The Scots Law Student

The SLS : Life and trials of learning law in Scotland

Tag: blogging

I’m in the Blawggies!

I’m really thrilled to be included in the voting for the 2010 Blawggies awards. I’m the Legal Commentary group which is, I think, really extremely tough this year. It’s highly unlikely I’m going to win in that line up (my IP lecturer put IPKat on the reading list, Jack of Kent uses the cases he wins as blogging material and so on) but I’m very happy to be included there. Cheers to Michael at Law Actually for organising the competition.

From Law Actually:

‘Best Legal Commentary’

Charon QC* (NB: CharonQC has a policy on web prizes and has asked to be removed from the vote)
Head of Legal
Jack of Kent
Jonathan Mitchell QC
The IPKat
Law Actually
Legal Costs Blog (by GWS)
Nearly Legal
Pink Tape
Scots Law Student

I’d like to call on the collective forces of mankind to vote for the Scots Law Student, it’s a tough contest and your vote would be greatly appreciated.

H/T: Law Actually

4dd6465fc78a86d0987870f88dffcb9c

Advertisements

EFF releases a new legal guide

The Electronic Frontier Foundation, the people behind the Blogger’s Guide to blogging in extreme situations has produced an update to their legal piece to bloggers.They make it very clear that the article does not constitute binding legal advice and this is doubly so for British readers– the EFF is an American organisation. While the field of internet media law is still relatively new and courts are reasonably happy to be directed to any useful authorities they will not be so happy to find the words “First Amendment” in the headnote and will have nearly no difficulty in resorting to regular media law which is a much more developed and older field.That tends not to be applied exactly between countries.

“The difference between you and the reporter at your local newspaper is that in many cases, you may not have the benefit of training or resources to help you determine whether what you’re doing is legal”

This is most recently seen in the case of Dr Ben Goldacre who was not making a ballsy protest when he posted an extract from a certain London radio show but simply couldn’t comprehend that it would actually step on anyone’s toes – it’s been beamed out over the airways hasn’t it? This is neatly contrasted by the media lawyers retained by LBC/Global Radio who knew exactly what rights they had and sent him a letter to that very effect.

The EFF, and I agree with them, make it completely clear that this does not mean that you should stop using your ability to present your own view on things. The concept of this being a legal right is not so nearly ingrained in the British psyche (beyond the vague complaint of “it’s a free country” that crops up now and again). Your right to post on a blog is limited with a number of conditions – defamation, copyright, indecency, even blasphemy and other issues. It’s not a free right by any stretch. While I know better than most about the limits I can go to it’s not something that the average, non law student member of the public can do at the same time as their regular job.

Why would you need to have studied the law in an area to use your computer? That’s why we have professional lawyers. People can drive only by knowing the rules and learning some skills and don’t need to be practicing lawyers as long as they stay within the rules, and even if they do stray over the lines it can still be settled simply (in the case of a speeding or parking ticket, say) using a routine public procedure.

There are many differences between getting a parking ticket and getting a copyright violation, one involves a public authority and the other involves a private, generally commercial, entity. A commercial entity suddenly changes everything – there is a lot more money involved and there’s huge interests involved in keeping the content protected. I whole heartedly believe that everyone has a right to protect their property and that’s something that can’t be denied simply because someone has a lot of it and therefore, you need to be careful to remain on the side of fair dealing rather than copyright theft – it’s not something that the average blogger generally falls into. Ben Goldacre falls into the case of “copyright violation plus” and that’s because he also has a huge readership and spoke out extremely strongly on the subject and was highly critical of the presenter in question.

Defamation

Assuming that a blogger has been careful to avoid breaching anyone’s copyright unduly with his posts it is still possible that the blogger will land himself in hot water – perhaps for defamation. With some hesitation I say that the usual blogger will find it extremely difficult to actually falsely injure the reputation of a public figure unless they do utterly improbably effective rumour mongering and somehow find themselves with a vast readership. It’s extremely unlikely that anyone who will bother suing you will ever actually be affected by the vast majority of bloggers. However, if you post ludicrous hate messages on a blog be open to the possibility of your blog provider being contacted for content removal requests.

