tweet digest for week ended 2011-08-21

Posted on by No Comments ↓

tweet digest for week ended 2011-08-14

Posted on by No Comments ↓
  • google invests in rocket lawyer, an online legal service. http://tcblg.ca/o0r288 #
  • breaking news: uk pm discovers some rioters throwing bricks, wearing hoodies; contemplates ban on same. #fakenews #
  • uk now considering blocking social media in addition to bbm. what's next? http://tcblg.ca/pjCLlt #
  • Just started using voice recognition in Microsoft Windows 7. Quite impressed so far. #
  • new t-cell therapy wipes out leukemia. most exciting story i've read about cancer research in a long time. http://tcblg.ca/pmPZe4 #
  • calls in uk to shutdown bbm due to suspected use to organize riots. why not also phones and internet. http://tcblg.ca/npKsi9 #

Weekly Auto Recap of Tweets for 2011-08-07

Posted on by No Comments ↓
  • gtld applications will be published after closure of application window. #abaclc #
  • application window for gtlds: 3 mos starting Jan/12. not first come, first served. #abaclc #
  • to set up a gtld, will basically need to operate a registry – most will contract out, but existing service providers may have ltd capacity #
  • new gtlds: "if your clients haven't thought about them, they should do so. now." #abaclc #
  • now starting presentation on new gtlds #abaclc #
  • interesting. assertion that a right to internet access should be a basic human right – extension of right of expression? #abaclc #
  • 2 domains gaining prominence in internet governance – human rights and information security. #abaclc #
  • shift in internet governance away from technical issues and icann. #abaclc #
  • session on internet governance starting #abaclc #
  • in the cyber world, concept of risk elimination (which was the standard applies to national security risks) doesn't work. #abaclc #
  • when security implemented by govt that costs hundreds of millions is easily hacked, what is the standard that companies should try 2 meet? #
  • limited market for cybersecurity insurance policies . #abaclc #
  • MT @FlemingMF: #ABACLC Could be hard to plead a derivative action for bad cybersecurity practice/policy. Biz judgment rule likely stands. #
  • "liability as a stick won't work" – hard to scare boards to address. #abaclc #
  • "almost impossible to plead facts that demonstrate board negligence related to cybersecurity breach." hmmm. #abaclc #
  • MT @FlemingMF: #ABACLC Critical infrastructure cos (many R) may soon face an outside auditor-like rqmt, CEO certification, etc. SarbOx-like. #
  • possible implementation of sox type regime to address critical infrastructure security breaches #abaclc #
  • another trend – critical infrastructure protection #abaclc #
  • RT @FlemingMF: #ABACLC We are about to see a wave of disclosure if recent SEC letters mean much. #
  • apparently sec has expressed opinion that disclosure requirements for security risks already addressed by existing standards #abaclc #
  • discussion on legal trends related to data breach #abaclc #
  • attending aba cyberspace law session. interesting session on hacking & data breach #abaclc #
  • toronto man swatted by hacker. secure your #voip http://tcblg.ca/o5CNyf #
  • android found to be least open mobile dev platform. quite surprising. http://tcblg.ca/por1q9 #

Weekly Auto Recap of Tweets for 2011-07-31

Posted on by No Comments ↓
  • hacker sends swat team to a family's home in bc by hacking their voip. first time in canada. lock down your voip! http://tcblg.ca/pLL4UF #
  • surprised that Android now has just under 40% of the mobile os space. ios 30%, rim 20%. impressive growth. http://tcblg.ca/rivVix #
  • facebook face recognition won't be available in canada. that's too bad. not clear why – privacy issues? http://tcblg.ca/nmwOHo #
  • happy 30th, MS-DOS. a nice little bit of tech biz history that i still find fascinating. http://tcblg.ca/qV8NC5. hat tip @fmichlick #
  • does cloud computing = export for export control purposes? does the gov't care? interesting questions. http://tcblg.ca/qjlkDt thx henry #
  • The Oatmeal's State of the Web (Summer 2011). My favourite: $MSFT buys Skype and Facebook integrates it. http://tcblg.ca/pTk5Oh #
  • How standards proliferate. Funny 'cause it's true. http://xkcd.com/927/. #

Weekly Auto Recap of Tweets for 2011-07-24

Posted on by No Comments ↓

more draft regulations to canadian anti-spam legislation published

Posted on by No Comments ↓

A while back I had posted an entry on some draft regulations under Canada’s Anti-Spam Legis­la­tion which were published by the CRTC for public comment.  Those regulations related primarily to consent mechanisms and what information must be provided in e-mails.

