Friday, February 29, 2008

That Blackboard decision again

Martin is as close as I've seen him to angry in his writing about the jury deciding in favour of Blackboard.

"

It strikes me there are three ways to be the market leader in an industry:

i) Have such cool products it doesn't matter how you behave (cf. Apple)

ii) Have an average product and bully everyone else out of the market so the customer has no choice (cf. Microsoft)

iii) Work with your customers to develop your product and get good will (cf. nearly every other tech company).

I don't have an MBA, but it strikes me that option i) is damn hard to pull off and happens to only one or two products in a decade. Option ii) is so old school, industrial type thinking that even Microsoft are shying away from it now. This is particularly true in a sector like education. Unlike, washing machines say, people really care about education. You can't bully them, treat them with contempt and work against the community and expect to have the market. People are too smart and will work around you. Which leaves option iii) as your only sensible option. And the BB patent is about as far as you can get from this as is imaginable.

So when universities find ways to deliver, support, facilitate learning online (for instance using a set of third party apps held together by eduglu), are BB going to sue them? And will they sue every application in the pack? Google Calendar when used in a loosely coupled learning suite is now in infringement of copyright?

You have to say that when it comes to misunderstanding your market, the BB patent will be a classic case study. Until we have the opportunity to look back and laugh however, we should make sure we do everything to boycott them."

Whilst I share Martin's sentments, I don't agree that you can't bully and treat educational institutions with contempt and still expect to have a market. Blackboard and many other systems suppliers are locked into educational and other institutions; and in universities, as elsewhere, the people and processes charged with making decisions about such things are not always the most rational in the world. In addition, given the avoid-litigation-at-all-costs mentality in the education sector generally, Blackboard's court win, I fear, could do more long term damage than I would like to see.

Lessig decides against running for Congress

Larry Lessig has decided that he is not going to run for Congress after all.

"After lots of thinking and advice, I have decided it does not make sense for the Change Congress movement for me to a run for Congress in CA12. We would have just over 30 days to introduce a district to me and to an idea. That would not be enough time to convince them to turn away from an extremely popular politician with 30 years of public service. And while anyone within the district would understand that, outside the district, the lesson would be that a "Change Congress" message has no salience or support. That would, in my view, harm the movement more than it would help."

Thursday, February 28, 2008

Jury decide in favour of Blackboard

At the end of last week a federal jury awarded Blackboard $3.1 million in damages against competitor Desire2Learn for patent infringement. This is a bit of a surprise since two federal judges gave preliminary rulings in August 2007 invalidating most of Blackboard's patent.

Desire2Learn has posted a copy of the judge's instructions to the jury. Well worth a read.

Michael Feldstein, one of the bloggers following the case most closely, has posted an eye-witness account of the trial by Jim Farmer of Georgetown University. Also well worth reading in full.

From the Chronicle:

"A federal jury in Texas awarded Blackboard Inc. $3.1-million on Friday, saying that a smaller Canadian competitor, Desire2Learn Inc., had infringed its patent for a system of delivering course materials online. The jury also found that Desire2Learn had not shown clear and convincing evidence that Blackboard's patent was invalid.

Blackboard's general counsel, Matthew Small, said the verdict validated the company's assertion, which has been challenged by many higher-education technology experts, that its system was unique when the U.S. Patent and Trademark Office granted Blackboard the patent in 2006. The office agreed last year to take another look at the patent after Desire2Learn and others challenged its validity. That review is still pending.

"They won this round, but the battle is not over by any stretch of the imagination," John Baker, president and chief executive of Desire2Learn, said in an interview Friday. "We'll continue to fight and hopefully remove from the educational community this very dark cloud."

The company is considering several options, including appealing the verdict, continuing to challenge the patent at the federal level, and modifying its software so it does not infringe Blackboard's patent.

Mr. Baker said he was "shocked" when the jury announced its decision after deliberating for nine hours over two days in the U.S. District Court in Lufkin. The trial lasted two weeks...
Eben Moglen is founding director and chairman of the Software Freedom Law Center, an advocacy group for open-source software that has challenged Blackboard's patent. Mr. Moglen, who is also a professor of law at Columbia University, said there is plenty of evidence, presented both in the trial, and to the federal patent office, of similar technology that existed before Blackboard's patent was issued. He added that his group plans to continue fighting to invalidate Blackboard's patent...

Peter A. Schilling, director of information technology at Amherst College, said colleges may decide it's too risky to use any course-management system other than Blackboard's. The patent, he said, is so broadly written that professors may be afraid to even use wikis or blogs."

