IT Matters
Autumn 2003

NOTE: We are mirroring this because we can no longer find it at osborneclarke.com. It used to be at http://www.osborneclarke.com/publications/text/ITM0903f.htm

European & US News

Finland
First ruling by the Supreme Court of Finland on attempted break-in

The Finnish Supreme Court has given its first decision in a case of attempted computer break in. In a landmark decision given on April 8th, the Supreme Court chose to uphold the verdict of the Court of Appeals in a case involving a 17-year old youth.

According to the indictment, the defendant had attempted to break into the computer system of a major Finnish bank in autumn 1998. He had scanned the ports of the bank’s computer network in an attempt to access the bank’s closed network. Fortunately, a protective firewall prevented the would-be intruder from accessing the bank's servers. However, even though the attempt was unsuccessful, the investigation of the matter caused the bank considerable expense.

The Finnish Penal Code defines a computer break-in as an act in which a person unlawfully hacks into a computer system where data is processed, stored or transmitted electronically. Penalties for computer break-in vary from fines to terms of imprisonment for up to one year. The relevant section of the Penal Code stipulates that an attempt is also punishable. However, until the present case, there had been no prior court cases related to attempted computer break-ins.

In its ruling the Supreme Court stated that the defendant had systematically carried out port scanning operations to gather information for the purpose of unauthorised break-in to the bank's computer network. This amounted to an attempted computer break in.

The defendant was 17 years old at the time of the act and was, therefore, sentenced to a reduced fine for telecommunications interference and attempted computer break-in. In addition to criminal sanctions, the defendant was ordered to pay over  12,000 in damages to compensate the bank for the cost of its investigation.

For further information, please contact Esa Halmari, Hedman Osborne Clarke Alliance, Helsinki, tel: +358 9 177 060.

France
Public funding for computer games prototypes in France

Introduction

A new fund for the development of computer game prototypes in France was launched by the French Government in July. It is intended to assist French games developers to sign their products with publishers and has attracted substantial interest throughout the wider games industry. This initiative illustrates some of the differences between the methods by which games developers can raise funding to develop prototypes in the UK and France.

Immediate History

In March 2003 APOM, the French games developers' trade association, launched a manifesto entitled "10 propositions for creating a lasting games industry in France". These propositions ranged from the establishment of a Europe-wide computer games festival to the creation of a commission to review the legal status of computer games and game development. They also included a proposal to create a fund for computer game pre-production.

Three weeks later the French Prime Minister Jean-Pierre Raffarin announced that a number of the measures requested by the APOM document would be implemented by the French government. One of those measures was the creation of a pre-production fund (the "Fund").

Size and Purpose of the Fund

The Fund forms a part of a wider French fund (the "FAEM") which was created to financially support innovative multimedia projects. The FAEM has allocated the sum of four million Euros to the Fund in the first instance, to cover submissions made before September 2003.

The Fund is intended to provide funding to developers to allow them to develop a playable computer game prototype to facilitate the process of negotiating and concluding a publishing agreement with an eventual publisher.

Eligibility

The Fund is only open to games developers who satisfy each of the following criteria:

(a) the developer must be a French company;

(b) the developer must guarantee the completion of the pre-production phase;

(c) the developer must create new IP which it will retain, or improve existing IP which it has already created; and

(d) the developer must spend its pre-production costs within the French territory.

Selection Criteria

The selection criteria to be used by the Fund in assessing requests for funding are as follows:

(a) the extent of creativity which is demonstrated by (or in) the proposed game design, scenario or game universe, together with the extent to which players can affect the game universe or interact with one another;

(b) the commercial potential of the proposed game;

(c) the degree of originality demonstrated by the proposed game; and

(d) the skills and experience of the proposed development team, and the likelihood of completion.

No further guidance is offered as to how these criteria are applied in practice.

In addition:

(a) the Fund is only available to fund projects prior to the completion of a playable prototype, before a publishing agreement has been signed; and

(b) the Fund is not open to games with pornographic or violent content.

Sums available and Payment Dates

Whilst the sums available for each particular project will depend on the total demand on the Fund and the overall pre-production budget of each applicant, the Fund has applied a ceiling of 40% of the total pre-production budget in any one case.

