Via FIPR:
IMPORTANT MESSAGE FROM ACTION ON RIGHTS FOR CHILDREN (ARCH)
In 2004 many people responded to ARCH’s appeal for funds to mount a legal challenge to Government regulations that would enable the establishment of a children’s database under s12 of the Children Act 2004. At that time, the Government intended to press ahead quickly with the implementation of the Children’s Index.
Since the Act was passed, we have worked extremely hard to prevent the establishment of the Children’s Index, and full regulations have not yet been brought forward. Pilot projects are now under way in 12 local authorities, and the Minister for Children has indicated that a public consultation will be held over the summer, prior to placing regulations before Parliament, probably in the autumn.
The Government has shifted from its original plans for the Children’s Index, in particular dropping the idea of ‘flags of concern’, and issuing guidance to local authorities that consent should normally be sought before information is shared about children unless they are at risk of harm, which is the existing position.
Although the potential threat that the Children’s Index, and the entire network of databases, poses to children and their families remains acute, the fact that it will now be up to each local authority to develop an information-sharing protocol creates an entirely different focus for our concern. Whether or not a legal challenge to the regulations governing the Index is successful - and that possibility has now decreased substantially - local authorities are likely to develop local indices; indeed, some have already begun doing so. We have therefore decided that we need to change our strategy to monitor the situation closely at local level in order to challenge potential data protection and human rights breaches as they arise.
Given that the Government’s original intention was to go ahead within months of the passage of the Children Act 2004, the time that we have gained to raise public understanding of the Index (and other database plans) has been invaluable, and we have now been offered a major opportunity in the form of a TV documentary and a series of linked media and political activities.
This opportunity will enable us to exert substantial pressure before any regulations are placed before Parliament, which is infinitely preferable to legal action taken after the event and is far more likely to influence local authority policy. We cannot give the precise details at the moment because that could jeopardise the entire project, but will do so as soon as possible. We hope that, in the meantime, our actions so far will reassure you of our judgment, integrity and commitment.
The opportunity available has considerable cost implications. We must apply all of our available funds to it, and raise more money. We believe that it is the strongest chance we have yet had of preventing introduction of the Index while simultaneously focussing public attention on local authorities, and it would be entirely wrong to let it pass.
If you have donated towards the legal fund and believe that court action is the only strategy that you could support, you may of course reclaim your donation. If you wish to do this, please write to us at the address below, giving your name and the amount that you have donated. We will then amend our records and refund your donation. Please send an SAE if you can because currently the bulk of our quite considerable expenses comes out of volunteers’ own pockets.
We would appreciate it if any claims were made as quickly as possible so that we can be sure that we have the funds that are essential if we are to continue campaigning on children’s databases.
If, on the other hand, you would like to support us during what will undoubtedly be a crucial and challenging period, we should be extremely grateful. Please send cheques to the address below, donate via our website: http://www.arch-ed.org/donate.htm or contact us at Archrights@arch-ed.org for our bank details.
We hope that those who have supported us believe that their confidence in us so far has been justified. We will continue to do our utmost against the Children’s Index, the growing challenge of children’s databases and the expansion of child surveillance.
Terri Dowty
ARCH
62 Wallwood Road
LONDON E11 1AZ
Saturday, July 15, 2006
Friday, July 14, 2006
Voter action want evoting banned in 9 states
Activist groups including Voter Action have sued to have existing electronic voting machines banned in at least nine states due to the security problems these machines present.
Hyperlinked version of patent act and rules
David Pearce of Eric Potter Clarkson has, according to IPKat
"created a fully consolidated and hyperlinked version of the UK Patents Act and Rules. I have done this because I found it annoying and confusing the way the Act and Rules are highly intertwined but don't often actually refer to each other correctly. Also, the UK Patent Office has not chosen to go the way the EPO has with the European Patent Convention and make a properly linked version available online, but only a pdf consolidated version (useful though this is, what with all the recent changes).
Anyway, you or your colleagues may find it useful. It also may be useful for other IPKat readers, so if you want to publicise this I would be glad to distibute copies to anyone interested, and provide updates as time goes on. My hope is that it will turn into a more collaborative effort, and become even more useful".
Also via IPKat yesterday, UNESCO have issued a report (1.2M pdf) on WIPO's proposed broadcasting treaty which concludes:
"the Draft Treaty may undermine the balance between the economic interests of broadcasting and cablecasting organizations and freedom of expression values.
"created a fully consolidated and hyperlinked version of the UK Patents Act and Rules. I have done this because I found it annoying and confusing the way the Act and Rules are highly intertwined but don't often actually refer to each other correctly. Also, the UK Patent Office has not chosen to go the way the EPO has with the European Patent Convention and make a properly linked version available online, but only a pdf consolidated version (useful though this is, what with all the recent changes).
Anyway, you or your colleagues may find it useful. It also may be useful for other IPKat readers, so if you want to publicise this I would be glad to distibute copies to anyone interested, and provide updates as time goes on. My hope is that it will turn into a more collaborative effort, and become even more useful".