HansRosling's insights on poverty

One of my favorite TED talks was Hans Rosling's amazing

New insights on poverty and life around the world


Pogue's TED medley on the history of TV and music on the Net

NYT tech columnist David Pogue has been singing at TED about the history of music and TV on the Internet, a 3-minute TED medley, or a "TEDley", as he calls it.



Thanks to Glyn at ORG for the link.

NHS multimillion pound IT: the risks

Consultants in London have expressed serious concerns that thenew NHS IT systems are putting patients at risk.

"It's costing millions but the new NHS computer system in London and southern England poses a risk to patients say some consultants. The new NHS IT system is causing serious concern among clinicians.

Last summer, the then boss of the National Health Service IT system, Richard Granger, candidly admitted he was "ashamed" - saying some of the hospital software was "appalling".

Seven months on, Channel 4 News has spoken to clinicians who are seriously concerned about the system...

The pressure is now on Connecting for Health to show that IT in the NHS brings real benefits. But the opinions of some doctors who've experienced the systems are making that difficult.

Chris Taylor added: "Given that the system has been in some form implemented in hospitals for over a year and that there have been entire consultant groups who have raised their concerns, almost protests, it is beyond comprehension that this system, in its current form, is now being implemented. It just really is beyond comprehension. I have no other word for that."

The stakes, then, couldn't be higher for the future of the NHS IT programme. Because unless the problems with the new hospital system are resolved soon, the chance of realising genuine longer term benefits of IT in the NHS could be in jeopardy."

Wednesday, February 27, 2008

Searching Laptops at US Borders and Airports

Anita Ramasastry believes that US government practice in searching laptop computers at borders and airports puts constitutional rights [of free speech and freedom from unreasonable search and seizure] in peril.

"This month, the Asian Law Caucus (ALC) and the Electronic Frontier Foundation (EFF), two civil liberties groups based in Northern California, filed a lawsuit under the Freedom of Information Act (FOIA) to force the government to disclose its policies on border searches, including its rules governing the seizure and copying of the contents of electronic devices. The two groups also want to find out the criteria the government uses to determine when border agents will ask travelers about their political beliefs, religious practices, and other First-Amendment-related activities.

Though the groups' initial FOIA request for relevant documents was made on October 31, 2007, they have yet to receive any documents - even though FOIA stipulates that a request for public information should receive a response within 20 days. Accordingly, they have filed suit to compel a response...

The ALC and EFF's position is that members of the public have a right to know when the government will search their laptops or other electronic devices and, when a search does occur, what types of data the government might, read, copy, or store...

My research indicates that no appellate court has yet addressed the question of whether "reasonable suspicion" is necessary for a laptop search. However, in United States v. Arnold, a California federal district court held that it is. The court reasoned that a search of travelers' files on a laptop is akin to a search of his or her memory, as laptops are "capable of storing thoughts." It wrote "[W]hile not physically intrusive as in the case of a strip or body cavity search, the search of one's private and valuable personal information stored on a hard drive or other electronic storage device can be just as much, if not more, of an intrusion into the dignity and privacy interests of a person."

The government appealed, and the appeal was argued before the Ninth Circuit in October 2007. The Court has yet to issue a decision. Let's hope that when it does, the Ninth Circuit will affirm the district court's well-reasoned opinion, and require reasonable suspicion for laptop searches...

A search of a laptop is much more similar to the search of one's mind, than of one's suitcase. Commentators have pointed out that laptops and PDAS are much like diaries. They record intimate details of our lives, track months and years of our personal histories, list our friends, business associates, and clients, and reflect our opinions on topics ranging from the election to the stock market to the war in Iraq. Finally, their capacity is far great than that of a suitcase which, limited by its physical dimensions, contains a small inventory of items.

In some professions, moreover, a search of a laptop or PDA can pose special dangers. A lawyer's may contain attorney-client privileged information or attorney work product that is for lawyers' eyes only. A journalist's may contain contact information for confidential sources. A social worker's may have sensitive client files focused on personal case histories. A businessperson's may contain trade secrets or information about a future share offering that has not been announced."

Judge orders wikileaks site shut down

From the NYT: Judge Orders Wikileaks Web Site Shut

"In a move that legal experts said could present a major test of First Amendment rights in the Internet era, a federal judge in San Francisco on Friday ordered the disabling of a Web site devoted to disclosing confidential information.

