Saturday, January 12, 2008

Did Hilary really win New Hampshire?

From CounterPunch: Did Hilary really win New Hampshire?

Dennis Kucinich has filed a formal request for a recount of the machine ballots cast in the New Hampshire primary since there is some circumstantial evidence that they didn't work properly i.e. the outcome was substantially different to what the pollsters were predicting. If I had any confidence at all in evoting technology I'd probably be rubbishing the requst for a recount and sarcastically suggesting we just avoid the problem of going to the polls at all and just go by what the polling houses say. But as Prof. Doug Jones says, although there is no direct evidence available yet - no smoking gun - that anything has gone wrong, "the Diebold machines are vulnerable to viruses that can be spread through the machines by the PCMCIA memory cards, and there are other things that can go wrong too." As the good professor says, and he should know as one of the world's leading experts in evoting, it would help the process enormously "if they had a routine random audit procedure in New Hampshire."

Friday, January 11, 2008

Doctor suspended after objecting to the sharing of her personal medical details

Here's another personal data sharing story that everyone should be told. A doctor, who objected to her personal medical details being shared with researchers who then repeatedly phoned her asking intrusive questions, was suspended by her health trust for five years. She had to take her employer to court, firstly to insist her records be kept confidential and secondly to fight the suspension. The Cambridgeshire Primary Care Trust (PCT) and East of England Strategic Health Authority (SHA) eventually followed the advice of a smart barrister and apologised unreservedly to her in the High Court last Friday.

"A HUNTINGDONSHIRE doctor was excluded from work for five years after she objected to her own private medical records being given to researchers.

The doctor was also "unjustly branded dishonest" and believes her career was curtailed by the actions of Cambridgeshire Primary Care Trust (PCT).

At the High Court in London on Friday, the PCT took the unusual step of making an apology to the doctor, who cannot be named for legal reasons...

At the High Court Mr Justice Eady was told that the woman was born with a serious and life-threatening condition which attracted interest from medical researchers.

The court heard that her medical details "in fully identifiable form" were circulated widely for the purposes of research at Addenbrooke's Hospital in Cambridge. As a result she received "uninvited, intrusive and upsetting" phone calls from unknown researchers.

Despite repeated attempts to have her details deleted from databases, she had to take court action to force Addenbrooke's to keep her medical records secret, the court heard."

Privacy + computers = complexity

I learn from Michael Geist that a federal court in California has ruled that a company collecting peer to peer data to track down people using P2P networks, allegedly illicitly, for music sharing, did not commit trespass to chattels. The case is Atlantic Recording Corp. v. Serrano.

Contrast that with the story of the methodist minister who was found to have child pornography on his work computer but considered to have a fourth amendment right to avoid having the computer seized and searched through inappropriate procedures without a warrant:

"A Florida appeals court has affirmed an order barring the state from using alleged child pornography taken without a warrant from an office computer as evidence against a Methodist pastor.

The Florida 1st District Court of Appeal found that Pastor Eric Young had a reasonable expectation of privacy in his office and workplace computer because they were reserved for his exclusive use and that the police officers who seized the evidence did not have valid consent to take it."

Or the Bush administration's mass warrantless wiretapping, which a worried Democrat controlled Congress is effectively considering rubber stamping, lest they be painted as 'soft on terror'...

And you see some of the anomalies of the regulation of modern communications technologies in the good old US of A. Is sharing music on the Net worse than collecting child pornography and does the war on terror mean there should be no checks or balances on government in the US, the UK or anywhere else? Answers on a postcard to your local parliamentary representative please.

Tuesday, January 08, 2008

Copying CDs could be made legal in UK

From the BBC: Copying CDs could be made legal in the UK

"Copying music from a CD to a home computer could be made legal under new proposals from the UK government.

Millions of people already "rip" discs to their computers and move the files to MP3 players, although the process is technically against copyright law.

Intellectual property minister Lord Triesman said the law should be changed so it "keeps up with the times".

Music industry bodies gave a cautious welcome to the proposals, which are up for public consultation until 8 April."

The details of the copyright consultation mentioned are available from the Intellectual Property Office, as ORG mentioned before Christmas:

" Over a year since Andrew Gowers made his recommendations for the reform of IP law, the UK Intellectual Property Office has finally announced a date for the first stage of a two-part consultation into modifications to the copyright rules so that private individuals, students and libraries can benefit from improved access to copyright material. A launch event will take place on 8 January at the British Library, and all interested parties are welcome to attend. Email copyrightconsultation [AT] with your name, job title and the company or organisation you represent if you want to be on the list.