Also via IPKat yesterday, UNESCO have issued a report (1.2M pdf) on WIPO's proposed broadcasting treaty which concludes:
"the Draft Treaty may undermine the balance between the economic interests of broadcasting and cablecasting organizations and freedom of expression values.
EU court disapproves of Sony BMG merger
From Reuters: "A European court has annulled the European Union's approval of a 2004 merger between Sony Music and BMG in a surprise decision that could force the world's second-biggest music company to be unwound."
Markle Foundation Task Force releases third and final report.
Jeff Jonas has been sharing his wisdom on Mobilizing Information to Prevent Terrorism – Accelerating Development of a Trusted Information Sharing Environment as a member of the Markle Foundation Task Force. The task force have just released their final report (4.8M pdf) and Jonas has been speaking for the task force on technology related recommendations. Here are some of the things he had to say:
"A number of technologies are available that can be used to better connect the right people with the right information and at the same time these technologies can help enforce policy and enhance public trust.
In this report the Markle Task Force has highlighted technologies that will improve information sharing and enhance security, while facilitating greater accountability and higher levels of privacy protections...
For example, (on page 59) we call for the use of electronic directory services to enable organizations to locate relevant content in the enterprise; much in the same way one uses the card catalog at the library, as opposed to roaming the halls to find the book.
The Task Force has never called for the wholesale transfer of data between systems or agencies; rather, we have called for leaving the data with the original holder. The electronic directory services approach enables information to be discovered while avoiding large party-to-party data dumps.
This approach simply enables users to discover who has information specifically relevant to their case. Holders of the information can then grant access, based on policy, to each information request. This approach to discoverability delivers on the "need to share" goal by first answering the question "share what with who?"
Further (On page 63,) we encourage the use of data anonymization before transfer between systems wherever possible. While this reduces the risk of unintended disclosure of any transferred information being later stolen and repurposed, it also enhances overall privacy, as personally identifiable information is no longer being exchanged in a human readable form.
Notable, we prefer anonymization over encryption (when possible), the difference being encrypted data can be decrypted, whereas anonymized data can only be practically unlocked by requesting the human readable record from the original data holder. Again, information transfer is minimized.
(On page 70,) The Task Force also calls for the use of Immutable Audit Logs. This type of technology is intended to permanently record, in a tamper resistant manner, how users have used a system. Even corrupt database administrators cannot alter history.
Immutable logs can increase security, build trust among users, measure compliance with policies and guidelines, and improve transparency and the ability to conduct oversight by appropriate stakeholders.
We have repeatedly stressed in our reports that technologies and polices must be developed together. By designing systems and employing technologies with features that support and enforce policy, information sharing environment designers can help foster trust that automated systems and their users are conforming to governing laws, rules, and guidelines.
All this being said, the Task Force recognizes that technology, alone, cannot ensure that the information sharing environment is effective, secure or protective of privacy and civil liberties."
Brilliantly stated basic common sense which is sadly all too uncommon amongst policymakers when dealing with technology. C.P. Snow was right "some of the most important choices about a nation's physical health are made, or not made, by a handful of men in secret, and again in legal form, by men who normally are not able to comprehend the arguments in depth."
"A number of technologies are available that can be used to better connect the right people with the right information and at the same time these technologies can help enforce policy and enhance public trust.
In this report the Markle Task Force has highlighted technologies that will improve information sharing and enhance security, while facilitating greater accountability and higher levels of privacy protections...
For example, (on page 59) we call for the use of electronic directory services to enable organizations to locate relevant content in the enterprise; much in the same way one uses the card catalog at the library, as opposed to roaming the halls to find the book.
The Task Force has never called for the wholesale transfer of data between systems or agencies; rather, we have called for leaving the data with the original holder. The electronic directory services approach enables information to be discovered while avoiding large party-to-party data dumps.
This approach simply enables users to discover who has information specifically relevant to their case. Holders of the information can then grant access, based on policy, to each information request. This approach to discoverability delivers on the "need to share" goal by first answering the question "share what with who?"
Further (On page 63,) we encourage the use of data anonymization before transfer between systems wherever possible. While this reduces the risk of unintended disclosure of any transferred information being later stolen and repurposed, it also enhances overall privacy, as personally identifiable information is no longer being exchanged in a human readable form.
Notable, we prefer anonymization over encryption (when possible), the difference being encrypted data can be decrypted, whereas anonymized data can only be practically unlocked by requesting the human readable record from the original data holder. Again, information transfer is minimized.
(On page 70,) The Task Force also calls for the use of Immutable Audit Logs. This type of technology is intended to permanently record, in a tamper resistant manner, how users have used a system. Even corrupt database administrators cannot alter history.
Immutable logs can increase security, build trust among users, measure compliance with policies and guidelines, and improve transparency and the ability to conduct oversight by appropriate stakeholders.
