Pages
Friday, January 12, 2007
Government to review school fingerprinting
Digital records of 'disruptive behaviour'
"According to Children Now:
Leicestershire Council has signed a £1m contract for an IT system designed to help target truancy, behaviour and pupil attainment.
The five-year agreement with Capita Education Services will provide a system to manage pupil and school data. It will make it easier for children’s services teams to share information on attendance, exclusions, behaviour, pupil attainment and special educational needs.
Over on the Capita education site, online demonstrations of all their products are available. The ‘Detailed Pupil Record’ captures, well, everything - right down to ‘disruptive behaviour - throwing food’.
Schools need to start being very careful if they are logging and sharing information on what may be subjective or unfair decisions about behaviour. After all, who hasn’t at some point been unfairly accused of some misdemeanour or other at school?
Generally children shrug injustice off as yet another example of a particular teacher’s irascibility or unreasonableness, but if that information is going to be spread around and find its way on to the databases of other services in order to facilitate judgments about whether a child is showing signs of being ‘at risk’ of future offending, that’s another matter completely...
A child whose database record is peppered with incidents of ‘disruptive behaviour’ is a child heading for a label and a multi-agency intervention scheme. More, that record is persistent: unlike the punishment book, it doesn’t disappear down the back of the head teacher’s filing cabinet to accumulate dust once the pages have started to fall out. It can follow a child around every agency with which s/he has contact for years to come.
Teachers are going to have to start being very sure indeed about what goes on to a child’s behaviour record, because as soon as children’s information starts crossing the school fence, the implications of unjust accusations suddenly become extremely serious."
Secret war?
"Washington intelligence, military and foreign policy circles are abuzz today with speculation that the President, yesterday or in recent days, sent a secret Executive Order to the Secretary of Defense and to the Director of the CIA to launch military operations against Syria and Iran.
The President may have started a new secret, informal war against Syria and Iran without the consent of Congress or any broad discussion with the country.
Thursday, January 11, 2007
Kim Weatherhall's last post
"The last 12 months have been particularly insane. Just over a third of the 'words' I have written on the blog have happened in the last 12 months. So I'm tired. And I need to do other academic-y stuff. you know, like write journal articles and books. I've not done enough of that, because of the blog and the law reform involvement. I need to give myself a bit of time to think about things more broadly and deeply. It doesn't happen when you're desperately trying to keep up with things and have views on every development."
Good luck to Kim with the academic-y stuff and the thinking.
Becta warn schools to avoid Vista
"technical, financial and organizational challenges associated with early deployment currently make this (Vista) a high-risk strategy."
MI5 email alert sign up routed via US
"MI5, the Security Service, part of whose remit is supposed to be giving protection advice against electronic attacks over the internet, is sending all our personal details (forename, surname and email address) unencrypted to commercial third party e-mail marketing and tracking companies which are physically and legally in the jurisdiction of the United States of America, and is even not bothering to make use of the SSL / TLS encrypted web forms and processing scripts which are already available to them."
Super Mario Software Patent denied
"The decision related to refusal of Nintendo's application under section 1(2) of the UK Patents Act 1977. The examiner had maintained an objection regarding s1(2)(c), i.e. that the contribution lay solely in the field of computer programs, and consequently refused the application. Referring to Aerotel/Macrossan (previously reported in the IPKat here), the Hearing Officer applied the now approved four step test, noting that the decision must be treated as a definitive statement of how the law on patentable subject matter is now to be applied in the UK, and that it should not be necessary to refer back to previous UK or EPO case law regarding the issue.
After construing the claims, the Hearing Officer considered the contribution to be the process of setting a kart upright and facing in the same direction as it was prior to crashing. This was seen to be clearly wholly within the area of a computer program, but not itself a scheme, method or rule for playing a game. Since the third step question was answered in the affirmative, it was not seen to be necessary to consider the fourth step, i.e. whether the contribution was "technical" in nature. The application was therefore refused.
