Friday, January 20, 2006

Google, AOL, MSN, Yahoo! and the DOJ

SearchEngineWatch on the US Department for Justice attempts to get a picture of web surfing by demanding Google data:

"Getting a list of all searches in one week definitely would let US federal government dig deep into the long tail of porn searches. But then again, the sheer amount of data would be overwhelming. Do you know every variation of a term someone might use, that you're going to dig out of the hundreds of millions of searches you'd get? Oh, and be sure you filter out all the automated queries coming in from rank checking tools, while you're add it. They won't skew the data at all, nope.

Moreover, since the data is divorced from user info, you have no idea what searches are being done by children or not. In the end, you've asked for a lot of data that's not really going to help you estimate anything at all.

Far better would be to do some searches that you think children and teens are actually doing, such as by doing a survey of them. Then just go start searching on Google and the other search engines yourselves. See what actually comes up, especially when the filtering protection each service offers is enabled. That would give you plenty of data, plus it would be useful for everyone to have someone rigorously test the filtering systems that are offered. Serving subpoenas to get the data isn't necessary."

Boiling frogs and drm

Wendy Seltzer says

"For years, the entertainment industry's DRM strategy has seemed to follow the old story about how to boil a frog: Start it going in a pan of cold water and gradually turn up the heat.

So it is with digital rights management: Start consumers off with restrictions only the techiest edge-cases among them will notice, then quietly increase control. Apple's iTunes, for example, has downgraded the behavior of already-purchased music files. One day you could burn a playlist 10 times, the next day only seven.

Once you've accepted that "your" music comes with only a set of pre-defined uses -- and not any personal use you can invent -- you might not notice as you lose the ability to do your own format-shifting. Just as fans once re-purchased music as it moved from 45 to LP to CD, perhaps they could be conditioned not to complain if they were made to re-license when they replaced computers and stereo components. Instead of selling CDs, then, marketers will then be able to slice up the "music experience" and license pieces back to the fans whose rights they've taken, ideally for more than the one-time profit on a CD."

So the Sony rootkit drm fiasco was good news, in that it woke some people up to the insidious nature of drm.

Battelle on Google's reasons for fighting DOJ

John Battelle has his own view about the reasons Google have decided not to hand over data to the government.

"What's the Big Deal? the Google v. DOJ case? Well, I've argued it's the slippery slope. But reading through the subpoena, it's clear that from where Google stands, there's something else at stake.

Remember this whole goat rodeo (on the size of indexes)? Remember how slippery both Yahoo and Google got when we tried to figure out exactly how many documents were in their indexes? Well, turns out, that's pretty much what the DOJ is trying to do as well. Hence, Google's defense on a "trade secrets" basis.

Apparently, the subpoena originally asked for a lot more than just a million addresses, as reported Thursday. From the motion the DOJ filed to force Google to comply with the subpoena:

"The subpoena asks Google to produce an electronic file containing '[a]ll URL's that rea available to be located through a query on your company's search engine as of July 31 2005."


"all queries that have been entered on your company' search engine between June 1, 2005 and July 31, 2005."

HELLO. You think Google is going to give that over? Me no think so.

This is why Google originally fought the order. The DOJ then narrowed its request to a random sample of one million URLs and agreed to not ask for personally identifying info on the search queries, but it still wants all search queries for a one week period. No way in hell Google would give that up, given the company's penchant for secrecy. Sure, the DOJ might guarantee that the data would not enter the public record, but, once in the DOJ's hands, it's out of Google's control.

So how to fight it? Well, standing up to the DOJ and getting major praise for doing so is a very smart strategy, in my book. As much as I'd love to believe Google is fighting this for heroic reasons, I'd wager that the data has more to do with it."

The Purple Stapler

An inner city teacher on a purple stapler pushing her over the edge...

"There are hundreds of reasons to freak out at work each day. Those who haven't spent much time in a South Bronx high school may think I'm exaggerating or stereotyping. Unfortunately, I'm not. My school's administration is in shambles. The school district is grossly neglecting the civil rights of students with learning disabilities. I have 17-year-old students who are reading and writing at a second grade level. Not because they're dumb (talk with them for a minute and you'll hear their wit), but because they never received help for learning problems ranging from dyslexia to autism. They are among the few teenagers in their situation who haven't dropped out...

Before today, I had remained relatively calm in the classroom. I would weep at home, vent to friends over the phone, laugh when I meant to cry, and stay up worrying at night. But for six months I managed to wake up each morning, take the painfully slow train up to the Bronx, and put on my game face in front of my students. I knew it couldn't last.

So today marks the day that I finally went loca en la cabeza in front of my students. I didn't snap over something worthy, like drugs or dropouts or a student telling me to f--k off. No. I, Miss Dennis, snapped over a stapler. A miniature purple stapler. It was missing, and I was mad...

When I discovered that the stapler was missing, I completely shut down my class and demanded to know who had taken it. I was on the verge of tears. My students stared at me in shock.

"Are you okay, Miss Dennis?"

"What's wrong Miss?"

"I'll tell you what's wrong! Look around this classroom. Look at all these books and posters and videos and markers. Do you know who bought these? I did! With my own money! That's right! The Board of Ed gives me nothing! Nothing! That was my purple stapler, and no one has the right to take it! That's it! I'm taking everything home with me."

I began pulling down and piling up everything I had bought with my own money. It wasn't quite true that the Board of Ed had given me nothing. I received $150 to spend on classroom supplies. Other teachers got $200, but the genius Board of Ed CFO decided that special education teachers should get 25% less than all other teachers. (Way to go, CFO. Way to motivate teachers in your highest need area to keep working for you.) So I got $150, which I spent on 10 copies of The House on Mango Street. I paid for the other 15 copies of the book myself. I've spent an estimated $550 on classroom supplies already this semester, and many teachers I know have spent much more. Clearly, my rage was not simply about the missing purple stapler.

I finished piling up all of my belongings as my students continued to look on in disbelief. As soon as I calmed down, I pathetically tried to salvage a lesson out of my tantrum...

"Stop playin'. You not really gonna' take all that home. You take the 6 train. I seen you yesterday. You can't take all that home on the 6 train."

He had a point, and it finally dawned on me how ridiculous I was acting.

"Miss, are you crying over a stapler?"

"Not just any stapler Joseph! My lovely, miniature purple stapler!"

Laughter, finally...

I had my suspicions about who'd stolen the stapler, but I knew no one would snitch. In high school (whether in the wealthiest of suburbs or the grittiest of inner city neighborhoods), there's nothing worse than a snitch.

But amazingly, after class, one by one, every single student came back to my classroom to show me where the purple stapler had been stashed -- in a desk drawer in the back of the classroom. Apparently, whoever had planned on stealing it couldn't go through with it after my tantrum. Even the toughest, most seemingly uncaring of students came back to the classroom to make sure I was reunited with my beloved stapler. One of them helped me put back all of the books, posters, videos and markers.

"I knew you were just playin' us Miss."

Right. It was all a big plan. "

Alito and CAP

Samuel Alito, President Bush's US Supreme Court nominee once belonged to an organisation created to oppose the entry of women students to Princeton University.

" The animating force behind the alumni revolt at Princeton was the university's decision in January 1969 to admit women. Within four weeks, a conservative group calling itself the Alumni Committee to Involve Itself Now (ACTION) was founded. After its spirited attempt to block the admission of women failed, ACTION was succeeded in 1972 by CAP...

Alito's supporters have claimed that his declaration of membership in CAP 20 years ago is irrelevant to assessing whether he should be appointed to the Supreme Court. But would they say the same of a nominee to the Court who at age 35 had highlighted his membership in an organization that was on record as favoring the imposition of quotas limiting the number of Jews? And if a liberal nominee for the Supreme Court had belonged to a left-wing organization (e.g. Students for a Democratic Society) and touted it in an application for a job in the federal government, would it not be appropriate for the Senate to scrutinize this?

By the mid-1980s, having failed in its effort to restore the Princeton of old, CAP had become increasingly shrill...

