Archive for the ‘Law’ Category

Who’s liable for the Playstation Network hack?

April 28th, 2011 Comments off

That the Playstation Network was hacked is yesterday’s news.  The extent of the hack, has to this date not been formally verified. Sony says my login details may have been compromised (makes me wonder if they kept the passwords in plain-text format) but say there is no proof my credit card details were stolen. Uhm… That just means they just haven’t found the proof yet!

This puts me in an awkward position. About two/three weeks ago I decided to un-hack my PSP, because I couldn’t access the Playstation store with the hacked OS to download additional music for my favorite game, Rock Band Unplugged. So, I installed the latest OFW, set up an account, and accessed the store through the game.  I entered my credit card details and off I went paying and downloading.

But now, a legal ambiguity  has arisen.  (Speaking about Swedish legislation only – I know the burden of proof is different in other countries) I am supposed to report to my credit card company if anyone who is not supposed to have access to my card has had access to it. So, I should report to my card company that I was one of the people who had an account with Sony. But Sony hasn’t verified that hackers have had access to my credit card details, and no unauthorized purchases have been made. So there is only a possibility that it may happen in the future. So in theory I should report this. If I do, I have fulfilled my obligations, and if money gets taken of the card without my authorization, the card company has to prove that it was I who made the purchase which I claim I didn’t do. In Sweden, at least, that is the way it works.

So great, I report it. But now I need to check my credit card balance every day for unauthorized transactions… Yay! So, I probably want a new card. But the card company won’t give me a new card since there’s nothing wrong with my existing one (at least not yet)! DOH! I can always pay for a new one – uhm… really?

So to sum it up, Sony have made a big kerfuffle and if I don’t want to be stressing out about reporting unauthorized use of my card, I need to pay for a new card. Will Sony compensate me for that? Doubt it!

Thank you Sony! I’m your biggest fan!


Turns out I’m not the only one with the same concern:

The legal action by a PSN user claims Sony did not do enough to protect the private data of its customers.

It also asks for compensation and for Sony to pay for credit card monitoring to spot if stolen details are being used fraudulently.

Categories: English, Law Tags:

Cybercrime Legislation – Setting the Score Straight

March 16th, 2010 Comments off

In an article published by the Swedish on-line edition of Computer Sweden, security expert Rik Ferguson from Trend Micro comments on the Mariposa bot-net and the fact that the guys running the bot-net are up for trial. Translated to English he is claimed to say the following in the article: “The men behind the bot-net were running it from Spain where it is not an illegal act”. He also calls for the need to harmonize legislation dealing with cybercrime and claims that the prosecutors have to prove that the perpetrators have stolen information as that is the (only) act that is criminalized in Spain.

Now, granted, I do not know what the Spanish regulations say about denial of service attacks carried out by bot-nets from Spain, but I would like to point to two pieces of legislation which are precisely the kind of harmonization attempts that he calls for and which (at least one of them at least) legally binds Spain to criminalize the crimes he describes.

Read more…

Categories: English, Law Tags:

The Swedish implementation of the IPRED

July 19th, 2009 Comments off

The IPRED (Intellectual Property Rights Enforcement Directive) Directive was implemented in the Swedish legal system on the 25th of February 2009 through amendments to existing intellectual property (IP) laws. A couple of publishing companies filed the first court case based on the changes made to the legislations to the Solna District Court on the 1st of April. The court reached a verdict whereby the defendant (an Internet Service Provider) was to release the contact details of a customer to the plaintiff. The defendant made an appeal against the decision on the 15th of June.

In a couple of posts to come, I will provide an English summary of the different parties claims and the decision of the District Court. Before that, however, I feel that there is a need to provide an overview of the Swedish implementation of the Directive, and in particular section 53c in the law about IP rights which is the key section around which the whole case is built.

Read more…