The IPKat sees much sense in this decision, but wonders how it can be squared with the previous decisions of Sun Microsystems and ARM, both of which also related to ways of getting computer programs to do clever things purely implemented in software, but which were related to much more serious-sounding issues of bytecodes and compilers rather than silly racing karts."If the EU Council of Ministers had succeeded with just one of their many attempts to sneak the proposed software patents directive through via fisheries and other unrelated Council meetings, (doumented in great detail by Florian Mueller in his book) then Nintendo would probably now be the proud owners of a UK software patent for uprighting cars/vehicles in computer games.
Beckham goes to the US for $1million a week
January 11 is the International Day to Shut Down Guantanamo
EU report rejects call for copyright term extension
"Chapter 3: Extending the term of protection for related (neighbouring) rights
Holders of neighbouring rights in performances and phonograms have expressed concern that the existing term of protection of 50 years puts them and the European creative industries, in particular the music industry, at a disadvantage, as compared to the longer protection provided for in the United States. Chapter 3 examines these concerns, first by describing and comparing the terms in the EU in the light of the existing international framework and existing terms in countries outside the EU, secondly by examining the rationales underlying related (neighbouring) rights protection and finally by applying economic analysis.
The authors of this study are not convinced by the arguments made in favour of a term extension. The term of protection currently laid down in the Term Directive (50 years from fixation or other triggering event) is already well above the minimum standard of the Rome Convention (20 years), and substantially longer than the terms that previously existed in many Member States. Stakeholders have based their claim mainly on a comparison with the law of the United States, where sound recordings are protected under copyright law for exceptionally long terms (life plus 70 years or, in case of works for hire, 95 years from publication or 120 years from creation). Perceived from an international perspective the American terms are anomalous and cannot serve as a legal justification for extending the terms of related rights in the EU.
An examination of the underpinnings of existing neighbouring rights regimes does not lend support to claims for term extension. Whereas copyright (author’s right) protects creative authorship, the rights of phonogram producers are meant to protect economic investment in producing sound recordings. The related rights of phonogram producers have thus more in common with rights of industrial property, such as design rights, semiconductor topography rights, plant variety rights and the sui generis database right. Whereas all these rights share the same ‘investment’ rationale, their terms are considerably shorter, while setting higher threshold requirements. For example, whereas the database right requires ‘substantial investment’ in a database, the phonographic right requires no more than the making of a sound recording, be it a complex studio production or simply a matter of ‘pushing a button’ on a recording device. Indeed, a good argument could be made for shortening the term of protection for phonogram producers.
Given that the legal protection of phonogram producers is based on an investment rationale, it is important to note that the costs of owning and operating professional recording equipment has substantially decreased in recent years due to digitalisation. On the other hand, the costs of marketing recordings has apparently gone up. These costs now make up the largest part of the total investment in producing a phonogram. However, it is doubtful whether these costs may be taken into account as investment justifying legal protection of phonogram producers. Insofar as marketing costs accrue in the goodwill of trademarks or trade names, phonogram producers or performing artists may already derive perpetual protection therefore under the law of trademarks.
For the large majority of sound recordings the producers are likely to either recoup their investment within the first years, if not months, following their release, or never...
As the rights expire, recordings falling into the public domain will become subject to competition and falling prices, which will lead to a loss of income for the former right holders. Stakeholders argue that this will negatively affect future investment in A&R. However, it appears that onlylimited shares of phonogram producers’ overall revenues are currently invested in A&R, so the predicted negative effect on investment in new talent is likely to be limited.
Another argument that stakeholders have advanced in favour of term extension refers to the so-called ‘long tail’ (i.e. the reduced costs of digital distribution has created new markets for lowselling content). A term extension might indeed inspire phonogram producers to revitalise their back catalogues recordings, and make them available to a variety of digital distribution channels. On the other hand, the immense market potential of digital business models should already today have provided ample incentive to phonogram producers to exploit their back catalogues in new media. The recent history of the internet, however, indicates that these opportunities have not always been seized by those stakeholders now asking for a term extension.
