Friday, October 05, 2007

Fingerprints required to buy a car

Have you ever been asked for your fingerprints when buying a car?

"Imagine you’ve gone through a multiple week process to purchase an automobile.

You know the drill. Research every feature, pick your color, then, it’s negotiations for purchase price and for trade-in. Everything is done and agreed-apon, and excited, you are ready to hand over the check and collect your new car.

But wait!

You are handed a slip of paper and told to mark your right thumbprint in a box. The paper says clearly that it’s a request, for your protection, and to prevent your identity theft.

When you politely decline, the dealership refuses to sell you the car.

This is precisely what happened to me today when I tried to purchase a new X3 at the South Bay BMW dealer in Torrance, California...

Taken completely by surprise by all this, my husband and I asked many questions about this process. We were told that the data would remain on file at the dealership for seven years. That this policy is in place to protect us. That there are many bad, bad people in the world, who commit fraud, and that by recording everybody’s fingerprints, they would be deterred from committing fraud."

Jury orders $200k payout in P2P trial

The woman who decided to face the RIAA in court over accusations of copyright infringement via peer to peer networks has lost her case. She has been ordered by a jury to pay $222000 for infringing the copyright in 24 songs. For the mathematicians amongst you that's roughly $9250 per song.

"The recording industry hopes $222,000 will be enough to dissuade music lovers from downloading songs from the Internet without paying for them. That's the amount a federal jury ordered a Minnesota woman to pay for sharing copyrighted music online.

"This does send a message, I hope, that downloading and distributing our recordings is not OK," Richard Gabriel, the lead attorney for the music companies that sued the woman, said Thursday after the three-day civil trial in this city on the shore of Lake Superior."

On top of the damages she'll also be liable for the RIAA lawyers fees. The record companies are delighted and might even argue she got off lightly as potential statutory damages in the US range from $750 to $30000 per song,as far as I can recall. But there really ought to be a serious question of proportionality here. The jury clearly bought the entertainment industry rhetoric about sending a message but upwards of $0.5 million, one lawyers fees are included, for a couple of dozen songs? It's nuts.

Ed Felten has some thoughtful comments as ever.

"The industry had especially strong evidence that Thomas was the person who downloaded the songs in question. Thomas’s defense was that somebody else must have downloaded the songs. But the industry showed that the perpetrator used the same distinctive username that Thomas admitted to using on other services, and that the perpetrator downloaded songs by Thomas’s favorite performers. Based on press stories about the trial, the jury probably had an easy time concluding that Thomas downloaded the songs. (Remember that civil cases don’t require proof beyond a reasonable doubt, only that it was more likely than not that Thomas downloaded the songs illegally.)...

The most striking fact about the Thomas case is that the jury awarded damages of $9250 per song to faraway corporations.. That’s more than nine hundred times what the songs would have cost at retail, and the total of $222,000 is an astronomical amount to a person in Jammie Thomas’s circumstances. There is no way that Jammie Thomas caused $222,000 of harm to the record industry, so the jury’s purpose in awarding the damages has to be seen as punishment rather than compensation.

My guess is that the jury was turned off by Thomas’s implausible defense and her apparent refusal to take responsibility for her actions. Litigants disrespect the jury at their peril... Observers who hoped for jury nullification — that a jury would conclude that the law was unjust and would therefore refuse to find even an obvious violator liable — must be sorely disappointed. It sure looks like juries will find violators liable, and more significantly, that they can be convinced to sympathize with the industry against obvious violators."

Making Global Self-Regulation Effective in Developing Countries

Dana L. Brown and Ngaire Woods of Oxford University have just published a collection of essays on Making Global Self-Regulation Effective in Developing Countries

"As companies 'go global' they increasingly use factories and facilities spread across the world. But who regulates their activities in far flung corners of the world economy? In many sectors such as textiles and apparel, chemicals, and forestry, the answer is that companies regulate their own behaviour through codes and standards which they agree among themselves...

The chapters in this volume evaluate the effectiveness of self-regulation compared to other forms of global regulation. Across sectors and states, corporate self-regulation works best when those who are regulated have a voice in deciding the content of codes and standards and when some mechanism of compliance exists at the level of the state. Unfortunately, opportunities for voice and state capacity for regulation are often lacking in developing countries. Given this, the book suggests some minimal forms of government action and participation by global actors that can make global corporate self-regulation more effective in bettering conditions in the developing world."

