Friday, December 24, 2004

IRTPA

I've just realised why the Intelligence Reform and Terrorism Prevention Act, (IRTPA) could not just be called the Intelligence Reform Act. It would have been commonly referred to as the IRA. I wonder if that was an option that was considered before somebody spotted the irony?

Interestingly enough I've noticed EPIC have referred to the act as the National Intelligence Reform Act of 2004, that's NIRA and Intelligence Reform Law, that's IRL. (Scroll down to item 2 in the latest EPIC alert)

Thursday, December 23, 2004

BBC Creative Archive

Alison Perrit has a nice article on the BBC Creative Archive Project at Spiked magazine, "Bringing the past to life
The pros and pitfalls of the BBC's attempt to digitise its archives."

"At the Royal Television Society on London's South Bank on 28 October 2004, Paula Le Dieu, co-director of the Creative Archive Project, described the aim as to 'provide fuel for a truly creative nation', helping the public to become active participants in the BBC's creative output. Although works enjoying ongoing financial reward might never make it on to the archive, Le Dieu argues that television classics such as Fawlty Towers have a high profile and vibrant commercial life already. It is programmes that have not been aired for years that are of concern - without digitisation, the investment and knowledge contained in these works may go to waste.


Le Dieu acknowledges the difficulties of copyright clearance, describing rights ownership in BBC archival works as a 'complex ecology' through which 'we must know how to negotiate a path with rightholders for the dusty library to see the light'. "

HMV lock out iPod

More entrenchment nonsense in the music sector, as HMV plan to sell downloadable music that will only play with Microsoft software. iPod owners need not buy from HMV, then.

Wednesday, December 22, 2004

Software patents stymied again

It looks as though Polish undersecretary of science and information technology, Wlodzimierz Marcinski, has scuppered the EU Council's attempts to sneak the software patents directive through on the nod at an agriculture meeting.

The tactics were not particularly subtle but it still requires someone to stand up and be counted and congratulations for Mr Marcinski for being that person. If this thing is to go through then for some remote semblance of basic respectability at least let it be subject to appropriate scrutiny and debate.

There is an argument to be made that patents should possibly be allowed on something that could previously only have been created as a peice of hardware but can now be effected purely in software, such as a particularly cleverly architected media player, which is novel and includes the requisite inventive step. There is also an argument that someone who creates a novel invention should not be precluded from obtaining a patent, just because that invention happens to include a software component. But to allow blanket patenting of software, essentially because it is software and yet if the particular item was created in any other way would be obvious, is stupid policy.

Wrapping something in the cloak of apparently clever technology is does not make it new, inventive or necessarily better but it might. And the generally poor level of undertanding of technology and its architecture often and inevitably leads to poor decision making in the choice, regulation and deployment of that technology. This rule applies whether the context of the decision under consideration is the compulsory use of computers in all courses or the blind allowance of software patents.

Intelligence Reform and Terrorism Prevention Act

Have you heard of the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004? It was signed into law in the US by President Bush last week. The EFF are not pleased. They're characterising it as the latest versions of the now defunct Total(/terrorism) Information Awareness (TIA), CAPPS II, PATRIOT III and a biometric national identity card system all rolled into one.

The 235 pages of the act are available online. The table of contents runs to 6 pages and the Act undertakes to reform the intelligence community, the FBI, transportation security, cross border travel, terrorism prevention and implement the recommendations of the 9/11 Commission. That's quite an undertaking for one piece of legislation.

Section 7212 deals with ID cards and says that Federal agencies will not be allowed to accept any form of "personal identification card newly issued by a State more than 2 years after the promulgation of the minimum standards" to set for these documents by the US Secretary of Transportation in consultation with the Secretary for Homeland Security within the next 18 months. It goes on to say these standards should include a requirement for various personal details to be included on the cards, including a digital photo, "common machine-readable identity information" and "capable of accommodating and ensuring the security of a digital photograph or other unique identifier." (Emphasis mine). This later requirement will probably be what has the EFF concerned about biometric national ID cards, especially in the light of an earlier part of the act which emphasises biometrics in airline security.

So it looks as though the US are going for a national ID card too, though the finer details are in the hands of the relevant Secretaries.

The Act does also seem to provide the statutory grounding for the US government's replacement for the defunct CAPPS II programme, the new programme being labeled Secure Flight and heavily focuses biometric technology in connection with aviation security in section 4011. I've only scanned this quickly but it doesn't appear to refer to "Secure Flight" by name but by a rather more generic handle, "Advanced Airline Passenger Pre-Screening."