Stakeholders have also posited that not granting a term extension would distort competition between right holders based in the EU and their competitors in non-EU countries, where right holders may enjoy longer terms. It has been argued that foreign countries would apply a ‘comparison of terms’ to the detriment of EU right holders. This argument is wholly unconvincing...
Another argument advanced by stakeholders is that a failure to bring the term of protection in the EU in line with the US will negatively affect the competitiveness of the European music industry. However, the competitiveness of phonogram producers is based on a wide variety of factors, intellectual property protection in general and the term of protection in particular being just one of them. Moreover, the worldwide music market is dominated by only four multinational companies (the so-called ‘majors’), that can not be characterised as either ‘European’ or ‘American’. Juxtaposing the interests of the European and the American music industries, therefore, would be wholly artificial. Even so, the market dominance of the ‘majors’ is an economic factor to be taken into consideration. A term extension would in all likelihood strengthen and prolong this market dominance to the detriment of free competition.
A final argument sometimes advanced in favour of term extension comes from the world of accountancy. It assumes that a longer term of protection would increase the value of ‘intangible assets’ in the balance sheets of European record companies. Granting a shorter term of protection to record companies in the EU than their competitors in the US already receive, would arguably result in a comparatively lower valuation of assets of European companies. This argument, however, is largely without merit. The value of a record company’s own recordings is not regularly recognised as intangible assets by the record labels, and not capitalised in the balance sheets. Acquired catalogues of recordings are usually capitalised, but routinely written off well before the existing terms of related rights protection expire. A term extension will perhaps play a minor role only in the valuation of the goodwill of a record company in the context of a merger or acquisition. Even then, its effect will be minimal.
The fact that some recordings still have economic value as rights therein expire, cannot in itself provide a justification for extending the term of protection. Related rights were designed as incentives to invest, without unduly restricting competition, not as full-fledged property rights aimed at preserving ‘value’ in perpetuity. The term of related rights must reflect a balance between incentive and market freedom. This balance will be upset when terms are extended for the mere reason that content subject to expiration still has market value. The public domain is not merely a graveyard of recordings that have lost all value in the market place. It is also an essential source of inspiration to subsequent creators, innovators and distributors. Without
content that still triggers the public imagination a robust public domain cannot exist.
Admittedly, an argument could be made in favour of extending the term of protection of performing artists, since the reasons for protecting artists are comparable to those underlying author’s rights. However, in the light of existing contractual practices, it is unlikely that performers would actually fully benefit from a term extension, since record companies routinely require a broad assignment of the rights of the performing artists. Therefore, extending the term of protection of performing artists should be considered only in connection with the harmonisation of statutory measures that protect the artists against overbroad transfers of rights. Obviously, a term extension would benefit only those artists that are still popular after 50 years and continue to receive payments from collecting societies and phonogram producers. This however concerns only a small number of performing artists."
Thanks to Ian Brown for the pointer via the ORG list.
iPhone myphone Cisco sues Apple
Wednesday, January 10, 2007
MedImmune v Genentech US Supreme Court Drug patent decision
MedImmune were paying Genentech licence fees to work on their patented antibodies technologies and also technologies that had a patent pending. When the latter patent was granted Genetech asked for more money but MedImmune though the second patent was invalid. They decided to pay the royalties to avoid being sued by Genetech but they also challenged the patent. Genetech argued that there was no "case in controversy" because MedImmune were paying royalties. MedImmune argued they should not have to stop paying royalties, thereby opening themselves up to being sued by Genetech, before they were allowed to challenge the patent. The Supreme Court agreed with MedImmune.
IPKat says: "in US Constitutional law terms the case extends the scope of the "case in controversy" test significantly, but for patent lawyers its effect is quite simple. You can apply to the court for a patent to be revoked while continuing to pay the licence fee: keeping the farm and all the animals safe."