It's an incredibly important area and hopefully the book will be picked up by influencial policymakers.

Thursday, October 04, 2007

Don't use trademark in your criticism

If I'm reading this right ie. The Freecycle Network v Oey, someone got sued for trademark infringement for criticising someone trying to trademark the word "freecycle" and due to the fact that they used the word "freecycle" in their criticism. There was even a preliminary injunction preventing the critic from using the word freecycle but seems common sense eventually prevailed:

"Tim Oey (“Oey”) appeals a preliminary injunction preventing
him “from making any comments that could be construed
as to disparage upon [The Freecycle Network]’s possible
trademark and logo” and requiring that he “remove all postings
from the [I]nternet and any other public forums that he
has previously made that disparage [The Freecycle Network]’
s possible trademark and logo.”1 The Freecycle Network,
Inc. v. Oey, No. CV 06-173, Order at 5 (May 11, 2006)
(emphasis added). We have jurisdiction under 28 U.S.C.
§ 1291 and, for the following reasons, vacate the injunction
and remand."

Dark Data

Thomas Goetz at Wired on Freeing the Dark Data of Failed Scientific Experiments

"In 1981, the New England Journal of Medicine published a Harvard study that showed an unexpected link between drinking coffee and pancreatic cancer. As it happened, researchers were anticipating a connection between alcohol or tobacco and cancer. But according to the survey of several hundred patients, booze and cigarettes didn't seem to increase your risk. Then came a surprise: An incidental survey question suggested that coffee did increase the chances of pancreatic cancer. So that's what got published.

Those positive results, alas, were entirely anomalous; 20 years of follow-up research showed the coffee-cancer connection to be bunk. Nonetheless, it's a textbook example of so-called publication bias, where science gets skewed because only positive correlations see the light of day. After all, the surprising findings are what makes the news (and careers).

So what happens to all the research that doesn't yield a dramatic outcome — or, worse, the opposite of what researchers had hoped? It ends up stuffed in some lab drawer. The result is a vast body of squandered knowledge that represents a waste of resources and a drag on scientific progress. This information — call it dark data — must be set free...

Freeing up dark data could represent one of the biggest boons to research in decades, fueling advances in genetics, neuroscience, and biotech.

So why doesn't it happen? In part, it's a logistics problem: Advocating the release of dark data is one thing, but it's quite another to actually collect it, juggling different formats and standards. And, of course, there's the issue of storage. These days, an astronomical study of quasars or an ambitious bioinformatics project can generate several terabytes of data. Few have the capacity to store that, let alone analyze it...

Technology is actually the simple part. The tougher problem lies in the culture of science. More and more, research is funded by commercial entities, which deem any results proprietary. And even among fair-minded academics, the pressures of time, tender, and tenure can make openness an afterthought. If their research is successful, many academics guard their data like Gollum, wringing all the publication opportunities they can out of it over years. If the research doesn't pan out, there's a strong incentive to move on, ASAP, and a disincentive to linger in eddies that may not advance one's job prospects...

Getting science comfortable with exposing its dark data is really just the beginning. Once you start looking for it, dark data is everywhere: It's locked away in out-of-print books and orphaned art, the stuff that Creative Commons and Google Book Search have been bringing to light. Speaking of which: Hey, Google! Know all those research projects your employees do that the company will never green-light? How about letting the rest of the world take a crack at them?"

Murray v Usmanov Round 2?

Craig Murray whose website was taken offline after accusations of defamation and legal threats against his web hosting service, found a new online home which was due to get launched on Monday, 1 October. Then the server where the site was to relocate got firebombed on Sunday, 30 September. Bear in mind that the linked report is from the folk with the web server that was attacked and they are clearly unhappy at events, whatever the source of the attack.

So far Usmanov is declining to sue Murray directly for defamation. Usmanov's lawyers say Murray's accusations are "false, indefensible and grossly defamatory" but the billionaire doesn't want to give the former diplomat a public platform to repeat those accusations.

Dutch scrap evoting machines

Ian has an update from Anne-Marie Oostven on the decisions in the Nederlands to scrap electronic voting.

"Just a quick update on the Dutch e-voting situation. The last couple of days have been quite exciting in the Netherlands with regards to the use of voting computers. As you all might know, the foundation 'Wijvertrouwenstemcomputersniet' initiated a serious debate about the risks associated with the use of the voting machines by approximately 98% of the Dutch population. It wasn't until the foundation showed with a well-documented hack how easy it was to commit fraud that Mr. Atzo Nicolai, the Dutch Minister for Government Reform and Kingdom Relations, decided in December 2006 to set up two committees to investigate the electoral process...

