Sunday, December 23, 2007

FBI Prepares Vast Database Of Biometrics

From the Washington Post: FBI Prepares Vast Database Of Biometrics

Thanks to HJ Affleck at FIPR for the pointer.

Nine NHS trusts lose data HRMC style

From the BBC, the Guardian and the Mirror, the latest data loss to be publicised - 9 Enlgish NHS trusts have addmitted losing hundreds of thousands of patient records.

"Cases include the loss of a CD holding 160,000 children's names and addresses by a Trust in East London and the loss of 244 cancer patients' details by the Maidstone and Tunbridge Wells health trust in Kent.

In one case, in Norfolk and Norwich, medical papers on patients with lung, breast and colon cancer were dumped in a wheelie bin."

Publican subscriber Greek TV loses football appeal

The publican accessing Premier League matches via a £800 subscription to a Greek TV station instead of a £6000 subscription to BSkyB has lost her appeal. The judges made the decision based on domestic UK law and said it was clear BSkyB had an exclusive right in the UK to braodcast the games at the heart of the dispute. Lord Justice Pumfrey did say, however, that they had not yet considered arguments based on EU law and would do so in the New Year.

A league spokesman said:

"We hope that publicans and others will now heed the advice of the
courts and accept that the use of foreign satellite systems to screen
Premier League football in the UK is copyright theft, pure and simple"

Which is exactly the sort of comment you'd like to see iced on the top of his hat just before he is made to eat it, hopefully when the same High Court judges politely explain that the publican's right to access Greek TV is perfectly in tune with EU competition law.

Friday, December 21, 2007

NCAA rules issued on limited blogging of games

The area with the smallest importance:irritation index in the copyright land grab for me is the sports franchises' claims that they "own" the statistics on sporting contests. I get disproportionately irritated when I hear a journalist has been ejected from a stadium for live blogging about a baseball game, for example. Lest we smugly say that's the Americans for you, there have been similar moves by the Premier League in the UK and the simple question is: how can anyone own a collection of facts?

Sports statistics are a case study in why basic research and data should go into the public domain. When basic information on anything from sports to the human genome gets fenced off and handed as property to private owners, then basic education and research gets impeded, because we need to pay for access to it.

Jonathan Rowe says "If you can own facts then you can own the truth about the past. You can control what people say and write about the past." (e.g. ‘The Wind Done Gone’ case) That's not the kind of society I want my kids growing up in and the "ownership of sports statistics is a trivial but simultaneously serious illustration of the kind of power that unbalanced intellectual property landscapes can bestow. In an information society the information laws, intellectual property prime amongst them, are the default rules of the road.

In fairness, in the latest baseball case in June this year, a judge did decide the first amendment protecting freedom of expression in the US trumped the Major League Baseball franchises and players’ IP rights. (C.B.C. Distribution and Marketing, Inc. Vs Major League Baseball Advanced Media, L.P. et al. in the US Appeal Court for the 8th Circuit).

In any case (due to the importance:irritation index) I've just taken a long-winded route to pointing out the latest development in the plethora of stories on IP and sports stats, which is that the National Collegiate Athletic Association, NCAA, has issued a set of rules "allowing" accredited journalists to indulge in limited live blogging of games.

Thanks to Michael Geist for the link to the NCAA story.

(For an extra baseball DRM bonus on this one from November see http://www.boingboing.net/2007/11/07/mlb-rips-off-fans-wh.html and http://www.nytimes.com/paidcontent/PCORG_316676.html?ex=1352264400&en=7b9267f824fbfece&ei=5090&partner=rssuserland&emc=rss)

BEUC urge EU to reject Google DoubleClick deal while FTC approves

The European Consumers Organisation, beuc, the Federation of German Consumer Organisations, vzbv, the Spanish Organización de Consumidores y Usuarios, OCU, and the Italian Altroconsumo have written to competition commissioner, Neelie Kroes, urging her to reject Google's takeover of Doubleclick.

Meanwhile the Federal Trade Commission in the US have given the deal the green light, in a split 4-1 vote, noting that the proposed acquisition is unlikely to substantially lessen competition.

The consumers organisations have this to say specifically on the consequences of the deal for the privacy of people in the EU:

"The Google/DoubleClick merger would harm consumer welfare by creating a structure that
almost certainly will be less respectful of user privacy. A combined Google/DoubleClick will
be a data collection colossus that combines information about consumers that Google
collects through its search engine with the tracking data that DoubleClick collects about
users as they surf the web.

Post-merger, Google will have the ability and incentive to engage in significantly more
intrusive user tracking and profiling than exists today. This is because more intrusive
tracking and profiling would enable Google to improve behavioural ad targeting and to
attract web publishers that today prefer to sell their advertising space via their direct sales
forces. However, because the merged entity will not be subject to any competitive discipline,
the competitive constraints on its tracking and profiling practices will be fundamentally
weakened, and quite likely, ultimately eliminated. The greater privacy intrusions that will
result will constitute a much higher “cost” for consumers who obtain a good or service
online. The point which we wish to emphasize here is that these privacy intrusions will be
the direct consequence of the elimination of the competitive constraints on Google following
its merger with DoubleClick.

In addition, the combination of Google and DoubleClick would further harm consumer
welfare by reducing innovation to improve online privacy, thereby harming the quality of the
service available to consumers. Privacy protection is a competitive differentiator between
companies involved in the business of online advertising serving, especially with European
audiences. Google itself has said that it is investigating new techniques to improve its
privacy practices. Indeed search companies are currently engaging in what the media has
termed a “privacy race”. But post-merger, there is a danger that Google will loose any
incentive to continue innovating in this area due to its hugely dominant position in online
advertising. It will be under considerably less competitive pressure to improve – or even
maintain – the poor quality of its current privacy practices."

Privacy International wrote to Ms Kroes in November, with the support of Associazione per la Libertà nella Comunicazione Elettronica Interattiva (Italy), Digital Rights (Denmark), Digital Rights Ireland, Electronic Frontier Finland, European Digital Rights (EU), IRIS - Imaginons un réseau Internet solidaire (France) and Netzwerk Neue Medien (Germany), expressing parallel concerns.

Thursday, December 20, 2007

Merry Christmas from the copyright police

From TorrentFreak: A small charity are getting a little fed up with the attentions of the UK Performing Rights Society.

"The staff at a charity also received a visit from a PRS officer who declared that because a staff radio in the kitchen could be overheard by the public in their tea-room, they would need a license. The charity, Dam House, which was originally set up to save a historic building and offer community and health facilities, had to have a fund-raising event to raise the money for the license.

However, having purchased a license, this wasn’t the end of the matter. The PRS then started asking more questions, and when they discovered that kids sing in a carol concert there at Christmas, they declared that the premises were under licensed. Yes, of course - the PRS wanted yet more money."

They did generously say that the kids would be allowed to sing old songs on which the copyright had expired without having to pay any fees.

Burst's new patent on digital recording

Burst.com were issued a patent on 18 September this year on digital video recording, aka a 'System and method for time-shifted program viewing'.

The patent covers receiving a digital TV signal, storing it, enabling people to watch one programme while storing new ones and so on. It's right up there with the Blackboard patent on delivering courses via the Net.

Burst applied for their patent way back in May 1998.

David Byrne's Survival Strategies for Emerging Artists — and Megastars

At Wired: David Byrne's Survival Strategies for Emerging Artists — and Megastars

The Generational Divide in Copyright Morality

David Pogue at the NYT has been finding out that what he thought was obvious in the context of illegal file sharing has failed to bridge the generational gap.

"“I borrow a CD from the library. Who thinks that’s wrong?” (No hands go up.)

“I own a certain CD, but it got scratched. So I borrow the same CD from the library and rip it to my computer.” (A couple of hands.)

“I have 2,000 vinyl records. So I borrow some of the same albums on CD from the library and rip those.”

“I buy a DVD. But I’m worried about its longevity; I have a three-year-old. So I make a safety copy.”

[...]

“I record a movie off of HBO using my DVD burner. Who thinks that’s wrong?” (No hands go up. Of course not; time-shifting is not only morally O.K., it’s actually legal.)

“I *meant* to record an HBO movie, but my recorder malfunctioned. But my buddy recorded it. Can I copy his DVD?” (A few hands.)

“I meant to record an HBO movie, but my recorder malfunctioned and I don’t have a buddy who recorded it. So I rent the movie from Blockbuster and copy that.” (More hands.)

