Friday, November 21, 2008

3 strikes via the EU back door

One of Lilian Edward's students, Simon Bradshaw, at Sheffield University has been analysing the EU telecoms package and how it could facilitate an EU wide 3 strikes law. Outlaw summarises.

"
European law is introducing a 'three strikes and you're out' law for ISPs to disconnect illegal file sharers "under cover of stealth", according to legal experts. The EU's telecoms reform package could guarantee the legality of such schemes.

The content industry has lobbied to force internet service providers (ISPs) to disconnect users they suspect of engaging in copyright-infringing file-sharing after two warnings.

Digital rights activists have questioned the accuracy of the evidence gathered by industry against individuals and have said that the effects on a whole household of one user's actions are disproportionate.

Sheffield University professor of internet law Lilian Edwards and student Simon Bradshaw have analysed the documents that make up EU proposals for telecoms reform and have discovered that proposed new EU laws could pave the way for 'three strikes' schemes against the wishes of the European Parliament.

"This is a crucial set of obligations, about to be imposed on all of Europe’s ISPs and telcos, which should be debated in the open, not passed under cover of stealth in the context of a vast and incomprehensible package of telecoms regulation," they said in a report. "It seems, on careful legal examination by independent experts, more than possible that such a deliberate stealth exercise is indeed going on."

"When passed, these obligations will provide Europe-level authority for France’s current '3 strikes' legislation, even though this has already been denounced as against fundamental rights by the European Parliament, when it was made clear to them what they were voting for or against," they said."

Lilian has been able to get a copy of the latest version of the telecoms package (as of 12 November 2008). It seems that one of the two amendments quietly removed by the Council of Ministers after the EU parliament had inserted them to block a 3-strikes regime, has been re-introduced in the 12 November version of the document.

"47. Importantly, two amendments originally inserted by the EUP did provide protection against nonjudicial imposition of disconnection and other sanctions against alleged filesharers, in particular Art.32a of the Universal Service Directive (see para 35 of brief) and Art.8(4)(ga) of the Framework Directive (see para 28 ). However, both of these provisions were deleted by the CoM, and did not appear in the CoM’s proposed final text.

48. Somewhat unexpectedly, however, one of these “safeguard” provisions, Art 8(4) (ga) ,was in fact reinstated by the Commission in the latest version. Why both Amendments 166 and 138 were not so reinstated is unknown, but may relate to “horse trading” between the Commission, the Council of Ministers and the European Parliament to get the package passed during the Sarkozy Presidency of the EU. Whether (ga) will survive to the final version of the Telecoms Package is anyone’s guess, but it is clearly a key defence for civil liberties and against “3 strikes”, as it explicitly protects both the right to due process and the right to private life. This brief commends its reinclusion and suggests that Amendment 166 also be reinstated."

The paper emphasises in the final paragraph that it is providing a legal not a lobbyist perspective on the telecoms package.

"Good European law cannot be made when sectoral agendas are hidden within nested sets of amendments, obscure definitions by reference, and overly wide and vague terminology. The purpose of this brief has been to open up these obfuscated agendas to the light of day. The brief is based on the Telecoms Package state of play as at 12 November 2008. It will be updated as developments occur."

On her blog, Lilian says:

"The story is now on OUT Law and El Reg (and of course ORG).

Hugh Hancock has set up a Facebook group to help campaign- go join!

I'm also advised the email addresses of the Ministers to write to should you wish to are

Stephen Carter : mpst.carter@berr.gsi.gov.uk

Shiriti Vadera: mpst.vadera@berr.gsi.gov.uk"

ID card legislation consultation

The Home Office has launched a 12 week consultation on secondary legislation to introduce identity cards.

"A consultation has been launched, paving the way for the next step of the government's national identity scheme.

The introduction of the first identity cards for British citizens moved forward today as the government began a 12-week consultation (new window) on the finer detail of the scheme's next phase.

The Identity and Passport Service (IPS) (new window) has invited comment on secondary legislation needed to ensure the first cards for British citizens become a reality and are issued to airside workers and a number of volunteers at the end of 2009."

Update: The NO2ID folks have issued a press release.

"After years of little more than hot air from a sequence of Home Secretaries, we're finally getting to see the fine detail [1] of what "ID cards" will really mean to the average person. It may be quite a shock to those who haven't been paying attention.


It is not just the sheer amount of personal information that you will be required to surrender – a wake-up for any remaining who thought this was a simple card – it is the threats that will be used to force compliance. You could have £1000 penalties sent to you by e-mail [2] if IPS thinks you've been bad – and why might they think that?