Tuesday, December 21, 2004

Mad Kane's Gift Contract

In the spirit of Christmas, Madeline Kane's gift contract :-) Sample:

GIFTS FOR THE CHILDREN:

1. Husband won't buy their son a toy gun, provided Wife doesn't buy him a doll. Puppets, however, are permissible.

2. Wife won't buy anything that requires assembly.

3. Husband won't buy children toys he plans to play with.

4. Whoever picks the gift must make the emergency trip for batteries.
Lord Hope:

"I would quash the Human Rights Act 1998 (Designated Derogation) Order 2001. I would declare that section 23 of the Anti-terrorism, Crime and Security Act 2001 is incompatible with the right to liberty in article 5 of the European Convention on Human Rights on the ground that it is not proportionate, and that it is incompatible with article 14 of the Convention on the ground that it discriminates against the appellants in their enjoyment of the right to liberty on the ground of their national origin."

Lord Scott:

" It has not been suggested, nor could it be suggested, that the 2001 Act is otherwise than an effective enactment made by a sovereign legislature. It was passed by both Houses of Parliament and received the Royal Assent. Whether the terms of the 2001 Act are consistent with the terms of the European Convention on Human Rights ("the ECHR") is, so far as the courts of this country are concerned, relevant only to the question whether a declaration of incompatibility under section 4 of the Human Rights Act 1998 should be made. The making of such a declaration will not, however, affect in the least the validity under domestic law of the impugned statutory provision. The import of such a declaration is political not legal...

A ruling that an Act of Parliament is incompatible with the ECHR does not detract from the validity of the Act. It does not relieve citizens from the burdens imposed by the Act. It provides, of course, ammunition to those who disapprove of the Act and desire to agitate for its amendment or repeal. This is not a function that the courts have sought for themselves. It is a function that has been thrust on the courts by" the 1998 [Human Rights]Act.

"The Secretary of State is unfortunate in the timing of the judicial examination in these proceedings of the "public emergency" that he postulates. It is certainly true that the judiciary must in general defer to the executive's assessment of what constitutes a threat to national security or to "the life of the nation". But judicial memories are no shorter than those of the public and the public have not forgotten the faulty intelligence assessments on the basis of which United Kingdom forces were sent to take part, and are still taking part, in the hostilities in Iraq. For my part I do not doubt that there is a terrorist threat to this country and I do not doubt that great vigilance is necessary, not only on the part of the security forces but also on the part of individual members of the public, to guard against terrorist attacks. But I do have very great doubt whether the "public emergency" is one that justifies the description of "threatening the life of the nation". Nonetheless, I would, for my part, be prepared to allow the Secretary of State the benefit of the doubt on this point and accept that the threshold criterion of article 15 is satisfied."

Ouch - no punches pulled on exaggerated presentation of intelligence claims on Iraq.

"Section 23 constitutes, in my opinion, a derogation from article 5(1) at the extreme end of the severity spectrum. An individual who is detained under section 23 will be a person accused of no crime but a person whom the Secretary of State has certified that he "reasonably … suspects … is a terrorist" (section 21(1)). The individual may then be detained in prison indefinitely. True it is that he can leave the United Kingdom if he elects to do so but the reality in many cases will be that the only country to which he is entitled to go will be a country where he is likely to undergo torture if he does go there. He can challenge before the SIAC the reasonableness of the Secretary of State's suspicion that he is a terrorist but has no right to know the grounds on which the Secretary of State has formed that suspicion. The grounds can be made known to a special advocate appointed to represent him but the special advocate may not inform him of the grounds and, therefore, cannot take instructions from him in refutation of the allegations made against him. Indefinite imprisonment in consequence of a denunciation on grounds that are not disclosed and made by a person whose identity cannot be disclosed is the stuff of nightmares, associated whether accurately or inaccurately with France before and during the Revolution, with Soviet Russia in the Stalinist era and now associated, as a result of section 23 of the 2001 Act, with the United Kingdom. I can understand, conceptually, that the circumstances constituting the "public emergency threatening the life of the nation" might be of such an order as to justify describing section 23 as a measure "strictly required by the exigencies of the situation". But I am unable to accept that the Secretary of State has established that section 23 is "strictly required" by the public emergency. He should, at the least, in my opinion, have to show that monitoring arrangements or movement restrictions less severe that incarceration in prison would not suffice." (Emphasis mine).