Why, then, in late 1985 — 13 years after CAP was founded — would the mild-mannered Samuel Alito tout his membership in such an organization as he sought the job of Deputy Assistant Attorney General...

In all likelihood, Alito — who was by all accounts a marginal and inactive member of CAP — highlighted his membership in the organization for the most prosaic of reasons: he thought that it would signal to the movement conservatives who controlled appointments in the Justice Department that he shared their values and was a member of their network. Alito was not wrong, and in late 1985 — shortly after Prospect published what turned out to be its last issue — he received the promotion that helped place him on the path to the Supreme Court."

Google refuse White House data request

The Guardian has a report on Google's refusal to hand over personal data to the White House. The Bush administration are trying to revive the 1998 Child Online Protection Act (COPA) which has been effectively thrown out of every court in the land. I'm rusty on the details (seems like an Internet lifetime since COPA was an issue) but as far as I remember COPA makes it a crime to send any communication that might be "harmful to minors" via the Web, unless the person sending the message has retricted access to minors by requiring credit card details.

This has been considered twice by the US Supreme Court and they decided that the law placed excessive restrictions on adult access to material they had a right to see on the Net. The Supreme Court sent it back down the lower courts for a trial on whether changes in technology should affect the constitutionality of the law.

The request for Google data appears to be a fishing expedition to collect and analyse patterns of Web use to see it that provides further evidence of the need for such a law. MSN and Yahoo! have handed over the required data without a challenge.

Update - The text of COPA reads:



"(1) PROHIBITED CONDUCT.—Whoever knowingly and with knowledge of the character of the material, in interstate or foreign commerce by means of the World Wide Web, makes any communication for commercial purposes that is available to any minor and that includes any material that is harmful to minors shall be fined not more than $50,000, imprisoned not more than 6 months, or both...


"(1) DEFENSE.—It is an affirmative defense to prosecution under this section that the defendant, in good faith, has restricted access by minors to material that is harmful to minors—

"(A) by requiring use of a credit card, debit account, adult access code, or adult personal identification number;

"(B) by accepting a digital certificate that verifies age; or

"(C) by any other reasonable measures that are feasible under available technology."

DVD Jon registers deaacs domain

The leading new DVD copy protection system is AACS. Guess what? The Norwegian, who as a teenager, was responsible for publishing DeCSS, the code to bypass the old DVD copy protection, CSS, has registered the domain name Not much there yet except the following:

Estimated release: winter 2006/2007

Jon Lech Johansen"

Wikipedia Germany shut down by court order

Wikipedia Germany appears to have been shut down by a court order.

Rowe on baseball statistics

Jonathan Rowe has another classic case study illustrating what's wrong with some key actors' approach to intellectual property today.

"What is it about baseball statistics? The records of no other sport – of nothing period except maybe the stock market –have the same effect. Kids who can’t do long division can tell you Ted Williams’ batting average for every year in his career. Games based on baseball stats have become a teeming subculture. In the Fifties it was All Star Baseball, a board game with a circular card for each famous player. The cards were sectioned off according to that player’s statistics. You put one on a spinner, spun the metal arrow, and if it came to rest on the section marked “1”, it was a home run, and so on. Babe Ruth had a huge “1” section; Eddie Collins, the great second baseman, had a small one, but a large area for singles, which was “7” I think.

Then came a more sophisticated version that took pitching and fielding into account. My younger brother played an entire season one summer with his best friend. They kept batting and pitching records, the whole thing. Now’s there’s fantasy baseball, in which participants manage teams composed of players they choose from current major league rosters. The performance of the players tracks their daily performance in the ongoing season. Some 16 million people play in Fantasy Leagues. I’ve known writers who were avid fantasy ballers. Now it all could come to a crashing halt, thanks to the Major League Baseball monopoly.

Put simply, the majors are demanding a royalty from the fantasy leagues for the use of the statistics. Worse, it appears that they want to hoard the statistics and not grant a license at all. The details are more complicated, as they usually are; but that’s what it comes down to; and this raises a number of questions. For one thing, can someone really “own” statistics that simply are summations of historical facts? Baseball box scores are published in pretty much every newspaper in the land, and now on the web as well. They are handed around, discussed over coffee; when I went to summer camp my father sent me packets of box scores from the Boston Globe.

How do you “own” facts that enter the culture with such abandon? I know that the courts have made distinctions, and then distinctions within those. I’m talking common sense here. If you can own facts then you can own the truth about the past. You can control what people say and write about the past. That doesn’t sound like the kind of nation Madison and Jefferson had in mind when they gave the federal government the power to bestow copyrights and patents.

The majors argue that some fantasy leagues are commercial operations; and thus the use in question is commercial use. That’s a base hit for them. But it begs another question: namely, what are the intellectual property laws for in the first place? The Constitution says that copyrights and patents should be granted to “advance science and the useful arts.” The question to be asked of any claim of intellectual property, therefore, is whether it encourages such advancement, or retards it, commercially or otherwise.

In this case, the statistics in question have been produced for almost as long as Americans have played the game. The advancement has come from the uses people have made of them – the games, the compilations, the exhaustive and wonderfully obsessive analytics of a Bill James. The stats are the raw material; these are the innovations. To grant the major league’s monopoly claim would be to frustrate such creativity rather than advance it. It would bestow upon the professional leagues a pure form of what economists call “monopoly rent” – which is to say, a lot of money for nothing.

Myself, I’d be willing to grant a small royalty to the majors from commercial users, to help defray the ongoing expense of collecting the stats. It shouldn’t be necessary. The leagues gather the stats for their own purposes anyway, including daily publicity. So the “marginal cost”, as the economists say, of letting others use them, is pretty much zero. To the contrary there is gain. Kids who study the Baseball Encyclopedia, and Bill James, and play in the fantasy leagues, become lifelong fans. With the possible exception of bookmakers, no one follows the sport more closely than do fantasy leaguers.

The stupidity of cutting itself off from its own fans for a few extra dollars is, some would say, par for the major league course. (They must be listening to the same lawyers that advise the recording industry.) It’s not as though the majors are financially needy. There are problems regarding small market teams. But pro football solved that one and with a little less greed pro baseball could too.

But that’s their problem. For the rest of us, baseball statistics are a case study in why basic research and data should go into the public domain. When that domain remains abundant and free, invention and the arts flourish, as Madison and Jefferson intended. When basic knowledge – whether about the gene pool, the solar system, or baseball players – becomes fenced, then invention is stymied, for the same reason that tollbooths along the sidewalk would stymie business at the shops along that street.

The basic rule is, absent a compelling case to the contrary, let it be free."

There have been similar moves by the Premier League in the UK and the simple question, as Rowe says is: how can anyone own a collection of facts? "If you can own facts then you can own the truth about the past. You can control what people say and write about the past." That's not the kind of society I want my kids growing up in and it is a serious illustration of the kind of power that unbalanced intellectual property landscapes can bestow. In an information society the information laws, intellectual property prime amongst them, are the default rules of the road.

Radio series about the Commons

There is a series of interesting radio shows, A World of Possibilities, which has been airing in the US about the commons and wealth. It's produced by the Mainstream Media Project, " a nonprofit public education and strategic communications organization that uses the mainstream broadcast media to raise public awareness about new approaches to longstanding societal problems."

The specific programs are called:

What is Wealth? Passing on the Gift, where Bill Gates Snr says there is no such thing as a self made man - the wealth of millionaires is not generated in a personal vacuum but with the help of lots of people, groups, communities, and yes even government.

Richer Than We Know: Reclaiming Our Natural Inheritance covers commons resources like air and water, parks and roads etc that most of us take for granted.

Who Owns This Place Anyway?
looks at the interdependance of commons and markets.


Thursday, January 19, 2006

The girl who names Pluto

The BBC have a nice story about the girl who named a planet.

"Venetia Phair isn't a name that immediately springs to mind when you mention astronomy.

But the retired teacher from Epsom in Surrey has left an indelible signature on our map of the Solar System.

