Feeds

Send a strongly worded legal letter, censor a Web page

Bank of Ireland in Net bullying fracas

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

The Bank of Ireland (BoI) has forced a university to remove a site containing a tool to generate banking codes.

Software developer Martin Gallwey developed a tool to generate International Bank Account Numbers (IBANs) after the BoI failed to supply him with the correct information he needed to transfer money from a German bank to his account in Ireland. According to Gallway, the Bank even gave him the wrong number to phone about the problem.

Instead of re-requesting the correct information, Gallwey (who was in Australia at the time and disinclined to shell out for expensive international calls) went DIY and knocked up a tool to generate the codes he needed.

Gallwey told The Register: "I then decided to find out what an IBAN actually was, and with the help of the European Committee for Banking Standard's website, I was able to find out this information. I wrote a quick programme to generate my IBAN and then used it to transfer the money I needed to transfer. Rather than waste my new-found knowledge I decided to put it on the Web for the benefit of people who might find themselves in a similar bind.”

Gallwey posted the tool, which was derived from publicly available information, on a website hosted by the University of Limerick. He made his source code publicly viewable as he thought the tool could be useful to programmers in the finance sector. Gallwey considered releasing the program under the Lesser GNU Public Licence, he tells us.

Nastygram

Two months later the BoI got wind of the site and fired off a legal nastygram to the University, demanding that the page be pulled.

A solicitor for the Bank of Ireland's group legal department, wrote to the University of Limerick claiming that Gallwey’s site was irresponsible. The bank threatened further action unless Limerick's webmaster complied with its demand to pull the page.

The BoI letter to the University said: “Third party calculators such as this carry serious risks, including risk of loss of funds, risk of extra customer charges and a relevant reputational risk for the relevant financial institutions. Furthermore, the website quotes from the Bank of Ireland website without the authority of the Bank. It also contains text which is potentially defamatory of the Bank of Ireland.”

“We refer you to http://www.ecbs.org/iban.htm which contains a specific warning from the European Committee of Banking Services (“ECBS”) against the existence of such third party calculators. It requires banks to ensure that third party calculators such as appears on your website are immediately withdrawn".

On receiving the letter, the University blocked access to Gallwey's website.

The site was taken down before Gallway had a chance to respond to the BoI's accusations.

Paper tiger

So how much substance is there to the Bank of Ireland’s complaints?

Let's consider the argument that Gallwey lifted content from the Bank of Ireland's site without permission.

As Gallwey points out the text he quotes is copied from the European Union's website, which is covered by a copyright notice stating that "reproduction is authorised, provided the source is acknowledged, save where otherwise stated".

So a clear case of fair use? We think so.

Dai Davis, a consultant lawyer at Nabarro Nathanson, agrees: "The Bank of Ireland can't claim copyright on something where it isn't their content in the first place. They copied it too."

On his IBAN web page, Gallwey included a brief, unemotional description of his experiences in getting the wrong code from the Bank of Ireland. This was defamatory, according to the BoI. In our opinion, this is raised by the bank simply as a way of forcing the University of Limerick into pulling the site.

The BoI's assertion on this point is questionable, according to Davis: "If you're the Web admin of a University and you get a sternly worded legal letter from a bank saying a site you control is hosting something illegal, you're going to pull the plug and ask questions afterwards. The current legal climate makes it easy to frighten someone into acting. Organisations are obliged to be cautious."

The Bank of Ireland's main objection - that the tool Gallway produced was somehow dangerous - is partly supported by the relevant international banking institution, the ECBS.

In response to Gallwey's queries the ECBS said: "The availability on the web of tools that run the risk of providing incorrect IBANs is to be discouraged."

"If your site promises to generate IBANs for others, you should be aware that you should be held liable for incorrect, delayed or wrong payment," it wrote.

Gallwey argues that all he is doing is implementing a public standard. Also the tool isn’t illegal. But he has taken the ECBS' criticism on board and suggests a compromise whereby his page is reinstated, but with a caveat stating that people should only use the programme at their own risk and that the ECBS recommends that customers obtain this information from their own banks.

Almost a month later, the Bank of Ireland has yet to respond to Gallway’s invitation to withdraw its objections to his site. And why would it when it has already achieved its objectives in getting Gallwey 's site taken offline?

Gallwey says the case raises wider questions about Net rights.

He asks: "If a corporation can get access to my website removed by sending a strongly worded letter, not backed up by any court ruling, then just how free are we to post content on the Web?" ®

3 Big data security analytics techniques

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.