The site, Wikileaks.org, invites people to post leaked materials with the goal of discouraging “unethical behavior” by corporations and governments. It has posted documents concerning the rules of engagement for American troops in Iraq, a military manual concerning the operation of prison at Guantánamo Bay, Cuba, and other evidence of what it has called corporate waste and wrongdoing...

In a statement on its site, Wikileaks compared Judge White’s orders to ones eventually overturned by the Unites States Supreme Court in the Pentagon Papers case in 1971. In that case, the federal government sought to enjoin publication of a secret history of the Vietnam War by The New York Times and The Washington Post."

Stefan Brands new start-up

Stefan Brands has started a new company.

"Imagine you could prove you were 21 without revealing your date of birth -- or anything else about you, for that matter. Or qualify for a loan without disclosing your net worth. Or enjoy the benefits of e-commerce, e-health and e-government without a moment's fear that you are open to identity theft.

Sound impossible? It is. But it won’t be if cryptographer and entrepreneur Stefan Brands has his way.

Brands runs Credentica, a Montreal-based startup that is rolling out an encryption-and-authentication system called U-Prove that allows users to disclose the absolute minimum to complete digital transactions -- and to do so in a way that ensures the information they need to reveal has no shelf life whatsoever...

The U-Prove approach has been tried before, without commercial success. Most companies tried to sell privacy software to consumers, which was the wrong approach.

So Brands is flipping it around by developing a software developers kit that would appeal to businesses and government agencies that want to prevent costly and damaging data breaches on behalf of their customers.

In addition, Brands hopes that by providing a somewhat stripped-down version of his technology under a noncommercial license he can encourage developers to explore its potential applications -– just like RSA Data Security did in the 1980s when it offered free, noncommercial use of its public-key cryptosystem and went on to dominate the online security market."

Scheier says : "Cryptographer Stefan Brands has a new company, Credentica, that allows people to disclose personal information while maintaining privacy and minimizing the threat of identity theft.
http://www.credentica.com/
http://www.wired.com/politics/security/news/2008/02/...
I know Stefan; he's good. The cryptography behind this system is almost certainly impeccable. I like systems like this, and I want them to succeed. I just don't see a viable business model. I'd like to be proven wrong."

Kim Cameron says:

"Google’s Ben Laurie has a new paper called Selective Disclosure in which he argues the importance of zero knowledge proofs and privacy-enhancing cryptography. I fully share his view of the importance of these technologies.

Everyone with a technical interest in identity should look at Credentica’s recently released SDK, called U-Prove. It holistically embodies the cryptographic breakthroughs of Stefan Brands.

There is also a competing system from IBM called IDEMIX, though it is not yet publicly available and I can’t talk about it first-hand.

On his way toward explaining how these systems work, Ben takes the time to put forward his own Laws of Identity (”Let a thousand flowers bloom!”) He is responding to my Fourth Law, which asserts the need for the Identity Metasystem to support both public identifiers (for example, my blogging address) and private ones (my account number with a given company, unknown to anyone but me and them). He says:

“For an identity management system to be both useful and privacy preserving, there are three properties assertions must be able to have. They must be:

  • Verifiable: There’s often no point in making a statement unless the relying party has some way of checking it is true. Note that this isn’t always a requirement - I don’t have to prove my address is mine to Amazon, because its up to me where my goods get delivered. But I may have to prove I’m over 18 to get alcohol delivered.
  • Minimal: This is the privacy preserving bit - I want to tell the relying party the very least he needs to know. I shouldn’t have to reveal my date of birth, just prove I’m over 18 somehow.
  • Unlinkable: If the relying party or parties, or other actors in the system, can, either on their own or in collusion, link together my various assertions, then I’ve blown the minimality requirement out of the water.”

These are important things for the Identity Metasystem to support, and I make the same points in my own version of the laws. But I don’t think these characteristics are the whole story - rather, they describe requirements for certain use cases. However, there are other use cases, and it was the goal of the original Laws of Identity to embrace them as well.

For example, when I blog I want to use an identity that is linkable. I want anyone who is interested in my ideas to be able to talk about them with anyone else, and tell them how to get to my web site, which is - in the most literal sense of the word - a “linkable” characteristic of my identity...

I take Ben’s real point to be that an important and mainstream use case is one where verifiability, minimal disclosure AND unlinkability, should all be achievable at the same time. This I agree with."

They take a bit of time to digest but for anyone serious about understanding digital identity Kim and Ben's exchanges are absolutely essential reading.

