John Dean, White House legal counsel under Nixon, thinks the "The Bush/Cheney presidency has been pushing the nation toward an atrocity unmatched in the annals of American infamy and ignominy" in their efforts to change US law to permit the torture of terrorist suspects. Senator John McCain, a one of George Bush's rivals for the republican presidential nomination in 1999, and a victim of 5 years of torture during his military service in Vietnam, has been instrumental in blocking the plans.
Dean, author of Worse Than Watergate: The Secret Presidency of George W. Bush is not exactly known as a fan of the current presidential administration .
Pages
▼
Friday, December 16, 2005
New New Jersey law on child abuse
On the question of offering protection for vulnerable children, the New Jersy Assembly have taken a different approach to the UK government, which is building a database on all children. The assembly, according to Larry Lessig, are passing a law to remove immunity from negligence in hiring in all cases involving abuse. This law provides those hiring people to work with children an incentive to do comprehensive checks to ensure those people are suitable to do so. Placing the responsibity and the resources in the hands of those organisations who can and actually do support vulnerable kids makes sense. Does spending money, which could otherwise be put into front line services, on a huge database make similar sense?
Schneier on EU data retention and music industry
Schneier also has a comment on the music industry's attempts to get the scope of the data retention directive expanded:
"The European music industry is lobbying the European Parliament,
demanding things that the RIAA can only dream about. They want
anti-terror laws to apply to music downloaders, too.
Our society definitely needs a serious conversation about the
fundamental freedoms we are sacrificing in a misguided attempt to keep
us safe from terrorism. It feels both surreal and sickening to have to
defend our fundamental freedoms against those who want to stop people
from sharing music. How is it possible that we can contemplate so much
damage to our society simply to protect the business model of a handful
of companies?"
Good question.
"The European music industry is lobbying the European Parliament,
demanding things that the RIAA can only dream about. They want
anti-terror laws to apply to music downloaders, too.
Our society definitely needs a serious conversation about the
fundamental freedoms we are sacrificing in a misguided attempt to keep
us safe from terrorism. It feels both surreal and sickening to have to
defend our fundamental freedoms against those who want to stop people
from sharing music. How is it possible that we can contemplate so much
damage to our society simply to protect the business model of a handful
of companies?"
Good question.
Airline security a waste of money
Bruce Schneier has a terrific piece on airline security in his latest crypto-gram.
"Since 9/11, our nation has been obsessed with air-travel security. Terrorist attacks from the air have been the threat that looms largest in Americans' minds. As a result, we've wasted millions on misguided programs to separate the regular travelers from the suspected terrorists -- money that could have been spent to actually make us safer.
Consider CAPPS and its replacement, Secure Flight. These are programs to check travelers against the 30,000 to 40,000 names on the government's No-Fly list, and another 30,000 to 40,000 on its Selectee list.
They're bizarre lists: people -- names and aliases -- who are too dangerous to be allowed to fly under any circumstance, yet so innocent that they cannot be arrested, even under the draconian provisions of the Patriot Act. The Selectee list contains an equal number of travelers who must be searched extensively before they're allowed to fly. Who are these people, anyway?
The truth is, nobody knows. The lists come from the Terrorist Screening Database, a hodgepodge compiled in haste from a variety of sources, with no clear rules about who should be on it or how to get off it. The government is trying to clean up the lists, but -- garbage in, garbage out -- it's not having much success.
The program has been a complete failure...
I know quite a lot about this. I was a member of the government's Secure Flight Working Group on Privacy and Security. We looked at the TSA's program for matching airplane passengers with the terrorist watch list, and found a complete mess: poorly defined goals, incoherent design criteria, no clear system architecture, inadequate testing. (Our report was on the TSA website, but has recently been removed -- "refreshed" is the word the organization used -- and replaced with an "executive summary" (.doc) that contains none of the report's findings. The TSA did retain two (.doc) rebuttals (.doc), which read like products of the same outline and dismiss our findings by saying that we didn't have access to the requisite information.) Our conclusions match those in two (.pdf) reports (.pdf) by the Government Accountability Office and one (.pdf) by the DHS inspector general...