Digital decision making and transformational government
" 1. From today we involve customers right from the start in any major public-service project. They'll be involved in design, decision, development, monitoring and feedback stages. WeÂ?ll freeze any project that didnt involve customers from the start. They fail their Gateway reviews, and we'll review urgently what people actually wanted. Two quick and easy way's we'll do this are to routinely offer a moderated "forum" alongside any complex services so users can shareexperiencess and we can learn from that. Also we'll open a public discussion link for new projects so we test our our ideas and hear suggestions as clearly and early as possible.
2. If we stop pretending everything is perfect can we please have an end to mindless criticism of government IT. Informed constructive criticism we can accept. We'll be frank and truthful about our aims and intentions, the evidence base, what it costs (not just the IT, but the whole programme including training, restructuring), what works and what doesnt.
3. We intend to engage with, inform and learn from people about what we're undertaking here. This includes non-technical officials, political leaders, our suppliers, independent experts and sceptics. We're all in this together; we're all paying for this and we all share an interest in the outcome. We can't impose this change on everyone. To lead credibly we have to listen. We have to speak out on the big IT issues, and educate people about the use of IT including its dangers.
4. WeÂ?ll default to making any non-personal and tax-funded public information free and openly available using standard formats and APIs. This country is committed to Freedom of Information and we can make this happen. We want to be as trusted and competitive as the Scandinavian countries, and they have a 240 year headstart in FoI. We've got a lot of catching up to do, so it's fortunate that the web makes it cheap and easy.
5. We'll apply full openness and transparency about contracts and costs for public sector contracts in future, including Gateway reviews. Level playing field - same applies to all.
6. WeÂ?ll presume that any software paid from public funds will be placed in a public-sector SourceForge, reusable by any other public service under creative commons licence.
7. WeÂ?ll apply a principle of maximal anonymity to any transaction involving personal data, and invite the Information Comissioner to challenge any unnecessary disclosure of data.
8. Before we spend over £1m on any development we'll offer £20,000 to some talented developers to see if they can produce a substantially functional version of what we're after. We must find better ways of building our large-scale systems. We need innovation and accelerate dadoption of best practice.
9. With multi-agency work we'll make sure we've got multi-agency buy-in before we commit ourselves to a course of action.
10. The principle of subsidiarity will reign in government IT."
I make a somewhat similar argument in the concluding chapter of my book, though couched more generically in the context of a suggested 'digital decision making framework.' It's all about active, informed and critically constructive participation of all appropriate stakeholders, including the general public, in the decision making process.
Secure Flight Privacy Report
"The Department of Homeland Security (DHS) Privacy Office conducted a review of the Transportation Security Administration's (TSA) collection and use of commercial data during initial testing for the Secure Flight program that occurred in the fall 2004 through spring 2005. The Privacy Office review was undertaken following notice by the TSA Privacy Officer of preliminary concerns raised by the Government Accountability Office (GAO) that, contrary to published privacy notices and public statements, TSA may have accessed and stored personally identifying data from commercial sources as part of its efforts to fashion a passenger prescreening program.
These new concerns followed much earlier public complaints that TSA collected passenger name record data from airlines to test the developmental passenger prescreening program without giving adequate notice to the public.1 Thus, the Privacy Office’s review of the Secure Flight commercial data testing also sought to determine whether the data collection from air carriers and commercial data brokers about U.S. persons was consistent with published privacy documents.
The Privacy Office appreciates the cooperation in this review by TSA management, staff, and contractors involved in the commercial data testing. The Privacy Office wishes to recognize that, with the best intentions, TSA undertook considerable efforts to address information privacy and security in the development of the Secure Flight Program. Notwithstanding these efforts, we are concerned that shortcomings identified in this report reflect what appear to be largely unintentional, yet significant privacy missteps that merit the careful attention and privacy leadership that TSA Administrator Kip Hawley is giving to the development of the Secure Flight program and, in support of which, the DHS Acting Chief Privacy Officer has committed to provide Privacy Office staff resources and privacy guidance."
