Saturday, March 18, 2006

Gonzales v Google ruling out

U.S. District Judge James Ware in California, has sided partly with the Department of Justice and partly with Google in the lawsuit where the DOJ were requesting access to a random list of websites and personal search queries. Importantly from a privacy perspective, for now, the judge refused to order Google to hand over 5000 personal search queries.

Friday, March 17, 2006

Caught Up in DNA's Growing Web

Caught Up in DNA's Growing Web Interesting opinion piece in the NYT on DNA databases.

Peter Rabbit and the IP Lawyers

Raizel Liebler at the LibraryLaw blog has a wonderful example, featuring Beatrix Potter's Peter Rabbit, of what makes intellectual property law so difficult to understand.

"This intellectual property cautionary tale starts because I was puzzled by the copyright notice in a historical mystery novel. Published in the United States in 2004, “Tale of Hill Top Farm” by Susan Wittig Albert is based on the life of Beatrix Potter and includes references to many of her famous characters, including Peter Rabbit, his friends, and relations. Part of the copyright notice reads:

“Frederick Warne & Co Ltd is the sole and exclusive owner of the entire rights titles and interest in and to the copyrights and trademarks of the works of Beatrix Potter, including all names and characters featured therein. No reproduction of these copyrights and trademarks may be made without the prior written consent of Frederick Warne & Co Ltd”

Several websites (and at least one book) repeat this or similar language in regards to Beatrix Potter or Peter Rabbit (though some of these sites are not in the United States).

On quick reading, a person could easily assume that this company owned the copyright in all of the Peter Rabbit books, and that therefore none of the books could be copied without permission. But is this accurate?

The simple answer is -- NO!"

- at least in the US since Peter Rabbit was first published there before 1923. Raizel then goes on to explain why the simple answer is not the end of the story. I find these children's literature IP cases fascinating and have included a number of them in a draft of chapter 3 of my book. I find the disputes engaging because the stories and objects of the disputes are engaging. Tell someone you're interested in IP and they get that panic how-can-I-escape look in their eye. Tell someone that a budding entrepreneur was flogging bad Spanish translations of a Harry Potter novel on the streets of Caracus for $25 each, within days of the book being published, and they're interested in finding out more.

The Tale of One Bunny, Copyright Statements, & Public Domain: A Cautionary Tail is a rewarding read. Well worth the effort even if you're not an intellectual property junkie.

Bound by law again

Pamela Jones is a fan of the Bound by Law comic on copyright.

INSPIRE fencing off the commons in geospatial data

Yet another effort at locking up publicly funded data behind pay walls is quietly sneaking its way through the European Commission. INSPIRE is the Proposed European Commission Directive on European Spatial Data Infrastucture. In January the EU Council of Ministers decided that geographic data collected by national mapping agencies all over Europe should be owned by such agencies and not by the public. This is nothing new to the UK, (or indeed most other EU countries) as the Guardian, interestingly enough, has pointed out in recent weeks, with its Free Our Data campaign. So why should we be concerned about it? Well precisely because it brings the weight of an EU directive behind the practice of monopolising public data. There may well, of course, be questions to be asked about how the national mapping agencies sustain their work, with the significant drop in income that this loss of monopoly would bring; but the proposals deserve closer scrutiny than they have henceforth been getting.

ID Cards and the Emperor's New Ferrari

I got to thinking about the ID card farce this morning. The whole thing is a bit like the fairytale of the Emperor's new clothes.

The government decide they want a Ferrari, except that it will be a super-dooper, ultra new, world's best, with extra go-faster stripes Blairari. They're not sure what they're going to do with it but they just know it will help solve lots of problems because it's flash and expensive and will grab lots of headlines. At the same time the Prime Minister, a self confessed technology luddite, repeatedly admits he doesn't really know what a car is ('You know it's got those roundy things and..." - "What, you mean Polo mints?" - "Yeah something like that but bigger..." - "Erm, wheels...?" - "Oh is that what you call them...?).

Enter the good automotive people at the London School of Experts (LSE) plus 60 of their expert mates from around the world, to view the government's plans (and starting out by saying they think it is a good idea in principle for the government to have a car). The House of Lords also think it might be a good idea to have a discussion about the plans. Except the government are not prepared to show anyone their plans - they're "commercially sensitive" and they don't want those nasty dealers to find out how much they're prepared to spend (even though the prices of cars and automotive parts are widely available and those same dealers are the ones they are talking to about maybe designing the Blairari); and anyway they haven't decided what they want their Blairari to do or whether it needs those complicated 'wheel' things.

The LSE do work out the government are going to spend 4 times the price of a Ferrari on a dead horse (or probably a dead camel because it will have been designed by a committee) and a one-wheeled, woodworm-infested cart. They suggest that this might not be a good idea if the government really want the Blairari to go anywhere and offer an alternative - buy a real Ferrari for much less. The government go berserk and amongst other things make outrageous attacks on the personal integrity of one of the LSE experts in an attempt to undermine the LSE report. How dare anyone question their Blairari plans. They've promised the people a Blairari and that's what the people want and that's what they're going to get.

The only thing missing really is the two con men selling the magic, invisible, weightless clothes. The government don't need them. They've succeeded in conning themselves.

Thursday, March 16, 2006

CC upheld in Dutch Court

A creative commons ‘attribution-non commercial-share alike’ licence on photos posted on Flickr, reproduced by a Dutch magazine without permission, has been upheld in a Dutch court, according to Adam Curry. He should know. He brought the case.

ORG start Gowers IP Review Blog

The Open Rights Group have started a blog on the Gower's review of intellectual property in the UK.

"The Open Rights Group has been formally invited to participate. We are currently drafting our submission and wish to include your thoughts and opinions. We have reproduced the Call for Evidence below and invite you to contribute - just hit 'respond' next to the paragraph you wish to comment on.

Many of the questions asked by Andrew Gowers in this review are very focused, but you should feel free to comment on the issues and the wider implications rather than feel obliged to provide specific answers. If you want to talk about issues not raised by this call for evidence, please do - just leave your comments on the Introduction."

Good idea.

First draft of WIPO A2K Treaty available

I missed it when Cory reported last week that the first draft of the WIPO Access to Knowledge Treaty is live.