The Fund proposes to pay 70% of the total investment as soon as it approves a project, and the remaining 30% on finalisation of the prototype.

Repayment

A grant made by the Fund is described as a "fully refundable advance" and accordingly all sums advanced are intended to be refunded within twelve months of execution of a publishing agreement.

In the event that a publishing agreement is not executed, the recipient can request that the debt be written off, provided that the recipient can prove that the project has been abandoned. What is meant by "abandoned" is unclear, as is the period of time which must elapse before such a request can be made.

Comparison with the UK

It is instructive to compare this taxpayer funded model with the free market approach to prototype funding found in the UK, where pre-production funding is usually found (to the extent that it is found at all) on the open market. Sources include publishers, banks or speciality finance houses. The key differences include the following:

(a) The French model allows the developer to write off the debt if the project does not result in completion of a publishing agreement. Whilst this occurs in some cases in the UK, in others (particularly ordinary debt financing provided by a bank) the sum advanced is refundable in any event, even if the project does not culminate in a publishing deal.

(b) The French model is cheaper, since all that is required is reimbursement of the initial sum (there is no mention of any interest), and even that is conditional upon achieving a publishing agreement. The high cost of interest often imposed by the open market can in itself reduce the likelihood of concluding a publishing agreement at all, since publishers may be reluctant to sign a game that will trigger a repayment (plus hefty profit margin) to a third party finance provider. This is not an issue with the French model.

(c) The French model imposes its own cultural and aesthetic limitations in the form of a prohibition against pornography and violence. Prohibiting pornographic content is probably not commercially problematic and this reflects existing console owner criteria in any case. However, prohibiting violence is much more controversial and is likely to have a significant limiting impact on the nature of projects which are funded by the Fund. One wonders whether public investment in French cinema projects is circumscribed by the same criteria. The open market is not.

(d) The French model will not allow a developer to create IP to be sold directly to a publisher. Accordingly, it would seem to preclude funding a prototype for a game based on a film licence. UK funds are not normally limited in this way.

(e) The French model (or at least this French model) is limited in funds: four million Euros would be enough to create about ten functioning prototypes for full scale console or multi-format games only. In comparison, the funds available under the UK model are theoretically unlimited, since they are sourced directly from the capital markets. Ironically, in practice the UK model may well have less capital available than the Fund's four million Euros budget.

Each model suffers from a practical difficulty which is inherently tied to the concept of conditional repayment, where the sums advanced are refunded only if a publishing deal is signed. In practice, most prototypes are unlikely to resemble the final game in all material respects. Accordingly, if a developer ultimately signs a publishing agreement for a game which either:

(a) looks like the prototype, but uses different underlying code and technology; or

(b) uses the same underlying code and technology as the prototype, but looks completely different; or

(c) adopts the same name (and background story) as the prototype but is a different genre to the prototype;
should the developer refund the sums advanced for the prototype, or not ?

We await with interest the results of this initiative. Ultimately, even a taxpayer-funded process will be subjected to the twofold rigours of the publisher market and the consumer market. It will be instructive to see whether the projects selected by the Fund in accordance with its own idiosyncratic criteria have a higher success rate with publishers and with consumers than games which are funded according to the UK's more market-orientated approach.

For further information, please contact Vincent Scheurer, London office, tel: +44 (0) 20 7246 8068.

Germany
Are Internet Access Providers allowed to store IP-addresses?

Following a complaint by an internet user, the regional council of Darmstadt decided that T-Online International AG, the leading internet service provider in Germany, is entitled to store the IP-addresses of internet users on a permanent basis. The regional council, which is the responsible data protection body in this case, stated that this storage of IP-addresses is necessary for internet access providers to provide evidence that internet services have been performed correctly. Besides that, the regional council held that the durable storage of IP-addresses is necessary to prevent the abusive use of the internet services offered. Especially with regard to hacker attacks and portscans, the IP-address is seen as an effective instrument to identify users misusing internet services.

Many consumer protection organizations and several data protection authorities objected to this decision. However, internet service providers argue that they are entitled to store the IP-addresses because they are required by law to pass on any IP-addresses which are requested by law enforcement agencies.

