Friday, October 14, 2005

Adelphi Charter

I attended the launch of the RSA's intellectual property charter yesterday evening. Written by an international commission consisting of a hugely distinguished group of artists, scientists, lawyers, politicians, economists, librarians, academics and business experts, The Adelphi Charter on Creativity, Innovation and Intellectual Property represents an immensely important set of principles for the future of the knowledge economy. Here's a taste:

1. Laws regulating intellectual property must serve as means of achieving creative, social and economic ends and not as ends in themselves.

2. These laws and regulations must serve, and never overturn, the basic human rights to health, education, employment and social life...

and so on to number 9 which basically requires evidence of claimed benefits from people asking for changes in IP laws.

The real challenge comes from attempting to put these principles into practice and I'm reminded of the story of the lost tourist in Connemara who stops to ask one of the locals the way, only to be told, "Now if I was going there, I wouldn't start from here."

So it's a difficult road ahead if the charter is to have any real influence. James Boyle has already got his own measure of success for it - when it becomes so "banal and obvious" that anyone who might have an interest would be stunned beyond belief at the notion that it had ever been the subject of serious debate. When it comes to IP, requiring evidence of the claimed benefits before engaging in massive expensive policy changes, is considered controversial. This in itself is rather a sad reflection on our modern policy making processes in the area.

John Howkins, veteran of many policy fora, and chairman of the Adelphi Charter Commission said last night that he has never been subject to such personal vitriol as he has over this charter, almost exlusively based on a misunderstanding or mischaracterisation of what the commission are trying to do. This was evidenced in the RSA lecture theatre by an authors' representative saying that the charter was worthless because it made no reference to an author's right to be paid for their work. Yet the charter explicitly includes the language: "Creativity and investment should be recognised and rewarded."

My systems colleagues at the Open University would suggest that this represents a thinking trap. but when it comes to people's personal beliefs and values it's quite a tough one to break through.

In any case, here's to the rapid descent of the Adephi Charter into universally accepted banality!

Budget ID card

From the Guardian, Clarke announces new £30 'budget' identity card.

Thursday, October 13, 2005

How cc

Larry Lessig's second newsletter on Creative Commons explains how the importance of copyright saw a paradigm shift with the advent of digital technologies. An obscure law, with very little significance for most people, now directly affects anyone with a PC connected to the Net. Lary writes:

"there has always been proprietary culture — meaning work protected by an exclusive right. And in my view at least, that's not a bad thing either. Artists need to eat. Authors, too. A system to secure rewards to the creative community is essential to inspiring at least some creative work.

But for most of our history, the burdens imposed by copyright on
other creators, and upon the culture generally, were slight. And
there was a great deal of creative work that could happen free of the
regulation of the law. Copyright was important to cultural
development, but marginal. It regulated certain activities
significantly, but left most of us free of copyright's control.

All that began to change with the birth of digital technologies, and
for a reason that no one ever fully thought through.

If copyright regulates "copies," then while a tiny portion of the
uses of culture off the net involves making "copies," every use of
culture on the net begins by making a copy. In the physical world, if
you read a book, that's an act unregulated by the law of copyright,
because in the physical world, reading a book doesn't make a copy. On
the Internet, the same act triggers the law of copyright, because to
read a book in a digital world is always to make a "copy." Thus, as
the world moves online, many of the freedoms (in the sense of life
left unregulated by the law of copyright) disappear. Every use of
copyrighted content at least presumptively triggers a requirement of
permission. The failure to secure permission places a cloud of
uncertainty over the legality of the use...

Now many don't care about clouds of uncertainty. Many just do what
they want, and ignore the consequences (and not just on the Net). But
there are some, and especially some important institutions like
schools, universities, governments, and corporations that rightly
hesitate in the face of that uncertainty. Some, like an increasing
number of universities, would require express permission to use
material found on the Internet in classrooms. Some, like an
increasing number of corporations, would expressly ban employees from
using material they find on the web in presentations. Thus just at
the moment that Internet technologies explode the opportunities for
collaborative creativity and the sharing of knowledge, uncertainty
over permissions interferes with that collaboration."

