Send a strongly worded legal letter, censor a Web page
Bank of Ireland in Net bullying fracas
The Bank of Ireland (BoI) has forced a university to remove a site containing a tool to generate banking codes.
Software developer Martin Gallwey developed a tool to generate International Bank Account Numbers (IBANs) after the BoI failed to supply him with the correct information he needed to transfer money from a German bank to his account in Ireland. According to Gallway, the Bank even gave him the wrong number to phone about the problem.
Instead of re-requesting the correct information, Gallwey (who was in Australia at the time and disinclined to shell out for expensive international calls) went DIY and knocked up a tool to generate the codes he needed.
Gallwey told The Register: "I then decided to find out what an IBAN actually was, and with the help of the European Committee for Banking Standard's website, I was able to find out this information. I wrote a quick programme to generate my IBAN and then used it to transfer the money I needed to transfer. Rather than waste my new-found knowledge I decided to put it on the Web for the benefit of people who might find themselves in a similar bind.”
Gallwey posted the tool, which was derived from publicly available information, on a website hosted by the University of Limerick. He made his source code publicly viewable as he thought the tool could be useful to programmers in the finance sector. Gallwey considered releasing the program under the Lesser GNU Public Licence, he tells us.
Two months later the BoI got wind of the site and fired off a legal nastygram to the University, demanding that the page be pulled.
A solicitor for the Bank of Ireland's group legal department, wrote to the University of Limerick claiming that Gallwey’s site was irresponsible. The bank threatened further action unless Limerick's webmaster complied with its demand to pull the page.
The BoI letter to the University said: “Third party calculators such as this carry serious risks, including risk of loss of funds, risk of extra customer charges and a relevant reputational risk for the relevant financial institutions. Furthermore, the website quotes from the Bank of Ireland website without the authority of the Bank. It also contains text which is potentially defamatory of the Bank of Ireland.”
“We refer you to http://www.ecbs.org/iban.htm which contains a specific warning from the European Committee of Banking Services (“ECBS”) against the existence of such third party calculators. It requires banks to ensure that third party calculators such as appears on your website are immediately withdrawn".
On receiving the letter, the University blocked access to Gallwey's website.
The site was taken down before Gallway had a chance to respond to the BoI's accusations.
So how much substance is there to the Bank of Ireland’s complaints?
Let's consider the argument that Gallwey lifted content from the Bank of Ireland's site without permission.
As Gallwey points out the text he quotes is copied from the European Union's website, which is covered by a copyright notice stating that "reproduction is authorised, provided the source is acknowledged, save where otherwise stated".
So a clear case of fair use? We think so.
Dai Davis, a consultant lawyer at Nabarro Nathanson, agrees: "The Bank of Ireland can't claim copyright on something where it isn't their content in the first place. They copied it too."
On his IBAN web page, Gallwey included a brief, unemotional description of his experiences in getting the wrong code from the Bank of Ireland. This was defamatory, according to the BoI. In our opinion, this is raised by the bank simply as a way of forcing the University of Limerick into pulling the site.
The BoI's assertion on this point is questionable, according to Davis: "If you're the Web admin of a University and you get a sternly worded legal letter from a bank saying a site you control is hosting something illegal, you're going to pull the plug and ask questions afterwards. The current legal climate makes it easy to frighten someone into acting. Organisations are obliged to be cautious."
The Bank of Ireland's main objection - that the tool Gallway produced was somehow dangerous - is partly supported by the relevant international banking institution, the ECBS.
In response to Gallwey's queries the ECBS said: "The availability on the web of tools that run the risk of providing incorrect IBANs is to be discouraged."
"If your site promises to generate IBANs for others, you should be aware that you should be held liable for incorrect, delayed or wrong payment," it wrote.
Gallwey argues that all he is doing is implementing a public standard. Also the tool isn’t illegal. But he has taken the ECBS' criticism on board and suggests a compromise whereby his page is reinstated, but with a caveat stating that people should only use the programme at their own risk and that the ECBS recommends that customers obtain this information from their own banks.
Almost a month later, the Bank of Ireland has yet to respond to Gallway’s invitation to withdraw its objections to his site. And why would it when it has already achieved its objectives in getting Gallwey 's site taken offline?
Gallwey says the case raises wider questions about Net rights.
He asks: "If a corporation can get access to my website removed by sending a strongly worded letter, not backed up by any court ruling, then just how free are we to post content on the Web?" ®
Sponsored: Today’s most dangerous security threats