Friday, April 02, 2004

Mr Blair has decided to fast track David Blunkett's national ID card system to try and distract people from the immigration fiasco that has prompted Home Office (in charge of immigration) minister Beverly Hughes' resignation.

John Lettice at the Register has a nice dissection of this as a complete sham. His concluding paragraphs are absolutely damning:

" Now, here is the problem as best as can be established at the moment. The
size of the backlog of immigration cases (both asylum and general) has been a
major issue for the current government, and Hughes (who reported to David
Blunkett at the Home Office) was presiding over the acceleration of the
processing of applications. It appears that in at least some areas this
acceleration process resulted in the systematic rubber-stamping of
applications. Cases from Bulgaria and Rumania have been cited where forged
documents were approved, and where pro forma business plans were sold to
applicants fraudulently applying under a programme designed to bring in
self-sustaining business startups. Allegedly, the UK authorities were alerted to
these fraudulent applications and to their rubber stamping, and Hughes herself
had the matter drawn to her attention last year by one of her own ministers.

So friends, what do we have here? If we had ID cards, what would have been
happening? At the same time as Blunkett's Home Office has been thumping
the ID card tub on the basis of its efficacy against crime, terrorism and illegal
immigration, that very same Home Office has known as a matter of record
(this is not, we accept, the same as actually knowing or even noticing) that it's
been granting immigrant status to people who are not going to perform in
accordance with what it says on the tin they just bought. Granted they're a lot
more likely to be one-legged Bulgarian plumbers who don't know anything
about plumbing than terrorists, but still... Their application rubber-stamped,
under the future system they would then have been issued with ID cards, and
would have happily acquired a perfectly legitimate UK identity on the basis of
whatever it was they'd chosen to fill in. Moral: the Home Office might be best
advised to sort out the loopholes and system failures it already has before
introducing new ones to fix. "

Thursday, April 01, 2004

The European Parliament have rejected Commissioner Bolkestein's deal with the US to share airline passenger data for use in CAPPS II, because it breaches EU privacy laws. It was a close vote 229 to 202 but the resolution suggested they'd go to the European Court of Justice on the matter if necessary.
The copyright bills are coming out of Congress thick and fast. The latest is the "Piracy Deterrence and Education Act" (PDEA) according to Declan. More of the usual, this time pressurising the FBI to chase the copyright infringers. I guess it's a variation on the DOJ. It's also a variation on the Author, Consumer, and Computer Owner Protection and Security Act (ACCOPS) proposed last year which was suggesting 5 year prison terms and $250 000 fines for sharing a single file.

"One part of the PDEA that did not appear in earlier bills would require the FBI to "facilitate the sharing" of information among Internet providers, copyright holders and police. "

And so the procession rolls on.
James Grimmelmann has a wicked April fools joke over at Lawmeme about the RIAA suing Google. I wonder how far that one will spread.

A Canadian judge has put a spoke in the gathering momentum of the IFPI's campaign of lawsuits against individual file sharers. He has denied the Canadian Recording Industry Association (CRIA) request to identify individuals alleged to be involved in P2P file sharing. He even declared file sharing legal in Canada, including uploading. "The mere fact of placing a copy on a shared directory in a computer where that copy can be accessed via a P2P service does not amount to distribution," he wrote. "Before it constitutes distribution, there must be a positive act by the owner of the shared directory, such as sending out the copies or advertising that they are available for copying." Expect an appeal from the CRIA probably faster than you can blink.

Wednesday, March 31, 2004

Slashdot has links to a collection of stories about the IFPI lawsuits against individuals.
There is an absolutely fascinating paper, Privacy in a Noise Society, which I've just come across on the web, by Nicklas Lundblad of the St Anna Institute in Stokholm. He puts his finger on one of the key issues relating to privacy in an information society and that is that "...anyone but not everyone can be mapped in detail...We live in a society where it is possible to chart the lives of anyone, but not the lives of everyone." Information overload and cost effectively preclude the latter.

Essential reading.
Kim Zetter at Wired has written a longish article about the dangers of e-voting. Worth a look. Wired has an archive of stories on the e-voting issue, headed up "Machine politics" which I'd suggest is a good starting point for anyone with concerns about the use of computers in elections.

Zetter's article gives an idea of the timeline of when and key folk involved in the publicising of the problems, such as Rebecca Mercuri, Bev Harris, David Allen, Avi Rubin, Yoshi Kohno, Adam Stubblefield, David Dill, David Jefferson, Nebraska Sen. Chuck Hagel (Republican) and New Jersey Rep. Rush Holt (Democrat). It's largely told from Harris' perspective.
IFPI affiliated music industry associations in Denmark, Italy, Germany and Canada have launched lawsuits against hundreds of individuals. (FWIW it's about 120 in Denmark, 30 in Italy, 29 in Canada and 68 in Germany). Look out for comments from the usual suspects.

Aaron Swartz, in parallel, has launched a wiki for annotating and editing Larry Lessig's new book, Free Culture.

Monday, March 29, 2004

Ernest Miller over the weekend has concluded that the PIRATE Act will faciltate wiretapping for civil copyright infringement.

"...having thought about the proposed law a little more, I came to an interesting realization: you can get wiretaps for federal copyright infringement investigations...