Late last week, another round of draft regulations were released. This time, by the Governor in Counsel rather than the CRTC. For what it’s worth, here’s a compressed version of same. I’ve taken the liberty of appending the full wording at the end of the post, which can also be found in the Canada Gazette (with the added bonus of a regulatory impact analysis statement). This summary is a bit wordier as the regulations need a bit of background in order to be properly understood, and are a bit more complicated. Anyway, here it is FWIW:

  1. Section 6(5) of CASL exempts certain types of messages from the requirements to get prior consent and provide certain information before sending e-mails. These include messages to individuals with whom the sender has “personal or family relationships”. The regulations define both of these:
    • a family relationship  means:
      • a blood relationship (children, grandchildren, parents, grandparents, brothers, sisters or others of common or “collateral” descent);
      • relationship by marriage or common-law partnership (including in-laws in either case); or
      • adoption (including blood relations of the person doing the adopting).
    • a personal relationship means a relationship with someone who the sender has:
      • met in person at some point in the past;
      • had a two way communication within the past two years; and
      • the meeting and communication were not related to a “commercial activity”.
  2. Section 10(2) of CASL allows someone  (let’s call that someone the “Original Consentee”) to get consent from a person (let’s call them the “Target”) to send or alter messages or install software on behalf of third parties (let’s call those third parties “Additional Consentees”) whose identities are not known. To do so, there are two requirements: First, the Original Consentee must disclose specific information about itself (see my earlier post). Second, the Original Consentee must comply with the regulations. The regulations basically try to ensure there are seamless links between the Original Consentee and Additional Consentees from the Target’s perspective, as follows:
    • Requirements to send messages:
      • any message sent to the Target must identify the Original Consentee; and
      • each Additional Consentee must provide an unsubscribe mechanism that complies with CASL and which also allows the Target to withdraw consent from the Original Consentee and any other Additional Consentee;
    • Requirements related to withdrawal of consent by a Target:
      • the Original Consentee must ensure that any Additional Consentee who receives withdrawal of consent from a Target notifies the Original Consentee of those for whom consent has been withdrawn (i.e. the Original Consentee, the Additional Consentee receiving the notice of withdrawal, and any other Additional Consentees); and
      • the Original Consentee must:
        • give effect to the withdrawal of consent;
        • promptly notify any other Additional Consentees for whom consent has been withdrawn (other than of course the Additional Consentee who received the withdrawal); and
        • ensure that each other Additional Consentee for whom consent has been withdrawn also gives effect to the withdrawal of consent
  3. Section 6 of the Act provides that consent for messages can be express or implied. However, consent is only implied in certain situations. One of those situations is an existing “non-business relationship”. In turn, there are different categories of “non-business relationship”, one of which membership with a club, association or voluntary organization within two years immediately before the day the message is sent. The regulations clarify what is meant by membership and what constitutes a club, association or voluntary organization:
    • membership means being accepted as a member; and
    • club, association or voluntary organization basically means a non-profit. To drive home the point, the regulation specifies that it can be operated for any purpose other than profit, and that no proprietor, member or shareholder can personally benefit from any income of the organization, except for organizations promoting amateur athletics in Canada.

The concepts are a bit convoluted, particularly those summarized in paragraph 2 above (which, as an aside, I think leave open some questions of interpretation, which I might address in a later post). Perhaps at a later time I’ll try to come up with an illustrative example of how 2 works (or at least my best guess as to how it’s supposed to work). Also, I believe in my previous post I referred to “e-mail”. Just to be clear, the Act applies not only to e-mail, but to any “commercial electronic messages”, which is fairly broad and could include SMS messages, messages through websites, IM, etc.

