I have read an article written by Erwin A. Alampay, Ph.D., Regina Hechanova of Philippine Daily Inquirer about monitoring employee use of internet.
It talks about how companies limit their employees on using the net. Yes, it’s true that having internet in their offices is a norm in all organizations inside and outside the Philippines. The most popular reason given for providing access is for research and ease of communication.
In my own opinion, granting employees to access the internet wouldn’t create any problem provided that policies are clearly stated to them. For example, companies prohibit their employees to surf on specific sites that are not useful to them (like blocking all games and porn sites). I myself had experienced the usefulness of internet inside the work area when I had my on-the-job training at Pryce Gases Incorporated. Instead of making and submitting reports to the secretary manually, these reports could reach the office thru yahoo mail. Then just prompt them you have sent an email thru yahoo messenger.
Though access to internet is provided, restrictions on some online applications are being stated in their policies. Since there are policies regarding employee use, it means that violating these policies would result to an appropriate award. Some violators were reprimanded and warned while some were dismissed. Given that Internet use carries both advantages and disadvantages written policies, formal training, and proper management can help minimize risk and maximize compliance to organizational and legal regulations. The recent news of hacking of government websites tells us how important information security would become in our days. Let us all be careful enough and prevent possible problem occurrences by disciplining ourselves and follow ground rules in using the internet.
Friday, January 29, 2010
Saturday, January 16, 2010
Case Studies on Computer Attacks
Case 1: Unauthorized Access at North Bay
Jessica Quitugua Sabatia, a former accounts payable clerk for North Bay Health Care Group, admitted to using her computer to access North Bay’s accounting software without authorization, and in turn issued approximately various[clarification needed] checks payable to herself and others. Several of the checks were cashed by Sabatia or deposited into her personal bank account, and some were deposited into the bank accounts of others. She attempted to conceal the fraud by altering the electronic check registers of North Bay to make it appear as if the checks had been payable to the company’s vendors. The fraudulent scheme resulted in losses to North Bay of at least $875,035.
On May 27, 2004, Sabatia, plead guilty to two counts of computer fraud, and faces a maximum sentence of five years in prison and a $250,000 fine
Case 2: Denial of Service Attack
Scott Dennis, a former computer system administrator for the U.S. District Court of Alaska, initiated three denial of service attacks on Judsys, a private mail list server that is owned and operated by the U.S District Court for the Eastern District of New York. Dennis was able to shut the system down by flooding it with numerous emails, which resulted in the computer maintaining Judsys needing to be shut down and taken out of operations, reconfigured, and brought back on line again. Investigators were able to identify Dennis as the perpetrator by tracing the Internet Protocol addresses back to his personal computer.
On January 19, 2001, Dennis was sentenced to six months incarceration; three months in jail and three months of home confinement, followed by one year of supervised release. Additionally, he must allow authorities to monitor his computer activity, and perform 240 hours of community service.
Case 3: Malicious Systems Admin at UBS
A disgruntled computer systems administrator for UBS PaineWebber was charged with using a "logic bomb" to cause more than $3 million in damage to the company's computer network, and with securities fraud for his failed plan to drive down the company's stock with activation of the logic bomb. Roger Duronio is charged in one count of securities fraud which carries a maximum penalty of 10 years in federal prison and a $1 million fine and one charge of computer fraud which carries a maximum prison sentence of 10 years and a fine of $250,000 or, alternatively, two times the gain made by the defendant or the loss suffered by the victim.
Duronio, who worked at PaineWebber's offices in Weehawken, N.J., planted the logic bomb in some 1,000 of PaineWebber's approximately 1,500 networked computers in branch offices around the country. The logic bomb, which was activated after Durino resigned, deleted files on over 1,000 of UBS PaineWebber's computers. It cost PaineWebber more than $3 million to assess and repair the damage. Duronio also purchased more than $21,000 of "put option" contracts for UBS PaineWebber's parent company, UBS, A.G.'s stock, hoping that the stock would decline in response to the damage caused by the logic bomb. The bomb attack did not have any impact on the price of the stock.
The investigation of Duronio was conducted by the U.S. Secret Service’s Electronic Crimes Task Force with help from UBS PaineWebber.
Robert Duronio
Case 4: Illegal Data Mining
The owner of Snipermail, a business that distributes advertisements via the Internet to e-mail addresses on behalf of advertisers or their brokers was indicted for conspiracy, unauthorized access of a protected computer, access device fraud, money laundering and obstruction of justice.