"Last fall, we kicked ass at the World Intellectual Property Organization (WIPO), a UN agency that is supposed to be a humanitarian body but really spends all of its time ratcheting up the exclusive rights of big patent, copyright and trademark holders. We went to WIPO and drafted the "Geneva Declaration," laying out the case for a WIPO that lived up to its humanitarian mission by promoting international development and creativity. The Declaration begat the Development Agenda proposal, which the delegations of India, Brazil, Argentina, Chile and others took to the main session of WIPO, calling on it to reform itself. WIPO passed the Development Agenda, and now we're holding them to their promise.

Last winter, a group of activists, scholars, reps of commercial and standards bodies and practicioners of development gathered in Geneva to begin drafting a new treaty on Access to Knowledge (A2K), inviting all who couldn't be there in person to follow along on a public mailing list. Those two days were among the most exhilarating in my life: we began the process of drafting a treaty that will guarantee rights of archivists, educators and those who provide access to disabled people.

A2K is bearing fruit: the first draft of the treaty has just been published preparatory to a drafting summit in London this Thursday and Friday. I'm reading through it now and boy it's good stuff -- just check out some of the provisions on DRM:

legal prohibitions against anti-circumvention of DRM/TPM measures shall be limited, and not be enforced in the following cases:

i. When DRM/TPM licensing terms preclude implementation in Free and Open Source Software (FOSS),

ii. When DRM/TPM systems are marketed without adequate disclosure of their restriction modes and the terms under which they can be invoked, or when terms can be modified without a user's explicit consent,

iii. When DRM/TPM systems do not provide mechanisms to permit works to be accessible by persons with visually impairments or other disabilities,

iv. When DRM systems rely upon social entities that such as households and families in their technology more narrowly or restrictively than have been defined in local law,

272K PDF Link"

It would be almost impossible to overstate the importance of this, should James Love, Cory and co. manage to get an effective treaty of this type through WIPO. Next month there is an A2K conference over 3 days at Yale University.

"In the digital era, most multinational corporations and policymakers are of the view that the current trend characterised by increasing intellectual property rights and corporate control over knowledge best serve society's interests. At the same time, however, a growing number of commentators believe that widespread access to knowledge (A2K) and the preservation of a healthy knowledge commons are the real basis for sustainable human development. Nonetheless, intellectual property-based approaches continue to singlehandedly dictate global legal norms and shape national legal infrastructures.

The first goal of the Yale A2K Initiative is to come up with a new analytic framework for analysing the possibly distortive effects of public policies relying exclusively on intellectual property rights. Beyond this aim, the A2K initiative seeks to support the adoption and development of alternative ways to foster greater access to knowledge in the digitally connected environment.

The landmark A2K conference at Yale Law School will bring together leading thinkers and activists on access to knowledge policy from North and South, in order to generate concrete research agendas and policy solutions for the next decade. This conference will be among the first to synthesize the multifaceted and interdisciplinary aspects of access to knowledge, ranging from textbooks and telecommunications access to software and medicines. The A2K Conference aims to help build an intellectual framework that will protect access to knowledge both as the basis for sustainable human development and to safeguard human rights."

UK prepared to cancel Jet Fighter order over OS

Cory reports that the "UK government has threatened to cancel an order for US-built Joint Strike Fighter jets unless America turns over the source-code for the jets' firmware." VUNet says "Lord Drayson, minister for defence procurement, told the The Daily Telegraph that the planes were useless without control of the software as they could effectively be "switched off" by the Americans without warning." Cory's spot on: "This is the big fight for the next twenty years: do your devices take orders from you or someone else? Whether it's the box on top of your TV, the phone in your pocket, or the fighter-jet in the hangar"

Republicans rally the troops with impeachment threat

Renowned US constitutional scholar, Jack Balkan, can hardly believe what he's seeing in Washington. The Republican Party are pleased that Senator Feingold has called for a formal censure of President Bush, since now they can rally their supporters with the threat that if they lose control of the House or the Senate in the November elections, Bush will be impeached.

"So the President, as best I can tell, has repeatedly violated federal law by spying on American citizens in violation of the Foreign Intelligence Surveillance Act. The Congress, controlled by his own party, responds not by demanding an investigation into the matter, but rather by asking meekly whether it might amend the statute so that whatever the President has been doing (which he won't actually tell us) could become legal. The President says, not really necessary, don't you fools realize that when I act as Commander-in-Chief I can't violate the law? And if you insist that I did, well then, your laws are just plain unconstitutional. A Democratic Senator then stands up and argues that if the President broke the law repeatedly, he should be censured, if not impeached. Everybody else makes fun of him. At this point the Republicans, who lined up almost as one to impeach the previous (Democratic) president for lying about sex to a grand jury, while making impassioned speeches about the rule of law, are now delighted by this development, using the fact that the Senator is talking about censure as an opportunity to fire up their base.

So children, here's the moral of the story: If you are the President, feel free to violate the law, early and often. Just make sure you do it when your party controls all three branches of government. Because just as blood is thicker than water, party is thicker than law."

EDRi on the French drm and P2P debates

EDRI has been asking What's so special about French EUCD transposition? For anyone who wants a bite size explanation of what's been going on in France since just before Christmas in their attempts to implement the 2001 copyright directive, this does a really nice job.

Japanese government call for Winny P2P users to stop

Following security leaks due to viruses the Japanese government have apparently asked the public not to use the P2P software known as 'Winny.'

Does anyone know what happened to Isamu Kaneko, the assistant professor at Tokyo who got arrested a couple of years ago for developing Winny? As I remember it he was facing large fines and three years in jail? I believe he has been charged but have not heard if the case has come to court yet.

UK High Court Rules ISP not liable for defamation

The UK High Court, in Bunt v Tilley & Ors [2006] EWHC 407 (QB) (10 March 2006), has ruled that "an ISP which performs no more than a passive role in facilitating postings on the internet cannot be deemed to be a publisher at common law." What I take to be the relevant bits from the decision:

"Neither the pleaded case nor the evidence discloses any role on the part of these Defendants other than that of affording connection to the internet. On this basis, it is argued on behalf of all the corporate Defendants that the necessary ingredients for publication are missing...

When considering the internet, it is so often necessary to resort to analogies which, in the nature of things, are unlikely to be complete. That is because the internet is a new phenomenon. Nevertheless, an analogy has been drawn in this case with the postal services. That is to say, ISPs do not participate in the process of publication as such, but merely act as facilitators in a similar way to the postal services. They provide a means of transmitting communications without in any way participating in that process...