As with the last set, open for comments for 60 days following the publication date (July 9, 2011).

Full regulation to save you a click:

ELECTRONIC COMMERCE PROTECTION REGULATIONS

DEFINITION

1. In these Regulations “Act” means AnAct to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act.

PERSONAL RELATIONSHIP AND FAMILY RELATIONSHIP

2. For the purposes of paragraph 6(5)(a) of the Act

  1. (a) “family relationship” means the relationship between individuals who are connected by
    1. (i) a blood relationship, if one individual is the child or other descendant of the other individual, the parent or grandparent of the other individual, the brother or sister of the other individual or of collateral descent from the other individual’s grandparent,
    2. (ii) marriage, if one individual is married to the other individual or to an individual connected by a blood relationship to that other individual,
    3. (iii) a common-law partnership, if one individual is in a common-law partnership with the other individual or with an individual who is connected by a blood relationship to that other individual; and
    4. (iv) adoption, if one individual has been adopted, either legally or in fact, as the child of the other individual or as the child of an individual who is connected by a blood relationship to that other individual; and
  2. (b) “personal relationship” means the relationship, other than in relation to a commercial activity, between an individual who sends the message and the individual to whom the message is sent, if they have had an in-person meeting and, within the previous two years, a two-way communication.

CONDITIONS FOR USE OF CONSENT

3. (1) For the purposes of paragraph 10(2)(b) of the Act, a person who obtained express consent on behalf of a person whose identity was unknown may authorize any person to use the consent on the condition that the person who obtained consent ensures that, in any commercial electronic message sent to the person from whom consent was obtained,

  1. (a) the person who obtained consent is identified; and
  1. (b) the authorized person provides an unsubscribe mechanism that, in addition to meeting the requirements set out in section 11 of the Act, allows the person from whom consent was obtained to withdraw their consent from the person who obtained consent or any other person who is authorized to use the consent.

(2) The person who obtained consent must ensure that, on receipt of an indication of withdrawal of consent by the authorized person who sent the commercial electronic message, that authorized person notifies the person who obtained consent that consent has been withdrawn from, as the case may be,

  1. (a) the person who obtained consent;
  2. (b) the authorized person who sent the commercial electronic message; or
  3. (c) any other person who is authorized to use the consent.

(3) The person who obtained consent must inform, without delay, a person referred to in paragraph 2(c) of the withdrawal of consent on receipt of notification of withdrawal of consent from that person.

(4) The person who obtained consent must give effect to a withdrawal of consent and, if applicable, ensure that a person referred to in paragraph 2(c) gives effect to the withdrawal of consent, in accordance with subsection 11(3) of the Act.

MEMBERSHIP, CLUB, ASSOCIATION AND VOLUNTARY ORGANIZATION

4. (1) For the purposes of paragraph 10(13)(c) of the Act, membership is the status of having been accepted as a member of a club, association or voluntary organization in accordance with the membership requirements of the club, association or organization.

(2) For the purposes of paragraph 10(13)(c) of the Act, a club, association or voluntary organization is a non-profit organization that is organized and operated exclusively for social welfare, civic improvement, pleasure or recreation or for any purpose other than profit, if no part of its income is payable to, or otherwise available for the personal benefit of any proprietor, member or shareholder of that organization unless the proprietor, member or shareholder is an organization the primary purpose of which is the promotion of amateur athletics in Canada.

COMING INTO FORCE

5. These Regulations come into force on the day on which they are registered.

draft regulations to canadian anti-spam legislation published

Posted on by No Comments ↓

Sorry for the absence, blog and readers thereof. I have my reasons. Anyway just a short one this time.  The CRTC published their draft regulations under Canada’s Anti-Spam Legislation (which as many of you isn’t the official short name) which was passed last December but isn’t yet in force.

