Thursday, September 13, 2007

Jack Goldsmith on 'The Terror Presidency'

NPR has a remarkable interview (accessible here) with Jack Goldsmith on some controversial events and processes in the Bush administration during his tenure as the Department of Justice's Office of Legal Counsel.

No checks and balances in the US in time of war

Jack Balkan says:

"The sad lesson of the past year is that the modern Presidency-- armed with control over military intelligence and a large standing army-- can have its way in matters of war even if the President's policies are very unpopular, and there is very little Congress can do to stop it.

This lesson should be abstracted from one's feelings about the current occupant of the White House. George W. Bush is a failure-- I won't mince words-- but even a failed President can do pretty much what he wants in war given the way our constitutional system has developed following the Second World War and the rise of the National Security State. The ascendant National Surveillance State, if anything, makes the President's hand even stronger.

We are moving, or more correctly, we have already moved, toward a system of one person rule on matters of war and peace. It is a very dangerous tendency in American constitutionalism. If you think that the Iraq episode has been a disaster, imagine an even more foolhardy and reckless President taking even greater and more dangerous risks. The Iraq war demonstrates that, in the context of modern politics and contemporary security threats, the framers' original system of checks and balances has utterly failed us."

Educators are on the wrong side of the copyright wars

In my nose-to-the-grindstone-administrative-box-ticking frenzy of recent weeks I failed to notice this piece in Reason magazine putting forward the theory that Educators are on the wrong side of the copyright wars

"Last month, the U.S. Senate passed legislation enlisting colleges in the effort to police peer-to-peer networks and file-sharing, in order to prevent "piracy" by students of music, movies, and for that matter, books.

One might wonder exactly why Senate Majority Leader Harry Reid—who introduced the amendment to the Higher Education Reauthorization Act, then tempered it when there was an outcry from college administrators—is concerned about campus file sharing, other than a general commitment to fight crime. A cynic might suggest the entertainment industry's considerable patronage of the Democratic Party.

According to The Chronicle of Higher Education, Reid's measure "called on the Recording Industry Association of America and the Motion Picture Association of America to draft annual lists of the 25 colleges receiving the most notices of copyright infringement. Those colleges would face a choice: Either use technological tools to block peer-to-peer file sharing, or risk forfeiting federal student aid.In other words, colleges would be put under the supervision of the RIAA and MPAA...

But this is a particularly egregious case because it enforces rules that are specifically inimical to education, and that run contrary the fundamental mission of a college or university—the sharing of information...the very essence of a university ought to place it in fierce opposition to demands that it police its students for the excessive sharing of information. On the contrary, colleges and universities ought to be working toward an environment in which information can be shared with more freedom."

Safe harbours for Internet intermediaries

Mark Lemley has written a fascinating paper on the patchwork of safety nets available to Internet intermediaries like telcos and ISPs to avoid liablity for the dodgy behaviour of their subscribers or remotely linked, with or without knowledge and aforethought, associates.


"Internet intermediaries - service providers, Web hosting companies, Internet backbone providers, online marketplaces, and search engines - process hundreds of millions of data transfers every day, and host or link to literally tens of billions of items of third party content.

Some of this content is illegal. In the last 12 years, both Congress and the courts have concluded that Internet intermediaries should not be liable for a wide range of content posted or sent through their systems by another. The reasoning behind these immunities is impeccable: if Internet intermediaries were liable every time someone posted problematic content on the Internet, the resulting threat of liability and effort at rights clearance would debilitate the Internet.

While the logic of some sort of safe harbor for Internet intermediaries is clear, the actual content of those safe harbors is not. Rather, the safe harbors actually in place are a confusing and illogical patchwork. For some claims, the safe harbors are absolute. For others, they preclude damages liability but not injunctive relief. For still others they are dependent on the implementation of a �notice and takedown� system. And for at least a few types of claims, there is no safe harbor at all. This patchwork makes no sense. In this article, I suggest that it be replaced with a uniform safe harbor rule. A single, rationally designed safe harbor based on the trademark model would not only permit plaintiffs the relief they need while protecting Internet intermediaries from unreasonable liability, but would also serve as a much needed model for the rest of the world, which has yet to understand the importance of intermediaries to a vibrant Internet."