We have repeatedly stressed in our reports that technologies and polices must be developed together. By designing systems and employing technologies with features that support and enforce policy, information sharing environment designers can help foster trust that automated systems and their users are conforming to governing laws, rules, and guidelines.
All this being said, the Task Force recognizes that technology, alone, cannot ensure that the information sharing environment is effective, secure or protective of privacy and civil liberties."
Brilliantly stated basic common sense which is sadly all too uncommon amongst policymakers when dealing with technology. C.P. Snow was right "some of the most important choices about a nation's physical health are made, or not made, by a handful of men in secret, and again in legal form, by men who normally are not able to comprehend the arguments in depth."
The Pig and the Box - a drm story for kids
Now this is a great idea. MCM, a writer and producer and programmer and sometimes artist from Victoria, BC, Canada, has written a kids book about digital rights management, in response to the entertainment industry's efforts to educate kids about copyright. The book is called The Pig and the Box (1.6M pdf) and is available under a creative commons licence. MCM says:
"The Pig and the Box is about a pig who finds a magic box that can replicate anything you put into it. The pig becomes so protective of it, and so suspicious of anyone that wants to use it, that he makes people take their copied items home in special buckets that act as... well, they're basically DRM. It's like a fable, except the moral of the story is very modern in tone.
I made the book after hearing how the entertainment industry in Canada is keen on teaching young kids about how to "respect" copyright. That was a bit heavy-handed, I thought, and otherwise despicable. Preying on small kids, brainwashing them so they believe what you're doing is honourable and good... Feh. So I wrote this book partly as a response to that venture, to counter-act the confused ideals that young'ns are being exposed to these days. Also, I wanted to write potty humour."
Plame sues Cheney
Valerie Plame whose role in the CIA was leaked by the upper echelons of the Bush administration in apparent retaliation for her husband Joseph Wilson's public criticism of the administration, has decided to sue Dick Cheney, Scooter Libby (Cheney's ex-chief of staff, who is facing criminal charges over the affair) and Karl Rove, deputy White House Chief of Staff.
Bush to let the FISA Court to review NSA wiretapping
President Bush has agreed, according to the NYT, to allow the secret Foreign Intelligence Surveillance Court to review the legality of the NSA domestic surveillance which he authorised.
"If approved by Congress, the deal would put the court, the Foreign Intelligence Surveillance Court, in the unusual position of deciding whether the wiretapping program is a legitimate use of the president’s power to fight terrorism...
The Bush administration had argued since the program’s disclosure last December that no Congressional or judicial oversight was needed because the surveillance fell within the president’s constitutional authority.
Some critics of the program saw the White House’s reversal on that issue as a significant concession. But Representative Heather A. Wilson, Republican of New Mexico, who leads the intelligence subcommittee that oversees the National Security Agency, said Thursday in an interview that she found the idea of the court ruling on the legality of the entire program “a little odd.”
“That to me is not what the FISA court is set up to do,” she said. “The judges approve warrants — they’re not there to rule on matters of constitutionality.”"
Update: Jack Balkin and Marty Lederman have some strong words about the deal. Balkin says it's a sham and Lederman calls it a monstrosity.
"Although the one-time judicial review provision is worrisome, it is by no means the most troubling thing about this bill. Specter's proposed legislation, if passed in its present form, would give President Bush everything he wants. And then some. At first glance, Specter's bill looks like a moderate and wise compromise that expands the President's authority to engage in electronic surveillance under a variety of Congressional and judicial oversight procedures. But read more closely, it actually turns out to be a virtual blank check to the Executive, because under section 801 of the bill the President can route around every single one of them. Thus, all of the elegant machinery of the bill's oversight provisions is, I regret to report, a complete and total sham. Once the President obtains the powers listed in section 801, the rest of the bill is pretty much irrelevant. He will be free of Congressional oversight forever."
"If approved by Congress, the deal would put the court, the Foreign Intelligence Surveillance Court, in the unusual position of deciding whether the wiretapping program is a legitimate use of the president’s power to fight terrorism...
The Bush administration had argued since the program’s disclosure last December that no Congressional or judicial oversight was needed because the surveillance fell within the president’s constitutional authority.
Some critics of the program saw the White House’s reversal on that issue as a significant concession. But Representative Heather A. Wilson, Republican of New Mexico, who leads the intelligence subcommittee that oversees the National Security Agency, said Thursday in an interview that she found the idea of the court ruling on the legality of the entire program “a little odd.”
“That to me is not what the FISA court is set up to do,” she said. “The judges approve warrants — they’re not there to rule on matters of constitutionality.”"
Update: Jack Balkin and Marty Lederman have some strong words about the deal. Balkin says it's a sham and Lederman calls it a monstrosity.