The deputy Minister for Interior A. Bijleveld said in a first response that she would accept the committee's advice, and ban electronic voting. She announced that the 'Regulation for approval of voting machines 1997' will be withdrawn forthwith. Elections in the Netherlands will be held using paper ballots and red pencil for a while. After that, citizens will probably be using 'vote printers' and optical scan counting computers.

But this was not all! The icing on the cake came on yesterday 1 October 2007 when a Dutch judge declared that the use of the Nedap e-voting machines in recent Dutch elections has been unlawful. The District Court of Alkmaar decertified all Nedap voting computers currently in use in The Netherlands. The court order is a result of an administrative law procedure started by 'We do not trust voting computers' in March 2007.

More information:"

P2P song swapping lawsuit begins

The Washington Post reports that one of the tens of thousands of folks targeted by the RIAA for swapping copyrighted songs via p2p networks is finally getting her day in court. Contrary to the report, this is not the first p2p song sharing case to see the inside of a courthouse (a woman was ordered to pay a little over $20k by a judge some time ago and the RIAA have backed of in a couple of cases I recall) but it will still be interesting to see how it goes.

US call for resignation of WIPO DG

Earlier this week, the US effectively called for the resignation of WIPO Director General, Kamil Idris. The US Ambassador to the UN, Warren W. Tichenor, outlined in great detail the allegations that have been made against Idris in the WIPO internal auditor's report, then called for him to answer the allegations publicly or resign.

"· The report that is the subject of this discussion, WIPO Internal Audit Report IAOD/INV/2006/2, has been available, in accordance with the WIPO Audit Charter, to all member states since it was issued in November 2006, 11 months ago.

· The report concludes that Director General made false statements on his original application for employment at WIPO and in official submissions thereafter and in so doing appears to violated both this organization's Staff Rules and Regulations and the principles I have just cited – those which govern the conduct of international civil servants.

· The report reveals that during the period 1982 to 2006, Director General used at least two different birth dates, one for employment purposes at WIPO and the other for personal purposes.

· The report also concludes that Director General knew since filing his original application for employment with WIPO in 1982 that the birth date reflected on this document was incorrect.

· The report states that notwithstanding Director General's admission that he was aware of the inconsistencies, and despite the numerous opportunities that presented themselves to rectify this error, he failed to rectify the discrepancies...

· To the Director General we say: clearly and convincingly answer the allegations against you in open forum in this General Assembly before Member States, or heed those calling for new leadership at WIPO."

Update: The Canadian Press has a brief report on the row.

RIPA Part III came into force on 1st October

The Regulation of Investigatory Powers Act has been out of the cyber rights limelight for a while but it is worth noting that part III of the act came into force at the beginning of the month. Richard Clayton explains much better than I can:

"The commencement order means that as of October 1st a section 49 notice can be served which requires that encrypted data be “put into an intelligible form” (what you and I might call “decrypted”). Extended forms of such a notice may, under the provisions of s51, require you to hand over your decryption key, and/or under s54 include a “no tipping off” provision.

If you fail to comply with a notice (or breach a tipping off requirement by telling someone about it) then you will have committed an offence, for which the maximum penalty is two years and a fine or both. It’s five years for “tipping off” and also five years (an amendment in s15 of the Terrorism Act 2006) if the case relates to “national security”.

By convention, laws in the UK very seldom have retrospective effect, so that if you do something today, Parliament is very loth to pass a law tomorrow to make your actions illegal. However, the offences in Part III relate to failing to obey a s49 notice and that notice could be served on you tomorrow (or thereafter), but the material may have been encrypted by you today (or before).

Potentially therefore, the police could start demanding the putting into an intelligible form, not only of information that they seize in a raid tomorrow morning, but also of material that they seized weeks, months or years ago...

There are some defences in the statute to failing to comply with a notice — one of which is that you can claim to have forgotten the decryption key (in practice, the passphrase under which the key is stored). In such a case the prosecution (the burden of proof was amended during the passage of the Bill) must show beyond a reasonable doubt that you have not forgotten it. Since they can’t mind-read, the expectation must be that they would attempt to show regular usage of the passphrase, and invite the jury to conclude that the forgetting has been faked — and this might be hard to manage if a hard disk has been in a police evidence store for over a decade."