Thanks to Derek Slater for the link.

Where are the UK's public intellectuals?

The Vice Chancellor of Buckingham University, Terence Keakey, has been lamenting the negative and distorted incentives generated by the 'Research Assessment Exercise' (which most people outside the higher education sector will be blissfully oblivious to) and its impact on the funding of universities.

"The Research Assessment Exercise is killing British universities as centres of public thought. Once, British universities fostered some of the most important public intellectuals in the world, but today British academics are rarely known outside their disciplines.The most influential living intellectual in the world is Noam Chomsky; in 2005, the readers of the British magazine Prospect voted him precisely that...

He made the leap from brilliant researcher to public intellectual exactly 40 years ago, in 1967, when he published his essay "The Responsibility of Intellectuals" in the New York Review of Books. That responsibility, Chomsky wrote, is to "expose the lies of government". Chomsky places that responsibility on his fellow academics...

Over the past 40 years, Chomsky has campaigned against American foreign policy, but it has been primarily as an academic that he has made his impact, showing by careful scholarship that American foreign policy is institutionally dishonest... most people know that everything George Bush says is untrue...

MIT's support for Chomsky has been solid: even when it was receiving 80 per cent of its research income from the Department of Defense, Chomsky could launch his jeremiads without internal criticism.

But MIT is an independent university, and there is no RAE in America. Consequently, MIT's physics department can process as many defence grants as it wants, but the linguistics department, where Chomsky works, is free from governmental pressure...

The President of MIT answers solely to the trustees, who are alumni, donors, and proud of MIT's academic independence. But the real master – and paymaster – of a British vice-chancellor is the Government. Of course a troublesome Chomsky in Britain would be discouraged...

If our universities are to reassume their proper role of speaking truth unto power, they will have to value scholarship and public engagement as strongly as they now value research. We should, as a first step, ditch the RAE and identify proper funds and proper incentives for leisure and thought at work."

On the positive side he has a point about the paymaster dictating the agenda, which doesn't fit too comfortably with he role of the academic to explore truths (rather than expose lies). Though a campaign to facilitate leisure time (by which he really means scholarship and thinking time) for academics is unlikely to win too many advocates in modern media circles; and I suspect his satirical claim that everything George Bush says is false may well be taken out of context should anyone in Whitehall or Washington come across this call for a change to university funding structures.

Latest EDRI-Gram

The latests EDRI-Gram is available. Some highlights (see original for links):

The European Court of Human Rights could influence the UK DNA database
12 September, 2007 » Privacy | Biometrics

Sir Stephen Sedley has recently proposed the enlargement of the DNA database in UK to cover the entire population and visitors that stay in UK even for a week, under the argument of creating a fairer system and eliminating the ethnical unbalance in the present database. But a case brought by 2 English people to the European Court of Human Rights (ECHR) could change a lot in how the database will operate.

The UK DNA database is one of the largest in the world covering data from everybody having had anything to do with any crime, minor or major, guilty or not. According to Sadley, the database is biased against ethnic minorities. "It means where there is ethnic profiling going on disproportionate numbers of ethnic minorities get onto the database. It also means that a great many people who are walking the streets and whose DNA would show them guilty of crimes, go free."

The proposal met opposition from the Prime Minister who believes that would raise civil liberties concerns but also complicated logistical issues.

Shami Chakrabarti, director of human rights organization Liberty, also said that a database for everybody in the country was "a chilling proposal, ripe for indignity, error and abuse".

The present UK DNA database is already raising issues related to the way people's data are included in it. Shadow home secretary David Davis considers the system is arbitrary and erratic. The highest concern is related to the fact that the data of people proven innocent cannot be removed from the database. And this is exactly what has triggered a case at the ECHR, that could change the whole situation.