In his email inviting ORG to attend, Lord Triesman, the minister for intellectual property, assured us that he is “eager that all interests should make the fullest use of the consultation.” His speech to the Social Market Foundation last month [pdf] predicted much debate around Gowers’ recommended format-shifting exception:

“[This] recommendation raises an interesting point: there are some people who believe that such a change to the law will provide the consumer with a ‘right’ to copy a DVD for example – but that is not the case. Any change in the law will merely provide an exception from infringement for certain limited acts, and will not override any terms and conditions which the consumer agrees to when he or she buys a DVD in the first place.”

Meanwhile, the UK IPO has been quietly implementing Gowers Review recommendation numbers 46 and 47. Thanks to the IPKat for bringing ORG’s attention to the fact that we had missed the deadline for putting forward a suitably open candidate to the new Strategic Advisory Board on Intellectual Property, a panel that will advise Government on IP issues. Since ORG is subscribed to a large number of UK IPO message lists, we were surprised not to be informed that recruitment was underway. So we’ve asked the UK IPO to consider a late application for SABIP from the Open Rights Group."

Update: ORG were also at the government's 'launch' of the consultation yesterday.

Sony BMG drop drm on downloads

From the BBC, InfoWorld and others: Sony BMG are dropping drm on music downloads.

"Sony BMG Music Entertainment will crack open the door to its music vaults on Jan. 15, taking the DRM copy-prevention wrapper off a limited selection of downloadable tracks.

The tracks will be offered in MP3 format, without DRM (digital rights management), from Jan. 15 in the U.S. and from late January in Canada.

The move is far from the all-digital service offered by its rivals, though. To obtain the Sony-BMG tracks, would-be listeners will first have to go to a retail store to buy a Platinum MusicPass, a card containing a secret code, for a suggested retail price of $12.99. Once they have scratched off the card's covering to expose the code, they will be able to download one of just 37 albums available through the service"

Patent troll tracker top ten trolls of 2007

Patent troll tracker has also nominated their top ten patent trolls of 2007 The top three were:

3. Acacia. I didn't start tracking Acacia carefully until the summer. But still, on my blog I have reported on over two dozen lawsuits brought by Acacia this year, against more than 235 defendants. That's in addition to the over 200 lawsuits Acacia filed in previous years against hundreds and hundreds of defendants. And that's not including the two lawsuits (at least) Acacia has filed in December against 20 more defendants (yes, Acacia, I'm watching you). Acacia's business model, as a publicly traded company, is to accumulate patents and sue as many companies as possible in order to extract licenses. They have a market cap of over 275 million - that pays for a lot of lawsuits. Unlike other trolls, Acacia tends to not focus on one court in particular, although they have sampled the Eastern District of Texas more this year than in the past.

2. Erich Spangenberg. In any other year, Spangenberg would be #1. His subsidiaries, new ones seemingly being created every month, filed at least 15 lawsuits against over 200 defendants this year. Given Acacia sued at least 50 more defendants than Spangenberg in 2007, it was tempting to reverse their order. But Spangenberg - well, he just seems smarter than Acacia. For example, unlike Acacia, he won his trial ($36M from Hyundai) while Acacia lost its trial to Microsoft. Further, even though he sued less than Acacia, he seems to be more successful in resolving his cases (Acacia takes its cases to multiple Markman hearings taking years of litigation; Spangenberg's cases often seem to go away before there's a scheduling conference).

1. Global Patent Holdings. Sometimes quality is more important than quantity. Global Patent Holdings didn't sue as many defendants as Acacia or Erich Spangenberg this year. But their one patent claim -- claim 17 of the '341 patent -- is as disturbing as any patent being asserted by any non-practicing entity this year. Essentially, prior to the reexamination, GPH asserted that anyone with a JPEG on a website infringed their patent. Despite the fact that all 16 claims of the original patent have been finally cancelled, the one much-amended claim is still being asserted by those representing GPH to cover any website with a JPEG. GPH wasted no time after the reexamination certificate issued, suing 16 companies in 3 lawsuits. The amazing thing is the number of potential defendants. One report I saw had there being 100 million websites. Even if you assume only 40 million of them are in the US (a conservative number, if you ask me), and that only 10% of those websites have JPGs (again, an extremely conservative number), there are 4 million potential defendants. Even at Niro's published minimum of $125,000 per defendant, that's half a trillion dollars. Of course, not that many defendants will be sued, and this patent will surely be challenged, but this amazing statistic and the ramp-up of litigation is enough to earn Global Patent Holdings my seal of Patent Troll of the Year."