And so on...

The exercise is intended, of course, to illustrate how many shades of wrongness there are, and how many different opinions. Almost always, there’s a lot of murmuring, raised eyebrows and chuckling.

Recently, however, I spoke at a college. It was the first time I’d ever addressed an audience of 100 percent young people. And the demonstration bombed."

Limited or no wireless connectivity - it shouldn't be this difficult

Ok I've had enough. I've spent several hours today trying to connect a couple of Windows XP laptops to my home wireless smart access point and router.

Should be easy right? Get Windows to detect local access points, click connect, key in the network security key and you're off. Nope. That gives 'limited or no connectivity'. So the laptop is connected to the router but can't do anything else, as it doesn't get allocated an IP address automatically. I check Windows firewall and the settings are all as expected, with no gremlin blockers. I check the router network key, which accounts for this kind of problem in most circumstances but no it is fine too. Same problem with both machines. I do all the usual tricks, switching router off, re-booting etc., nothing works.

Ok let's take the simple route. Load the router client and use the AOSS connectivity exchange route, which conveniently and automatically exchanges all the appropriate settings between laptop and router without having to do it manually. Nope. AOSS light flashes on the router to say come and get me. Click the AOSS button on the newly loaded laptop client and it has a search, but despite being right beside the router, can't seem to find it. Ironically the windows scanner had picked up the router immediately but the windows scanner is disabled now
I've installed the router client. So I uninstall the router client and the machine can 'see' the router again just not connect to it.

I check accessible wireless networks and there are several around here. I check the settings, properties, authentication, security, data encryption etc. etc. on my router. Everything is as the manual, which I've now resorted to reading, suggests it should be.

I haven't got a whole lot of hope but then I load the router client on the other older laptop and try AOSS connect. Bingo! It finds the router, exchanges settings and I'm finally back on the Net. Except I'm only partly so. I need to do some stuff on iTunes. Opens fine as usual but won't connect to the Net. The error says "make sure your network settings are correct". Given I've just spent a lot of time doing precisely that, I'm not impressed. Ok so we're back to checking firewalls etc. No iTunes is not blocked - all as it should apparently be but it still won't connect. So I uninstall iTunes and via my partly enabled (one at least) laptop re-install it again. Yes I can get at the Apple site via a browser but not via iTunes. iTunes and Windows are not playing ball again. Doesn't that sound like a familiar story. In any case the newly re-loaded iTunes has no more success that the (same) version that was not working before I uninstalled it. So I re-boot for the umpteenth time today, with no more success than previous occasions.

Ok maybe I can do it via Windows Media player. Nope that doesn't want to connect to the Net either...

The point of the rambling rant is that I like computers (at least some of the time!) and, though I'm not a code jockey, have a one-eyed-man-in-the-kingdom-of-the-blind notion of where to start if things don't work as they should. But most people don't care about getting under the bonnet of a computer. They just want it to work out of the box. And it should! It is incredible what we just accept in terms of the lousy functionality of the computing kit we invest such vast sums in (remember it is the newer machine - which originally came with Vista but I couldn't put up with all the baggage on that and had it replaced with XP - which won't connect at all). Meanwhile I know I'm missing something patently obvious that's stopping me getting properly connected but no matter how patently obvious it might be, it should not have been a problem to begin with.

Enough said.

Kim Cameron's Identity blog

Given all the publicity surrounding data debacles in the past few weeks, could I again recommend Kim Cameron's identity blog as one of the most informed sources on the Web on this whole subject.

It's funny how I read Kim's blog so often I had just assumed I had it on my blogroll, yet I had not got around to putting it there until this morning!

I really should find some time to smarten up this blog including making sure my sources are up to date. I had a similar issue with my rss reader recently when it was recommending blogs I thought I had already subscribed to.

Wednesday, December 19, 2007

The NHS can do data protection

Kim Cameron has pointed out that some UK government bodies do understand secure data management:

"Scotland’s eCare has been recognised at an international awards ceremony on good practice in data protection. On Tuesday, 11 December, the Data Protection Agency of the Region of Madrid awarded the eCare framework one of two “special mention” awards. The aim of the annual prize is to expand the awareness of best practices in data protection by government bodies across Europe.

I’m really pleased to see the authors of eCare recognized. They have created a system for sharing health information that concretely embodies the kind of thinking set out in the Laws of Identity...

Ken Macdonald, Assistant Commissioner (Information Commissioner’s Office, which provided a note of support for the eCare application) has commented:

It is wonderful to see UK expertise in data protection being officially recognised in Europe for the second year running. Recent events have highlighted the need to comply with the principles of the Data Protection Act and I am delighted to see the eCare Framework and the Scottish Government setting such a fine example to others not just in the UK but throughout Europe.

I hope the work is published more broadly. From seeing presentations on the system, it partitions information for safety. It employs encrypted data, not simply network encryption. It favors local administration, and leaves information control close to those responsible for it. It puts information sharing under the control of the data subjects. It consistently enforces “need to know” as well as user consent prior to information release. In fact it strikes me as being everything you would expect from a system built after wide consultation with citizens and thought leaders - as happened in this case. And not surprisingly with such a quality project, it uses innovative new technologies and approaches to achieve its goals."

Sopranos creator says IP lawsuit made him sick

From AP via Findlaw:

"The creator of "The Sopranos" testified that he wanted to cry when he learned in 2002 he was being sued by a former municipal judge who wanted credit for his role in the creation of the hit mob television drama."

Tuesday, December 18, 2007

They've done it again and are still focussing on news management

Right after the ministerial statement on Kieron Poynter's interim report on the HMRC data Chernobyl, it got out that there was another major data leak, this time from the DVLC (via Pearson Driving Assessments in Iowa!) on learner drivers.

Are the government doing anything about it? Of course not - they're offering another token superficial apology and are hoping it will all die down soon, given the world of short attention spans that we inhabit. The "latest" scandalous data mismanagement, btw, happened in May this year but someone at Whitehall obviously thinks it's an opportune time to release the information. Publicise some of the big data losses now and hopefully it will all disappear from the media radar in a few weeks, especially with Christmas coming up and the new Italian England manager to think about. The government are so blindly focussed on data debacles as a news management problem that they can't even conceive of actually seriously doing anything about the issue.

I had some small hope when Blair left and Brown came in that the complete obsession with news management at the expense of substantive government would be at least slightly abated. But it seems that for the Brown Nu Labour government it is all ahead as before.

Monday, December 17, 2007

Lessons from Facebook’s Beacon Misstep

Ed Felten says there should be some lessons learned from Facebook’s Beacon misstep.

"Facebook recently beat a humiliating retreat from Beacon, its new system for peer-based advertising, in the face of users’ outrage about the system’s privacy implications. (When you bought or browsed products on certain third-party sites, Beacon would show your Facebook friends what you had done.)

Beacon was a clever use of technology and might have brought Facebook significant ad revenue, but it seemed a pretty obvious nonstarter from users’ point of view. Trying to deploy it, especially without a strong opt-out capability, was a mistake. On the theory that mistakes are often instructive, let’s take a few minutes to work through possible lessons from the Beacon incident.

To start, note that this wasn’t a privacy accident, where user data is leaked because of a bug, procedural breakdown, or treacherous employee...

Organizations often have trouble predicting what will cause privacy outrage. The classic example is the U.S. government’s now-infamous Total Information Awareness program. TIA’s advocates in the government were honestly surprised when the program’s revelation caused a public furor. This wasn’t just public posturing. I still remember a private conversation I had with a TIA official who ridiculed my suggestion that the program might turn out to be controversial...

Of course, privacy is not the only area where organizations misjudge their clients’ preferences. But there does seem to be something about privacy that makes these sorts of errors more common.

What makes privacy different? I’m not entirely certain, but since I owe you at least a strawman answer, let me suggest some possibilities.

(1) Overlawyerization: Organizations see privacy as a legal compliance problem. They’re happy as long as what they’re doing doesn’t break the law; so they do something that is lawful but foolish.

(2) Institutional structure: Privacy is spun off to a special office or officer so the rest of the organization doesn’t have to worry about it; and the privacy office doesn’t have the power to head off mistakes.

(3) Treating privacy as only a PR problem: Rather than asking whether its practices are really acceptable to clients, the organization does what it wants and then tries to sell its actions to clients. The strategy works, until angry clients seize control of the conversation.

