its decision in R v. Ward earlier today. The case involved the conviction of a worthless low-life pedophile by the name of David Ward.

The police were able to find him due, in part, by tracking down his IP address and asking his ISP to provide the identity of the customer using the IP address at the time. His ISP did so voluntarily, even though the police did not have a search warrant. The appeal focused on whether or not he had been subject to unreasonable search and seizure, in violation of the the Charter of Rights, and whether or not he had a reasonable expectation of privacy.

The Court of Appeal’s decision concluded that the disclosure of this information by the ISP to the police did not violate his Charter  rights nor was there, nor should there have been, a reasonable expectation of privacy.

While my personal sentiments in respect of Mr. Ward would be that I could care less if he rotted in a jail cell for the rest of his days, the ends, as they say, do not always justify the means. And if the law is to be applied equally to everyone, I do believe there are some rather disconcerting implications regarding the conclusions in this case, notwithstanding the court’s attempt to put a ring fence around its application.

No time for the detailed analysis right now but it will be forthcoming. In the meantime, I encourage you to read the case – what do you think?

it.can 16th annual conference

Does IT form a part of your practice area? If so, then you won’t want to miss IT.Can’s Annual Conference, taking place in Montreal this coming October 29-30.

The conference  offers an array of interesting, cutting edge IT, IP and related topics presented by distinguished speakers. The program will be accredited by the Bar of Quebec, British Columbia and New Brunswick for continuing legal education requirements. Registration is available for either one day or both days at a discount. Highly recommended.

For more information, take a look at the brochure (PDF). Or just go register.

presentation on development agreements

Alas, it has been far too long since I’ve posted anything. That being said, I have amassed a nice collection of half-completed posts which have all but lost any relevance or interest. Something I’ll need to work on, I suppose.

In any event, in case it might be of interest, I gave a presentation earlier today as part of the IT.Can – LSUC Annual Sprint IT Law Form. My piece was on development agreements. It was a relatively short presentation, so I only focused on a limited set of issues. I’ve perhaps done better in terms of delivery, but the slides [PPT] aren’t bad. Feel free to download and peruse.

the gizmodo/jason chen/search warrant debacle

There have been many views expressed on both the propriety of Gizmodo breaking the story on the next-gen iPhone as well as the subsequent search warrant executed by the police against Jason Chen, the Gizmodo reporter that broke the story. Needless to say, each side has its supporters. A good summary with links to contrasting views can be found on GigaOm.

I won’t rehash all the arguments either for or against the execution of the warrant or its validity – you can check out the link above for all of that. The only thing I did want to point out was the possibility that a previous, somewhat similar case, may perhaps have prompted the criminal investigation leading to the search warrant. O’Grady v. The Superior Court of Santa Clara County (pdf) was a case in 2006 that also involved Apple. Apple was seeking civil subpoenas to certain websites that published information that it claimed to be trade secrets, in order to discover the source of the disclosures. The publishers moved for a protective order, which was denied at trial. However, the protective order was granted on appeal.

Though there were various bases on which the court found in favour of the websites, the one that seems relevant to the Chen search warrant relates to the California reporter’s shield – the same California legislation cited by the chief operating officer of Gizmodo as making the search illegal. In short, the appeal court in O’Grady found that “any subpoenas seeking unpublished information from petitioners would be unenforceable through contempt proceedings in light of the California reporter’s shield (Cal. Const., art. I, § 2, subd (b); Evid. Code, § 1070)”.

More importantly, the appeal court had this to say about what was alleged by Apple to be criminal activity and reviewing the lower courts findings on same:

The court found petitioners’ assertion of a constitutional privilege “overstated” because “[r]eporters and their sources do not have a license to violate criminal laws such as Penal Code [section] 499c [(§ 499c)].” 8 The court assumed petitioners to be journalists, but wrote that “this is not the equivalent of a free pass” and that they could still be compelled to reveal information relating to a crime. The court repeatedly alluded to the supposed presence of criminal or larcenous conduct. The court also faulted petitioners for failing to establish “what public interest was served” by the publications in question. While acknowledging evidence that thousands of people were interested in the information in question, the court opined that “an interested public is not the same as the public interest.” The court implied that the publications in question were not “ ‘protected speech.’”

