Friday, February 10, 2006

Google Copies Your Hard Drive - Government Smiles in Anticipation

The EFF are warning that a new "feature" of the Google desktop software is a serious privacy risk.

Agreement Reached on Patriot Act Changes

With neither the Democrats nor the Republicans wanting a debate on the renewal of the PARTIOT Act to be an issue in this year's elections, (particularly those opposing its renewal due to concerns about civil liberties), it looks like they have reached an agreement on implementing changes to the Act.

Spyware warriors call for action

From the BBC, Spyware warriors call for action.

"Computer users whose machines have been hijacked by potentially dangerous software are being asked to add their tales of woe to an online campaign.

Security experts say that growing numbers are being conned into paying for fake anti-spyware programs.

Now grassroots online security activists in the UK hope testimonies can raise awareness of the problem. "

Good idea. IF you'd like to get a decent understanding of malware and this kind of cybervandalism, we run a 10 week online course on it at the Open University. Details of how to sign up etc can be found here.

Stimulating privacy awareness

Leslie Shade, an Associate Professor at Concordia University, recounts On the Identity Trail the results of a wonderful exercise she had her students engage in to stimulate their general awareness of privacy issues in the modern era.

"This semester in an Issues in Information Society fourth year undergraduate class at Concordia University’s Department of Communication Studies, one of the assignments I gave students was for them to create a project detailing ‘Surveillance in Everyday Life’: “Students are asked to provide a portfolio of their everyday interactions and how they are impacted by surveillance. Be as creative as possible! This can include photo documentation, monitoring of public discourses on surveillance issues, fiction, a play, podcasting, the creation of a CDROM or….”

Readings by Foucault, Lyon, and O’Harrow Jr., on privacy and surveillance were meant to stimulate the students and add to the other scholars we had been studying: Bell, Castells, Mosco, Huws, Schiller, Black, etc.,"

The students, it seems, surprised even themselves. One student wrote:

"I took a couple of photos of the eye-in-the-sky. I was being discrete thus I was more than a little surprised when less than two minutes after the first photo I was approached by an employee and asked to stop. Honestly, I only thought those systems were monitored in Vegas. I expected that these cameras were only connected to VCRs, and perhaps they are, I don't know if it was someone from upstairs or an employee on the floor who noticed me. In any case I was asked to stop. The double standard always shocks me – the business can monitor the consumer, but the consumer can not monitor the business. I promptly left, but not before snapping a couple of shots of the stickers that are used to gauge height in the instance of a robbery."

Another, a Starbucks employee had this to say:

"So what do my experiences with employee surveillance say about the work-place culture we have become accustomed to? Is there now such little trust that employees must be monitored and tracked? The problem is that such cultures of fear are being used to the benefit of the corporations we work for or governments we belong to. I feel justified in pondering whether the bomb threats that occurred at my government offices – these regular occurrences - were a way of keeping us on our toes? If we a population perceives itself as constantly under threat, it is more likely to bend to increasing control over their lives. But are there also benefits to these monitors? As the good employee, I benefit greatly from some of them. Free access to a car all summer. Free Internet use. Those extra minutes I came in early and stayed late at Starbucks add up over time – at least I’m getting paid for them right? Who cares if the trade-off for all of these things is a little surveillance? But therein lies the problem: surveillance only benefits conformists. It is made to oppress and subjugate a people, not to help them rise up. The real problem with surveillance is that it tries to eliminate the individual – the thing we all strive so hard to be – and it is individuals that change a culture, not conformists."

You can't beat hands on experience to get a real feel for the issues.

Cheney authorised Libby to release classified information

From the National Journal,

"Vice President Dick Cheney's former chief of staff, I. Lewis (Scooter) Libby, testified to a federal grand jury that he had been "authorized" by Cheney and other White House "superiors" in the summer of 2003 to disclose classified information to journalists to defend the Bush administration's use of prewar intelligence in making the case to go to war with Iraq, according to attorneys familiar with the matter, and to court records."