(4) Undervaluing emotional factors: The organization sees a potential privacy backlash as “only” an emotional response, which must take a backseat to more important business factors. But clients might be angry for a reason; and in any case they will act on their anger.

(5) Irrational desire for control: Decisionmakers like to feel that they’re in control of client interactions. Sometimes they insist on control even when it would be rational to follow the client’s lead. Where privacy is concerned, they want to decide what clients should want, rather than listening to what clients actually do want.

Perhaps the underlying cause is the complex and subtle nature of privacy. We agree that privacy matters, but we don’t all agree on its contours. It’s hard to offer precise rules for recognizing a privacy problem, but we know one when we see it. Or t least we know it after we’ve seen it."

In the case of the UK government, it looks as though privacy is sadly set to be perceived by them as no more than a PR problem. Maybe someone should do a Geist-Facebook assault on this case too?

UK government refuses to listen on data management

Kieron Poynter of PriceWaterhouseCoopers did publish his interim report today into the failures that led to HM Revenue and Customs (HMRC) losing 25 million confidential records about UK citizens claiming child benefit. The reaction of the government to the report is yet another clear indication that they just refuse to listen on the subject of large databases. The Foundation for Information Policy Research says:

"The Foundation for Information Policy Research (FIPR) believes that
the Government's response to the interim Poynter report shows that
they just don't understand what has gone wrong. Their refusal to
abandon the headlong rush towards Transformational Government -- the
enormous centralised databases being built to regulate every walk of
life -- is not just pig-headed but profoundly mistaken.

Both Alasdair Darling, commenting on the HMRC fiasco, and Ruth Kelly,
telling the House about the loss of 3 million people's personal
information, told us that once `lessons have been learned' and
`procedures tightened' the march to ever-larger database systems will
continue.

Before Transformational Government came along, only small amounts of
data were lost -- but as the new databases cover the whole population,
everyone's affected now, not just a few unlucky people.

Transformational Government means putting all of the eggs into one
basket and it is creating:

* The multi-billion pound identity card scheme, to hold data on the
whole population

* The National Health spine, which will make everyone's health records
available for browsing by a million NHS workers

* ContactPoint which will record details on every child in England,
with details of their parents, carers and indicators of whether they
have any contact with social services. Three hundred thousand people
can look that information up.

* A universal pensioner's bus pass scheme which will hold the data on
17 million people, and in principle will let any bus driver learn
your age and address -- when all that it should record is an
entitlement to free travel.

Ross Anderson, Chair of FIPR and Professor of Security Engineering at
the University of Cambridge said, "the Government believes that you
can build secure databases and let hundreds of thousands of people
access them. This is nonsense -- we just don't know how to build such
systems and perhaps we never will. The correct way to design such
systems is to localise the data, in a school, in your local GP
practice. That way when there is a compromise because of a technical
failure or a dishonest user then the damage is limited.

"You can have security, or functionality, or scale -- you can even
have any two of these. But you can't have all three, and the
Government will eventually be forced to admit this. In the meantime,
billions of pounds are being wasted on gigantic systems projects that
usually don't work, and that place citizens' privacy and safety at
risk when they do."

Richard Clayton, FIPR Treasuer said, "Personal data ought to be
handled as if it were little pellets of plutonium -- kept in secure
containers, handled as seldom as possible, and escorted whenever it
has to travel. Should it get out into the environment it will be a
danger for years to come. Putting it into one huge pile is really
asking for trouble. The Government needs to completely rethink its
approach and abandon its Transformational Government disaster.""

As I said in my letter to my MP,

"This privacy timebomb cannot be allowed to be forgotten to tick away merrily once the media frenzy has moved on to some other government failure or failures, as it inevitably will. It is important that we begin to call a halt to the government's deployment of technological systems they don't understand, in contexts and environments to which they are ill suited, and constructed in ways which if suggested by an entry level computer science student would cause him/her to receive a fail grade. The government are not merely failing with these systems, however, they are doing untold damage to the fabric of our society."

The power of Facebook

Michael Geist has been surprised by the power of Facebook to mobilise opposition to the Canadian government's proposals for their own DMCA.

"consider the experience of the Fair Copyright for Canada Facebook group, which I launched on December 1st with limited expectations. With the federal government expected to introduce new copyright reform within a matter of days, a Facebook group seemed like a good way to educate the public about an important issue. I sent invitations to a hundred or so Facebook friends and seeded the group with links to a few relevant websites.

What happened next was truly remarkable - within hours, the group started to grow - first 50 members, then 100, and then 1000 members. One week later, there were 10,000 members. Two weeks later, there were over 25,000 members with another Canadian joining the group every 30 seconds.

The big numbers tell only part of the story. The group is home to over 500 wall posts, links to 150 articles of interest, over 50 discussion threads, dozens of photos, and nine videos. Nine days ago, it helped spur on an offline protest when Kempton Lam, a Calgary technologist, organized 50 group members who descended on Industry Minister Jim Prentice's local open house to express their views on copyright...

Much to the surprise of skeptics who paint government as unable or unwilling to listen to public concerns, those voices had an immediate impact. Ten days after the Facebook group's launch, Prentice delayed introducing the new copyright reforms, seemingly struck by the rapid formation of concerned citizens who were writing letters and raising awareness.

Not only had tools like Facebook had an immediate effect on the government's legislative agenda, but the community that developed around the group also led to a "crowdsourcing" of knowledge. Canadians from coast to coast shared information, posed questions, posted their letters to politicians, and started a national conversation on copyright law in Canada.

Poynter Report on UK HMRC Data Chernobyl

Today Kieron Poynter of PriceWaterhouseCoopers will publish his report into the failures that led to HM Revenue and Customs (HMRC) losing 25 million confidential records about UK citizens claiming child benefit and there will be a ministerial statement on the review this afternoon.

I wrote to my MP about this (not something I make a habit of but probably should do more often) with more than a little help from ORG. Thanks for the prompt, Glyn. Extract:

"For technologists (amongst whom I count myself, as a senior lecturer in technology and author of 'Digital Decision Making: Back to the Future' published earlier this year by Springer-Verlag), one of the most worrying developments since this crisis has been ministers’ using it as an excuse to push for solutions based around biometrics, solutions that would actually increase the privacy risks we are exposed to. Six leading academics recently wrote to the Parliamentary Joint Committee on Human Rights to express their dismay at how biometrics are seen as a magic fix for improving security. These experts, Professor Ross Anderson, Security Engineering, University of Cambridge, Dr Richard Clayton, University of Cambridge Computer Laboratory, Dr Ian Brown, Oxford Internet Institute, University of Oxford, Dr Brian Gladman, Ministry of Defence and NATO (retired), Professor Angela Sasse, Department of Computer Science, University College London, Professor Martyn Thomas, CBE FREng, Software Engineering, University of Oxford,
said:

“These assertions are based on a fairy-tale view of the capabilities of the technology and in addition, only deal with one aspect of the problems that this type of data breach causes. … Furthermore, biometric checks at the time of usage do not of themselves make any difference whatsoever to the possibility of the type of disaster that has just occurred at HMRC. This type of data leakage, which occurs regularly across Government, will continue to occur until there is a radical change in the culture both of system designer and system users. The safety, security and privacy of personal data has to become the primary requirement in the design, implementation, operation and auditing of systems of this kind.”

These technologies are unproven and will not be ready for commercial deployment for another 15 years. I know it is tough to get through to them but please encourage the Government to listen to the facts on biometrics, as experts like Ross Anderson have been doing for years (sadly with little success)...

Professor Anderson has stated repeatedly

“Again and again and again these warnings have been made in different contexts by expert groups and the Government has not been interested.”

And it is not just Professor Anderson who has been saying this. It is whole armies of respected experts who really understand the technologies the government are deploying in such an expensive and dangerous fashion. Kim Cameron (Microsoft’s Chief Architect of
Identity) has described the HMRC 25 million data loss as "Britain’s HMRC Identity Chernobyl". He also says:

'We are living in an age where systems dealing with our identity must be designed from the bottom up not to leak information in spite of being breached. Perhaps I should say, “redesigned from the bottom up”, because today’s systems rarely meet the bar. … There is no need to store all of society’s dynamite in one place, and no need to run the risk of the collosal explosion that an error in procedure might produce.'

