Friday, May 15, 2009

IOC approve Olympic blogs

From the Sports Journalists' Association:
"The International Olympic Committee has issued a four-page guide to competitors which acknowledges the realities of 21st century communications by allowing “athletes’ blogs” at the 2010 Vancouver Winter Games, in a move which could make athlete-authored columns much easier to arrange for newspaper websites than at previous Olympics...

Rule 49 of the Olympic Charter states that, “Only those persons accredited as media may act as journalists, reporters or in any other media capacity.”

Athlete blogs remain subject to the IOC’s strict copyright rules and broadcasting rights agreements, and therefore are not allowed to use sound clips or video. Even photographs on the blogs are restricted, preventing any images from Olympic action or medal ceremonies. Interviews and news about other athletes are also prohibited. Blogs may not include Olympic symbols, such as the five rings. The word “Olympic” is allowed, as long as it is not associated with a third party or its products or services. Emblems of an National Olympic Committee or Vancouver organising committee are allowed if the blogger has obtained written permission."

Thursday, May 14, 2009

Legal challenge to patent on breast cancer genes

The Chronicle is reporting that:
"The American Civil Liberties Union and the Public Patent Foundation filed suit on Tuesday to challenge the constitutionality and validity of patents on two human genes linked to breast and ovarian cancer.

The patents on the BRCA1 and BRCA2 genes belong to the University of Utah and a company called Myriad Genetics, in Salt Lake City, which pays the university for the right to use them commercially in a test it sells to patients who want to know if they have hereditary risks of developing those cancers.

The lawsuit, filed in the U.S. District Court in New York on behalf of thousands of breast-cancer and women’s health groups and a number of medical societies and academic researchers, accuses the University of Utah Research Foundation, which owns the patents, Myriad, and the U.S. Patent and Trademark Office of stifling scientific research."

The formal announcement of the lawsuit is available at the Public Patent Foundation website. This one has been building for some time and given the number of prestigious plaintiffs involved, organising the lawsuit will have been non-trivial exercise. It's also potentially something of a blockbuster since not only are they challenging the BRCA1 and BRCA2 patents but the whole practice of patenting human genes:
"1. Every person's body contains human genes, passed down to each individual by his or her parents. These genes determine, in part, the structure and function of every human body. This case challenges the legality and constitutionality of granting patents over this most basic element of every person's individuality."
So opens a lawsuit that has the potential to completely alter the landscape of medical science and the genetics and pharmaceutical industries. The specific patent claims challenged are outlined in paragraph 32:
"Plaintiffs challenge the legality and constitutionality of four categories of claims in these patents:

a. Patent Claims Over Natural Human Genes: Claims 1,2,5, and 6 of patent 5,747,282 ('282) and claim 1 of patent 5,837,492 ('492)

b. Patent Claims Over Natural Human Genes With Natural Mutations: Claim 1 of patent 5,693,473 ('473), claim 7 of patent '282, and claims 6 and 7 of patent '492.

c. Patent Claims Over Any Method, Including Non-Patented Methods, Of Looking For Mutations in Natural Human Genes: Claim 1 of patent 5,709,999 ('999).

d. Patent Claims Over the Thought That Two Genes Are Different or Have Different Effects, Including But Not Limited To The Thought That The Differences Correlate With An Increased Risk Of Breast And/Or Ovarian Cancer: Claim 1 of patent 5,710,001 ('001), claim 1 of patent 5,753,441 ('441), claims 1 and 2 of patent 6,033,857 ('857) and claim 20 of patent '282."
Paragraph's 102 and 103 sum up the causes of action stating that the patent claims identified are invalid under Article 1, section 8, clause 8 of the US Consitution, and 35 U.S.C. 101. In addition the plaintiffs submit that all the claims challenged are unconstitutional under the 1st and 14th amendments to the US Constitution. They are asking the court to declare the claims invalid and/or unenforceable, to issue an injunction against pursuing legal action to enforce the patent claims and for costs to be awarded against the respondents. Certainly one to follow closely.