It was alleged that Scott Levine and other Snipermail employees illegally accessed a computer database owned and operated by Acxiom Corporation, a company that stores, processes, and manages personal, financial, and corporate data on behalf of its clients. On numerous occasions, Levine and others illegally entered into an Acxiom file transfer protocol (ftp) server and downloaded significant amounts of data. The intrusions were traced back to an internet protocol address that belonged to one of Snipermail’s computers. The downloading of the databases lasted for period of a year and a half and represented 8.2 gigabytes of data. While the stolen data contained personal information about a great number of individuals and could have resulted in tremendous loss if the information were used in a fraudulent way, there was no evidence to date that any of the data was misused in this way. Acxiom, immediately notified law enforcement upon discovery of intrusions into its system and assisted with the investigation which was conducted by a task force formed the Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS).
Scott Levine
Case 5: The Melissa Worm
David L. Smith, a 31-year old New Jersey programmer was accused of unleashing the “Melissa” computer virus, a Visual Basic for Application[clarification needed] based worm.[1] This virus was propagated by deliberately posting an infected document to an alt.sex usenet newsgroup from a stolen AOL account. It is believed that Smith named the virus after a stripper he had known in Florida. He constructed the virus to evade anti-virus software and to infect computers using Microsoft Windows and Word programs. The Melissa virus appeared on thousands of email systems on March 26, 1999, disguised as an important message from a colleague or friend. The virus was designed to send an infected email to the first 50 email addresses on the users’ Microsoft Outlook address book. Each infected computer would infect 50 additional computers, which in turn would infect another 50 computers. The virus proliferated rapidly and exponentially, resulting in substantial interruption and impairment of public communications and services. Many system administrators had to disconnect their computer system from the internet. Companies such as Microsoft, Intel, Lockheed Martin and Lucent Technologies were forced to shut down their e-mail gateways due to the vast amount of email the virus was generating. To date, the Melissa virus is the most costly outbreak, causing more than $400 million in damages to North American businesses.
Smith was one of the first persons ever to be prosecuted for writing a virus. He was sentenced to 20 months in federal prison and a fine of $5,000. He was also ordered to serve three years of supervised release after completion of his prison sentence.
The investigation was conducted by members of the New Jersey State Police High Technology Crime Unit, the Federal Bureau of Investigation (FBI), the Justice Department’s Computer Crime and Intellectual Property Section, and the Defense Criminal Investigative service.
http://www.keyitsolutions.com/firewall.htm
Jessica Quitugua Sabatia, a former accounts payable clerk for North Bay Health Care Group, admitted to using her computer to access North Bay’s accounting software without authorization, and in turn issued approximately various[clarification needed] checks payable to herself and others. Several of the checks were cashed by Sabatia or deposited into her personal bank account, and some were deposited into the bank accounts of others. She attempted to conceal the fraud by altering the electronic check registers of North Bay to make it appear as if the checks had been payable to the company’s vendors. The fraudulent scheme resulted in losses to North Bay of at least $875,035.
On May 27, 2004, Sabatia, plead guilty to two counts of computer fraud, and faces a maximum sentence of five years in prison and a $250,000 fine
Case 2: Denial of Service Attack
Scott Dennis, a former computer system administrator for the U.S. District Court of Alaska, initiated three denial of service attacks on Judsys, a private mail list server that is owned and operated by the U.S District Court for the Eastern District of New York. Dennis was able to shut the system down by flooding it with numerous emails, which resulted in the computer maintaining Judsys needing to be shut down and taken out of operations, reconfigured, and brought back on line again. Investigators were able to identify Dennis as the perpetrator by tracing the Internet Protocol addresses back to his personal computer.
On January 19, 2001, Dennis was sentenced to six months incarceration; three months in jail and three months of home confinement, followed by one year of supervised release. Additionally, he must allow authorities to monitor his computer activity, and perform 240 hours of community service.
Case 3: Malicious Systems Admin at UBS
A disgruntled computer systems administrator for UBS PaineWebber was charged with using a "logic bomb" to cause more than $3 million in damage to the company's computer network, and with securities fraud for his failed plan to drive down the company's stock with activation of the logic bomb. Roger Duronio is charged in one count of securities fraud which carries a maximum penalty of 10 years in federal prison and a $1 million fine and one charge of computer fraud which carries a maximum prison sentence of 10 years and a fine of $250,000 or, alternatively, two times the gain made by the defendant or the loss suffered by the victim.
Duronio, who worked at PaineWebber's offices in Weehawken, N.J., planted the logic bomb in some 1,000 of PaineWebber's approximately 1,500 networked computers in branch offices around the country. The logic bomb, which was activated after Durino resigned, deleted files on over 1,000 of UBS PaineWebber's computers. It cost PaineWebber more than $3 million to assess and repair the damage. Duronio also purchased more than $21,000 of "put option" contracts for UBS PaineWebber's parent company, UBS, A.G.'s stock, hoping that the stock would decline in response to the damage caused by the logic bomb. The bomb attack did not have any impact on the price of the stock.