...it is essential that you and your many colleagues in parliament encourage the Government to heed the warnings of these and other experts. This privacy timebomb cannot be allowed to be forgotten to tick away merrily once the media frenzy has moved on to some other government failure or failures, as it inevitably will. It is important that we begin to call a halt to the government's deployment of technological systems they don't understand, in contexts and environments to which they are ill suited, and constructed in ways which if suggested by an entry level computer science student would cause him/her to receive a fail grade. The government are not merely failing with these systems, however, they are doing untold damage to the fabric of our society."

Computers are terrifically useful, flexible and fun. We should be using them to solve problems rather than create them.

Saturday, December 15, 2007

Mark Thomas wants Gordon Brown jailed for demonstrating in Parliament Square

Mark Thomas wants help to put Gordon Brown in jail, for breaking his own law against demonstrating in Partliament Square. In fairness, though, I guess it was his predecessor who insisted on rushing the Serious Organised Crime and Police Act through parliament in 2005 because he was fed up with Brian Haw shouting at him through a megaphone from Parliament Square (See Taking Liberties Since 1997, starting at page 36 for a nice description of the story).

"If MPs pass ridiculous laws to limit our freedom, they should be forced to abide by them too

Mark Thomas
Thursday December 13, 2007
The Guardian


Rarely do first lines have the potential to cost thousands of pounds (outside of libel), and rarely do I get to write words quite like those that follow; so forgive me an over-dramatic opening sentence, but yesterday lawyers acting for me started an attempt to get Gordon Brown into the dock.

With lawyers and police working on the ongoing Donorgate inquiries, Downing Street can be quite crowded if you are trying to bring a legal action. Nonetheless, my lawyers delivered a letter to the director of public prosecutions yesterday afternoon calling for an urgent investigation into allegations that the prime minister broke the law by demonstrating unlawfully in Parliament Square last summer. If found guilty he could face 50 weeks in prison - though, after serving 10 years at No 11, he should do his bird with ease."



I do like his brand of serious humour.

Friday, December 14, 2007

Breaking the secrecy of the voting booth

Thanks to Glyn via the ORG list for the pointer to this YouTube video by Ron Gongrijp and co.:



After nearly 20 years of using computing machines, a TV programme just before the elections last year finally brought home the problems with evoting to the masses. The Dutch have now abandoned computer based voting, at least for the time being.

"On September 27, 2007 the Election Process Advisory Commission issued its 'Voting with confidence' report. The State Secretary for the Interior immediately announced that the 'Regulation for approval of voting machines 1997' will be withdrawn. On October 1, 2007 the District Court of Amsterdam decertified all Nedap voting computers currently in use in The Netherlands. The court order is a result of an administrative law procedure started by 'We do not trust voting computers' in March 2007. On October 21, 2007 the 'Regulation for approval of voting machines 1997' was finally withdrawn.

Elections in the Netherlands will be held using paper ballots and red pencil for a while. After that, we will likely be using 'vote printers' and separate counting machines."

Pity Bertie Ahern won't take the hint.

Data on 160,000 children lost by London hospital

I'm fairly sure these kinds of data losses are not new but in the wake of the HMRC debacle they have become temporarily newsworthy. The latest, via Ideal Government. I hope Ruth Kennedy won't mind me quoting her in full:

"That-paper-which-now-looks-really-heavyweight-in-comparison-to-all -the-freebie-showbiz-gossip-rags reports tonight that the personal details of 160,000 children have been lost at a London hospital in a fresh blunder over confidential information.

A computer disc containing the data was sent to St Leonard’s Hospital in Hackney but failed to reach the right department - even though it was signed for by hospital staff. The disc contained the names, dates of birth and addresses of 160,000 children and there were fears the information could be enough for criminals to create fake identities. The blunder occurred when the disc was sent by courier to the Hackney hospital by BT, which operates the NHS’s IT system, on 14 November. It is believed the courier company used by BT did not check that it was signed for by the correct person and the disc never reached its intended destination in the IT department.

A spokeswoman for City and Hackney Primary Care Trust, which runs St Leonard’s Hospital, said “BT couriered a fully encrypted disc containing patient information to City and Hackney PCT. “It was not received by the named recipient, and attempts by the PCT to find the disc have so far failed. All deliveries of personal information have been suspended in light of the breach.” BT today called for parents to remain calm over the latest incident. A spokesman said: “Patients should not be concerned because BT uses the highest levels of security to safeguard the data in its care.

[Er… short of making sure that it or its representatives only hands over the data to the person who is supposed to receive it?]

“All NHS data sent by disc is fully encrypted to industry standards. We apply stringent controls in managing the complex encryption pass phrases necessary for unlocking the data. In this instance the encryption pass phrase would only have been released after one of two named individuals confirmed receipt. This was not confirmed so the encryption pass phrase has not been issued.

Ah… we can relax then. (Though the Standard worries that even 256-bit encryption has recently been shown by researchers to be crackable in two weeks...)

All this attention on missing data is not unhelpful in drawing ordinary people’s attention to a) the volume and frequency of personal data transfers and b) the potential value of their personal data. That’s not a bad thing - probably more effective than a fancy public service advertising campaign. Ruth Carnall, chief executive of NHS London, has asked for an independent review of all NHS data transfer in London. WIBBI all these emergency reviews encompassed a really citizen-centric cost-benefit analysis of centralised data systems. "

Thursday, December 13, 2007

When you don't like the decision, sack the decision maker

From the Independent today: You're fired! Councillor loses his job after voting against Donald Trump's golf course

MercExchange win another round v eBay

MercExchange has won the latest round in the long running, electronic button patent, dispute with eBay.

"A federal judge has approved a roughly $30 million judgment against eBay Inc. more than four years after a jury concluded the online auctioneer had infringed on the patent of a small Virginia company.

U.S. District Court Judge Jerome Friedman's certification, issued late Tuesday in Virginia, edges Great Falls, Va.-based MercExchange LLC a step closer to cashing in on its long-running battle against one of the Internet's powerhouses.

But eBay still hopes to avoid writing a check."

Much though we may like to sympathise with the underdog, and in this case MercExchange has apparently reduced its workforce from 40 to 3, it is frankly ludicrous that a patent for a "buy it now" electronic button on a website should have been awarded in the first place, let alone kept expensive lawyers and the full gamut of the US court system (including the US Supreme Court last year, where at the hearing Chief Justice Roberts confessed himself somewhat perplexed that something so obvious could be the subject of a patent dispute) gainfully employed for over four years.

Wednesday, December 12, 2007

3 strikes and you're terminated

From Michael at ORG:

"Last week’s Social Market Foundation event - ‘Intellectual Property Rights and Consumer Rights’ - despite the title’s implied concern for balance, showed disregard for consumers and promoted rights holders’ interests. The minister responsible for UK-IPO spoke of the need for balance in reforming Britain intellectual property regulation but Government’s actions do not yet evidence this commitment. The BPI’s trail for a UK version of France’s ‘3 strikes’ approach to p2p infringement also gave cause for concern.

The Parliamentary Under-Secretary for the Department for Innovation, Universities and Skills’, Lord Triesman, broad-ranging speech (link to PDF download) took in the usual policy concerns of technological developments, new business models, traffic in infringing content and consumer awareness of IPR. However, a year on from the Gowers Review recommendations for flexible copyright regulation, including a ‘format-shifting’ exception to legalise the near-universal practice of transferring CD recordings to mp3 players, seem no closer despite the rapid allocation of funding to ‘anti-piracy’ enforcement. Ian Brown, billed as the event’s agent provocateur, slammed the speech for its anti-competition and anti-consumer stance. For a more balanced approach to these issues, Ian’s slides are available for download.

In the panel discussion that followed, Richard Mollett flagged moves towards a voluntary agreement between the BPI and ISPs to reduce copyright-infringing traffic, similar to France’s ‘3 strikes’ model. He expects an initial warning from the ISP that infringing traffic is associated with a particular account will halt 75% of infringers. If suspicious activity continues then account suspension is the next step, before the final sanction of account termination. Even assuming there will be adequate appeal procedures, although no assurances were given, this mechanism will harm consumer interests unless systems for identifying protected content operate perfectly. Regardless, and fortunately this point was recognised by all parties to the discussion, cutting off internet access is very much the ‘nuclear option’. The proportionality of this approach still requires broader public discussion given internet access may soon become a basic need, comparable to utilities like water and electricity."