Wednesday, October 12, 2005

Do we want perfect law enforcement

Daniel Solove has been wondering if we really want perfect law enforcement?

"I believe that people have ambivalent views toward many laws, such as speeding laws. They generally support the laws, but they often violate them. For example, would society really want perfect enforcement of the drug laws? Imagine if everybody who did drugs at one point in their lives were caught. This could nab quite a lot of people, including many corporate CEOs, politicians, and probably every celebrity.

What about perfect enforcement of underage drinking laws? Probably the majority of the population has at one time during their childhood engaged in underage drinking. And quite a lot of adults have furnished alcohol to a minor at one point in time.

So perhaps we don’t want to enforce these laws perfectly. Yet, doesn’t imperfect enforcement unfairly penalize the unlucky few who get caught? Indeed, prior drug use can disqualify people for certain jobs, such as the FBI (which is considering rethinking some of its policies). Underage drinking violations can appear on a person’s record. Should these stains on people’s records be put there haphazardly? After all, if many people are guilty of these things, why should only the unlucky few who get caught be punished?"

A real remedy for phishing

Bruce Schneier has an excellent article in Wired about phishing.

"The actual problem to be solved is that of fraudulent transactions. Financial institutions make it too easy for a criminal to commit fraudulent transactions, and too difficult for the victims to clear their names. The institutions make a lot of money because it's easy to make a transaction, open an account, get a credit card and so on. For years I've written about how economic considerations affect security problems. They can put security countermeasures in place to prevent fraud, detect it quickly and allow victims to clear themselves. But all of that's expensive. And it's not worth it to them...

In economics, this is known as an externality: It's an effect of a business decision that is not borne by the person or organization making the decision. Financial institutions have no incentive to reduce those costs of identity theft because they don't bear them.

Push the responsibility -- all of it -- for identity theft onto the financial institutions, and phishing will go away... It will go away because the information a criminal can get from a phishing attack won't be enough for him to commit fraud -- because the companies won't stand for all those losses.

If there's one general precept of security policy that is universally true, it is that security works best when the entity that is in the best position to mitigate the risk is responsible for that risk. Making financial institutions responsible for losses due to phishing and identity theft is the only way to deal with the problem. And not just the direct financial losses -- they need to make it less painful to resolve identity theft issues, enabling people to truly clear their names and credit histories. Money to reimburse losses is cheap compared with the expense of redesigning their systems, but anything less won't work."

Joi Ito's iTunes Mess

Joi Ito has been having grief with his iTunes purchases. More good publicity for drm.

"I had set Mizuka up with iTunes music store on a Mac Mini with an external drive. At some point, she had filled up most of the external drive with stuff and she alleges that iTunes told her it was going to start moving stuff to another drive. Then certain songs stopped playing. I sort of ignored her mumbling until I asked her to run disk doctor on the drive. The utility told us that her disk was irreparably broken. The songs are broken on her iPod too. (The bad songs skip.) Apple says back up, or when you disk dies you out of luck.

Is there nothing we can do? I'm about to copy all of the music onto a new drive, erase any files that don't play and call it a day. Does anyone have any advice or a better idea?

UPDATE: Kevin Marks recommended Disk Warrior, which seems to have fixed the drive, but now many of the files are 0 bytes long. I guess we just lost a lot of music. Hmm..."

The home printing racket

John's been ruminating about the home printing racket, after reading a piece in the New York Times.

"It does not take an advanced business degree for those consumers to see how printer manufacturers like Hewlett-Packard and Canon make their money. They use the "razor blade" business model. It is named from the marketing innovation of King C. Gillette, who in the early years of the last century sold razors for a low price but made all his money on the high-margin disposable razor blades. Printer manufacturers also use this tied-product strategy.