Secret content

The polar opposite of defamation is the unauthorised revelation of confidential material – this can just as validly be either be a leak or whistleblower in a company or a mole in a state’s military force and in either case information which is not for public revelation will be clear and it is possible to stay clear of this by simply using common sense. If you decide to (for reasons of conscience, for example) post this sort of content it is very advisable to retain a lawyer and to use their professional advice.

Obscenity

Blogs can simply break the law in terms of their content – that can be in terms of hate sites on racial or religious grounds, pornographic content (anything involving parties below the age of consent is particularly and obviously illegal) or perhaps obscene in another way. This is a particular concern for anyone who wants to maintain a professional looking blog – it’s very important to make sure that there’s nothing on your blog that you wouldn’t say to a client.

Blasphemy

This is highly unlikely but an interesting example of the rich and varied history that exists just under the surface. Britain is still, in some ways, a religious country and there are laws still on the books which reflect this. The ancient and nearly defunct charge of blasphemy is one of these holdouts which is rolled out every so often as a way of dealing with awkward cases of publishing which offend someone but they lack interest.

The last case I can recall reading of was Whitehouse v Lemon in which a poem about Jesus was declared to be blasphemy in 1977, resurrecting the charge for the first time in 50 years. Legal blasphemy is, broadly speaking, something like defamation, but against a (generally Christian) religious figure as opposed to an interested pursuer. It’s a useful “back-scratcher” in that it provides what is effectively a public policy avenue in cases when the pursuer themselves actually doesn’t have much in the way of a personal reason to be pursuing the case and it’s a way of reaching some fairly specialised legal “itches” when you otherwise couldn’t as an individual. On the downside, it is an uphill struggle just getting this action accepted by a court in the first place (and you have to repeat that in every appeal) and it’s the realm of the hobbyist litigant for all practical purposes these days and those are extremely, vanishingly, rare.

I don’t say all this to discourage people from writing a blog – please understand that people happily live their lives doing what they want and not dealing with the legal implications of their actions except in very vague terms of rules and guidelines and how to keep within it. I do feel that there is a difference between thinking an opinion and publishing it internationally and there’s extra responsibilities tied up in that choice.

8 Common Sense Tips for legal blogging

  1. Don’t use your blog to distribute other people’s content, music, speech or videos, as a general rule. This does not prevent you, on the whole, presenting small chunks of the content as a visual aid in terms of your commentary unless you go over a threshold (about 5%-10% by time generally) in terms of extract and you are a seriously public figure yourself.
  2. The more readers your blog has, the more influential it is and the more careful a blogger needs to be if they stray into negative content about other people – this is a good rule for life, the modern “if you can’t say anything nice (and you’ve got a million readers) don’t say anything” (without proof). This is good reporting practice and I’d like to think that people wouldn’t make unsubstantiated claims about me.
  3. Serious blogs written by personalities have a stronger voice than anonymous comedy ones but comedy is not a defence from an action-
    (compare the readership of icanhascheezburger.com and badscience.net, yet the smaller, more serious site attracted the lawyer’s letter for negative comments in a moment of levity.)
  4. Anonymous blogs are not completely anonymous; if a blogger reveals hugely damaging military secrets on their blog then great efforts will be made to track down that particular blogger and except for the very most carefully maintained anonymity it will merely slow down someone who’s tracking a blogger.
  5. Obscene content varies from place to place – if you exceed the terms of your blog host then it is probably the case that you are sailing close to the edge of acceptability in that country. Other countries differ in terms of what rates as obscene and it is worth checking this issue for any country you are writing from, particularly if you are writing content you wouldn’t immediately show your parents which is always a good rule of thumb.
  6. Wikileaks is a valid place to store content which suffers legal challenge. However it is not an automatic process. In Britain there is a traffic law that says you can’t take animals that you have knocked down yourself because that would encourage people to actively go out and kill them and it’s also a form of benefitting from your own wrong and this same rule applies to Wikileaks, if your blog receives a lawyer’s letter you are not allowed to take it off your site and go out and post it on Wikileaks – that’s not compliance. Some other person downloading it and then posting it to Wikileaks is perfectly ok since you are not responsible for the use your readers put your blog’s media files to. Posting it yourself is simply an aggravation of your copyright charge and will simply encourage your accuser to come after you with a vengeance.
  7. It is clear what secret content is generally – if you are given a grainy, out of focus image of a picture of an unreleased product or anything stamped “top secret” and talking about active military operations then you should be careful about reporting it.It’s a leak and you may face prosecution for it (publishing military secrets is, at its worst, spying). Otherwise, aggregated blog and news content is no longer secret and can be used with impunity. Personal investigation will reveal in moments if you’re involved in something that is held in secret – for example details about your employer.
  8. Blasphemy is very easily avoided in this day and age – avoid comparing homosexuality to Jesus in front of Mary Whitehouse.