Yale's open courses

Yale now have an open content project, Open Yale Courses. Yaaay(l). (Sorry - couldn't resist it). At the moment they cover astronomy, english, philosophy, physics, political science (I wish they wouldn't call it that - politics is not science), psychology and religious studies.

Patent Troll Tracker stats for 2007

The Patent Troll Tracker has been adding up the number of patent troll cases seen in the US between January and November 2007.

"Here are the cumulative statistics for the first 11 months of 2007, comparing the various districts. Note that I got an email from someone who had numbers run independently, and I am told I have undercounted the number of cases by X and the number of defendants in EDTX by Y. As I said above, this is really a judgment call. I may not have counted all of the bifurcated Judge Clark cases while someone else may have. Either way, even if my numbers are low, they are astoundingly high compared to history:

ED Texas: 343 patent cases, 1,320 defendants sued (140 troll cases)
CD California: 251 patent cases, 647 defendants sued (17 troll cases)
D New Jersey: 176 patent cases, 329 defendants sued (13 troll cases)
D Delaware: 128 patent cases, 310 defendants sued (16 troll cases)
ND California: 127 patent cases, 240 defendants sued (19 troll cases)
ND Illinois: 125 patent cases, 231 defendants sued (23 troll cases)
SD New York: 95 patent cases, 244 defendants sued (13 troll cases)

Peter Zura has an interesting post here, where he notes that Justia's stats show 2,577 cases for 2007 through the end of November - probably trending to be flat for the year, in terms of number of cases (ECF has 2,741 cases, 248 in November -- which has to have you wondering whether to trust Justia on this). But Zura wonders whether, if you track by the number of defendants, 2007 is in fact busier than previous years.

I think the answer is a resounding yes. The numbers I have collected and the ones others have sent me indicate that even though the number of cases filed nationwide is trending to be flat from 2006 to 2007, or perhaps up slightly - like 5% - the number of defendants sued is way way up. In EDTX alone, there were around 1,000 defendants sued in 2006, give or take. Well, already through the end of November, there are over 1,300 sued, a 30% increase. I am projecting around a 30% increase nationwide from 2006 to 2007, and perhaps even higher. That's about 1,800-2,000 more defendants sued for patent infringement in 2007 vs. 2006."

The obsession with improving voter turnout is dangerous

Councillor's Commission, has decided that councils be allowed to offer people a material incentive, like a free lottery ticket, to encourage people to vote, thereby improving voter turnout in local elections.

" All this stuff about turnout would hardly be worth going on about if it was just a matter of preventing some councillors luring people to the polling station with the offer of a free tombola. Unfortunately the drive to increase turnout has a serious consequence. It leads politicians (particularly, at the moment, Labour ones, who fear it is their voters staying at home) to feel that it is more important to make voting easier than it is to ensure that the voting system is secure...

The Electoral Commission, the body policing the system, has been working hard to ensure voting and politics has integrity. And it has repeatedly argued that we need individual-signed voter registration. Tomorrow it will press its case again. But it is being resisted by MPs. Why? Because it is feared that such registration will reduce turnout.

This obsession with turnout isn't simply pointless. It's dangerous."

'Digital Decision Making: Back to the Future' a "must read"

In a bout of shameless self promotion, I just wanted to say many thanks to Kim Cameron for describing my book, Digital Decision Making: Back to the Future, as "a must read". Coming from one of the smartest digital identity architects of our time, I consider that a huge compliment.

The Canadian Facebook Copyright Activists

Michael Geist set up a Facebook page at the beginning of December to protest against the Canadian government's plans to introduce their own version of the DMCA and EUCD. As of today it has 17,732 members (5 of whom have signed up in time it took me to write this post). Michael has been articulating the problems with the proposed legislation on his blog for some time. Other highly respected bloggers like Cory Doctorow and Howard Knopf have also been railing against the proposals and there have been various real world protests, all of which, superficially at least, seem to have led the minister driving the proposals to stop (scroll to top to see Geist's commentary) and consider whether he is doing the right thing.

The Facebook page is labelled 'Fair copyright for Canada.'
"The Canadian government is about to introduce new copyright legislation that will be a complete sell-out to U.S. government and lobbyist demands. The new Canadian legislation will likely mirror the U.S. Digital Millennium Copyright Act with strong anti-circumvention legislation that goes far beyond what is needed to comply with the World Intellectual Property Organization's Internet treaties. Moreover, it will not address the issues that concern millions of Canadians. For example, the Conservatives' promise to eliminate the private copying levy will likely be abandoned. There will be no flexible fair dealing. No parody exception. No time shifting exception. No device shifting exception. No expanded backup provision. Nothing that focuses on the issues of the ordinary Canadian.

Instead, the government will choose locks over learning, property over privacy, enforcement over education, (law)suits over security, lobbyists over librarians, and U.S. policy over a "Canadian-made" solution.

This group will help ensure that the government hears from concerned Canadians. It will feature news about the bill, tips on making the public voice heard, and updates on local events. With regular postings and links to other content, it will also provide a central spot for people to learn more about Canadian copyright reform."

Tuesday, December 11, 2007

Craig Venter and the synthetic genomes patents

The ETC Group have been getting exorcised over Craig Venter's latest genome patent land grab.

"Six months ago ETC Group exposed the Venter Institute’s controversial patent applications on the world’s first human-made living organism built entirely from synthetic DNA (dubbed “Synthia” by ETC Group). Newly published patent claims reveal an even bigger grab for ownership of synthetic life.

A suite of patent applications lodged by J. Craig Venter and his colleagues claims exclusive monopoly on a wide swath of synthetic biology and demonstrate a not-so-subtle move to position Venter’s company, Synthetic Genomics, Inc., as the ‘microbesoft’ of synthetic life. Find out about “The Men & Money Behind Synthia.”

This time, Venter’s shop isn’t claiming a single microbe (Synthia) made from synthetic DNA – the new claims are broadly framed to seek exclusive monopoly on ALL synthetic genomes. Venter’s latest bid for extreme monopoly has drawn strong condemnation – but not much surprise – from civil society and from scientists in the field of synthetic biology."

EU Online Copyright Bill Coming

IPWatch worry the publishing industry have got too cosy with EU information Society Commissioner, Viviane Reding.

"European publishers and copyright holders have a friend in European Information Society Commissioner Viviane Reding, which she reinforced last week in describing efforts to push through a new bill on digital publishing copyrights. At the same event, publishers and cutting-edge US technology company SecondLife debated IP issues such as the problems of digital rights management for protecting copyrights.

“Copyright is a cornerstone of the information and knowledge-based society,” Reding told the 6 December European Publishers’ Forum. “This is why I introduced in the new framework an appropriate balance between ownership and access.”

“This is a concrete legal endorsement of the role of copyright and I hope it will send a signal across the whole industry at a critical time,” she said."

A watched society leads to active conformity

Lynne Duke at the Washington Post has been thinking about our growing surveillance society and the degree to which awareness of that surveillance leads people to actively conform to expected behaviour norms.

Thanks to Suw via ORG for the link.

Race.Net Neutrality

Jerry Kang has a fascinating paper on net neutrality pending publication in a forthcoming Journal on Telecommunications and High Technology Law. It's available at SSRN: http://ssrn.com/abstract=1000042 He essentially uses the history of race discrimination to shine a light on net discrimination. This kind of cross disciplinary analysis has long been advocated by my colleagues in the systems department at the Open University.

Abstract:

"The “net neutrality” debate is undergoing a theoretical transition. Since the late 1990s, we have moved from “open access,” to “end to end,” to “net neutrality,” and by 2007, the question seems to have transformed into “anti‐discrimination.” To the extent that net discrimination frames the question, our history and experience with race discrimination should be cognitively salient. Although patently different subjects, these two forms of discrimination share some similarities which have been noted by various commentators but never systematically explored. This Essay begins that study, with the goal of gleaning lessons for telecommunications policy.

A comparison and contrast between race discrimination and net discrimination teaches us, first, to particularize the discrimination at issue, and to be wary of what I call normative carve‐outs in defining discrimination. Second, the comparison sensitizes us to the clash between welfarist and deontological concerns that have not been adequately distinguished within the net neutrality debate. Third, it urges us to be cautious about facile assurances that individual, firm, or market rationality will ensure the public interest. I conclude with a provocative question: do the arguments against net neutrality regulation apply equally well against common carriage obligations for traditional telephony?"

Thanks to various Cyberprofs for the pointer.