The legal position is not clear. According to the prevailing opinion among German data protection experts, IP-addresses are deemed personal data according to the regulations set out in the German Federal Data Protection Act and in the German Tele Services Data Protection Act (the latter being based on the EU-Directive 95/46/EG.) As a consequence, IP-addresses can only be stored for a limited amount of time and not permanently, because German data protection laws do not permit the permanent storage of personal data. As a basic principle of German data protection law, personal data have to be deleted or blocked if they are not needed any longer. The German legislature has recognized this dilemma and plans to reform the Telecommunication Act. It is currently discussing the introduction of a regulation allowing internet access providers to store personal data for the purpose of criminal proceedings.

For further information, please contact Konstantin Ewald, Cologne office, tel: +49 221 5108 4106.

Ireland
EC (Electronic Communications Networks and Services) (Framework) Regulations 2003 (the "Regulations")


The Framework Directive (Directive 2002/21/EC) along with certain other directives endeavour to harmonise the regulation of electronic communications services and networks as well as associated facilities and services in the EU.

Ireland has recently introduced regulations in order to specifically implement these directives. The Framework Regulations 2003 came into force in Ireland on the 21st July 2003 and transpose the Framework Directive into Irish law. One of the most noteworthy changes to Irish law resulting from these new Framework Regulations is that they create a new appeals process whereby decisions of the national regulator for electronic communications, namely, the Commission for Communications Regulation ("ComReg") can be challenged without necessarily having recourse to the courts.

Prior to the enactment of these regulations, parties that disagreed with decisions of ComReg and that wanted to challenge such decisions were generally required to seek judicial review of such decisions in the High Court. In addition to long delays, this procedure resulted in significant legal costs being incurred by the parties to such actions. The Framework Regulations create a new mechanism for challenging decisions of ComReg. They provide that any person or undertaking that is affected by a decision or other act of ComReg may appeal such decision within 28 days. An Appeal Panel shall consist of 3 persons appointed by the Minister for Communications Marine and Natural Resources. The Regulations provide that the individuals appointed to the Appeals Panel shall have the necessary expertise to tackle the issues brought before them and the Regulations provide that at least one member of each Panel shall be a practising barrister or solicitor with at least 7 years experience.

With experienced members of the Appeal Panel, it is hoped that this new structure should diminish the costs and time involved in challenging ComReg's decisions in comparison with proceedings brought before a court. In terms of time, the Regulations provide that an Appeal Panel shall determine each appeal, as far as is practicable, within a 4 month period. The Regulations also provide that decisions of Appeal Panels shall be final and conclusive.

The Regulations give the Appeal Panel certain quasi-judicial powers including the power to enforce the attendance of witnesses, to examine witnesses on oath or otherwise, and compel the production of documents. Where an individual refuses to comply with any of the these orders, that person is guilty of an offence.

The new Framework Regulations provide that appeals against ComReg's decisions should take into account the merits of the case. This means that an appeal should be more than just a review of the procedures applied by the regulator in making a decision or of whether the regulator had the power to make the decision. The Framework Regulations enable the Appeal Panel to examine the merits of the decision itself including the expert judgement used in making the decision.

It is hoped that the new Regulations will result in a streamlined appeals process and that in future there will be less recourse to the courts due to the effectiveness of and the efficiencies in the new system.


By Philip Nolan of Mason Hayes & Curran.
Contact: pnolan@mhc.ie

Russia
Recent improvements in the Russian Law "On computer programs"

Since 1995 the Russian Federation has been negotiating entry into the World Trade Organization. The main requirement of WTO is that all laws, including laws on intellectual property, should comply with the treaties and agreements of WTO. Due to this requirement the Russian Law “On legal protection of computer programs and data bases” has recently been successfully amended in order to comply with the TRIPS Agreement, the Russian Constitution and the Russian Law “On copyright and related rights”.

One of the most important amendments is the inclusion within the Russian legislative regime of foreign individuals, legal entities and non-citizens in accordance with the international agreements of the Russian Federation or on the basis of reciprocity. By reason of this amendment, the Law is now TRIPS compliant.

The list of moral rights of creators of computer programs and data bases has been extended in order to coincide with the Russian Law “On copyright and related rights” which provides the general rules on copyright protection. Now the author of a computer program or data base may communicate the program or data base to the public or refuse to communicate it. The author had this opportunity before under the Law “On copyright” but there were many legal disputes with regard both to the general rules on copyright (the Law “On copyright”) and to the special regulations (the Law “On computer programs”). These discrepancies have now disappeared.