FDA says ADHD drugs could be linked to 25 deaths

The US Food and Drug Administration (FDA) are looking into the possibility that popular drugs like Ritalin used to treat attention deficit hyperactivity disorder may be linked to the deaths of 25 people.

Thursday, February 09, 2006

Felten on VEIL and the analog hole bill

Ed Felten has again raised concerns about plan to a require, by law, that all devices that accept analog video inputs must implement a secret technology.

"This process cannot be “open and public”, and an agreement on how the VEIL technology should be changed cannot be published, if the VEIL technology is secret. You can’t have a negotiation about how VEIL might be fixed, if the parties to that negotiation have promised not to disclose how VEIL works. And you can’t meaningfully invite members of the public to participate in the negotiation if they aren’t allowed to know about the subject being negotiated.

But that’s not all. The rulemaking will happen if somebody files a petition that convinces the Patent Office that VEIL “has become materially ineffective in a way that cannot be adequately remedied by existing technical flexibility in the embedding function” of VEIL.

The embedding function of VEIL is the gizmo that puts VEIL watermarks into video that is going to be distributed. It is separate from the detection function, which detects the presence or absence of a VEIL watermark in video content. The bill mandates that all analog video devices must include the detection function, so it is the detection function that one could learn about by paying the fee and taking the secrecy pledge.

But the embedding function of VEIL is entirely secret, and is not being revealed even to people who pay the fee and take the pledge. As far as I know, there is no way at all for anyone other than the VEIL company to find out how the embedding function works, or what kind of “existing technical flexibility” it might have. How anyone could petition the Patent Office on that subject is a mystery.

In short, the rulemaking procedure in Section 105 is entirely inconsistent with the secrecy of VEIL. How it got into the bill is therefore a pretty interesting question. Reading the bill, one gets the impression that it was assembled from prefab parts, rather than reflecting a self-consistent vision of how a technology mandate might actually work. "

Institutions, History, and Economic Development

Interesting article from Professor Kenneth Dam on Institutions, History, and Economic Development. Abstract:

To gain insight into how the developing world can attain the Rule of Law and thereby further economic development, a good place to start is to ask how countries in today's developed world did so. Western Europe, for example, did not enjoy the Rule of Law in the Middle Ages but successfully achieved it over a number of centuries, at least in the economic sphere of enforcing contracts and protecting property rights. The events in England culminating in the Glorious Revolution illustrate the importance of legal institutions and, especially, of public law. The private law of contract and property were not sufficient. The problem of the "predatory ruler" had to be overcome, and England did so by vesting control in Parliament over the King's revenues from public sources and his expenditures and by assuring the independence of the judiciary. The French revolution, in contrast, resulted in high quality unified private substantive law under the Napoleonic codes, but the public law system suffered from the subordination of the role of the judiciary.

Fascinating stuff though not for the fainthearted.

Librarians protecting terrorists?

Disturbing attack on a librarian and the American Library Association (ALA) in the Boston Globe. It's basically a rant about needing to give up civil liberties for some extra security, whilst at the same time accusing librarians of protecting terrorists, or one in particular who apparently made a "credible terror threat to Brandeis University" on a library computer.

Good Fences Make Bad Broadband

Public Knowledge have produced a new white paper on network neutrality, Good Fences Make Bad Broadband.

CAFTA (TRIPS-plus for Central America) in peril

With the elections in the Costa Rica too close to call and the the two candidates taking pro and ant- stances on the Central American Free Trade Agreement (CAFTA), Andres speculates that the US exporting of DMCA-like intellectual property provisions mike be in jeopardy.

Diebold to get out of evoting?

Diebold's new CEO is thinking of getting rid of the company's much criticised electronic voting machine division.

Energy costs of digital information

It seems that I'm not the only one who has been thinking about the energy costs of digital information.

All the big computing and dot com companies are concerned about their energy bills. Sun have even hosted a two day conference on the issue recently.