Saturday, December 08, 2007

Free speech QED

Ruthie at Ruthie's Law has been giving her very own paint by numbers lesson on the value of free speech.

"It is clear that free speech is a requirement in any society which aspires to democracy - a system described by Winnie as the worst form of government, except for all the others. Thus, free speech must be defended. If that means anything at all, it means that free speech must be granted to those whose views are despicable, disgraceful and disgusting (dear Diary, Tucker says that alliteration is admirable).

But what is this free speech? I suggest that it is a right to speak. It is not a right to be heard. It is not a right to speak anywhere one likes. It is a right not to be locked up or persecuted by the State for expressing an unpopular (as opposed to a criminal) point of view. But it is not a right to be given an audience. For some reason it is a matter of principle for some that David “Auschwitz is a lie an exaggeration” Irvine should be able to peddle his turd-speak wherever he likes, on the basis that he describes himself as an historian: so that’s alright then.

If Irwhinge wanted to say that black people were intrinsically inferior to white people it is difficult to see the same approach being adopted. Thus, I conclude that this debate is not really about free speech at all. It is about what people are comfortable hearing. Part of the reason that this country is comfortable about holocaust denial or minimisation is that (unlike Germany) it still congratulates itself for not being on the wrong side. Dear Diary, it is entitled to such congratulation. Yet, alas, it has learned the wrong lesson. The lesson is not that traditional British tolerance will ensure that it does not happen here - even though that may be true. The lesson is that people like Irwhinge and Grithick mean what they say. We tend to find that thought so incomprehensible that we shy away from it, and thus fail to learn the lesson of history.

Once one grants that the people who speak freely mean what they say, the debate sharpens up considerably. If we entirely prevent them speaking then, apart from driving their views underground (a tactical debate which I do not address here), we must trust the state to get it absolutely right when determining who can and cannot speak out. Most of us do not have that level of trust in the state and, in a democracy, most politicians do not have that level of trust in themselves. Good...

As dear old Voltaire should have said: “I do not agree with what you say, but I will defend to the death your right to mumble it to the other addle-pates whilst not being prosecuted for doing it. However, the minute you begin not to mumble you are liable to arrest if your words result in actions against those about whom you speak, of which there is a clear risk to an objective observer.” That dear Diary, is the issue of criminalising hate-based conduct. Whether we have the balance right is another question. That there is a balance should be plain. Ultimately we all have a choice about what we hear. How we exercise that choice is something that impacts on everyone and is thus a moral decision. Our fear of that decision must not prevent us denying the essential reality that we are responsible for what we do and that millions of individual decisions matter. If one feels too insignificant to make a difference that is sad. But it is not an excuse for denying the obvious in a self-indulgent attempt to stay in the nursery."

Read it in full and the comments. Great stuff.

Here we go again...

Data of 60,000 on stolen computer

"A laptop computer containing personal details of up to 60,000 people has been stolen from the Citizens Advice Bureau in Belfast."

Friday, December 07, 2007

Wikipedia in the Nazi speech firing line

From News.com: Politician files charge over Nazi symbols on Wikipedia

"A left-wing German politician has filed charges against online encyclopedia Wikipedia for promoting the use of banned Nazi symbols in Germany.

Katina Schubert, a deputy leader of the Left party, said she had filed the charge with Berlin police on the grounds that Wikipedia's German language site contained too much Nazi symbolism, particularly an article on the Hitler Youth movement."

ContactPoint Early Day Motion

Via Terri Dowty:

" You might want to ask your MP to sign up to this Early Day Motion

CONTACTPOINT
29.11.2007

Brooke, Annette

That this House notes the announcement by the Parliamentary Under-Secretary of State for Children, Schools and Families of the deferral of the implementation of ContactPoint to allow for an independent assessment of its security procedures by Deloitte and to address the changes to ContactPoint that potential system users have suggested, but regrets that this review will not extend to the design and content of ContactPoint; expresses concern over the safety implications of such a vast database containing potentially sensitive information in the light of security breaches at HM Revenue and Customs; further expresses concerns about the projected costs of ContactPoint; notes the conclusion of the House of Lords Select Committee on Merits of Statutory Instruments that the Government has not conclusively demonstrated that a universal database is a proportionate response to the problem being addressed; and therefore calls upon the Government to reconsider its decision to proceed."

Good for her. Meanwhile some people have been writing to the Guardian on the same subject.

"The planned database containing the details of all 11 million children in England should be suspended because it is insecure and will put children's safety at risk, an alliance of independent school heads and privacy campaigners warns today.

In a letter to the Guardian, influential groups representing private schools, together with the human rights campaign Liberty, say it is "ludicrous" that the government intends to push on with the controversial ContactPoint database project while awaiting the outcome of a new security analysis of the system."

Demos report: the new politics of personal information

I heard on the BBC radio news this morning that Demos has published a new report today: We no longer control what others know about us, but we don’t yet understand the consequences... The new politics of personal information compiled by Peter Bradwell and Niamh Gallagher.

"Aims of the study

This report has three aims:

1 to connect the value people gain from an information rich society with the challenges that arise from giving away personal information

2 to raise awareness of the consequences of the increasing reliance on personal information by institutions in the public and private sector

3 to provide a framework within which policy-makers, businesses and individuals can address these challenges in the long term.

This report is intended to push the debate on personal information
beyond the legal and technical language associated with data
protection and identity management. The debate must move towards
something that people – through day-to-day experiences in their own
lives – have a stake in. New trends of communication, customer
services, personalisation, and issues of social inclusion and privacy
are helping to create a new framework for the discussion of personal
information.

Our argument

Personal information has become central to how we live – from
banking online and supermarket shopping, to travelling, social
networking and accessing public services. The visible result of this is a
trend towards personal, tailored services, and with this comes a
society dominated by different forms of information gathering. This
is not just something people are subjected to. They are more and
more willing to give away information in exchange for the
conveniences and benefits they get in return, and are often keen for
the recognition and sense of self it affords.

But there is a tension here. By sharing personal information we
surrender control in the longer term by leaving ourselves open to
judgement by different groups in different ways. The drive to
personalise or tailor services, which is shaped by those judgements,
can lead to differences between what people experience and have
access to. This can mean a narrowing of experience, can lead to social
exclusion, and has significant implications for how we live together as
a society. We argue that these problems can only be resolved by a
more open understanding of and better democratic debate about the
boundaries, rights and responsibilities that regulate the use of
personal information. That debate should focus on developing the
collective rules that determine individuals’ ability to negotiate how
personal information is used...

Recommendations

People themselves must be put at the centre of information flows.
Our findings suggested a number of measures that government, the
private sector and individuals could follow to improve the relationship
between people, personal information and the institutions that
use that information.

For individuals, we recommend:

 The first step is for individuals to take measures to protect
their personal information – for example, by securing
wireless networks. Second, they must recognise the
connections between the benefits of sharing information,
and the often less tangible costs and dangers that can
result. A better understanding of this relationship is the
necessary step towards bottom-up policy driven by
collectively negotiated norms and rules, rather than policy
driven by the narrower needs and interests of government
or business. However, this does need considerable support
from government and the private sector to start the
process.

For government, we recommend:

 The government should develop a more coherent strategy
around personal information use. This strategy should
clarify the links between how government will use
personal information, in specific contexts, and what the
potential benefits or costs might be for individuals. Each
government department using personal information must
say how they are accessing personal information, for what
purpose, and how it affects people. They should also
employ ‘cash-handling’ disciplines for dealing with
people’s personal information.

 The government should begin long-term research and
thinking into increasing levels of information about
individuals, coupled with personalising services and
experiences. Segmentation and increasing knowledge of
individuals will create markets that exclude in ways that
current uses of information do not. That will have a
significant impact on what is meant by equality. For
example, will a new frontier of the welfare state be
providing life insurance for certain types of people who
are deemed bad investments by private insurance
providers?
 The Information Commissioner’s Office (ICO) needs
greater capacity to cope with the range of demands of an
information society, which continue to extend away from
just security of data towards data use and the nature of
information sharing. For example, that could include the
ability for the ICO to audit organisations’ use of personal
information without needing their consent.
 ‘Privacy impact assessments’ should be used for major
projects across public and private sectors to assess the use
of personal information early in development, led by the
ICO.