"Although the one-time judicial review provision is worrisome, it is by no means the most troubling thing about this bill. Specter's proposed legislation, if passed in its present form, would give President Bush everything he wants. And then some. At first glance, Specter's bill looks like a moderate and wise compromise that expands the President's authority to engage in electronic surveillance under a variety of Congressional and judicial oversight procedures. But read more closely, it actually turns out to be a virtual blank check to the Executive, because under section 801 of the bill the President can route around every single one of them. Thus, all of the elegant machinery of the bill's oversight provisions is, I regret to report, a complete and total sham. Once the President obtains the powers listed in section 801, the rest of the bill is pretty much irrelevant. He will be free of Congressional oversight forever."
Thursday, July 13, 2006
The importance of perspective
The Register have posted some doctored videos of the Zidane headbutting incident from the World Cup Final on Sunday which throw some light on the importance of perspective.
It was a disappointing end to the tournament, which is why I haven't commented on it until now. But since I've just been writing about the importance of perspective to decision making processes...
Update: I've taken down the video of Materazzi walking into the lampost, as the folks at the Register prefer that you view it on their site.
It was a disappointing end to the tournament, which is why I haven't commented on it until now. But since I've just been writing about the importance of perspective to decision making processes...
Update: I've taken down the video of Materazzi walking into the lampost, as the folks at the Register prefer that you view it on their site.
The dumb long tail?
Jonathan Rowe is less than impressed at the plaudits being dished out for Chris Anderson's new book The Long Tail.
"The long tail, Anderson writes, reflects new technology that can “tap the distributed intelligence of millions of consumers to match people with the stuff that suits them best.”
Intelligence? That’s market orthodoxy with a techno-futurist spin. Everything we do as consumers is a "market choice", and therefore by definition intelligent and good. There’s another possibility, which is that the market can be as dumb as we humans who comprise it; and therefore technology that provides greater range for market selections also provides greater range for this dumbness as well.
That stupidity includes the capacity to destroy that which ultimately sustains us and which we ultimately hold most dear. The long tail sounds to me like just another version of the old tale, which is the effort to get people to define themselves as consumers, and to seek happiness in things they buy.
Hey, I’m glad I’m not stuck in Blockbuster’s mass drek. But I’m even gladder there’s a revival of public spaces and the like, so I can be around other people and not have to buy anything at all. That's the tail that's really new, and needs to be told."
"The long tail, Anderson writes, reflects new technology that can “tap the distributed intelligence of millions of consumers to match people with the stuff that suits them best.”
Intelligence? That’s market orthodoxy with a techno-futurist spin. Everything we do as consumers is a "market choice", and therefore by definition intelligent and good. There’s another possibility, which is that the market can be as dumb as we humans who comprise it; and therefore technology that provides greater range for market selections also provides greater range for this dumbness as well.
That stupidity includes the capacity to destroy that which ultimately sustains us and which we ultimately hold most dear. The long tail sounds to me like just another version of the old tale, which is the effort to get people to define themselves as consumers, and to seek happiness in things they buy.
Hey, I’m glad I’m not stuck in Blockbuster’s mass drek. But I’m even gladder there’s a revival of public spaces and the like, so I can be around other people and not have to buy anything at all. That's the tail that's really new, and needs to be told."
Deafening silence in the blogosphere about Mumbai bombings
Sepia Mutiny cannot understand the lack of interest in the blogosphere in the terrible tragedy in Mumbai.
Cory's Microssoft DRM talk - the video
Microsoft have now released the video of a terrific talk on drm that Cory Doctorow gave at the company a couple of years ago.
Wednesday, July 12, 2006
Levy arrested in cash for honours inquiry
Lord Levy has reportedly been arrested as part of Scotland Yard's investigation into the cash for honours inquiry. If it's true there will be a few members of the upper echelons of the Labour Party who will be starting to feel uncomfortable.
Update: Police say Levy arrest integral to investigation
Update: Police say Levy arrest integral to investigation
Ireland want ECJ to review data retention
As they threatened in the immediate aftermath of the passing of the data retention directive, the Irish government have decided to challenge the directive in the European Court of Justice. Technicaly the challenge is on procedural grounds and given the Irish mastery of these things will probably succeed but the real reason for the challenge is that they feel the directive is cramping their style domestically in the mass surveillance stakes. The Irish government originally, with the UK, wanted a seven year EU data retention regime. They settled for three years in Irish law and feel that the EU directive could muddy the domestic surveillance waters unnecessarily in that regard.
Jeff Jonas on information sharing
Jeff Jonas of IBM spoke at a panel on how technology is changing intelligence services at the Council on Foreign Relations a couple of months ago. When you listen to folks like Jonas outlining key principles about information gathering it makes you wonder how politicians can still get things so wrong.
"All right. Well, let me start with this notion that there’s a lot of conversation about information sharing, and I think that that’s kind of like a second principle.
And I have kind of come up with what I’m calling the information-sharing paradox, and I think it’s—if you start with information sharing, we’re likely to fail. And the reason is that it’s not really practical to share everything with everybody. And if you can’t share everything with everybody, your next option is, can you ask everybody every question? And it turns out that’s not practical either.
So this information sharing paradox is, if you can’t share everything with everybody and you can’t ask everyone every question every day, how is someone going to find something? And that’s the information sharing paradox.