See the original for links.

Nu Labour values

Couldn't resist this - John, in full flow, sums up Nu Labour values:

"much of what is most detestable about New Labour — its authoritarianism, contempt for civil liberties, adulation of ‘wealth creation’, micromanagerial obsessiveness over ‘targets’, PFI, etc. — are actually more Brown’s creations than Blair’s. The only difference is that Brown is now varnishing them with a new layer of patriotic tosh about “Britishness”, “British values”, etc. If the Tories weren’t so pathetic there might be some hope of unhorsing the pompous ass."

Microsoft, antitrust and innovation

Georg Greve is not convinced by Microsoft's and the US Justice Department's complaints about the EU Court of First Instance siding with the Commission in their antitrust actions against the company.

"If one were to believe Microsoft, antitrust law is for sore losers who are too lazy to innovate, and the decision of the European Court of Justice against Microsoft was to the detriment of consumers around the world...

This allegation does not hold up to examination though. Allow me to tell you why.

1st Fallacy: That the Ruling Punishes Innovation

The first fallacy was that this kind of ruling punished the innovator. Who were the innovators? Real Inc. innovated the streaming media market, and Novell was the innovator in the workgroup server market. In both cases Microsoft unfairly leveraged its desktop monopoly to drive the innovator out of the market. That is why future innovators in Silicon Valley often do not receive venture capital if they do not have defensive strategies against Microsoft or at least a co-existence strategy. Quite often that strategy is to become successful enough to become an attractive purchase for Microsoft. Not much of a reward for innovation."

One of the functions of antitrust law is to create an environment that is protective of the innovator. Microsoft has not been an innovator.

2nd Fallacy: That Google, Apple and All Successful Companies Need to Fear

The second claim, echoed widely by major media outfits, is that Google and Apple should now be worried about similar lawsuits because of their large market shares. But antitrust law is not about having large market shares. Antitrust law says nothing about offering a product and gaining monopolies. As long as there is no distortion of competition in neighboring markets, this is legitimate.

What antitrust law cares about in this context is leveraging monopolies of one market into another through abusive practices. The Commission found Microsoft employing two abusive practices: bundling and the deliberate obstruction of interoperability.

WIPO unveils children's copyright law workbook

WIPO are back in the teach 'em young about copyright game with a new copyright workbook for kids. Nate Anderson at Ars Technica reckons it is surprisingly balanced when compared to previous efforts though William Patry has some concerns.

"The WIPO effort has a section on the public domain and other limitations (pages 40-47), a fact that distinguishes it from almost all other such efforts. The booklet even provides links to places where one can obtain access to pd or free use works. There are also features with young creators and good information about copyright basics. WIPO has made genuine efforts to present a balanced view.

My unease comes from the lengthy section on copyright infringement, including a page called "Game: Defending Authors and Performers," which attempts to teach children to distinguish between legal and illegal actions, prefaced with this statement: "You understand the purpose of copyright and related rights and want to respect the rights of authors and performers that you admire." Previous to this are conclusions like "Piracy makes legal copies more expensive," and paragraphs about piracy taking away needed incentives.

It is not impossible to view the pages and pages of biographies of young authors as the prelude to the section on piracy. None of the young authors featured are however likely to have any piracy worries and thus one wonders why the heavy emphasis on them: could the idea of transference be at play, a desire to have children identify with young authors their own age (or others they are told they "admire") and then transfer that identification to multinational corporate copyright owners? I don't defend piracy if defined as counterfeiting, but I think we have to be very careful not to manipulate young children under the guise of educating them."

Jon Newton at P2PNet is more blunt in his criticism.

"The book seems to me to be heavily weighted in favour of the copyright cartels and IMHO, any attempt at balance is little more than window dressing

For example, DRM (Digital Restrictions Management) is an impossible concept which is being abandoned by the corporate entertainment cartels, with EMI, and Vivendi Universal leading the way.

Anything which can be seen or heard can be copied by one means or another.

But the WIPO book presents DRM as a fait accompli - a done deed.

It states, flatly:
In order to protect their works from infringement, right holders are using the same tool that made their works so vulnerable in the first place - digital technologies. Their use of these technologies, which make copyright infringement more difficult and facilitate the management of rights, is known as Digital Rights Management (DRM).