"The differentiation between suspected terrorists who are immigrants with no right of residence and suspected terrorists who are British nationals is, in my opinion, plainly discriminatory. The difference between the two groups, namely, that one group has the right of residence and the other group does not, seems to me to be irrelevant to the issue as to what measures are required in order to combat the threat of terrorism that their presence in this country may be thought by the Secretary of State to present...

In my opinion, however the article 15 requirement does not justify a discriminatory distinction between different groups of people all of whom are suspected terrorists who together present the threat of terrorism and to all of whom the measures, if they really were "strictly necessary" would logically be applicable. If those who are suspected terrorists include some non-Muslims as well as Muslims, it would, in my opinion, be irrational and discriminatory to restrict the application of the measures to Muslims even though the bulk of those suspected are likely to profess to be Muslims. Some might well not be professed Muslims. Similarly, it would be irrational and discriminatory to restrict the application of the measures to men although the bulk of those suspected are likely to be male. Some might well be women. Similarly, in my opinion, it is irrational and discriminatory to restrict the application of the measures to suspected terrorists who have no right of residence in this country. Some suspected terrorists may well be home-grown."

Lord Rodger:

"I consider it right to defer to the Government's considered judgment that it would be difficult to justify taking draconian powers to detain British suspects. In other words, the Government believe that they could not show that the indefinite detention of British suspects was justified, and hence strictly required, in terms of article 15(1), in order to meet the threat that they pose to the life of the nation. Starting from that premise, SIAC's conclusion, that the threats posed by the foreign and British suspects are comparable, leads to the further conclusion that the detention of the foreign suspects is not strictly required either."

Lord Walker:

"As my noble and learned friend Lord Rodger of Earlsferry pointed out in the course of argument, a portentous but non-specific appeal to the interests of national security can be used as a cloak for arbitrary and oppressive action on the part of government. Whether or not patriotism is the last refuge of the scoundrel, national security can be the last refuge of the tyrant. It is sufficient to refer (leaving aside more recent and probably more controversial examples) to the show trial and repression which followed the Reichstag fire in Berlin and the terror associated with the show trials of Zinoviev, Bukharin and others in Moscow during the 1930s. It is therefore important to note that in this appeal no attack is made on the good faith of the Secretary of State, or any other individual or group of individuals in the executive or legislative arms of government. It is not suggested that the Secretary of State or any of his officials has given misleading or disingenuous reasons for their actions. What is said is that they have asked themselves the wrong questions, and have reached irrational and disproportionate answers."

(He could be talking about ID cards - they've asked themselves the wrong questions and have reached irrational and disproportionate answers!).

"For my part I think that in a case of this sort the court has to proceed at two different levels. The court should show a high degree of respect for the Secretary of State's appreciation, based on secret intelligence sources, of the security risks; but at the same time the court should subject to a very close scrutiny the practical effect which derogating measures have on individual human rights, the importance of the rights affected, and the robustness of any safeguards intended to minimise the impact of the derogating measures on individual human rights. In doing so the court must allow for the fact that it may be impossible for the intelligence services to identify the target or predict the scale of a violent attack by international terrorists (whose methods involve secrecy, deception and surprise). The likely effects of a natural disaster (such as a hurricane or a volcanic eruption) are, within limits, more easily predictable than those of attacks by terrorists who (on the evidence) may have access to biological, chemical or even radiological or nuclear weapons."

Lord Walker goes on to set the background for his caution against detention without trial, by citing works that outline the downside, Professor A T H Smith in the chapter on offences against the state in English Public Law (edited by Professor David Feldman, 2004), p 1334, Professor Clive Walker's Blackstone's Guide to the Anti-Terrorism Legislation (2002) and Professor Brian Simpson's work, In the Highest Degree Odious: Detention Without Trial in Wartime Britain, (1992); as well as hinting at problems created by internment in Northern Ireland.

He agrees, however, that the 2001 Act was passed at a time of "public emergency threatening the life of the nation" and goes on to dissent from the majority judgement saying discrimination between nationals and foreign nationals in this context is "rational."