Though the appeal court didn’t dwell much further on the relevance of the alleged criminal acts to the California reporter’s shield in the body of the decision, the foonote to the excerpt above is rather informative:

8 Section 499c criminalizes the misappropriation or attempted misappropriation of trade secrets under specified circumstances. Although Apple alluded to this statute in its memorandum below, and does so again before us, it has never demonstrated that the facts here could establish a criminal theft of trade secrets. That offense requires proof of, among other things, “intent to deprive or withhold the control of [the] trade secret from its owner, or . . . to appropriate [the] trade secret to [the defendant’s] own use or to the use of another . . . .” (§ 499c, subd. (b).) Since Apple has never argued the point, no occasion is presented to consider whether the inferred circumstances of the disclosure here could be found to constitute a crime. For present purposes we are concerned only with an allegedly tortious disclosure of a trade secret presumably by an Apple employee.”

It would seem clear that the court took pains to distinguish between a tortious disclosure of a trade secret, versus a criminal misappropriation of a trade secret. And although the court does not make any findings as to what might have happened if there were a basis to claim of criminal wrongdoing, the implication of the note above is that the findings on appeal may well have been different, if only apple had presented any facts to establish a crime. (All that being said, the EFF has expressed the opinion that both the California shield law as well as the federal Privacy Protection Act would make such a search illegal, even if a crime were committed)

So here Apple is, facing a similar situation as in O’Grady, and knowing that it will likely have either very limited or no ability to successfully obtain civil subpoenas given the finding in O’Grady, but with a little crack in the door suggesting that if criminal misconduct could be successfully demonstrated, it may have some chance of success. That seems better than nothing.

Given the above, it seems logical that Apple would want to request the DA to commence a criminal investigation (though to be clear, reports indicate that the DA has declined to indicate who instigated the investigation), either for plain theft or for theft of trade secrets, in order to enable it to seek some sort of remedy for the leaked information, though I’ll admit that if the above is correct its not clear to me exactly what remedy Apple would be seeking – in contrast to O’Grady, the identity of the Apple rep who lost the phone (and all the gory details) is already public. Perhaps the identity of the person who picked it up (which doesn’t appear to be public)? Though I’m not sure what that gets Apple, other than perhaps fiery retribution against the fellow and disgorgement of his ill-gotten gains (the $5,000 that Gizmodo paid him for the phone). Will be interesting to see how it plays out.

being an employee and a (potential) entrepreneur

Apologies to my loyal readers for the extended blog absence. What can I say – I was perhaps discouraged by the recent pronouncement in wired that blogging was dead – and that twitter is the Next Big Thing.

In any event, I was reading Dilbert this morning. As those who follow the strip know, there has been a running series about how Dilbert started his own business on his company’s time. (As an aside, it was called and is actually a real site that Scott Adams set up for file sharing).

So today, Dilbert gets some bad news:

Funny, but true, unfortunately. One of the things that I admire about Dilbert is the way it conveys some simple truths, such as the one above, with a bit of humour. And it never ceases to amaze me that some entrepreneurs do continue to find themselves barfing in their box full of junk. To wit: The founders of MGA Entertainment – the company that was very successful in marketing a line of dolls called “Bratz”. Apparently, the person who came up with the concept and drawings for the Bratz dolls did so while still in the employ of Mattel. Because of that, Mattel claimed that it owned the rights to the Bratz concept. The court agreed, and gave ownership to Mattel, which then wasted no time in seeking (and obtaining) a court order that effectively shut down MGA’s Bratz business and handed the keys over to Mattel. The folks at MGA likely barfed in their box of junk to the tune of several hundred million dollars. Not good.

The fact of the matter is that if you are a budding entrepreneur who still has a job, unless you have a written agreement with your employer that you will personally retain ownership of certain IP that you come up with, then in all probability whatever you create in the course of your employment will in fact be the property of your employer. So think twice about creating that little side software project on your work computer. Or, for that matter, that really cool blog. Otherwise, you may find yourself handing it over when it’s worth quite a bit more.

after one gpl body blow, skype yells uncle

As most of you probably know, there has been a case that just went to court earlier today in Germany on the GPL. It had been described by Harald Welte as one of the more time consuming cases he has worked on. For those of you not familiar with him, Mr. Welte founded, an organization that helps to enforce the provisions of the GPL.

Skype had apparently used certain elements of the Linux kernel in its WiFi phones without complying with the GPL, and was set to challenge the validity of the GPL based on its alleged contraventions of German legislation – in particular anti-trust legislation. It would be interesting to see the analysis in that regard, particularly on the anti-trust front, but so far I’ve not been able to get my hands on a translated copy of the pleadings – if anyone knows where to locate, do let me know.

Anyway, apparently, they didn’t get too far. According to the entry in Harald Welte’s blog, apart from the validity of such claims, the somewhat ironic result to which the court alluded at the hearing is that if Skype were able to successfully assert the invalidity of the license, then it would also be difficult for them to claim any right to use the impugned code. Makes sense. Invalid license = no use rights.