DRM tools can be used to mark digital works with copyright information. They can also be used to control the way in which a work can be used. For example, DRM can limit the number of copies that can be made of a work, can prevent changes from being made to a work, and can limit the devices on which a work can be enjoyed.
In other words, DRM makes a mockery of fair use.

And, “According to international laws, it is illegal to remove, change (alter), or get around (circumvent) DRM protection of a work.”

That’ll be news to a lot of people."

The book also says things like "Giving a classmate a copy of a CD you bought for yourself is illegal."

And Newton also says:

"Every one of the online sources is, of course, a hard-core, (bought-and-paid-for?) corporate entertainment industry-friendly web page.

Genuine information sites such as the Wikipedia, which provide un-spun, non-vested-interest, non-corporate information and points of view, are conspicuous by their total absence."

Not a big fan. I share Patry's and Newton's concerns.

Meanwhile in US and Canadian Otherworld land, the entertainment industry presses ahead with their standard approach to indoctrination targeting kids again.

Had enough of drm? Johansson has too

Jesper Johansson has had enough of DRM so he's chucking out his Windows XP Media Center.

"Is it just me, or is DRM of movies and music the poster child for an inappropriate security v. usability tradeoff? How many billions has the industry spent on DRM schemes that the bad guys break in weeks? How many perfectly legitimate users has the industry annoyed and driven away? How many lost DVD sales has it caused? How many lost sales of Microsoft's Media Center software and Windows Vista has it caused because the DRM sub-system randomly decides that you must be a criminal? And, how many bootleggers has it stopped? Based on my last jaunt through a night market somewhere in the Far East the answer to the last question seems pretty clear at least."

Update: His domestic entertainment troubles have made the news.

"It must have been a slow news day today. I can't think of any other reason why the fact that an ex-Microsoft employee is considering installing a Linux box would be news. Imagine the articles if they realized that, right at this very moment, a whole slew of current Microsoft employees are probably using Linux at home. And, imagine the headlines if it got out that a Microsoft employee admired OpenBSD! Oh, no, wait, that already happened."


The latest EDRI-gram is out. Highlights:

"Human Rights in the Information Society - rediscover the proportionality
26 September, 2007 » Privacy | Global | Security

On 13-14 September 2007 the French Commission for UNESCO, UNESCO and the Council of Europe organised the conference "Ethics and Human Rights in the Information Society" in Strasbourg, to which EDRi was invited to contribute.

This conference was the third in a cycle of regional conferences on the ethical dimensions of the information society, which aims to contribute to the WSIS process and the Internet Governance Forum (IGF). The first two regional conferences took place in Latin-America and Africa. While the Latin-American conference contributed to the exchange of views in the region, the African conference was suffering from a lack of participation of local stakeholders. There, mainly African expatriots from the USA and Europe and representatives of South Africa were present.

At the conference in Strasbourg some estimated fifty participants were present. With equality of access, freedom of expression, identity and social networks and security and governance, the presentations and discussions covered the topics of the four round table sessions on a rather global level, while the draft code of ethics presented by the organisers was hardly discussed.

Different views on codes of ethics in general were expressed in the presentations and discussions. Questions like if soft law (like codes of ethics) is the right mean to address the global challenges of the Information Society, if the different ethical standards around the world can reasonably be merged into a single code of ethics, if it had been better to choose a multi stakeholder bottom up or a closed doors top down approach were addressed in various contributions but not finally agreed on.

There was mutual consent that human rights are the core ethical basis on which any regulation of the Information Society has to be built. Unfortunately it remains questionable if all participants share the same perception of what defining human rights as the core ethical basis means in practice. While for example some consider the CoE Cybercrime Convention to be a basis for a global regulation of the Information Society (this convention lacks - amongst others - privacy and civil rights protections and covers any crime where the evidence could be in computerised form), others like EDRi (and myself) argue that this convention should be rejected and is now more dangerous than ever.

In my presentation at the security and governance round table I consequently addressed the question if all the anti terror measures adopted in the last years in Europe were proportionate to the threat stemming from terrorism in this region. To this end I presented the findings on terrorism submitted by Europol.

According to Europol "EU Terrorism Situation and Trend Report TE-SAT 2007" terrorism in the EU is basically a local problem in France (separatists in Corsica) and Spain (separatists in the Basque region). The vast majority of terrorist attacks in the EU in 2006 was carried out in these regions (419 of 498 attacks). The rest were left or right wing motivated attacks. There were no successful Islamist terrorist attacks in 2006 and the vast majority of all attacks was not intending to kill. The number of arrested individuals differs. Of the 706 suspects 257 were suspected of islamism, 226 of separatism, 52 of left wing and 15 of right wing terror. Of the approx. 260 suspects of islamist terror less than 10 % (meaning less than 26) were suspected of the preparation, planning or execution of terrorist attacks.