"In this case a power of interning British citizens without trial, and with no option of going abroad if they chose to do so, would be far more oppressive, and a graver affront to their human rights, than a power to detain in "a prison with three walls" a suspected terrorist who has no right of abode in the United Kingdom, and whom the government could and would deport but for the risk of torture if he were returned to his own country. Detention of non-national suspects is still a cause of grave concern, and I share the anxieties expressed by Lord Woolf CJ in para 9 and by Brooke LJ in para 86 of their respective judgments in the Court of Appeal. But in my view Part 4 of the 2001 Act is not offensively discriminatory, because there are sound, rational grounds for different treatment."

Baroness Hale:

"Executive detention is the antithesis of the right to liberty and security of person...

We have always taken it for granted in this country that we cannot be locked up indefinitely without trial or explanation...

There is every reason to think that there are British nationals living here who are international terrorists within the meaning of the Act; who cannot be shown to be such in a court of law; and who cannot be deported to another country because they have every right to be here. Yet the Government does not think that it is necessary to lock them up. Indeed, it has publicly stated that locking up nationals is a Draconian step which could not at present be justified. But it has provided us with no real explanation of why it is necessary to lock up one group of people sharing exactly the same characteristics as another group which it does not think necessary to lock up."

She also quotes Thomas Jefferson:

"Though the will of the majority is in all cases to prevail, that will to be rightful must be reasonable . . . The minority possess their equal rights, which equal law must protect, and to violate would be oppression."

and rounds off:

"No one has the right to be an international terrorist. But substitute "black", "disabled", "female", "gay", or any other similar adjective for "foreign" before "suspected international terrorist" and ask whether it would be justifiable to take power to lock up that group but not the "white", "able-bodied", "male" or "straight" suspected international terrorists. The answer is clear."

Complex case. Not easy for any of the parties involved. I would guess that the government's response to the decision, when it gets round to dealing with it, will be to broaden the scope of the legislation to facilitate the indefinite detention, without charge or trial, of terrorist suspects who are British nationals too.

More from A and X and others v Home Secretary

Lord Nicholls:

"Indefinite imprisonment without charge or trial is anathema in any country which observes the rule of law...

In the present case I see no escape from the conclusion that Parliament must be regarded as having attached insufficient weight to the human rights of non-nationals. The subject matter of the legislation is the needs of national security. This subject matter dictates that, in the ordinary course, substantial latitude should be accorded to the legislature. But the human right in question, the right to individual liberty, is one of the most fundamental of human rights...

The difficulty with according to Parliament the substantial latitude normally to be given to decisions on national security is the weakness already mentioned: security considerations have not prompted a similar negation of the right to personal liberty in the case of nationals who pose a similar security risk. The government, indeed, has expressed the view that a 'draconian' power to detain British citizens who may be involved in international terrorism 'would be difficult to justify': Counter-Terrorism Powers: Reconciling Security and Liberty in an Open Society (February 2004, Cm 6147), para 36. But, in practical terms, power to detain indefinitely is no more draconian in the case of a British citizen than in the case of a non-national."

Lord Hoffmann again:

"This is one of the most important cases which the House has had to decide in recent years. It calls into question the very existence of an ancient liberty of which this country has until now been very proud: freedom from arbitrary arrest and detention. The power which the Home Secretary seeks to uphold is a power to detain people indefinitely without charge or trial. Nothing could be more antithetical to the instincts and traditions of the people of the United Kingdom...

In any case, suspicion of being a supporter is one thing and proof of wrongdoing is another. Someone who has never committed any offence and has no intention of doing anything wrong may be reasonably suspected of being a supporter on the basis of some heated remarks overheard in a pub. The question in this case is whether the United Kingdom should be a country in which the police can come to such a person's house and take him away to be detained indefinitely without trial.

88. The technical issue in this appeal is whether such a power can be justified on the ground that there exists a "war or other public emergency threatening the life of the nation" within the meaning of article 15 of the European Convention on Human Rights. But I would not like anyone to think that we are concerned with some special doctrine of European law. Freedom from arbitrary arrest and detention is a quintessentially British liberty, enjoyed by the inhabitants of this country when most of the population of Europe could be thrown into prison at the whim of their rulers. It was incorporated into the European Convention in order to entrench the same liberty in countries which had recently been under Nazi occupation. The United Kingdom subscribed to the Convention because it set out the rights which British subjects enjoyed under the common law.

89. The exceptional power to derogate from those rights also reflected British constitutional history. There have been times of great national emergency in which habeas corpus has been suspended and powers to detain on suspicion conferred on the government. It happened during the Napoleonic Wars and during both World Wars in the twentieth century. These powers were conferred with great misgiving and, in the sober light of retrospect after the emergency had passed, were often found to have been cruelly and unnecessarily exercised. But the necessity of draconian powers in moments of national crisis is recognised in our constitutional history...

