Add to collection(s) Add to saved
  1. Social Science

Web 2.0 Notes - Cyberspace Law and Policy Centre

advertisement 
Web 2 and Web 3, and legal issues for cyberspace
Cyberspace Law Notes Oct 2011
Contents
What is Web 2.0? ................................................................................................................................................... 2
DiNucci 1999: One of the first to use the term ‘Web 2.0’ ................................................................. 2
Summary of Legal Aspects of Web 2.0 .......................................................................................................... 2
Terms of Use and Click-wrap contracts ................................................................................................... 2
Jurisdiction .......................................................................................................................................................... 3
Privacy .................................................................................................................................................................. 4
Employee Actions ............................................................................................................................................. 4
Copyright ............................................................................................................................................................. 4
Defamation .......................................................................................................................................................... 5
Web 2.0 and Cybercrime ............................................................................................................................... 5
Rise of Web 2.0 Malware .......................................................................................................................... 5
“Cyber Crime 2.0 versus the Twittering classes”, Department of Parliamentary Services
Report............................................................................................................................................................... 8
Web 3.0................................................................................................................................................................... 10
Semantic web .................................................................................................................................................. 11
1
What is Web 2.0?
DiNucci 1999: One of the first to use the term ‘Web 2.0’
“The defining trait of Web 2.0 will be that it won’t have any visible characteristics at
all. The Web will be identified only by its underlying DNA structure – TCP/IP (the
protocol that controls how files are transported across the Internet), HTTP (the
protocol that rules the communication between computers on the Web), and URLs
(a method for identifying files). As those technologies define its workings, the Web’s
outward form- the hardware and software that we use to view it – will multiply...
The Web will be understood not as screenfuls of text and graphics but as a transport
mechanism, the ether though which interactivity happens. It will still appear on
your computer screen, transformed by video and other dynamic media made
possible by speedy connection technologies now coming down the pike.” 1
But is it already over? Our lives were changed by Web 2.0 platform technology, but
according to an industry watcher its days are numbered. John Naughton, “The death of
Web 2.0 is nigh…”, The Observer, 7 August 2011 2
Summary of Legal Aspects of Web 2.0
From Coates et al Report 20073
Terms of Use and Click-wrap contracts
Generally, Platform Members are required to enter into a TOU agreement with the Platform
Provider.
The purpose of the TOU is to:

set out the conditions of participation on the Platform;

define the rights and obligations of the parties; and

ensure that the Platform Provider can exercise control over the Platform at the
Platform Provider’s discretion.
The TOU may appear on the Platform’s website in two forms:
DiNucci, D. (1999). "Fragmented Future" Print 53 (4): 32.
http://www.tothepoint.com/fragmented_future.pdf
1
2
http://www.guardian.co.uk/technology/2011/aug/07/web-2-platform-end-naughton
Coates, Jessica M., Suzor, Nicolas P., Fitzgerald, Anne M., Austin, Anthony C., Pappalardo, Kylie M., Black,
Peter J., et al. (2007) Legal aspects of Web 2.0 activities : management of legal risk associated with use of
YouTube, MySpace and Second Life. Queensland University of Technology, Brisbane, Queensland.
http://eprints.qut.edu.au/32008/
3
2

as a click-wrap agreement, which requires Platform Users to check a box or click an
onscreen button or icon as part of the sign-up process; or

as a browse-wrap agreement which is linked to at the bottom of each page of the
Platform Provider’s website, arguably in an attempt to bind those Platform Visitors
who have not entered into the click-wrap agreement.
TOU agreements are standard form agreements, with little (if any) room for negotiation of
their terms. Each potential Platform Member is presented with the option of either
accepting the standard agreement or not using the Platform. These agreements are,
accordingly, written in terms very favourable to the Platform Provider.
Because TOU agreements usually place Platform Members in weaker legal positions
compared to Platform Providers, it is critically important that organisations fully
understand the terms of the agreements.
Jurisdiction
Many Web 2.0 oriented website such as Facebook, MySpace and YouTube use the TOU to
outline the procedures to follow when a conflict of laws arises.
The TOU for many of these Platforms state that, irrespective of conflict of laws principles,
the agreement itself and any disputes arising between the Platform Provider and a
Platform User are governed by the law of the a specific jurisdiction such as the State of
California
This means a user in Australia may have difficulty in litigating against a platform provider.
Arguably, a wide view of online jurisdiction was adopted by the High Court of Australia in
Dow Jones & Co Inc v Gutnick.
This involved a defamation dispute in which the Court held that jurisdiction with regard to
materials published over the internet could be asserted in the place where the defamatory
material is accessed or downloaded.