If you fail to turn up at a time and place of their choosing; refuse to be fingerprinted, photographed or hand over documents (e.g. birth or marriage certificates); fail to tell them you've moved house for 3 months.


And anything that *they* reckon is "deliberate or reckless" provision of incorrect information could lead to 2 years in prison. Welcome to a lifetime of state identity control...


Phil Booth, NO2ID [3] national coordinator said:


"So the state 'managing' your identity boils down to telling them everything there is to know about you, under threat – and coughing up time and again for the privilege.

"This must be a wake-up call for everyone who bought the line that ID was just a simple card."


-ENDS-


Notes for editors:


1) 'Identity Cards Act Secondary Legislation – A Consultation' can be found on the IPS website:

http://www.ips.gov.uk/identity/downloads/NIS_Legislation.pdf


2) Only the first official warning need be by letter, and that will give you just a fortnight to comply.


3) NO2ID is the UK-wide non-partisan campaign against ID cards and the database state. See http://www.no2id.net/dbstate.php for a list of 'database state' initiatives that NO2ID is actively opposing.


4) Other dubious 'highlights' include:

• a tax on marriage – women who change their name will have to buy a new card;

• those without bank accounts won't be able to get ID – you can only pay by credit or debit card, or cheque;

• the homeless will be able to nominate a park bench as their 'address'"

Thursday, November 20, 2008

Aussie Net filtering looms

From the Guardian:

"Won't somebody think of the children? This mantra is being used with great effect by the Australian government to increase its control over what Australians see, watch and do - all, ostensibly, in the name of protecting the nation's youth. And a scheme that amounts to censorship is coming closer: the government has said that it wants to start live trials of ISP-level content filtering before Christmas.

In January, the government annouunced its $A128.5m (£55.2m) Plan for Cyber-Safety - a content-filtering scheme based on the pre-election pledge of Kevin Rudd, who became prime minister last year. His plan follows the failure of the A$189m NetAlert scheme put in place by the government of John Howard, who was defeated in the last federal election."

Regular readers will know of my less-than-sympathetic views of this kind of filtering scheme.

Planning to Share versus Just Sharing

Scott Leslie as usual has been making a lot of sense, this time on planning to share versus just sharing.

"(This is a long post, born out of years of frustration with ineffective institutional collaborations. If you only want the highlights, here they are: grow your network by sharing, not planning to share or deciding who to share with; the tech doesn’t determine the sharing - if you want to share, you will; weave your network by sharing what you can, and they will share what they can - people won’t share [without a lot of added incentives] stuff that’s not easy or compelling for them to share. Create virtuous cycles that amplify network effects. Given the right ’set,’ simple tech is all they need to get started.)

I have been asked to participate in many projects over the years that start once a bunch of departments, institutions or organizations notice that they have a lot in common with others and decide that it would be a good idea to collaborate, to share “best practices” or “data” or whatever. It always ’sounds’ like a good idea. I am big on sharing and have benefited much over the years from stuff I’ve shared and stuff shared with me by my peers.

But inevitably, with a very few exceptions, these projects spend an enormous amount of time defining what is to be shared, figuring out how to share it, setting up the mechanisms to share it, and then…not really sharing much. Or sharing once but costing so much time, effort or money that they do not get sustained. Does this sound familiar to anyone else? I don’t feel like this phenomenon is isolated to me or somehow occurs because of my own personal ineptitude, but you never know.

Now I contrast that with the learning networks which I inhabit, and in which every single day I share my learning and have knowledge and learning shared back with me. I know it works. I literally don’t think I could do my job any longer without it - the pace of change is too rapid, the number of developments I need to follow and master too great, and without my network I would drown. But I am not drowning, indeed I feel regularly that I am enjoying surfing these waves and glance over to see other surfers right there beside me, silly grins on all of our faces. So it feels to me like it’s working, like we ARE sharing, and thriving because of it.

So I began to wonder, why does one the (institutional-driven/focused) approach continually fail while my personal learning network continues to thrive."

Obama the law professor

While I was over at Aaron Swartz's blog I also liked this feelgood story about the incoming US president.

"John Comaroff is a professor of anthropology at the University of Chicago, where Barack Obama used to teach. Obama still lives in the neighborhood, Hyde Park. Recently, on the radio show Open Source, Comaroff told this story:

We have a cleaner in our building -- 70-something-year-old African American guy; sweet, sweet guy. And every evening he comes into our office about six and takes our garbage and stuff. ... He didn't come in on Tuesday -- I was up late, working until I went to see election results.

