IT Law Compliance and Strategy - Research Paper Example

Contents Introduction and Legal Issues 2 File Sharing 2.2. Selling Goods through the bar.com 2.3. Data Protection 3. Legal Agreementswith Third Parties 4. Defamation 5. Intellectual Property Issues and Registration of Domain Name 6. Use of unregistered software 7. Online Terms and Conditions 8. Prioritised Action Plan Appendix 1: List of Cases and Legislation Appendix 2: Bibliography 1. Introduction & Legal Issues This report highlights the salient legal issues impacting the WildWestWeb Company (“the Company”) and provides a practical legal advice assessment to advise the business on the regulatory requirements affecting current business operations. In particular, this report shall address the following central legal issues impacting the Company: 1) The implications of the TheStudentBar.com, in particular copyright issues pertaining to online file –sharing, data protection and purchasing goods online; 2) Legal Agreements with third party service providers; 3) Nature of online terms and conditions for subscription contract and liability issues; 4) Liability for defamation in respect of the complaints received by lecturers; 5) The legal issues raised by linking to other sites and deep linking; 6) The fact that the WildWestWeb.net domain name already exists; 7) Data protection issues in respect of the information leaks regarding the subscribers and Mr X’s request to see information stored about him; 8) Intellectual property ownership issues as regards the work of Mr X; the programmers and the contractors; and 9) The use of unregistered software. This report will discuss the relevant case law where applicable and Appendix 1 will provide a list of all cases and relevant legislation referred to in this report. 2.1 File Sharing The aftermath of Napster in 1999 created panic and hostility to P2P file sharing1. Additionally, critics have highlighted how the doctrine of fair use and fair dealing under the Copyright Designs and Patents Act (1988) has struggled in the P2P file sharing environment with Internet service providers bearing the brunt of liability, which is clearly relevant to the Company’s position2. With regard to the definition of “sharing” commentators have taken this to include general participation in the network and “either downloading or uploading, or both, can be regarded as sharing3”. Accordingly, if information is posted on a network or files are downloaded from a network, whether a file is exchanged between thousands or two people such as on the current studentbar.com networking site, each example will constitute file sharing4. The majority of research on P2P sharing has dealt with the issue of regulation applications of file sharing networks to illegal file downloading5. The fair use doctrine is the most common copyright exception and is an important defence in the event of copyright infringement proceedings via p2p file sharing6. The fair use doctrine in the p2p file sharing field has been divided into two categories; namely the primary infringer and end users of the file sharing network, who are actually uploading, downloading or distributing the copyrighted works without permission7, and the file-sharing intermediaries8. However, the role of file sharing intermediaries and the fair use defence has been problematic due to the fact that their “special function creates a different nature between file-sharing providers and traditional copying intermediaries,9” further highlighted by the high profile cases of Napster, Grokster and MP3.com10. In the current scenario, the Company is effectively the file sharing intermediary offering potential primary infringers a technical platform, whilst strictly not being directly involved in the infringing conduct11. In considering the doctrine of fair use, the courts have particularly focused on the purpose for which the work is used12. For example, in the case of Newspaper Licensing Agency v Marks and Spencer13, Chadwick LG stated that “the purpose for which the copying is done…… can be brought within a liberal interpretation of the phrase “for the purpose of [the infringement14”. This suggested that the subjective motives of the infringer should be considered, which is clearly problematic when applied to Internet service providers, who may be mere conduits of the actual network infringing15. Furthermore, in the case of Hyde Park v Yelland16, it was asserted that courts “must judge the fairness by the objective standard of whether a fair minded and honest person would have dealt with the copyright work in the manner17”. This recent judicial rationale has effectively eroded the traditional concepts of fair use embodied in the CDPA in the file sharing context18. The case law demonstrates two applications of the fair use defence19. Firstly, the relationship between the primary infringer and the end users and secondly, the relationship between the file sharing intermediaries, which has posed a dilemma for the courts20. In the Napster cases, the P2P network was not considered to be fair use because of the “methods of shifting in P2P networks…… simultaneously involve distribution of the copyrighted material to the general public;………. rather than only to the original user21.” Conversely, the Grokster defendants did not rely on the fair use defence, however the Grokster decision seems to cement the opinion in Napster that fair use does not apply regardless of whether the file sharing network is centralised or decentralised22. Furthermore, file sharing intermediaries using fair use for primary infringement as in MP3.com have encountered problems23. Whilst MP3.com “makes it more plausible that file sharing service providers can claim fair use protection”, the realistic prospect of “taking shelter under the advantage of fair use defence for both end users and file sharing providers have shrunk with the growth of file sharing technology24”. Accordingly, in the current scenario, in the absence of permission of the copyright holders, the downloading and file sharing of music through the site could expose the Company to copyright infringement claims. 