In determining responsibility for publication in the context of the law of defamation, it seems to me to be important to focus on what the person did, or failed to do, in the chain of communication. It is clear that the state of a defendant's knowledge can be an important factor. If a person knowingly permits another to communicate information which is defamatory, when there would be an opportunity to prevent the publication, there would seem to be no reason in principle why liability should not accrue. So too, if the true position were that the applicants had been (in the Claimant's words) responsible for "corporate sponsorship and approval of their illegal activities".

I have little doubt, however, that to impose legal responsibility upon anyone under the common law for the publication of words it is essential to demonstrate a degree of awareness or at least an assumption of general responsibility, such as has long been recognised in the context of editorial responsibility...

Of course, to be liable for a defamatory publication it is not always necessary to be aware of the defamatory content, still less of its legal significance. Editors and publishers are often fixed with responsibility notwithstanding such lack of knowledge. On the other hand, for a person to be held responsible there must be knowing involvement in the process of publication of the relevant words. It is not enough that a person merely plays a passive instrumental role in the process...

In all the circumstances I am quite prepared to hold that there is no realistic prospect of the Claimant being able to establish that any of the corporate Defendants, in any meaningful sense, knowingly participated in the relevant publications. His own pleaded case is defective in this respect in any event. More generally, I am also prepared to hold as a matter of law that an ISP which performs no more than a passive role in facilitating postings on the internet cannot be deemed to be a publisher at common law."

It's a lucid judgement and if you can deal with 79 paragraphs of legalese, worth scanning. Mr Justice Eady's writings from the bench are amongst the most coherent of the species.

Judge to order Google to hand data to DOJ

The judge in the case where the Department of Justice has requested that Google hand over vast amounts of data, has indicated that he intends to go along with that request in part.

"The government is requesting a sample of 50,000 Web site addresses in Google's index, instead of the one million it had demanded. And it is asking for just 5,000 search queries, compared with its earlier demand for an entire week of queries, which could amount to billions of search terms.

A Justice Department lawyer said at the hearing that the government would review just 10,000 Web sites and 1,000 search queries out of those turned over. It intends to use the data to measure the effectiveness of software that filters out pornographic Web sites.

"It is my intent to grant some relief to the government," Ware said, "given the narrowing that has taken place with the request and its willingness to compensate Google for whatever burden that imposes."

He said, however, he knew that the request for individual search terms from Google had raised privacy concerns. He appeared to be less troubled about the release of Web site addresses.

He said he was particularly concerned about perceptions by the public that Web searches could be subject to government scrutiny"

Update: Wendy Selzer is feeling watched.

"When a newspaper obtained records of then-Judge Bork's video rentals duringn 1987 hearings on his nomination for the Supreme Court, the public and members of Congress were similarly shocked that these records were so easily available. In response, Congress passed the Video Privacy Protection Act, prohibiting disclosure of video tape rental records without a warrant or court order. Though limited to sale or rental of "prerecorded video cassette tapes or similar audio visual materials," the VPPA stands out as one of our strongest privacy protection laws.

The DOJ's subpoenas for search records should be web searches' "Bork moment." Search engines, and our comfort in using them unobserved, are a key part of the Internet's vitality. If no current law protects us against government Googling our Google records, it's time to draft a law that does."

Wednesday, March 15, 2006

Pakistan Supreme Court cenor blogspot blogs

It seems the Supeme Court of Pakistan has ordered the country's ISPs to block all Blogger blogs. I won't be getting any more readers based there then.

Data mining is not the way to tackle terrorism

Bruce Schneier again: Why Data Mining Won't Stop Terror

"The promise of data mining is compelling, and convinces many. But it's wrong. We're not going to find terrorist plots through systems like this, and we're going to waste valuable resources chasing down false alarms. To understand why, we have to look at the economics of the system.

Security is always a trade-off, and for a system to be worthwhile, the advantages have to be greater than the disadvantages. A national security data-mining program is going to find some percentage of real attacks and some percentage of false alarms. If the benefits of finding and stopping those attacks outweigh the cost -- in money, liberties, etc. -- then the system is a good one. If not, you'd be better off spending that capital elsewhere.

Data mining works best when you're searching for a well-defined profile, a reasonable number of attacks per year and a low cost of false alarms...

Terrorist plots are different. There is no well-defined profile and attacks are very rare. Taken together, these facts mean that data-mining systems won't uncover any terrorist plots until they are very accurate, and that even very accurate systems will be so flooded with false alarms that they will be useless.

All data-mining systems fail in two different ways: false positives and false negatives. A false positive is when the system identifies a terrorist plot that really isn't one. A false negative is when the system misses an actual terrorist plot. Depending on how you "tune" your detection algorithms, you can err on one side or the other: you can increase the number of false positives to ensure you are less likely to miss an actual terrorist plot, or you can reduce the number of false positives at the expense of missing terrorist plots...

When it comes to terrorism, however, trillions of connections exist between people and events -- things that the data-mining system will have to "look at" -- and very few plots. This rarity makes even accurate identification systems useless.

Let's look at some numbers. We'll be optimistic -- we'll assume the system has a one in 100 false-positive rate (99 percent accurate), and a one in 1,000 false-negative rate (99.9 percent accurate). Assume 1 trillion possible indicators to sift through: that's about 10 events -- e-mails, phone calls, purchases, web destinations, whatever -- per person in the United States per day. Also assume that 10 of them are actually terrorists plotting.

This unrealistically accurate system will generate 1 billion false alarms for every real terrorist plot it uncovers. Every day of every year, the police will have to investigate 27 million potential plots in order to find the one real terrorist plot per month. Raise that false-positive accuracy to an absurd 99.9999 percent and you're still chasing 2,750 false alarms per day -- but that will inevitably raise your false negatives, and you're going to miss some of those 10 real plots.

This isn't anything new. In statistics, it's called the "base rate fallacy," and it applies in other domains as well. For example, even highly accurate medical tests are useless as diagnostic tools if the incidence of the disease is rare in the general population. Terrorist attacks are also rare, any "test" is going to result in an endless stream of false alarms...