...Under a regular civil suit for copyright infringement by means of file sharing, the copyright holder can only observe that the infringing files are available for download. They can't really tell how many people have downloaded them, if any. Furthermore, copyright holders have no way of going after people who are only downloading files and not uploading them. Wiretaps to the rescue. The RIAA may not be permitted to wiretap file sharers, but the government certainly can. The RIAA must be salivating at the prospect."
The entertainment industry's latest attempt to get their representatives in Congress to pass favorable laws has produced the proposed Protecting Intellectual Rights Against Theft and Expropriation Act (PIRATE Act). (What a name). The idea this time is to save the copyright holders the trouble and expense of having to sue for copyright infringement. The responsibility for that would now be with the Department for Justice (i.e. taxpayers). As Donna says, the industry reject compulsory licences because they don't want government interference in the private sector but it's ok for the government to interfere when it involves them picking up the industry's legal costs. This is a sad joke.

James Grimmelmann at Lawmeme has a wonderfully cutting perspective on US reaction the WTO's decision to declare the US in breach of international trade rules in relation to online gambling policies. I hope he won't mind me reproducing it in full here:

'Remember why those folks in Seattle were so mad at the WTO? Well, one of the big reasons was that local laws in developing countries (on issues such as environmental protection, labor standards, and cultural values) were at risk of being struck down as "barriers to trade." Trade is trade, said the U.S., and trade comes first, and countries just need to shut up and deal.

Well, oh how the tables have turned. A WTO panel ruled on Wednesday that the U.S. ban on online gambling is an illegal trade barrier. Outraged U.S. lawmakers have already promised to appeal. Surprise, surprise, the ideology that free trade trumps restrictive local values turns out to be much less appealing when the U.S. interests are aligned with "local values" instead of "free trade." '

An international coalition of civil liberties groups, led by Privacy International and the American Civil Liberties Union (ACLU) have signed an open letter to the International Civil Aviation Organization (ICAO) on the grave dangers of vast biometric-passenger-data sharing systems. Thanks to Ian Brown at FIPR for the following extract from Privacy International's media release:

The letter, spearheaded by Privacy International and the American Civil
Liberties Union (ACLU) raises concerns about little-known plans to
imminently create international standards that will require the use of
biometrics and RFID (radio frequency) technology in all future
passports. The measures, being decided this week at a meeting of the
ICAO in Cairo, will result in a distributed international identification
database on all passport holders.

The open letter has been signed by, among others, the Electronic
Frontier Foundation, Statewatch, the UK based Foundation for Information
Policy Research, the Association for Progressive Communications and the
US based Privacy Rights Clearinghouse.

The ICAO has agreed that the initial international biometric standard
for passports will be facial mapping. Adequate memory space in newly
issued passports will be reserved for additional biometrics such as
fingerprinting at the discretion of every government. The EU is already
calling for fingerprints to be included, along with an associated
European register of all biometrics. National authorities will store and
share these vast data reserves.

The measures, supported by the US and the EU, will ultimately create an
electronic ID system on hundreds of millions of travellers. Despite
serious implications for privacy and personal security, the process is
occurring without public engagement or debate. Rather than allowing this
important issue to be decided by parliaments, governments have delegated
the setting of standards to the ICAO, a UN-level organization that is
responsible for the standardization of travel documents, passenger data
systems and air travel requirements.

The legislative drivers for the ICAO system are already in pace. The
USA-PATRIOT Act, passed by the U.S. Congress after the events of
September 2001 included the requirement that the President certify a
biometric technology standard for use in identifying aliens seeking
admission into the U.S., within two years. The schedule for its
implementation was accelerated by another piece of legislation, the
little known Enhanced Border Security and Visa Entry Reform Act 2002.
Part of this second law included seeking international co-operation with
this standard. The incentive to international co-operation was made

"By October 26, 2004, in order for a country to remain eligible for
participation in the visa waiver program its government must certify
that it has a program to issue to its nationals machine-readable
passports that are tamper-resistant and which incorporate biometric and
authentication identifiers that satisfy the standards of the
International Civil Aviation Organization (ICAO)."

These laws gave momentum to the standards that were being considered at
the ICAO by requiring visa waiver countries (which include many EU
countries, Australia, Brunei, Iceland, Japan, Monaco, New Zealand,
Norway, Singapore, and Slovenia) to implement biometrics into their
Machine-Readable Travel Documents (MRTDs), i.e. passports.

Based on projections from current passport and travel statistics,
biometric details of more than a billion people will be electronically
stored by 2015. Some of the countries sampled for this estimate are:

United States 90 million
United Kingdom 54 million
Japan 64 million
Canada 24 million
Australia 13 million
Russian Federation 50 million
Ireland 4 million
Taiwan 17 million
China 60 million

The Privacy International open letter warns:

"We are increasingly concerned that the biometric travel document
initiative is part and parcel of a larger surveillance infrastructure
monitoring the movement of individuals globally that includes
Passenger-Name Record transfers, API systems and the creation of an
intergovernmental network of interoperable electronic data systems to
facilitate access to each country's law enforcement and intelligence

Privacy International has warned of "unprecedented" security threats
that could arise from the plan because of potential access by terrorists
and organised crime. Furthermore, the biometric standard being adopted
is "fundamentally flawed" and will result in a substantial number of
passengers being falsely identified as potential terrorists or wrongly
accused of holding fraudulent passports.

Dr Gus Hosein, Senior Fellow with Privacy International, warned: "This
is a potentially perilous plan. The ICAO must go back to the drawing
board or hold itself responsible for creating the first truly global
biometric database".

"Governments may claim that they are under an international obligation
to create national databases of fingerprints and face scans but we will
soon see nations with appalling human rights records generating massive
databases, and then requiring our own fingerprints and face-scans as we

He continued: "In January 2004 when the U.S. began fingerprinting and
face-scanning foreign visitors and storing this data for over fifty
years under the US-VISIT program, many countries responded with alarm.
With the biometric passport, however, every country may have its own
surveillance system, accumulating fingerprints and face-scans and
keeping them for as long as they wish with no regard to privacy or civil