2.2. Selling Goods through TheStudentBar.com As goods are being sold online through TheStudentBar.com the Consumer Protection (Distance Selling) Regulations 200025 protects consumer rights in sales contracts concluded at a “distance”. However, in the current scenario if the subscribed users are selling each other goods, then these will be classed as private sellers, which do not fall within the Distance Selling Regulations. Accordingly, the Company should ensure that this is specified in the terms and conditions to which online subscribers must accept prior to subscribing to the site. 2.3. Data Protection Data Protection is regulated by the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (“Privacy Regulations”). In the current scenario the relevant issues are as follows: 1) The complaints from subscribers regarding approaches by other organisations with their data; and 2) The request from Mr X regarding information about himself during his course of employment. Data Protection legislation applies to the Data Controller (under the DPA), which in the current scenario is the Company. The general requirement as stipulated in Schedule 1 of the DPA is that “personal data shall be processed fairly and lawfully, and in particular, not processed”. As the Company collects personal information about subscribers when they purchase the products, this constitutes “processing” for the purposes of the Data Protection Act 1998 (“DPA”)26. Accordingly, online businesses must be registered with the Information Commissioner for data processing27 and there must be a section on the trading medium website notifying the users that personal information is being collected and the purpose for which it is being collected. There are exceptions to the processing obligation in Schedule 1 however in the current scenario none of these exceptions are applicable. As such, the passing of subscription user information to a third party will require consent and the selling of this information to third parties by employee Mr X will potentially render the Company vicariously liable to the subscription holders for breach of data protection obligations as the data controller. The second data protection principle under the DPA is that data must be held only for one or more specified and lawful purposes. In the current scenario, therefore when securing the information, the lawful purpose is for the purpose of subscription and therefore must not deviate from this. It is further important to mention that the data protection legal requirements are further affected by the use of cookies, hyperlinks and metatags. For example, “cookies”28 will constitute use of private data and the DPA requires businesses to inform users of this and give users an option to opt-out29 of this. Accordingly, the subscription contract must include this option in and the users must accept this. The sale and purchase of customer lists again raises data protection issues30. Businesses must be registered for this and ensure consents are obtained from customers to the release of this information to other traders.31 In the current, scenario in the absence of consent, the sale of data to other organisations will infringe the obligations of the DPA. In addition to information collected at the time of subscription, if subscriber email addresses or other contact details are retained (or “harvested”) from the emails that users compile and forward to their friends and contacts, then not only does the business become a data controller under the DPA, but it also needs to ensure that it has the individual data subjects consent to the retention and use of their data32. This is required under the DPA in relation to compilation, retention and use of data, as well as under the Privacy and Electronic Communications Regulations 2003 in respect of the sending of marketing materials33. With regard to Mr X’s request, Schedule 3 paragraph 2 of the DPA provides that processing of sensitive data will be legitimate insofar as it is necessary for the purposes of exercising or performing any right or obligation which is conferred or imposed by law on the data controller in connection with employment. Nevertheless whilst such processing and storage of data may permissible under the DPA, Mr X has made a subject access request to see copies of this information and section 5 of the DPA 2002 provides individuals with a legal right to request copies of information held on them, with a description of the purpose for which such information has been processed and to whom the information has been disclosed. Under the DPA right, the Company will have a legal obligation to comply with a subject access request and failure to comply can result in being liable to Mr X for a compensation claim of a fine up to the sum of £5000. In terms of compliance with the request, the Company will be required to provide access to data as defined by the DPA, which is personal and is not subject to any exemptions. In terms of exemptions, this will include the following categories of data: 1) Data subject to legal professional privilege; 2) Details of ongoing negotiations or procedures between the subject and the organisation; 3) Information held in relation to health, education or social service records; 4) Information processed in respect of prevention of crime; 5) A confidential reference; and 6) Information provided in response to an enquiry undertaken by a regulatory body. In the current scenario, Mr X is concerned about a reference given about him, however if confidential then this may fall within the exceptions to disclosure when faced with a subject access request. 