Finding terrorism plots is not a problem that lends itself to data mining. It's a needle-in-a-haystack problem, and throwing more hay on the pile doesn't make that problem any easier. We'd be far better off putting people in charge of investigating potential plots and letting them direct the computers, instead of putting the computers in charge and letting them decide who should be investigated."

Bruce puts out a version of this essay at least once a year. Long may he continue to do so because the people that need to take heed of it are just not doing so. Like another hobby horse of mine, the second law of thermodynamics, the base rate fallacy (and Bayes Theorem from which it derives) should be a compulsory part of the school curriculum, one that also includes critical thinking more widely. The idea that using irrelevant information to make a decision (or, more accurately, a probability judgement) is not very bright is not difficult to understand. So why is it so difficult to apply in the context of complex information systems supposedly deployed to tackle complex security problems?

Schneier on privacy

Bruce Schneier has an essay on the future of privacy in his latest crypto-gram.

"The pervasiveness of computers has resulted in the almost constant
surveillance of everyone, with profound implications for our society
and our freedoms. Corporations and the police are both using this new
trove of surveillance data. We as a society need to understand the
technological trends and discuss their implications. If we ignore the
problem and leave it to the "market," we'll all find that we have
almost no privacy left...

Computers are involved more and
more in our transactions, and data are byproducts of these
transactions. As computer memory becomes cheaper, more and more of
these electronic footprints are being saved. And as processing becomes
cheaper, more and more of it is being cross-indexed and correlated, and
then used for secondary purposes.

Information about us has value. It has value to the police, but it also
has value to corporations. The Justice Department wants details of
Google searches, so they can look for patterns that might help find
child pornographers. Google uses that same data so it can deliver
context-sensitive advertising messages. The city of Baltimore uses
aerial photography to surveil every house, looking for building permit

In a sense, we're living in a unique time in history. Identification
checks are common, but they still require us to whip out our ID. Soon
it'll happen automatically, either through an RFID chip in our wallet
or face-recognition from cameras. And those cameras, now visible, will
shrink to the point where we won't even see them.

We're never going to stop the march of technology, but we can enact
legislation to protect our privacy: comprehensive laws regulating what
can be done with personal information about us, and more privacy
protection from the police. Today, personal information about you is
not yours; it's owned by the collector. There are laws protecting
specific pieces of personal data -- videotape rental records, health
care information -- but nothing like the broad privacy protection laws
you find in European countries. That's really the only solution;
leaving the market to sort this out will result in even more invasive
wholesale surveillance.

Most of us are happy to give out personal information in exchange for
specific services. What we object to is the surreptitious collection of
personal information, and the secondary use of information once it's
collected: the buying and selling of our information behind our back.

In some ways, this tidal wave of data is the pollution problem of the
information age. All information processes produce it. If we ignore the
problem, it will stay around forever. And the only way to successfully
deal with it is to pass laws regulating its generation, use and
eventual disposal."

Libertarian free marketeers won't like his conclusions but they're sound, if not sufficient. The kind of privacy regulations we have in Europe are regularly undermined by governments and commerce ignoring, regulating around (e.g. in the name of national security) and exploiting loopholes you could drive a horse and cart through (there are huge loopholes in Europrivacy regulation). Remember the EU has agreed that airlines should be forced to routinely hand over passenger data to the US authorities, arguably in breach of EU laws, yet there are no similar requirements on airlines in the US to do likewise. Yes I know some of them have been doing so voluntarily as part of the testing programs for CAPPSII and Secure Flight. I'm just saying regulation, particularly of the Swiss cheese variety, is not a panacea on its own.

In addition to having sound privacy laws, we have to ensure they are rigorously enforced (Dr Larry Brilliant's "early detection, early response" mantra applies to privacy too) and also supported by sound privacy enhancing technologies and network architectures that smart folks like Kim Cameron and Stefan Brands have been contemplating for some time. In addition further social and cultural awareness of the digital personas we create and deposit in so many different places and ways is needed, as well as an understanding of the value of that personal data both to ourselves and the organisations who collect, manipulate, analyse, use, buy and sell it.

A little plagiarism

Mark Steel has a great piece in today's Independent (sadly behind a paywall now) A little plagiarism never did a student any harm

"The mania surrounding exams isn't the fault of teachers or schools, but the result of modern beliefs about why we have education at all. Its purpose, we are led to believe, is to enable the student to get a job where they can earn more money. You need qualifications, so learn what to write in order to gain them, and it doesn't matter whether you never have the slightest interest in the subject afterwards or not."

So students are told to learn by rote and repeat what they've 'learned' in order to do well in exams. And then we complain about them copying stuff off the Net. All students handing in essays copied of the Net are doing is, as Steel says, taking "copying one step further by swiping stuff without reading it." It's a predictable emergent property of a complex system, the actors within which, in Nu Labour speak, are 'incentivised' to focus on simplistic and inappropriate targets.

My elder son is considered to be intellectually gifted and finds school stressful. When I explain to him that he has to demonstrate to the school that he can do the required work in the required way - 'tick the boxes' is the phrase I use most frequently - so that the school can tick the boxes for their bosses, he just says "That's completely pointless dad." Got it in one son.

Tuesday, March 14, 2006

The Home Secretary and the Parish Priest

This does not show Charles Clarke in a good light. A parish priest, one of Mr Clarke's constituents asked him a question and got a negative response. Here's how the good reverent's daughter, a survivor of the London bombings, tells it;

"My father tells me he at this point left his seat and strode up to Clarke, because he wanted to ask his question, and he said,

''Congratulations on fixing the meeting so that nobody can ask questions! You will have heard about Rev Julie Nicholson who is so angry she cannot forgive the bombers who killed her daughter on 7th July , well, I have a question, my daughter was feet away from the 7/7 Kings Cross bomb, and she and some other surivors have said they are not angry with the bombers, but with the Government, because there was no public enquiry. Why is there no public enquiry?''

Charles Clarke looked at my father ''in a very nasty way'', and then he said to my father

'' Get away from me, I will not be insulted by you, this is an insult'.

And he stormed past, and Dad was so upset he could not share Eucharist with this man,

and my father left the cathedral in despair.

Dad has cheered up a bit now, but he was almost in tears at being so insulted by Clarke when I spoke to him: he did not think he had insulted Clarke at all.