Now 87 years of age, Venetia Phair (née Burney) is the only person in the world who can claim to have named a planet."

LSE Prof on ID cards

There are some great lines from Professor Ian Angell of the LSE in a Q&A with ZDNet yesterday:

"You obviously don't think the scheme will be a success then?
I feel ambivalent about it. As a taxpayer, I'm horrified. As a professor of information systems, I'd love them to implement the scheme, because a lot of work will come from this. It'll be like watching the Titanic from the drawing board to the iceberg. This is going to be a shambles.

Why do you think it'll be such a shambles?
To implement an information system, you need to have a clear set of objectives to reach and aims to address. What you have here is a moving target. The cards may be used for e-commerce authentication, but also as an ID card, like an Ahnenpass, which is what the police want.

An Ahnenpass?
An Ahnenpass is what the Nazis issued to the Jews to identify them. This is what the Muslims will see it as. White-boy organisations demanding searches, and charging taxpayers for it.

Some estimates put the cost of implementing the scheme at £300 per person. Will it really be that expensive?
The overall cost may not be £300 per person, because the government will generate income from the system, by selling the system and the expertise to run it to other governments. But the only governments that will take it are other disreputable ones. The scheme will not work. The social environment it will be dropped into will be so disruptive. It's not even clear if the scheme is legal under EU law.

Are there any other reasons why you believe the scheme won't work?

These people [the government] have obsessive-compulsive neuroses. Idiotic designers who think the world can be proscribed and ordered just so, when the world is non-linear. The flap of a butterfly's wing, and so on. This is a government of control freaks, who don't understand there's no such thing as control...

Final thoughts?
This will blow up in their faces, and it'll be a hugely expensive explosion."

It's a must read.

Canadian MP threatens to sue Michael Geist

Canadian MP, Sam Bulte, who has received campaign funding from entertainment industry lobbyists and pushed for copyright reforms, has threatened to sue law professor, Michael Geist. The MP is on record as saying

"I am not taking money from special interest groups. As you know, you can look at my returns. All of my election returns are noted, they are transparent. Ninety percent of my donations came from individuals. Ten percent came from organizations or corporations. They are not hosting a fundraiser for me. A fundraiser is being held. Individuals are invited. Everyone is invited. It is self-funding. And yes, there will be artists there. It will be a celebation of my support for the arts community."

Geist analysises these claims:

"Let me address each claim in turn. First, Bulte says she is not taking money from special interest groups. As I documented earlier this month, Bulte has accepted contributions from a long list of copyright associations and collectives, so her claim would only be truthful if she is no longer taking their money. However, given that the leaders of the copyright lobby associations are hosting the fundraiser and providing the entertainment, that does not appear to be a supportable claim.

Second, Bulte says that 90 percent of her donations came from individuals on her last return. This is simply false. Her 2004 riding association return posted on the Elections Canada site shows contributions of $67,737 (the fifth largest total among Ontario Liberals). That amount breaks down as $38,789 from individuals (57 percent), 19,848 from corporations (29 percent), and $9,100 from trade unions (13 percent), which include several copyright collectives.

Third, Bulte indeed stated that "they are not hosting a fundraiser for me." Again, looking at her website and the registration form this does not stand up to even minimal scrutiny."

It's good to see a respected academic having a serious impact on an election campaign.

ANPR data to be held for 2 years

From the Register,
Police are able to hold vehicle licence plate data for up to two years, the Government has confirmed.

In response to a Parliamentary question last week, Home Office Minister Paul Goggins said data collected through Automatic Number Plate Recognition (ANPR) technologies could be retained for up to two years for "justified policing needs".

Moglen says GPL 3.0 draft agressively anti-drm

Eben Moglen, general counsel for the Free Software Foundation, says the latest draft of the GPL is deliberately and aggressively anti-drm.

"The new version of the most widely used open-source license takes a "highly aggressive" stance against the digital rights management software that's widely favored in the entertainment industry, said Eben Moglen, general counsel for the Free Software Foundation.

At a two-day event here to launch the General Public License version 3, which governs use of countless free and open-source programs, Moglen said the license includes anti-DRM provisions that could put it in conflict with movie studios and even digital video recorder maker TiVo."

NCC submission to APIG DRM Inquiry

The National Consumer Council submission to the All Party Internet Group inquiry into drm makes interesting reading. Summary:

"The National Consumer Council recognises the value of intellectual property rights (IPRs) as a reward to innovators and creators, but is concerned about the costs placed on consumers of enforcing these rights, and the use of the enforcement of IPRs to curtail legitimate consumer freedoms. The way Digital Rights Management (DRM) technology is being deployed is causing a number of serious problems for consumers. These include:

• Inability to play digital products on their equipment;
• Limitations on the number of copies they can make;
• Adverse impacts on the use and security of their equipment;
• Inadequate information to make informed purchase choices;
• Unfair contract terms; and
• Loss of privacy rights.

The NCC believes that consumers' rights can no longer be merely recognised informally, as this has allowed the adoption of Digital Rights Management tools to violate previously accepted arrangements in IP law and consumer rights under consumer protection and data protection law. Policy makers muct now carefully consider putting consumers' legitimate interests on a more robust legislative, and positive footing."

They go on to conclude:

"There are a number of serious problems with the deployment of Digital Rights Management in relation to the provision to consumers of digital products. Yet current EU and UK copyright legislation protects DRM by making avoidance ("circumvention") illegal.

The NCC accepts that there may be a serious problem with organised criminal infringements (counterfeited products), but the industries involved too often conflate criminal and consumer activites. Given the resources available to many criminal gangs, the ability of DRM to halt these activities is minimal. However, the use of DRM can and is already constraining legitimate consumer use of products and consumer rights under consumer protection and data protection law.

The development of DRM so far suggests that leaving it to industry self-regulation will conpromise and limit the legitimate rights of consumers. This means that it is insufficient for the regulation of DRM technologies merely to be concerned with their protection from circumvention. A more balance legislative framework is needed which provides explicit recognition of consumer rights and ensures that anit-circumvention protection is only provided to DRM systems that meet the required standards."

It's well worth reading the 10-page report in full. Well done to the authors - it's not common to see the case so clearly put.

Orders is orders

Quote of the day:
Look to authority for orders, filter them through a fine mesh of common sense with a decent dollop of creative misunderstanding and occasional insidious deafness because authority doesn't understand the reality at street level.
For some reason I'm reminded of this in the midst of the various revelations about UK and US involvement and complicity in torture. I think this is from Terry Prachett's Night Watch but can't be entirely sure.

What No. 10 knew about CIA rendition flights

All over the media this morning (e.g. this Guardian piece) is the leak of a memo about how much the UK government knew or more precisely didn't know about the CIA rendition flights landing in the UK and alledgedly taking terrorist suspects to regimes which practice torture.
The government is secretly trying to stifle attempts by MPs to find out what it knows about CIA "torture flights" and privately admits that people captured by British forces could have been sent illegally to interrogation centres, the Guardian can reveal. A hidden strategy aimed at suppressing a debate about rendition - the US practice of transporting detainees to secret centres where they are at risk of being tortured - is revealed in a briefing paper sent by the Foreign Office to No 10.

Article continues

The document shows that the government has been aware of secret interrogation centres, despite ministers' denials. It admits that the government has no idea whether individuals seized by British troops in Iraq or Afghanistan have been sent to the secret centres.

Dated December 7 last year, the document is a note from Irfan Siddiq, of the foreign secretary's private office, to Grace Cassy in Tony Blair's office. It was obtained by the New Statesman magazine, whose latest issue is published today.

It was drawn up in response to a Downing Street request for advice "on substance and handling" of the controversy over CIA rendition flights and allegations of Britain's connivance in the practice.

"We should try to avoid getting drawn on detail", Mr Siddiq writes, "and to try to move the debate on, in as front foot a way we can, underlining all the time the strong anti-terrorist rationale for close cooperation with the US, within our legal obligations."

The document advises the government to rely on a statement by Condoleezza Rice last month when the US secretary of state said America did not transport anyone to a country where it believed they would be tortured and that, "where appropriate", Washington would seek assurances.