Of course, Hyde Park was abuzz. Hyde Park thinks of this election as its own. And the fact that the Obama kids were at school on Tuesday and Wednesday, and we all had to ride around the TV cameras to get to our parking, was the kind of masochistic pleasure that we're having in Hyde Park, which after all has always been told it's the fringe of the nation. We've always been told that nothing we do or say counts anywhere else, especially not across the border in Indiana. So to suddenly find ourselves at the center of the political process is interesting.

So [on Wednesday] the guy comes into my office and I say "So, where were you yesterday?" "Ah," he says, "I was in Grant Park [where Obama gave his victory speech]." "Grant Park?" "Yeah, right near the front -- I could have touched Barack Obama." "How did you get there? It's tough to get tickets."

He said "You don't understand. A few years back, I worked Law School, I cleaned the Law School. And Obama's office was on my run. He worked late many nights and he was really interested. I'd come by cleaning and he'd always stop me for a chat. Sometimes he'd share food with me -- he always brought food in -- and the thing was, he sat down and he talked to me. He said 'Tell me about your community. Tell me what's going on out there. I wanna know. I wanna know what's out there on the streets. I wanna know how America is living.'"

And one got the sense that this guy, alienated from the political process, alienated from the work process, found in Obama a real human being."

Stealing your library

This story from Aaron Swartz on the surface is probably mostly of interest to academics and library geeks but it has a potential impact reaching far beyond that interest base. It is just such obtuse, mainly invisible power struggles that will define the future shape of our information age. (Thanks to Imran Ghory via the ORG list for the pointer).

"This is the story of a monster, a sorcerer's apprentice, a nice little thing that's grown and grown until it's gotten out of hand and turned on its creators. It's the story of a little-known organization called OCLC (the Online Computer Library Center) that is -- no joke -- trying to steal your library, all of our libraries, for itself.

OCLC was founded in 1967 by Fred Kilgour, a pioneering Ohio librarian, with a simple idea: Instead of having every library in the country separately catalog a book -- laboriously entering its title, author, and subjects in just the right format -- why not have one person enter the cataloging information, upload it to a central computer, and then let everyone else download a copy from there?

It was called WorldCat, for World Catalog, and it's been a resounding success. Today it has around 50 million book records. But OCLC, the group that owns and operates it, has been a different story. It started small -- a little office in Ohio, a set of membership dues to share the cost of running the servers. But OCLC's control passed from librarians and academics to business people (its senior executive comes from consulting firm Deloitte & Touche). They realized they had a monopoly on their hands and as costs for running servers have gone down, their prices have gone up. They charge you once to get your records added to WorldCat and charge you again to get them back out and charge you a third time for a whole series of additional fees and services...

They've used their power and influence to put other library suppliers out of business so they can sell the same products themselves. And, throughout it all, they've become increasingly closed, even secretive. Not wanting to disrupt the money flow, OCLC has dragged its feet in getting library records on the Web. It wasn't until a couple years ago that they finally put up a WorldCat website, and even then they've tried to keep a tight lid on it. Only Google and Yahoo are allowed to look at more than a handful of pages...

All this was bad, but it was tolerable. At least folks could build an alternative to OCLC. So that's what I and others have been doing -- Open Library provides a free collection of over 20 million book records that anyone can browse, download, contribute to, and reuse for absolutely free. Naturally, OCLC hasn't been a fan. They've been trying to kill it from the beginning -- threatening its funders with lawsuits, insulting it in the press, and putting pressure on member libraries not to cooperate. (Again, notice the reversal: an organization libraries create to help them has now become so powerful that it is forcing libraries to help it.)

But recently, it's gone one step way too far. Not satisfied with controlling the world's largest source of book information, it wants to take over all the smaller ones as well. It's now demanding that every library that uses WorldCat give control over all its catalog records to OCLC. It literally is asking libraries to put an OCLC policy notice on every book record in their catalog. It wants to own every library.

It's not just Open Library that's at risk here -- LibraryThing, Zotero, even some new Wikipedia features being developed are threatened. Basically anything that uses information about books is going to be a victim of this unprecedented powergrab. It's a scary thought.

Fortunately, the new rules haven't gone into effect yet and it's not too late to stop them. But we need your help. Please, spread the word about this disaster and share this blog post. Sign our petition demanding that they stop. And, if you're a librarian or at a library, there's a lot more you can do. First, you can share your library catalog now, before the new policy takes effect. Second, you put your own license on the records you contribute to OCLC, insisting that the entire catalog they appear in must be available under open terms. And third, you can use your OCLC membership status to pressure the organization to listen to libraries instead of dictating to them."