3. Legal Agreements with Third Parties It is evident that the Company currently works with contractors in relation to its business, which raises intellectual property issues. Under the CDPA any work attracting copyright will vest in the employer if created during the course of employment. However, works created by freelance contractors will be owned by the contractor and therefore in any agreement contracted with third party contractors, the Company should ensure it obtains an assignment of copyright in all such works to ensure that copyright vests in the Company. All copyright in works created by the employees currently employed by the Company will vest in the Company. Additionally, standard commercial agreements need to be prepared for third party arrangements such as outsourcing, contracts with programmers and Internet Service Providers (“ISP”) which raise intellectual property and liability issues34. 4. Liability for Defamation in respect of complaints received by lecturers. With regard to the complaints from lecturers regarding comments made in the online forum, this raises ISP liability. Although the individual subscribers are actually making the potentially defamatory comments, from a legal perspective they are actually published on the Internet by the ISP. This raises issues as to liability, which is heightened by the wider scope for anonymity on the Internet. ISPs are considered to be secondary publishers under defamation law and attract liability if they have discretion as to how long the material is stored or have the power to remove offending material. Section 1(1) of the Defamation Act 1996 provides a defence to secondary publishers in the following circumstances: 1(1)(b) reasonable care was taken in publication; and 1(1)(c) there was no actual knowledge that the conduct caused or contributed to the publication of a defamatory statement. This builds upon the defence of “innocent dissemination”. However, the Section 1 defence is not without its issues35. The defence is narrow and applies only to those unaware that the publication contained a defamatory statement. There is no defence as there is for primary publishers who genuinely believe that material is true, privileged or fair comment. Therefore the issue of ISP liability not only raises issues as to the fairness of secondary publisher liability for actions of primary publishers, it is also inadequate as a protection of privacy on the Internet. The position results in a potentially selective application of a notion of privacy with arguably the wrong party being liable. Reports in practice suggest that when ISP secondary publishers are put on notice that content material is defamatory, they face difficult choices regarding withdrawal of information in the face of cost implications and worthless indemnities from primary publisher36. In the current scenario, therefore the Company will have a duty to investigate the complaints from lecturers and remove the offending material if found to be defamatory to protect its legal position. An example of the problem in practice is evidenced by the case of Godfrey v Demon Internet Ltd37. In this case, an online newsgroup on Thai culture was distributed to Usenet subscribers. It operated a discussion forum, allowing subscribers to contribute to the discussion. An unnamed USA resident posted a contribution purporting to come from the claimant, which was defamatory. The author sent the contribution to its own ISP and distributed it to the news service of every ISP in the world that offered Usenet. The Claimant had notified the ISP of the posting and had asked them to remove it. However, they failed to do this and the material was still on the site for a further 10 days. In a preliminary hearing, the High Court rejected the ISP’s argument of a passive role as they had been given notice yet still did not take the information off the site. This case highlights the limits of the Section 1 defence once defamatory statements have been brought to an ISP’s attention. However, there is no policing or discussion in relation to the liability of those who actually created the defamatory material. Therefore, even if ISP liability was viewed as a means to protecting privacy, it is meaningless if the creator of the offending information is immune from liability. Furthermore, ISP liability arises after the event and after the publication. In the Godfrey case the offending material was on the site for 10 days after notification. The Electronic Commerce Regulations38 (“the Regulations”) limits the liability of ISPs on a range of legal issues, including defamation, obscenity and copyright. The Regulations follow the EC Directive39 and distinguish between internet providers acting as “mere conduit”; “caching” and “hosting”. The most important issue for ISPs is the definition of hosting40. Under the Regulations, the term “hosting” is widened and could potentially cover web-based email services such as hotmail and AOL, where messages are stored and can be accessed anywhere in the world by subscriber. This in itself underlines the difficulties posed by the intricacies of Internet technology and addressing it adequately within a law protecting privacy. For example, if hosting covers web-based email services, are ISPs liable for potentially defamatory content in private emails to private