The document notes: "We would not want to cast doubt on the principle of such government-to-government assurances, not least given our own attempts to secure these from countries to which we wish to deport their nationals suspected of involvement in terrorism: Algeria etc."

The document says that in the most common use of the term - namely, involving real risk of torture - rendition could never be legal.

EDRI-gram survives

Good news from EDRI-gram

"The campaign for support for EDRI-gram has been very successful. After an urgency call for pledges in the last 2005 issue of EDRI-gram, kind donators have pledged a little over 2.000 euro in support. On top of that, the Open Society Institute (Soros) kindly offered a donation of 1.500 euro. Combined with the 4.000 euro scraped together by EDRI itself, EDRI is pleased to announce the survival of EDRI-gram in 2006. The new editor, Bogdan Manolea from EDRI-member APTI in Romania, has agreed to produce 24 editions in 2006."

And with that good news comes the latest edition, full as usual with important stories on digital rights issues. Notable is the pointer to Privacy International's report "Threatening the Open Society: Comparing Anti-terror Policies and Strategies in the U.S. and Europe" published just last month.


I learn from Quentin Stafford-Fraser that the Ndiyo Project has a new look website. "Ndiyo is a project set up to foster an approach to networked computing that is simple, affordable, open, less environmentally damaging and less dependent on intensive technical support than current networking technology." It's a terrific initiative and there is a huge need for it. Check out the site and if you can help in any way I'm sure Quentin would be happy to hear from you.

EU parliament investigate CIA secret prisons

The EU parliament has set up a committee to investigate allegations of secret CIA prisons in Eastern Europe.

Taking the "I" out of identity

Sean McGrath in IT World thinks we need to be taking the "I" out of identity on the Net.
Electronic identity is subtle at best, certainly insanely complicated and possibly even intractable.'

As is often the case with seemingly intractable problems, revisiting basic assumptions is always a worthwhile exercise. The big assumption here is that to do business electronically with someone, you need to know who they are. Is that really true?

Sometimes it most definitely is true of course but there are a significant number of use cases where it is not true. Sometimes lurking behind the phrase 'we need to know who they are' lies the real substance of the concern which is 'we need to know they can pay' or, more generically 'we need to know that the person/thing we are interacting with can conduct a value exchange.'

The cracking noise you can hear in the background is the rending of two concepts that tend to be bound together. The concept of identity on one hand and the separate concept of 'ability to conduct value exchange' on the other. People turn up with cash. They can clearly pay. People turn up with checkbooks. They can clearly pay. People turn up with credit cards, they can clearly pay...
SO an identity architecture on the Net, to facilitate commercial and government service provision, need not be the a privacy invading architecture. It's counter-intuitive and hard for people to get their heads round, even when they can be encouraged to think about it.

Wednesday, January 18, 2006

Karlin Lillington is none too complimentary about the data retention directive.

"Let's set aside the cost implications of storing such data for even six months. The EU allows for up to two years retention, and McDowell has indicated he will challenge the legislation to allow Ireland to keep its period of three years.

You have to ask why we need this draconian method of slipshod surveillance on citizens, this storing of evidence in advance of anyone doing anything wrong, on the anti-democratic assumption that because a handful of us will do something wrong, four million people should have their personal data squirreled away for future scrutiny.

Slipshod - because the directive (and our existing legislation) doesn't necessarily affect the smaller operators that are more likely to be used by terrorists and criminals, as calls are easier to hide. Slipshod - because while the law is supposed to "harmonise" retention across Europe it does nothing of the sort, allowing each state to have a different regime.

Slipshod - because we rush to bring in surveillance that the US would not dare to impose on its citizens...

This is what Gus Hosein, senior fellow of UK-based watchdog Privacy International, told the new Irish privacy watchdog, Digital Rights Ireland: "The EU used to set the standard for privacy protection. Now because of pressure from the UK and Ireland, the EU is 'going it alone' and leading the world in surveillance of all of our interactions and movements in the information society."

Pressure from Ireland. What has happened to us? And why are we allowing our Government to turn us into this disgraceful surveillance nation?"

Cameron attacks Blair on ID cards

Tory leader, David Cameron, made ID cards the focus of PM questions today.

"Tory leader David Cameron asked if spending £600m a year on ID cards was a good idea at a time when the money could be spent on the NHS instead. Mr Blair said it would make a "major difference" on crime.

Mr Cameron said the cards would not come in until 2013 and the money could be used on security and police. Mr Blair asked the Tories to "work with us" to introduce the cards more quickly. He asked Mr Cameron to "think again" about cards and said that "They may be the future, not the past".

Mr Cameron asked the prime minister whether Gordon Brown backed the ID cards scheme. Mr Blair said the government was committed to them. He said identity fraud was on the increase and said "we need identity cards", using biometric technology. The largest part of costs would come through biometric passports which are being brought in anyway.

Mr Cameron said prime minister's questions was about him asking questions on "behalf of the public" with the PM answering them on behalf of the government, rather than asking about Tory policies. He added that ID cards would become a "monument to the death of big government".

Mr Blair said Mr Cameron's policies changed daily and ID fraud was a "major and growing problem". Mr Blair predicted the Tory leader was "standing on his head" on many issues, and would have to change his policy on ID cards at the next election."

Hilary Rosen on US lobbying reforms

Former RIAA chief, Hilary Rosen has clear views on plans to reform lobbying in the US - they won't work.

"How strange to be a former lobbyist sitting back watching the hand wringing debate over lobbying reforms and ethics. To date nothing I've seen from Capitol Hill makes sense to me and the media is too consumed with ethics and revelation to talk about the real problem.

Damn straight when I gave a $1,000 or $2,000 to a lawmaker I wanted him to listen to my business proposition.

And when I helped organized an event that raised $50,000 or $100,000 you bet I expected their vote. Why else do it...

A lobbyist friend told me yesterday that enacting these reforms is like creating a "restraint of trade" on behalf of current lobbyists. Only those who already know members of Congress are sure to succeed. Anyone else coming in - forget it, no new relationships. The old school will be raking it in...

Corruption is sometimes obvious, like with Jack Abramoff, but just as often in Washington it is a subtle thing that happens to decent people.

The ONLY answer to all of this is public financing of elections. Then lobbying becomes genuine "education" and relationships are built on respect and constituent interest. It seems so obvious."

Google Mart

Robert X. Cringely reckons Google learnt a lot more about how to do business from Walmart than from Microsoft.

Lords strike out glorifcation of terrorism clause

The House of Lords have inflicted another defeat on the government, this time on the latest terrorism bill.

"PLANS to curtail the actions of Islamic extremists by banning the glorification of terrorism suffered a setback last night after peers voted down the proposed new offence.

A series of peers denounced the offence as pointless and said that its removal from the Terrorism Bill would still allow suspects to be charged with indirect encouragement to commit acts of terror. A move to strike glorification of terrorism from the Bill was carried by 270 votes to 144, a majority of 126, at its report stage despite government protests that the power was needed.

Ministers confirmed last night that MPs will be asked to reinstate the offence when the Bill returns to the Commons...

The proposal to outlaw glorification of terrorism was introduced after Mr Blair announced a series of measures to curb so-called “preachers of hate” and extremist websites, videos and publications in response to the London bombings last summer."

Good news that the Lords have struck that provision of the bill and it's a shame the Commons is going to re-introduce it. As for the excuse for introducing it in the first place, hard cases and vague legal drafting make bad law. We really have no idea what will constitute "glorifying terrorism" in practice.

Torture for Dummies

Michael Kinsley on the torture debate.
"salami-slicing." You start with a seemingly solid principle, then start slicing: If you would torture to save a million lives, would you do it for half a million? A thousand? Two dozen? What if there's only a two-out-of-three chance that person you're torturing has the crucial information? A 50-50 chance? One chance in 10? At what point does your moral calculus change, and why? Slice the salami too far, and the formerly solid principle disappears...