Of course the government has a duty to protect the lives and property of its citizens. But that is a duty which it owes all the time and which it must discharge without destroying our constitutional freedoms. There may be some nations too fragile or fissiparous to withstand a serious act of violence. But that is not the case in the United Kingdom..."

And he rounded off with gusto, as I mentioned earlier:

"The real threat to the life of the nation, in the sense of a people living in accordance with its traditional laws and political values, comes not from terrorism but from laws such as these. That is the true measure of what terrorism may achieve. It is for Parliament to decide whether to give the terrorists such a victory."

House of Lords on ATC&S

There are lots of interesting snippets in the judgement from the House of Lords on the anti-terrorism legislation I mentioned earlier today.

Lord Bingham quotes the EU's Commissioner for Human Rights comments on the Anti-Terrorism Crime and Security Act, Opinion 1/2002 (28 August 2002):

"36. The proportionality of the derogating measures is further brought into question by the definition of international terrorist organisations provided by section 21(3) of the Act. The section would appear to permit the indefinite detention of an individual suspected of having links with an international terrorist organisation irrespective of its presenting a direct threat to public security in the United Kingdom and perhaps, therefore, of no relation to the emergency originally requiring the legislation under which his Convention rights may be prejudiced.

37. Another anomaly arises in so far as an individual detained on suspicion of links with international terrorist organisations must be released and deported to a safe receiving country should one become available. If the suspicion is well founded, and the terrorist organisation a genuine threat to UK security, such individuals will remain, subject to possible controls by the receiving state, at liberty to plan and pursue, albeit at some distance from the United Kingdom, activity potentially prejudicial to its public security.

38. It would appear, therefore, that the derogating measures of the Anti-Terrorism, Crime and Security Act allow both for the detention of those presenting no direct threat to the United Kingdom and for the release of those of whom it is alleged that they do. Such a paradoxical conclusion is hard to reconcile with the strict exigencies of the situation."

The Newton committee which reviewed the Act raised similar concerns and recommended the section dealing with indefinite detention of foreign terrorist suspects be replaced:

" We consider the shortcomings described above to be sufficiently serious to strongly recommend that the Part 4 powers which allow foreign nationals to be detained potentially indefinitely should be replaced as a matter of urgency. New legislation should:

a. deal with all terrorism, whatever its origin or the nationality of its suspected perpetrators; and

b. not require a derogation from the European Convention on Human Rights."

Lord Bingham may have been quietly irritated by the government's (a favorite of David Blunkett) tactic of criticising anyone who disagreed with them as not having the appropriate standing/authority or just belonging to a group that could be appropriately pejoratively labelled. After going through some neat legal reasoning on proportionality and accepting the government and parliament's remit to make political decisions he comes out with the following:

"The Attorney General is fully entitled to insist on the proper limits of judicial authority, but he is wrong to stigmatise judicial decision-making as in some way undemocratic." And...

"the central complaint made by the appellants: that the choice of an immigration measure to address a security problem had the inevitable result of failing adequately to address that problem (by allowing non-UK suspected terrorists to leave the country with impunity and leaving British suspected terrorists at large) while imposing the severe penalty of indefinite detention on persons who, even if reasonably suspected of having links with Al-Qaeda, may harbour no hostile intentions towards the United Kingdom. The conclusion that the Order and section 23 are, in Convention terms, disproportionate is in my opinion irresistible."

Which inevitably brings me back to my current hobby horse of ID cards and inspired by Lord Bingham - the choice of ID cards to address a security [or immigration or social cohesion or etc etc] problem(/s) will have the inevitable result of failing adequately to address that(/those) problem(/s).

He concludes his judgement at paragraph 73 thus:

"I would allow the appeals. There will be a quashing order in respect of the Human Rights Act 1998 (Designated Derogation) Order 2001. There will also be a declaration under section 4 of the Human Rights Act 1998 that section 23 of the Anti-terrorism, Crime and Security Act 2001 is incompatible with articles 5 and 14 of the European Convention insofar as it is disproportionate and permits detention of suspected international terrorists in a way that discriminates on the ground of nationality or immigration status. The Secretary of State must pay the appellants' costs in the House and below."