These programs are based on the dangerous myth that terrorists match a particular profile and that we can somehow pick terrorists out of a crowd if we only can identify everyone. That's simply not true."
If we take the billions we're spending on crazy programs like ID cards, children's databases, passenger screening programs like Secure Flight, passenger data disclosure between the EU and US, and spent them on more better trained police, child support professionals and intelligence officers and the resources they need to carry out effective intelligence gathering, investigation and action to prevent and respond to criminal acts, we'd be a lot better off. Even when governments are told by their own experts that these big technology schemes are worse than useless, they still press ahead not only ignoring reality but actively covering up. What you have here is what Diane Vaughan would call the "normalisation of deviance." Government evolves to a state where the process of ignoring or covering up inconvenient evidence is normalised, everyone must stay "on message" no matter how warped that message might be and we end up with vast unwieldy messes like the UK's coming ID card system or the EU database directive.
"Since 9/11, our nation has been obsessed with air-travel security. Terrorist attacks from the air have been the threat that looms largest in Americans' minds. As a result, we've wasted millions on misguided programs to separate the regular travelers from the suspected terrorists -- money that could have been spent to actually make us safer.
Consider CAPPS and its replacement, Secure Flight. These are programs to check travelers against the 30,000 to 40,000 names on the government's No-Fly list, and another 30,000 to 40,000 on its Selectee list.
They're bizarre lists: people -- names and aliases -- who are too dangerous to be allowed to fly under any circumstance, yet so innocent that they cannot be arrested, even under the draconian provisions of the Patriot Act. The Selectee list contains an equal number of travelers who must be searched extensively before they're allowed to fly. Who are these people, anyway?
The truth is, nobody knows. The lists come from the Terrorist Screening Database, a hodgepodge compiled in haste from a variety of sources, with no clear rules about who should be on it or how to get off it. The government is trying to clean up the lists, but -- garbage in, garbage out -- it's not having much success.
The program has been a complete failure...
I know quite a lot about this. I was a member of the government's Secure Flight Working Group on Privacy and Security. We looked at the TSA's program for matching airplane passengers with the terrorist watch list, and found a complete mess: poorly defined goals, incoherent design criteria, no clear system architecture, inadequate testing. (Our report was on the TSA website, but has recently been removed -- "refreshed" is the word the organization used -- and replaced with an "executive summary" (.doc) that contains none of the report's findings. The TSA did retain two (.doc) rebuttals (.doc), which read like products of the same outline and dismiss our findings by saying that we didn't have access to the requisite information.) Our conclusions match those in two (.pdf) reports (.pdf) by the Government Accountability Office and one (.pdf) by the DHS inspector general...
These programs are based on the dangerous myth that terrorists match a particular profile and that we can somehow pick terrorists out of a crowd if we only can identify everyone. That's simply not true."
If we take the billions we're spending on crazy programs like ID cards, children's databases, passenger screening programs like Secure Flight, passenger data disclosure between the EU and US, and spent them on more better trained police, child support professionals and intelligence officers and the resources they need to carry out effective intelligence gathering, investigation and action to prevent and respond to criminal acts, we'd be a lot better off. Even when governments are told by their own experts that these big technology schemes are worse than useless, they still press ahead not only ignoring reality but actively covering up. What you have here is what Diane Vaughan would call the "normalisation of deviance." Government evolves to a state where the process of ignoring or covering up inconvenient evidence is normalised, everyone must stay "on message" no matter how warped that message might be and we end up with vast unwieldy messes like the UK's coming ID card system or the EU database directive.
Thursday, December 15, 2005
New Consumer Digital Rights campaign
A new European Consumers Digital Rights campaign has been launched. They have a list of six generic rights,
Right to choice, knowledge and cultural diversitywhich they urge policymakers to respect.
