|
NOTE: We are mirroring this because we can no longer find it at osborneclarke.com. It used to be at http://www.osborneclarke.com/publications/text/ITM0903f.htm
European
& US News
Finland
First
ruling by the Supreme Court of Finland on attempted break-in
The Finnish
Supreme Court has given its first decision in a case of attempted computer
break in. In a landmark decision given on April 8th, the Supreme Court
chose to uphold the verdict of the Court of Appeals in a case involving
a 17-year old youth.
According to the indictment,
the defendant had attempted to break into the computer system of a major
Finnish bank in autumn 1998. He had scanned the ports of the bank’s computer
network in an attempt to access the bank’s closed network. Fortunately,
a protective firewall prevented the would-be intruder from accessing the
bank's servers. However, even though the attempt was unsuccessful, the
investigation of the matter caused the bank considerable expense.
The Finnish Penal
Code defines a computer break-in as an act in which a person unlawfully
hacks into a computer system where data is processed, stored or transmitted
electronically. Penalties for computer break-in vary from fines to terms
of imprisonment for up to one year. The relevant section of the Penal
Code stipulates that an attempt is also punishable. However, until the
present case, there had been no prior court cases related to attempted
computer break-ins.
In its ruling the
Supreme Court stated that the defendant had systematically carried out
port scanning operations to gather information for the purpose of unauthorised
break-in to the bank's computer network. This amounted to an attempted
computer break in.
The defendant was
17 years old at the time of the act and was, therefore, sentenced to a
reduced fine for telecommunications interference and attempted computer
break-in. In addition to criminal sanctions, the defendant was ordered
to pay over 12,000 in damages to compensate the bank for the cost
of its investigation.
For further information,
please contact Esa Halmari,
Hedman Osborne Clarke Alliance, Helsinki, tel: +358 9 177 060.
France
Public funding for computer games prototypes in France
Introduction
A new fund for the development of computer game prototypes in France was
launched by the French Government in July. It is intended to assist French
games developers to sign their products with publishers and has attracted
substantial interest throughout the wider games industry. This initiative
illustrates some of the differences between the methods by which games
developers can raise funding to develop prototypes in the UK and France.
Immediate History
In March 2003 APOM, the French games developers' trade association, launched
a manifesto entitled "10 propositions for creating a lasting games
industry in France". These propositions ranged from the establishment
of a Europe-wide computer games festival to the creation of a commission
to review the legal status of computer games and game development. They
also included a proposal to create a fund for computer game pre-production.
Three weeks later the French Prime Minister Jean-Pierre Raffarin announced
that a number of the measures requested by the APOM document would be
implemented by the French government. One of those measures was the creation
of a pre-production fund (the "Fund").
Size and Purpose of the Fund
The Fund forms a part of a wider French fund (the "FAEM") which
was created to financially support innovative multimedia projects. The
FAEM has allocated the sum of four million Euros to the Fund in the first
instance, to cover submissions made before September 2003.
The Fund is intended to provide funding to developers to allow them to
develop a playable computer game prototype to facilitate the process of
negotiating and concluding a publishing agreement with an eventual publisher.
Eligibility
The Fund is only open to games developers who satisfy each of the following
criteria:
(a) the developer must be a French company;
(b) the developer must guarantee the completion of the pre-production
phase;
(c) the developer must create new IP which it will retain, or improve
existing IP which it has already created; and
(d) the developer must spend its pre-production costs within the French
territory.
Selection Criteria
The selection criteria to be used by the Fund in assessing requests for
funding are as follows:
(a) the extent of creativity which is demonstrated by (or in) the proposed
game design, scenario or game universe, together with the extent to which
players can affect the game universe or interact with one another;
(b) the commercial potential of the proposed game;
(c) the degree of originality demonstrated by the proposed game; and
(d) the skills and experience of the proposed development team, and the
likelihood of completion.
No further guidance is offered as to how these criteria are applied in
practice.
In addition:
(a) the Fund is only available to fund projects prior to the completion
of a playable prototype, before a publishing agreement has been signed;
and
(b) the Fund is not open to games with pornographic or violent content.
Sums available and Payment Dates
Whilst the sums available for each particular project will depend on the
total demand on the Fund and the overall pre-production budget of each
applicant, the Fund has applied a ceiling of 40% of the total pre-production
budget in any one case.