In developments since this initial blog post, the OCLC has denied Swartz's claims, he has responded and you can find more details on the OCLC policy change wiki set up to track the story and at Watchdog.net which is hosting the petition.

In summary it's a bit of a complicated tale but it would appear that the policy change means that libraries using WorldCat would no longer own their own data (or more accurately metadata I suppose). It would be owned by the OCLC which, if I'm reading it correctly, could facilitate an OCLC monopoly on future library cloud computing services. Not something to be taken lightly.

At its heart this is one of those 'building on the shoulders of giants' intellectual property landgrab scenarios. The WorldCat records are the result of the collective energy and work of countless librarians and catalogers, a large proportion of which worked in publicly funded libraries, around the world since 1967. It would seem somewhat anomalous therefore that any single organisation, especially one to which those records have been freely provided for the greater good, should stake an ownership claim over the product of such efforts. OCLC founder, Fred Kilgour, cared deeply about open/free access to knowledge. I wonder what he would have made of it all?

Update: More locally Odinance Survey has been reiterating its licence restrictions.

"

Say you work in a local authority. Being helpful, you want people to be able to find the public toilets in your area via an online map. So you look on your in-house mapping system for the locations of those toilets (which your council built, maintains and cleans, and whose location you originally fed into the in-house map), and begin feeding their positions on to Google Maps, Microsoft Live and Yahoo's Maps.

According to Ordnance Survey, the government's mapping agency, you've just broken its copyright, because the map you checked is licensed from it. And your council licence, like most OS licences, doesn't allow you to put data derived from an OS map on to the world-visible Google Maps - even though Google's maps are also licensed from OS.

In short, you're not allowed to put data you created (the toilets' locations), and then provided to OS, on to a different map - even though that new map is licensed from OS. You, or the council, could be sued. Last month OS sent a two-page letter reiterating its licensing restrictions, ostensibly as "guidance" to help councils considering using Google Maps. Though it might just seem like a licensing quirk, the re-assertion by OS of its rights is a high-stakes political move whose effects could be far-reaching."

Baidu lambasted for boosting rankings of dodgy medical suppliers

On the search engine front the big story in China is that Baidu which has been wiping the floor with Google, has suffered another dent in its reputation. From AP via Findlaw:

"Baidu.com has been the star of China's Internet world. But now the search engine dubbed "China's Google" is scrambling to rescue its reputation after state TV accused it of letting unlicensed suppliers of medical products pay for higher rankings on its results page - without alerting users.

Baidu.com Inc.'s U.S. shares have plunged this week, including a 30 percent drop Monday, since the weekend TV report. Baidu says it has suspended thousands of merchants from its paid-search service but says it broke no law.

It is a big setback for Baidu, which enjoyed a long winning streak after its 2002 launch, with profits up 91 percent in the latest quarter and a 60 percent market share, far ahead of Google Inc.'s Chinese site. The new accusations are explosive at a time of public outrage in China over a string of deaths blamed on tainted milk, shoddy medicines and other faulty products."

The music industry won't be at all displeased about the company's negative publicity since they are currently suing Baidu, claiming its music search service is directing users to pirate websites.

Wednesday, November 19, 2008

MP loses cash over 'rude' blog

From the BBC, apparently a Labour MP, Paul Flynn, has lost some of his parliamentary allowances because he called some of his Westminster colleagues rude names on his blog.

"A Labour MP says he has been stripped of a Parliamentary allowance for making fun of other MPs on his blog.

Paul Flynn was told to remove posts including ones calling ex-Labour minister Peter Hain a "shapeshifter" and Lib Dem MP Lembit Opik a "clown".

When Mr Flynn refused he had part of his communications allowance removed.

Other MPs have complained of the Commons trying to "censor" their blogs but the authorities say there are rules on using public money for "propaganda".

MPs voted last year to give themselves a £10,000 allowance to spend on boosting the public understanding of Parliament through websites and other publicity material.

They were warned that they would not be allowed to use the money to publish political "propaganda" on their websites. "

Tennessee to police campus networks

From the RIAA:

"Tennessee Gov. Phil Bredesen signed into law today a bill aimed at curbing the disproportionate amount of music theft occurring on state campus networks via peer-to-peer (p2p) services. Recording Industry Association of America (RIAA) Chairman & CEO Mitch Bainwol, along with several other members of the music community, participated in the signing ceremony and welcomed the enactment of the legislation, SB 3794, which passed the state legislature earlier this year."

They are pleased though the EFF are not:

"Last week, the RIAA celebrated the signing of a ridiculous new law in Tennessee that says:
Each public and private institution of higher education in the state that has student residential computer networks shall:

[...]