Right to the principle of “technical neutrality” – defend and maintain consumer rights in the digital environment
Right to benefit from technological innovations without abusive restrictions
Right to interoperability of content and devices
Right to the protection of privacy
Right not to be criminalised
WIkipedia close to Brittanica for reliability
A study by Nature suggests that Wikipedia comes very close to Encyclopedia Britanica in accuracy.
Kazaa owners may face jail in Australia
In the spirit of the season that's in it, the music industry in Australia have made an application to a federal court to have Kazaa owners declared in contempt of that court's order to implement software filters. Representatives of Sharman Networks, which owns Kazaa, say they have implemented the filters and succeeded in preventing most Australians from downloading copyrighted music using their software. The music companies are annoyed that the filters do not apparently apply outside Australia.
The judge said "Contempt proceedings are fairly rare in this court and I've never yet sent anyone to jail. I've threatened to a few times, but there's always a first I suppose."
The judge said "Contempt proceedings are fairly rare in this court and I've never yet sent anyone to jail. I've threatened to a few times, but there's always a first I suppose."
Ireland to contest data retention directive
It looks as though Ireland is going to challenge the the EU parliament's passing of the data retention directive. It will apparently be done on procedural grounds and to defend the principle of Ireland's autonomy on justice matters.
The Commission's lawyers have already pointed out that the process has no legal basis so there is a good chance that such action on the part of the Irish government will be successful, if it is pursued to a natural conclusion in the European Court of Justice (ECJ). This all takes time, though.
The data retention vote seems, thus far, to have bypassed the attention of most of the mainstream media outlets in the UK, apart from the Guardian.
The Commission's lawyers have already pointed out that the process has no legal basis so there is a good chance that such action on the part of the Irish government will be successful, if it is pursued to a natural conclusion in the European Court of Justice (ECJ). This all takes time, though.
The data retention vote seems, thus far, to have bypassed the attention of most of the mainstream media outlets in the UK, apart from the Guardian.
Wednesday, December 14, 2005
News outlets pick up data retention decision
The news outlets are now picking up the data retention decision.
Nearly 60000 people have signed a petition against this proposal. Member government parliaments have refused to ratify similar proposals at national level. The EU parliament has rejected an almost identical proposal in the past. European data protection commissioners have severely criticised the proposal. Commission lawyers have declared it to be illegal. The telecommunications and internet services industries have severely criticised the proposal. Civil liberties groups have been apoplectic about it.
Yet a small group of politicians and officials can do a deal behind closed doors and a majority of MEPs vote it through on the nod. Ralf Bendrath of the European Digital Right Initiative has this to day about it:
"Very bad news from Europe.
The European Parliament this morning voted in favour of a backroom deal
that had been made between the two big parties in Brussels and the Council
of Ministers, currently chaired by the UK. The deal completely ignored the
amendmends proposed by the Parliament's Rapporteur and by the Justice and
Civil Liberties Committee that was (well - officialy) in charge of the
process. After a hot debate and a number of signs of cracks in the party
blocks, a majority of 378 parliamentarians voted in favour of mandatory
retention of telecommunications data, 197 against, 30 abstained.
This is in short what we will get now:
- retention of telephone and internet connection data (including email
addresses) and location data for mobile phone calls
- no harmonisation of the retention period (6 to 24 months but longer is
allowed: Poland wants 15 years)
- no harmonisation of cost reimbursement for the needed investments on the
providers' side
- no limitation to certain types of crimes for which access is allowed
- retention of unsuccessful call attempts
- no independent evaluation
- no extra privacy safeguards
- follow-up committee without representation from civil rights organisations
Civil liberties organizations, consumers organizations and all the telco
industry associations as well as journalists associations had been
fighting like hell against this major and unprecedented surveillance plan
until the last minute. We did not win (the outcome is in fact the worst
possible, exactly what the UK home affairs minister Clarke wanted), but we
at least raised a lot of awareness and disturbed the conservative and
social-democrat party lines. But the UK council presidency had pushed so
hard after the London bombings that this directive will enter the EU
history as the one which took the shortest time ever from the first
Commission draft to the final vote (less than three months - normally they
need years).