This means that a person or organisation making material available online,
including organisations, could potentially be sued in any jurisdiction where the
Platform can be accessed.

However this decision has been the subject of much criticism and it is unclear
whether it would apply to other fact situations or areas of law.

It does highlight the complexity of this issue and the potential reach of foreign law
and foreign courts when individuals and organisations are utilising the internet.
3
Privacy
Where a Platform Provider has attempted to bind Platform Users to the Platform’s TOU by
both click-wrap and browse-wrap methods, issues will arise as to the effectiveness and
enforceability of the TOU.
The decision of the Federal Court in eBay International AG v Creative Festival Entertainment
Pty Ltd [2006] FCA 1768 (18 December 2006) indicated that while a click-wrap agreement
may be enforced, a browse-wrap agreement is less likely to be binding unless it can be
shown that the terms have been properly brought to the website user’s attention.
Employee Actions
An organisation will be vicariously responsible for any actions by its employees in the
scope of their employment. It is important for appropriate policies to be in place to ensure
that employees do not unlawfully interfere with the rights of others when operating in
virtual or online environments.
The internet is often perceived as borderless and users operating in the online
environment often do so with a false sense of anonymity. It is therefore particularly
important that employees are made fully aware of all policies relating to their behaviour
and actions online.
Copyright
One of the most important legal issues that will arise with the use of Web 2.0 platforms will
be the use of copyright material that is not owned by the platform member.
The exact rights granted to copyright owners by the Australian Copyright Act 1968 vary
between different categories of material, but in general include the exclusive right to
reproduce, communicate, publish and perform the material.
Others cannot undertake any of these actions with a copyright work without the copyright
owner’s permission, unless their use falls within one of the exceptions provided by the
Copyright Act 1968
A failure to seek the permission of the relevant copyright owners could potentially result in
the platform user having to withdraw the uploaded material, a Platform Provider removing
the uploaded material, or even the suspension or revocation of the platform user’s
membership.
An example of this occurred when the United Kingdom Cabinet Office was forced to remove
public service videos they had uploaded to YouTube after it was discovered that the videos
contained copyright infringing Material
Under certain circumstances, one of the defences or exceptions to copyright infringement
set out in the Copyright Act 1968 may permit an organisation to use material without
permission.
4

The most commonly used of these are the fair dealing exceptions, which provide a
defence to copyright infringement where an individual deals with copyright
material in a way that is “fair” and is carried out for the purpose of and research or
study; criticism or review; parody or satire; reporting news; or judicial proceedings
or professional advice.
Of particular relevance to government use of copyright material is the statutory licence for
use of copyright material for the services of the Crown. Copyright is not infringed by use of
material by government organisations (whether Commonwealth, State or Territory) if the
use is made “for the services” of the government and arrangements for compensation are
made or payment is made to a declared collecting society.

However, as the Copyright Act 1968 exceptions are judged on a case-by-case basis
and can be difficult to interpret, it is by no means certain that they would apply to
the government organisation's proposed activities. In most cases, they are less likely
to apply to large-scale public uses such as government publicity campaigns or
distribution online.
Defamation
In the last few years, significant changes have been made to all defamation laws across
Australia, which have resulted in largely standardised laws being established throughout
all Australian jurisdictions.
Under the new uniform Defamation Acts a plaintiff will have an action for defamation
where they can establish that the defendant published a defamatory matter about them.
Under these new laws, “published” includes publication over the internet. Consequently,
material uploaded by an organisation to a social networking site could give rise to an action
for defamation, as long as it is found to satisfy one of the following three tests:

The material is likely to injure the reputation of the plaintiff by exposing them to
ridicule, contempt or hatred;