Mashing up MPs expenses with transparency

Tony's been playing with Google maps and IBM's Many Eyes visualisation system again and this time he's going to make himself very popular with our elected representatives in parliament by generating easy-to-read comparative maps of MPs expenses. Wonderful. Charles Arthur at the Guardian explains.

Link to Tony Hirst's map

MPs and travel: now it's laid bare. Tony Hirst - to whom we referred yesterday - has been busy again with our data, this time creating a Google Map showing MPs, their constituencies, and their travel claims. A word of explanation on how it's done: take the travel expenses, which are coded by MP; remove the bedevilling £ sign and commas from the damn thing; then create a table of the MPs' names and travel expenses. Now comes the clever part. Get the MPs' names and postcodes from, which has an API for precisely this task. Next, match the MPs' names to their postcodes. And now feed that into a Google Map, in which the colour of the pin depends on the level of expense: : Red: > £25,000; Pink: £20,000- £24,999; Yellow: £15,000- £19,999; Green: £10,000- £14,999; Blue: £5,000- £9,999; Purple: < £4,999.

You can see the map in its original form (or just click on the picture above)."

And today:
"But while MPs' attempts to excuse themselves plumb new depths ("we're not as corrupt as other countries" from Harriet Harman is my favourite so far), something more important is being ­temporarily ignored, namely, how are we going to police this in future?

The answer I'd offer: put it all into an XML feed. Let us watch our MPs at work, and let us police their expenses. It should be quite simple for parliament's fees office – which already seems to have a fully functional CD burner – to join the 21st century and get an internet connection. Then, when an MP's expense claim is approved, it goes into the feed. Leave the rest to us; we'll start to mash it up against mapping systems, against other MPs, against other countries. We'll rapidly find out whose numbers don't seem to be stacking up correctly compared to the other ones.

We've already started this at the Guardian with the help of Tony Hirst of the Open University with the first, less-detailed wave of MPs' expenses , which almost immediately showed those MPs whose travel expenses seemed out of line. Sure, you have to push aside a few of the pushpins (by zooming in) but you'll quickly spot the odd ones out.

And then we can ask them why their expenses are so odd, rather than having to rely on newspapers relying in turn on public-­spirited whistleblowers motivated by outrage. It would work like this: no expense claim, no reimbursement. Expense claim and reimbursement? Then output on the XML feed. Simple.

This is open source as it could, and perhaps really should, be applied to politics. Forget quibbles about Linux; this is about our elected representatives realising that their insistence that they can keep DNA, approve 21-day detention, and nod through CCTV carries its own element of the panopticon, the Victorian concept of the prison where everything could be seen. If you want to watch us, then we want to be able to see you, and what you're doing.

After all, it's not as if you are claiming for the cleaning of your moat, or clearing moles, or flipping home addresses in a manner that would otherwise attract the attention of HM Revenue & Customs over unpaid capital gains tax ... is it?"

Felten's 3 strikes for print

It's not often Ed Felten is driven to satire - he's usually a model of calm rationality even in the face of some absurd policymaking - but his response to the French parliament passing 3 strikes legislation is a classic illustration that even the most rational thinkers can be driven to exasperation when it comes to IP law making:
" Yesterday the French parliament adopted a proposal to create a "three-strikes" system that would kick people off the Internet if they are accused of copyright infringement three times.

This is such a good idea that it should be applied to other media as well. Here is my modest proposal to extend three-strikes to the medium of print, that is, to words on paper.

My proposed system is simplicity itself. The government sets up a registry of accused infringers. Anybody can send a complaint to the registry, asserting that someone is infringing their copyright in the print medium. If the government registry receives three complaints about a person, that person is banned for a year from using print.

As in the Internet case, the ban applies to both reading and writing, and to all uses of print, including informal ones. In short, a banned person may not write or read anything for a year.