The next steps will be the adoption by the Council of Ministers (before
christmas) and then the implementation process into national laws. There
will be challenges to this plan before the constitutional courts. I am
pretty sure that the German constitutional court will not like it, as it
recently had ruled unconstitutional a major eavesdropping plan on phone
calls - and that one was only directed at suspicious persons, whereas the
EU directive applies to every single communication of all 450 Million
inhabitants of the EU.
More information, including recordings of the EP debate, is available at
http://wiki.dataretentionisnosolution.com/."
Nearly 60000 people have signed a petition against this proposal. Member government parliaments have refused to ratify similar proposals at national level. The EU parliament has rejected an almost identical proposal in the past. European data protection commissioners have severely criticised the proposal. Commission lawyers have declared it to be illegal. The telecommunications and internet services industries have severely criticised the proposal. Civil liberties groups have been apoplectic about it.
Yet a small group of politicians and officials can do a deal behind closed doors and a majority of MEPs vote it through on the nod. Ralf Bendrath of the European Digital Right Initiative has this to day about it:
"Very bad news from Europe.
The European Parliament this morning voted in favour of a backroom deal
that had been made between the two big parties in Brussels and the Council
of Ministers, currently chaired by the UK. The deal completely ignored the
amendmends proposed by the Parliament's Rapporteur and by the Justice and
Civil Liberties Committee that was (well - officialy) in charge of the
process. After a hot debate and a number of signs of cracks in the party
blocks, a majority of 378 parliamentarians voted in favour of mandatory
retention of telecommunications data, 197 against, 30 abstained.
This is in short what we will get now:
- retention of telephone and internet connection data (including email
addresses) and location data for mobile phone calls
- no harmonisation of the retention period (6 to 24 months but longer is
allowed: Poland wants 15 years)
- no harmonisation of cost reimbursement for the needed investments on the
providers' side
- no limitation to certain types of crimes for which access is allowed
- retention of unsuccessful call attempts
- no independent evaluation
- no extra privacy safeguards
- follow-up committee without representation from civil rights organisations
Civil liberties organizations, consumers organizations and all the telco
industry associations as well as journalists associations had been
fighting like hell against this major and unprecedented surveillance plan
until the last minute. We did not win (the outcome is in fact the worst
possible, exactly what the UK home affairs minister Clarke wanted), but we
at least raised a lot of awareness and disturbed the conservative and
social-democrat party lines. But the UK council presidency had pushed so
hard after the London bombings that this directive will enter the EU
history as the one which took the shortest time ever from the first
Commission draft to the final vote (less than three months - normally they
need years).
The next steps will be the adoption by the Council of Ministers (before
christmas) and then the implementation process into national laws. There
will be challenges to this plan before the constitutional courts. I am
pretty sure that the German constitutional court will not like it, as it
recently had ruled unconstitutional a major eavesdropping plan on phone
calls - and that one was only directed at suspicious persons, whereas the
EU directive applies to every single communication of all 450 Million
inhabitants of the EU.
More information, including recordings of the EP debate, is available at
http://wiki.dataretentionisnosolution.com/."
EU parliament vote for data retention
The EU parliament have voted for the data retention directive.
"Results of votes at plenary session on Wednesday 14 December
A list of the reports put to the vote in the European Parliament on Wednesday 14 December. More detailed analyses of votes will soon be available from Parliament's Press Service website
Results of votes on Wednesday 14 December
Data retention
Directive of the European Parliament and of the Council on the retention of data processed in connection with the provision of public electronic communication services and amending Directive 2002/58/EC
(A6-0365/2005)
Rapporteur: Alexander Nuno Alvaro (ALDE, DE)
Parliament adopted a package of compromise amendments after agreement had been reached with the Council. The amendments were approved by 387 votes in favour to 204 against with 29. The final resolution was adopted by 378 votes in favour to 197 against with 30 abstentions."
I haven't noticed any of the major news sites picking this up yet.