I hope this is helpful to bloggers and to remember you don’t need to be a lawyer or a law student to be able to blog legally – it’s important to just act as you would in real life and not to let the apparent anonymity that’s available go to your head. If that’s not possible remember to stick to the truth, make sure your opinions are clearly just that (and not statements dressed up as opinions because that doesn’t count) and just generally be a responsible internet user.

The EFF legal guide for bloggers has been produced by the Electronic Frontier Foundation and can be found here: EFF (California)

Blogging in extreme circumstances

While the content of the scotslawstudent is not something particularly worrying to me, and I’m known to write this in as insecure places as on the bus there are other situations where reporting is heavily repressed and there are few ways for the rest of the world to be informed about what is going on in the area – this is seen in the problems in Zimbabwe currently where everything including spending US dollars has been outlawed – and it can be that the only way that news gets out can be from the eyewitness accounts recorded by people using blog software.

My case

The scotslawstudent is an anonymous blog – I chose this to allow me to post on topics without being immediately identifiable. It means that I can post my grades etc without fear of being mocked in public. It’s hosted at wordpress.com which is a free blog host. Believe it or not this wasn’t a cost saving move, WordPress.com provides its blogs with a great deal of bandwidth which is more than I would be able to get from other anonymous hosts. I operate a full web site under a group name which uses WordPress software so I’m familiar with it and that made me go for WordPress.com

The registration details of the site point to scotslawstudent and the emails link to scotslawstudent@googlemail.com, my handle for this blog, which does not reveal my identity to people with access to the details I gave at sign up for the blog or the email. This keeps my identity safe from people giving the site a rudimentary look over.

I don’t feel that my privacy is under attack enough to take more steps than simply not giving my name out in the posts and when signing up so I stopped at this point. However, for some people, the information they are posting may be very much more important and sensitive than the musings about my education that I do. For this there are many other modes and means of posting to the Internet.

Further steps

Watch what you post

Admittedly, this isn’t entirely something which I don’t do. It’s mainly common sense – if you know a secret and no one else except, for example, your boss knows it you will become an obvious suspect if the secret appears on the Internet. If you fail to keep your posting anonymous – perhaps to the point of using your name or initials, then you have severely limited the amount of trust you can put on your own anonymity.

Use a web cafe

Mainly the issue that a wannabe secret blogger will need is to keep himself away from the blog which he is posting to. For example, in many ways the best way to do this is to use busy web cafes and to pay in cash. This will mean that the post will come from a public place and there will, potentially, be a lot of noise on the line to cover the post. Any court orders to identify the poster will only trace back to the IP of the web cafe, and if the web cafe uses a NAT router to split its connection among many systems may even only trace back to the single connection with no opportunity to trace to the individual terminals. The Chinese government, for one, has realised this and is now implementing measures to photograph all users of web cafes as they sit down. I think that’s fairly dodgy sounding particularly given the use that anonymous web cafes can be to people who want to get their message out. There are caveats on using a web cafe, not least if the user also drops by personally identifying material – though I doubt many whistleblowers will take advantage of the opportunity to google their names or the like – but even merely checking their own emails can be enough to allow someone who is supervising the web cafe to track a poster down. Timing is a useful method of identifying users of a computer system – I’ve used it myself to identify misuse of a school’s computer systems – and if the web cafe is empty but one at the time a whistleblower posts a scorching piece of evidence onto a blog from an IP address belonging to that then it’s elementary to connect you to the post.