 There needs to be a serious, renewed debate about the
identity card scheme, with the kind of engagement that
should have happened at the start of the process.
Otherwise, the scheme should be dropped. There needs to
be more open consideration of what kind of information
the cards would hold, why, and in what circumstances
they will be used.Meaningful engagement with the
public about how the technology should work must be
foremost in shaping what the cards do, if they are to go
ahead.

For business and the private sector, we recommend:

 The rights of access individuals have to information held
about them in the private sector should be extended,
including the right to know what groups people have been
‘segmented’ into, and allow greater ability for individuals
to challenge and change existing information about themselves
that they believe to be invalid, incorrect or unfair.

 Information holders should engage in an open debate
about where responsibility for personal information lies,
with a view to clarifying the rights and responsibilities of
businesses and individuals.

 There should be a common sense test for privacy
statements and personal information policy. The private
sector must provide simple, accessible explanations of
why personal information is gathered. It is too easy
currently to adapt and rely on established legalistic
policies. A move away from jargon is needed. This means,
for example, requiring businesses to follow the legal
concept of the ‘reasonable person’ when drawing up
policy statements on personal information.
 Banks should consider a ‘no claims bonus’ for customers
who successfully protect their personal information.
 Technical distinctions used by business – between
authenticators and identifiers, for example – should be
binned. As for government, private sector involvement in
digital identity should be grounded in the ways that
people use and value their digital identities. That should
imply a move away from using information people are
likely to divulge – such as family maiden names, dates of
birth – as ‘authenticators’ instead.

 As a bridge between people, policy-makers and
technologists, a body such as the ICO should be given the
remit and resources to lead open discussions and debate
to help build more secure, effective and appropriate
technology for personal information."

Whose secret diary was Facebook so keen for you not to read?

Also from the Indie on Tuesday: Whose secret diary was Facebook so keen for you not to read?

"In the Facebook era, where everyone is spilling their secret thoughts for all to read on a social networking site, it is as if nothing is private any more.

So it might seem highly ironic that Facebook's founder Mark Zuckerberg has been pleading with a Boston court to censure a Harvard magazine that has ferreted out and published a personal journal from his university days and his 2001 application to study at the illustrious college. The judge, Douglas Woodlock, turned him down and ruled that the documents will stay in the public domain."

David Holtzman will no doubt have had a wry grin over the proceedings.

ELQ funding consulatation

Just a reminder to all OU and other part time students that the government "consultation" on their decision to cut a massive chunk out of the funding for part time students ends today. Yvonne Cook had an excellent article in Tuesday's Independent (4 Dec.) this week on the issue, 'The threat to lifelong learning'.

Good old Arsenal

With the Usmanov affair, the recent loss in the Champions league, draw to Newcastle and various injuries to key players like Fabregas, there are some concerns around the Emirates Stadium at the moment. But it's nice to hear that the Arsenal players, directors and many other staff are donating a day's pay to Treehouse, the national charity for autism education.

"Be a Gooner. Be a Giver

This season, TreeHouse is over the moon to be working with Arsenal to raise £250,000 to build the sports facilities in our new National Centre for Autism Education in Noth London.

We have launched "Be a Gooner. Be a Giver" to encourage everyone in the Arsenal family to give whatever they can afford to help us reach our target. We are delighted that Arsenal's amazing players and directors have already generously donated a day's wages - please join them in supporting us, so that we can help many more children with autism through our new National Centre. You really will be making a difference.

If you would like to find out more about TreeHouse and Arsenal, and for a chance to win tickets to the Chelsea game on 16th December, download the free TreeHouse epac at www.epacstore.com/treehouse

Thank you from the bottoms of our hearts....and go Arsenal!

From the Children, Staff and Parents of TreeHouse"

Thursday, December 06, 2007

Congratulations Fernando

The highly entertaining Fernando Barrio, who I met at Gikii 2 earlier this year has been nominated and shortlisted for the law teacher of the year award. Congratulations to him.

There is no tech bubble

Thanks to Ian Yorston, Head of Digital Strategy at Radley College, and aka the Unreasonable Man for alerting me to this:

Facebook not too hot on privacy

David Holtzman, author of the excellent Privacy Lost, is fairly fuming over Facebook's most recent privacy invading shenanigans.

"I was actually hoping this would blow over, but sigh. Another arrogant, young, venture-funded social networking company has done something counter-consumer, caused a furor and backed down, apologizing with a hearty "my bad." Yes, it's Facebook and their notorious Beacon program, which monitors things that members buy on 3rd party affiliated sites and broadcasts these purchases to the member's network, regardless of whether he/she wants them to or not. Originally Beacon was a compulsory "feature"--now it is kinda opt-out. It should have been opt-in all along, but I guess Facebook doesn't see it that way.

Facebook's CEO, Mark Zuckerberg (who is by the way, younger than most of my dental work), has apologized to the user community. In an interview, he said: "I'm not proud of the way we've handled this situation and I know we can do better." I believe Mr. Zuckerberg has completely missed the point--it's not a problem of how he reacted, it's the fact that they rolled out an evil f**king system to begin with.

Even now, the opt-out is transactional, you have to say no each time. The fact these bastards are tracking people at all on 3rd party sites is highly creepy and invasive anyway.

However as most of the critics have said, you don't have to use Facebook.

Good idea. Let's not."

Ian did a forensic examination of Facebook's privacy settings for Gikii 2 this year and came to the conclusion that they didn't measure up too well. He was slightly more polite about their failings.

Canadia Songwriters want to tap commercial potentional of P2P

Via Michael Holloway on the ORG list, the Songwriters Association of Canada are proposing to put in place a system to enable them to be compensated for the distribution of their works on peer to peer networks.

"We propose an amendment to the Copyright Act which would establish a new right: The Right to Equitable Remuneration for Music File Sharing.

4. We define Music File Sharing as the sharing of a copy of a copyrighted musical work without motive of financial gain.

Since the new right is limited to activities that take place without motive of financial gain, parties who receive compensation for file sharing would not be covered by this right. Therefore, this new right is distinct from rights licensed by legal music sites like iTunes and PureTracks.

5. The new right would make it legal to share music between two or more parties, whether over Peer to Peer networks, wireless networks, email, CD, DVD, hard drives etc. Distinct from private copying, this new right would authorize the sharing of music with other individuals.

6. In exchange for this sharing of their work, Creators and rights holders would be entitled to receive a monthly license fee from each internet and wireless account in Canada.

7. We propose a licence fee of $5.00 per internet subscription, per month. Payment of this fee would remove the stigma of illegality from file sharing. In addition, it would represent excellent value to the consumer, since this fee would grant access to the majority of the world’s repertoire of music. Existing download subscription services generally charge considerably more than $5.00 per month, while offering a mere fraction of the file-sharing repertoire."

Interestingly they go on to say that although they are not opposed to TPM/DRM and laws against circumvention (Canada are just about to pass their very own version of the the DMCA and EUCD), they believe their proposal makes DRM obsolete. In addition

"Given the consumer aversion to TPM’s, we believe their use will inhibit the success of recordings in which they are embedded, and they will simply fall out of use."

Nice to see them thinking about using rather than banning p2ps but the sticking point might well be the $5 per month on every account. All the usual economic arguments about levies supporting special commercial interests come into play but it is progress. As with the webcasting levies the devil would be in the detail, though the proposal is probably too late to have any effect on the Canadian government's deployment of their very own DMCA.

EDRI-gram newsletter - Number 5.23

EDRI-gram - Number 5.23, 5 December 2007 has just been issued and as usual is essential reading for digital rights folks. Contents:

Wednesday, December 05, 2007

Microsoft disables remote disabling

It seems that the good guys in Microsoft (and there are a quite a few of them btw) have got the message through that it is not a good idea to remotely disable customers's computers if it suspects piracy.

"Microsoft Corp. is pulling back from a system that disables programs on users' computers if it suspects the software is pirated, opting instead for a gentler approach based on nagging alerts.

Microsoft said late Monday it will roll out the new version of Windows Genuine Advantage with the first "service pack" for Windows Vista, due in the first quarter of 2008.

When computer users activate a copy of Windows Vista or try to download certain software from Microsoft's Web site, the Windows Genuine Advantage system scans their PCs for signs of pirated software. Today, if the tool finds an unauthorized copy of Vista, the glassy Vista user experience disappears and other features are suspended."

I suspect the nagging alerts are going to create major problems as innocents get targetted (identifying copyright infringement is an inexact science not best turned over to software) but it is a little better than having your brand new machine disabled.