Are Acacia jurisdiction shopping with patent claims

Patent Poll Tracker has a fascinating list of some of the patent infringement cases pursued by Acacia in December 2007 and comments:

"Turning to our busiest patent troll in 2007, Acacia, it kept up momentum in December with new lawsuits.

Acacia's new subsidiary Coronary Stent Visualization Corp., established in Delaware on 11/19/07 with a principal place of business of 500 Newport Center Drive, 7th Floor, Newport Beach, CA, filed a lawsuit less than a month after formation. Acacia sued Philips Electronic North America Corp. on 3 patents owned by Cedars-Sinai Medical Center (Los Angeles) and allegedly exclusively licensed to Acacia. The exclusive license likely happened at some point just prior to February 2007, when Cedars-Sinai (represented by Jones Day-LA) told the PTO it had lost its small entity status. The 3 patents are 5,054,045; 5,457,728; and 5,822,391. The lawsuit, involving a Los Angeles patentee, Los Angeles inventors, a Los Angeles exclusive licensee/plaintiff, a Los Angeles prosecuting attorney/law firm (well, now-defunct Lyon & Lyon, anyway), and a New York defendant, was filed in Marshall, Texas on 12/17/07 by DiNovo Price Ellwanger of Austin.

Acacia also filed a big case on December 4, in the Southern District of Illinois (East St. Louis) - the second case they have filed there. This time the sub was Document Generation Corp., and Acacia used Simon Passanante of St. Louis. Patent asserted was 5,148,366. Again, Acacia said it is only the exclusive licensee. 19 defendants were sued, all in the medical software field. GE Healthcare and McKesson are the big ones, but 17 small-to-medium business were sued, too...

Acacia, a California company located in CDCA, is an exclusive licensee who has sued 19 defendants, who are located in 17 different judicial districts (including CDCA). The original assignee and inventors were all from Minnesota, then the patent was transferred via merger and relocation to a company in the Southern District of Ohio, and finally has ended up with I-Think, LLC, an Ann Arbor Michigan corporation which appears to be a subsidiary of the original Minnesota assignee, now called DocuMed. That's about 20 different judicial districts that make sense in terms of venue, yet Acacia chose the Southern District of Illinois. Why, exactly? What's in East St. Louis that appeals to Acacia?"

Extract from PM interview with Observer on ID Cards

The NO2ID folks have cut a pasted the extract from Gordon Brown's interview with the Observer dealing with ID cards.


Q: ID cards are seen as a tool for dealing with terrorism but there is a debate about whether they are an encroachment on civil liberties. Are you still committed to pressing ahead with them?

A: I think this debate about ID cards has also got to be one where people can see where there’s agreement as well as where there’s been a debate that’s led to disagreement. If someone said to you that I’m going to give you a better form of passport with biometrics and I’m going to include the current passport information in that if someone said to you that if someone comes to this country as a foreign national, given the worries about illegal immigration, they should carry some form of identity I think most people in the country would agree with that. And I think we’ve got to get the debate about, if you like the management, the identity management to a reasonable level. You know we are not trying to store information about individuals that are not actually, that is not information already in passports. We have to deal with the situation where people come into our country and it’s right I think that they ought to show whether they’re legal or illegal by what we ask of them to produce.

Q: But people seem confused as to what they are for. Is it specifically to guard against foreign nationals working and living illegally here. Or is it aimed at domestic security?

A: I think there are two things. One is, when it comes to foreign nationals coming into the country and the danger that there is illegal immigration into the country, I think most people would support there being some form of identification that people are asked to produce. So I think you know as a general sort of proposition I think people would say that we are right to introduce the cards for foreign nationals.

Q: Is that the principal reason for ID cards?

A: I think as far as the individual citizen is concerned - the danger for me and you in the modern world is that our identity is easily stolen. There are many attempts to do that as we found out. And people feel worried when information about them that is personal to them is lost and rightly so. And I think if we were giving a better means by which people could protect their identity then in the private sector as well as in the public sector people are looking at biometrics. I mean maybe in a few years time to switch on your computer you will need biometrics rather than a password.

Maybe when you go to a supermarket as happens in some parts of the States and Europe you are going to be safer, instead of carrying a credit card which can easily be stolen, in using your biometrics to shop. Maybe in relation to banking to use biometrics one way or another or fingerprint biometrics, whatever, whichever basis you might find that you are safer in your banking transaction than if you carried with you a card and a number. And actually the number of people who lose their PIN number is very high indeed. So I don’t think when people are dealing with their private transactions they’re so worried about the use of biometrics.

As long as it protects their identity and protects their identity being stolen and misused for other purposes. But look this is part of the debate. And I accept, look we are a country that prides ourselves on liberty, in civil liberties. It’s very important that any debate about this starts from what is the problem you are trying to deal with. What would you have done in the seventeenth century, the eighteenth century, the twentieth century and the twenty first century?