"The problem arises from the large amounts of electric power needed to cool the tens of thousands of microprocessors at today's data centers.

Indeed, the cost of electricity to cool these server farms account for about half of the power bill of these centers, said Jon Koomey, a consulting professor at Stanford University's civil engineering department"

Like the untility guy quoted in the report I can't see the technology industry curbing its thirst for energy any time soon, though with the impending world oil shortage, their attention will be more and more drawn to rapidly increasing energy bills. The second law of thermodynamics says more efficient technologies ultimately won't solve the problem of increasing consumption, though they can slow down the rate of deterioration. So in the short to medium term these companies need to be looking at significantly less energy intensive computing architectures, as does the rest of the commercial world that has bought into Bill Gates' "PC on every desk" vision.

Microsoft fails to get another extension from the EU

Microsoft have run out of time to explain why they have failed to comply with the requirements of the antitrust ruling and now face more fines.

French Court says p2p file sharing is legal

The District Court of Paris has cleared a P2P user of copyright infringement despite accepting he had 1875 unauthorised MP3 and DIVX files on his computer. The court declared that uploading and downloading these files on P2P networks amounted to "private copying." (The decision was made before Christmas and the details have just been made available).

Google routinely filter searches on DMCA grounds

Xeni Jardin at Boing Boing has reminded us that Google routinely filters some searches to comply with DMCA.

"That's the bad news. And actually, it's not new news, as it's been going on for several years. The good news, however, which some may not know -- is that they're transparent about it, and each instance points to more case information at chillingeffects.org."

Intel accuse SCO of untruths

SCO are potentially in hot water in a Utah court, according to Pamela Jones:

"Well, *now* SCO's really gone and done it. They got used to IBM's restraint, I guess, and told a story to the Utah court, and now they are being called on it. First, we saw Oracle dispute SCO's story about the subpoenas in its motion to quash in California, and now Intel has filed in Utah a Nonparty Intel's Response to SCO's Motion For Leave to Take Certain Prospective Depositions [PDF], and they are hopping mad. Mad enough to tell Judges Kimball and Wells that what SCO said about Intel is "unfair and untrue":
Although Intel takes no position on whether SCO's Discovery Extension Motion should be granted, Intel is compelled to respond to SCO's misrepresentations about Intel's conduct.
Intel won't stand by and let itself be maligned...

And for the killer blow, Intel ends like this:
Intel takes discovery obligations seriously. SCO's attempt to blame Intel for creating SCO's need for more time simply ignores the facts.
Here's the bottom line. It isn't just IBM now telling Judge Kimball and Judge Wells that SCO doesn't always tell the truth, the whole truth and nothing but the truth. That is going to cost them. Remember when your mom told you not to lie? She was absolutely right. And in a courtroom, once you've lost your reputation as a truth-teller, the game is so over."

Swedish Pirate Part aim to change copyright laws

A new political party in Sweden is aiming to get intellectual property laws changed.

Wednesday, February 08, 2006

Lord demands government apology to Simon Davies

In the latest debate on the government's ID card scheme in the House of Lords, the Earl of Northesk has asked the government to apologise to Simon Davies.

"Simon Davies, who the Government have consistently and repeatedly vilified for his involvement with the LSE Identity Project, has written to the Prime Minister indicating his possible intention to pursue the matter in the courts should such defamation be repeated. As his letter states, the fact is that:

"More than sixty academics and a further forty external experts have contributed to the LSE work".

That being so, is the Minister prepared to take this opportunity on behalf of the Government to retract the outrageous slurs perpetrated against Mr Davies and offer an apology?"

Lord Bassam of Brighton, in his response, neglects to take the opportunity to apologise, simply by ignoring the question.

Burnham letter to MPs on ID cards

Andy Burnham, Home Office minister in charge of the ID card scheme has sent a letter to colleagues (1.2 MB pdf), which proports to be a "detailed note about the costs of the Identity Cards scheme."