Given this figures it is certainly questionable if measures like:
- mandatory data retention, that infringes the human rights of all 450 million Europeans,
- the transfer of passenger name records and SWIFT financial data to the US,
- the introduction of biometric identifiers in European passports,
- the mutual access of member states to police databases (Prüm Treaty)
- the central EU fingerprint database, that is planned for 2008,
are proportionate to the threat stemming from terrorism in Europe.

Given the series of measures for fighting terrorism and crime limiting the freedom of individuals and infringing human rights, it is necessary to reconsider their impact on human rights, which are the foundation of our society, and to rediscover the protection of human rights as a core obligation of all European states.

To this end, a multi stakeholder approach should be taken, involving all relevant groups, governments, the private sector and civil society alike. The first steps have already been taken during the World Summit on the Information Society and the IGF. The concrete outcome will depend on how seriously this process is treated and if the results elaborated will find their way into binding policy.

Ethics and human rights in information society (13-14.09.2007)

UNESCO Draft Code of Ethics

EDRi's Contribution - The Interrelation of Human Rights and Security

German version

Cybercrime Convention

Eight Reasons the International Cybercrime Treaty Should be Rejected

EDRI-gram: ENDitorial: The 2001 CoE Cybercrime Convention more dangerous than ever (20.06.2007)

Europol, EU Terrorism Situation and Trend Report TE-SAT 2007 (03.2007)

(Contribution by Andreas Krisch - EDRi)"

"Largest anti-surveillance street protest in Germany for 20 years
26 September, 2007 » Privacy | Telecommunication data retention

On Saturday, 22 September 2007, more than 15,000 took to the streets of Berlin under the slogan "Liberty instead of Fear - stop the Surveillance Mania!". Several Civil Liberty organisations, affiliated in the "Working Group Data Retention" (Arbeitskreis Vorratsdatenspeicherung), organised the march.

55 groups called for participation, among them the "Young Liberals" (Junge Liberale, Youth organisation of the FDP), Buendnis 90 / Die Gruenen, ver.di, journalist associations, ATTAC, the Protestant telephone Counselling (evangelische Telefonseelsorge), medical associations, FoeBuD e.V., and the Chaos Computer Club. German EDRi members CCC, FIfF, FoeBuD and NNM played an active role in organizing the protest. Police initially estimated 8,000 participants, later correcting their count to confirm the working group's numbers.

"This is the largest protest for civil liberties and privacy protection since the census in 1987", Thilo Weichert, data protection commissioner of Schleswig-Holstein said to news portal

Rena Tangens of FoeBuD e.V.: "The overwhelming success of this protest shows that by now a large proportion of the population are worried about our constitutional state. Citizens do not want our democracy to be turned into a surveillance state. The Bundestag must reject the proposed date retention bill."

The large turnout of 15,000 shows that people consider the continuing tightening of security and surveillance laws to be decidedly too far-reaching. Citizens are concerned, not because of the supposed danger of international terrorism, but because of the impertinence and lack of restraint security politicians show in declaring civil rights and liberties defunct. The large cross-section of society participating in the demonstration makes it evident that these are not the views only a few civil rights experts, but that the issue now unites broad parts of the population. Politics cannot ignore this signal.

The organisers decisively criticised actions by the police, as well as some radical left-wing demonstrators: "A bloc of radical left-wing demonstrators did not abide by police obligations. The police in turn used disproportionate means in reaction to violations such as disguising and use of oversize banners, and did not appear to pursue de-escalation in all situations. The massive use of video cameras by the police, especially at this particular protest march, was a provocation. Overall, however, these were marginal incidents which did not impair the progress of the demonstration."

Rena Tangens remarked, "On balance it was a very positive, creative and colourful demonstration, in which hackers demonstrated peacefully beside doctors, and the 'Young Liberals' beside the 'Left Party' (Linkspartei)." The Giant Data-Octopus ("Datenkrake") of FoeBuD e.V., the "glass patient" on the car of the "Freie Aerzteschaft" (an occupational union of physicians), as well as several trojan horses were among the March's highlights.