[R]easonably attempt to prevent the infringement of copyrighted works over the institution's computer and network resources, if such institution receives fifty (50) or more legally valid notices of infringement as prescribed by the Digital Millennium Copyright Act of 1998 within the preceding year.

While the entertainment industry failed to get "hard" requirements for universities in the Higher Education Act passed by Congress earlier this year, the RIAA succeeded in Tennessee (and is pushing in other states) with this provision that gives Big Content the ability to hold universities hostage through the use of infringement notices. Moreover, the new rules will cost Tennessee a pretty penny -- in the cost review attached to the Tennessee bill, the state's Fiscal Review Committee estimates that the new obligations will initially cost the state a whopping $9.5 million for software, hardware, and personnel, with recurring annual costs of more than $1.5 million for personnel and maintenance. Not a penny of this will go to artists, nor to any of the record labels RIAA represents.

Unfortunately, the entertainment industry lobby seems to be succeeding, bit-by-bit, in persuading legislators to coerce universities into buying "infringement suppression" technologies -- expensive technologies that won't stop file sharing on campus networks. Even if the technologies did work (magical thinking in light of encryption), does anyone think they would somehow force students back into record stores or the iTunes Store? After all, today students on campus can swap multiple gigabytes hand-to-hand for pennies (see, e.g., blank DVD-R disks, or the price of portable hard drives, as well as the ease of copying from iPod to iPod).

It makes no sense to force universities to spend millions on technologies that will hobble innovation on campus while failing to stop file-sharing. Why not use those millions to compensate creators and copyright owners, and thereby make file-sharing legal, instead? Now, more than ever, the universities need to come forward with a collective licensing proposal that will protect their campus communities and their own bottom lines.

Meanwhile, universities under the gun should make sure to shun the hype of network filtering when possible and seek solutions more amenable to teaching and academic freedom -- our whitepaper on copyright infringement technologies on campus networks is a good place to start. For more detail, EDUCAUSE has in-depth resources on P2P, file sharing, and the Higher Education Act."

Open Rights Group annual review

The Open Rights Rights Group has just released its annual Review of Activities. Becky Hogge says:

"It’s been a bumper year for digital rights. From HMRC posting half the nation’s bank details to the Darknet, to the ongoing campaign against Phorm, to three strikes and the rightsholder lobby’s so-far thwarted attempt to take control of your internet connection, this year was the year digital rights went mainstream. Thanks to generous support from the ORG community, we’ve been there giving an informed perspective on the issues to the natonal press, working with policymakers behind the scenes and mobilising the grassroots into effective action.

As ORG Chair William Heath writes in his foreword to the review:

“Built on the enthusiasm and promise of people who live, work, play, socialise and create online, ORG is a celebration of the emerging possibilities that technology and the internet offer us. ORG exemplifies that social activism which brings out the very best people have to offer: expertise, creativity, energy, and professionalism – and none of this ever without humour.

“Behind this lies an irrepressible motivation. The ORG community knows there are real abuses of our rights online, and real threats to our information society.”

Image courtesy of Sheila EllenThreats to our digital liberties continue to menace us. 2009 will see new challenges, such as the Government’s proposed Intercept Modernisation Programme. That’s why, as we celebrate ORG’s third birthday, we’re also asking the community to renew their support for ORG. The ORG-GRO campaign is delivering excellent results (huge thanks to all the people who have contributed so far). But the leap from 750 to 1000 fivers received each month is not yet enough to guarantee us long term financial stability. We must reach our target of 1500 fivers before the end of the year. And we can’t do that without you.

So please, if you’re not an ORG supporter, become one today. And if you are, and can afford to up your monthly donation, please consider doing so. As our Review of Activities demonstrates, you’ll get a lot of bang for your buck. If money’s tight, then remember talk is cheap. How many people that would like to join the ORG community could you email right now? If you’re sat in an office, how many of the people around you could you recruit before lunch? Why not spam your mates/make your colleagues a cup of tea and find out?

Finally, thanks to all the people - Advisory Council, Board, volunteers, staff - who have contributed mentally and physically to ORG’s activities this year. ORG couldn’t exist without you. I hope you enjoy reading about what ORG’s been up to. You can download the report here, or read the html version."

ORG really has been doing a terrific job explaining the impact of modern digital technologies and associated regulations on civil rights over the past few years. Happy third birthday ORG and hopefully you will have many more years of educating and campaigning ahead.

Tuesday, November 18, 2008

Computer virus affects hospitals

Thanks to Alan Cox via FIPR for pointing out this BBC story:

"Three London hospitals have been forced to shut down their entire computer systems for at least 24 hours after being hit by a virus.