individuals or to many recipients on a mailing list? If this is a possibility, then it could also lead to a claim against ISPs by the sender of the e-mail for invasion of privacy of their private emails. Article 14 of the Regulations provides immunity to ISPs who host sites on condition that they must not have actual knowledge of the illegal activity and are not aware of the facts. If an ISP becomes aware it must act immediately. The E-Commerce Directive is also far from comprehensive and does not include all services41. For example, the ISP Association expressed concern about the status of providers of hyperlinks and location tools. For example, if we consider by analogy the case highlighted by David Price of Hird v Wood42, where a defamatory placard was placed at the side of the road with no-one knowing who had erected the placard. The Court of Appeal held this was publication. Similarly, a hyperlink that points to or links to a defamatory site could amount to secondary publication. However, they would not be liable as they would not be covered by the Regulations. This further relates to the various links on the studentbar.com site and it is evident that theoretically, downloading someone’s web page is clearly copyright infringement and the Shetland43case asserted that without permission, linking to third party material may also constitute copyright infringement. Accordingly, the Company should ensure all permissions are obtained for linking to other sites. Conversely, the affect of ISP liability also leaves open the possibility of censorship on the Internet. Keen to avoid cost and uncertain of their position, ISPs may take down information that is true and should have been reported. 5. Intellectual Property Issues Regarding Pre-Existing Registration of Domain Name The inherent limitation of the internet structure is that domain names provide the main method of protection of names online and method of asserting internet presence44. Many companies have sought domain name protection to ensure consistent trademark protection in the digital arena. This has led to novel legal issues arising between the need to ensure effective trademark protection online against the difficulty of policing infringement45. It is not evident in the current scenario if the Company has registered the name WildWestWeb as a trademark. If not, the fact that the Company has built up goodwill in the brand will offer protection through passing off. The main issue undermining effective trademark protection and passing off is the increased practice of cybersquatting. Cybersquatting is the practice of registering domain name which is either a registered trademark or similar to one in “bad faith”46. The term “bad faith” covers a broad range of conduct from libelling and devaluing the brand reputation of established businesses or using their trademarked or business name to misrepresent a trade connection to the public end user, which can result in diversion of traffic47. We are not sure in the current scenario if the registrant of the WildWestWeb site has registered the name in bad faith, however in light of the recent issues with Mr X, the Company should undertake an online search to determine the registrant of the domain name. Registration of domain names which are also registered trademarks clearly creates issues regarding trademark infringement. The current legislative framework in the UK addressing trademark infringement is Section 10 of the Trade Marks Act 1994 (TMA), which provides that a party will be infringe someone’s trademark if they use “in the course of trade, a sign which is identical to the trademark in relation to goods or services which are identical with those for which it is registered”. However, this is problematic in the digital context as domain names are usually registered on a first come, first serve basis.48 Moreover, under UK law trademarks can be registered in respect of different categories and if someone registers their domain name first, this limits effective protection of other businesses online49. Additionally, the domain name may be registered in respect of a business in another line of business, which could potentially dilute the brand value of another business with an online presence in a different business50. However, from the Company’s perspective this creates an inherent paradox whereby trademark protection is potentially diluted online yet due to the nature of business being different there is no recourse under passing off or section 10 due to the obvious lack of confusion from an end user’s perspective. The courts have adopted a wide interpretive approach in favour of trademark owners, resulting in some questionable decisions on a strict interpretation of the current law of trademarks and passing off. For example, a prime example of a case highlighting the difficulties caused by use of domain names online in the context of trademark infringement and passing off is the decision in British Telecommunications plc, Virgin Enterprises plc, J Sainsbury plc, Marks & Spencer plc, and Ladbroke Group plc v One in a Million51. In this case, One in a Million dealt in internet names and as such, registered multiple domain names including names of all the above mentioned plaintiffs. The plaintiffs brought a claim under section 10 of the TMA for trademark infringement and passing off. The plaintiffs succeeded and the High Court justified its decision on grounds that there would be a likelihood of confusion, which constituted an infringement of the registered trademark and passing off. The defendant appealed relying on the fact that the TMA enabled multiple registrations of the same trademark in respect of different categories