Patrick Breyer of the Working Group Data Retention announces further activities: "We will resist data retention by all legal means." According to the working group about 20,000 citizens have already declared their support for the prepared constitutional recourse (Verfassungsbeschwerde) against data retention.

Among other things the demonstration takes a stand against the retention of data about telecommunication behaviour of the entire population, that is on this Autumn's political agenda in Germany, as well as against the covert online-searching of computers. Key demands include a halt to new surveillance laws and a review of existing surveillance laws.

Home page of the demonstration - Working Group Data Retention

Radio1984 feature live from the demonstration (22.09.2007)

German version

Biggest demonstration for more data protection and privacy since 20 years! (in German only, 22.09.2007)

Thousands of citizens demonstrate for "Freedom instead of Fear" (in German only, 22.09.2007)

Berlin Data Tussles (in German only, 24.09.2007)ämpfe/256868.html

Biggest data protection demonstration within 20 years (in German only, 23.09.2007)

Other articles about the demonstration (in German only)

(Contribution by Jan E. Hennig and Bernd Sieker, EDRI-member FoeBuD - Germany)"

"Recommended Reading
26 September, 2007 » Privacy | Biometrics

Data Protection Framework Decision: EDPS concerned about dilution of Data Protection standards

Nuffield Council on Bioethics : The forensic use of bioinformation: ethical issues. This Report considers whether current police powers in the UK to take and retain bioinformation are justified by the need to fight crime. Executive Summary

Full Report"

See original for links.

Cases to watch out for at the ECJ

contentandcarrier have produced a list of interesting European Court of Justice cases in the area of communications and media law or generally falling under the EU framework on electronic communications networks.

The Europa website also has a guide to these cases up to 2003 and is due to publish an updated guide in the none too distant future.

Daithi particularly likes one related to the Italian broadcasting landscape, Case C-380/05.

"Reference has been made to the Court of Justice of the European Communities by order of the Consiglio di Stato of 19 April 2005, received at the Court Registry on 18 October 2005, for a preliminary ruling in the proceedings between Centro Europa 7 Srl and Ministero delle Comunicazioni (Ministry of Communications) e Autorità per le Garanzie nelle Comunicazioni, (Authority for Security of Communications) Direzione Generale Autorizzazioni e Concessioni Ministero delle Comunicazioni (Directorate General for Authorisations and Concessions in the Ministry for Communications) on the following questions:

Does Article 10 of the ECHR, as referred to in Article 6 of the Treaty on European Union, guarantee pluralism in the broadcasting sector, thus requiring the Member States to secure pluralism and competition in the sector based on an antitrust system which, in relation to technological development, secures network access and multiplicity of operators and renders duopolistic market behaviours unlawful...

Under Community rules (primary and secondary legislation) on workable competition in the broadcasting sector, ought the national legislature to have avoided extending the old transitory analogue system on the advent of the terrestrial digital system (and the attendant generalised transition to digital)? Only if analogue broadcasting is ended and replaced by the switch to digital will it be possible to reallocate frequencies freed for various uses. If terrestrial digital is merely operated alongside analogue, there will be an attendant accentuating of the scarcity of available frequencies owing to the existence of analogue and digital transmission in parallel (simulcast).

Lastly, is the pluralism of sources of information and of competition in the broadcasting sector, which is guaranteed by European law, secured by national rules, such as law no 112/2004 providing for a new limit of 20 percent of resources linked to a new very wide criterion (the ICS - integrated communications system - Article 2(g) and Article 15 of law no 112/2004). This criterion also brings in activities which do not affect media pluralism, whereas under antitrust law the 'relevant market' is constructed normally by differentiating the markets in the broadcasting sector by drawing a distinction between pay/TV and non-pay TV operating via the airwaves (reference is made inter alia to the Commission cases COMP/JV. 37-BSKYB/Kirch Pay TV Regulation (EEC) No 4064/89 Merger Procedure 21/03/2000 and COMP/M.2876-Newscorp-TELEPIU Regulation (EEC) No 4064/89 Merger Procedure 2/04/2003."

Worth reading in full if you're a legal geek or an insomniac, though definitely not for the fainthearted. You have to hand it to the lawyers who dig through these regulations. I never realised there were quite so many grounds on which to challenge the allocation of the digital spectrum in relation to broadcasting and that's just in Italy. Although it is a real pity in many ways that this stuff has to be sorted out through the courts, just think of the number of jumping off points for challengers to the broadcast status quo in every member state. Whether that is a good thing or not I leave the reader to decide.