St Bartholomew's (Barts) in the City, the Royal London Hospital in Whitechapel and The London Chest Hospital in Bethnal Green are affected.

A spokesman said well-rehearsed emergency procedures were in place."

Now if someone suffering from diabetes slipped into a coma do you think they would:

(a) like the attending paramedics/medics to check their medical records on the hospital computer (assuming they can identify the patient)?

Or

(b) be wearing a medical bracelet so the attending paramedics and medics knew she was diabetic regardless of whether she could be identified or not?

Bit of a no contest that one isn't it? As Alan Cox says:

"Another lesson in why you want your medical data available physically and locally in case of failures - and not dependant on computers and networks accessing a remote data centre..."

New content repository called Twidox launched

Via the Creative Commons blog:

"Twidox, “a free, user generated online library of ‘quality’ documents,” launched their private beta today. The “private” beta can be accessed with a beta-code, which virtually anyone can obtain by registering. For readers of this blog, you can simply type in the beta-code “creativecommons” to check out Twidox.

Twidox is a content repository where anyone can upload and publish their work under a Creative Commons license, donate it to the public domain, or retain “all rights reserved” copyright. They have built in CC licensing, so you can easily tag your resources under the license of your choosing. Twidox’s focus is on:

  • academic papers and articles
  • research material
  • professional and industry specific documents
  • coursework and dissertations
  • data and statistics
Like Scribd, IssueLab, and a host of other platforms that have built in CC licensing, ccLearn encourages the open publication of educational materials on the internet. We will follow the progress and evolution of Twidox, who “[does] not see similar sites as competitors.” They state that “Rather than trying to compete with organisations such as the ‘Max-Planck Institute’ and ‘Frauenhofer Institute’, for example, we see them as potential co-operation partners and welcome partnerships.” They also differ from other content repositories in that they are working to cull content on a wider scale by collaborating with various European organizations, versus simply hosting individually contributed materials. So far, Twidox is working with the United Nations Global Initiative to Fight Human Trafficking and also their Office on Drugs and Crime.

Twidox was founded by Nicholas and Daniel MacGowan von Holstein and Jan Deppe. The idea for Twidox began in a university when they began “discussing the difficulty of searching for relevant quality documents for research purposes (access to knowledge). The greatest obstacle lay in the relevance of search results returned from search engines, getting access to subscription-paying sites that did have relevant information and the vast number of websites from different organisations that held documents on the same subject.”

We look forward to seeing collaborations occurring between Twidox and organizations with similar aims."

Yes You Can... Use Copyrighted Material in the Classroom

From the PIJIP folk at American University:

"A national magazine tells a professor she needs hundreds of permissions to use its cover photos in her class, when in fact, she could claim fair use, which does not require payment or permission. Many teachers want to use YouTube as a teaching tool but aren't sure if it's legal, while others warn their students not to post their video assignments to YouTube. Under fair use, both actions are legal.

All manner of content and media is now available online, but fear and misinformation have kept teachers and students from using this valuable material, including portions of films, TV coverage, photos, songs, articles, and audio, in the classroom.

Now, thanks to a coordinated effort by the media literacy community, supported by experts at American University and Temple University, teachers and students have a guide that simplifies the legalities of using copyrighted materials in an academic setting: The Code of Best Practices in Fair Use for Media Literacy Education.

The code, which will be released on Tuesday, November 11, at the National Constitution Center in Philadelphia, was developed by the National Association for Media Literacy Education, the Action Coalition for Media Education, the National Council of Teachers of English, the Visual Communication Studies Division of the International Communication Association, and the Media Education Foundation. The code was facilitated by Peter Jaszi and Patricia Aufderheide of American University, and Renee Hobbs of Temple University. For information about the November 11 event, email Katie Donnelly at Temple, katie.donnelly@temple.edu.

Educators use copyrighted materials from mass media and popular culture in building students' critical thinking and communication skills. For example, a teacher might have a class analyze a website or a television ad to identify purpose, point of view, and source credibility. With the rise of digital media tools for learning and sharing, it is more important than ever for educators to understand copyright and fair use.

Fair use, a long-standing doctrine that was specifically written into Sec. 107 of the Copyright Act of 1976, allows the use of copyrighted material without permission or payment when the benefit to society outweighs the cost to the copyright owner.

"The fair-use doctrine was designed to help teachers and learners, among others," said Peter Jaszi, director of the Program on Information Justice and Intellectual Property at American University's Washington College of Law. "It's one of the best copyright tools teachers have."