The investigation of Duronio was conducted by the U.S. Secret Service’s Electronic Crimes Task Force with help from UBS PaineWebber.
Robert Duronio
Case 4: Illegal Data Mining
The owner of Snipermail, a business that distributes advertisements via the Internet to e-mail addresses on behalf of advertisers or their brokers was indicted for conspiracy, unauthorized access of a protected computer, access device fraud, money laundering and obstruction of justice.
It was alleged that Scott Levine and other Snipermail employees illegally accessed a computer database owned and operated by Acxiom Corporation, a company that stores, processes, and manages personal, financial, and corporate data on behalf of its clients. On numerous occasions, Levine and others illegally entered into an Acxiom file transfer protocol (ftp) server and downloaded significant amounts of data. The intrusions were traced back to an internet protocol address that belonged to one of Snipermail’s computers. The downloading of the databases lasted for period of a year and a half and represented 8.2 gigabytes of data. While the stolen data contained personal information about a great number of individuals and could have resulted in tremendous loss if the information were used in a fraudulent way, there was no evidence to date that any of the data was misused in this way. Acxiom, immediately notified law enforcement upon discovery of intrusions into its system and assisted with the investigation which was conducted by a task force formed the Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS).
Scott Levine
Case 5: The Melissa Worm
David L. Smith, a 31-year old New Jersey programmer was accused of unleashing the “Melissa” computer virus, a Visual Basic for Application[clarification needed] based worm.[1] This virus was propagated by deliberately posting an infected document to an alt.sex usenet newsgroup from a stolen AOL account. It is believed that Smith named the virus after a stripper he had known in Florida. He constructed the virus to evade anti-virus software and to infect computers using Microsoft Windows and Word programs. The Melissa virus appeared on thousands of email systems on March 26, 1999, disguised as an important message from a colleague or friend. The virus was designed to send an infected email to the first 50 email addresses on the users’ Microsoft Outlook address book. Each infected computer would infect 50 additional computers, which in turn would infect another 50 computers. The virus proliferated rapidly and exponentially, resulting in substantial interruption and impairment of public communications and services. Many system administrators had to disconnect their computer system from the internet. Companies such as Microsoft, Intel, Lockheed Martin and Lucent Technologies were forced to shut down their e-mail gateways due to the vast amount of email the virus was generating. To date, the Melissa virus is the most costly outbreak, causing more than $400 million in damages to North American businesses.
Smith was one of the first persons ever to be prosecuted for writing a virus. He was sentenced to 20 months in federal prison and a fine of $5,000. He was also ordered to serve three years of supervised release after completion of his prison sentence.
The investigation was conducted by members of the New Jersey State Police High Technology Crime Unit, the Federal Bureau of Investigation (FBI), the Justice Department’s Computer Crime and Intellectual Property Section, and the Defense Criminal Investigative service.
http://www.keyitsolutions.com/firewall.htm
Typesof Attacks : Hacker Attacks
I use the term "hacker attacks" to indicate hacker attacks that are not automated by programs such as viruses, worms, or trojan horse programs. There are various forms that exploit weakneses in security. Many of these may cause loss of service or system crashes.
* IP spoofing - An attacker may fake their IP address so the receiver thinks it is sent from a location that it is not actually from. There are various forms and results to this attack.
o The attack may be directed to a specific computer addressed as though it is from that same computer. This may make the computer think that it is talking to itself. This may cause some operating systems such as Windows to crash or lock up.
* Gaining access through source routing. Hackers may be able to break through other friendly but less secure networks and get access to your network using this method.
* Man in the middle attack -
o Session hijacking - An attacker may watch a session open on a network. Once authentication is complete, they may attack the client computer to disable it, and use IP spoofing to claim to be the client who was just authenticated and steal the session. This attack can be prevented if the two legitimate systems share a secret which is checked periodically during the session.
* Server spoofing - A C2MYAZZ utility can be run on Windows 95 stations to request LANMAN (in the clear) authentication from the client. The attacker will run this utility while acting like the server while the user attempts to login. If the client is tricked into sending LANMAN authentication, the attacker can read their username and password from the network packets sent.
* DNS poisoning - This is an attack where DNS information is falsified. This attack can succeed under the right conditions, but may not be real practical as an attack form. The attacker will send incorrect DNS information which can cause traffic to be diverted. The DNS information can be falsified since name servers do not verify the source of a DNS reply. When a DNS request is sent, an attacker can send a false DNS reply with additional bogus information which the requesting DNS server may cache. This attack can be used to divert users from a correct webserver such as a bank and capture information from customers when they attempt to logon.