Printers return relatively low profit margins. But the ink, ounce for ounce, is four times the cost of Krug Clos du Mesnil Champagne, which sells for around $425 a bottle. Ink is about the same price as Joy perfume, considered to be one of the more pricey fragrances, at $158 for a 2.5-ounce bottle."

Fergusson refused a trademark on his name

Alex Fergusson has been refused a trademark on his name, according to IPKat.

Business support for ID cards collapses

According to Life Style Extra, business support for compulsory biometric ID cards has collapsed.

Defending Google's licence to print

Bill Thompson at the BBC thinks Google Print is a great idea and is not impressed at the Authors Guild lawsuit to impede the project.

Fingerprint payments taking off

Robert Lemos at Security Focus reports that fingerprint payments are taking off in spite of the security problems associated with the approach.

Tuesday, October 11, 2005

Dear Recording Industry...

At Brainwash Tim Lee has written an open letter to the recording industry:

"Dear Recording Industry,

You're being had.

Online music sales have soared, from $220 million in the first half of last year, to $790 million in the first half of this year. Millions of consumers are discovering the convenience of buying music online. There's just one problem: if you don't change your strategy, you're going to give the store away to Apple CEO Steve Jobs. His iTunes Music Store is the industry leader, and thanks to digital rights management (DRM) technology, every customer who buys your products from the iTunes Music Store becomes locked into Apple products. If that's not changed, that will soon make Steve Jobs the most powerful man in your industry.

Fortunately, there's an easy solution: when you renew your contract, you should demand that Apple remove the digital rights management (DRM) technology from the iTunes Music Store.

Yes, you read that right: you need to stop letting Apple use DRM technology with your songs. I know that DRM was originally developed at your request, but I hope to persuade you that that was a strategic blunder. If you don't correct it, you run the risk of making Apple's shareholders very wealthy at your expense..."

Read on. He makes a lot of sense.

GlaxoSmithKline pay $150 Million in false-Claims case

From Findlaw, GlaxoSmithKline Settles False-Claims Suit for $150 Million:

"Pharmaceutical powerhouse GlaxoSmithKline will pay $150 million to settle a whistle-blower action accusing the company of inflating cancer-drug prices and defrauding the federal Medicare, Medicaid and Tricare programs, according to the U.S. Department of Justice.

The settlement agreement reports that Philadelphia-based GSK denied the allegations but agreed to pay the money and change its drug marketing practices to avoid the expense and inconvenience of litigation."

Monday, October 10, 2005

Judge convicts hacker with "considerable regret"

A security consultant has been convicted under Section 1 of the UK Computer Misuse Act, of unauthorised access to the Disaster Emergency Committee's tsunami fundraising web site. Yet it was agreed by all sides that he had not done anything malicious. However, the law effectively applies a strict liability test and unauthorised access is a crime regardless of the motive of the perpetrator. As the judge said, "unauthorized access, however praiseworthy the motives, is an offense."

Peter Sommer of the London School of Economics reckons the police should have just given him a slap on the wrists. Even the judge said he was convicting "with some considerable regret."

The defendant, Daniel Cuthbert, has lost his job and is having difficulty finding another. Apparently he lied to the police when first arrested, which could have been the reason they decided to prosecute, even when the full circumstances of Cuthbert's actions came to light. The folks working in high tech crime units are over-worked and under-resourced. And I wonder to what the degree the politics of the need for successful convictions drove this case but on balance I agree with Peter Sommer. The prosecution of someone with no malicious intent, who has done no damage, though he has admittedly wasted scarce specialist police ressources, was not in the public interest.

Thanks to Seth Finkelstein for the link.

EU & Canada airline passenger data deal

I missed this last week:

"The EU has signed a deal with Canada that will allow European airlines to provide Canadian authorities with details of who is scheduled to fly on planes headed for the country."

Thanks to Steve Hedley for the link.