Drawing bright lines in foggy situations is what the law does. But good rules need to be defensible against salami-slicing in a more general way. The strength of an absolute ban on torture—or an absolute rule of any sort—is its relative immunity from salami-slicing, both in theory and in practice...

Will you eschew torture even when a few minutes of it, applied to a very bad person, would save a million lives? One answer is that the law wouldn't really be enforced in such an extreme situation...

There is yet another law-school bromide: "Hard cases make bad law." It means that divining a general policy from statistical oddballs is a mistake. Better to have a policy that works generally and just live with a troublesome result in the oddball case...

Of course a million deaths is hard to shrug off as a price worth paying for the principle that we don't torture people. But college dorm what-ifs like this one share a flaw: They posit certainty (about what you know and what will happen if you do this or that). And uncertainty is not only much more common in real life: It is the generally unspoken assumption behind civil liberties, rules of criminal procedure, and much else that conservatives find sentimental and irritating...

morality does not require us to build a general policy on torture around a situation that is not merely unlikely in real life, but different in kind from the situations we are likely to face in real life. What we would do or should do if this situation actually arose is an interesting question for bull sessions in the dorm, but not a pressing issue for the nation.

That's a pretty good rule for any policying - we should not 'build a general policy on [anything] around a situation that is not merely unlikely in real life, but different in kind from the situations we are likely to face in real life.'

Corporate Watch report media comment

The Guardian has a short article on the Corporate Watch report.

"Corporate Watch, a Quaker-funded research group in Oxford, says that some of the companies now being consulted by the government about possible involvement "have previously overseen disasters in public sector IT work". They included the US giant EDS, BT Global Services and PA Consulting. "While companies involved in these projects must take some of the blame it would be a mistake to ignore the role of poor planning and mismanagement by government departments," the group's report states."

Corporate Watch Report on ID cards

Corporate Watch have produced a report on the proposed UK ID cards system.

"Most of the implementation of the scheme is likely to be done by private companies, some of which have already been meeting and lobbying government. These include companies with previous poor records in outsourced public sector work. Corporate Watch decided to investigate and bring to public attention which companies have shown interest in the ID cards scheme and (where relevant) their records in public-sector projects. We have also provided a brief overview of some of the opinions of industry and official bodies on the IT procurement process and ID card technologies."

The 16 page report is available online. Companies featured include

Atos Origin, (criticised by the BMA over the security of their NHS e-booking system, currently running 12 months behind schedule)

BT Global Services (responsible for the phone services system which routed Child Support Agency calls to the wrong offices)

EDS, which has been heavily involved with the Home Office ID cards implementation team (whose huge revenue generating UK government contract have been dogged with controversy e.g. their failed tax credits system)

Iridian Technologies (which holds the only UK patents on iris recognition, so have a guranteed pay day from UK ID cards)

NEC (which dominates the world market in digital fingerprint technologies)

PA Consulting Group, 'the Home Office's "Development Partner" for the ID cards scheme, on a contract likely to be worth at least £19 million over 18 months'

SBS (whose systems were involved in high profile failures at the Passport Agency and the Immigration and Nationality Directorate; and whose company representatives have described biometric technologies as 'emergent' and 'future technologies' as well as 'well proven'.

Thales (which supplies ID cards to China and Morocco)

Unisys (which supplied an ID card system to Panama and subsequently got sacked over security problems after admitting holding 30000 blank cards

The report goes on to criticise the government's record in IT procurement and their high profile expensive IT disasters. One quote from an IT partner in a prestigious says

"The government has no lawyers who deal with technology procurement. They're fantastic at drafting legislation and I couldn't touch them on planning, but they have no technology expertise. The government is the dream client."

The IT press quote, from Tony Collins at Computer Weekly, is even better:

"[...] too often ministers and suppliers encourage each other to think big: to launch something that is immeasurably more complex than what has gone before, to beat the rest of the world, to do it quickly, but in stages, with as little transparency as possible."

John Lettice is quoted supporting the much criticise contractors:

"Blame the contractor, sure, but (sympathy for EDS), if you go to the contractor with something vague, then continually change your mind as the project goes ahead, your costs will climb, it will be late and it won't work. So I think we should bar ourselves from specifying an ID schene until has passed its IT proficiency test."

The report also includes on pages 14 and 15 a table of companies that have shown an interest in the ID card system.

GPL Version 3 released

The first draft of version 3 of the Free Software Foundation's GPL has been released. Lots of talking points but the most important for me relates to the built in attack on digital rights management and anti-circumvention laws like the DMCA and the EU copyright directive, plus the anti software patent note.


Some countries have adopted laws prohibiting software that enables users
to escape from Digital Restrictions Management. DRM is fundamentally
incompatible with the purpose of the GPL, which is to protect users'
freedom; therefore, the GPL ensures that the software it covers will
neither be subject to, nor subject other works to, digital restrictions
from which escape is forbidden.

Finally, every program is threatened constantly by software patents. We
wish to avoid the special danger that redistributors of a free program will
individually obtain patent licenses, in effect making the program
proprietary. To prevent this, the GPL makes it clear that any patent must
be licensed for everyone's free use or not licensed at all...

3. Digital Restrictions Management.

As a free software license, this License intrinsically disfavors
technical attempts to restrict users' freedom to copy, modify, and share
copyrighted works. Each of its provisions shall be interpreted in light of
this specific declaration of the licensor's intent. Regardless of any
other provision of this License, no permission is given to distribute
covered works that illegally invade users' privacy, nor for modes of
distribution that deny users that run covered works the full exercise of
the legal rights granted by this License.

No covered work constitutes part of an effective technological protection
measure: that is to say, distribution of a covered work as part of a system
to generate or access certain data constitutes general permission at least
for development, distribution and use, under this License, of other
software capable of accessing the same data."

This isn't just an academic issue, since nearly all the big entertainment companies use GNU/linux in at least some of their devices and production/editing processes. [And Internet distribution will almost certainly be via open source enabled server farms.] It would be interesting to hear from some lawyers on this but theoretically this might mean that those companies could be challenged in court for embedding copy protection (drm) in CDs, DVDs and Internet distributed files. Not only would that be a fun case to watch but it would potentially offer an open legal battle on key intellectual property public policy issues. Given the widespread deployment of anti-circumvention laws now, there's no guarantee of the outcome either way; and even if the FSF did win, the likely reaction would be further heavy lobbying for changes in the law to effectively outlaw free and open source software.

France rethink copyright bill

Following the unexpected success of a small number of French MPs in voting through an amendment to the French government's bill to implement the EU copyright directive, which would have meant legalising peer to peer music copying, the bill has been withdrawn.

"Set aback by rebellious MPs and an outcry by consumer groups, the French government is reworking a digital copyright protection bill to lighten restrictions on CD- and DVD-copying and mete out smaller penalties to small-time downloaders.

The culture ministry issued a statement Saturday saying the bill was being amended on the orders of Prime Minister Dominique de Villepin to notably enshrine the right of consumers to make private copies of music and film disks.

It would also make a distinction between people illegally downloading for profit and the estimated eight million individuals in France who occasionally add to their music and movie collections via Internet peer-to-peer sites.

The changes follow the French government's decision to withdraw its original bill from parliament when a small group of MPs from the ruling party and opposition benches managed, in a middle-of-the-night vote, to legalise peer-to-peer file-sharing in December.

That stunning vote, on top of arguments from consumer groups that private users should continue to enjoy the right to make copies of CDs and DVDs for, say, second homes or family members, forced the government rethink."

Thanks again to Michael Geist for the link. I suspect Michael might welcome a solid injection of French values into the Canadian copyright debate.

Bertlesmann to back Quaero

It seems Bertelsmann are about to invest in the European search engine Quaero.

AFAIK Quaero remains just a project in computer labs at the moment but I spy a few fundamental difficulties with their url, Firstly it is not exactly obvious. Secondly you need a username and password to get at it. Thirdly someone already owns the Quaero top level domain,, a marketing consultancy which describes itself as a "marketing and technology services company that provides unparalleled value to firms looking to improve the effectiveness of their comprehensive marketing efforts and marketing technology investments."