The
Fund proposes to pay 70% of the total investment as soon as it approves
a project, and the remaining 30% on finalisation of the prototype.
Repayment
A grant made by the Fund is described as a "fully refundable advance"
and accordingly all sums advanced are intended to be refunded within twelve
months of execution of a publishing agreement.
In
the event that a publishing agreement is not executed, the recipient can
request that the debt be written off, provided that the recipient can
prove that the project has been abandoned. What is meant by "abandoned"
is unclear, as is the period of time which must elapse before such a request
can be made.
Comparison
with the UK
It
is instructive to compare this taxpayer funded model with the free market
approach to prototype funding found in the UK, where pre-production funding
is usually found (to the extent that it is found at all) on the open market.
Sources include publishers, banks or speciality finance houses. The key
differences include the following:
(a) The French model allows the developer to write off the debt if the
project does not result in completion of a publishing agreement. Whilst
this occurs in some cases in the UK, in others (particularly ordinary
debt financing provided by a bank) the sum advanced is refundable in any
event, even if the project does not culminate in a publishing deal.
(b) The French model is cheaper, since all that is required is reimbursement
of the initial sum (there is no mention of any interest), and even that
is conditional upon achieving a publishing agreement. The high cost of
interest often imposed by the open market can in itself reduce the likelihood
of concluding a publishing agreement at all, since publishers may be reluctant
to sign a game that will trigger a repayment (plus hefty profit margin)
to a third party finance provider. This is not an issue with the French
model.
(c) The French model imposes its own cultural and aesthetic limitations
in the form of a prohibition against pornography and violence. Prohibiting
pornographic content is probably not commercially problematic and this
reflects existing console owner criteria in any case. However, prohibiting
violence is much more controversial and is likely to have a significant
limiting impact on the nature of projects which are funded by the Fund.
One wonders whether public investment in French cinema projects is circumscribed
by the same criteria. The open market is not.
(d) The French model will not allow a developer to create IP to be sold
directly to a publisher. Accordingly, it would seem to preclude funding
a prototype for a game based on a film licence. UK funds are not normally
limited in this way.
(e) The French model (or at least this French model) is limited in funds:
four million Euros would be enough to create about ten functioning prototypes
for full scale console or multi-format games only. In comparison, the
funds available under the UK model are theoretically unlimited, since
they are sourced directly from the capital markets. Ironically, in practice
the UK model may well have less capital available than the Fund's four
million Euros budget.
Each model suffers from a practical difficulty which is inherently tied
to the concept of conditional repayment, where the sums advanced are refunded
only if a publishing deal is signed. In practice, most prototypes are
unlikely to resemble the final game in all material respects. Accordingly,
if a developer ultimately signs a publishing agreement for a game which
either:
(a) looks like the prototype, but uses different underlying code and technology;
or
(b) uses the same underlying code and technology as the prototype, but
looks completely different; or
(c) adopts the same name (and background story) as the prototype but is
a different genre to the prototype;
should the developer refund the sums advanced for the prototype, or not
?
We await with interest the results of this initiative. Ultimately, even
a taxpayer-funded process will be subjected to the twofold rigours of
the publisher market and the consumer market. It will be instructive to
see whether the projects selected by the Fund in accordance with its own
idiosyncratic criteria have a higher success rate with publishers and
with consumers than games which are funded according to the UK's more
market-orientated approach.
For further information, please contact Vincent
Scheurer, London office, tel: +44 (0) 20 7246 8068.
Germany
Are Internet Access Providers allowed to store IP-addresses?
Following
a complaint by an internet user, the regional council of Darmstadt decided
that T-Online International AG, the leading internet service provider
in Germany, is entitled to store the IP-addresses of internet users on
a permanent basis. The regional council, which is the responsible data
protection body in this case, stated that this storage of IP-addresses
is necessary for internet access providers to provide evidence that internet
services have been performed correctly. Besides that, the regional council
held that the durable storage of IP-addresses is necessary to prevent
the abusive use of the internet services offered. Especially with regard
to hacker attacks and portscans, the IP-address is seen as an effective
instrument to identify users misusing internet services.
Many consumer protection
organizations and several data protection authorities objected to this
decision. However, internet service providers argue that they are entitled
to store the IP-addresses because they are required by law to pass on
any IP-addresses which are requested by law enforcement agencies.