The case was brought in front of ECHR by Michael Marper and a teenager, known as S, both arrested in 2001, the former on harassment charges and the latter with attempted robbery. They were both cleared and with no criminal records. In 2002 they required their data to be removed from the Home Office database but the Court of Appeal ruled against it. Among the appeal judges that heard the case was Sir Stephen Sedley that proposed a "universal DNA database" even in that judgment.

Mr Marper and the juvenile argued that keeping their fingerprints and DNA samples was an infringement of their private life rights as per Article 8 of the European Convention on Human Rights. Their concern is related mostly to the possible future misuse of their data.

The situation seems to be now in the hands of ECHR. A ruling by ECHR against the British Government could not only stop Lord Justice's proposal to enlarge the DNA database but also lead to the destruction of the DNA and fingerprint evidence of people that have been found innocent. The case is considered important by the judges in Strasbourg as they have sent the case before the grand chamber, because it raises a serious problem affecting the interpretation of the European Convention on Human Rights.

"This decision by the European Court of Human Rights gives us significant hope that these cases will finally result in a massive change in the law - providing protection for those acquitted of crimes against their fingerprints and DNA samples being kept, putting them on a level footing with those not previously accused of any crimes (...) We think this will be one of the most important human rights challenges the court has grappled with in recent years" stated Peter Mahy, a civil liberties specialist at Sheffield-based Howells who represent Marper and "S".

All UK 'must be on DNA database' (5.09.2007)

Plan to put everyone in DNA database hinges on human rights case (7.09.2007)

Europe to rule on whether police can keep DNA of innocent people (8.09.2007)

EDRI-gram : UK Home Office plans to fingerprint children starting 11 (14.03.2007)

US gains new advantages in the EU-USA PNR agreement
12 September, 2007 » Airline Passenger Data

In some recently published documents, Statewatch revealed that very soon after the EU-USA agreement on PNR (passenger name record) was signed on 28 June 2007, the US government announced some changes in its Privacy Act that give exemptions from responding to request for personal information held to DHS (Department of Homeland Security) and ATS (Automated Targeting System). US Government also sent a written request to the Council of EU to agree on keeping secret all the documents on the negotiations for at least 10 years.

The declared purpose of the above-mentioned exemptions is for "national security, law enforcement, immigration and intelligence activities. These exemptions are needed to protect information relating to DHS investigatory and enforcement activities from disclosure to subjects or others related to these activities (....) Disclosure of information to the subject of an inquiry could also permit the subject to avoid detection or apprehension."

The exemptions are related to the new "Arrival and Departure System" (ADIS) that the USA is to introduce and which is meant to authorise people to travel only after PNR and API (Advance Passenger Information) data has been checked and cleared by US agency watchlists: "ADIS consists of centralized computerized records for and will be used by DHS and its components. .. The information is collected by, on behalf of, in support of, or in cooperation with DHS and its components and may contain personally identifiable information collected by other Federal, state, local, tribal, foreign, or international government agencies."

The Automated Targeting System, that is to be exempted as well, is a system of 6 modules of dealing with Passenger Name Record (PNR) data.

The exemptions seem to be meant to counterbalance "the set backs" for the US government in the EU-US PNR agreement signed in June. In the text of the agreement it is stated that DHS has taken the decision "to extend administrative Privacy Act protections to PNR data stored in the ATS regardless of the nationality or country of residence of the data subject, including data that relates to European citizens. Consistent with U.S. law, DHS also maintains a system accessible by individuals, regardless of their nationality or country of residence, for providing redress to persons seeking information about or correction of PNR."

The exemptions introduced now contradict this statement, as also notice Tony Bunyan, Statewatch editor : "The adoption of these two exemptions will seriously diminish any rights EU citizens have to find out what data is held on them and who it is held by. Did the Council and the Commission, who negotiated the agreement, know the US was planning to introduce them, and if not why not?"

Another measure taken by the US Government related to the agreement signed in June is one regarding the confidentiality of the negotiations that led to signing the act. On 30 July 2007, Mr Paul Rosenzweig, Acting Assistant Secretary for Policy at the US Department for Homeland Security sent a written request to the Council of European Union to agree on keeping secret all the documents on the negotiations for at least 10 years after the entering into force of the agreement.