AT&T Copyright Fighting

Nicholas Weaver has been speculating on how AT&T are planning to implement their promise to filter illegally torrented copyrighted materials on their networks.

"All that is necessary is that the MPAA or their contractor automatically spiders for torrents. When it finds torrents, it connects to each torrent with manipulated clients. The client would first transfer enough content to verify copyright, and then attempt to map the participants in the Torrent.

Now the MPAA has a "map" of the participants, a graph of all clients of a particular stream. Simply send this as an automated message to the ISP saying "This current graph is bad, block it". All the ISP has to do is put in a set of short lived (10 minute) router ACLs which block all pairs that cross its network, killing all traffic for that torrent on the ISP's network. By continuing to spider the Torrent, the MPAA can find new users as they are added and dropped, updating the map to the ISP in near-real-time."

Although the approach raises a host of problems which he accepts and he would much prefer that ISPs avoided getting into the copyright policing game, he suspects that this kind of approach provides an attractive cost-benefit picture to the AT&Ts of this world.

Bring back the fear

Also via Cryptogram: the Onion has an amusing editorial on terror.

"We must all do whatever we can to preserve America by refocusing our priorities back on the contemplation of lethal threats—invisible nightmarish forces plotting to destroy us in a number of horrific ways. It is only through the vigilance and determination of every patriot that we can maintain the sense of total dread vital to the prolonged existence of a thriving, quivering America...

Not so very long ago, we winced every time we saw someone with facial hair or a backpack. Average people were terrified of opening their mail for fear of getting a face full of anthrax. Those were perhaps our country's greatest days. Yet that once-phobic spirit that defined our times is drastically changing...

We can no longer rely solely on our enemies to menace the populace—we must find that horror within ourselves. Though we have made great strides in frightening ourselves about illegal immigrants, bird-flu pandemics, and random psychotic school shootings, it is not enough. What happened to that country I used to know and love, where a Korean grocer could be killed out of irrational xenophobia merely because someone thought he was an Arab? Such an act is, I am disappointed to say, almost unthinkable in today's increasingly less-than-utterly-petrified climate...

Let's all come together as in fearful days of yore and do what we must to keep America free from peace of mind once and for all."

Security v Privacy the false dichotomy

Bruce Schneier, in his latest Cryptogram tackles the false dichotomy of security v privacy head on.

"We've been told we have to trade off security and privacy so often -- in debates on security versus privacy, writing contests, polls, reasoned essays and political rhetoric -- that most of us don't even question the fundamental dichotomy.

But it's a false one.

Security and privacy are not opposite ends of a seesaw; you don't have to accept less of one to get more of the other. Think of a door lock, a burglar alarm and a tall fence. Think of guns, anti-counterfeiting measures on currency and that dumb liquid ban at airports. Security affects privacy only when it's based on identity, and there are limitations to that sort of approach.

Since 9/11, approximately three things have potentially improved airline security: reinforcing the cockpit doors, passengers realizing they have to fight back, and -- possibly -- sky marshals. Everything else -- all the security measures that affect privacy -- is just security theater and a waste of effort.

By the same token, many of the anti-privacy "security" measures we're seeing -- national ID cards, warrantless eavesdropping, massive data mining, and so on -- do little to improve, and in some cases harm, security. And government claims of their success are either wrong, or against fake threats.

The debate isn't security versus privacy. It's liberty versus control...

If you set up the false dichotomy, of course people will choose security over privacy -- especially if you scare them first. But it's still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." It's also true that those who would give up privacy for security are likely to end up with neither."

Tuesday, February 26, 2008

Freedom of expression is dead

In 1998 Kimbrew McLeod got a US registered trademark on the expression "freedom of expression". He was interviewed for today's Radio 4 Mine All Mine show about intellectual property and pointed out that because he had failed to file a section 8 form five years into the life of his unusual trademark, it lapsed. As a consequence if you check out the status of the trademark, a US government website now declares that "freedom of expression is dead."

The programme also quotes Andrew Gowers as saying that "the whole point of intellectual property rights is to recognise that there is almost no form of innovation or creation that is completely original. Almost any form of innovation or creation that you can imagine builds on innovations creations of thousands and probably millions of people before. And if you lose sight of that and have laws that are too restrictive you go wrong; and so it's always been a balance designed to incentivise and reward creation and innovation on one hand and on the other to allow the free flow and competition of ideas."

Monday, February 25, 2008