A few naysayers may argue that print bans might be hard to enforce, and that banning communication based on mere accusations of wrongdoing raises some minor issues of due process and free speech. But if those issues don't trouble us in the Internet setting, why should they trouble us here?

Yes, if banned from using print, some students will be unable to do their school work, some adults will face minor inconvenience in their daily lives, and a few troublemakers will not be allowed to participate in -- or even listen to -- political debate. Maybe they'll think more carefully the next time, before allowing themselves to be accused of copyright infringement."

Jonathan Swift would have been amused.

Wednesday, May 13, 2009

New ContactPoint trials imminent

The Telegraph has found some space amidst its MPs expenses revelations to note that the government is starting more trials on the ContactPoint children's database with 17 councils next week.
"From next week, 800 people in 17 council areas will be trained to use it. The trial covers local authorities in the North West, as well as officials working for two charities - Barnardo's and KIDS.

Earlier trials of the system have already uncovered a series of errors. The latest setback emerged in March when council officers were asked to search the database for vulnerable children who needed to be "shielded''. They discovered that adopted children were listed both by their original and adopted surnames, leaving them at greater risk of being tracked down."

French pass 3 strikes bill at second attempt

The San Francisco Chronicle reports that the French government has passed 3 strikes legislation at the second attempt.
"French lawmakers in the lower house on Tuesday passed a bill that would cut the Internet connections of those who repeatedly download music and films illegally, creating what may be the first government agency to track and punish online pirates.

The bill passed 296 to 233 in a show of force by President Nicolas Sarkozy's governing conservatives after an initial failure last month.

The Senate was likely to definitively pass the measure Wednesday. But even then, the battle will be far from over.

The bill defies a European Parliament measure passed last week prohibiting EU governments from cutting off a user's Internet connection without first passing through a court of law. That still needs a final stamp after negotiations with the European Council."

The Economist copyright debate

The Economist has been hosting a debate on the rights and wrongs of copyright this past week and the closing statements are posted today.

William Fisher at Harvard opened for and Justin Hughes at Cardozo opened against the motion that this house believes that existing copyright laws do more harm than good.

There are lots of interesting and informed comments from readers and a guest contributions from other copyright scholars such as Jessica Litman at the University of Michigan Jennifer Urban of USC and industry representatives such as John Kennedy, the CEO of the IFPI.

Professor Litman is particularly scathing about the energy and resources copyright intermediaries pour into protectionism:
"Anglo-American copyright law is designed to encourage authors to create new works and to encourage readers, listeners and viewers to enjoy them. Traditionally, the law has approached those goals by offering profits to intermediaries... For most of copyright law's history, wide public dissemination has required large capital investments... Authors saw few of the proceeds of their works unless they were unusually successful. Readers... had to put up with annoying limitations... that publishers employed to assure that their investments secured the largest returns...

The behaviour of the legacy distributors of books, recordings and films suggests that current copyright law offers them incentives that are too generous, large enough to inspire them to engage in unproductive and uncompetitive behaviour in their attempt to preserve them. Perhaps the most effective way to reform current copyright laws is to significantly reduce the control conferred upon copyright-owner intermediaries, and redistribute that control to creators and to readers, listeners and viewers. If copyright incentives actually work the way that they are said to, that change would encourage authors to create more works, and encourage readers, listeners and viewers to enjoy more works (or enjoy works more), while encouraging copyright owners to lobby and litigate less. That seems like a win-win solution."
John Kennedy, on the other hand, laments "terrible losses from internet piracy" the music industry has suffered ("a market down from US$40 billion in 1999 to US$28 billion today") and "the impossible task of competing with free."

Professor Urban eloquently makes the case that copyright terms are excessive.

Tuesday, May 12, 2009

Lessig on continuing the work of Code

I haven't done a Lessig post in a while but would recommend his latest essay.

I wrote Code to explain an academic insight. Writing Code launched me on an activist project.