Lifting the lid on backroom deals in copyright

Michael Geist has been lifting the lid on Canadian lobbyists' success in the copyright arena.

"The mushrooming controversy over Toronto MP Sarmite Bulte's coming Thursday night fundraiser hosted by the entertainment lobby is a powerful illustration of the public's growing interest in copyright issues as well as the emerging influence of Internet weblogs or blogs. The incident has opened the door to a new public discussion of the links between lobbying, campaign contributions, elected officials and the making of copyright law and policy that promises to continue well beyond next Monday's election..

The Bulte controversy has highlighted the close connection between Canada' s Parliamentary Secretary for Canadian Heritage and the largely U.S.-backed copyright lobby with many copyright groups contributing hundreds of dollars exclusively to the Parkdale-High Park MP. Beyond the Bulte story, lobbyist registration records, campaign finance returns, and documents newly obtained under the Access to Information Act reveal a process that is badly skewed toward lobby interests and in serious need of reform...

The copyright lobby also meets regularly with government officials. A document obtained under the Access to Information Act titled “List of meetings between Canadian Heritage' s Copyright Policy Branch and its stakeholders in copyright reform” indicates that in the nearly thirteen months between April 1, 2004 and April 25, 2005, government and policy officials from that department met or held teleconferences 15 times with Access Copyright, 14 times with music collectives, seven times with CRIA, and five times with publisher associations. Meanwhile, the document lists only one meeting with education groups, two meetings with public interest groups, and two meetings with technology groups.

In fact, the close connection between the copyright lobby and government can even extend to contracts. Last year, the Canadian Publishers' Council, whose executive director is one of the hosts of the Bulte fundraiser, obtained a $20,000 contract for a “copyright awareness initiative” whose goal was to develop an Internet-based social awareness campaign to “engage young people in a new conversation about copyright.”

The cumulative effect of the lobbyist influence has left many stakeholders concerned that there is little room for the interests of the public and the balanced approach supported by the Supreme Court of Canada.

Copyright policy must be both fair and seen to be fair. It is time for a new approach that starts with a commitment from all MPs who accept funds from the copyright lobby not to serve in Ministerial positions or on legislative committees that involve copyright policy."

Tuesday, January 17, 2006

Knopf on more excess r copyright rhetoric

Knopf on more excess r copyright rhetoric in Canada.
“Piracy” is a word that should be used carefully and properly and applied only to harmful intentional commercial scale infringement. It is wholly inappropriate to apply the word to teenagers who engage in downloading music that they love, or their grandmothers who provide them internet access on occasion, or to law professors who have the temerity to believe in the inconvenient fact (as seen by the corporate and collective point of view) that there are also users’ rights in copyright law.

Overuse of the rhetoric of piracy is at best crying wolf. At worst, it is crude propaganda that has fooled some of the politicians some of the time in Canada and elsewhere but won’t work in the long run.

If there is going to be a meaningful debate about this in Canada, the Creators' Copyright Coalition and their friends should apply their creative and communication skills in a less hysteric and more constructive manner.

Lessig in the Guardian

Larry Lessig interview in the Guardian.

Ben Franklin's warning

Martin Garbus in the Huffington Post reckons We Cannot Say Ben Franklin Did Not Warn Us

Felton, the analog hole bill and the new SDMI

Ed Felton's been writing lucidly and informatively about the analog hole bill again.

Bush statement with torture bill

The NYT are not too impressed with President Bush at the moment it seems as they are also running a story saying the president issues quiet parallel statements with bills he has signed into law, saying he can interpret them as he sees fit.

" Congress late last year passed what became known as the torture amendment, sponsored by Senator John McCain, Republican of Arizona, to ban cruel, inhumane or degrading treatment of prisoners in American custody. Mr. Bush at first opposed the amendment, but gave in when it became clear that it had overwhelming support from the two parties on Capitol Hill. The president then invited Mr. McCain, his old political nemesis, to the Oval Office to announce that he agreed with him and "to make clear to the world that this government does not torture."

But on Dec. 30, after signing the legislation into law with no ceremony at his Texas ranch, Mr. Bush issued an accompanying "signing statement" - the 8 p.m. e-mail message - that Democrats and some Republicans say asserted that he could ignore the law if he wished.

Specifically, the statement said that the administration would interpret the amendment "in a manner consistent with the constitutional authority of the president to supervise the unitary executive branch and as commander in chief and consistent with the constitutional limitations on judicial power."

Mr. McCain issued a strong statement rejecting Mr. Bush's assertion, even as the White House has repeatedly declined to say what the president meant. "

Bush authorised spying led to dead ends

From the New York Times,

2 In the anxious months after the Sept. 11 attacks, the National Security Agency began sending a steady stream of telephone numbers, e-mail addresses and names to the F.B.I. in search of terrorists. The stream soon became a flood, requiring hundreds of agents to check out thousands of tips a month.

But virtually all of them, current and former officials say, led to dead ends or innocent Americans.

F.B.I. officials repeatedly complained to the spy agency that the unfiltered information was swamping investigators. The spy agency was collecting much of the data by eavesdropping on some Americans' international communications and conducting computer searches of phone and Internet traffic. Some F.B.I. officials and prosecutors also thought the checks, which sometimes involved interviews by agents, were pointless intrusions on Americans' privacy.

As the bureau was running down those leads, its director, Robert S. Mueller III, raised concerns about the legal rationale for a program of eavesdropping without warrants, one government official said. Mr. Mueller asked senior administration officials about "whether the program had a proper legal foundation," but deferred to Justice Department legal opinions, the official said."

Software patent fairtytale

There is a terrific article on Groklaw by a UK lawyer, Cristian Miceli, covering the story of developments on the software patents front in the EU and the UK in 2005. The legalese up front on the UK cases can is a bit heavy but mostly the story is very well told. Sample:

"When you wish to conduct an independent survey about whether it is good to be catholic, if you are only going to ask the pope and his cardinals, you cannot call the results objective.

We have asked the pope and cardinals of the patent system and accepted their version of events not only on what the CII Directive intended to achieve but, somewhat more subtly, whether software patents are desirable. We, as lawyers, should recognise the conflict of interest but let me instead use the words of a more enlightened cardinal:
“most patent lawyers -- most lawyers in general - …. unthinkingly spout pro-patent slogans. That is because most patent and IP and even other attorneys with an opinion on this issue mindlessly parrot the simpleminded economics with which they were propagandized in law school. Virtually every patent lawyer will reiterate the mantra that "we need patents to stimulate innovation," as if they have given deep and careful thought to this…..It does not take a genius to figure out why most patent lawyers are in favor of the patent system; and it is not because they have really studied the matter and dispassionately concluded that society is better off with a patent system -- it is because they don't want to see the system that pays the mortgage for them eroded or abolished.”2

This article is not meant to be a sermon, what I have tried to do is independently review the issues at stake and leave it the reader to make his/her own analysis. However, if I am to preach about objectivity, then that must start with me the author. Do I believe in intellectual property rights (“IPR”)? Yes I do and, as part of this, I see the benefits that patents can potentially bring in certain sectors. However, as one law professor recently commented, “good policy does not just consist of ‘more rights'; it consists of maintaining a balance between the realm of property and the realm of the public domain”.3

I do not work nor have any financial interest in an open source software company nor am I getting paid, whether directly or indirectly, for writing this article or for expressing a particular view point. In fact, rather than standing to gain financially by encouraging the reader to adopt the views that I am espousing, I am more likely to have put a damper on any prospect of having a lucrative in-house position overlooking the M4 motorway (perhaps a good thing).

The CII Directive: the fairy tale

Myth 1: the European Competiveness Council, the European Commission and the Council of Ministers, as the white knights of European democracy and with our (European) best interests at heart, gallantly proposed a directive which, in its several drafts, sought to do nothing more than to codify and unify our existing laws on patents (commendable) in the area of computer related inventions whilst at the same time not extending the scope of patentability.