* Password cracking - Used to get the password of a user or administrator on a network and gain unauthorized access.
Some DoS Attacks
* Ping broadcast - A ping request packet is sent to a broadcast network address where there are many hosts. The source address is shown in the packet to be the IP address of the computer to be attacked. If the router to the network passes the ping broadcast, all computers on the network will respond with a ping reply to the sttacked system. The attacked system will be flooded with ping responses which will cause it to be unable to operate on the network for some time, and may even cause it to lock up. The attacked computer may be on someone else's network. One countermeasure to this attack is to block incoming traffic that is sent to a broadcast address.
* Ping of death - An oversized ICMP datagram can crash IP devices that were made before 1996.
* Smurf - An attack where a ping request is sent to a broadcast network address with the sending address spoofed so many ping replies will come back to the victim and overload the ability of the victim to process the replies.
* Teardrop - a normal packet is sent. A second packet is sent which has a fragmentation offset claiming to be inside the first fragment. This second fragment is too small to even extend outside the first fragment. This may cause an unexpected error condition to occur on the victim host which can cause a buffer overflow and possible system crash on many operating systems.
* IP spoofing - An attacker may fake their IP address so the receiver thinks it is sent from a location that it is not actually from. There are various forms and results to this attack.
o The attack may be directed to a specific computer addressed as though it is from that same computer. This may make the computer think that it is talking to itself. This may cause some operating systems such as Windows to crash or lock up.
* Gaining access through source routing. Hackers may be able to break through other friendly but less secure networks and get access to your network using this method.
* Man in the middle attack -
o Session hijacking - An attacker may watch a session open on a network. Once authentication is complete, they may attack the client computer to disable it, and use IP spoofing to claim to be the client who was just authenticated and steal the session. This attack can be prevented if the two legitimate systems share a secret which is checked periodically during the session.
* Server spoofing - A C2MYAZZ utility can be run on Windows 95 stations to request LANMAN (in the clear) authentication from the client. The attacker will run this utility while acting like the server while the user attempts to login. If the client is tricked into sending LANMAN authentication, the attacker can read their username and password from the network packets sent.
* DNS poisoning - This is an attack where DNS information is falsified. This attack can succeed under the right conditions, but may not be real practical as an attack form. The attacker will send incorrect DNS information which can cause traffic to be diverted. The DNS information can be falsified since name servers do not verify the source of a DNS reply. When a DNS request is sent, an attacker can send a false DNS reply with additional bogus information which the requesting DNS server may cache. This attack can be used to divert users from a correct webserver such as a bank and capture information from customers when they attempt to logon.
* Password cracking - Used to get the password of a user or administrator on a network and gain unauthorized access.
Some DoS Attacks
* Ping broadcast - A ping request packet is sent to a broadcast network address where there are many hosts. The source address is shown in the packet to be the IP address of the computer to be attacked. If the router to the network passes the ping broadcast, all computers on the network will respond with a ping reply to the sttacked system. The attacked system will be flooded with ping responses which will cause it to be unable to operate on the network for some time, and may even cause it to lock up. The attacked computer may be on someone else's network. One countermeasure to this attack is to block incoming traffic that is sent to a broadcast address.
* Ping of death - An oversized ICMP datagram can crash IP devices that were made before 1996.
* Smurf - An attack where a ping request is sent to a broadcast network address with the sending address spoofed so many ping replies will come back to the victim and overload the ability of the victim to process the replies.
* Teardrop - a normal packet is sent. A second packet is sent which has a fragmentation offset claiming to be inside the first fragment. This second fragment is too small to even extend outside the first fragment. This may cause an unexpected error condition to occur on the victim host which can cause a buffer overflow and possible system crash on many operating systems.
Understanding Online defamation
The law of Defamation has come under renewed scrutiny with the advent of the Internet. This is largely because it is the nature of the Internet to give the average, anonymous person an opportunity to express their opinion well-beyond any previously defined venue. Consider the fact that a person of modest means now has the ability to publish a statement, article, or news item across the world in an instant, without an editor checking the facts. Thereafter, the item will linger on the 'Net for months, or even years, impossible to recover and amend, if the "facts" are erroneous. Therefore, it is inevitable that problems are going to arise.
The main issue to remember when dealing with the Internet is that people still have their basic legal rights intact on the Net, and - likewise - the Internet is not as completely anonymous as the typical person may presumes.
What is Defamation?
