Tor does not stink: Use and abuse of the Tor anonymity network from the perspective of law

Abstract: Summary Information security incident handling strategies or models are important to ensure the security of organisations, particularly in cloud and big data environments. However, existing strategies or models may not adequate as cloud data are generally virtualised, geographically distributed and ephemeral, presenting both technical and jurisdictional challenges. We present an integrated cloud incident handling and forensic-by-design model. We then seek to validate the model using a set of controlled experiments on a cloud-related incident. Three popular cloud storage applications were deployed namely, Dropbox, Google Drive, and OneDrive. This study demonstrates the utility of the model for organisational cloud users to undertake incident investigations (e.g. collect and analyse residual data from cloud storage applications). Copyright © 2016 John Wiley & Sons, Ltd.

Abstract: Disertacijoje, remiantis Europos Žmogaus Teisių Teismo nagrinėtose Delfi AS v. Estonia, MTE & Index v. Hungary, Pihl v. Sweden ir Tamiz v. the United Kingdom bylose suformuluotais interneto tinklalapių valdytojų saviraiskos laisvės ribojimo būtinumo demokratinėje visuomenėje vertinimo elementais, nustatyti ir įvertinti interneto tinklalapių valdytojų deliktinės civilinės atsakomybės už anoniminiais svetainės lankytojų komentarais tretiesiems asmenims sukeltą žalą, susijusią su jų teisės į privatų gyvenimą pažeidimais, taikymą pateisinantys kriterijai. Struktūralizmo koncepcija grindžiamoje pirmojoje darbo dalyje atskleidžiamas is EŽTK 10 straipsnio kylancios interneto tinklalapių valdytojų saviraiskos laisvės ir privataus gyvenimo kategorijos, kaip interneto tinklalapių valdytojų saviraiskos laisvės ribojimo prielaidos, turinys bei isskirti konkretūs interneto tinklalapių valdytojų civilinės atsakomybės už žalą, treciųjų asmenų patiriamą dėl jų teisės į privatų gyvenimą pažeidimo anoniminiais svetainių lankytojų komentarais, taikymą pateisinantys kriterijai. Antrojoje disertacijos dalyje, kuri grindžiama funkcionalizmo principu, kompleksinės minėtose Europos Žmogaus Teisių Teismo bylose priimtų sprendimų analizės pagrindu įvertintas kiekvieno kriterijaus turinys, palyginti jų turinio ir taikymo skirtingose bylose ypatumai, įvertinta sių kriterijų problematika ir reiksmė, taip pat nustatytas jų tarpusavio santykis. Tai yra pirmasis tokio pobūdžio mokslinis tyrimas ne tik Lietuvos, bet ir Europos deliktų teisės kontekste. Tyrimas parodė, kad kertiniai interneto tinklalapių valdytojų civilinės atsakomybės už žalą, kylancią tretiesiems asmenims dėl jų teisės į privatų gyvenimą pažeidimo anoniminiais svetainės lankytojų komentarais, taikymą pateisinantys kriterijai yra i) komentarų paskelbimo kontekstas ir pacių komentarų turinys bei ii) interneto tinklalapio valdytojo taikytos isankstinės komentarų teisėtumo užtikrinimo priemonės ir faktinis elgesys po komentarų paskelbimo. Tuo metu kiti Europos Žmogaus Teisių Teismo praktikoje isskiriami kriterijai (t. y. i) nukentėjusiojo asmens veiksmai iki ir po komentarų pasirodymo, ii) jam komentarų sukeltos pasekmės, iii) komentarų autorių atsakomybės galimybė kaip tam tikra alternatyva interneto tinklalapių valdytojų atsakomybei ir iv) civilinės atsakomybės taikymo pasekmės konkreciam interneto tinklalapio valdytojui) vertintini kaip papildomi ir neturintys esminės įtakos interneto svetainės valdytojų civilinės atsakomybės taikymo faktui, taciau reiksmingi sprendžiant dėl jų civilinės atsakomybės taikymo masto.

Abstract: Several indicators point to a crisis at the heart of the emerging area of international cyber security law. First, proposals for binding international treaties by leading stakeholders, including China and Russia, have been met with little enthusiasm by other states, and are generally seen as having limited prospects of success. Second, states are extremely reluctant to commit themselves to specific interpretations of controversial legal questions and thus to express their cyber opinio juris. Third, instead of interpreting or developing rules, state representatives seek refuge in the more ambiguous term ‘norms’. This article argues that the reluctance of states to engage in international law-making has left a power vacuum, lending credence to claims that international law fails in addressing modern challenges posed by rapid technological development. In response, several non-state-driven norm-making initiatives have sought to fill the void, including Microsoft's cyber norms proposals and the Tallinn Manual project. The article then contends that this emerging body of non-binding norms presents states with a critical window of opportunity to reclaim a central law-making position, similar to historical precedents including the development of legal regimes for Antarctica and nuclear safety. Whether the supposed crisis will lead to the demise of inter-state cyberspace governance or a recalibration of legal approaches will thus be decided in the near future. States should assume a central role if they want to ensure that the existing power vacuum is not exploited in a way that would upset their ability to achieve strategic and political goals.