Why is it an insult when the father of a bomb survivor, a gentle man of God, who has never caused trouble in his life, asks for a public enquiry? Why is his question not answered?"

Call For Home Secretary To Apologise For Misleading House On Id Cards

Lynne Jones MP has written to Andy Burnham MP. The letter deserves to be widely read but I don't suppose it will be, so I hope Ms Jones won't mind me including it in full here:

"Dear Andy,

ID card and register scheme

Thank you for your letter dated 14 February, responding to some of my remarks on the World at One on Friday 10 February.

You say that it is ‘simply not credible’ to imply that the Government is proceeding by ‘sleight of hand’ because Home Office documents have made it clear that it will be compulsory for people to go on the NIR when they apply for a passport. However, as you know, our 2005 Manifesto stated the opposite. It stated that the scheme would be “rolling out initially on a voluntary basis as people renew their passports”. In the letter you sent to colleagues on Friday, referring to the Manifesto commitment, I note that you omit the first part of this phrase:

“We have a clear manifesto commitment to introduce the National Identity Register (NIR) and the identity cards scheme "as people renew their passports".

You then try and get around the fact this was supposed to be voluntary as people renew their passports by stating:

“The manifesto reference that this process would initially take place on a voluntary basis refers to the fact that no order setting a date for compulsory enrolment would be laid in this Parliament.”

How were voters supposed to know that? It is ridiculous to infer that this is what people would have understood without it being explained alongside.

Furthermore, in view of the fact that the Government has made much of the fact that further primary legislation would be required before the scheme becomes compulsory, it is perfectly reasonable to point out in interviews that, despite this, there will be compulsion for the majority of people through ‘designated documents’ which will not come through the ‘front door’ of further primary legislation.

Ministers have also frequently and repeatedly given the misleading impression that the scheme is proceeding on the basis of international requirements or is at least keeping up with international schemes, when in reality it goes far beyond these. During the last debate on 13 February, when I asked Charles Clarke which other countries propose to have 13 sets of biometric data on a centrally held database, he replied:

Mr. Clarke: A number of countries, including the United States of America, is the answer to my hon. Friend's question.

Following this, I asked the House of Commons Library if they could verify the Home Secretary’s answer. When the Library asked the Home Office 'what sources or authority the Home Secretary had relied on, when he said that a number of countries including the USA proposed to have 13 sets of biometric data on a central database' the Home Office replied “We have no specific information as to when other countries will move to using 13 biometrics.” Unless you or Charles have evidence to the contrary (that your officials are unaware of), I suggest it would be appropriate for the Home Secretary to apologise for misleading the House (I am copying him into this letter).

You state that limiting the document designation powers in the Bill will lead to higher costs, thus acknowledging that those in need of passports are expected to subsidise the ID card scheme. You make no reference to the fact that, if you had a less intrusive scheme then your costs could be as low as in other countries with biometric ID cards. As you state in your letter, all countries that issue passports and ID cards have databases to administer their scheme, but can you give details of any other scheme that proposes to have a live central database with an audit trail on the scale proposed under the NIR?

You suggest that raising the concern that the Government’s scheme may make the identity fraud situation worse is an ‘uninformed assertion’ as ‘with many criticisms of the scheme’ (without specifying to which criticisms you are referring). You state this despite the comments of the Chief Technology Officer of Microsoft UK that the Register would become a 'honeypot' for criminals. Is he ‘uninformed’? Furthermore, the European Commission’s Data Protection Working Party, in their publication Working Document on Biometrics looked at whether biometric information should be kept on smart cards and retained by the individual or whether it was acceptable to store the information on a centralised database. The House of Commons Library note on Biometrics states that the Working Party’s clear preference is for the former as it believes centralised storage presents an increased risk of data misuse. Is the Working Party ‘uninformed’?

Turning to your response to my comment that the Home Office are ‘making the scheme up as they go along’, I stand by this view, which is based on the answers I have received to Parliamentary questions, for example:

• In June 2005 the Government didn’t know how many enrolment centres there would be for the ID cards programme and have still not provided this information to MPs. Whilst it has been announced there will be some 70 centres for interviews for passports, the Home Office stated in a PQ tha, whilst these 70 centres form part of the ID card programme, ‘these offices do not necessarily form part of the enrolment centre provision’ and ‘at this stage it is not known how many of these facilities there will be’. Are we to seriously believe the Government’s estimated costs are realistic when such a major part of the project has not been worked out?

• In December 2003 the Minister stated that ‘The costs estimates which my right hon. Friend the Home Secretary set out in Command paper 6020 were based on the assumption that this automatic replacement card would be provided free of charge’. In June 2005, when asked if this assumption remained the Government’s policy, you answered ‘No such assumption was made in CM 6020.’ We have still not been told what the policy is on replacement cards and who will bear the cost. On the issue of how much it will cost an individual to replace a stolen, lost or damaged card, in a recent PQ, answered 13.02.06, we are told that no final decisions have been taken.

• No detailed planning or cost estimates have been undertaken in respect of assessments of applications for exemptions for when the ID Card scheme becomes compulsory.

• When asked if the Home Office would be revisiting its cost assumptions in line with the recommendations of the KPMG review, on 25 October 2005, Tony McNulty answered that his officials were reviewing the recommendations of the KPMG review and ‘would be acting on them in future iterations of the costings’. Yet the Government have not revised their £584m figure or referred to these KPMG recommendations in their briefings on costs.

• The Home Office admit in their own Regulatory Impact Assessment analysis of 25 May 2005 that some benefits are ‘not yet quantified completely’. In answer to a PQ asking if the cost benefit analysis of the scheme includes estimates for these unquantified benefits, we are told it did but that further analysis was underway to ‘refine these estimates’. When asked what the results were of his Department’s further analysis, you answered that benefits were continuing to be identified and quantified and the analysis was ongoing. The Government do not say whether any of this analysis will have any impact on the Government’s cost estimates.

Regarding your claim to be consulting with industry, I have to say that talking to people from the industry with an interest in procurement within the scheme is not the same as listening to the concerns of independent industry experts. You cite Intellect as a source of expert guidance. Is my understanding correct that Intellect’s membership includes several companies who are likely to bid for contracts with the Home Office? I would be more willing to accept that the Government have really researched this project thoroughly with industry experts if you had provided satisfactory replies to the many letters my constituent, Andrew Hawker (who has had many years working in the industry and who now comments on this matter independently) has taken the trouble to write.