German court says iPhone network tie-in ok

From SiliconValley.com: German court upholds T-Mobile's exclusive iPhone contract

"T-Mobile can sell Apple's sought-after iPhone exclusively locked to its own service, a German court ruled Tuesday, reversing an injunction last month requiring the company to sell an unlocked version in Europe's biggest economy.

The Hamburg District Court said Tuesday that T-Mobile, part of Deutsche Telekom AG, could indeed sell the phone, coupled with a two-year contract, that could not be used on networks provided by rival wireless companies.

The arrangement is similar to those Apple Inc. has with other carriers around the world. In the United States, AT&T Inc. is Apple's exclusive partner."

Tuesday, December 04, 2007

Judge Dismisses LimeWire Antitrust Suit

Also via Michael: Judge Dismisses LimeWire Antitrust Suit

"A federal judge on Monday threw out an antitrust lawsuit that the operator of the LimeWire online file-sharing service filed against a coalition of major record labels.

U.S. District Judge Gerard E. Lynch in New York ruled that Lime Group LLC failed to make its case that it has been harmed by the recording companies' business practices, and he granted the companies' motion to dismiss the claims.

Lynch also dismissed several claims brought under state laws "without prejudice," which gives New York-based Lime Group the option to pursue the claims in state court."

Passport applicant finds massive privacy breach

Via Michael Geist: Passport applicant finds massive privacy breach

"A security flaw in Passport Canada's website has allowed easy access to the personal information - including social insurance numbers, dates of birth and driver's licence numbers - of people applying for new passports.

The breach was discovered last week by an Ontario man completing his own passport application. He found he could easily view the applications of others by altering one character in the Internet address displayed by his Web browser."

Monday, December 03, 2007

Websites sell secret bank data and PINs

On the front page of this morning's Times: Websites sell secret bank data and PINs.

Nothing particularly new here but the Times have reported the specific sites to Richard Thomas, the Information Commissioner, and he has agreed to investigate.

"Mr Thomas will address the Commons Justice Committee tomorrow on the addional powers that he says are needed to prevent breaches of data protection. He believes that reckless failure to protect information should result in prosecution and that his staff should have powers to raid government and business premises.

Hacking sites act as online bazaars for stolen personal information. They are well run, hierarchical groups structured like businesses. Some even have review sections where buyers can recommend a particular fraudster...

Senior police officers are concerned that current methods of dealing with large-scale data protection breaches are unworkable. Detective Chief Inspector Charlie McMurdie, of the Metropolitan Police e-crime unit, said: “At the moment people report internet crimes to a local police station but no one locally has the resources to investigate properly.”

Since April customers have been told to report card crimes to their banks rather than to the police. Mr McMurdie, backed by the main banks, has asked the Home Office for £1.3 million to fund a central e-crime unit."

All I would say is that the government has already rejected overtures to get serious about technology-complemented crime and I suspect Chief Inspector McMurdie is asking for a small sum in the expectation of not getting much. But £1.3 million is nowhere near enough to fund the technically literate police force we need to deal with these kinds of crimes not to mention the technical infrastructure required.

Saturday, December 01, 2007

Copyright’s Heart of Darkness

Matthew Sag & Mark Schultz have offered a comment on John Tehranian’s “Infringement Nation”.

"John Tehranian’s recent Utah Law Review Essay, Infringement Nation, tells a riveting story about copyright law and the widening gap between law and norms. Like Charles Marlow’s journey into the Congo River, Tehranian has given us a transporting narrative of copyright’s potential despotic application to the life of an “ordinary law professor” named John. At the end of John’s journey down the copyright river, Tehranian asks us to “imagine a world where every act currently deemed infringing under the law were actually prosecuted.”

One can almost hear Kurtz’ whispered cry, “The horror! The horror!”

Tehranian argues that “on any given day, … even the most law-abiding American engages in thousands of actions that likely constitute copyright infringement.” Tehranian makes his case with an imaginative list of seeming benign “infringing” acts and concludes that “if copyright holders were inclined to enforce their rights to the maximum extent allowed by law, [John] would be indisputably liable for a mind-boggling $4.544 billion in potential damages each year.” (emphasis added)

Without any disrespect to Tehranian, we take issue with his argument and almost all of his analysis. To begin with, many of his examples clearly do not qualify as copyright infringement, others are marginal cases at best...

The real problem with copyright law today is not so much the tyranny of the law as eventually applied, but rather the tyranny of uncertainty as to how the law will be applied. This uncertainty is the product of factors including, the opaque structure of the Copyright Act, the complicated and fact specific nature of the fair use doctrine and defenses such as implied licensing. It is easy and rhetorically expedient to construct a dystopian scenario of copyright gone wild, but this kind of exaggeration does little to address public confusion about the law and only emboldens copyright maximalists by lending credence to their most grandiose claims.

What kind of copyright debate do we want to have? The “Orange Alert” strategy employed by too many copyright commentators simply produces a clash between irreconcilable extremes: “information wants to be free” versus “sole and despotic dominion.”

We continue to hope for something more."

A worthy response which should be read in full.

Chinese Computer Scientist Jailed for Copyright Infringement

William Stepp at Against Monopoly reports that a Chinese computer scientist has been jailed for copyright infringement.

"Chen Shoufu, an innovative Chinese computer scientist, was jailed August 16 in Beijing for violating the copyright of China's leading instant-messenging service, Tencent Holdings Ltd., owner of the popular QQ program. Mr. Chen's program Coral QQ made QQ more user friendly by blocking ads, resolving internet addresses, and identifying the computer from which a message is sent at no charge. (Tencent charges for the ID service.) He had previously paid a 100,000 yuan fine, about $13,600. Here is the article in the Wall Street Journal.

He has become a hero in China, the second largest internet market. One blogger decried Tencent for "bullying Chinese users by monopolizing the market."

This is yet another chilling example in a long list of violations of the liberty of people to use their property in non-invasive and very often innovative ways that ironically could improve the lives of their prosecutors, as well as countless other people. "

NYT interactive debate transcript analyzer

Now this is really neat from the NYT - an interactive analyzer of the transcript of the recent Republican presidential candidates' debate.

The Nerd Handbook

Michael Lopp has compiled The Nerd Handbook. Recommended, especially for families and friends of nerds.

I thought I subscribed to them...

Google Reader now makes recommendations of feeds that are related to those you already subscribe to. The top four were ones I thought I already subscribed to, so I guess they've got me pegged.

Friday, November 30, 2007

The Untold Story of the ENIAC Programmers.

Via Mary Hodder: The Untold Story of the ENIAC Programmers.

"Did you know that sixty years ago, six young women programmed the ENIAC, the first all-electronic programmable computer?

And when LIFE magazine published a post-ww2 story about the ENIAC, the women were not mentioned. The article only featured information on the machine, not the engineers who made it work."

A Financial Perspective on DRM

At Kuro5hin: A Financial Perspective on DRM

" I noted yesterday that there seems to be some media fanfare surrounding Amazon's launch of a digital book tablet. It occurred to me that the markets surrounding media such as books, music and movies bear more than a passing resemblance to financial markets, and as such, perhaps they were amenable to a similar method of analysis. Being the owner of a sizable collection of paper books, this led me to consider the drawbacks one faces when Digital Rights Management restrictions are put in place...

when one purchases media encumbered by ... DRM schemes, one is taking on undiversified credit risk with an indefinitely long time horizon -- that is, you're counting on Microsoft or Apple not going out of business any time in your life and making all of your media instantly unreadable. Worse yet, unlike in the credit market, there are no such strong and well-defined legal protections to offer you recourse in the event that the company defaults -- they may choose to end (or more likely, "upgrade") the service at any time and render your library of purchases useless...

While books and music are almost never bought as investments with the expectation of making a profit, in the financial markets, investors rationally demand a high return premium for taking on such extreme risk. Asking consumers to take on such risks with no prospect of them materially benefiting in return is an incredibly unreasonable proposition and, to me, is the chief mechanism standing in the way of widespread adoption. While DRM schemes of this nature may flourish for now, it is only a matter of time before consumers wise up, the markets become more efficient, and people demand a fairer deal from large media companies. Publishers may not like it, but attaining the same characteristics for their digital products as they have for their physical products is the best hope they have for slimming down their distribution costs and stemming the tide of digital piracy."

Interesting perspective.