EU's Article 29 Data Protection Working Party issued on 17 August an opinion on the new EU-USA PNR agreement concluding that it sensibly weakened the safeguards provided by the previous agreement and that "the new agreement leaves open serious questions and shortcomings, and contains too many emergency exceptions."

"Yet again we see the USA telling the EU what to do. In this case how it should operate the EU Regulation on access to documents. How can any request for PNR documents be fairly considered under EU law when it has already agreed to exercise a US veto? Are we going to see documents for all future EU-US agreements kept secret too? US access to PNR data and its further processing is an issue of substantial public interest which directly effects the rights and privacy of EU citizens and therefore all the documentation should be in the public domain for parliaments and people to see and discuss. It is a quite outrageous request and it is even more outrageous that the EU is going to agree to it" commented Tony Bunyan, Statewatch editor.

US changes the privacy rules to exemption access to personal data (4.09.2007)

US demands 10 year ban on access to PNR documents (2.09.2007)

Proposed Rules, Federal Register - DHS, 6 CFR Part 5, Privacy Act of 1974: Implementation of Exemptions (22.08.2007)

Article 29 Data Protection Working Part - Opinion 5/2007 on the follow-up agreement between the European Union and the United States of America on the processing and transfer of passenger name record (PNR) data by air carriers to the United States Department of Homeland Security concluded in July 2007 (17.08.2007)

EDRI-gram: Final agreements between EU and USA on PNR and SWIFT (4.07.2007)

Wednesday, September 12, 2007

NTP roll out the patent lawyers again

From Reuters:

"NTP Inc, which last year won a $612.5 million settlement from the maker of Blackberry, has sued four of the top U.S. mobile service providers for infringing eight patents related to wireless e-mail.

The lawsuits, against Verizon Wireless, Sprint Nextel Corp (S.N: Quote, Profile , Research), T-Mobile USA and the mobile unit of AT&T Inc (T.N: Quote, Profile , Research) were filed September 7 in the U.S. District Court for the Eastern District of Virginia, according to court documents."

A rare courtroom win for the tinkerers

The EFF have succeeded in blocking DirecTV's broadsweep legal tactics at least in the case of a couple of security researchers.

"In an important ruling today, the 9th U.S. Circuit Court of Appeals blocked satellite television provider DirecTV's heavy-handed legal tactics and protected security and computer science research into satellite and smart card technology after hearing argument from the Electronic Frontier Foundation (EFF).

The cases, DirecTV v. Huynh and DirecTV v. Oliver, involved a provision of federal law prohibiting the "assembly" or "modification" of equipment designed to intercept satellite signals. DirecTV maintained that the provision should cover anyone who works with equipment designed for interception of their signals, regardless of their motivation or whether any interception occurs. But in a hearing earlier this year, EFF argued that the provision should apply only to entities that facilitate illegal interception by other people and not to those who simply tinker or use the equipment, such as researchers and others working to further scientific knowledge of the devices at issue.

"Congress never meant this law to be used as a hammer on those who use or tinker with new technologies," said EFF Senior Staff Attorney Jason Schultz. "We're pleased the court recognized that researchers need to be protected."

These cases were part of DirecTV's nationwide legal campaign against hundreds of thousands of individuals, claiming that they were illegally intercepting its satellite TV signal simply because they had purchased smart card technology. Because DirecTV made little effort to distinguish legal uses of smart card technology from illegal ones, EFF has worked to limit the lawsuits to only those cases where DirecTV has proof that their signals were illegally received."

Tuesday, September 11, 2007

PETs so last century

From the ever thoughtful blogging on the identity trail comes an interesting essay on privacy enhancing technologies (PETs) from a privacy advocate.

"In May the European Commission endorsed the development and deployment of PETs(1), in order to help “ensure that certain breaches of data protection rules, resulting in invasions of fundamental rights including privacy, could be avoided because they would become technologically more difficult to carry out.” The UK Information Commissioner issued similar guidance on PETs in November 2006(2)...