Findings:
"As ultimately implemented, the commercial data test conducted in connection with the Secure Flight program testing did not match TSA's public announcements. Part of the reason for this discrepancy is the fact that the Fall Privacy Notices were drafted before the testing program had been designed fully. However well-meaning, material changes in a federal program's design that have an impact on the collection, use, and maintenance of personally identifiable information of American citizens are required to be announced in Privacy Act system notices and privacy impact assessments. In addition, not meeting these requirements can significantly impair a program's credibility.
The creation of an effective program requires contributions from operational personnel as well as policy and legal advisors. To be most successful, all groups must have effective communications and coordination. Given the disparity between the published Fall Privacy Notices that explained the commercial data test for Secure Flight and the actual testing program that was conducted, it seems readily apparent that closer consultation and better coordination at key decision points between the Secure Flight program office and TSA legal, policy, and privacy offices was needed. While this may have been due to short deadlines and resource constraints, the end result was that TSA announced one testing program, but conducted an entirely different one.
To TSA’s credit, after being informed of this significant discrepancy, TSA revised and reissued the SORN and PIA to reflect more closely the testing program’s conduct. Additionally, throughout the commercial data test, TSA made the security of the commercial data a high priority. TSA expressly prohibited the commercial entities
involved in testing from maintaining or using the PNR for any purpose other than Secure Flight testing, and it instituted real-time auditing procedures and strict rules for TSA access to the data. This was certainly challenging given the complex and changing nature of the program.
Whatever the causes, however, the disparity between what TSA proposed to do and what it actually did in the testing program resulted in significant privacy concerns being raised about the information collected to support the commercial data test as well as about the Secure Flight program. Privacy missteps such as these undercut an agency's effort to implement a program effectively, even one that promises to improve security."
Recommendations:
"Based on its extensive review of the commercial data test, the Privacy Office offers the following recommendations for Secure Flight. These can also serve as guideposts for any Departmental initiative that involves the collection, use, and maintenance of personally identifiable information:
1. Privacy expertise should be embedded into a program from the beginning so that program design and implementation will reflect privacy-sensitive information handling practices.
2. Programs should create a detailed "data flow map" to capture every aspect of their data collection and information system life cycle. Such an exercise will help produce accurate public documents explaining program compliance with the fair information practices principles of the Privacy Act of 1974, which must guide collection and use of personally identifiable data in the government space.
3. Good communications and collaborative coordination between operational personnel and policy, privacy, and legal advisors are essential in order to ensure that key documents explaining an information collection program are accurate and fully descriptive.
4. Programs that use personal information succeed best if the public believes that information to be collected is for a necessary purpose, will be used appropriately, will be kept secure, and will be accessible for them to review. To obtain such public trust requires the transparency and accountability that can be reflected in careful drafting of publicly available SORNs and PIAs.
5. Privacy notices should be written and published only after the design of a program or a program phase has been fully described in writing and decided upon by authorized program officials;
6. Privacy notices should be revised and republished when program design plans change materially or a new program phase is going to be launched; and
7. Program use of commercial data must be made as transparent as possible and explained in as much detail as is feasible."
It's an important report especially given the recent formal agreement between the EU and US re-introding the transfer of EU airline passenger name records to the US security authorities, though sadly it will probably only register on the radar of PNR or civil liberties geeks.
Government attack information commissioner
The government, however, are complaining that if the general public were to see these reviews it might cause "substantial harm." So basically their smart internal people told them the ID scheme was a lousy idea and because they have been selling it to Jo Public as a wonderful panacea for a variety of ills, they don't want the reality of the advice they received to be made public. This is exactly the kind of thing that kills public confidence in government, politicians and the political process. They have been overselling the utility of their big ID card idea, in spite of clear internal and external advice and evidence that the scheme won't work. Now they don't want their internal frank advice published because it would cause "substantial harm" and might "damage public confidence" in the scheme.
Thanks to HJ Affleck at FIPR for the link.