of goods. The Court of Appeal emphatically rejected this assertion and its decision was motivated by the evidence demonstrating a pattern of this behaviour from the defendant in registering domain names of established businesses for the sole purpose of obtaining commercial benefit by naming his price. However, this rationale, whilst justifiable on moral grounds was delivered on the basis that it complied with existing trademark law which is questionable as the problem of domain name registration which covers legitimately registered trademarks in numerous jurisdictions is clearly outside the parameters of the TMA52. Moreover, the Court of Appeal asserted that “I am not satisfied that Section 10(3) of the [TMA] does require the use to be trade mark use nor that it must be confusing use…….. the appellants seek to sell the domain names which are confusingly similar to registered trademarks. The domain names indicate origin. That is the purpose for which they are registered53”. This clearly undermines the reality that numerous legitimate trademarks are registered as enabled by the TMA itself, yet the domain name system itself is limited in offering protection due to the restrictions on availability of the same domain names for different business. As such, the dichotomy between the current UK law and the internet domain name model highlights the paradoxical nature of the Court of Appeal’s assertion that “domain names indicate origin54”. Alternatively, if the name is not registered as a trademark, then the only other way the Company could prevent use of the name is through the common law action of passing off. The basic requirements for an action in passing off as determined in the case of Perry v Truefit (1842) 49 ER 749) is that there must be a misrepresentation by made by the other owner of the domain name in the course of trade to customers, which is calculated to damage the goodwill or business of the Company and that this misrepresentation causes the Company actual damage (Spalding & Brothers v A W Gamage Limited (1915) 84 LJ Ch 449). The Company would have the onus of establishing goodwill in the name. Another option would be to lodge a domain name dispute against the registrant of the domain name with international dispute resolution body ICANN, which implements the ICANN Uniform Dispute Resolution policy (UDRP)55. The onus of proof would be on the Company to establish that the domain name was registered in bad faith. 6. Use of unregistered Software The use of unregistered software exposes the Company to liability for copyright infringement. Section 50C of the CDPA (inserted by the Computer Programs Regulations 1992) implements into UK the provisions of Article 5(1) of the European Directive on Computer Programs 1991. The Directive grants a right to use a program and asserts that in the absence of contractual provisions, a lawful acquirer of a computer program has the right to copy or adapt it when such reproduction is necessary for the use of the program in accordance with its intended purpose. However, in the current scenario, the use of unregistered software arguably amounts to software piracy and the use of counterfeiting software, which could expose the Company to fines for software piracy. 7. Online Terms & Conditions With regard to the online terms and conditions for the subscribers it is recommended that the following terms and conditions be included in particular: 1) When registering, the subscribers should be required to click and accept the terms and conditions and be informed of the fact that the terms and conditions apply to the terms of subscription and use of the website; 2) There should be an express term advising users that logging on to the password protected area means that the terms and conditions of the Company are accepted to the exclusion of any other terms and that the user accepts full responsibility for the acts, omissions and defaults of its use; 3) If the subscribers’ user name, email and any other information is to be displayed in the forums or chat rooms, then there should be an express clause highlighting that this is the case and giving the customer the option to not show their private details on the page; 4) If cookies are used to support the forum and chat rooms this should be expressly notified to the subscriber; 5) There should be an express clause highlighting that in using the forums or chat rooms the users are “not to post any material, or engage in any activity, that is unlawful, threatening, libellous, defamatory, pornographic, profane, abusive, vulgar, obscene, hateful or racially objectionable or that constitutes or encourages criminal conduct”. Directly linked to this, the online terms and conditions should expressly provide that the Company reserves the right to remove any offensive material and terminate subscription; 6) The terms should assert that the users are not to infringe trademarks or copyrights or link to other sites in breach of copyright; 7) The Company should include an express limitation of liability clause in respect of the use of the site and assert that the chat room and forums are provided on an “as is” basis with no warranties regarding the quality or suitability or truth of anything posted in the chat room; 8) With regard to linking, the Company’s terms should specify that it is not responsible for any links to another website and that any such links do not indicate any affiliation or commercial relationship; and 9) The terms should preferably specify that they are regulated by the laws of England and Wales. 