Are PETs the answer to information privacy concerns? A closer look at the European and UK communiqu├ęs suggests otherwise - for all their timeliness and prominence, they reflect thinking about PETs that is becoming outdated. The reports cite, as examples of PETs, technologies such personal encryption tools for files and communications, cookie cutters, anonymous proxies and P3P (a privacy negotiation protocol). Not a single new privacy-enhancing technology category here in seven years...

Unfortunately, few of the privacy-enhancing tools cited by advocates have enjoyed widespread public adoption or viability (unless installed and activated by default on users’ computers, e.g. SSL and Windows firewalls). The reasons are several and varied: PETs are too complicated, too unreliable, untrusted, expensive or simply not feasible to use. The threat model they respond to, and benefits they offer, are not always clear or measurable to users. PETs may interfere with normal operation of computer applications and communications, for example, they can render web pages non-functional...

Perhaps the underlying difficulty may be a conceptualization of PETs as a technology, tool or application exclusively for use by individuals, complete in itself, expressed perhaps in its purest form by David Chaum’s digital cash Stefan Brands' private credentials. As brilliant as those ideas are, they have had limited deployment and viability to date. It seems that, to be viable, PETs must be also meet specific, recognizable needs of organizations...

A more comprehensive approach to defining and using PETs is required - one that clearly accommodates the interests and rights of individuals in a substantial way, yet which can be adopted or at least accommodated by organizations with whom individuals must inevitably deal. This requires a more systemic, process-oriented, life-cycle, and architectural approach to engineering privacy into information technologies and systems.

PETs as we know them are effectively dead, reduced to a niche market for paranoids and criminals, claimed by some security products (e.g., two-factor authentication dongles) or else deployed by organizations as a public relations exercise to assuage specific customer fears and to build brand confidence (e.g. banks' anti-phishing tools, web seals)."

Domain name outlaw faces 20 years

From NetworkWorld: "A Las Vegas man faces about 20 years in prison today after he agreed to plead guilty to wire fraud for impersonating an intellectual property lawyer and threatening lawsuits against the owners of Internet domain names."

US travellor data to be kept for 15 years not 40

From the AP:

"Rejecting a wave of criticisms, the U.S. government has agreed to only modest changes in the computerized system that assesses whether each American who travels abroad poses a terrorist threat.

The Homeland Security Department decided to keep the risk assessments for 15 years instead of 40 years and no longer will share them with federal, state and local officials who are deciding whether a person gets a job, a security clearance, a license to do business or a government contract.

Nevertheless, travelers still will not be allowed to see their actual assessments or the reasons for them. Federal agents still will be looking at an array of information about international travelers - Americans and foreigners; this includes even meal choices, the names of traveling companions and the number of hotel beds requested."

Monday, September 10, 2007


Simon Willison gave an interesting keynote presentation on OpenID at Pycon UK 2007 in recent days. His slides are available at SlideShare.

In addition Kim Cameron and Ben Laurie had a really interesting debate about open ID and CardSpace over the summer, which I must have another look at.

Entertaining physics

I highly recommend Professor Walter Lewin's lectures on physics available at MIT's opencourseware.

The work of a wonderful teacher available at the click of a mouse.

ECHR to look at keeping DNA of innocents

The Independent reports this morning that judges in the European Court of Human Rights are to consider the retention by police of the DNA of suspects who subsequently acquitted or not charged of a crime.

"Police could lose the power to keep DNA samples taken from suspects who have been cleared of any wrongdoing, in a landmark case which is to be decided by the highest court in Europe.

A ruling against the British Government could lead to the destruction of tens of thousands of DNA and fingerprint materials as well as deal a severe blow to any plans to create a universal genetic database.

The challenge at the European Court of Human Rights is being brought by a teenager, known as S, who was arrested and charged with attempted robbery aged 11 in 2001, and Michael Marper, from Sheffield, who was arrested on harassment charges, aged 38, in the same year. Both were cleared and have no criminal records...