Monday, January 08, 2007
Felten's predictions for 2007
"(1) DRM technology will still fail to prevent widespread infringement. In a related development, pigs will still fail to fly.
(2) An easy tool for cloning MySpace pages will show up, and young users will educate each other loudly about the evils of plagiarism...
(5) Major record companies will sell a significant number of MP3s, promoting them as compatible with everything. Movie studios won’t be ready to follow suit, persisting in their unsuccessful DRM strategy...
(7) Some mainstream TV shows will be built to facilitate YouTubing, for example by structuring a show as a series of separable nine-minute segments.
(8) AACS, the encryption system for next-gen DVDs, will melt down and become as ineffectual as the CSS system used on ordinary DVDs...
(10) A worm infection will spread on game consoles.
(11) There will be less attention to e-voting as the 2008 election seems far away and the public assumes progress is being made. The Holt e-voting bill will pass, ratifying the now-solid public consensus in favor of paper trails.
(12) Bogus airport security procedures will peak and start to decrease. "
The anti-torture memos
"We've previously compiled a running list of all posts related to civil liberties, the War on Terror, and presidential power, listed by author.
By popular demand, here is a list of the essays grouped by topic. We've eliminated postings that are very short or that mostly quote newspaper articles. What follows is a compendium of substantive analyses on some of the key issues of the War on Terror by the authors here at Balkinization."
I doubt there is a better single source of analyses anywhere. Most of the articles are from 2005 and 2006 and they are divided into eight sections:
"Part I-- Civil Liberties
Part II-- Presidential Power and Constitutional Structure
Part III-- Torture and the "Torture Memos"
Part IV? The NSA Controversy and Government Surveillance
Part V-- Hamdan
Part VI-- The Military Commissions Act of 2006
Miscellaneous Posts
Posts by Guest Bloggers"
US 2006 evoting failures report
"In all, we looked at 1022 reports of problems associated with electronic voting equipment from 314 counties in 36 states...
The mid-term election revealed that the promise of easier voting, more accurate tallies, and
faster results with electronic systems has not been fulfilled. Voters in some jurisdictions
waited in line for hours to cast their ballots. Others cast their ballots accidentally before
they were done because they pressed the wrong button or left without casting their ballots
because they didn’t press the right button. Many voters watched the machine highlight a
candidate they didn’t select or fail to indicate a vote for a candidate they did select and
were then blamed for not being able to use a computer correctly.
Many polling places couldn’t open on time because of machine failures, and complex
procedures often left pollworkers frustrated and reluctant to serve again. Election directors
were often forced to rely on voting equipment vendors to set up the election, administer it,
and tally the votes because it was too complicated for their personnel to handle. Others
blamed themselves for not following the poorly documented, non-intuitive procedures
required to collect and tally the votes.
After the polls closed, poll workers and election officials struggled with a myriad of
reporting problems. Many couldn’t retrieve data from memory cards or couldn’t get the
tally software to combine totals from different computerized systems, while others couldn’t
figure out why the software was subtracting votes instead of adding them, or adding them
two and three times instead of only once; couldn’t determine for sure whether the first set
of results was correct, or the second set, or the third; couldn’t explain why one out of every
six voters didn’t have an electronic vote recorded for a hotly contested race; or why the
machines recorded more ballots than the number of voters who signed in to vote.
Often hidden from public view, equipment malfunctions such as these have normally been
exposed only when they are severe enough to attract media coverage...
While our source material is neither a complete list of problems nor even a
representative sampling, the number of incidents and the broad range of problems reported
is indicative of the widespread failure of electronic voting systems across the country and
how this failure affected the experience of voters on November 7, 2006."
So we had:
- Voters unable to get the machines to register their vote for their preferred candidates
- vendor companies running the elections because officials can't understand the machines
- and pollworkers not being able to work out final tallys or which of several final tallys to use.
Update: Federal officials in the US have temporarily suspended testing of electronic voting systems at the lab that has certified most of the evoting systems in the US.