8. Prioritised Action Plan The factual scenario raises complex legal issues impacting business operations and an action plan should be implemented with priority action points. Firstly, as a recommendation for general good practice, the action plan points and Company strategy should be implemented to ensure compliance with the Information technology national standard ISO/IEC 27000 for security management56. In particular, the definition of security is to ensure confidentiality and integrity of the business assets57. Furthermore, the ISO standard embodies twelve central sections that the Company should consider in implementing an action plan, namely: 1) risk assessment; 2) security policy; 3) Asset management; 5) Human resources security; 6) Physical and environmental security; 7) communications and operations management; 8) access control; 9) information systems acquisition, development and maintenance; 10) information security incident management; 11) business continuity management; and 12) compliance58. Finally, as an additional consideration, in light of the above analysis of the regulatory requirements, it is essential for the Company appropriate members of staff to oversee and carry out effective document management, which protects the Company’s business interests and ensures legal compliance. In particular, I would recommend the implementation of the following as immediate priority action points: 1) Prepare standard online terms and conditions for subscribers that comply with consumer regulations relating to e-commerce and terms and conditions; 2) Prepare standard online terms and conditions for traders and any third party service providers; 3) Ensure the Company implements secure methods for collecting online payment; 4) Prepare an online privacy policy and terms of use; 5) Consider appropriate warranties and terms and conditions regarding Internet Service Provider agreements; 6) Regulation of employee computer use and email use through detailed policies on employee monitoring; 7) Regulation of third party programmers working on the site; 8) Undertake searches regarding intellectual property protection immediately; and 9) Appointment of internal Data Protection manager to ensure compliance with the DPA. APPENDIX 1: LIST OF CASES AND LEGISLATION Doctrine of Fair Use Hyde Park v Yelland [2000] EMLR 363 Newspaper Licensing Agency v Marks and Spencer [2000] 4 All ER 239 File Sharing Napster, 114 F.supp 2d Metro-Goldwyn Mayer Studios Inc v Grokster Ltd 380 F.3d 1154 (2004). UGM Recordings v MP3.com Inc. 92 F. Supp 2d 349 (2000). Defamation and the Internet Godfrey v Demon Internet Ltd [1994] 4 All ER 342 Copyright Infringement & Linking Hird v Wood (1894) 38 SJ 234 Shetland Times Ltd v Dr Jonathan Wills and ZetNews Ltd (1996) SCLR 160. Trademark Infringement & Domain Name Disputes British Telecommunications plc, Virgin Enterprises plc, J Sainsbury plc, Marks & Spencer plc, and Ladbroke Group plc v One in a Million [1992] FSR 1 Passing Off Perry v Truefit (1842) 49 ER 749) Spalding & Brothers v A W Gamage Limited (1915) 84 LJ Ch 449). Legislation Copyright Designs and Patents Act 1988 Trade Marks Act 1994 Defamation Act 1996 Data Protection Act 1998 Data Protection Act 2002 Computer Programs Regulations 1992 Consumer Protection (Distance Selling) Regulations 2000 Electronic Commerce Regulations 2002 Privacy and Electronic Communications Regulations 2003 APPENDIX 2 BIBLIOGRAPHY Bainbridge (2007). Intellectual Property. Longman Baird., Z., (2002). Governing the Internet. Foreign Affairs. Volume 81(6). 15 Berryhill (2000). The UDRP Dispute Resolution. Available at www.icannwatch.org M. Collins (2001). The Law of Defamation and the Internet. Jennifer Davis (2007). Intellectual Property Law. 3rd Edition 2007 Oxford University Press. Feld, H., (2003). Structure to fail: ICANN and the “privatisation” experiment. In A. Theirer. & C Crews Jr. (Eds). Who rules the net? Internet Governance and jurisdiction (pp.333-362). Washington DC: Cato Institute. Stacey L.Dogan., (2005) Comment: Sony Fair Use and File Sharing. Case Western Reserve Law Review Vol 55: 4. Lillian Edwards & Charlotte Waelde (2008). Law and the Internet. 3rd Edition Hart Publishing. Froomkin, A.M., (2000). Wrong Turn in cyberspace: Using ICANN to route around the APA and the Constitution. Duke Law Journal 50(1) 17-186. Gringras (2007). Expensive Typos. 157 NLJ 662. Hollyoak and Torremans (2005). Intellectual Property Law. 4th Edition Oxford University Press. W Kleinwachter (2006). “WSIS and Internet Governance: The struggle over the core resources of the Internet”. 11(1) Communications Law 3. Ian Lloyd (2004). Information Technology Law. 4th Edition Oxford. Merges, Menell & Lemley (2003). Intellectual Property in the New Technological Mueller, M.L., (2002). Ruling the root: Internet governance and the taming of cyberspace. MIT press Murray., (2000). Internet Domain Names: The Trade Mark Challenge. 6 Journal of Law and Information Technology. 285-312. OECD Information Technology Outlook 2004, Chapter 5 Peer-to Peer Networks in OECD Countries (2004) available at www.oecd.org D. Price, Defamation: Law Procedure and Practice (2ND EDITION 2001). Susan Singleton (2003). E-Commerce: A Practical Guide to the Law. Gower Publishing Limited Smith (2007). Internet Law and Regulations. Sweet & Maxwell. C. Waelde, “Trade Marks and Domain Names: There is a lot in a Name.” in Lillian Edwards and Charlotte Waelde (eds) Vaver & Bentley (2004). Intellectual Property in the New Millennium. Cambridge University Press. Y, Wang., (2007) Where Does Fair Use Go? An Insight Into Regulating File Sharing in Research and Education available at www.bileta.ac.uk Diane Zimmerman., (2003). Authorship Without Ownership: Reconsidering Incentives in a Digital Age 52. DePaul Law Review 1121. www.icann.org www.iso27001security.com Read More