The insight was a reminder (for as I said in the book, of course the point had been made throughout history): More than law regulates. And that if we find ourselves in a particularly happy moment — when the liberty and prosperity of the time make us wish that things as they are might always be — we need to remember that it’s not just law that can muck things up. John Stuart Mill was not just worried about Parliament in On Liberty. He was more worried about British norms that stifled dissent. Stanford Professor — and Reagan’s Assistant Attorney General for Antitrust — William Baxter was not just worried about backward regulation at the FCC. When he launched his effort to break up AT&T, he was also worried about market power that was stifling competition in telecommunications. French revolutionaries in the mid-19th century were not just worried about stupid edicts from a failing emperor — indeed, they thrived on such silliness. What worried them more was that Napoleon III had rebuilt Paris with wide boulevards and multiple passages, making it very difficult for them to bring the city to a standstill. What each of these actors recognized was the first point of Code: Again, that more than law regulates.

That point led to a second: That if we’re to preserve a state of liberty, we need to worry about much more than bad law. No doubt, laws might be changed to take away a liberty (think: the USA-PATRIOT Act). But so too, norms might change to make dissent costly (think: the Dixie Chicks). Markets could become concentrated, reducing the opportunity for innovation (think about the extraordinary re-concentration in telecom access to the Internet). And architecture, or “code” could change, to take away a freedom that too many had taken for granted (think: do you really know who knows what about where you go on the Internet?).

Point two then led to a final point three: That for the Internet, we (circa 1999) were paying plenty of attention to changes in law. We were not paying enough attention to changes in code. And indeed, for obvious reasons, those who controlled much of the code (what I unhelpfully called “commerce”) circa 1999 had plenty of reasons to change that code in ways that better enabled their own control, and as a byproduct (whether intended or not), control by the government. As I wrote, “Commerce, like government, fares better in a well-regulated world. Commerce would, whether directly or indirectly, help supply resources to build a well-regulated world.” (p. xiii)"

Entertainment industry's latest PR push for 3 strikes

The BBC has been giving the entertainment industry's latest PR drive for 3 strikes legislation a lot of free airtime and webspace today.

I would simply refer the honourable ladies and gentlemen to Lilian Edwards who has pointed out in great detail why a 3 strikes approach to tackling copyright infringement on the Net is inappropriate from all kinds of legal perspectives. As Lilian also said at the OII's Musicians, fans and online copyright event at LSE last spring (and as I paraphrased at the time):
"If we withdraw access to the Net from a large number of people in the UK (and 6 million plus are considered to be engaged in copyright infringement via the Net in the UK alone), should such withdrawal be by a closed industry procedure? Practical considerations mean that for the scheme to be workable on the part of the ISPs it would have to be automated and internal to the ISPs. No impartial process or judge would be overseeing it (as is happening in the French case). But we have to realise that ISPs are not Net police but service providers. They are not set up for policing. In court copyright infringement would have to be increased to the standard of a criminal infringement because withdrawal of access to the Internet feels very much like a criminal sanction.

In addition there is a presumption of guilt not innocence. The person linked to the IP address identified as an alleged source of infringement is automatically assumed to be guilty and has the burden of proving their innocence. There are a large number of ways that people might be wrongly accused - there are a lot of reasons why the person linked to the IP address - i.e. the formal ISP subscriber - might not be the infringer. It could be other family members or their friends or others accessing open wireless access points (wifi piggybacking), or trojans enabling remote control of that machine.

There should be an absolute commitment to starting with a presumption of innocence rather than a presumption of guilt by an industry with an economic stake in an outcome whereby someone is held responsible.

Will legal access be available to the accused? Or does someone have to be cut off first? Article 6.1 of the European Convention on Human Rights (ECHR) and every substantive international human rights instrument guarantees the right to due process. Is access to the Net itself a basic human right? Article 36 of the ECHR would suggest so or at least it is very close. The French scheme is better than an unmediated scheme since it allows for the access to an independent tribunal with the oversight of a judge.