But the very fact that you’ve got biometrics now in a way that you didn’t have two centuries ago gives you opportunities to protect people’s identity in a way that you could not have done two centuries ago and I don’t think we should rule out the use of that. In fact I don’t actually think most of the general public think that the use of biometrics is in itself wrong, either for private transactions or for passports or whatever.

Q: So are you committed to ID cards?

A: We’re committed to the proposals that we put forward which are essentially this, that the passport information that you now use to get your passport, linked to the biometrics that are now available give you a better form of protection as an individual. But I’m happy that this debate continues because I believe that over the course of the debate some of the preconceptions about cards and everything will be dealt with.

Q: If you are saying that ID cards are aimed at people coming into this country…

A: No, I said two things. I said one is I think most people would think that if you were a foreign national coming into this country that to distinguish between those who are legally here and not legally here it made some sense to have the identity card. And I think as far as individual British citizens are concerned, I don’t think that people are philosophically against the use of biometrics for their private transactions or for passports, and that is essentially identity management.

Q: So it would be that British citizens and non-British citizens would need them.

A: Yes, but under our proposals there is no compulsion for existing British citizens."

So I trust that's all now crystal clear, then.

Sears privacy gaffe

The brilliant Ben Edelman at Harvard has discovered that third parties can search Sears customers personal data via the web, in breach of the company's own privacy policy. Brian Krebbs at the Washington Post says:

"Sears is having a bit of a rough day with the privacy community. The company got off to a rocky start with revelations that many customers who gave Sears their personal details after shopping at the company's Web site also were giving away their online Web browsing habits to marketers, thanks to snooping software silently installed (and ill-documented) by a Sears marketing partner.

Now, it appears the company's Web site may also be making those shopping habits publicly searchable, at least as they relate to products purchased in Sears stores and/or via its Web site.

The discovery comes from Ben Edelman, an assistant professor at the Harvard Business School and a privacy expert whose research has done much to raise public awareness about the intersection of big business and shady advertising practices."

Monday, January 07, 2008

Plan to give every child internet access at home

The UK government are reportedly planning to make it compulsory for parents to provide broadband internet access for their children at home.

Identifying potentional child criminals

The excellent ARCH blog has pointed out that the government have used Experian's consumer profiling software to identify potential child criminals on the national pupil database.


It’s not just industry that uses the system. Apparently all of the political parties do in order to target their election campaigning. It’s used by public services to allocate resources.

The man who developed Mosaic has recently added another weapon to Experian’s armoury: software that tells you a person’s ethnicity from their surname - particularly useful when someone refuses to tell you.

And now for the children bit: the government has used Mosaic to code the entire National Pupil Database. I’m ashamed to say that we completely missed this story when it was first published.

It’s come to our attention because we received a copy of a paper published in the British Journal of Criminology which examined the use of Mosaic in predicting which schools are likely to have a large number of potentially criminal pupils (based on their postcode). It suggests that such schools could be made into crime prevention academies. Unfortunately the full paper can only be accessed if you have the academic ATHENS log-in, but you can at least see the abstract here.

The name of one of the authors might seem familiar - that’s because he’s the designer of the Mosaic system.

Somebody please pinch me. I think I’m having a bad dream."

Boyle on the New Economy Year in Review

James Boyle reviewed the new economy of 2007 in the FT on New Year's Day. As with all James's writings it comes highly recommended.

"This year did not offer anything as fabulous as Senator Ted Stevens’ explanation of the internet as “not a big truck” but “a series of tubes” – a gaffe that ended up generating both its own music video and its own wikipedia entry. In fact, 2007 provided several arguable violations of the Stevens Principle – namely that “understanding a technology disqualifies one from regulating it.” Only time will tell whether these constitute a trend. It is not a “best of”, but here were three moments of happy surprise in what was otherwise a fairly grim year. In reverse order...3. US presidential hopefuls discover technology...

2. Surprising flashes of evidence-based policymaking continue The last few years have had several remarkable and unusual examples of intellectual property policy being made based on... gulp... empirical evidence about likely effects. Normally the purest example of faith-based policy, intellectual property, has been remarkably resistant to what the Bush administration derisively calls “reality-based” world views. Yet in 2005 and 2006, the remarkable Gowers Review in the UK and the European Union’s review of the database directive both actually attempted to model rigorously the effects of the various policies that were proposed and to test anecdototal claims against actual data. True, those efforts were not always successful. Despite a review that clearly showed that the database directive was not working, the Commission succumbed to tide of political pressure and kept it in place. But in 2007 the Gowers Review proposals on music copyright extension and personal copying were both kept alive, despite considerable opposition. The UK government, to its great credit, seemed to think that a study of actual effects was an important part of the policy process. True, looking at the facts does not guarantee good policy. But it is a promising beginning. Now if only the government would implement some of the recommendations on limitations and exceptions to copyright...