The legal position
is not clear. According to the prevailing opinion among German data protection
experts, IP-addresses are deemed personal data according to the regulations
set out in the German Federal Data Protection Act and in the German Tele
Services Data Protection Act (the latter being based on the EU-Directive
95/46/EG.) As a consequence, IP-addresses can only be stored for a limited
amount of time and not permanently, because German data protection laws
do not permit the permanent storage of personal data. As a basic principle
of German data protection law, personal data have to be deleted or blocked
if they are not needed any longer. The German legislature has recognized
this dilemma and plans to reform the Telecommunication Act. It is currently
discussing the introduction of a regulation allowing internet access providers
to store personal data for the purpose of criminal proceedings.
For further information,
please contact Konstantin
Ewald, Cologne office, tel: +49 221 5108 4106.
Ireland
EC (Electronic Communications Networks and Services) (Framework)
Regulations 2003 (the "Regulations")
The Framework Directive (Directive 2002/21/EC) along with certain other
directives endeavour to harmonise the regulation of electronic communications
services and networks as well as associated facilities and services in
the EU.
Ireland has recently introduced regulations in order to specifically implement
these directives. The Framework Regulations 2003 came into force in Ireland
on the 21st July 2003 and transpose the Framework Directive into Irish
law. One of the most noteworthy changes to Irish law resulting from these
new Framework Regulations is that they create a new appeals process whereby
decisions of the national regulator for electronic communications, namely,
the Commission for Communications Regulation ("ComReg") can
be challenged without necessarily having recourse to the courts.
Prior to the enactment of these regulations, parties that disagreed with
decisions of ComReg and that wanted to challenge such decisions were generally
required to seek judicial review of such decisions in the High Court.
In addition to long delays, this procedure resulted in significant legal
costs being incurred by the parties to such actions. The Framework Regulations
create a new mechanism for challenging decisions of ComReg. They provide
that any person or undertaking that is affected by a decision or other
act of ComReg may appeal such decision within 28 days. An Appeal Panel
shall consist of 3 persons appointed by the Minister for Communications
Marine and Natural Resources. The Regulations provide that the individuals
appointed to the Appeals Panel shall have the necessary expertise to tackle
the issues brought before them and the Regulations provide that at least
one member of each Panel shall be a practising barrister or solicitor
with at least 7 years experience.
With experienced members of the Appeal Panel, it is hoped that this new
structure should diminish the costs and time involved in challenging ComReg's
decisions in comparison with proceedings brought before a court. In terms
of time, the Regulations provide that an Appeal Panel shall determine
each appeal, as far as is practicable, within a 4 month period. The Regulations
also provide that decisions of Appeal Panels shall be final and conclusive.
The Regulations give the Appeal Panel certain quasi-judicial powers including
the power to enforce the attendance of witnesses, to examine witnesses
on oath or otherwise, and compel the production of documents. Where an
individual refuses to comply with any of the these orders, that person
is guilty of an offence.
The new Framework Regulations provide that appeals against ComReg's decisions
should take into account the merits of the case. This means that an appeal
should be more than just a review of the procedures applied by the regulator
in making a decision or of whether the regulator had the power to make
the decision. The Framework Regulations enable the Appeal Panel to examine
the merits of the decision itself including the expert judgement used
in making the decision.
It is hoped
that the new Regulations will result in a streamlined appeals process
and that in future there will be less recourse to the courts due to the
effectiveness of and the efficiencies in the new system.
By Philip Nolan of Mason Hayes & Curran.
Contact: pnolan@mhc.ie
Russia
Recent improvements in the Russian Law "On computer
programs"
Since 1995 the Russian Federation has been negotiating entry into the
World Trade Organization. The main requirement of WTO is that all laws,
including laws on intellectual property, should comply with the treaties
and agreements of WTO. Due to this requirement the Russian Law “On legal
protection of computer programs and data bases” has recently been successfully
amended in order to comply with the TRIPS Agreement, the Russian Constitution
and the Russian Law “On copyright and related rights”.
One of the most important
amendments is the inclusion within the Russian legislative regime of foreign
individuals, legal entities and non-citizens in accordance with the international
agreements of the Russian Federation or on the basis of reciprocity. By
reason of this amendment, the Law is now TRIPS compliant.