Despite your failure to address Mr Hawker’s questions on how the benefits of the ID card scheme have been calculated, Mr Hawker has taken the trouble to respond to your last letter of 20 February, your reference: M3198/6. A copy of Mr Hawker’s letter is enclosed. I should therefore be grateful for your response to the specific points Mr Hawker has raised in the enclosed letter (and previously) about the Home Office’s estimated benefits of the ID cards scheme.

In your letter, you state that cost reviews have been done by the Treasury, Office of Government and Commerce and KPMG but won’t publish these on the basis that a detailed breakdown of costs might have procurement implications and lead to higher costs. As you will note from Mr Hawker’s letter, biometric equipment is freely advertised and priced on the internet and companies regularly announce the value of other biometric contracts. Presumably there will also be competition between bidders anxious to win what must be extremely lucrative contracts (unless you are implying such companies are capable of price rigging). Both these factors render the excuse for not providing some cost breakdown of the ID cards project most questionable. Furthermore, the Government has never addressed the point that MPs like myself have only requested a broad breakdown of the estimated costs for the major components of the scheme. We haven’t even been told the likely cost of the National Identity Register!
Finally, I would like to raise the case of individuals who could be put in danger if their biometric details are accessible on the NIR, for example security personnel or victims of crimes such as domestic violence. The intended compulsory registration of UK citizens in the NIR may endanger individuals who are threatened by terrorists or organised criminals. For instance, witnesses threatened with revenge, would typically be relocated and given new identities. Were enrolment on the National Identity Register to be established on a compulsory basis, what guarantee could then be given to such a person that their whereabouts could be kept secret? I am sure you would agree that it would become impossible to carry out anything like a normal life without a functioning ID card. Thus a witness would have to be registered in the database under their new identity. But because they are identified by biometric information in the database, and that biometric information would not have changed with their identity, it would be possible to find them using biometric information recorded before they disappeared. (Or are you accepting that multiple identities will be possible with the same biometrics?)
As an example, a photograph of the person taken before they disappeared could be used to match the facial biometric information in the database enabling all the person's details to be looked up including their new home address. No doubt you will be aware that it is possible to identify a person using an ‘iris code' obtained from a photograph taken many years before as demonstrated publicly in the case of Sharbat-Gula, an Afghan woman who appeared on the cover of Time Magazine in 1985, and who was positively identified in 2002 from that photograph using an iris biometric. I accept that, on as large a database as the NIR, facial and iris recognition alone would not necessarity provide unique identification but presumably you are arguing that possession of all 13 biometrics would. Numerous Police officers and others would be allowed to perform this type of search without the subject's consent and, while the Bill would make unauthorised disclosure of information from the Register a serious criminal offence, this could not prevent an organised criminal from coercing an authorised person into performing lookups on their behalf.
Dose the Home Office have a solution to this problem?
I should be grateful for your response to the points raised in this letter. I apologise for its length but I hope you will appreciate the serious nature of the concerns raised.

Yours sincerely,


cc Charles Clarke, Home Secretary"

Biotech patents and empirical research

An article available at SSRN, Patent Metrics: The Mismeasure of Innovation in the Biotech Patent Debate pours scorn on the idea "well accepted among many legal scholars" that biotechnology patenting has reached unsustainable levels. The authors claim to have engaged in the "first comprehensive empirical study of biotechnology patents" and found a "surprisingly diffuse pattern of patent ownership." From the abstract:

"This Article finds little evidence that the rise in biotechnology patenting is adversely affecting innovation. Counting patents, as it turns out, offers few insights on its own. One must also have a measure of the geographic scope of the scientific commons and the distribution of patents within it. These findings lead to a cautionary corollary for patent metrics generally - fundamental uncertainties associated with the statistics of innovative success cannot be overcome by sophisticated empirical methods. Ironically, the current enthusiasm for empirical work may have caused academics to reify abstract statistics over the obvious complexity of innovative processes."

So their "comprehensive empirical study" shows there is no evidence of a problem with biotech patents but the situation is too complex to measure by "sophisticated empirical methods."

The article begins promisingly with a quote from Stephen J. Gould:

"[Among] the oldest issues and errors of our philosophical tradition [are] reductionism, or the desire to explain partly random, large scale, and irreducible complex phneomena by deterministic behaviour of the smallest constituent parts... [and] reification, or the propensity to convert an abstract concept [like value] into a hard entity."

They go on having studied Patent Office statistics to retain the essence of this in their conclusions but not before making a rather strong conclusion:

"We conclude that the lack of concentrated control, rising number of patent applications, and the continuous influx of new patent owners suggest that overall biotechnology innovation is not being impaired by the growth of patents issued each year.

Our analysis also reveals the many pitfalls of seeking to resolve this question at a synoptic level using simple metrics. In this sense both the advocates of the anticommons theory and the enthusiasts of patent characteristics err by oversimplifying the multidimensional character of patent dynamics."

It's true that the biotech patent landscape is complex and neither easy to understand nor measure but then nothing in life that is really valuable is easy to measure. Whilst it may be true of some, however, I can't see that that proponents of cultural environmentalism like James Boyle, Larry Lessig, James Love, Yochai Benkler, Siva Vaidhyanathan etc. could ever be justifiably accused of underestimating the multidimensional character of patent dynamics.

Now that someone has done some patent counting, however, and skeptical though I am about their main conclusion, let's see some more empirical research and some new creative approaches to the issue.

Bound by Law released

Cory says that the Duke Center for the Public Domain's comic about copyright and the public domain is now available. Though on this side of the pond Amazon are still offering pre-orders only.

Larry Brilliant at TED

Larry Brilliant, one the leaders of the successful World Health Organization smallpox eradication program, gave an inpiring talk at this year's TED gathering, explaining how we can tap into our communications technology to help eradicate major diseases, through early detection and early response. He wants to make it "part of our culture" that there is a globally connected "community of people watching out for the worst nightmares of humanity and that it is accessible for everybody." (His talk is the third, beginning an hour into the prgramme).