Abstract: Whenever we navigate the Web, we leave a trace through our IP address, which can in turn be used to establish our identity – for instance, by cross-checking it with a user’s Internet subscription. By using software such as VPN and Tor, however, it might be possible to avoid leaving such traces. A lively debate among policymakers, security professionals, hacker communities, and human rights associations has recently ensued regarding the question if such anonymity is acceptable and in which form. This article introduces the Crosscurrent special section dedicated to this topic by providing a brief overview of this debate and by pointing to the necessity of considering online anonymity from multiple, interrelated perspectives. By taking into account both technical and social dimensions, we argue that online anonymity should not be conceptualized in absolute terms but as an inherently fluid and transitional condition that characterizes any kind of social interaction online.

Abstract: In this paper I infuse political and legal theory with peer to peer decentralized design features. This experiment studies how property and liability, two core legal institutions attached to individual persons, react and can be transformed (like chemical elements) when applied to a peer to peer, distributed design. This empirical and evolutionary approach of hacking the law, seen as a regulatory system, is then applied to the peer production of law itself, as a political advocacy method for achieving legal reform inspired by the peer to peer ethos.

Abstract: The product of a three-year project by twenty renowned international law scholars and practitioners, the Tallinn Manual identifies the international law applicable to cyber warfare and sets out ninety-five 'black-letter rules' governing such conflicts. It addresses topics including sovereignty, State responsibility, the jus ad bellum, international humanitarian law, and the law of neutrality. An extensive commentary accompanies each rule, which sets forth the rule's basis in treaty and customary law, explains how the group of experts interpreted applicable norms in the cyber context, and outlines any disagreements within the group as to each rule's application.

Abstract: Evropska konvencija o ljudskim pravima je prvi međunarodni ugovor i prva regionalna kodifikacija u toj oblasti. Konvencija sadrži kako osnovna ljudska prava i slobode tako i mehanizam nadzora od strane Evropskog suda za ljudska prava i Komiteta ministara Evropskog saveta. Iako su Konvencijom države prihvatile određene dužnosti one su zadržale veliku slobodu u zakonskom uređivanju uslova za uživanje prava i sloboda, ukljucujuci znatna ovlascenja u pogledu uvođenja ogranicenja u opstem drustvenom interesu kao i pravo da stavljaju rezerve na pojedine odredbe Konvencije i protokola u slucaju njihove nesaglasnosti sa zakonom, Uprkos tome Evropska konvencija doprinosi ujednacavanju standarda ljudskih prava. Ona je poslužila kao uzor Americkoj konvenciji o ljudskim pravima (l969) i Africkoj povelji o ljudskim pravima i pravima naroda (l981).

Abstract: 1. Introduction An ever-changing environment What it is and is not For whom? Laws and laws and... 'Lies, damn lies - statistics' Method and madness 2. From Computer Abuse to Cybercrime Introduction Subject matter Public policy Criminal law Criminal types and actors Policing cyberspace Concluding remarks 3. Committing Crimes: Substantive Offences Introduction Computer-related crimes Content-related offences Computer integrity offences Concluding remarks 4. Addressing the Data Problems: Cyber-forensics and Criminal Procedure Introduction Computer and network forensics Cyber-surveillance CPS-derived data Suspect-derived data Concluding remarks 5. International Aspects: Jurisdiction and Harmonization Introduction Material jurisdiction Procedural jurisdiction Harmonization initiatives Concluding remarks 6. Evidential Issues: Presenting Data Introduction Pre-trial disclosure Abuse of process Admissibility Probative value or evidential weight Expert witnesses Court presentation Concluding remarks 7. Computer Crimes and Digital Investigations In review Changing landscape and shifting priorities Law, code, and rules Regulating and policing cyberspace Where next? APPENDICES Appendix I: Computer Misuse Act 1990 Appendix II: Council of Europe Convention on Cybercrime Appendix III: Council Framework Decision 2005/222/JHA of 24 February 2005 Appendix IV: Association of Chief Police Officers Good Practice Guide for Computer based Electronic Evidence