ICTlogy

Chairs: Maria José Pifarré, Lecturer, School of Law and Political Science (UOC).

Henrik Kaspersen, in active life holder of the Computer Law Chair of the Vrije Universiteit Amsterdam.
Cybercrime: a decade of transformations

A definition of computer cribe by Donn Parker (1974):

• The computer system is the target.
• The computer system is the instrument.
• The computer system is the environment.
• The computer system is legitimation.

Computer crime evolves in parallel, in the level of crime and complexity, with the development of ICTs. And as crime increased and became more complex, so did international definitions, recommendations and adoption of measures to fight computer crime and to prevent it.

There is much cybercrime that actually is not such, as the involvement of communications in crime does not always mean that it is cybercrime properly speaking. So, we need to (re)define well cybercrime, state the different types of cybercrime, avoid duplication of domestic law, avoid specification and focus instead only on main conduct, etc.

Types of cybercrime:

• Technical crimes: threat of ICT-security and integrity (cracking, phishing, etc.).
• Fraud by means of ICT or by manipulation of ICT (forgery, embezzlement, identity theft, etc.)
• Content related offences: crimes that seem to be particularly facilitated by ICT (child abuse images, racist and xenophobe expressions, etc.); crimes that are likely not to be criminalized in most countries.

There has been an increasing co-operation at the international level to prevent and fight cybercrime. EU co-funded projects: Cyber@IPA for the Balkans and Turkey; Cyber@EAP for Eastern Europe; Glacy, with a worldwide approach.

The cybercrime convention of 2001 tries to bring together as much countries as possible to collaborate on the fight against cybercrime, as it is committed anywhere, and you can suffer it also anywhere. Support programmes: legal training, exchange of data, technical knowledge, co-operation with third parties (industry, ISPs).

Challenges of the fight against cybercrime:

• Lack of criminal statistics.
• Analysis by victim-reports.
• Emphasis on modus operandi.
• Technical offences today are only instrument for common crime.
• Specific perpetrator behaviour?

Discussion

Ismael Peña-López: could it be possible to include in these international agreements something on the public sector, on governments and their behaviours against Internet-related freedoms? Kaspersen: that is a very difficult issue. Could be a good idea, but for instance it is very difficult to tell if a country digitally boycotts another country’s firms or infrastructures, whether this is cybercrime, or cyber warfare, and what consequences should arise from that. Cybercrime will most likely remain within the boundaries of criminal law.

Moderator: María José Pifarré de Moner, Lecturer, School of Law and Political Science (UOC).

Sexting and sexual victimization online: prevalence and factors of risk among adults
Manuel Gámez-Guadix, Universidad de Deusto; Erika Borrajo, Universidad de Deusto; Carmen Almendros, Universidad Autónoma de Madrid; Esther Calvete, Universidad de Deusto

Sexting stands for the creation and sharing of sexual content through the Internet. Online sexual victimization differs from sexting in that the later is not a volunteer action.

We believe that both practices are related, as the ones participating in sexting are more exposed to blackmailing and online sexual violence.

A survey was carried on with +800 people (2/3 women). Findings showed that at least 66.8% where involved in sexting practices (e.g. sending photos of oneself with nudity), with no differences of genre, and especially prevalent among people under 44 y.o., though it reaches people until 60y.o. And a significant relationship was found between sexting and online sexual violence.

Violence in dating through new technologies: prevalence, context and relationship with violence offline
Erika Borrajo, Universidad de Deusto; Manuel Gámez-Guadix, Universidad de Deusto; Esther Calvete, Universidad de Deusto

We believe there is a parallelism between bullying and cyberbullying and (offline) violence in dating and online violence in dating: threats, controlling and surveillance actions, etc.

There is an open debate whether this kind of violence is independent from “traditional” gender violence or it is another kind of this violence.

Surveys showed that control and surveillance is the most common practice in online dating violence, by means of texting applications, stealing passwords, etc. Reasons range from jealousy, kidding, reciprocity (“I do that to him/her because he/she does that to me”), etc. Usually men are more victims than women in this issue. There is a slight relationship between physical or psychological violence with online dating violence, but they have different nature and seem different practices.

These practices are bidirectional and are often seen as not important, a “just kidding” behaviours or “just a game”.

Civilian Direct Participation In Cyber Hostilities
François Delerue, Ph.D. researcher in International Law at the European University Institute.

