(2014) 11:3 SCRIPTed 206–343

Issue DOI: 10.2966/scrip.110314

Cover image

  • NOR
    Karen Mc Cullagh

    A plaque erected by Norwich Heritage Economic and Regeneration Trust (HEART) on Gentleman’s Walk in Norwich in April 2014, marking the 40th anniversary of the introduction of postcodes in the United Kingdom. Norwich’s role in this project, and its relevance for law and technology today, is discussed in this issue’s editorial by Karen Mc Cullagh and Daithí Mac Síthigh


  • Doing the Right Thing?
    Karen Mc Cullagh and Daithí Mac Síthigh pp.206-209
    HTML | PDF
    The 29th annual conference of the British & Irish Law, Education and Technology Association (BILETA) was hosted by Dr Karen Mc Cullagh (co-editor of this special edition) at the University of East Anglia in the city of Norwich, 14-16th April 2014. Some of the best papers from the conference are brought together here in this special edition of SCRIPT-ed.

Dedicated BILETA section

  • The Views Expressed Represent Mine Alone: Academic Freedom and Social Media
    Maria Murphy, pp.210-228
    HTML | PDF
    In recent years, the academic community has become increasingly engaged with social media. While the adoption of social media has the potential to offer significant pedagogical and research benefits, this article acknowledges that the use of social media also carries some risk. Due to shareability of digital communications, an academic has less control over comments posted online than opinions expressed in the lecture theatre. This risk has been realised in a number of recent controversies concerning the use of social media by academics. In response to the fear of negative publicity or reputational risk, academic institutions may be tempted to supervise the use of social media by their employees. This article evaluates the threat to academic freedom posed by this institutional oversight and considers the best regulatory approach to address the issue.
  • DRM and Modchips: Time for the Court of Justice to do the “Right” Thing
    Martina Gillen, pp.229-244
    HTML | PDF
    This paper looks at three key cases; UsedSoft (C-458/13), PC Box (C-355/12) and Grund (C-458/13), on the topic of the extent and nature of a copyright holders ability to constrain future uses of their copyrighted works in the field of software and critically considers the interaction between copyright and competition law in these judgements.In UsedSoft, the Court of Justice of the European Union (hereafter CJEU) shook the common-law world by suggesting that under certain circumstances the licensing of a piece of software could constitute a sale, they achieved this by focusing on the balance of right between the user and the vendor and more importantly, on the “specific subject matter” of the right granted.In PC Box, a more economically cautious judgement, but one with intellectual consonance with UsedSoft, the CJEU looked at the issue of ‘modchips’ to permit homebrew and other non-approved games to be played on Nintendo consoles. They decided that the TPM (technological protection measures) embedded in the consoles were analogous to the other more traditional methods of encryption and DRM (digital rights management) employed in standard software. However, the judgement also highlighted that the use of a balancing test with regard to the appropriateness of the TPM devices in consoles was necessary.  Furthermore, the Court judged that the national courts should carry out a ‘real world’ market test to see if the use of modchips truly adversely affected the interests of the copyright holder i.e. how of then they were used for infringing as opposed to non-infringing uses.Finally, we shall consider the key case that never was – Grund. This case was, and remains, something of an enigma as the preliminary reference questions were difficult to comprehend but nevertheless promised important clarifications in the law. However, we will consider it in this discussion largely because the reference was ultimately withdrawn because the parties were convinced that the issue was resolved by the judgement in PC Box. Thus it offers an insight into the future utility of the UsedSoft and PC Box judgements.
  • Share and share alike? An examination of trust, anonymisation and data sharing with particular reference to an exploratory research project investigating attitudes to sharing personal data with the public sector
    Marion Oswald, pp.245-272
    HTML | PDF
    This article asks whether the necessity of many public services results in a readiness of individuals to share personal data, and thus sacrifice a certain level of privacy, in connection with their provision.  It will explore the value of privacy in the context of the on-going debates around personal data sharing, with particular focus on the public sector in England, using the UK government’s care.data project as an example.  The impact on trust relations between the government, the National Health Service (NHS) and the citizen will be considered.  The importance of anonymisation of personal data as a method of minimising privacy risks and increasing trust will be discussed.  Using the results of the author’s exploratory empirical study into attitudes to sharing personal data with the public sector, the article will suggest that the benefits-versus-costs privacy problem is particularly significant in relation to data sharing projects in the public sector.  The lack of definitive answers in relation to the risk of  re-identification contributes to the problem.  Finally, the article will suggest that future work may wish to investigate how trust in, and acceptance of, data sharing initiatives could be improved by a bottom-up institution-led approach.
  • Virtual Worlds – a Legal Post-Mortem Account
    Edina Harbinja, pp.273-307
    HTML | PDF
    This paper addresses the lack of legal literature in the area of death and virtual worlds. It sheds light on the legal status of different in-game assets, assessing whether these could fit within the notions of property or other relevant legal concepts such as intellectual property, usufruct, or easements. Having determined this, the paper goes on to explore the possibilities regarding the transmission of these assets on death.The author does not share views of a great portion of the legal literature arguing for recognition of ”virtual property” as a concept. Rather, this paper proposes an alternative solution in order to reconcile different interests arising in VWs; primarily, those of developers and players. Recognising a phenomenon of consitutionalisation of VWs, this article suggests a solution in the form of servitudes (usufruct). Virtual usufruct is herein conceived as player’s entitlement to use the VW account and profit from it, if applicable. It is suggested that the entitlement to use the account expires on death, but that it allows a player’s personal representative/executor to gain access to the account and extract any possible monetary value. This solution would enable players to take more control over their virtual assets and heirs to potentially benefit from valuable VW accounts.