"Results of votes at plenary session on Wednesday 14 December
A list of the reports put to the vote in the European Parliament on Wednesday 14 December. More detailed analyses of votes will soon be available from Parliament's Press Service website
Results of votes on Wednesday 14 December
Data retention
Directive of the European Parliament and of the Council on the retention of data processed in connection with the provision of public electronic communication services and amending Directive 2002/58/EC
(A6-0365/2005)
Rapporteur: Alexander Nuno Alvaro (ALDE, DE)
Parliament adopted a package of compromise amendments after agreement had been reached with the Council. The amendments were approved by 387 votes in favour to 204 against with 29. The final resolution was adopted by 378 votes in favour to 197 against with 30 abstentions."
I haven't noticed any of the major news sites picking this up yet.
Lyrics Browsers, iTunes and Copyright Law
From the EFF: Lyrics Browsers, iTunes and Copyright Law
"When I buy a CD, I look forward to having the lyrics printed in the liner notes. That's part of what I expect in exchange for my money. If the record label omits the lyrics, I feel I'm entirely within my fair use rights to listen closely to the recording and copy down the lyrics. Similarly, I'm within my fair use rights when I use a search engine to find the lyrics of the music I've legitimately purchased. And thanks to Apple's iTunes software, I now can add those lyrics to the digital copies of the music I've purchased and have them appear when the song plays on my iPod.
Apparently, at least one music publisher thinks that makes me a music pirate. Yes, annotating music I've legitimately purchased with lyrics makes me a pirate, according to music publishing giant Warner/Chappell.
Warner/Chappell sent a cease & desist letter last week to the developer of pearLyrics, a piece of software that automates the process of adding lyrics to iTunes tracks. (For more details, see the MacWorld review.)"
"When I buy a CD, I look forward to having the lyrics printed in the liner notes. That's part of what I expect in exchange for my money. If the record label omits the lyrics, I feel I'm entirely within my fair use rights to listen closely to the recording and copy down the lyrics. Similarly, I'm within my fair use rights when I use a search engine to find the lyrics of the music I've legitimately purchased. And thanks to Apple's iTunes software, I now can add those lyrics to the digital copies of the music I've purchased and have them appear when the song plays on my iPod.
Apparently, at least one music publisher thinks that makes me a music pirate. Yes, annotating music I've legitimately purchased with lyrics makes me a pirate, according to music publishing giant Warner/Chappell.
Warner/Chappell sent a cease & desist letter last week to the developer of pearLyrics, a piece of software that automates the process of adding lyrics to iTunes tracks. (For more details, see the MacWorld review.)"
The best science that money can buy
David Bollier recounts the lack of trust of medical friends and acquaintances in medical journals which they believe have been compromised by the financial support of the large pharmaceutical companies; and draws on a Wall Street Journal article for support.
"Reporter Anna Wilde Mathews writes:
"Reporter Anna Wilde Mathews writes:
Many of the articles that appear in scientific journals under the bylines of prominent academics are actually written by ghostwriters in the pay of drug companies. These seemingly objective articles, which doctors around the world use to guide their care of patients, are often part of a marketing campaign by companies to promote a product or play up the condition it treats.The article goes on to describe how ghostwriters are frequently hired to write articles that academics are invited to publish under their own names. It’s a sweet scam. Academics get to pad their publishing resumes. Medical journals get well-written articles by big-name scientists. And the drug companies get to exploit the credibility and independence of academic science for a relative pittance."
Monday, December 12, 2005
Latest excuse... er reason for ID cards
The government's latest excuse for the ID cards scheme is that it wil cure online fraud, says John Lettice.
Canada may develop Patriot act shield
The federal government in Canada have, if this report is to be believed, have developed a plan that "would allow government departments to immediately cancel a contract with an American firm if it hands personal information about Canadians to U.S. anti-terrorism investigators" under the requirements of the PATRIOT Act. That's a fairly bold step on the part of the Canadians to take a stand against the PATRIOT act but where does it leave the companies that get stuck in the middle? As soon as they get served with a request for data by US authorities they break the law whichever way they turn.
Thanks to Michael Geist for the link.
Thanks to Michael Geist for the link.