European judges in Strasbourg believe the issue is so important that they have decided to fast-track the case to go before the grand chamber, where all the Strasbourg justices will sit to determine the matter.

The decision has been taken because the court decided that the case raises a serious question affecting the interpretation of the European Convention on Human Rights or because its resolution might have a result inconsistent with a previous judgment of the court."

In the light of previous calls by Tony Blair, Gordon Brown and other members of the Nu Labour government and just last week a similar call from a respected law lord for the expansion of the DNA database, it is good to see the ECHR stepping in to assess the substantive issues. It's a case to be watched very closely, though whatever the outcome it will, sadly, be hyped up as a massive defeat or victory for the government.

More Apple digital locks

One of the reasons I've never been a big Apple fan is their heavy-handed proprietary approach to their technologies. I tell the story in my book about Apple's spat in 2004 with RealNetworks, when the Real folks made it possible for iPod owners to buy music from the Real music store in addition to the sole existing prior source, iTunes. Apple went nuts accusing Real of hacking into the iPod and threatening all kinds of lawsuits. Then they upgraded their software so that iPod owners couldn't buy songs from Real. Real upgraded theirs and so the tit for tat went on.

Fast forward three years and the same story is being played out on iPhone ringtones. Fred von Lohmann has a lovely succinct description of the latest idiocy.

"Apple's new product announcements this week may have laid the foundation for the next round of DMCA lawsuits. It sure looks like Apple is using the DMCA to block competition, rather than stop "piracy."

First suspect: ringtones on the iPhone. Just before the Apple announcement of its new ringtone offerings (that'll be 99 extra cents, please), Ambrosia had announced iToner, a new piece of software that allows iPhone owners to use any MP3 or AAC file as a ringtone. In other words, no more need to pay Apple for the privilege.

Apple's response? Well, apparently the latest "upgrade" to Apple's iTunes software (v. 7.4) auto-magically erases any unapproved ringtones that iToner installs...

Second suspect: locking the iPod video output. iLounge reports that the latest generation of iPods refuses to output video to cables, docks, and accessories that lack an Apple "authentication chip." If this is true, then it may represent an attempt by Apple to use the DMCA to limit competition and interoperability, in a manner reminiscent of Lexmark's printer toner cartridge lock-out chip or the infamous DMCA garage-door opener case...

Notice that neither of these Apple "lock-in" measures has any obvious relationship with preventing "piracy." As we've been saying for years, this appears to be the real legacy of the DMCA -- even as the music industry abandons DRM as an anti-piracy measure, Apple deploys it as an anti-competition measure."

Update: Derek Slater's thoughts on same are worth reading. As are those at the ipodminusitunes blog

Federal Judge in blistering critique of Congress over Patriot Act

From the AP via Findlaw: Federal judge strikes down part of Patriot Act in blistering criticism of Congress

"A federal judge struck down a key part of America's top anti-terror laws in a ruling that defended judicial oversight and bashed Congress for passing a law that makes possible "far-reaching invasions of liberty."...

He said Congress, in the original USA Patriot Act and less so in a 2005 revision, had essentially tried to legislate how the judiciary must review challenges to the law. If done to other bills, they ultimately could all "be styled to make the validation of the law foolproof."...

Regarding the national security letters, he said, Congress crossed its boundaries so dramatically that to let the law stand might turn an innocent legislative step into "the legislative equivalent of breaking and entering, with an ominous free pass to the hijacking of constitutional values."

He said the ruling does not mean the FBI must obtain the approval of a court prior to ordering records be turned over, but rather must justify to a court the need for secrecy if the orders will last longer than a reasonable and brief period of time."

Update: Jack Balkan's thoughts on the decision as ever are well worth perusing.

Little Britain, Catherine Tate, the lawyers and the evangelicals

Apparently an evangelical church publishing group has been using catchphrases from popular BBC shows on it's recruitment posters and m'learned friends are not amused. The church group has withdrawn the posters. Naturally the Sun headlines the story: Little Brit catchphrases stolen The Star goes with How Very Dare You. And the rest of the pack don't seem to have picked up on it.