And I think that the solution is discovery. You have to know who to ask for what. So thinking about this in terms of the card catalog at the Library of Congress, the Reader’s Digest version is no one goes to the library and roams the hall to look for the book; you go to a card file and the card file tells you where to go. If someone were to be putting books in the halls or one of the aisles of the library and not put a card in the card file it would be nondiscoverable.
So a first principle is, holders of data should be publishing some subset of the data, subject, title, author, to card files, and card files are used for discovery, and then you know who to ask.
So the first principle is discovery.
And from a policy standpoint, the question then is, how do you get people to contribute data to the card file? What data are they putting in the card file? And when I think about that, I think about motivating data holders. If you have an owner of a system, their value to the enterprise is the degree to which their data is useable. But before it’s useable, it must be discoverable.
So if you quantified people’s contributions to the card file, if you had an aisle at the library, a system, and they contributed no cards to the card file, their enterprise value would be less.
So I’m speaking here to a metric about how one would quantify discoverability.
And it turns out as you create these things that the card file itself becomes the target. When you put a few billion things in there that point to the documents in the holdings and the assets across many different systems or silos, after awhile it starts to feel like the card file is the risk, the risk of unintended disclosure, the risk of that running away from you, having an insider run off with it.
So one of the things that I’ve been pursuing is the ability to anonymize the card file so that even if the database administrator who oversees this card file is corrupt, he or she can’t actually look through it and shop or scan for names or addresses. The data in it has been scrambled in a way that it’s—when I use the word anonymize, by the way—some of the recent news has indicated that a phone number by itself is anonymized; I would differ. My view of anonymize is that it—to me, anonymized data is data that is nonhuman-interpretable, and nonreversible. So therefore if there is a match, no single person can unlock it. They actually have to go back to the holder of it and request the record, which in an information-sharing model with public sector to private sector, that request would then come out as consent or a subpoena, NSL FISA.
So I thought I’d start there."
Just to repeat the crux of that, "if you can’t share everything with everybody and you can’t ask everyone every question every day, how is someone going to find something? And that’s the information sharing paradox.
And I think that the solution is discovery. You have to know who to ask for what."
No amount of hoping that the computer, after sucking up voluminous quantities of data about everyone, will magically find something, is going to save you, if you don't know what that something is and you don't know who or what to ask to find it. Thanks to William for the link.
"All right. Well, let me start with this notion that there’s a lot of conversation about information sharing, and I think that that’s kind of like a second principle.
And I have kind of come up with what I’m calling the information-sharing paradox, and I think it’s—if you start with information sharing, we’re likely to fail. And the reason is that it’s not really practical to share everything with everybody. And if you can’t share everything with everybody, your next option is, can you ask everybody every question? And it turns out that’s not practical either.
So this information sharing paradox is, if you can’t share everything with everybody and you can’t ask everyone every question every day, how is someone going to find something? And that’s the information sharing paradox.
And I think that the solution is discovery. You have to know who to ask for what. So thinking about this in terms of the card catalog at the Library of Congress, the Reader’s Digest version is no one goes to the library and roams the hall to look for the book; you go to a card file and the card file tells you where to go. If someone were to be putting books in the halls or one of the aisles of the library and not put a card in the card file it would be nondiscoverable.
So a first principle is, holders of data should be publishing some subset of the data, subject, title, author, to card files, and card files are used for discovery, and then you know who to ask.
So the first principle is discovery.
And from a policy standpoint, the question then is, how do you get people to contribute data to the card file? What data are they putting in the card file? And when I think about that, I think about motivating data holders. If you have an owner of a system, their value to the enterprise is the degree to which their data is useable. But before it’s useable, it must be discoverable.
So if you quantified people’s contributions to the card file, if you had an aisle at the library, a system, and they contributed no cards to the card file, their enterprise value would be less.
So I’m speaking here to a metric about how one would quantify discoverability.
And it turns out as you create these things that the card file itself becomes the target. When you put a few billion things in there that point to the documents in the holdings and the assets across many different systems or silos, after awhile it starts to feel like the card file is the risk, the risk of unintended disclosure, the risk of that running away from you, having an insider run off with it.
So one of the things that I’ve been pursuing is the ability to anonymize the card file so that even if the database administrator who oversees this card file is corrupt, he or she can’t actually look through it and shop or scan for names or addresses. The data in it has been scrambled in a way that it’s—when I use the word anonymize, by the way—some of the recent news has indicated that a phone number by itself is anonymized; I would differ. My view of anonymize is that it—to me, anonymized data is data that is nonhuman-interpretable, and nonreversible. So therefore if there is a match, no single person can unlock it. They actually have to go back to the holder of it and request the record, which in an information-sharing model with public sector to private sector, that request would then come out as consent or a subpoena, NSL FISA.
So I thought I’d start there."
Just to repeat the crux of that, "if you can’t share everything with everybody and you can’t ask everyone every question every day, how is someone going to find something? And that’s the information sharing paradox.