The law of defamation has been defined in the West for centuries, and the Internet variety holds to that same basic outline with a few twists. Defamation is the act of making an untrue statement to a third party that damages the subject's reputation. There are several subcategories of Defamation, being Libel and Slander. Libel is Defaming in a printed forum, such as a newspaper or magazine. Slander is spoken Defamation, and could be made person-to-person, or also broadcast over a radio or television.
Technically, Defamation actionable at law follows this schema:
1. A false and defamatory statement regarding another;
2. Unprivileged publication of the claim to a third party;
3. Rising, in the case of matters of public concern, to at least negligence by the publisher, or worse; and
4. Damages to the subject.
Generally, persons defined as "Public Figures," have a higher threshold in proving someone committed Defamation against them; that is, the statement must have been made maliciously. There are also four subjects that if falsely dispersed as a fact about another person, are actionable on their face: Attacking a person's professional character /standing; Alleging an unmarried person is unchaste; Claims a person is infected with a sexually transmitted, or loathsome disease; Claims a person has committed a crime of moral turpitude.
Is Internet Defamation Defined as Slander, Libel or Both?
Until the recent development of "podcasts," and other types of online videos such as those featured on YouTube, Defamation on the Internet was largely deigned Libel. But whether an online case of accused Defamation should fall under either category of Libel or Slander will not be nearly as meaningful as whether the activity satisfies the basic Defamation criteria, as defined above. What is most important is to focus upon the actual statement, whether verbal or written, that a plaintiff claims is defamatory.
A recently filed case illustrates the application of a libel claim in a blogging case in NY, Stuart Pivar v. Seed Media, 2007cv07334, Filed August 16, 2007, in New York Southern District Court. Seed Media pays PZ Myers to blog at ScienceBlogs.com, and there he reviewed a book by Dr. Stuart Pivar, called "LifeCode: The Theory of Biological Self Organization" which purports to reconfigure Darwinian Evolution.
Myers claimed Pivar is a "classic crackpot" on his http://scienceblogs.com/pharyngula website. In response, the lawsuit complaint states, "Myer's defamatory remarks were made with actual malice; Myers called Plaintiff "a classic crackpot" fully knowing that statement to be false as a statement of fact and in reckless disregard of the truth about Plaintiff because Myer's knew full well, the time of publishing his defamatory statement that no scientist holding the international reputation of any of Hazen, Sasselov, Goodwin or Tyson would endorse or review the work of a crackpot."
The complaint claims Myers caused "considerable mental and emotional distress," tortious interference with the plaintiff's business relationships as a "scientist and scientific editor," and "loss of book sales and diminished returns on ten years of funded scientific research in special damages" exceeding $5 million.
The suits asks for: declaratory relief to remove defamatory statements from the web and an injunction to block further libel; $5 million in special damages for "tortious interference with business relations"; and $10 million in damages for defamation, emotional distress, and loss of reputation.
This lawsuit well illustrates the libelous cause, effect and damages of a proper tort case based upon defamation.
Can a Blog Be Sued for Defamation; Isn't It All Free Speech?
This is a knotty issue, but a short answer would be, generally, that a blog owner whose blog has published obnoxious materials can be held harmless while a blogger using the site can be liable. The Communications Decency Act of 1996 is a protector of blog owners. It states, in section 230, that it "precludes courts from entertaining claims that would place a computer service provider in a publisher's role." As to how the court sees blogs, in general, overall, the US Supreme Court has ruled that blogs are similar to news groups, saying "in the context of defamation law, the rights of the institutional media are no greater and no less than those enjoyed by other individuals and organizations engaged in the same activities."
For bloggers, all Defamation legal rules apply to their posts. But there are many complications in applying them. First, many people who post online comments, and probably those tending to make the most inflammatory and false statements, will do so anonymously, for obvious reasons. So the first threshold is identifying the blogger making Defamatory claims. Several things make this difficult, as well. Since the blogger probably will not identify themselves when the issue comes to light, there needs to be a legal process that allows identification. They can be traced by high-tech means, but a court must agree via summary judgment that all the elements of Defamation have been met. This technology does have some limits, as well, as it can be stymied through use of "Proxies," which mask the true origin of the blogger. Also, the website owner may not cooperate in the search, as well.
A recent case showed how powerful Defamation laws, applied online, can be. In November 2006, a Florida woman, Sue Scheff, was awarded $11.3 million in damages in Broward County Circuit Court, in one of the biggest awards ever tolled. The suit was filed for Internet defamation, and the jury found a Louisiana woman had posted caustic messages against the Scheff and her company, claiming she was a "con artist" and "fraud". The jury found the charges were completely false, so the Louisiana woman had no defense. Interestingly, Scheff's attorney had offered to settle the case for $35,000 before it went before the jury.