BitTorrent Hubs Shutting Down

Major BitTorrent hubs such as SuprNova have gone offline in the wake of the MPAA legal action against such sites. Whereas most of the conventional P2P software is now decentralised, BitTorrent relies on tracker hub servers to facilitated the parallel transfers of all the pieces of the large files being distributed. That makes the architecture such that these hubs are relatively easy to find, so if they are facilitating copyright infringement they could be sued by the offended party eg the movie industry.

The stuff of nightmares

The day after David Blunkett resigned as Home Secretary, the House of Lords full panel ruled on the case of terrorists suspects detained without trial under the anti-terrorism crime and security act. It's pretty strong stuff and no doubt Mr Blunkett would have responded by labelling the law lords "woolly liberals" (like Charles Clarke on the opponents of ID cards yesterday) or "out of touch" or some such pejorative nonsense.

Lord Scott:

"Indefinite imprisonment in consequence of a denunciation on grounds that are not disclosed and made by a person whose identity cannot be disclosed is the stuff of nightmares, associated whether accurately or inaccurately with France before and during the Revolution, with Soviet Russia in the Stalinist era and now associated, as a result of section 23 of the 2001 Act, with the United Kingdom."

Lord Hoffman:

"The real threat to the life of the nation, in the sense of a people living in accordance with its traditional laws and political values, comes not from terrorism but from laws such as these. That is the true measure of what terrorism may achieve. It is for Parliament to decide whether to give the terrorists such a victory."

Legal judgements from the highest court in the land don't come any stronger than this. The technical outcome is that the legislation allowing detention without trial, under the anti-terrorism legislation was declared to be in conflict with the Human Rights Act. Unlike the US supreme court, though, the law lords can't strike down the legislation as unconstitutional. New Home Secretary, Charles Clarke, will have to look again at the conflict and figure out, with his officials, how to resolve it.

Software patents and ID cards sneaking through

More democracy in action in the EU. As was reported recently, the Council are sneaking the software patents directive through during a meeting on Agriculture and Fisheries today.

It will go back to the EU parliament, which opposed it in its current form, once the Council has approved it but don't expect the parliament to have much influence.

The ID cards bill was "debated" in the House of Commons yesterday and the chamber was virtually empty. Compare that with the sessions on MPs salaries when the same chamber is bursting at the seams with MPs and it gives you some indication of the state of our democracy in the UK. Our political representatives are more concerned about their own salaries than an issue of fundamental importance such as the introduction of national identity cards. No other Western democracy has introduced ID cards in peacetime and we're passing it through without interest or debate.

Paraphrasing Edmund Burke (and various others since, including Albert Einstein), for evil to prosper it requires only that good people do nothing. Most MPs are basically decent people but in this instance they are doing nothing.

Monday, December 20, 2004

ID Cards Again!

MPs are debating the ID card bill in the House of Commons today and sadly new Home Secretary, Charles Clarke, has labelled opponents "wooley liberals." I can see the standard of the debate is not going to rise to the merits and demerits of the cases for and against.

I've also just heard an interview with Jean Corston, MP, on Radio 5 live's Drive programme. This lady is "Chairman" of the parliamentary Joint Committee on Human Rights.

She dismissed a question about the reliability of the ID card database by suggesting it was irrelevant and that databases do work too, you know. Well that puts my concerns that the ID card system won't work well and truly to rest. After all this woman is the "chairman" of the Human Rights committee.

She was apparently against ID cards until two years ago when she did a consultation exercise in her constituency, during which she "learned" that some women in ethnic minority communities were desparate to have an ID card, so they could identify themselves. They were absolutely desparate because they didn't have passports which were taken away and they didn't have bank accounts or anything like that.

She conceded there might be privacy issues associated with the ID card but the thing that convinced her to change her mind was an interview with a "terrorist" on BBC television. Apparently this terrorist claimed he had moved to the UK from France because it was easier to get around the UK, since we don't have ID cards like the French.

A "terrorist" on a TV programme says ID cards make life more difficult for terrorists and this is sufficient evidence for the "chairman" of our parliamentary Joint Committee on Human Rights to change her mind on years of opposition to ID cards.

Even if I wasn't against the scheme on the pragmatic basis that the system will not work, won't address any of the problems it is claimed to be addressing, will create a huge range of other problems, will cost a fortune that could be more effectively spent elsewhere, I would want to hear from the "chairman" of such a committee questions as to whether there was any substance to the charges of principle made by opponents of the scheme.