Nothing particularly earth-shattering. I’ve reproduced the regulations further below, but here’s the ultra short version:

  1. E-mails must set out:
    • name of sender
    • name of the principal on whose behalf the sender is sending (if different)
    • if sender/principal carry on business under other names, those other names
    • physical/mailing address, telephone number, email address and website of sender and principal
  2. If not practicable to include the info and an unsubscribe message in the e-mail, it can be presented through a link in the e-mail or another equally efficient method that doesn’t cost the recipient anything.
  3. Unsubscribe mechanisms cannot take more than two clicks (or something similarly efficient).
  4. Requests for consents (e.g. to receive e-mails or to install software) must include all the information set out in 1 and a statement indicating consent can be withdrawn by using such information.
  5. If software to be installed performs any of the functions specified in s. 10(5) of the Act, then:
    • those functions must be described “separately” from other information in the consent request
    • written acknowledgement must be obtained that the recipient understands and agrees to the performance of those functions

The functions set out in s. 10(5) for which consent must be obtained are (in compressed form):

  • collecting personal information
  • interfering with control of the recipient’s computer
  • changing or interfering with settings, preferences or commands without their knowledge
  • changing or interfering with data that prevents access or use
  • causing the computer system to communicate without the authorization
  • installing software  that may be activated without their  knowledge

I won’t put you through the pain of a rehash of the rest of the Act.

The consultation period ends August 29. Also, apparently there may be other stuff in the official regulation to be published on Saturday.

Here’s the full text for your reading pleasure and to save you a click:

Appendix to Telecom Notice of Consultation
CRTC 2011-400

Electronic Commerce Protection Regulations (CRTC)

DEFINITION

1. In these Regulations, “Act” means An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act.

INFORMATION TO BE INCLUDED IN COMMERCIAL ELECTRONIC MESSAGES

2. (1)   For the purposes of subsection 6(2) of the Act, the following information must be set out in any commercial electronic message:

(a)   the name of the person sending the message and the person, if different, on whose behalf it is sent;

(b)   if the message is sent on behalf of another person, a statement indicating which person is sending the message and which person on whose behalf the message is sent;

(c)   if the person who sends the message and the person, if different, on behalf of whom it is sent carry on business by different names, the name by which those persons carry on business; and

(d)   the physical and mailing address, a telephone number providing access to an agent or a voice messaging system, an email address and a web address of the person sending the message and, if different, the person on whose behalf the message is sent and any other electronic address used by those persons.

(2)   If it is not practicable to include the information referred to in subsection (1) and the unsubscribe mechanism referred to in paragraph 6(2)(c) of the Act in a commercial electronic message, that information may be provided by a link to a web page on the World Wide Web that is clearly and prominently set out and that can be accessed by a single click or another method of equivalent efficiency at no cost to the person to whom the message is sent.

FORM OF COMMERCIAL ELECTRONIC MESSAGES

3. (1)   The information referred to in section 2 and the unsubscribe mechanism referred to in paragraph 6(2)(c) of the Act must be set out clearly and prominently.

(2)   The unsubscribe mechanism referred to in paragraph 6(2)(c) of the Act must be able to be performed in no more than two clicks or another method of equivalent efficiency.

INFORMATION TO BE INCLUDED IN A REQUEST FOR CONSENT

4. For the purposes of subsections 10(1) and (3) of the Act, a request for consent must be in writing and must be sought separately for each act described in sections 6 to 8 of the Act and must include

(a)   the name of the person seeking consent and the person, if different, on whose behalf consent is sought;

(b)   if the consent is sought on behalf of another person, a statement indicating which person is seeking consent and which person on whose behalf consent is sought;

(c)   if the person seeking consent and the person, if different, on whose behalf consent is sought carry on business by different names, the name by which those persons carry on business;

(d)   the physical and mailing address, a telephone number providing access to an agent or a voice messaging system, an email address and a web address of the person seeking consent and, if different, the person on whose behalf consent is sought and any other electronic address used by those persons; and

(e)   a statement indicating that the person whose consent is sought can withdraw their consent by using any contact information referred to in paragraph (d).