"Finally, copyright confusion among educators will be a thing of the past," said Hobbs, founder of Temple University's Media Education Lab and professor of broadcasting, telecommunications and mass media at the university's School of Communications and Theater. "In an increasingly copyrighted world, the code of best practices clarifies copyright and fair use for educators and students."

The code, which outlines basic principles for the application of fair use to media literacy education, articulates related limitations, and examines common myths about copyright and education, is a follow-up to a 2007 report, The Cost of Copyright Confusion for Media Literacy. The report found that teachers' lack of copyright understanding impairs the teaching of critical thinking and communication skills. Too many teachers, the report found, react by feigning ignorance, quietly defying the rules, or vigilantly complying.

The Code of Best Practices in Fair Use for Media Literacy Education outlines five principles, each with limitations:

Educators can, under some circumstances:
1. Make copies of newspaper articles, TV shows, and other copyrighted works, and use them and keep them for educational use.
2. Create curriculum materials and scholarship with copyrighted materials embedded.
3. Share, sell, and distribute curriculum materials with copyrighted materials embedded.

Learners can, under some circumstances:
4. Use copyrighted works in creating new material.
5. Distribute their works digitally if they meet the transformativeness standard.

As part of the project, American University's Center for Social Media produced a video to help teachers and students understand how they can use copyrighted materials. The code, video, and other curriculum materials for educators are available at http://centerforsocialmedia.org/medialiteracy, and http://Mediaeducationlab.com."

Do bear in mind jurisdictional issues - e.g. US copyright law is not the same as UK copyright law - but it is great to see such efforts to clarify the use of copyrighted materials in education.

Monday, November 17, 2008

Startup aims to improve patent quality

From AP via Findlaw:

" A new startup company wants to have a say in the high-stakes patent disputes that loom over many industries.

In the drug business, for instance, Pfizer Inc. is suing generics maker Teva Pharmaceutical Industries, accusing it of infringing on a patent covering Pfizer's top-selling cholesterol medicine.

In high-tech, Research In Motion Ltd. is locked in litigation with Motorola Inc. over patents central to wireless devices...

Now the startup, Article One Partners, is offering a reward to anyone who can turn up evidence to settle whether the patents at the heart of these cases - along with a handful of other valuable, high-profile patents - are valid or not."

How to steal an electronic vote

Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten's Diebold AccuVote-TS DRE voting machine security demonstration is also available on Google Video

NHS medical research plan threatens patient privacy

The lead story in today's Guardian: NHS medical research plan threatens patient privacy

"The privacy of millions of NHS patients will be critically undermined by a government plan to let medical researchers have access to personal files, the health information watchdog told the Guardian last night.

The prime minister and Department of Health want to give Britain's research institutes an advantage against overseas competitors by opening up more than 50m records, to identify patients who might be willing to take part in trials of new drugs and treatments.

They are consulting on a proposal that is buried in the small print of the NHS constitution that would permit researchers for the first time to write to patients who share a particular set of medical conditions to seek their participation in trials.

It would result in patients receiving a letter from a stranger who knew their most intimate medical secrets, which would be regarded by many as a breach of trust by doctors who are supposed to keep information confidential."

Harry Cayton, the incoming chairman of the new government watchdog on NHS data, the National Information Governance Board for Health and Social Care, has stated categorically that the plans are "ethically unacceptable". That's likely to have made him very unpopular with ministers who are probably wandering round Whitehall muttering "you can't get the staff these days" or words to that effect. Cayton has been what Sir Humphrey might have described as "remarkably brave" and robust in his comments:

"There is pressure from researchers and from the prime minister to beef up UK research. They think of it as boosting UK Research plc. They want a mechanism by which people's clinical records could be accessed for the purposes of inviting them to take part in research, which at the moment is not allowed. I think that would be a backward step.

"It would be saying there is a public interest in research that is so great that it overrides consent and confidentiality. That is not a proposition that holds up."

Given the disappointing conclusions on the subject slipped into Richard Thomas' and Mark Walport's Data Sharing Review Report for the Prime Minister and Secretary of State for Justice in July,

"5.8 We support the instinctive view that wherever possible, people should give consent to the use or sharing of their personal information, allowing them to exercise maximum autonomy and personal responsibility. However, achieving this in practice is not so simple. It is unrealistic to expect individuals ever to be able to exercise full control over the access to, or the use of, information about them. This is because of a number of factors, not least practical difficulties in seeking and obtaining consent in many circumstances. Moreover, there are many circumstances in which it is not useful, meaningful or appropriate to rely on consent, or indeed to obtain fresh consent at a later stage for the reuse of personal information for a different purpose...