Even if we could overcome these problems, there is a serious legal question about whether a 3 strikes law is a proportionate response to the specific problem. According to the recent Promusicae case in the European Court of Justice the rights of the music labels to protect their copyrights must be balanced with the basic human rights of users of the Net. Having access to the Net is now a basic part of nearly everyone's life in the developed world and it relates to basic rights to
  • free expression
  • freedom of association
  • education
  • and employment
and the ECHR and every other serious international charter of rights says that if a law is not proportionate it is not legal. As Lilian said in the immediate aftermath of the Promusicae decision:
"the Court finally held that, turning to fundamental rights in the EC Charter, if the fundamental rights to property, and to privacy (which appear therein, as well as in the ECHR) appear to come into conflict when EC Directived are implemented in national laws , well, then , IP does not take precedence over privacy (or vice versa): instead, national courts must "make sure that they do not rely on an interpretation of [national laws] which which would be in conflict with these rights." (para 68) Put it plainly: IP rights do not trump DP rights, says the ECJ.

In other words also - my interpretation purely, now - although the ECJ have not said that laws requiring automatic disclosure of personal data to rights holders to protect IP rights would be illegal under the PECD, a serious warning has been issued to national legislatures not to be pushed into passing such laws, without considering first if rights of protection of personal data are being taken properly into account."
In other words, even with the legitimate aim of defending or protecting copyrights, the ECJ clearly instructed member state governments that they are not to endanger human rights or proportionality. Lilian actually thinks that this part of the decision was a clear dicta from the court aimed directly at the kind of 3 strikes notice and disconnect schemes the French have implemented and others are considering."

Monday, May 11, 2009

Looking for terrorists? Try brain scans.

The latest terrorist detection idea, according to one Guardian journalist, is routine brain scanning...
"Distinctive brain patterns could become the latest subject of biometric scanning after EU researchers successfully tested technology to verify ­identities for security checks.

The experiments, which also examined the potential of heart rhythms to authenticate individuals, were conducted under an EU-funded inquiry into biometric systems that could be deployed at airports, borders and in sensitive locations to screen out terrorist suspects."

He's been reading about the EU-funded Humabio Project in Greece. From what I can tell from the Humabio newsletter the "EEG and ECG physiological measures" were tested on 15 volunteers in the Lab Innovation Centre (LIC) of Fraunhofer IAO and Fraunhofer IGB in Stuttgart, in Germany. The volunteers rated the brain scanning as an "acceptable" but slow authentication technique compared to other existing security checks.

Overlooking the massive discontinuity that what has been loosely tested as an authentication device is being proposed as an identification device* I can just hear the security announcements at airports now:
"Could all passengers ensure that all liquids, keys, electronic and metallic items are placed in a transparent plastic bag; in addition we ask that all passengers remove coats, jackets and shoes for passing through the X-ray machine; finally we would also ask you to remove all headgear so we can fit the scanner to scan for terrorist brain waves;

Passengers failing to remove headgear and cooperate with the brain scanning process will automatically be detained as suspected terrorists. Please be assured we operate an equal opportunities scanning policy - no excuses for anyone regardless of religion, age, gender, race, disability, sex or sexual orientation - you will be detained if you refuse to cooperate.

Would all passengers travelling with young children please ensure babies are removed from pushchairs and older children are kept calm for the fitting of the cranial apparatus and their brain scans; over-active, anxious or insufficiently controlled children do upset the calibration of the scanner and will, therefore, be subject to extra security screening and may be detained for more detailed questioning. This has been known to result in passengers failing to reach their departure gates on time and consequently missing their flights. The airport authority can accept no liability for missed flights."
Not, of course, that this will stop some politician buying into the notion faster than Bruce Schneier can cough: "security theatre".