The material is likely to make people shun or avoid them; or

The material has the tendency to lower the plaintiff’s reputation in the estimation of
others.
Web 2.0 and Cybercrime
Rise of Web 2.0 Malware
In 2007, when Web 2.0 was in its infancy, there were just over 10,000 malicious software
samples reported to be spreading via social networking sites. This figure rose to over
25,000 during 2008 and the statistics for the last year will undoubtedly be significantly
higher again, in line with an overall trend in malware growth rates.
5
So why are Web 2.0 attacks on the rise? It all comes down to economies of scale and
effectiveness: cybercriminals will always go where the crowds are. Social networking sites
have experienced exponential growth in usage - in fact it is estimated that around 80 per
cent of all Internet users accessed social networking sites in 2009, equivalent to more than
one billion people. The ever-entrepreneurial cybercriminals have been quick to identify
this ‘market’ opportunity and the fruits of their labour – for example, stealing passwords
and confidential information that can be sold or used for profit – have proven successful
with malicious code distributed via social networking sites proving to be 10 times more
effective than malware spread via email. A Web 2.0 attack will typically comprise one or
more social networking sites, a malicious website (often set-up for the purpose of
extracting money from the unsuspecting visitors)
and a victim. Web 2.0 attacks take advantage of technological factors – such as out-of-date
or unlicensed software – as well as human traits, exploiting the trust, curiosity and
sometimes naivety that is often associated with these seemingly ‘friendly’ social
networking sites.
Without doubt, Web-based malware is a security concern for many users. Unfortunately,
the root cause that allows the Web to be leveraged for malware delivery is an inherent lack
of security in its design—neither Web applications nor the Internet infrastructure
supporting these applications were designed with a well-thought-out security model.
Browsers evolved in complexity to support a wide range of applications and inherited
some of these weaknesses and added more of their own. While some of the solutions in this
space are promising and may help reduce the magnitude of the problem, safe browsing will
continue to be a far sought-after goal that deserves serious attention from academia and
industry alike.
AVG Report
A new report commissioned by the internet security company AVG reveals how the
explosion in size and complexity of global cyber crime, combined with the surprising
complacency of younger users, is putting lives at risk.4The report, authored by the research
agency The Future Laboratory, reveals that while cybercriminals and malicious programs
are becoming increasingly sophisticated and difficult to detect, users are, alarmingly,
becoming less vigilant about protecting their online devices. The combination of these two
factors presents a potentially disastrous cybercrime scenario.
Also highlighted in the report is the phenomenon of so-called 'wetware', in which the weak
link in the security chain is not the technology but rather the human user. The growing risk
stems not just from technology (software or hardware) but increasingly from human action
(wetware).
4
http://web2.sys-con.com/node/1982332
6
A third of Europeans surveyed by AVG and Future Poll don't update their antivirus
protection. It seems that increasingly cyber criminals are focusing on deceiving the human
rather than the machine, fooling the user into downloading and installing malicious
software by posing as anti-virus providers or another trusted source. This means of
entering a user's computer bypasses the normal security checks, and makes the 'wetware'
the weakest link.
The key findings of the report were as follows:

Cybercrime is on the increase as the tools and tactics which were previously used by
hackers to cause disruption to machines and networks have been monetized by
criminal gangs through bank fraud and ID theft.

Smartphones are no longer just phones, they are mini PCs, and consumers fail to
realize that this makes them as vulnerable to cybercrime as a computer. Just 4% of
French internet and smartphone users are concerned about smartphone viruses.