And I think that the solution is discovery. You have to know who to ask for what."
No amount of hoping that the computer, after sucking up voluminous quantities of data about everyone, will magically find something, is going to save you, if you don't know what that something is and you don't know who or what to ask to find it. Thanks to William for the link.
EU fine Microsoft 280 million euros
The EU have decided to fine Microsoft 280 million euros for not complying with the anti trust judgement of 2004.
Swapping one red paperclip for a house
Well Kyle MacDonald has managed to barter his way through the past year starting out with one red paper clip and ending up with a house.
NHS IT security poor
Computer Weekly reports that:
"The UK's largest NHS trust has discovered endemic sharing of passwords and log-in identifications by staff, recording 70,000 cases of "inappropriate access" to systems, including medical records, in one month."
And that is just the 70000 that were detected. Essentially the security of private patient data is non-existent in the new £multi-billion NHS IT system. FIPR have been saying this for quite some time.
"The UK's largest NHS trust has discovered endemic sharing of passwords and log-in identifications by staff, recording 70,000 cases of "inappropriate access" to systems, including medical records, in one month."
And that is just the 70000 that were detected. Essentially the security of private patient data is non-existent in the new £multi-billion NHS IT system. FIPR have been saying this for quite some time.
Tuesday, July 11, 2006
Pentagon orders compliance with Supreme Court Ruling
Marty Lederman says
"Pentagon General Counsel Jim Haynes has ordered senior defense officials and military officers to apply Common Article 3 of the Geneva Conventions to all detainees held in US military custody. The DOD memo can be found here... a directive to DoD officials to comply with a holding of the U.S. Supreme Court."
"Pentagon General Counsel Jim Haynes has ordered senior defense officials and military officers to apply Common Article 3 of the Geneva Conventions to all detainees held in US military custody. The DOD memo can be found here... a directive to DoD officials to comply with a holding of the U.S. Supreme Court."
Commission stack the deck in patent consultation
It seems that the EU Commission have been using Machievelian tactics in an effort to get the right answers to their patent 'consultation' process.
"The Commission made an undercover move to get more "useful" answers following the 12 April closing date of its Patent Policy consultation. It sought out small firms across Europe who had used the patent system. It then provided these firms with new documentation and specialist assistance to help them write individual answers. None of the firms answering the online consultation got this help. But when the software firms in this new group came to the same conclusions as the FFII, the Commission concluded that these firms were "lacking knowledge about the patent system"."
"The Commission made an undercover move to get more "useful" answers following the 12 April closing date of its Patent Policy consultation. It sought out small firms across Europe who had used the patent system. It then provided these firms with new documentation and specialist assistance to help them write individual answers. None of the firms answering the online consultation got this help. But when the software firms in this new group came to the same conclusions as the FFII, the Commission concluded that these firms were "lacking knowledge about the patent system"."
Do Walmart own the smiley face
David Bollier has a nice piece about Walmart's trademark claim to the smiley face.
"Fundamentalism is not simply an affliction of religious zealots. It takes over the minds of secular people, too, and often manifests itself in a religious-like zeal to defend property rights at the expense of all else. Because I keep encountering ever-more extreme examples of this pathology, I thought it would be useful to start a occasional blog post, the Annals of Private Property, that will document the lurid extremes now dictated by the theology and veneration of property rights.
Let me inaugurate this feature by citing the epic trademark battle that Wal-Mart is engaged in, over the ownership of… the “smiley face.” If ever there was a cultural icon that emerged from the commons, or at least acquired value through its social circulation via the commons, ol’ Smiley is it. It’s been around for decades as a shared icon of dubious taste. But now the economic leviathan, Wal-Mart, is claiming that it, and it alone, owns the smiley face image, as a trademark."
"Fundamentalism is not simply an affliction of religious zealots. It takes over the minds of secular people, too, and often manifests itself in a religious-like zeal to defend property rights at the expense of all else. Because I keep encountering ever-more extreme examples of this pathology, I thought it would be useful to start a occasional blog post, the Annals of Private Property, that will document the lurid extremes now dictated by the theology and veneration of property rights.
Let me inaugurate this feature by citing the epic trademark battle that Wal-Mart is engaged in, over the ownership of… the “smiley face.” If ever there was a cultural icon that emerged from the commons, or at least acquired value through its social circulation via the commons, ol’ Smiley is it. It’s been around for decades as a shared icon of dubious taste. But now the economic leviathan, Wal-Mart, is claiming that it, and it alone, owns the smiley face image, as a trademark."
Monday, July 10, 2006
Court sides with directors v CleanFlicks
In a judgement that has been in stasis for quite some time, a court has sided with a group of film directors in ruling that a company called CleanFlicks, which edited bad language and nudity out of popular films to enable family viewing, was engaged in copyright infringement. I haven't read the judgement yet, so don't have the details but I expect this one will be bouncing round the usual corners of the blogosphere.