What are some examples of libelous and non-libelous statements?
The following are a couple of examples from California cases; note the law may vary from state to state. Libelous (when false):
* Charging someone with being a communist (in 1959)
* Calling an attorney a "crook"
* Describing a woman as a call girl
* Accusing a minister of unethical conduct
* Accusing a father of violating the confidence of son
Not-libelous:
* Calling a political foe a "thief" and "liar" in chance encounter (because hyperbole in context)
* Calling a TV show participant a "local loser," "chicken butt" and "big skank"
* Calling someone a "bitch" or a "son of a bitch"
* Changing product code name from "Carl Sagan" to "Butt Head Astronomer"
Since libel is considered in context, do not take these examples to be a hard and fast rule about particular phrases. Generally, the non-libelous examples are hyperbole or opinion, while the libelous statements are stating a defamatory fact.
How do courts look at the context of a statement?
For a blog, a court would likely start with the general tenor, setting, and format of the blog, as well as the context of the links through which the user accessed the particular entry. Next the court would look at the specific context and content of the blog entry, analyzing the extent of figurative or hyperbolic language used and the reasonable expectations of the blog's audience.
Context is critical. For example, it was not libel for ESPN to caption a photo "Evel Knievel proves you're never too old to be a pimp," since it was (in context) "not intended as a criminal accusation, nor was it reasonably susceptible to such a literal interpretation. Ironically, it was most likely intended as a compliment." However, it would be defamatory to falsely assert "our dad's a pimp" or to accuse your dad of "dabbling in the pimptorial arts." (Real case, but the defendant sons succeeded in a truth defense).
What is "Libel Per Se"?
When libel is clear on its face, without the need for any explanatory matter, it is called libel per se. The following are often found to be libelous per se:
A statement that falsely:
* Charges any person with crime, or with having been indicted, convicted, or punished for crime;
* Imputes in him the present existence of an infectious, contagious, or loathsome disease;
* Tends directly to injure him in respect to his office, profession, trade or business, either by imputing to him general disqualification in those respects that the office or other occupation peculiarly requires, or by imputing something with reference to his office, profession, trade, or business that has a natural tendency to lessen its profits;
* Imputes to him impotence or a want of chastity.
Of course, context can still matter. If you respond to a post you don't like by beginning "Jane, you ignorant slut," it may imply a want of chastity on Jane's part. But you have a good chance of convincing a court this was mere hyperbole and pop cultural reference, not a false statement of fact.
What is a "false light" claim?
Some states allow people to sue for damages that arise when others place them in a false light. Information presented in a "false light" is portrayed as factual, but creates a false impression about the plaintiff (i.e., a photograph of plaintiffs in an article about sexual abuse, because it creates the impression that the depicted persons are victims of sexual abuse). False light claims are subject to the constitutional protections discussed above.
The main issue to remember when dealing with the Internet is that people still have their basic legal rights intact on the Net, and - likewise - the Internet is not as completely anonymous as the typical person may presumes.
What is Defamation?
The law of defamation has been defined in the West for centuries, and the Internet variety holds to that same basic outline with a few twists. Defamation is the act of making an untrue statement to a third party that damages the subject's reputation. There are several subcategories of Defamation, being Libel and Slander. Libel is Defaming in a printed forum, such as a newspaper or magazine. Slander is spoken Defamation, and could be made person-to-person, or also broadcast over a radio or television.
Technically, Defamation actionable at law follows this schema:
1. A false and defamatory statement regarding another;
2. Unprivileged publication of the claim to a third party;
3. Rising, in the case of matters of public concern, to at least negligence by the publisher, or worse; and
4. Damages to the subject.
Generally, persons defined as "Public Figures," have a higher threshold in proving someone committed Defamation against them; that is, the statement must have been made maliciously. There are also four subjects that if falsely dispersed as a fact about another person, are actionable on their face: Attacking a person's professional character /standing; Alleging an unmarried person is unchaste; Claims a person is infected with a sexually transmitted, or loathsome disease; Claims a person has committed a crime of moral turpitude.
Is Internet Defamation Defined as Slander, Libel or Both?
Until the recent development of "podcasts," and other types of online videos such as those featured on YouTube, Defamation on the Internet was largely deigned Libel. But whether an online case of accused Defamation should fall under either category of Libel or Slander will not be nearly as meaningful as whether the activity satisfies the basic Defamation criteria, as defined above. What is most important is to focus upon the actual statement, whether verbal or written, that a plaintiff claims is defamatory.