There is also a new provision which ensures the interests of the Russian Federation regarding the creation of computer programs and data bases. Now, the author of a computer program or data base should assign the intellectual property rights in the program or data base to the Russian Federation, or its subject, free of charge, if such a program or data base is made upon the order of the State.

The next Russian law on IP matters which will be revised and amended in accordance with the norms of the TRIPS Agreement, International Treaties and Russian Civil legislation will be the Law “On copyright and related rights” which is likely to be approved by the end of this year.


By Tatyana Mitchina, Hedman Osborne Clarke Alliance, St. Petersburg, tel: +7 812 312 0566.


Europe
Commission selects Registry for new .eu TLD

A major step towards the introduction of the new .eu Top Level Domain (TLD) was taken earlier this summer when the European Commission selected EURID (the European Registry for Internet Domains) to "organise, administer and manage" the new TLD. The aim of the .eu TLD is to provide "a complementary registration domain to existing country code Top Level Domains (ccTLDs) or global registration in the generic Top Level Domains, and should in consequence increase choice and competition." More specifically a press release from the European Commission states: "The .eu is intended to become the distinctive pan-European identification of websites and e-mail addresses, comparable to .org or .com."

The designation of a Registry for this TLD was one of the objectives of Regulation (EC) No 733/2002, the others being the establishment: (i) of conditions for its implementation; and, (ii) of "the general policy framework within which the Registry will function."

Key factors to be addressed by public policy rules will be:

  • extra-judicial settlement of conflicts

  • methods of preventing speculative and abusive registration of domain names

  • possible revocation of domain names, including questions of bona vacantia

  • issues of language and geographical concepts

  • treatment of intellectual property and other rights

The Regulation stipulates that the Registry shall be a non-profit organisation and that it may not act as Registrar itself. The Registrar will be a person or entity which contracts with EURID to provide "domain name registration services to registrants." In addition, EURID may not accept registrations until the registration policy is in place.

In a move to combat cybersquatting, the Regulation provides that "holders of prior rights recognised or established by national and/or Community law and public bodies" will benefit from a "sunrise period" during which they will have an exclusive right to register their domain names.

The Regulation envisages that use of the .eu TLD will be extended to states in the European Economic Area. If everything progresses according to plan, the .eu TLD is likely to be operational by the end of 2003.

Click here for further details.
[Source: Europa Online]

United States
Case summary: The fight for sex.com

This case not only raises interesting legal points regarding the nature of property in a domain name, it is also an entertaining read. With references to bounty-hunters and Mexican gunfights, it is redolent of scenes from Butch Cassidy.

Gary Kremen v Stephen Michael Cohen
9th US Circuit Court of Appeals
No. 01-15899


Background: In 1994, Gary Kremen obtained the domain name sex.com from registrar Network Solutions. The domain name was registered to his business, Online Classifieds, with Kremen named as the contact. However, he had not reckoned on the appearance of Stephen Cohen. Described by Judge Kozinski as a man of "boundless resource and bounded integrity", Cohen was a colourful con man who had served a stretch in prison for impersonating a bankruptcy lawyer. He, too, had set his sights on ownership of the sex.com domain name and was undeterred by the fact that Kremen was already in possession of it.

Cohen's ploy was to send a fraudulent letter to Network Solutions which purported to be from Online Classifieds, informing the registrar that Kremen had been dismissed from the company and that the Board of Directors had decided to abandon the domain name. The letter also stated that the company was happy to authorise the transference of the sex.com name to Mr Cohen. Despite the letter's explicit assertion that a company sporting the word "Online" in its title had no direct Internet connection, Network Solutions did not investigate the matter and simply transferred the domain name to Mr Cohen who then used it to set up a thriving online porn business.

Mr Kremen subsequently remonstrated with Network Solutions but was told that it was too late to reverse the transfer. He sued Cohen with the result that a district court ordered the return of the domain name to Kremen, awarding $40 million in compensatory damages and $25 million in punitive damages. However, despite the freezing of Cohen's assets, the wily con man managed to deposit large sums of money offshore and, defying another order, stripped his real estate property of all fixtures (including cabinet doors and toilets!) US marshals were sent to arrest Cohen who was declared a fugitive from justice.