Update: The Salt Lake Tribune, appropriately, has the story Utah film sanitizers ordered to cut it. Thanks to Michael Geist for the link.
Update 2: Ed Felten as usual has a worthwhile commentary as does Tim Lee.
Update: The Salt Lake Tribune, appropriately, has the story Utah film sanitizers ordered to cut it. Thanks to Michael Geist for the link.
Update 2: Ed Felten as usual has a worthwhile commentary as does Tim Lee.
ABC want DVR ad skipping disabled
ABC President of Advertising Sales Mike Shaw wants the ad skipping feature of DVRs disabled.
"I'm not so sure that the whole issue really is one of commercial avoidance... And quite frankly, we're just training a new generation of viewers to skip commercials because they can... People can understand in order to have convenience and on-demand (options), that you can't skip commercials."
Yes some of these folk do indeed live in a different world.
What's the matter with you? Don't you realise you're learning to skip the ads? Don't you understand that's NOT ALLOWED?
Ranks right up there with Jamie Kellner's 'skipping the ads is theft' comment in 2002.
"[Ad skips are] theft. Your contract with the network when you get the show is you're going to watch the spots. Otherwise you couldn't get the show on an ad-supported basis. Any time you skip a commercial or watch the button you're actually stealing the programming."
"I'm not so sure that the whole issue really is one of commercial avoidance... And quite frankly, we're just training a new generation of viewers to skip commercials because they can... People can understand in order to have convenience and on-demand (options), that you can't skip commercials."
Yes some of these folk do indeed live in a different world.
What's the matter with you? Don't you realise you're learning to skip the ads? Don't you understand that's NOT ALLOWED?
Ranks right up there with Jamie Kellner's 'skipping the ads is theft' comment in 2002.
"[Ad skips are] theft. Your contract with the network when you get the show is you're going to watch the spots. Otherwise you couldn't get the show on an ad-supported basis. Any time you skip a commercial or watch the button you're actually stealing the programming."
George W. Bush sings U2
ThePartyParty.com have done a mix of George Bush singing U2's Sunday Bloody Sunday. It includes clips of Tony Blair looking just as grim as I imagine he would be if the president really did sing the song.
School to expell pupils who refuse to give fingerprints
A Berkshire 6th form student has written to LTKA (Leave Them Kids Alone an organisation against schools fingerprinting children) saying that their school is threatening to exclude any child who refuses to give their fingerprints.
LTKA seem to think that fingerprinting is being introduced in 20 primary schools in the UK every week and that the systems exist in 3500 primary schools across the country. Whereas I find that hard to believe, it is a matter of concern that it should be happening at all.
To get at why this might be happening you need to look at the agendas of the people making the decisions.
The companies selling the systems will be well versed in the messages that schools like to hear - it will save time, be more convenient etc.
Overworked headteachers, teachers, librarians and administrators see the system a way of avoiding the time consuming process of dealing with kids losing library cards and 'the dog ate it' kinds of problems.
Kids don't have a say and in primary schools would be too young to understand the implications anyway.
It looks like parents are also being kept out of the loop, so don't have a say either.
So a lot of money is being spent on systems to release a little school staff time and the security and privacy implications for the children involved are not factored into the equation.
LTKA seem to think that fingerprinting is being introduced in 20 primary schools in the UK every week and that the systems exist in 3500 primary schools across the country. Whereas I find that hard to believe, it is a matter of concern that it should be happening at all.
To get at why this might be happening you need to look at the agendas of the people making the decisions.
The companies selling the systems will be well versed in the messages that schools like to hear - it will save time, be more convenient etc.
Overworked headteachers, teachers, librarians and administrators see the system a way of avoiding the time consuming process of dealing with kids losing library cards and 'the dog ate it' kinds of problems.
Kids don't have a say and in primary schools would be too young to understand the implications anyway.
It looks like parents are also being kept out of the loop, so don't have a say either.
So a lot of money is being spent on systems to release a little school staff time and the security and privacy implications for the children involved are not factored into the equation.
Sunday, July 09, 2006
The ID emails
I've just taken a look at the emails raising all the excitement and they are pretty damning. David Foord, Mission Critical Director (Identity and Defence) [Office of Government Commerce] says:
"I conclude that we are setting ourselves up to fail. This is based on: the (un)affordability of all the individual programmes, the very serious shortage of appropriately qualified staff and numbers of staff, the lack of clear benefits from which to demonstrate a return on investment, the concerns about the lack of requirement documentation, and in addition:
that ministers probably will not make a quick decision on papers submitted so the July date will slip badly, the likely hiatus caused by the summer holidays, the need surely to at least brief the new cabinet committee (IM), the need to involve the players on the yet to be established Public/Private forum, almost certainly a requirement for a Gate 0 on the programmes and Gate 2's on the projects,"
Peter Smith, Acting Commercial Director, IPS [Identity and Pasport Service], says:
"I wouldn't argue with a lot of this David; share your concerns about TNIR timescale certainly, and the 'wider scheme' implications where still issues about joining up I think across the HO. We should talk... but 2 points in our defence...!