Monday, March 13, 2006

Blogging James Boyle's Cultural Environmentalism at 10

Joe gratz has been blogging the Cultural Environmentalism at 10 conference at Stanford. The single most enlightening book I have ever read about the impact of intellectual property in the information age is James Boyle's Shamans Software and Spleens: Law and the Construction of the Information Society. For an engineer with no IP education to speak of circa 1999 it was a tough read but very rewarding.

I always thought the intellectual property system was a great idea but for years had been bothered by aspects of it that I was never really able to articulate. Amongst James' main lessons was the power of the romantic author metaphor as a rhetorical cover for commercial interests extracting economic rents protected by law, without the empirical evidence to justify those takings. For the first time I realised the patently obvious - the need to ask questions about the underlying assumptions of the system which was facilitating a closing off of the cultural commons in the way that James describes so eloquently in his writings. It's amazing how, when stepping out of our own areas of expertise or other comfort zones, we neglect to ask/state the obvious like "where's the evidence for this?" That's why I'd never been able to articulate my concerns. I had failed to ask the simple, rational questions -

What problem is the system designed to solve?
Is this problem if it is a problem clearly defined?
Who are the stakeholders?
What kind of system are we dealing with?
What does the system include and what does is not include - where's the system boundary?
Is the boundary in the right place?
What kind of environment surrounds the system?
Who are the power brokers and what is their source of power?
What 'solution' is being proposed?
Why has this 'solution' been chosen?
What are the underlying and hidden assumptions at play?
How well does it solve the problem?
Where is the evidence, economic and otherwise?
What other problems does it cause?
Where's the evidence?
What does the solution cost economically and otherwise?

I understand James' next book is due to be completed in the summer and recommend you look out for it. He was also the driving force behind the RSA's Adelphi Charter, btw.

For the record I still think intellectual property is a great idea, though IP is rather an unfortunate misnomer, since it leads itself to being hijacked and used as a rhetorical weapon by those with a vested interest in expanding IP law ever further at the expense of creators and the public interest. 'Temporary privileges in intellectual assets' doesn't quite have the same ring to it and 'intellectual monopoly' whilst helping to redress the rhetorical balance goes too far in the opposite direction. There must be someone amongst the raft of smart people involved in the arena who can coin a value free neutral description which captures the essence of what it is all about?

Academic Publishers support Google Book Project

The FT reports that academic publishers are viewing the Google Book Search prject as a welcome opportunity to market their books.

Brown mus win

Nick Cohen usually trains his eye on the misdeeds of the government and their close acquaintainces in commerce and civil society. Strangely enough this week he's turned his attention to copyright and in particular the Da Vinci Code dispute in the High Court.

"David Hooper, a specialist in intellectual property, said the case was something new. The Holy Blood authors are not saying that Dan Brown had copied chunks of their work verbatim. Instead, they are suing him for taking some of their ideas, researching them, playing with them and turning them into a novel. If they win, Hooper believes a chill will go through cultural life as publishers face the next to impossible task of separating original thoughts from other people's thoughts.

Restricting free use of ideas is the spirit of the age. Firms have claimed copyright on plants and parts of the human genome because ideas are worth more than all other assets. The World Trade Organisation recognised this when it made international acceptance of intellectual property rights one of the central aims of the drive to globalisation in the Nineties.

I hate to be the one who has to say it, but Dan Brown needs to win. If he doesn't, free thought may be stifled in the name of protecting ideas."

We'll overlook the mangling of copyright and patent but if a flying pig should saunter by and Brown does lose the case, Cohen is right to say it has wider implications. Will free thought be stifled? I doubt it but particularly zealous copyright holders would relish the prospect of using the case as an excuse for their own excessive legal shenanigans.

Met chief secretly records phone conversations

The Metropolitan police chief, Sir Ian Blair, has secretly recorded at least one phone converation with the Attorney General, Lord Goldsmith, though the report I heard on Radio 5 this morning was slightly confusing and there was a suggestion it may have happened more than once (somebody mentioned up to eight times). Ironically the controversion recorded focussed on the admissabilty of wire tap evidence in court. He has also apparently secretly recorded phone conversations with members of the Independent Police Complaints Commission without their consent.

Update: Spy Blog considers Sir Ian's actions understandable in the light of "the spin and media leaks which the disgraced Home Secretary David Blunkett inflicted on Sir John Stevens, the predecessor of Sir Ian Blair", that he would "feel the need to have an independent record of exactly what was, or was not said to his NuLabour political contacts."

London Underground object to tube map parodies

Geoff Marshall who holds the world record for visiting all 275 London Underground stations in 18 hours, 35 minutes and 43 seconds, has heard from the tube's lawyers and he's not too happy about it.

"Dear Geoff

This firm acts for Transport for London and Transport Trading Limited who are respectively the owner and licensee of the world-famous bar and circle device (“the Roundel”) and the Tube Map.

I would like to talk to you about your website Unfortunately, I was unable to trace a telephone number for you on the site, hence the email.

Please contact me at your earliest convenience (my direct line details are below).

I look forward to hearing from you.

Kind regards,

[name removed]
Commercial Department"

He phoned them and was told if he didn't take down his page with LU map parodies they would arrange for it to be taken down for him. Geoff says:

"Why me? Why now? Geofftech and the tube has been on the internet for five years now, and I’m not alone in using ‘the roundel’ logo and other such tube graphics. I’ve just done a very simple search this morning, and found 43 other sites within half an hour that have also ’stolen’ the graphic. Are they being contacted as well?"

The answer to that one is yes. London Transport lawyers have been contacting a number of site owners about images like those on Geoff Marshall's site.

Hollywood thanks its best customers

Derek Slater is not too impressed at how Hollywood go about thanking their best customers.

"Adam Thierer celebrates HDCP and HDMI, which help ensure that your HD content can only be used with crippled devices that obey Hollywood's commands.

Adam appreciates new software that allows him to make nifty uses of his own digital media, like (circumventing DRM to) rip DVDs onto his computer. You'd think he'd be more sympathetic to the damage these restrictions will to early adopters of new tools.

You see, plenty of early HD equipment - TVs, projectors, graphics cards, receivers - doesn't support this content production. When consumers, for instance, get a new HD-DVD, they'll get video of below HD quality (down rezzing). On products that lack an analog output, they might not be able to watch at all -- not because the equipment isn't technically capable of playing HD, but because Hollywood doesn't trust them.