The list of moral
rights of creators of computer programs and data bases has been extended
in order to coincide with the Russian Law “On copyright and related rights”
which provides the general rules on copyright protection. Now the author
of a computer program or data base may communicate the program or data
base to the public or refuse to communicate it. The author had this opportunity
before under the Law “On copyright” but there were many legal disputes
with regard both to the general rules on copyright (the Law “On copyright”)
and to the special regulations (the Law “On computer programs”). These
discrepancies have now disappeared.
There is also a new
provision which ensures the interests of the Russian Federation regarding
the creation of computer programs and data bases. Now, the author of a
computer program or data base should assign the intellectual property
rights in the program or data base to the Russian Federation, or its subject,
free of charge, if such a program or data base is made upon the order
of the State.
The next Russian law
on IP matters which will be revised and amended in accordance with the
norms of the TRIPS Agreement, International Treaties and Russian Civil
legislation will be the Law “On copyright and related rights” which is
likely to be approved by the end of this year.
By Tatyana Mitchina,
Hedman Osborne Clarke Alliance, St. Petersburg, tel: +7 812 312 0566.
Europe
Commission selects Registry for new .eu TLD
A major
step towards the introduction of the new .eu Top Level Domain (TLD) was
taken earlier this summer when the European Commission selected EURID
(the European Registry for Internet Domains) to "organise, administer
and manage" the new TLD. The aim of the .eu TLD is to provide "a
complementary registration domain to existing country code Top Level Domains
(ccTLDs) or global registration in the generic Top Level Domains, and
should in consequence increase choice and competition." More specifically
a press release from the European Commission states: "The .eu is
intended to become the distinctive pan-European identification of websites
and e-mail addresses, comparable to .org or .com."
The designation of a Registry for this TLD was one of the objectives of
Regulation (EC) No 733/2002, the others being the establishment: (i) of
conditions for its implementation; and, (ii) of "the general policy
framework within which the Registry will function."
Key factors to be addressed by public policy rules will be:
- extra-judicial
settlement of conflicts
- methods of preventing
speculative and abusive registration of domain names
- possible revocation
of domain names, including questions of bona vacantia
- issues of language
and geographical concepts
- treatment of intellectual
property and other rights
The Regulation
stipulates that the Registry shall be a non-profit organisation and that
it may not act as Registrar itself. The Registrar will be a person or
entity which contracts with EURID to provide "domain name registration
services to registrants." In addition, EURID may not accept registrations
until the registration policy is in place.
In a move to combat cybersquatting, the Regulation provides that "holders
of prior rights recognised or established by national and/or Community
law and public bodies" will benefit from a "sunrise period"
during which they will have an exclusive right to register their domain
names.
The Regulation envisages that use of the .eu TLD will be extended to states
in the European Economic Area. If everything progresses according to plan,
the .eu TLD is likely to be operational by the end of 2003.
Click
here for further details.
[Source: Europa
Online]
United
States
Case
summary: The fight for sex.com
This
case not only raises interesting legal points regarding the nature of
property in a domain name, it is also an entertaining read. With references
to bounty-hunters and Mexican gunfights, it is redolent of scenes from
Butch Cassidy.
Gary
Kremen v Stephen Michael Cohen
9th US Circuit Court of Appeals
No. 01-15899
Background: In 1994, Gary Kremen obtained the domain name sex.com
from registrar Network Solutions. The domain name was registered to his
business, Online Classifieds, with Kremen named as the contact. However,
he had not reckoned on the appearance of Stephen Cohen. Described by Judge
Kozinski as a man of "boundless resource and bounded integrity",
Cohen was a colourful con man who had served a stretch in prison for impersonating
a bankruptcy lawyer. He, too, had set his sights on ownership of the sex.com
domain name and was undeterred by the fact that Kremen was already in
possession of it.
Cohen's ploy was to send a fraudulent letter to Network Solutions which
purported to be from Online Classifieds, informing the registrar that
Kremen had been dismissed from the company and that the Board of Directors
had decided to abandon the domain name. The letter also stated that the
company was happy to authorise the transference of the sex.com name to
Mr Cohen. Despite the letter's explicit assertion that a company sporting
the word "Online" in its title had no direct Internet connection,
Network Solutions did not investigate the matter and simply transferred
the domain name to Mr Cohen who then used it to set up a thriving online
porn business.