A recently filed case illustrates the application of a libel claim in a blogging case in NY, Stuart Pivar v. Seed Media, 2007cv07334, Filed August 16, 2007, in New York Southern District Court. Seed Media pays PZ Myers to blog at ScienceBlogs.com, and there he reviewed a book by Dr. Stuart Pivar, called "LifeCode: The Theory of Biological Self Organization" which purports to reconfigure Darwinian Evolution.
Myers claimed Pivar is a "classic crackpot" on his http://scienceblogs.com/pharyngula website. In response, the lawsuit complaint states, "Myer's defamatory remarks were made with actual malice; Myers called Plaintiff "a classic crackpot" fully knowing that statement to be false as a statement of fact and in reckless disregard of the truth about Plaintiff because Myer's knew full well, the time of publishing his defamatory statement that no scientist holding the international reputation of any of Hazen, Sasselov, Goodwin or Tyson would endorse or review the work of a crackpot."
The complaint claims Myers caused "considerable mental and emotional distress," tortious interference with the plaintiff's business relationships as a "scientist and scientific editor," and "loss of book sales and diminished returns on ten years of funded scientific research in special damages" exceeding $5 million.
The suits asks for: declaratory relief to remove defamatory statements from the web and an injunction to block further libel; $5 million in special damages for "tortious interference with business relations"; and $10 million in damages for defamation, emotional distress, and loss of reputation.
This lawsuit well illustrates the libelous cause, effect and damages of a proper tort case based upon defamation.
Can a Blog Be Sued for Defamation; Isn't It All Free Speech?
This is a knotty issue, but a short answer would be, generally, that a blog owner whose blog has published obnoxious materials can be held harmless while a blogger using the site can be liable. The Communications Decency Act of 1996 is a protector of blog owners. It states, in section 230, that it "precludes courts from entertaining claims that would place a computer service provider in a publisher's role." As to how the court sees blogs, in general, overall, the US Supreme Court has ruled that blogs are similar to news groups, saying "in the context of defamation law, the rights of the institutional media are no greater and no less than those enjoyed by other individuals and organizations engaged in the same activities."
For bloggers, all Defamation legal rules apply to their posts. But there are many complications in applying them. First, many people who post online comments, and probably those tending to make the most inflammatory and false statements, will do so anonymously, for obvious reasons. So the first threshold is identifying the blogger making Defamatory claims. Several things make this difficult, as well. Since the blogger probably will not identify themselves when the issue comes to light, there needs to be a legal process that allows identification. They can be traced by high-tech means, but a court must agree via summary judgment that all the elements of Defamation have been met. This technology does have some limits, as well, as it can be stymied through use of "Proxies," which mask the true origin of the blogger. Also, the website owner may not cooperate in the search, as well.
A recent case showed how powerful Defamation laws, applied online, can be. In November 2006, a Florida woman, Sue Scheff, was awarded $11.3 million in damages in Broward County Circuit Court, in one of the biggest awards ever tolled. The suit was filed for Internet defamation, and the jury found a Louisiana woman had posted caustic messages against the Scheff and her company, claiming she was a "con artist" and "fraud". The jury found the charges were completely false, so the Louisiana woman had no defense. Interestingly, Scheff's attorney had offered to settle the case for $35,000 before it went before the jury.
What are some examples of libelous and non-libelous statements?
The following are a couple of examples from California cases; note the law may vary from state to state. Libelous (when false):
* Charging someone with being a communist (in 1959)
* Calling an attorney a "crook"
* Describing a woman as a call girl
* Accusing a minister of unethical conduct
* Accusing a father of violating the confidence of son
Not-libelous:
* Calling a political foe a "thief" and "liar" in chance encounter (because hyperbole in context)
* Calling a TV show participant a "local loser," "chicken butt" and "big skank"
* Calling someone a "bitch" or a "son of a bitch"
* Changing product code name from "Carl Sagan" to "Butt Head Astronomer"
Since libel is considered in context, do not take these examples to be a hard and fast rule about particular phrases. Generally, the non-libelous examples are hyperbole or opinion, while the libelous statements are stating a defamatory fact.
How do courts look at the context of a statement?
For a blog, a court would likely start with the general tenor, setting, and format of the blog, as well as the context of the links through which the user accessed the particular entry. Next the court would look at the specific context and content of the blog entry, analyzing the extent of figurative or hyperbolic language used and the reasonable expectations of the blog's audience.