1. It was a Mr Blair who wanted the 'early variant' card. Not my idea...
2. The procurements we will (we hope) launch in the next few months - not the TNIR but things like APSS and contact centre - are all necessary (essential) to sustain IPS business as usual, and we are designing the strategy so that they are all sensible and viable contracts in their own right EVEN IF the ID Card gets canned completely. So also less dependence on business case approval etc."
No doubt Mr Blair wil be furious and these men will get hauled over the coals and the government will go after the person who leaked the memos rather than address the substantive points raised. Yet both the meo writers and the leaker deserve a pat on the back for being realistic (Foord more than Smith) and the leaker for letting the us know there are folks at high level thinking reasonably about the scheme. Rational thinking, however, as I point out in my book, is all too often an insufficiently strong barrier to resist decisions which lead to catastophic failure.
Update: John Lettice in the Register has some thoughts.
"I conclude that we are setting ourselves up to fail. This is based on:
my conversations with stakeholders about:
the amount of rethinking going on about identity management (which at best will provide an agreed vision and some signposts by end July),
Peter Smith, Acting Commercial Director, IPS [Identity and Pasport Service], says:
"I wouldn't argue with a lot of this David; share your concerns about TNIR timescale certainly, and the 'wider scheme' implications where still issues about joining up I think across the HO. We should talk... but 2 points in our defence...!
1. It was a Mr Blair who wanted the 'early variant' card. Not my idea...
2. The procurements we will (we hope) launch in the next few months - not the TNIR but things like APSS and contact centre - are all necessary (essential) to sustain IPS business as usual, and we are designing the strategy so that they are all sensible and viable contracts in their own right EVEN IF the ID Card gets canned completely. So also less dependence on business case approval etc."
No doubt Mr Blair wil be furious and these men will get hauled over the coals and the government will go after the person who leaked the memos rather than address the substantive points raised. Yet both the meo writers and the leaker deserve a pat on the back for being realistic (Foord more than Smith) and the leaker for letting the us know there are folks at high level thinking reasonably about the scheme. Rational thinking, however, as I point out in my book, is all too often an insufficiently strong barrier to resist decisions which lead to catastophic failure.
Update: John Lettice in the Register has some thoughts.
Senior officials admit ID cards doomed
There are a series of stories in the Sunday Times this morning about the ID cards system. It seems that there have been communications flying between several senior government officials saying the scheme is doomed to fail. Thanks to William Heath for the heads up. Here's what the Times leader has to say:
"What do you get when you combine an ambitious IT scheme run by the government and a plan that threatens to ride roughshod over civil liberties? The answer is an unholy mess. As leaked e-mails today reveal, Tony Blair’s flagship identity card scheme is struggling and could even collapse in an embarrassing shambles. Two years before ID cards are set to be introduced for people renewing their passports, the chances of meeting that timetable look remote. The entire scheme may yet have to be shelved...
"What do you get when you combine an ambitious IT scheme run by the government and a plan that threatens to ride roughshod over civil liberties? The answer is an unholy mess. As leaked e-mails today reveal, Tony Blair’s flagship identity card scheme is struggling and could even collapse in an embarrassing shambles. Two years before ID cards are set to be introduced for people renewing their passports, the chances of meeting that timetable look remote. The entire scheme may yet have to be shelved...
Should the government accept the verdict of its own experts that a politically driven programme with a “lack of clear benefits” might, and perhaps should, be “canned”? It would be another broken promise from Mr Blair, but he is used to those, as are voters. Why press on with a scheme that will cost billions with very little discernible benefit?
...
Frank Field, the former welfare reform minister, has sound ideas. It was his committee which first identified the scale of National Insurance fraud in Britain, with at least 20m more NI numbers in use than there are people in the country. He believes that the scale of fraud in the NHS is significant. Rather than scrapping the whole ID scheme, he argues, it should be launched gradually, first to foreigners coming to Britain to stay and then to young people getting their NI numbers for the first time. A programme like this should be within the government’s capabilities and would even allow the prime minister and his colleagues to save face."
They were doing so well until that final paragraph. They just don't get it do they? A fundamentally dodgy IT scheme will not work no matter how long you take to launch it. We're already leaving our future generations with an enormous mess on the political, social, economic and environmental fronts. It's worse than a bad joke to say the scheme is a mess so let's test it on our children instead. Now start talking about a carefully designed and constructed privacy enhancing, commerce and public services enabling identity architecture and you might start getting me interesed. The trouble with politicians and most of the media is that they don't understand the absolutely fundamental difference between that and the government's ridiculous proposals.
P2P litigant pleads diproportionate damges
A woman defending one of the tens of thousands of RIAA P2P lawsuits is pleading that the statuatory damages of $750 per song are disproportionate to the point of being unconstitutional. They are certainly disproportionate but she might have a hard time proving a breach of the constitution.
Subscribe to:
Posts (Atom)