  • Can CSIRTs Lawfully Scan for Vulnerabilities?
    Andrew Cormack, pp.308-319
    HTML | PDF
    Security teams routinely scan their own networks to identify computers that may be vulnerable to attacks that would damage the organisation’s information or services. However, the discovery in early 2014 of the widespread Network Time Protocol (NTP) reflection and Heartbleed vulnerabilities highlighted that serious risks to information and systems can also result from vulnerable systems outside the organisation’s network. Security teams would like to identify these vulnerable systems, both to prepare their own defences and to try to warn the systems’ operators to fix the vulnerabilities. It is far from clear, however, whether UK criminal law permits scanning of external systems.This paper considers the unauthorised access offences contained in the UK Computer Misuse Act 1990 and the few reported cases. It concludes that scanning to determine whether or not a computer is vulnerable probably does constitute “access” and for an external computer is unlikely to be explicitly “authorised”. However actions that have been accepted by courts as lawful (sending an e-mail and visiting a website) indicate that authorisation may also be implicit. Theories of cyberproperty and cases under the US Computer Fraud and Abuse Act, including the historic US v Morris, suggest that connecting a computer or service to the Internet does implicitly authorise actions related to the intended function of that service. This appears consistent with the UK decisions in Lennon and Cuthbert and implies that while scanning for NTP reflection vulnerabilities should be lawful, testing for Heartbleed probably is not.


  • A First Look at the Constitutional and Legal Implications of the Data Retention and Investigatory Powers Act 2014
    Judith Rauhofer, Wiebke Abel and Ian Brown, pp.320-328
    HTML | PDF

Book Reviews

  • Freedom of Expression and the Internet
    By W. Benedek and M. Kettemann
    Reviewed by TJ MacIntyre, pp.329-331
    HTML | PDF
  • Intellectual Property, Pharmaceuticals and Public Health: Access to Drugs in Developing Countries
    Edited by Kenneth C. Shadlen, Samira Guennif, Alenka Guzmán and N. Lalitha
    Reviewed by Karen Walsh, pp.332-336
    HTML | PDF
  • Cloud Computing Law
    Edited by Christopher Millard
    Reviewed by Nuno Sousa e Silva, pp.337-339
    HTML | PDF
  • Free and Open Source Software: Policy, Law and Practice
    Edited by Noam Shemtov and Ian Walden
    Reviewed by Tom Dysart, pp.340-343
    HTML | PDF