Irish companies putting information on Websites should stipulate terms and conditions for how their sites are used, following the dismissal of the State's first prosecution for unauthorised accessing of data earlier this year.
The case also highlights the dilemma faced by online information providers: how to limit access to valuable information in a medium designed for fast information transfer.
Last April, Mr Alister Kidd, managing director of Touchtel, became the first person to be charged with unauthorised access to data under the 1991 Criminal Damage Act. The prosecution followed a complaint by Kompass Ireland, which runs an online database of company information, that Mr Kidd had found a way to bypass its site's technical restrictions and download company information from the database more quickly.
Kompass says Mr Kidd wrote a computer program to automatically download records of company information every five seconds, a technique it calls "harvesting". He was traced via the address of the computer he used to download the records.
But the case in the Dublin District Court was dismissed following the presentation of prosecution evidence, not because Mr Kidd did not access the data in question, but because the judge ruled that the information he got was already publicly available, and there were no restrictions or limitations printed on the Website saying how it should be used.
In effect, the judge found, Mr Kidd merely found a more efficient way to download data he could already access.
The case highlights an interesting dilemma for companies like Kompass, which provide a limited amount of free online information as a sample of what they sell on a CD-Rom. The Kompass Website prevents users downloading more than 100 company records at a time, and the need to complete online forms gives the company the opportunity to sell advertisements on the site. Bypassing the normal interface not only bypasses the advertisements, a dilemma for many online providers, but also allows faster access to the data than Kompass intended.
With more than 70 international franchises, French-based Kompass holds contact details and product information for 21,000 companies in its database. Mr Tony McGinty, systems manager at Kompass Ireland, says Mr Kidd automatically downloaded records for some 6,000 companies, which could have been done longhand, but with a lot more effort. Mr Kidd says his intention was to compile a list of companies for marketing purposes.
Legal sources say they were surprised the case arose at all, and the major lesson from it is the need for terms and conditions on Websites. Mr Kidd says the lesson is: "If you've got a site, specify what the usage is for."
The Kompass site (www.kompass.ie) now says users "shall not access the Kompass Service by any means, or in any sequence, other than those provided by the Kompass Service as part of its normal user interface". Meanwhile, Touchtel's GoIreland tourist information site (www.goireland.ie) threatens prosecution for anyone downloading its information "by whatever means" for a commercial application.
However, not everyone is satisfied with the need for explicit terms and conditions on Websites. Mr Alex French of Medianet, Touchtel's Internet service provider at the time, says the need for disclaimers to prevent unauthorised access is "akin to requiring shops to put a `You may not break into this shop' sign up at night". He says the case has a profound impact for the Internet community in Ireland.
The inspector in charge of the Garda Computer Crimes Unit says the issues surrounding access to data are still not clear. "If you are prepared to put information in the public arena you're inviting public access," says Insp Eugene Gallagher, but he adds: "It's unclear if someone comes in the window instead of the door."
With the onset of the so-called Information Age, where information becomes a commodity, further cases testing the unauthorised access to data are likely. After all, data the computer representation of information can be stolen or misused like any other goods. Legal opinion is that it will take a High Court or Supreme Court decision to set definite precedents in this area.
Eoin Licken can be reached at elicken@irish-times.ie