It was at this point that Judge Kozinski of the Court of Appeals described the story as "getting really bizarre." In scenes worthy of a modern western, Kremen used the sex.com site to display a "wanted" poster complete with a mug shot of Cohen and a reward of $50,000 for anyone bringing the miscreant to justice. Cohen's lawyers countered with a motion to vacate the arrest warrant, arguing that gun fights between bounty-hunters and the authorities in Mexico (where Cohen was under house arrest) were a threat to human life. Not surprisingly, the court denied the motion, dismissing the story as "implausible". Cohen, however, remained at large.

Having enjoyed a largely pyrrhic victory against Cohen, Kremen then initiated proceedings against Network Solutions for mishandling his domain name. He propounded four arguments in favour of his case, one of which consisted of claiming that the registrar was "bailee" of his domain name and was liable for "conversion by bailee". The district court rejected all four theories. As regards the conversion claim, while agreeing that sex.com was Kremen's property, the district court concluded that this was intangible property to which the tort of conversion did not apply. Further, it held that Network Solutions was not a bailee.

Kremen appealed.

Outcome: While affirming part of the district court's judgement, the Court of Appeals took a different view of the conversion argument. Reversing the district court's judgement on this count, the Court of Appeals held that Kremen had a viable claim for conversion. The case was remanded for further proceedings.

Click here to read the full judgement.
[Source: Findlaw]

Case summary: Intel fails to block former employee's spam

Intel Corporation Plaintiff and Respondent
v.
Kourosh Kenneth Hamidi Defendant and Appellant

Supreme Court of California

Background: Mr Hamidi, an ex-employee of Intel, set up an organisation with others called FACE-Intel which spread information criticising Intel's employment and personnel practices. Mr Hamidi was also webmaster of FACE-Intel's website which contained similar material. Over a period of 21 months, Mr Hamidi sent six mass emailings (each consisting of thousands of addresses, one estimate totalling some 35,000) to Intel employees on Intel's email system. These emails criticized Intel's employment practices and directed employees to the FACE-Intel website.

A number of key factors arose from these events which were later considered by the Supreme Court. These were:

  • there was no evidence that Hamidi had breached Intel's computer security

  • there was no evidence that Hamidi's messages had damaged Intel's computer system or slowed or impaired its functioning

  • Hamidi offered to - and did - remove any recipient from his mailing list who so wished

  • staff time was consumed in trying to block further messages

  • the messages had caused discussion between Intel's managers and its HR department.

Pleading a cause of action for trespass to chattels Intel sought, and got, an injunction against further email messages from the district court which was subsequently affirmed by the Court of Appeal. The majority view in the Court of Appeal was that it was unnecessary to prove actual injury to personal property in order to obtain a remedy under the law of trespass to chattels and that it was sufficient merely to show use or intermeddling with another party's personal property.

The case was then referred to the Supreme Court of California which took an entirely different view holding that, under Californian law, the tort of trespass to chattels "does not encompass, and should not be extended to encompass, an electronic communication that neither damages the recipient computer system nor impairs its functioning. Such an electronic communication does not constitute an actionable trespass to personal property, i.e., the computer system, because it does not interfere with the possessor's use or possession of, or any other legally protected interest in, the personal property itself."

The Court drew a distinction between this case and others where the law of trespass to chattels had been used to prove spammers liability to ISPs. In the latter cases, "the underlying complaint was that the extraordinary quantity of UCE [unsolicited commercial email] impaired the computer system's functioning. In the present case, the claimed injury is located in the disruption or distraction caused to recipients by the contents of the email messages, an injury entirely separate from, and not directly affecting, the possession or value of personal property."

Outcome: The Court of Appeal's judgement was reversed.

Click here to read the full text of the case.
[Source: California Supreme Court]

For further information, please contact Mark Webber, Silicon Valley office, tel: +1 650 462 4022.


The material contained in this article is provided for general purposes only and does not constitute legal or other professional advice. Appropriate legal advice should be sought for specific circumstances and before action is taken.

© Osborne Clarke 2003