*Technically speaking authentication is an easier thing to do than identification. Authentication (assuming we’re not trying to do it remotely) with biometrics merely asks whether a biometric belongs to the person presenting themselves for authentication. It compares their proffered biometric with the one on file under their name and determines whether there is a match.

Identification is much harder to do and is what all these security theatre systems at airports or busy shopping areas or sports stadiums attempt to do – measure the biometrics of everyone passing through and attempt to check whether there is a match with a large (and not necessarily particularly reliable) database of biometrics.

The difference appears pedantic but is very important. In the authentication case one biometric is checked against one specific biometric on the database. In the identification case, millions of biometrics are checked against millions (potentially) of biometrics on the database. Even with highly reliable technologies – say 99.9% accurate and none of the modern systems approach that yet – these millions of checks searching for matching pairs generate huge numbers of false positives (innocents flagged as malcontents) and dangerous levels of false negatives (real bad guys flagged as innocents and it only takes one to get through to cause serious security problems). The police and security services then spend so much time, energy and resources dealing with innocent people they don’t have the time to deal with the real criminals.

The standard probability of getting DNA match is often cited as 1 in 13 billion. But more than a 100 felons in an Arizona database of 65000 were found to have DNA samples with a significant degree of similarity. That's a 1 in 2000 chance of a match not 1 in 13 billion. This does not mean that DNA is not unique. Nor does it negate DNA profiling and matching as a very useful crime prevention and detection technique when used appropriately. But the numbers are counter-intuitive and turn out to have a similar explanation to the matching birthdays in a class of 30 sum used in introductory probability theory - the number of pairs checked turns out to be significantly more than people intuitively think. { For the mathematically inclined the birthday problem works as follows: the probability two people don't share a birthday is 364/365; the probability 3 people don't share a birthday, under that rule of conditional probabilities, is (
364/365)x(363/365); the probability that 30 people don't share a birthday is (364/365)x(363/365)x...x(336/365) which works out at approximately 3/10. So the probability 2 people in a room of 30 do share a birthday is 7/10 or 0.7 or 70%.}

Apologies folks - I hadn't intended to invest quite so much energy in a short Guardian report but it tripped over some issues I'd been discussing with colleagues in a course writing session recently.

Is Google too big to infringe copyright?

Robert Kunstadt, an IP trial attorney in New York, is formally opposing the Google Book settlement. He briefly explains why here.
"Nimmer used to say "Ownership of a physical object [a book] is not ownership of the copyright in it." That is Copyright Law 101. But Google thought, "We can." The author's fundamental right is to control his or her work. Google's verbatim reproduction of scanned pages exceeds all bounds of "fair use" by abstracts or summaries. That the entire work is not reproduced is an aggravation, not a mitigation, since it violates the author's moral right under the Berne Convention to bar truncation of the work...

Authors should not be forced to comply with the proposed settlement's nonstatutory formalities to protect the author's rights. The author need only comply with U.S. copyright law. The parties may not amend the copyright law, creating an ad hoc alternative regime. The copyright law needs to be enforced, the settlement rejected and Google's willful infringement enjoined. Google, as a willful actor for profit, is punishable for copyright infringement the same as any software-pirating street peddler. To overcome the public perception that infringers are "Robin Hood" benefactors, IP law needs to be applied even-handedly to litigants large and small so that the public will see it in their own interest to support IP enforcement.

Google pursued its copying project in calculated disregard of authors' rights. Its business plan was: "So, sue me." To approve the proposed settlement would vindicate Google's street ethics: that the law is whatever you can grab and get away with. Google's added twist—its update on the Dickensian street pickpocket—is that if you take very little property from very many people, with a technological efficiency unimaginable to Fagin, you have some real money.

The settlement would reward Google's massive unauthorized online reproduction of copyrighted works, by making Google a "shadow copyright office" with a revenue percentage—unlike the real Copyright Office, which collects a flat fee.

Google took from the authors first—and belatedly now seeks to legitimize its misconduct by this settlement."