5.17 As a general rule, it seems right that personal information obtained consensually for a specified purpose should not then be used for an incompatible purpose that goes outside the terms of the original consent. If that were to happen, it would breach the terms of the original consent. For this reason, the second Data Protection Principle, which prohibits reuse of information in any manner that is incompatible with the original purpose, stands as a significant safeguard. It is important to note, however, that ‘incompatible with’ is not the same as ‘different from’. Although some respondents to the review have said that the law should prohibit any reuse of personal information without fresh consent, we believe that returning to people on each occasion when an organisation wishes to reuse personal information for clearly beneficial and not incompatible purposes would impose a disproportionately heavy burden, particularly where the data pool is large.

5.18 Again, the example of medical research is particularly helpful here. Respondents in this sector agreed almost unanimously that a requirement to seek fresh consent for any supplementary use of previously collected personal information would be unworkable and have a severely detrimental effect on the ability to conduct important medical research. The time, money and effort required to do this would all have an adverse impact on research programmes and on patient care. This is an example where the principle of implied consent24 is valid. An NHS patient agreeing to a course of treatment should also be taken to have agreed that information given during the course of the treatment might be made available for future medical research projects, so long as robust systems are in place to protect personal information and privacy. After all, that patient may be benefiting from research using health information from earlier patients."

- it's a pity Mr Cayton's views couldn't have been incorporated when the report was being considered. Anyone taking seriously his belief that -

""It would be saying there is a public interest in research that is so great that it overrides consent and confidentiality. That is not a proposition that holds up."

- would have had great difficulty justifying paragraph 5.18.

The Department for Health has welcomed the comments "and will consider them" alongside others.

Patient confidentiality is a fundamental pillar of a sound healthcare system. To throw it away as a result of some vague unsubstantiated notion about the UK becoming the medical research center of the world would be a serious mistake.

Update: Not surprisingly Ian Brown has a few things to say about the Guardian report and reminded me of one of his many excellent contributions to the field, the Cybersecurity Knowledge Transfer Network's Privacy Engineering Whitepaper. Executive Summary:

"A stronger legal and regulatory environment, high profile privacy failures, and increasing public concerns build the case for enterprises to take privacy seriously. For those new to the subject, this paper describes the harms that privacy failures can lead to, and the reasons why privacy issues must be addressed. Harm may happen to individuals, to organisations, or to society as a whole, and enterprises should address the effects on all of these when contemplating new information systems. Leadership is essential if concern for privacy is to be embedded throughout an organisation’s culture, processes and systems.

For those attempting to design privacy in to their systems, this paper provides guidance on the issues that must be addressed. The range of issues is broad, and we can only scratch the surface here. More work is needed to develop the detail, and we hope this paper will inspire that development. But the breadth and complexity of the issues also emphasises the need to develop skills and ethics within a profession of privacy practitioners.

Finally, this paper offers three clear conclusions about the nature of privacy issues, who is responsible, and how the threat of breaches can be vastly reduced by taking swift and appropriate measures."

Update 2: Speaking of patient confidentiality, Declan McCullagh has been taking EPIC and the Patient Privacy Rights group to task for complaining about Google's plans for predicting flu trends in the US.

"Google's recent announcement that it may have found a way to predict U.S. flu trends has led to the inevitable expressions of concern from some privacy groups.

The Electronic Privacy Information Center and Patient Privacy Rights sent a letter this week to Google CEO Eric Schmidt saying if the records are "disclosed and linked to a particular user, there could be adverse consequences for education, employment, insurance, and even travel." It asks for more disclosure about how Google Flu Trends protects privacy."

Declan suggests the privacy groups' real beef should be with the government, since Google are only publishing aggregated statistics but he does accept that they are making a much more subtle point and quotes Marc Rotenberg of EPIC in explanation:

"The basic question I'm asking to Google is: how can it be that across all these key terms, you can generate aggregate anonymized data without any risk of reidentification?

Put another way, what if an attorney general in a state where marijuana was illegal sent a subpoena to Google asking for the identities of anyone who typed in "how to grow pot?" Or if abortion were illegal in a certain state, what if the subpoena wanted to know who typed in "how to get an abortion?""

Liberty complain of government sophistry on mandatory ID cards

According to the Sunday Times, Liberty are unhappy with the latest government immigration control plans.

"Ministers have been accused of trying to introduce compulsory identity cards through the back door, despite promises that people will not have to carry them.

Lawyers at Liberty, the civil liberties group, say that little noticed clauses in the draft immigration and citizenship bill introduce new powers to make people produce identity documents or face arrest."