B2fxxx Not a UK blog

SaysWho says of B2fxxx, "On balance, we believe this is not a UK blog."

Likewise with John, though they do rate him a "prolific blogger".

And sadly they can't find Martin or Ian or BoingBoing...

reCAPCHA helping to digitise books

Here's a great idea - reCAPCHA.

" A CAPTCHA is a program that can tell whether its user is a human or a computer. You've probably seen them — colorful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from "bots," or automated programs usually written to generate spam. No computer program can read distorted text as well as humans can, so bots cannot navigate sites protected by CAPTCHAs...

To archive human knowledge and to make information more accessible to the world, multiple projects are currently digitizing physical books that were written before the computer age. The book pages are being photographically scanned, and then, to make them searchable, transformed into text using "Optical Character Recognition" (OCR). The transformation into text is useful because scanning a book produces images, which are difficult to store on small devices, expensive to download, and cannot be searched. The problem is that OCR is not perfect.

reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA. This is possible because most OCR programs alert you when a word cannot be read correctly.

But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.

Currently, we are helping to digitize books from the Internet Archive."

Monday, October 01, 2007

Professor Reed's manifesto for Web 2.0

Chris Reed's manifesto for the regulation of Web 2.0 has been doing the rounds and cheering up some geeks and bloggers.


To: All those concerned with the regulation of Web 2.0 who know enough
to know that they know nothing.

1. When, as they will, politicians take up the cry of commentators that "This is awful. Something must be done!" we must resist them to our last breath. Laws about the internet made this way have consistently failed to achieve their aims and produced unintended, unfavourable consequences. It always ends in tears.

2. For the time being we must preserve the liberties of online intermediaries so that Web 2.0 can continue to evolve. One day we will understand what responsibilities they can fairly be asked to shoulder. Meanwhile we must muddle along, extending and adapting our current laws to new problems as best we can. If something really must be done, we should question and question again until satisfied that it will not do more harm than good.

3. So far as we are able, we must divert lawmakers into fixing problems that we at least vaguely understand. The most pressing of these are online privacy and intellectual property rights in the new Web 2.0 creations. Fortunately both these require years of international negotiation, which will give us time to identify the best solutions.

We owe it to the future to prevent the mistakes of the past. Aux armes

My 'Future of Content' co-conspirators will note Professor Reed's perspective on the centrality of IP and privacy in the mix.

Meanwhile whilst we were in the midst of our blog debate last week, Gilberto Gil, Brazil's minister for culture, was calling for a version of Martin's free digital society.

"Today's digital technologies represent a fantastic opportunity for democratizing access to knowledge. We have found that the appropriation of digital technology can be an incredible upgrade in skills of political self-management and the local political process."

The perils of DRM

Bill Thompson has been getting irritated with DRM again.

VAT charges introduced for EU Second Lifers

I included a note about ICrave TV and Lessig's notions on zoning the Net in my Future of the Net Pt 2 post last week. Tony Hirst has just pointed me to a note about Linden Labs' decision to charge VAT to Second Life users resident in the EU.

"At around 4PM PST, while most of Europe slept, an email was sent out about a new policy at Linden Lab. Those European customers who were awake got a bit of a nasty shock:


We have identified that you reside in a European country. Accordingly, your next bill will reflect Value Added Tax (VAT) charged at the rate specified by your country. Please note that VAT applies to all payments to Linden Lab such as land sales, monthly maintenance fees and Premium subscription fees.
If you are eligible for a VAT exemption, you may submit proof of your exemption status, such as your VAT number, here:

If you have other questions, please read the VAT FAQ:

You can also contact us via the support portal:

Best regards, and thank you for your continuing support.

Linden Lab
Creators of Second Life"

Now users of SL are, understandably, not always entirely truthful about their details so what if you said when signing up that you lived in a diferent country to where you are actually resident? According to Linden Labs FAQ:

How does Linden Lab determine who to charge VAT for?

"When you registered your account, you told us what country you live in. If that country is in the EU, then VAT is applied.

If you say that you come from a different country that doesn't charge VAT, it's very likely that discrepancies between your IP address and your declared country would get caught in our risk detection system and may cause your account to be flagged for review or even suspended."

This was inevitable and the only surprising thing is that it has taken them so long to get round it, though I suspect dedicated Second Lifers won't be seeing it like that.