Consumers are aware of the need for antivirus protection but nearly one in ten of
those surveyed fail to keep their protection updated. Alarmingly, the 18-35 age
group (often cited as the group which is most digitally aware) is particularly
complacent about this.
Sophos Report
Another report, by the IT security and data protection firm Sophos has called upon social
networking websites such as Twitter and Facebook to do more to protect their millions of
users, as new research is published examining the first six months of cybercrime in 2009.
The Sophos Security Threat Report examines existing and emerging security trends and
has identified that criminals are doubly exploiting social networks, using them first to
identify potential victims and then to attack them, both at home and at work.
In Sophos's opinion, Web 2.0 companies are concentrating on growing their user base at
the expense of properly defending their existing customers from internet threats. "What's
needed is a period of introspection - for the big Web 2.0 companies to examine their
systems and determine how, now they have gathered a huge number of members, they are
going to protect them from virus writers, identity thieves, spammers and scammers," said
Graham Cluley, senior technology consultant at Sophos. "The honeymoon period of these
sites is over, and personally identifiable information is at risk as a result of constant attacks
that the websites are simply not mature enough to protect against."5
http://www.prwire.com.au/pr/13229/web-2-0-woe-sophos-threat-report-reveals-cybercrime-in-first-halfof-2009
5
7
“Cyber Crime 2.0 versus the Twittering classes”, Department of Parliamentary
Services Report
At: http://www.aph.gov.au/library/pubs/bn/sci/Cybercrime.pdf
The matter of internet security or cyber security has recently reached the scientific literature.
Frederick R. Chang from the Department of Computer Science at the University of Texas at
Austin noted, in Science journal, that:
“Computers can be infected merely by surfing the Web. By attacking a single Web
site, attackers can potentially infect the computers of all visitors to that site. Using a
technique known as SQL (Structured Query Language) injection, an attacker can
insert malicious code into the database associated with the Web Site. Using another
technique, cross-site scripting,…users visiting legitimate Web sites were invisibly
redirected to a server that downloaded malicious software onto the user’s
machine….Botnets are responsible for attacks including spam, phishing, distributed
denial of service, data harvesting, click fraud and password cracking. A bot is a
computer that has been infected such that it can be remotely controlled: a botnet is
a large network of bots…. (Botnet) Storm also made sophisticated use of social
engineering techniques: it was highly effective at inducing people to take action
(such as to download and execute files), thereby infecting their computers with
malware….A key problem is that too much software today is insecure….If security is
to be built into the software: then the software must be free of known bugs that can
be exploited to compromise security… Building security in is not a new problem.
Fortunately, important technical advances over the past 25 years have improved the
ability of developers to build more fundamentally secure systems. Technology
advances alone will not solve all the problems. …A key question is why social
engineering techniques continue to be so successful. As technical measures improve
the security of systems, the end-user will increasingly become the weakest link.”6
On 24 February 2010, the Department of Parliamentary Services released a report on the security
issues posed for individuals and government agencies as a result of the growing use of online
social networking technology (Report). The Report focuses on cyber crime and security policy in
the context of web 2.0 (e-security policies). In particular, it identifies the range of security
threats that users of web 2.0 technology are vulnerable to and the current policy approaches in
Australia and overseas designed to address cyber crime. 7
The Report draws on a number of Australian and international reports and submissions
concerning cyber security. Some of the cyber crime scenarios and risks identified include:

phishing: fraudulent emails used to gain access to personal information for illegal
purposes;
6
F R Chang, ‘Is your computer secure’, Science, vol. 325, 31 July 2009, pp. 550–551
7
http://www.aph.gov.au/library/pubs/bn/sci/Cybercrime.pdf
8

social networking sites: such as instant messaging, peer-2-peer and web 2.0; eg
the harvesting of personal information shared for use in identity fraud;

denial-of-service (DoS) attacks: on corporate or government systems causing loss
of productivity and critical data;

malicious software (malware) and viruses: computer programs designed to
cause undesirable effects on computer systems (eg DoS attacks). Malware is often
combined with social engineering techniques, aimed at convincing users to do
things they otherwise would not (eg Facebook applications);

smartphones and multimedia messages: eg advanced capabilities such as
Bluetooth increase the risk of infections from malware or viruses and for personal
information to be stolen for unlawful purposes; and