In an oppressive regime this could land a blogger in a great deal of trouble. The UK currently has not touched bloggers but the US, all of places, has taken huge measures to stop the actions of corporate whistleblowers and there are notorious breaches of what we Europeans would call basic human rights around the world, even in countries which are not traditionally considered to be the Third World.

Use an anonymous proxy

Another way to get yourself some distance from the post is to use a proxy server. A proxy is a piece of network hardware which bounces (technically retransmits) anything which it receives, applying its own identification to the message in the process. This means that a user who posts to a blog from a proxy will be recorded as posting to the blog as if they were sitting at a keyboard at the proxy server.

Proxy servers can be searched for just like any other resource on the Internet – with Google. A search for “proxy server” will reveal long lists of computers which can be connected to by changing some settings in your browser. These servers are dotted around the world and as any Scot who receives a form letter from English solicitors knows the act of simply pointing out a jurisdictional difference is enough to stop casual pursuers in their tracks. It is generally a very good idea, if you are posting from a country under a repressive regime, to choose a proxy well away from your location to increase the difficulty in getting your details. Generally, although this is not an absolute tip, a proxy registered as anonymous will be safe enough to use from home.

Use Tor

The natural evolution of this idea of putting a far away computer between a poster and the blog is to put more than one computer between the poster and the blog, and to vary the computers that are used. This is done automatically by using a system called The Onion Router, this is a remarkable system which is nearly entirely volunteer run. In this case the poster connects to the network of individual computers around the world which then route the message between themselves. As long as the message goes through a number of different computers in different countries the original poster is nigh unrecoverable without extremely high amounts of work. The amount of traffic which goes through the network also helps itself in creating a large “haystack” for someone to search through to track down a particular poster.

A poster needs to be very careful that they are actually routing their data through the Tor system, for example this involves installing the Tor system and configuring any applications which the poster wants to keep anonymous. This can be as simple as activating a Firefox extension or configuring the programs individually. Tor has the disadvantage of being quite slow and low bandwidth, it’s far more than needed for web browsing or email or chat but not enough for downloading large files, which is also unfair to the network as a whole, remember that downloading files over Tor ties up resources which can be used for vitally important tasks.

Use encryption

There are two main ways to use encryption when blogging – the first is to encrypt the messages you transmit and the second is to encrypt the transmission itself.

Text encryption is not a new phenomenon, Julius Caesar was apparently the first person to use it on a large scale, and computers are extremely good at it. Currently the general standard is RSA encryption which uses the public key system – actual usage of this is fairly technical and beyond the scope of this article.

Encrypting the transmission itself is known as “end to end” encryption, and this is most commonly associated with the little padlock you see at the bottom of the page when you go to Amazon. However, it can be used for much more than protecting your details. It can also be used to protect your message from being eavesdropped on and it’s this mode which is very useful. It can be used to protect the entire connection between a poster and a blog or it can be used to protect the connection between a poster and a mailbox, used to get a message out of a country where it can be posted along the free parts of the Internet. There are various ways to do this, ranging from SSH tunnelling to just activating a “secure mode” on a webmail service. It depends on the care the user involved is taking.

Use hushmail

Hushmail.com is a high security webmail service using public key encryption – so basically a combination of hotmail and PGP, this means that the system keeps email on the system encrypted. It’s not got the same attitude to protecting its users and will respond to court orders with apparently docile acceptance, so not strong enough protection to keep a poster safe from government action, although the difficulty of a foreign government getting one in the relevant jurisdiction could keep someone safe from action for a foreseeable period of time.

