Cyberlaw Central

The patches that Microsoft released for a security flaw are partly to blame for the recent Zotob virus outbreak. As noted in many places, among them being This Week in Tech, hackers reverse engineered the patches to determine exactly where the security flaw was and released the Zotob virus within *THREE DAYS*.

Microsoft is damned if they don’t release security patches, because then if the flaw is discovered later by independent third parties and evidence comes out that Microsoft knew about it, itd be a Plaintiff lawyer’s field day.

At the same time, they are damned if they do. Three days is not enough time for many large companies to roll out security patches since the patches need to be tested carefully. If the patch breaks word processing applications for an entire international company, heads will roll in the IT department. Yet if hackers release another virus like Zotob but which is more troublesome, IT departments will be forced to roll out patches much sooner than they want to.

Microsoft, as the source of the patch, is damned either way.

Well, I’ve sort of fixed the archives problem I mentioned previously. The monthly archives are still unavailable ( except for August, which is fine), but I found a great plugin that lists the underlying posts in each month, so the same effect is reached.

I’ll keep working on the problem, I’ve learned a lot while getting this far!

My posts on Attention made it into Blawg Review #20, hosted this week over at The Mommy Blawg. The theme? Reality TV shows. My posts fall into her “Faking it” category since she didn’t know where to fit them into the other themes. Nice theme idea, I suggest reviewing all the submissions this week. When I host Blawg Review in January, I hope to be up to the task for the theme.

Interestingly, her first reaction to Attention was that it was a slick hoax until she read further. I think that’s part of why it’s such an interesting idea!

Since the first post, I found an excellent summary of Attention from a practical point of view by Dare Obasanjo. Nick Bradbury has another good post.

From an IP attorney’s point of view, Attention is interesting because it is an attempt to create a new property right in the aggregate of data. It’s different from other forms of property that currently can be protected. Patents cover inventions and business methods. Copyright covers original works of authorship, like books and software (yet software can also be covered by patents, too.) Trademarks covers symbols used in commerce, like the golden arches that serve as a trademark for McDonalds. Trade secrets are another regime, it covers any information so long as it is kept reasonably secret and it provides economic advantage to the one possessing it. A good example of a trade secret is the Coca Cola formula.

Attention, unlike trade secrets, is public information. It’s the aggregate of your interactions with third parties like shopping sites. The current state of affairs is that the shopping sites, with Amazon as the best example, are collecting this data for their own commercial advantage. While you might appreciate seeing what others who bought a book also bought, it’s really in Amazon’s interest since they are more likely to get an additional sale out of the deal.

A related right is the so-called “right to privacy,” which is really a penumbra of rights put together by the Supreme Court. It’s complicated, but the short definition is that you have the right to be left alone in seclusion. Attention is different since it’s the aggregate of public activities. It’s what you have already exposed by interacting with third parties. You have just as much ability to keep track of what you do online as the shopping sites, but you can’t fault the sites for using the data for their own benefit. Attention Trust wants us, as consumers, to be able to control this information that’s been collected, to put the genie back in the bottle.

Attention Trust wants us, as consumers, to refuse to release our information (i.e. don’t do business with them) except with companies that also support the principles of the Attention Trust. That’s great if the big sites sign on, but there is nothing forcing these sites to agree to voluntarily release the information they’ve gathered about you or to agree to no longer use it once you’ve told them not to. Grass roots campaigns are a great way to test the waters, but to really take off some sort of enacting legislation is going to be needed here. Gillmor admits that point in his response to Dare.

I like the concept of Attention, and will be covering this as it develops further. First, I want to see how many shopping sites Attention Trust can get to join, that’s going to be the first litmus test. For now, the word is spreading among users through the power of blogs.

My Attention was drawn by the recent Gillmor Gang on Attention, forcing me to listen to the whole thing three times in order to get a handle on where the Gang was coming from. Steve Gillmor is now the president of Attention Trust, a new non-profit group interested in advocating for the “basic rights of attention owners,” which is the reason for the choice in topic. The guest, Seth Goldstein, serves as the new group’s Chairman. Now, why did it take me three listens to understand the concept? Because Attention is a poorly defined, nebulous, but still interesting idea that is in need of further development. Lots of it. I’ll explore that further in future posts.

I do believe Doc Searls asks two separate times in the Gillmor Gang show for Attention to be defined, and never gets the same answer twice. Some of the problem comes from the fact that attention.xml is a content rating system that helps you filter out what to pay attention to in your life. Attention Trust seems to be taking a higher-level approach that is actually much closer to an “identity” concept.

Attention Trust defines “Attention”, in part, as “Attention is the substance of focus. It registers your interests by indicating choice for certain things and choice against other things. Any time you pay attention to something (and any time you ignore something), data is created. That data has value, but only if it’s gathered, measured, and analyzed. Right now, you generally lack the ability to capture that data for yourself, so you can’t benefit from it. But what if you could? And what if you could share your data with other people, who were also capturing their own data, or if you could exchange your data for something of value with companies and other institutions that were interested in learning more about the things that interested you? You’d be in control–you would decide who has access to what data, as well as what you’d accept in exchange for access to your data.” Whew, a definition that includes two broad sweeping “what if” statements just in the portion I quoted. It goes on for two more paragraphs in which the author (Goldstein?) admits Attention is poorly defined but asks that you bear with them for now.

In the show, some of the potential discussed for this concept includes:
- Allowing a user of a shopping site, like Amazon, to take her personal shopping history with her to another shopping site in order to get the same personalized recommendations.
- Allowing a user to monetize their own summary of their activities online with advertisers.
- Allowing a user to see how their attention is being used and control who uses it.
- Allowing a user to transfer their attention.

In future posts, I will discuss this concept further, and see how this concept fits into our pre-existing legal framework for the Internet.

This is very, very disturbing. An article over at Eweek claims that the spyware called CoolWebSearch is actually a keylogger. A test by a spyware removal company found that the program is sending passwords, user names and bank account information to a server in Texas. The FBI has been notified, but the article does not state what action, if any, has been taken as of this date.

I sound like a broken record - Clean your computer of this stuff. The Internet is not always a pretty place. Take appropriate precautions and you will be fine, but if you don’t you can be in serious trouble.

For some reason, the archives are still messed up. It’s a result of the conversion from Blogger, and I haven’t had much luck fixing it. Until I fix it, the best way to get older posts is by category.

Thanks for bearing with me.

For those of you who don’t know, Michael Lynn gave a speech at the Black Hat conference in Las Vegas on July 26th that has erupted into controversy. The topic? A revelation of the vulnerabilities in the Cisco routers that are the backbone of the Internet. He had to quit his job before doing it, and ended up getting sued by Cisco and his former employer, ISS. Bruce Schneier gives good accounts of the basic story here and here.

What is fascinating is the account blogged by Michael Lynn’s attorney, Jennifer Granick. She talks about how she took the case, and what led to the settlement reached within the first 24 hours. Her last installment promises even more details to come, so stay tuned. I sure will.