bots and bot neworks (botnets): mechanisms used by hackers to infect and
remotely command multiple computers for a wide variety of purposes, eg to launch
attacks on high-profile websites. Social networking sites such as Facebook and
Twitter have been used to command 'botnet' armies of infected computers.
Statistics show that half of online Australians have no up-to-date online security
mechanisms, such as firewalls or anti-virus protection. This is of particular concern
considering the ever-increasing interconnectedness found in the age of high-speed
broadband, that is the convergence between the personal and home security of individuals
and the security of major institutions and processes, such as financial institutions and
government.
Intending vendors of the National Broadband Network should be particularly aware of the
high-level of risk these conditions present. Centralised computer systems also face attack
and are vulnerable to online terrorist attacks. This deems cyber security a growing national
concern, considering the threats posed to Australia's economic interests, integrity of public
information and systems and the wellbeing of the public.
E-security policies
Commentators argue that the growth in cyber crime techniques have not seen
corresponding security actions. Furthermore, the ability of law enforcement to investigate
and prosecute individuals involved is made difficult by the trans-national nature of the
technologies used to commit cyber crime.
Australia announced new e-security arrangements in 2009 to tackle online security threats.
The Cyber Security Strategy created a new Computer Emergency Response Team (CERT) to
provide cyber security information and advice to all Australians. The strategy also brought
together a number of Australian Government agencies to perform various roles, including
the Attorney-General's Department (AGD) as the lead policy agency for e-security and the
Australian Communications and Media Authority to gather evidence and ensure ISPs and
carriers are meeting their regulatory obligations.
9
The Report also briefly considers the development of cyber security policy in the US, UK
and Europe. It comments that UK government capabilities and policy developments are
more in line with Australia than in the US (with the UK program of work almost identical to
that in the AGD).
Policy outlook
The Report states the need to balance ICT security, performance and privacy when
formulating e-security policies. This should be achieved by engaging all stakeholders, not
merely policy makers. Online security is largely a technical issue, in that the various
techniques of risk analysis used in security assessment have weaknesses and
vulnerabilities that may not always be apparent to policy makers. As such, technical
considerations will need to be addressed in addition to jurisdictional boundaries,
identification aspects and policy linkages.
There have been calls for Government to require ISPs to act to protect users in the same
manner as a bank would when protecting accounts and personal details. Policies must also
recognise events overseas, given the global and instant nature of the internet.
The ultimate message appears to be that the hype surrounding the adoption of web 2.0 by
Australian industry, government agencies and the general populace has not been tempered
with appropriate e-security measures, and as such more efforts are required to "assuage
the twitter risk".
Web 3.0
Web 3.0 will provide users with a personal web experience. The experience that they enjoy
will be personal to them. "Web 2.0 was centered on user-generated content, where anyone
could be a publisher. We're now in the third wave -- I call it a social wave," said Travis Katz,
a former MySpace executive. The web has grown to the point where "there's too much
information," according to Katz. "Finding ways to filter out information and find what's
relevant to you is getting harder and harder. The model of Google doesn't work at scale -especially when it comes to things where taste matters."
Katz predicted that the future of the Internet "is one where every page is going to be
personalized. If you plan a trip to Paris, you shouldn't see [search results listing] 900
hotels. You should see six hotels based on where you stayed before; the places you checked
in at on Facebook and Foursquare, and the places where your friends have stayed. It's not
something that's just relevant to travel; it's something that makes sense for almost every
part of the Internet."
LinkedIn Chairman and founder, Reid Hoffman, has suggested the future of the web will be
all about data and how we use it. Like many others, he believes mobile will help to define
Web 3.0 but data is the main platform for the next online era. Hoffman claims that Web 3.0
will use two forms of data; explicit and implicit. The former, data users willingly give to
social networks, tweets and blog posts; the latter, background data that is collected such as
geo-location information.
10
Semantic web
The first inventor of the World Wide Web, Tim Berners-Lee, says Web 3.0 is a semantic
web. This term explains the way machines can read web pages like humans; a place where
search engines and software can browse the net and find what we're looking for, better
than we can. A semantic web enables new data integration, application operability and
makes data openly linkable and accessible in the form of web pages without much effort at
all. Ultimately, Web 3.0 will be about technology thinking of its own accord. While Web 2.0
was defined as 'information overload', Web 3.0 is centered on organizing and filtering the
chaos for personal use.
Web 3.0 will offer businesses unprecedented capabilities to connect and communicate with
customers, and to mine data about their online activities. The result will be a personalised
browsing experience for individuals and a flow of data that companies can apply to product
development, sales and marketing, and other business operations, management consulting
firm Booz&Co predicts. Although Web 3.0 is still a few years away, cutting-edge businesses,
particularly in retail and online media, are beginning to adopt the elements of the
transcendent web.
Amazon is using artificial intelligence to provide recommendations to customers based not
only on their own browsing and buying histories, but also on the behaviour of customers
with similar histories. Best Buy has added semantic technology to its website to allow
search engines to find detailed data on its product pages, gaining a 30% rise in traffic. Dell
has created an online community of a million users, who help it test products and provide
feedback on their performance and design.
11
Related documents
Need for New Approaches to Security PowerPoint
Need for New Approaches to Security PowerPoint
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
Capabilities Briefing - GliaCell Technologies
Capabilities Briefing - GliaCell Technologies
Jorge Valenzuela
Jorge Valenzuela
Day 4 Index - 507 Access 13, 15, 40, 56, 71, 76
Day 4 Index - 507 Access 13, 15, 40, 56, 71, 76
Features list
Features list
Download
advertisement