That's how Hollywood thanks its best customers, the early-and-often adopters. It breaks their compatible devices and forces them to repurchase products they already own. Contrary to Thierer's suggestions, the migration to these devices is anything but "natural." What's natural about consumers being forced to throw out their current HDTV and buy another with less features? What consumer wants that?"

Sunday, March 12, 2006


A Register reader has suggested an amusing question for Tony Blair at Prime Minister's Questions next week:

" "Mr. Speaker, would the Prime Minister, a self-admitted luddite when it comes to using popular technology, technology readily used by anyone with enough dexterity to manipulate a button, would the Prime Minister disqualify himself as a credible partner in the debate about the electronic identification scheme his government wants to sell to the British people as an invaluable tool to help citizens identify themselves and to ward of the threat of international terrorism? Can we, Mr. Speaker, entrust the management of tens of millions of highly sensitive personal records of the citizens of this country to someone who admits to an inability to dial a song on an MP3-player? Can the public be certain that the cost and security implications are fully understood by their leaders? Can the Prime Minister tell us, Mr. Speaker, whether he will consult the President of the United States about some helpful hints and tips on the use of iPod-type music players on the occasion of their next meeting or will the Prime Minister head to Regent Street for an introductory course?"


A Muslim Lawyer's Defense of Publishing the Muhammad Cartoons

A Muslim Lawyer's Defense of Publishing the Muhammad Cartoons by Junaid Afeef.

"I am a Muslim. As a Muslim I am offended, disturbed and dismayed by the caricatures of the Prophet Muhammad that first appeared in the Danish newspaper Jyllands-Posten in September 2005 and subsequently in numerous European publications. I am also offended by the whole brouhaha that erupted after the cartoons’ publication.

I am offended by the rude and vile depiction of the Prophet Muhammad. I am disturbed that so many enlightened people in the West fail to see that these bigoted caricatures maligning the entire Muslim community are symptomatic of a rapidly growing, irrational hatred for Muslims. I also am dismayed by the idiotic and shortsighted response to these cartoons by Muslims all over the world.
Despite my personal feelings about the cartoons, I am helping Acton Gorton, the young man who reprinted some of these same cartoons in the Daily Illini, a newspaper that serves the University of Illinois community in Champaign, Illinois. I am Acton’s attorney.

Those who noticed that I am a Muslim attorney quickly pointed out the irony, and I readily admit that it is ironic. However, strange though it may be, it is the right thing to do.

By defending Acton I am defending First Amendment rights. In responding to the cartoon controversy many Muslims in the West, and particularly in the United States, seem to have forgotten that our community is suffering an ongoing curtailment of our First Amendment rights. Too many people in the post-9/11 world are ready to abdicate these and other fundamental rights in the hopes of greater physical security.

There is evidence of the erosion of First Amendment rights of Muslims everywhere. Muslims are increasingly being forced to suppress deeply held beliefs, candid political observations, and personal convictions for fear of governmental and vigilante reprisals.

Today, imams who speak to Muslims about matters of self-defense and jihad as Qur’anic injunctions are in jeopardy of criminal prosecution for incitement. Since the 9/11 terrorist attacks, anyone who dares to link U.S. policies with Al-Qaeda sponsored terrorism is vilified and demonized. At this rate non-violent civil disobedience by Muslims very soon will be characterized as providing material support and aid to terrorists.

I object to such curtailments of the First Amendment. As a matter of principle then, I must also object to any attempts to censor the republication of the cartoons. To demand unfettered free speech only when it suits me would be hypocritical."

The whole piece is worth reading.

French Court bans private copying hostile drm

Here's an English language report at Indicare on the French case I mentioned recently where the court took a hostile view to drm that interfered with French consumers' private copying right. Abstract:

"France is one of the European countries where a particularly vivid public discussion about DRM and the private copying exception took place. This is thanks to the efforts of French consumer organisations that initiated a number of court cases dealing with complaints of consumers about CDs and DVDs that could, among others, not be copied and ripped because of technical protection measures in place. This article discusses the latest DRM decision in France, a decision that went one step further than its predecessors when dealing with the difficult question of the relationship between DRM and private copying."

The defendands had argued that the plaintiff had no legal standing to bring the case, that there was no right to private copying, and that it was futile to expect a producer to label their products noting that they include drm because technology is changing all the time! That last one is pretty good - just imagine a food manufacturer saying you can't possibly expect them to include a label on the packaging saying 'this contains poison' because technology is changing all the time. In any case the court didn't accept any of it:

"Thankfully, the Paris Court dealt rather curtly with the argument of a lack of legal standing of UFC Que Choisir (not accepted) and the argument of lack of playability (accepted). It then ventured, without further delay, bravely onto a terrain that causes grown-up politicians and law makers to mumble excuses, look in a different direction or at their shoes and do their best to change the topic. I am speaking of Article 6 (4) of the European Copyright Directive. Article 6 (4) of the European Copyright Directive is the provision in the European Copyright Directive that addresses the conflict between DRM and copyright's exceptions. I say "addresses" and not "solves", because all that Article 6 (4) of the EUCD does is to determine rather vaguely that "Member States shall take appropriate measures to ensure that right holders make available to the beneficiary of an exception or limitation … the means of benefiting from that exception or limitation."

Court says: Users of DRM have to respect private copying exception
The Tribunal de Grande Instance Paris, after having defended once again the private copying exception and explaining patiently why it was not in conflict with the three-step-test, stressed the need to interpret French law in the light of the European Directive (see already Court of Appeals, Paris, 2004). The court's interpretation of Article 6 (4) of the EUCD led it to the conclusion that technological protection measures must respect certain exceptions, including the private copying exception. With the understatement that is so characteristic of French judges, the court then expressed in a few words the essence of much scholarly writing and ranting over the past years by observing matter-of-factly: "the application of anti-copying protection devices by phonogram producers causes the statutory limitations of the authors' exclusive rights to authorise or prohibit reproductions to fade"" [ie. DRM bypasses the law] "("La mesure de protection adoptee par le producteur du phonogramme fait disparaître la limite fixée par le législateur au droit exclusif de auteurs d'autoriser ou d'interdire la reproduction de leurs oeuvres"). Indeed.

The court continued with admirable straightforwardness to conclude that it is task of the DRM user, here: the phonogram producer, to make sure that private copying remains possible, despite the application of technological protection measures."