It is a wonderful fairy tale. Unfortunately for the knights, they were robbed by a bunch of European peasants, knocked to the ground once, got to their feet as if nothing had happened (and didn’t change their noble rhetoric) and proceeded to get knocked down for the second time, this time by more peasants and, if not a little belatedly, one or two noble men.

Those who are not interested in an objective debate about the benefit of software patents for the software industry want you to believe that the fairy tale is true and that MEPs for the last couple of years have been misled by a group of hairy open source hippies hell bent on preventing such unification of existing laws.

Upon what basis do they claim so valiantly that the CII Directive was not seeking to change the law (i.e., extend patentability) and that the hairy open source hippies, or peasants in my (or their) little fairy tale, got it wrong? Well, to put it bluntly, because these bastions of European democracy told us that this was the case. In other words, the pronouncements of these institutions is rightly to be treated as divine against the heretical statements of the open source community who should be burnt at the stake for having the audacity to question the knights’ intentions and disrupt the march of software patents across the world. The history of the passage of the CII Directive through the EU institutions exposes this myth.

If the actual words of the various drafts were so clear, why did the EU Parliament propose substantial amendments at the first reading, why did the Legal Affairs Committee of the European Parliament (JURI) vote overwhelmingly to restart the legislative process and, finally, why was a directive rejected for the first time in European history at its second reading? Was this purely the result of MEPs being misled by a misguided open source software community? To continue to make such a claim in the light of the history of the CII Directive is asking us to accept that MEPs are incapable of undertaking a simple analysis of the patent system or making independent judgements. It also discredits one of the greatest grass roots movements in recent European political history.

European laws should be made for the benefit of Europe and its citizens. This may sound like common sense but for many arguing for software patents there seems to be an assumption that EU institutions should be working in the interests of the large IT corporations (the minority companies in the IT industry – see below). Laws should only be passed if they serve the public interest. For this to happen, or at least have a chance of happening, there needs to be a democratic and accountable legislature deciding these laws.

The Commission and Council of Ministers are not democratic; they are not elected by the public or directly accountable. The course of the CII Directive through the EU institutions is marked with several unsavoury incidents where the Commission and the Council of Ministers failed to give heed to the overwhelmingly clear wishes of the European Parliament, the only democratically elected EU institution. These failures, aside from the substantive debate, have left many question marks on the lack of democracy and transparency within the Commission and the Council of Ministers. As lawyers, why are we failing to comment on these shenanigans? Why was the Commission and Council of Ministers so keen to push through their draft –- referred to ironically as the 'Common Position” but which could never be described as having anything in “common” with the views of the EU Parliament -- at all costs?

Had it not been for the undemocratic insistence of the EU Commission and Council of Ministers being so well documented by the anti-software patent lobby, coupled with the now notoriously unethical lobbying tactics of the pro-software patent lobby (reported to the EU anti-fraud commissioner by European lobby watchdogs4 -- I have never seen more dirty noblemen and such clean peasants), I and many others would have been none the wiser as to how far short the actual text of the proposed CII Directive fell from the boldly stated aims."

Not a fan of software patents, the Commission or the Council of Ministers by the sound of it.

Good day for NO2ID campaigners

It was a good day yesterday for those campaigning against ID cards as the scheme suffered in the House of Lords. The Upper House has attached an amendment demanding detailed government costings before it will be allowed to go forward. The Home Office has been adamant that they will not release detailed costings because it will interfere with their ability to get a good deal for taxpayers when putting the scheme out to tender.

Andrew Phillips of the Liberal democrats has a nice article in the Guardian and there are various other reports in the usual places.

Monday, January 16, 2006

Larry Lessig's Google book search presention

For those of you who, like me, are having problems getting BitTorrent working on your machines at the moment, here's a version of Larry Lessig's recent presentation on the Google book search project.


Martin Luther King tapes copyrighted

The Washinton Post yesterday had the annual story about the degree of control Martin Luther King's family have over his speeches and lament the fact that many schoolchildren will never get to experience the power of his speeches:

"It is the time of year when students are taught about the Rev. Martin Luther King Jr.'s 1963 "I Have a Dream" speech, so passionately delivered that his call for freedom changed U.S. history. Once heard, it is impossible to forget.

But many students won't get to hear it -- and most who do will hear only snippets, educators and historians said. And that, they said, is affecting the legacy of the preeminent civil rights leader, whose life will be honored tomorrow with an annual federal holiday...

All of King's speeches and papers are owned by his family, which has gone to court several times since the 1990s to protect its copyright; King obtained rights to his most famous speech a month after he gave it. Now, those who want to hear or use the speech in its entirety must buy a copy sanctioned by the King family, which receives the proceeds...

Joseph Beck, an attorney for the King family and an expert in intellectual property rights, said, "The King family has always supported providing access to the speech and to the video for educational purchases and encourages interested persons to contact the King Center in Atlanta." According to the family's Web site, videotapes and audiotapes of the speech can be purchased for $10, but one copy often is not enough for an entire school, and many schools don't know what materials are available.

Many schools use the text -- often taken in violation of the copyright from the Internet. The King family, however, wants teachers to use the speech and has not pursued legal action against educators"

LSE Identity Project Report

The London School of Economics has published their latest Identity Project Status Report. It's 63 pages long and full of sensible analysis and questions.

Director of the LSE, Howard Davis, says in his introduction to the report that in spite of his surprise at the vitriolic attacks of the government over their first ID card report last year, the LSE stand by the integrity of their researchers engaged in a genuine attempt to produce an informed analysis of the scheme. He rounds off nicely

"We believe the government's proposals can only benefit from informed and independent scrutiny of the sort this work attempts to produce. I hope the government can receive this latest contribution in that spirit and eschew the emotive language with which they responded to the first effort. The authors are not politically biased, or "mad" - at least no more so than academic researchers normally are!"

The press release accompanying the latest report reads:
The London School of Economics (LSE) today publishes the second report of its controversial ‘Identity Project’. The first report from the project [pdf 5.5 MB] was published in June 2005.

Today's report levels criticism at the government over the secrecy of the ID planning process, conflicting statements made by the Home Office and a disregard for Parliament's right to consider important costs and facts related to the scheme.

The report recommends that planning for the ID card be removed from the Home Office and given to Treasury. The report's authors argue that the Home Office is not the appropriate department to deliver or operate the scheme. ‘In light of the numerous inconsistencies and conflicts that have emerged, serious unanswered concerns that remain, project dynamics that are dysfunctional and potential outcomes that may be harmful to the public interest we can now no longer support even the principle of an identity scheme owned and operated by the Home Office.’ the report says.

The report observes: ‘Dozens of questions about the scheme's architecture, goals, feasibility, stakeholder engagement and outcomes remain unanswered. These questions are outlined in this report. The security of the scheme remains unstable, as are the technical arrangements for the proposal. The performance of biometric technology is increasingly questionable. We continue to contest the legality of the scheme. The financial arrangements for the proposals are almost entirely secret, raising important questions of constitutional significance.’

For these reasons, the LSE team has declined to publish further costings for the scheme. In his introduction to the report LSE's Director, Sir Howard Davies observed: ‘As this second report shows, the Government have not been very forthcoming in providing details of their proposals. The LSE team stands by the cost estimates outlined in its first report, but changes to the policy made by the Home Office make it difficult now to produce a definitive assessment of the total cost. Other government departments, if they wish to adopt the ID scheme, may opt in at a later date. Any estimates made of the cost of the current proposals may therefore significantly underestimate the total cost of the scheme in the longer term.’

Professor Ian Angell, head of LSE's Department of Information Systems said: ‘We don't know what to believe any more. Contradictions, guesswork and wishful thinking on the part of the Home Office make a mockery of any pretence that this scheme is based on serious reasoning.’

Dr Edgar Whitley, reader in information systems at LSE said: ‘We have been surprised at how little consistent or reliable information exists about the government's proposals. Claims are routinely made for the scheme and then just as quickly are abandoned or contradicted.’
The "unanswered questions" alone, listed in Section III demonstrate a grasp that these researchers have of the scheme which contrasts sharply with the Observer piece I mentioned earlier.