Mr Kremen subsequently remonstrated with Network Solutions but was told
that it was too late to reverse the transfer. He sued Cohen with the result
that a district court ordered the return of the domain name to Kremen,
awarding $40 million in compensatory damages and $25 million in punitive
damages. However, despite the freezing of Cohen's assets, the wily con
man managed to deposit large sums of money offshore and, defying another
order, stripped his real estate property of all fixtures (including cabinet
doors and toilets!) US marshals were sent to arrest Cohen who was declared
a fugitive from justice.
It was at this point that Judge Kozinski of the Court of Appeals described
the story as "getting really bizarre." In scenes worthy of a
modern western, Kremen used the sex.com site to display a "wanted"
poster complete with a mug shot of Cohen and a reward of $50,000 for anyone
bringing the miscreant to justice. Cohen's lawyers countered with a motion
to vacate the arrest warrant, arguing that gun fights between bounty-hunters
and the authorities in Mexico (where Cohen was under house arrest) were
a threat to human life. Not surprisingly, the court denied the motion,
dismissing the story as "implausible". Cohen, however, remained
at large.
Having enjoyed a largely pyrrhic victory against Cohen, Kremen then initiated
proceedings against Network Solutions for mishandling his domain name.
He propounded four arguments in favour of his case, one of which consisted
of claiming that the registrar was "bailee" of his domain name
and was liable for "conversion by bailee". The district court
rejected all four theories. As regards the conversion claim, while agreeing
that sex.com was Kremen's property, the district court concluded that
this was intangible property to which the tort of conversion did not apply.
Further, it held that Network Solutions was not a bailee.
Kremen appealed.
Outcome: While affirming part of the district court's judgement,
the Court of Appeals took a different view of the conversion argument.
Reversing the district court's judgement on this count, the Court of Appeals
held that Kremen had a viable claim for conversion. The case was remanded
for further proceedings.
Click
here to read the full judgement.
[Source: Findlaw]
Case
summary: Intel fails to block former employee's spam
Intel
Corporation Plaintiff and Respondent
v.
Kourosh Kenneth Hamidi Defendant and Appellant
Supreme Court of California
Background:
Mr Hamidi, an ex-employee of Intel, set up an organisation with others
called FACE-Intel which spread information criticising Intel's employment
and personnel practices. Mr Hamidi was also webmaster of FACE-Intel's
website which contained similar material. Over a period of 21 months,
Mr Hamidi sent six mass emailings (each consisting of thousands of addresses,
one estimate totalling some 35,000) to Intel employees on Intel's email
system. These emails criticized Intel's employment practices and directed
employees to the FACE-Intel website.
A number of key factors arose from these events which were later considered
by the Supreme Court. These were:
- there was no evidence
that Hamidi had breached Intel's computer security
- there was no evidence
that Hamidi's messages had damaged Intel's computer system or slowed
or impaired its functioning
- Hamidi offered
to - and did - remove any recipient from his mailing list who so wished
- staff time was
consumed in trying to block further messages
- the messages had
caused discussion between Intel's managers and its HR department.
Pleading
a cause of action for trespass to chattels Intel sought, and got, an injunction
against further email messages from the district court which was subsequently
affirmed by the Court of Appeal. The majority view in the Court of Appeal
was that it was unnecessary to prove actual injury to personal property
in order to obtain a remedy under the law of trespass to chattels and
that it was sufficient merely to show use or intermeddling with another
party's personal property.
The case was then referred to the Supreme Court of California which took
an entirely different view holding that, under Californian law, the tort
of trespass to chattels "does not encompass, and should not be extended
to encompass, an electronic communication that neither damages the recipient
computer system nor impairs its functioning. Such an electronic communication
does not constitute an actionable trespass to personal property, i.e.,
the computer system, because it does not interfere with the possessor's
use or possession of, or any other legally protected interest in, the
personal property itself."
The Court drew a distinction between this case and others where the law
of trespass to chattels had been used to prove spammers liability to ISPs.
In the latter cases, "the underlying complaint was that the extraordinary
quantity of UCE [unsolicited commercial email] impaired the computer system's
functioning. In the present case, the claimed injury is located in the
disruption or distraction caused to recipients by the contents of the
email messages, an injury entirely separate from, and not directly affecting,
the possession or value of personal property."
Outcome: The Court of Appeal's judgement was reversed.
Click
here to read the full text of the case.
[Source: California Supreme Court]
For further
information, please contact Mark
Webber, Silicon Valley office, tel: +1 650 462 4022.
|