ID cards for children by the back door
The Children Act of 2004 is back in the news with the announcement that the database to log the details of every child in the UK will cost £224 million plus another £41 million a year to operate. The Conservative party spokesman on the issue said:
"The government's nanny-state approach will do nothing to safeguard the children most at risk. We should be concentrating on the most vulnerable children who are on child protection registers, in care or in homes with a record of domestic violence.
We opposed this clause when it was proposed in the Children's Act 2004. It is bureaucratic nonsense and ID cards for children by the back door."
What's somewhat remarkable is that this law sailed through without the opposition that the ID card proposal has been facing. It suffers many of the same problems as the ID card system but just acts as another indicator of how difficult it is to politically oppose a plan with the stated aim of improving child protection, no matter how badly the actual details of the plan might, in practice, undermine that aim. The time that already stretched child care workers, police, NHS and others will have to put into bureaucratic processing of details of the vast majority of children who are not at risk, will take away from the already limited time and resources they have to work with the really vulnerable.
Remember Schneier's questions:
What problem are you trying to solve?
Protecting children.
How well does your solution solve the problem?
If there is joined up information and communications in the case of victims and tracking those who have abused children it may make a contribution to filling the holes that might have prevented some of the tragic cases we've seen in recent years. I'm not exactly sure that a central database of the type planned will necessarily do this, given the vast array of computing systems the various branches of public services engaged in child protection actually have.
How can the system fail naturally and how can it be made to fail by someone with malign intent?
Big databases have errors. People working with the system will make mistakes. A large number of people need access to the database so it will not be secure - it only takes a small number of malign actors internal or external to compromise a large database of this sort.
What other problems does it cause?
Scarce time and resources are lost in processing details and cases of children who are not at risk. False positive and false negative errors could have serious consequences.
How much does it cost?
£224 million plus £41 million per annum apparently.
Is it worth it?
Well could these resources be more effectively invested and targetted at frontline child protection services?
Setting up a system to assume every child is a victim is similar to setting up a system to assume every citizen is a terrorist. Neither will actively tackle the serious problems to which they are allegedly addressed and may very well end up compounding them.
"The government's nanny-state approach will do nothing to safeguard the children most at risk. We should be concentrating on the most vulnerable children who are on child protection registers, in care or in homes with a record of domestic violence.
We opposed this clause when it was proposed in the Children's Act 2004. It is bureaucratic nonsense and ID cards for children by the back door."
What's somewhat remarkable is that this law sailed through without the opposition that the ID card proposal has been facing. It suffers many of the same problems as the ID card system but just acts as another indicator of how difficult it is to politically oppose a plan with the stated aim of improving child protection, no matter how badly the actual details of the plan might, in practice, undermine that aim. The time that already stretched child care workers, police, NHS and others will have to put into bureaucratic processing of details of the vast majority of children who are not at risk, will take away from the already limited time and resources they have to work with the really vulnerable.
Remember Schneier's questions:
What problem are you trying to solve?
Protecting children.
How well does your solution solve the problem?
If there is joined up information and communications in the case of victims and tracking those who have abused children it may make a contribution to filling the holes that might have prevented some of the tragic cases we've seen in recent years. I'm not exactly sure that a central database of the type planned will necessarily do this, given the vast array of computing systems the various branches of public services engaged in child protection actually have.
How can the system fail naturally and how can it be made to fail by someone with malign intent?
Big databases have errors. People working with the system will make mistakes. A large number of people need access to the database so it will not be secure - it only takes a small number of malign actors internal or external to compromise a large database of this sort.
What other problems does it cause?
Scarce time and resources are lost in processing details and cases of children who are not at risk. False positive and false negative errors could have serious consequences.
How much does it cost?
£224 million plus £41 million per annum apparently.
Is it worth it?
Well could these resources be more effectively invested and targetted at frontline child protection services?
Setting up a system to assume every child is a victim is similar to setting up a system to assume every citizen is a terrorist. Neither will actively tackle the serious problems to which they are allegedly addressed and may very well end up compounding them.