Context is critical. For example, it was not libel for ESPN to caption a photo "Evel Knievel proves you're never too old to be a pimp," since it was (in context) "not intended as a criminal accusation, nor was it reasonably susceptible to such a literal interpretation. Ironically, it was most likely intended as a compliment." However, it would be defamatory to falsely assert "our dad's a pimp" or to accuse your dad of "dabbling in the pimptorial arts." (Real case, but the defendant sons succeeded in a truth defense).
What is "Libel Per Se"?
When libel is clear on its face, without the need for any explanatory matter, it is called libel per se. The following are often found to be libelous per se:
A statement that falsely:
* Charges any person with crime, or with having been indicted, convicted, or punished for crime;
* Imputes in him the present existence of an infectious, contagious, or loathsome disease;
* Tends directly to injure him in respect to his office, profession, trade or business, either by imputing to him general disqualification in those respects that the office or other occupation peculiarly requires, or by imputing something with reference to his office, profession, trade, or business that has a natural tendency to lessen its profits;
* Imputes to him impotence or a want of chastity.
Of course, context can still matter. If you respond to a post you don't like by beginning "Jane, you ignorant slut," it may imply a want of chastity on Jane's part. But you have a good chance of convincing a court this was mere hyperbole and pop cultural reference, not a false statement of fact.
What is a "false light" claim?
Some states allow people to sue for damages that arise when others place them in a false light. Information presented in a "false light" is portrayed as factual, but creates a false impression about the plaintiff (i.e., a photograph of plaintiffs in an article about sexual abuse, because it creates the impression that the depicted persons are victims of sexual abuse). False light claims are subject to the constitutional protections discussed above.
Professionalism
A professional is a member of a vocation founded upon specialized educational training.
The word professional traditionally means a person who has obtained a degree in a professional field. The term professional is used more generally to denote a white collar working person, or a person who performs commercially in a field typically reserved for hobbyists or amateurs.
In western nations, such as the United States, the term commonly describes highly educated, mostly salaried workers, who enjoy considerable work autonomy, a comfortable salary, and are commonly engaged in creative and intellectually challenging work.[1][2][3][4] Less technically, it may also refer to a person having impressive competence in a particular activity.[5]
Because of the personal and confidential nature of many professional services and thus the necessity to place a great deal of trust in them, most professionals are held up to strict ethical and moral regulations.
Professionalism according to my own dictionary:
Profession is something we make out of ourselves, the wholeness of what we are. Something we do best. If we are engaged in a profession then we consider ourselves Professionals in that certain field. Doing things in a Professional manner and acting as Professionals with or without the presence of a license. I consider myself professional since I loved being an IT student, I am dedicated to it and this is what I do best. I foresee myself as an individual making a difference in this world in my own little ways.
Is there a need of licensing for IT Professionals?
In my opinion, I would say YES. We knew that a license is a legal proof or permission of doing something specified by law. Only it is granted to those people who are worthy of that license and such methods are being undergone.
As an IT professional, I need a license for my profession. Since I will be rendering service to other people, one way of making me credible is the license I have just like all the other professionals such as Doctors, Engineers, Teachers, Law Makers and so on.
Posted by IT146Lumongtad at 4:27 AM 0 comments
Wednesday, January 6, 2010
The word professional traditionally means a person who has obtained a degree in a professional field. The term professional is used more generally to denote a white collar working person, or a person who performs commercially in a field typically reserved for hobbyists or amateurs.
In western nations, such as the United States, the term commonly describes highly educated, mostly salaried workers, who enjoy considerable work autonomy, a comfortable salary, and are commonly engaged in creative and intellectually challenging work.[1][2][3][4] Less technically, it may also refer to a person having impressive competence in a particular activity.[5]
Because of the personal and confidential nature of many professional services and thus the necessity to place a great deal of trust in them, most professionals are held up to strict ethical and moral regulations.
Professionalism according to my own dictionary:
Profession is something we make out of ourselves, the wholeness of what we are. Something we do best. If we are engaged in a profession then we consider ourselves Professionals in that certain field. Doing things in a Professional manner and acting as Professionals with or without the presence of a license. I consider myself professional since I loved being an IT student, I am dedicated to it and this is what I do best. I foresee myself as an individual making a difference in this world in my own little ways.
Is there a need of licensing for IT Professionals?
In my opinion, I would say YES. We knew that a license is a legal proof or permission of doing something specified by law. Only it is granted to those people who are worthy of that license and such methods are being undergone.
As an IT professional, I need a license for my profession. Since I will be rendering service to other people, one way of making me credible is the license I have just like all the other professionals such as Doctors, Engineers, Teachers, Law Makers and so on.
Posted by IT146Lumongtad at 4:27 AM 0 comments
Wednesday, January 6, 2010
Subscribe to:
Posts (Atom)