It seems that "I ran a few focus groups and saw a TV programme" can be the deepest level of scrutiny we can expect of our parliamentary representatives, when it comes to matters of fundamental importance to the future of our democracy. Well we get what we deserve in parliamentarians and if we're prepared to put up with this superficiality, then we may take the consequences uncomplainingly. It is, however, a pretty appalling reflection on the state of our democracy.

One Just one more time in brief, then, for Mr Clarke and Ms Corston,

1. What problem does your proposed solution (ID cards) solve?
A: Lots allegedly - terrorism, immigration, benefit fraud, social cohesion etc - all ill defined.
2. What architecture has your proposed solution got - what does it look like?
A: Complicated - high tech cards, massive database which no computer scientist in the world could secure, decentralised networked registration centres, huge numbers of decentralised verification devices for police, GPs etc.
3. How well does it solve your problem(/s)?
A: Not at all.
4. How can it fail and what other problems does it create?
A: It can fail in many ways and cause lots of other problems - errors in database, failure of remote verification and registration devices, unreliable biometric technology etc etc.
5. How much does it cost?
A: Billions of pounds.
6. Is it worth it?
A: No, the money could be more effectively spent on [well trained] extra police, security service, customs and immigration staff.

Google and academic libraries

James Grimmelmann on the Google academic library scan project:

"The program will scan some 15 million books to create searchable electronic versions. Public domain ones will simply be placed online outright. Estimates place the cost at $10/book. $150 million sounds like a real fistful of change, but when you think about it, it's astonishingly little. By way of comparison, it's less than EA paid the NFL for exclusive rights to make NFL-branded football video games, the daily cost of the occupation in Iraq, or the price tag to make and market Battlefield Earth. In exchange, we get the remade Library of Alexandria.
What's in it for Google? The same thing that's in open source for IBM. Vendors who contribute to open source software sell hardware and services whose value is enhanced by having a productive commons. Software, hardware, and support are natural complements. As I see it, Google sells search, and search and content are natural complements.

I look forward tremendously to having all that public domain material online: watch out publishers, because you're about to have to start competing with free in a whole new way."

Blunkett's successor supports ID cards

Unfortunately it seems that even though David Blunkett has gone, his ID card disaster plan has not gone with him. New Home Secretary, Charles Clarke is planning on pushing it through with cosmetic "concessions."

Mr Blunkett's resignation is a real opportunity for the government to extract itself from this fiasco before it does any real damage. That requirement within government to focus on the next headline and be seen to be "doing something" (whatever that something is) could have been deftly turned to their advantage from a PR perspective; but of course they're terrified of being seen as "soft on" crime, terrorism, immigration, benefit fraud [take your pick from these or a long list of other issues], so will probably be too scared to take the "risk."

So let's step away from the simplistic soundbites on all sides and look again (as I have done ad nauseum here, with apologies to regular readers) at the practicalities. Mr Clarke, please just ask yourself a series of logical questions:

1. What problem does your proposed "solution", in this case biometric national ID cards solve? Or to put it in security terms: what assets are you trying to protect?
A: Well the list seems to grow by the day. Mr Blunkett's favourite problems for the ID card solution were - terrorism, public service access, immigration, benefit fraud, social cohesion and citizenship. In the security context - what assets are you protecting - well, translating Mr Blunkett's problems to assets, you're trying to protect everything and everyone from every negative consequence. That's quite an undertaking. (And remember attackers only have to focus on weak spots and get lucky once)

2. What technical infrastructure does your proposed solution require?
A: (a) High tech. cards for everyone. (Just as a matter of interest, since these cards are to be embedded with biometric data, why do we need a card at all? Sure we will all be our own walking ID and we don't lose our irises or fingerprints as easily as we can lose a card.)
(b) A massive central database which contains a great deal of information on everyone registered
(c) A registration process, involving a large number of decentralised registration centres, suitably technically equipped and with a networked connections to the central database
(d) Huge numbers of robust local systems (in hospitals, local council offices, hospitals, every police officer, GP surgeries etc etc) for checking ID cards and verifying/validing via appropriate networks with the central database.