After the court suggested that Skype’s likelihood of success would be low, Skype apparently threw in the towel in such a manner that they would not be able to revisit it further, effectively giving the victory to Welte.

I find the case and Skype’s litigation strategy somewhat puzzling, both given the decision in the 2006 D-Link case, also in Germany and the relative costs of litigation in comparison to compliance. That being said, I haven’t been able to obtain much in the way of original documentation regarding the particular GPL violations that Skype allegedly committed. Presumably, Skype went down a path in its use of GPL code that would result in it incurring significant expenses (or facing significant risk, of some sort – perhaps exposure of their own proprietary IP?) if they were required to comply after the fact. Presumably, they would not have found themselves in this situation if they had turned their mind toward structuring their use of GPL code appropriately, by either ensuring they could comply in a cost-effective manner, or not using the GPL code.

antigua – sun, fun and… pirates?

Probably only catching up on things as its been quite busy and alas this blog is unfortunately low on the list of priorities… Anyway, I was stunned to read in Variety that

The government of Antigua is likely to abrogate intellectual property treaties with the U.S. by the end of March and authorize wholesale copying of American movies, music and other “soft targets” if the Bush administration fails to respond to proposals for settling a trade dispute between the two counties, according to the lawyer representing the Caribbean island nation.

The history is quite interesting. Apparently Antigua has prevailed several times at the WTO in respect of US trade practices related to offshore gambling sites which are hosted in Antigua but the US has taken no action. After roughly five years of proceedings, apparently Antigua is now looking to this course of action as a retaliatory measure. The WTO has to some extent, blessed this course of action. From the article:

The most recent victory was in December, when the WTO ruled that Antigua could exact damages by ignoring IP agreements with the U.S. should a negotiated settlement fail.

Somewhat surprising but the ruling can be found at the WTO site (note – link is to a 74 page PDF) and awards Antigua:

6.1 For the reasons set out above, the Arbitrator determines that the annual level of nullification or impairment of benefits accuing to Antigua in this case is US$21 million and that Antigua has followed the principles and procedures of Article 22.3 of the DSU in determining that it is not practicable or effective to suspend concessions or other obligations under the GATS and that the circumstances were serious enough. Accordingly, the Arbitrator determines that Antigua may request authorization from the DSB, to suspend the obligations under the TRIPS Agreement mentioned in paragraph 5.6 above, at a level not exceeding US$21 million annually.

I’m surprised this hasn’t gained more prominence, since the implications could, needless to say, be huge, particularly given other trade disputes that the US has with the EU and others (and in which it has taken a similar course of action). I did not an article that mentioned that Slysoft, the company which broke Blu-Ray’s DRM system, is based in Antigua.

Then again I have been living (or rather working) under a rock lately so may just be late to tune in to this news.

conversion of data (and not the conversion you’re probably thinking of)

Very interesting piece from Duane Morris on a case in New York. My ultra short summary of the summary: Insurance company leases computer to agent. Agent puts all his business and personal data on it. Insurance company terminates agency, takes back the computer and all data on it, and refuses to give the agent access to any of it. Agent sues, loses, but then wins on appeal.

The interesting part is the basis on which he won, which was a claim under “conversion”. Not necessarily incredibly groundbreaking, as other cases have dealt with conversion as applied to intangibles previously, but, as the folks at Duane note:

Under the merger doctrine, a conversion claim will apply to intangible property, such as shares of stock, that are merged or converted into a document, such as a stock certificate. Accordingly, conversion of the certificate may be treated as conversion of the shares of stock represented by the certificate. More recently, the court ruled that a plaintiff could maintain a cause of action for conversion where the defendant infringed the plaintiff’s intangible property right to a musical performance by misappropriating a master recording, a tangible item of property capable of being physically taken.

Thyroff was the Court’s first opportunity to consider whether the common law should permit conversion for intangible property that did not strictly satisfy the merger test. Recognizing that it “is the strength of the common law to respond, albeit cautiously and intelligently, to the demands of common sense justice in an evolving society,” the Court decided that the time had arrived to depart from the strict common-law limitation of conversion.

Interestingly, in their analysis of the decision, they conclude that:

This decision provides a powerful remedy for New York employers to bring a cause of action against employees who steal company information or [intangible] property. Unlike claims for breach of fiduciary duty or misappropriation of trade secrets, conversion may be easier to plead than other claims because it does not require that the employer establish willfulness or wrongful conduct.