Cyber warfare is the recourse to force using Internet and computer technology.

The legal regime of cyber warfare dates from 1945 (Jus contra bellum, UN charter), and 1949 (Jus in bello, Geneva Conventions), which is a mostly unsuitable framework, being the main problem that civilians can not be distinguished or left aside from combatants in cyber warfare.

Civilians should be left aside from combat unless they have direct participation in hostilities. What are the elements of direct participation in hostilities:

• Threshold of harm.
• Direct causation.
• Belligerent nexus.
• Temporal scope of the participation.
• Restraint on the use of force.

Specific issues on cyber warfare:

• The remote participation of civilians.
• Te participation of unaware civilians.

Cyber warfare challenges the notion of direct participation in hostilities.

Discussion

Q: how do you thing the right to be forgotten can affect this behaviours? Erika Borrajo: as a psychologist, it is important to stress the importance of some content they uploaded can now be erased from the Internet, as people change and may want not to be reminded of the past. The problem with the Internet is that victims are constantly re-victimized because their past actions haunt them in the present.

Q: is there any categorization for cyberwarfare on harms such as killing, wounding damage, etc. as it happens in offline warfare? François Delerue: in current legislation, there is not, so we still have to use killing or wounding as harms of the use of force.

Maria José Pifarré: do you believe the Internet has caused a shift from physical to psychological violence? (thus reducing physical violence, but making it more invisible) Erica Borrajo: in dating there does not seem to be a difference, and evidence shows that women are still more violent than men (though men are more harmful when violent).

Moderator: Ismael Peña-López Lecturer, School of Law and Political Science (UOC).

Towards a Magna Carta for the Internet: A right to online protests?
Argyro P Karanasiou. Lecturer in Law (Centre for Intellectual Property Policy & Management, CIPPM) – Bournemouth University, UK.

What happens when the Internet does not work?

• “The day the Internet went dark: major Internet corporations go to strike to protest against laws against Neutrality.
• “The day that almost broke the Internet”: Spamhaus blackmailed Cyberbunker, by attacking their servers. The whole Internet slew down.

Are DDoS attacks the equivalent of sit-ins? Are DDoS attacks a way to slow down business as usual, as it traditionally happened with sit-ins? Can you occupy cyberspace? It many jurisdictions DDoS is considered a crime — not a sit-in like protest.

• Benkler: they are sit-ins by design, they are doing it “for the lulz”. It’s distraction, not destruction.
• Low participatory threshold.
• No personal cost incurred.
• No need for technical experiences.

• The conduct argument: is it free speech? it kind of is.
• Is it a public protest? It kind of is an expressive boycott.
• The public forum argument: is it a public forum, or a non designated public forum? Maybe the Internet is a semi-private space and thus DDoS would be an act of trespassing.
• But DDoS is also against the free speech of others, so…

DDoS is cybotage, with an obstructive nature.

Anonymous Bulgaria: “I like to lumpen lumpen”
Julia Rone. PhD researcher, Department of Social and Political Science, European University Institute, Florence

What is the political potential of Anonymous (in the particular case of Bulgaria and the protests against the government in June 2013).

Origins of hacktivism: hacking community (Stallman); the increasingly prominence of immaterial labour in contemporary society, the multitude which is interconnected (Hardt and Negri); the new social movements (Melucci, Della Porta).

Anonymous has become a very powerful brand, that anyone can use or appropriate, and that has even created inner factions on what to do, how to do things and organize and decide, etc. There are very deep differences (in skills, in attitudes, in ideology) between anonymous groups. In the case of Bulgaria, the most popular group is deeply concerned by national politics.

There is a strive for leaderlessness.

There is also a strive for going against everything.

Where does this fighting everything leads to?

Though sometimes Anonymous do make proposals for new or renewed political systems, very technology centred, but which do not take into account learnings of the past, or what happens with the disconnected ones.

Is Anonymous a real connected multitude in the sense of Hardt and Negri? How are politics articulated under this vision? Can we achieve large consensus? What will happen if the multitude takes power? Will the multitude be destructive? Are there any constructive proposals?

Discussion

Q: what is the role of anonymity? Can we have a debate with anonymous people? Karanasiou: anonymity is very disenfranchising, and this adds barriers to debate. Rone: anonymity is crucial for Anonymous, and this is about not having a leader, a most important point in their ideology.