Use mail redirects

A good way to hide a post is to email it around the internet, this is the equivalent difference of dropping a letter into a post box or hand delivering it. When a letter that’s been posted arrives at the recipient the sender no longer posses that letter and the person who has to make the delivery is an unrelated postman whereas if the sender hand delivers it they have taken a journey, potentially out of the ordinary, and have kept possession of the letter all the way through the process. If the police, for example, spot the sender as he arrives to deliver the letter then they have a great of information about him, whereas if the letter was posted then the observer only knows the identity of the postman.

Mail redirects work by sending a message between various computers on the Internet, it means that the message is bounced between countries and at each leg of the journey the identity of the two computers is the only identifying information which the message contains – at the end of the journey the message does not reveal any information about its source except the final computer to send it on. Obviously all the jumps mean it’s a slow process and it’s quite risky, some emails never actually do reach their destination and disappear on one of the hops but it’s very private if it’s done correctly.

Legacy note – invisiblog.com

There used to be a blog system online which worked from the very simple foundation of mail redirection and public key encryption. To sign up to invisiblog.com a user would simply email the site with their public key and then this would start a blog titled with the last 16 digits of their key. As long as the key was specifically created for the new blog there could be no way to track the poster down with the information provided. The blog is then posted to by emailing messages to the site, again using mail redirection, signed with the same key. The blog could be read by any one with a web browser but even the owners of the blog only knew the public key of the person who was writing the posts in the first place.

This comes undone should the poster’s computer be seized which would reveal the private key of the poster, and therefore create a massive presumption that the owner of the computer was the one making the posts. However, generally very few methods will withstand the physical seizure of the equipment used to make the posts and it should be considered to be a very difficult stage of affairs to get past.

This site has since stopped operating since 2005 and there does not appear to be a similar system running on the Internet at this time. I would be interested in seeing a system like it running in future even though I personally have no use for it.

Super technical note – use other ways of connecting

Optical fibre has changed the way the world works nowadays and connecting the continents together with it has made the world seem a great deal smaller. However, although it is the main way of transmitting data in the world today does not make it the only one. There are many, many ways to communicate in the world – letter, phone to name two.

In some cases it may be best to simply get the information out of the country and have it published from elsewhere. This is particularly easy if the person lives near to a border. The real reach of the government may well extend beyond the physical borders of the country, but as far as international law is concerned it is strictly limited to within the geographic limits.

In extreme circumstances, potentially, if a person comes across sensitive information and has a radio operator licence and know people outside of the country, not bound by the same repressive rules as he is, then it’s a work of an evening to send a message, encrypted or not, to that other person and to have them post it online for him. This clearly has its own, not inconsiderable worries and assumes a lot of other factors which may or may not exist in the situation.

The Electronic Frontier Foundation has written at great length on being a blogger in states where it is not a government supported action. It provides great detail on the methods of avoiding detection and how to blog about sensitive topics. Blogging in extreme situations is an extremely risky move and if the situation has deteriorated to the point where the only reporting in an area then things are very bad. It’s a conscientious decision and a very important one, hopefully one I will never have to make, in terms of keeping human rights alive in a region where they cannot be checked up on.

None of this advice is provided personally and should not be expected to provide protection from a repressive regime. It is a fact that much more care will be needed when trying to avoid the attention of a regime than in theory on a blog. Although these notes are useful to people wishing to abuse the systems mentioned this is not the purpose of the article and the use of these techniques in illegal activity is not supported by neither the author of this blog, nor the people who design and run the services provided. Services which are provided for the benefit of humanity to provide those in difficult situations a safe and protected way to broadcast their experiences simply should not be misused by those seeking to gain advantage. The design of many of the services is such that it does not really benefit anyone in carrying out illegal activity.

This post was adapted from materials provided by the EFF and personal experience.

http://w2.eff.org/Privacy/Anonymity/blog-anonymously.php

http://www.torproject.org/

http://www.hushmail.com/

http://www.gnupg.org/