3. How well does this system (the ID card solution) solve the problems identified in question 1.?
A: Not at all.

4. How can this complex ID card "solution" fail and what other problems does it create?
A: It can fail in an untold number of ways because it is so complex and it depends on so many people having access remotely and centrally just for day to day construction and operation. The database can fail - there is not a computer scientist in the world who knows how to secure, in practice, a database as big and complex as the one required to underpin this system. It will have errors, it will become outdated; database staff will make mistakes; remote card verifiers will make mistakes; the biometric technology underpinning all of this is unreliable (despite many vendors claims to the contrary); the system will be misused accidentally and deliberately (in the latter case by a small number of so called bad actors, internal and external); people will lose their cards; people will forget to get their details changed as necessary eg change of address; the system has to "talk to" other government ID systems, which are prone to catastrophic technical failure (eg the Dept for work and pensions IT systems crash from a couple of weeks ago).
There will be a huge incentive for organised crime to engage in forging these cards (since they are allegedly the key to so many services) and they will be forged on a large scale. The database may well be used like the electoral roll to sell personal details to direct marketers. Maintenance of the system will be labour-intensive.
And that is just scatching the surface.

5. How much does it cost?
A: in pure monetary terms, not taking into account just some of the negative consequences listed above, it will cost billions of pounds.

6. Is it worth it.
A: Clearly not. If we have billions of pounds to spend on tackling terrorism, etc. it would be better spent on higher numbers of well trained police, security services, customs and immigration staff. The latter is not, however, a positive headline grabber with the Daily Mail or the Murdoch press and does not provide apparently instant results.

And just back to the list of some of the planned verification uses written into the government's draft bill: enforcing parking fines, preventing underage selling of cigarettes, alcohol, DVDs and lottery tickets, banking services (eg mortgage) applications, TV licence, benefits, driving test and car tax applications, access to public sevices eg GP or hospital, gun licence applications. How will verification for these things tackle terrorism, immigration, benefit fraud or problems of social cohesion?

Just one more time in brief, then,

1. What problem does your proposed solution (ID cards) solve?
A: Lots allegedly, all ill defined.
2. What architecture has your proposed solution got - what does it look like?
A: Complicated.
3. How well does it solve your problem(/s)?
A: Not at all.
4. How can it fail and what other problems does it create?
A: Many ways and lots of other problems.
5. How much does it cost?
A: Billions.
6. Is it worth it?
A: No.

Mr Clarke has an opportunity to step away from what will probably become New Labour's political disaster equivalent of the poll tax. I hope he takes it.
"MILLIONS of e-mails to civil servants at the heart of government will be automatically wiped on Monday, 11 days before freedom of information laws come into force.

The Cabinet Office, which supports the Prime Minister and co-ordinates policy across government, has ruled that e-mails more than three months old must be deleted from December 20, The Times has learnt."

Speaks for itself and as the Assistant Information Commissioner has said in response this just creates a big risk that important information will be lost. I've worked for organisations who mistakenly believed they needed to blindly purge information which had existed in files for longer than some arbitrary nominal period and chaos inevitably ensues. No doubt some in government are feeling a little sensitive about the email that led to David Blunkett's resignation last week and although it won't have been the determining factor in making this decision it will have featured. Pity. When it comes to complex systems, simplistic blanket policies rarely if ever work as intended and this one will return to haunt in due course.

Chip and pin, EDonkey Raids and FoI Charges

Ross Anderson is warning that chip and pin cards may not be the boon to tackling fraud that the banking industry are selling them as.

Prof Anderson said: "What this does is dump liability on the merchant in some cases and on the customers in others. If you use it in a cash machine, the banks will probably say you were to blame.

The introduction of pins for general retail, the co-existence of magnetic strips and smart chips and the underlying change in liability that means banks no longer have incentives for reducing risk is a recipe for card fraud not going down by anything as much as was predicted. If I take my debit card to the supermarket, I use my signature."

And that is one of the fundamental points about security that rarely gets raised in public discourse on the subject - security depends on agenda. If the system can be arranged so that the agent with the most power, eg banks, do not bear the cost of any security failure (onus on cardholder to prove it was not fraud), then that agent (bank) has no incentive to improve security. Sure thene's fraud, sure it's widespread and sure it's somebody else's problem.

From The Register:

"Dutch anti-piracy organisation BREIN, along with FIOD-ECD (Economic Inspection Service of the Fiscal Intelligence and Investigation Service), has raided two popular sites in the Netherlands that offered links to allegedly copyright-infringing content. FIOD-ECD has arrested eight people and seized eleven servers."

The UK government have laid out the rules for charging to discharge freedom of information requests.