SPECIFIED FUNCTIONS OF COMPUTER PROGRAMS

5. A computer program’s material elements that perform one or more of the functions listed in subsection 10(5) of the Act must be brought to the attention of the person from whom consent is being sought separately from any other information provided in a request for consent and the person seeking consent must obtain an acknowledgement in writing from the person from whom consent is being sought that they understand and agree that the program performs the specified functions.

COMING INTO FORCE

6. These Regulations come into force on the day on which they are registered.

 

a quick and delicious note

Posted on by No Comments ↓

Very short one today, while I continue to procrastinate on longer posts as they continue to lose relevance.

Anyway, most of you probably already have heard about the rumour last December about how Yahoo was planning on sunsetting Delicious (formerly known as del.icio.us), its very cool, very useful, social bookmarking service. Upon hearing of this, I was filled with panic at the thought of losing the thousands of nicely tagged bookmarks that I have in the service, and scrambled to move to another service, and posted something last December describing how to do it, as it wasn’t exactly intuitive.

Anyway, as most of you probably also know, Yahoo has now struck a deal that will see Avos, a company started up by the YouTube guys, continue the service, which is good news. However, if you are a delicious user, you will need to opt-in in order to allow the conversion over to Avos. Otherwise, poof, your bookmarks will disappear into the ether once the transition is completed. So go do it now. You just need to login and click a button, and Bob will be your uncle.

A bit too late for me. Already made the painful transition over to Diigo (which is pretty good) and added a zillion more bookmarks, and don’t plan to repeat the exercise.

Tip o’ the fedora to RWW.

linux kernel found to infringe patent

Posted on by No Comments ↓

Well, this is rather disconcerting. By way of Engadget, I came across this blog entry on FOSS Patents about how a small outfit in Texas, Bedrock Computer Technologies LLC (apparently a non-practicing entity, otherwise typically described as a “patent troll”), has won a $5 million claim for patent infringement against Google.

But the part that is perhaps a bit more worrisome than either the amount or the defendant is the fact that the infringing technology in question is a portion of the Linux kernel. From the entry:

Like I said further above, the question of Google possibly having to pay $5 million (unless the judge decides otherwise or an appeal succeeds) is not really the issue. In addition to money, Bedrock also asked for an injunction, and now that Google has been found to infringe a patent deemed valid by the jury, it remains to be seen whether an injunction will be granted either by this court or on a possible appeal.

The problem is that Bedrock is now in a pretty strong position to collect royalties from other Linux users, especially those utilizing Linux for large server operations.

It’s a bit difficult to tell, based on the claims asserted in the patent, whether or not Google would be able to excise the offending part of the kernel or find some other way to avoid infringing use. I’m sure they can, but if they can’t,  an injunction might have some implications for Google’s server farms and therefore its operations.

In addition, there’s also the possibility that this will impact Android:

Concerning Android, I wouldn’t rule out that maybe some of the hundreds of thousands of Android applications out there use the teachings of the infringed patent claims in one way or another. Even if that is not the case, Google might have to modify the Linux kernel it distributes with Android in order to remove the infringing code because otherwise there’s always the risk of contributory infringement should any app make use of that portion of the Linux kernel.

Needless to say, there could be quite a few companies impacted by this, though I imagine folks in the open source community are starting to look at workarounds, hopefully. It’s difficult to tell from the claim in the patent how fundamental it is or how difficulty or easy it would be to work around.

Perhaps its just me, but sometimes get rather irritated when reading software patent claims. Often, they seem to describe things that already well known or rather mundane. Take for example the claims in this case:

1. An information storage and retrieval system, the system comprising:

  • a linked list to store and provide access to records stored in a memory of the system, at least some of the records automatically expiring,
  • a record search means utilizing a search key to access the linked list,
  • the record search means including a means for identifying and removing at least some of the expired ones of the records from the linked list when the linked list is accessed, and
  • means, utilizing the record search means, for accessing the linked list and, at the same time, removing at least some of the expired ones of the records in the linked list.

2. The information storage and retrieval system according to claim 1 further including means for dynamically determining maximum number for the record search means to remove in the accessed linked list of records.

I’m not trained as a patent agent, so cannot speak with much authority on this, but these claims, to me, seem rather mundane.