Ismael Peña-López: slacktivism usually is backed by deep spaces of deliberation. Are there deliberation spaces behind DDoS attacks or Anonymous actions? Karanasiou: as all these practices take place online, and the Internet is a very powerful space for deliberation. Rone: I do not think that there is a connection, or a deliberation space between Anonymous and the rest of the population. Indeed, there are many “misuses” of the brand of Anonymous.

Q: what do you think about anonymizers and the deep web in general? Karanasiou: it depends on how you use anonymity. If it is to guarantee your freedom of speech, right. But there are strings attached related to legitimacy, etc. So you have to assume this cost. Rone: there are ethics and rules in the group, but you have to work to keep them from being misused.

Chairs: Marc Vilalta Reixach, Lecturer, School of Law and Political Science (UOC).

The implementation of ICTs in public administration at Girona (Spain)
Núria Galera (independent lawyer), Mariona López Ortiz (independent lawyer).

Most city councils in the province of Girona have websites. Though a little bit outdated in formal matters, many of them feature an electronic office through which administrative procedures can be performed.

Usually, the bigger the city, the bigger the investment in e-government.

Other initiatives besides e-administration:

• e-Rutes [e-routes], on supporting tourism through mobile apps.
• SIMSAP, for the management of the public health system, especially strengthening the management of inner communications and procedures.
• Girona, territori cardioprotegit [Girona, a cardioprotected Girona], a service that geolocalizes automated external defibrillators (AED).

10 years of recognised electronic signature. Did it have any significant impact in e-administration?
Ignacio Alamillo Domingo, researcher at GRISC, Universitat Autònoma de Barcelona, Nuria Cuenca León, laywer at the Universitat Oberta de Catalunya.

The legislating bodies recognize the electronic signature as valid as the handwritten one, opening the potential of being able to sign without physical presence. Notwithstanding, it does not seem that the electronic signature is juridically as valid as the handwritten one. This is both happening in e-administration procedures and in the field of electronic invoicing.

Spain initially was very ambitious in its plans on digital signature, but they were later loosened and the situation now is that digital signature is decreasing use and heads toward extinction.

Maybe other kinds of signature, more open or more broadly accepted or more fit to the needs of the procedure would be a good bet for future policies and regulation.

Effects of the implementation of a public procurement by electronic means and its incidence in the Spanish landscape: beyond a change of format
Jordi Romeu Granados, Doctorando en Gobierno y Administración Pública UCM – IUIOG, Carmen Pineda Nebot, Consultora de Administraciones Públicas, Gregorio Juárez Rodríguez Doctorando en Gobierno y Administración Pública UCM – IUIOG

e-Procurement have different effects.

Technical and administrative effects:

• Publicity and transparency.
• Accessibility and interoperability.
• Objectivity and limitations to arbitrary decisions.
• Efficacy and efficiency.
• Security and traceability of information.

Political and social effects:

• Open government.
• Limits to corruption.
• Social control.
• Collective intelligence.

Economic effects:

• concurrence and competitiveness.
• Economic savings.

Pioneer experiences in Spain: electronic public procurement model of the Basque Government (2002); electronic procurement system of the University of Almería; electronic public procurement of the City of Gijón (2013).

There are many benefits of e-procurement, and, presumably, no major inconveniences. It does require a change of culture with strong leadership.

Transparency in electronic public administration in the digital era
Belén Andrés Segovia. Doctoranda en Derecho Administrativo en la Universidad de Valencia

Citizens demand more of their governments than some services, or that these services are provided efficiently and with efficacy, but also that these services are provided ethically, objectively, and with transparency.

Thus, transparency can contribute to foster e-government, as they feed back each other positively.

But the Spanish Law 19/2013 of Transparency does not seem to be providing tools for that. It seems that the law is turning the walls of the Government into glass through which the citizen can look through, but all the information is stored on wooden or metal boxes, which you cannot inspect.

Chairs: Agustí Cerrillo Martínez, Chair professor of Administrative Law, School of Law and Political Science (UOC)

eGovernment as an instrument for the protection of the environment. Electronic services of environmental information (2003-2013)
Francisco Javier Sanz Larruga. Catedrático de Derecho Administrativo de la Universidad de A Coruña

GPS, LBS, SIGs, WMS, aerial photography systems… there are now plenty of ways to geolocalize information.