"To what extent does the legislation place a requirement on government departments to adopt the ID provisions...

To what extent is integration with the private sector a necessary requirement...

What criteria will be used to determine which levels of NIR verification (e.g. online, biometric) will be made available to an organisation? How will their use of NIR checks be verified and audited, and at what frequency...

To what extent and in what form will direct charging to customers apply for NIP checking by organisations...

Will direct charging by the private sector be capped...

How will organisations conducting NIR checks be verified and audited...

How will liability and non-liability be determined both for NIR checks and transactions where NIR checks are not conducted...

How will local verification against cards be used? In what circumstances and using what technology...

Will there be a requirement that biomentrics tehnology used for checking and verification will be of the same technical quality as the registration technology...

Will biomtrics be stored on the ID card, and if so what form wil this take (has, image etc.)...

What security standards will apply to verification checking, transmission of data, and data storage...

What advice has been obtained by government relating to the legality of the proposals...

What are the current integration cost and cost/benefit estimates from each government department relating to the scheme...

Precisely how will personal information be updated on the system, and what options are being considered to expedite this procedure...

To what extent will the system be reliant on chip and pin architecture...

what security measures are being considered in the event that the system will be based on chip and pin...

What limits, if any, are envisioned on use of the card by the private sector...

Precisely how can ID cards and the NIR be used for CRB checks, and how can the individual be integrated into the process at an administrative level...

What backup systems and processes will be instituted to ensure that denial of service does not occur in the event of technology or system failure...

Who owns and/or controls biometric data...

Will the identity number be visible...

Will local verification of ID cards be subject to oversight and audit, and if so, how...

How will organisations determine whether a person is required to be registered on the NIR...

How will government monitor the performance of IC checks within the private sector (failure of biometric technology, failure to match, failure of local card verification etc.)..."

These are all basic design, use, security and contingency questions of the kind that you need to make of any planned big information system. That there are so many of them at this stage of the process tells its own story. The concluding remarks are clinically damning:

"At the outset the LSE Identity Project supported the implementation of an identity scheme in principle" [given government attacks many people are surprised when they learn that] but expressed significant concerns regarding the Home Office proposal. In the light of the numerous inconsistencies and conflicts that have emerged, serious unanswered concerns that remain, poject dynamics that are dysfunctional and potential outcomes that may be harmful to the public interest we can no longer support even the principle of an identity scheme owned and operated by the Home Office.

Despite all this, however, the policy has changed hardly at all since it was first proposed three years ago. It still involves a highly centralised system. It still involves numbersou biometric technologies. Its primary purposed remain unsubstantiated. Its benefits remain unclear and its costs opaque. The scheme's own advisers are worried about time slippage and the underestimation of risks. Prospective users of the scheme are unwilling to state publicly the benefits they expect from use of the system.

Perhaps most alarming in all this is that the scheme is about to become central to the Government's strategy for IT...

the Governmentis saying it must rethink how IT is used across government, so long as it revolves around what the Home Office is offering...

Many of the perceived flaws in the scheme are a result of the Home Office's continued resistance to both listening and to adhering to traditional processes and procedures of policy deliberation. The proposed scheme is overly burdensome, dangerously centralised, and is designed only to meet the goals of the Home Office: a vast register of biometric data that will be used for policing purposes.

A more open and federated model is required for an identity scheme that will provide gains for e-government, promote access to government services, and generate trust...

We recommend that another department be made responsible for establishing an identity infrastructure for the UK...

The Treasury has extensive experience in complex IT systems...

We therefore com to the inescapable conclusion that the ID card scheme in the UK should be taken forward by the Treasury.

Identity management may well be "an idea whose time has come". But as with any such idea, there are a multiplicity of choices to be made, and directions to choose. After three years the Government remains on the wrong path."

Drop the costly ID Card

Yesterday's Observer had a slightly confused leader commentary on the UK ID card system.

It came down plainly against ID cards on cost grounds but included this:

"The government claims that imminent changes to the passport system, foisted on the UK by Europe, make the case for ID cards convincing. This is not so. Yes, there is a need to make the new generation of passports incorporate biometric technology such as fingerprints or iris scans. But this does not justify making it mandatory for everyone to possess a piece of plastic with so many other biometric components."

How is supporting biometrically embedded passports really that different to supporting biometrically embedded ID cards, except in the sense that only those who want to travel abroad need passports? Where do they get the notion that "there is a need" for passports to include fingerprints or iris scans? As for the piece of plastic, if we're using iris scans and fingerprints why do we need a card at all? After all we won't lose our eyes or fingers as quickly as we'll lose the cards.

The leader is just one more example of the amount of confusion about the specific detailed issues thrown up by the proposed ID card system

Sunday, January 15, 2006

Appeal Court Judge not keen on software patents

From ZDNet UK "An Appeals Court judge has questioned whether software patents should be granted, and has criticised the US for allowing 'anything under the sun' to be patented.

Sir Robin Jacob, a judge at the Court of Appeal who specialises in intellectual-property (IP) law, has questioned whether patents should be granted for software.

"Do we need patents for computer programs? Where is the evidence for it?" said Lord Justice Jacob, speaking at a seminar for the Society for Computers and Law on Thursday evening in London."

New Cryptogram Out

The top two stories in Bruce Schneier's latest Crypto-gram offer two classic lessons in security.

1. When doing business, it is not whether you know someone's ID that counts, it's whether that person can be trusted. So it is accountability that matters.

"In an anonymous commerce system -- where the buyer does
not know who the seller is and vice versa -- it's easy for one to cheat
the other. This cheating, even if only a minority engaged in it, would
quickly erode confidence in the marketplace, and eBay would be out of
business. The auction site's solution was brilliant: a feedback system
that attached an ongoing "reputation" to those anonymous user names,
and made buyers and sellers accountable for their actions."

2. Unless the party who can actually do something about poor security pays the cost of that security getting breached, they have no incentive to do anything about that poor security. Says Schneier:

"According to "The Globe and

"Susan Drummond was a customer of Rogers Wireless, a large Canadian
cell phone company. Her phone was cloned while she was on vacation,
and she got a $12,237.60 phone bill (her typical bill was $75). Rogers
maintains that there is nothing to be done, and that Drummond has to pay."

Like all cell phone companies, Rogers has automatic fraud detection
systems that detect this kind of abnormal cell phone usage. They don't
turn the cell phones off, though, because they don't want to annoy
their customers.

"Ms. Hopper [a manager in Roger's security department] said terrorist
groups had identified senior cell phone company officers as perfect
targets, since the company was loath to shut off their phones for
reasons that included inconvenience to busy executives and, of course,
the public-relations debacle that would take place if word got out."

As long as Rogers can get others to pay for the fraud, this makes
perfect sense. Shutting off a phone based on an automatic
fraud-detection system costs the phone company in two ways: people
inconvenienced by false alarms, and bad press. But the major cost of
not shutting off a phone remains an externality: the customer pays for it...

The solution here is obvious: Rogers should not be able to charge its
customers for telephone calls they did not make. Ms. Drummond's phone
was cloned; there is no possible way she could notify Rogers of this
before she saw calls she did not make on her bill. She is also
completely powerless to affect the anti-cloning security in the Rogers
phone system. To make her liable for the fraud is to ensure that the
problem never gets fixed."

It's worth repeating the key point "not shutting off a phone remains an externality: the customer pays for it." As long as someone else pays when security is breached, the phone company has no incentive to deal with the problem.

Mr Blair should be encouraged to meet Mr Schneier.

Bugging MPs

According to the Independent on Sunday, "Tony Blair is preparing to scrap a 40-year ban on tapping MPs' telephones, despite fierce Cabinet opposition"

Francis Eliot says

"Nobody is off limits in the Prime Minister's war on terror. Now he wants to dispose of the 'Wilson Doctrine' and bug his own MPs. But does the state need more power to spy on us?"

I imagine the political cartoonists will be smiling at the opportunities this story provides.