Hmmm. Not quite sure I’d agree – after all, the “conversion” itself would need to be established. Also, I’m not sure that a rogue employee who takes a copy of his or her employer’s confidential information but leaves the original copy with their employer, would be the basis for a cause of action under conversion, which, if I understand the case correctly, has more to do with depriving someone of property that is rightfully theirs. Absconding with confidential information does not deprive the owner of that information of the data, but rather the value the owner of the data can realize by virtue of the fact it can only be used by that owner. That situation seems somewhat different than the one in Thyroff – the analogy there would be if insurance company did not deny the agent access to his information, but rather took a copy of it and used it in a way they weren’t supposed to. It would be interesting to see whether the court would extend a claim of conversion to deprivation not of the intangible information itself, but rather value of the rights to exploit it exclusively. Alternatively, it may be that the ruling could be read broadly enough to already take that into account.

I also wonder what sort of effect this might have on those who might have otherwise leapt at the opportunity to become an agent for the insurance company…

first us gpl lawsuit filed

Surprising. I’ve read about cases going to court in Europe and naturally assumed, given the litigious environment of the US, that something had happened long ago stateside. So, I was a bit surprised to hear about the first GPL lawsuit down there.

For the first time in the U.S., a company and software vendor, Monsoon Multimedia, is being taken to court for a GPL violation. Previously, alleged GPL violations have all been settled by letters from the FSF (Free Software Foundation) or other open-source organizations, pointing out the violation. (Linux Watch)

Hmmm. Maybe not – recent news is that they’re now in settlement discussions. In any event, this gives me yet another excuse to rant, once again, about open source software, or for that matter, any third party code that companies out there may wish to use or build into their products.

As some of you may know, I personally quite like open source stuff. In fact, this blog is written using a giant truckload of the stuff, which works remarkably well for something developed by folks who aren’t paid (for the most part) to develop any of it. Open source can also be a great asset to many companies out there, whether in use or in development.

BUT (and surely you must be expecting a but by now), to the extent you are going to develop with open source code, public domain code or for that matter ANY third party code, you absolutely, positively, MUST keep track of it and make sure you use it both in compliance with the terms under which it is licensed and: (a) make sure the license terms are appropriate for the intended purpose; and (b) make sure you comply with the license terms.

Why is (a) important? To give a very simply illustration, if you plan on building a company whose primary asset and value is based on closed and (ostensibly) proprietary code, you should not be putting GPL code into your product, since one of the requirements of doing so would be an obligation to make your code publicly available on the same terms. This is probably a vast oversimplification of the terms of the GPL but I hope it illustrates the point. And if you don’t think this is likely to have an impact on your company, well, think again. Regardless of what you may think about (b) (which we’ll be getting to in a second), a potential acquiror of your company may feel quite differently about the risks of unintended use of open source code if, for example, it has been told your product is proprietary. And they definitely will find out about it. In fact, there are very, very effective tools to do so, like the one provided by Black Duck. And it is becoming a rather normal practice in acquisition due diligence to run code through Black Duck or something similar if there is the possibility of undisclosed open source.

Why is (b) important? Well, in addition to what’s described above, there is a real risk associated with contravening the GPL, the LPGL or other open source licenses. Just because its free does not mean that someone will not invest the time and effort to find out about contraventions of such licenses and make sure their terms are complied with, including the Software Freedom Law Center. In addition to institutions like those, there are also many, many folks out there keeping an eye out for possible breaches of GPL and reporting them to bodies like the SFLC.

All that being said, I should make it clear that I do think that open source software does have a place in profit-driven companies, as do open source development models. JBoss, MySQL, and Sleepycat are just a few in the latter category that have been quite successful. The key of course, is to make sure that how you use those tools works consistently both with your intended business model and with the terms under which apply to their use. Which will be a good topic for another day.

the internet: how not to learn to commit crimes

A story in the the Daily Record. The phrase “the thing speaks for itself” (which is one of those handy latin phrases I learned in law school but almost never use, except of course in blog posts – res ipsa loquitur, for you latinphiles out there…) seems to be appropriate for this:

At exactly 5:45:34 on April 18, 2004 a computer taken from the office of the attorney of Melanie McGuire, did a search on the words “How To Commit Murder.”

That same day searches on Google and MSN search engines, were conducted on such topics as `instant poisons,` `undetectable poisons,’ ‘fatal digoxin doses,’ and gun laws in New Jersey and Pennsylvania.

Ten days later, according to allegations by the state of New Jersey, McGuire murdered her husband, William T. McGuire, at their Woodbridge apartment, using a gun obtained in Pennsylvania, one day after obtaining a prescription for a sedative known as the “date rape” drug.

As a married man, it also makes me wonder what exactly is it about divorce that is really so bad that people resort to the apparently more preferable alternative of brutally murdering their spouses (as I delicately knock on wood…).

Via Slashdot.