And we want all this information to be public so that citizens can use it for environmental purposes. Where’s the limit? How does it relate with privacy and other rights? In Spain, the Law 14/2010 deals with these issues, plus other laws that deal, for instance, with interoperability of databases.

This public information is increasingly useful for territory planning, for trials as evidence, etc.

Drones now are on a legal void, but can be very helpful in providing geographical information (especially through photography) and should thus be regulated.

On the administrative simplification and the perversion of electronic requests that neutralize the reduction of administrative burdens
Mª Dolores Rego Blanco. Profesora Titular de Derecho Administrativo. Universidad Pablo de Olavide.

How can we reduce non-justified, unnecessary or excessive requests to the government sent electronically?

First of all, what is an administrative burden? The issue is, that despite the fact that electronic requests have much lower costs than face-to-face (or traditional mail) requests, we may end up having so much electronic requests that the total cost could be higher than by traditional means.

We have to be careful, though, that when trying to add some requisites to avoid overwhelming requests, we do not harm the rights of the petitioners.

Digital administration and transparency in the Italian legal system
Enrico Carloni. Associate professor of administrative law at the University of the Studies of Perugia

Where is the balance between government transparency and the privacy, personal data protection, etc. of MPs and other elected representatives?

Digitization of most G2B relationships is bringing more traceability and thus transparency. But it is also putting some struggle to SMEs which are having difficult times to catch up with the evolution of technology, be it because of lack of infrastructure be it because of lack of skills.

There is a conflict between open data — gathering all the information and putting it together — and privacy — avoiding the collection of personal data in order to identify someone.

Chairs: Miquel Peguera. Professor, School of Law and Political Science (UOC).

Gerald Spindler. Professor of Civil Law, Commercial and Economic Law, Comparative Law, Multimedia- and Telecommunication Law at the University of Göettingen (Germany).
Liability of ISP providers – recent developments in the EU

Liability Privileges and injunctions:

• Art. 12 E-Commerce-Directive – Access Provider.
• Art. 13: Caching.
• Art. 14: Host-Provider.
• Art. 15: monitoring duties.

Strong debate whether injunctions, or client monitoring is or is not covered by the law. There are some monitoring obligations, subject to specific content and specific infringements. But the role of freedom of speech has to be preserved, including commercial speech.

Host providing and Neutrality: more than file sharing, the problem now is file hosting. Related to neutrality, e.g. the German High Federal Court forces to distinct between third party content and own content, being liability conditioned to whether the content is a third party’s or not, or if the hosting provider does know whether the content is legal or not.

Host providing and knowledge: obligation to contact the rightholder/injunction claimant in case of doubts. Still not clear, though.

Monitoring duties of the access provider: there is none, the access provider does not need to monitor the uses. Indeed, users have their privacy protected. But law has been evolving and granting some access providers the right (or the obligation…) to block some content (e.g. websites) guaranteeing that a proper balance of constitutional rights (provider, rightholders, users) is regarded.

Injunctions and social networking sites and blogs: the provider is obliged to notify the blogger of a claim, and if the blogger does not react, the provider has to take down the message; if the blogger reacts, it is up to the claimant if she pursues her claim, and to the provider to decide if the message will be taken down. So far, there are no monitoring obligations of the provider for the future.

Perspectives: anonymity and identification. Enforcement needs identity data of the infringer: how can you claim liability if you do not know the identity of the infringer? There is a conflict between disclosure of identity data of users and data protection, between anonymity and liability of intermediaries. On the other hand, should anonymizers be liable for enabling the anonymity and thus makes liability more difficult?

Hadopi Law is (clearly) against many constitutional rights, but the other option, a notice-and-take-down approach may not be a solution for many issues (is definitely not a solution for repeated infringements, as it always acts ex-post).

Conflicts of laws: intellectual property rights and trademarks; unfair competition; personality rights and privacy; how can the level of protection of jurisdictions be compared…

Discussion

Q: what about the case of Google and the right to be forgotten? Spindler: there has always been a conflict between media to inform and the protection of privacy. And this conflict has now extended to social networking sites and Google itself. It seems fair to hold back this extension of “the right to inform” so that it does not steps too much upon the right to privacy.

Miquel Peguera: now, the cost of defending intellectual property rights falls upon the rightholders. But access providers benefit, indirectly, from the exploitation of these rights. Should they contribute to detect infringement (and thus contribute in supporting the burden of the costs)? Spindler: They maybe should, but it is not straightforward.