1. Maybe we need to fix patent law....?"

Mery has DNA profile removed, maybe...

David Mery, who got caught up in the anti-terrorism efforts of the metropolitan police, due to his "suspicious behaviour" at a tube station (wearing a heavy jacket on a cold summer's day), has gone through the process of having his DNA profile removed from the national database, possibly.

Good news in the US on Open Access

Via Science Codex:

"President Bush has signed into law the Consolidated Appropriations Act of 2007 (H.R. 2764), which includes a provision directing the National Institutes of Health (NIH) to provide the public with open online access to findings from its funded research. This is the first time the U.S. government has mandated public access to research funded by a major agency."

The 2007 International Privacy Ranking

Privacy International has published The 2007 International Privacy Ranking

Not surprisingly the UK is rated the worst in Europe and on a par with the US, Russia and China.


Each year since 1997, the US-based Electronic Privacy Information Center and the UK-based Privacy International have undertaken what has now become the most comprehensive survey of global privacy ever published. The Privacy & Human Rights Report surveys developments in 70 countries, assessing the state of surveillance and privacy protection.

The most recent report published in 2007, available at and may be purchased in book form through EPIC's website, is probably the most comprehensive single volume report published in the human rights field. The report runs over 1,100 pages and includes 6,000 footnotes. More than 200 experts from around the world have provided materials and commentary. The participants range from eminent privacy scholars to high-level officials charged with safeguarding constitutional freedoms in their countries. Academics, human rights advocates, journalists and researchers provided reports, insight, documents and advice. In 2006 Privacy International took the decision to use this annual report as the basis for a ranking assessment of the state of privacy in all EU countries together with eleven non-EU benchmark countries (click here for the 2006 results). Funding for the project was provided by the Open Society Institute (OSI) and the Joseph Rowntree Reform Trust. Follow this link for more details of last year's results.

The new 2007 global rankings extend the survey to 47 countries (from the original 37) and, for the first time, provide an opportunity to assess trends.

The intention behind this project is two-fold. First, we hope to recognize countries in which privacy protection and respect for privacy is nurtured. This is done in the hope that others can learn from their example. Second we intend to identify countries in which governments and privacy regulators have failed to create a healthy privacy environment. The aim is not to humiliate the worst ranking nations, but to demonstrate that it is possible to maintain a healthy respect for privacy within a secure and fully functional democracy.

Important note

This study and the accompanying ranking chart measure the extent of surveillance and privacy. They do not intend to comprehensively reflect the state of democracy or the full extent of legal or parliamentary health or dysfunction in these countries (though the two conditions are frequently linked). The aim of this study is to present an assessment of the extent of information disclosure, surveillance, data exploitation and the general state of information privacy.

Summary of key findings

(Please note that "worst ranking" and "lowest ranking" denotes countries that exhibit poor privacy performance and high levels of surveillance.

Sunday, January 06, 2008

Motley Fool: RIAA think we're all thieves

The Motley Fool has noticed the RIAA's case against Jeffrey Howell for copying legitimately purchased CDs onto his computer.

"Current litigation against Jeffrey Howell of Arizona shows that while the industry's gone after him for file-sharing, not ripping MP3s, it's also taking exception to recordings on his computer that he copied from CDs he purchased, with the outlook that Howell is also liable for the "unauthorized copies" he made and placed on his PC. Although there's a lot of clarification going on over the Internet now -- pointing out that the RIAA can't specifically target ripping CDs for personal use, since that falls within "fair use" -- the RIAA hasn't lent much reason to give it the benefit of the doubt as a reasonable entity here lately.

After all, a lawyer for Sony BMG said during a recent high-profile file-sharing trial that making one measly copy was, "a nice way of saying 'steals just one copy'." I joked at the time that maybe they'll come after us for singing tunes in the shower, but at this point, maybe that thought isn't funny so much as scary...

As I've said before, a good sign of a dying industry that investors might want to avoid is when it would rather litigate than innovate, signaling a potential destroyer of value. If it starts to pursue paying customers -- which doesn't seem that outlandish at this point -- then I guess we'll all know the extent of the desperation. Investor, beware.

For related Foolishness, see the following articles:

Can You Count on Voting Machines?

From the NYT: Can You Count on Voting Machines?