It's actually nothing of the sort and goes nowhere near providing a detailed account of the costs. What it does do is heavily misrepresent the LSE Identity Project report, which has been such a thorn in the government's side on this issue. For example, he states that "The LSE also added an inflated £1 billion marketing budget..." There is simply no such allocation in the LSE estimates. This is a complete fabrication on Mr Burnham's (or, more likely, his advisers') part.

What is really interesting, however, is what it doesn't say. It does not provide detailed costs as it claims. Also, following Simon Davies' letter to the Prime Minister threatening legal action for defamation if he or his ministers continued their ourrageous claims that Davies was a biased, sole author of the LSE report, Mr Burnham's letter does not include a repetition of the slur.

Twisting the facts to fit the story - the media and BT Cleanfeed stats

Kieran McCarthy is also less than enamoured with the mainstream media hysteria over BT's latest report on it's BT Cleanfeed statistics. BT Cleanfeed is the company's child pornography software filter system.

The stories are all essentially reporting the same thing - that 35000 attempts to access child abuse pictures are blocked by BT every day. McCarthy says that the reality is somewhat different.

"It is a carefully engineered twisting of figures and facts to provide a dramatic story. Maybe that's just par for the course, but when you are talking about child pornography and building up an image of the Internet as a dangerous, lawless place, you would think media outlets like the BBC, Independent and Times would be a little more careful.

The facts

Here are the facts: BT runs a program it calls "Cleanfeed". This programme consists of blocking access to a list of websites provided to its by the Internet Watch Foundation. Anyone using BT as an Internet service provider will not be allowed to visit these sites, and BT keeps records of how often it blocks access.

BT released figures yesterday that showed Cleanfeed had picked up four million hits over the past four months. This has been reported as 35,000 attempts to access child porn site per day...

Definitions

A "hit" - is a single request for a piece of information from a web page - be that a picture, the text, a piece of code, whatever. As such a single web page that you view can account for a number of hits. In fact, because of how web design has developed, you tend to get, on average, 10 hits per actual page that you look at on the screen. However, if it comes to a webpage exclusively set up to show pictures, you get very easily get anywhere from 30 to 100 hits per page...

So what are BT's results? Well, we don't know, because BT refuses to tell anyone what its figures relate to...

Some calculations

So, we have 33,000 hits a day. Let's assume a figure of 50 hits per page. That equates to 660 page impressions a day. That's still alot of pages you say. Yes, except for the fact that this blog alone averages over 2,000 page impressions a day.

I can tell you that those 2,000 page impressions equate to 400 people. So assuming that the people click on this site as the same rate as someone looking frantically for child pornography - which is quite obviously not going to be true - that means that 130 BT customers a day try to find child porn. BT has over three million customers.

There are people looking for child porn out there, and you can assume that if they are willing to look for it, they will search extensively. So I think you can safely assume that there are approximately 20 people using BT that are looking for child porn.

Which means that across the UK, there are probably 150 people trying to access child porn on any every given day, out of a total population of 60 million. Suddenly it doesn't seem quite so terrifying, does it...

The real story is that the UK has the strongest anti-child porn system and laws in the world. That's a fact. The actual situation is that there is now almost no child porn at all stored on UK computers, that the number of people attempting to access it anywhere on the Internet from this country is tiny, and that figure is most likely going down.

So how come the media reports point to the exact opposite of the situation? How come the very, very clear implication is that there are 35,000 individuals attempting to download child pornography every day in the UK?

How come the media has knowingly ignored the whole furore that blew up last time BT Cleanfeed figures were misrepresented?

Because it is a better story if you ignore all the facts. Is it a story that should be written? No. Because it is spreading fear, and it is building an entirely false picture in people's minds."

I agree that the media has a tendency to sensationalise but the psychology is more complicated than that.

Firstly there is a kind of a lazy groupthink going on where one interpretation of a story is widely accepted without question.

Seondly, the fact that it is fear-inducing means it is attractive from a sales perspective.

Thirdly no one wants to be the person that points out that the story is not as bad as it seems because this risks being accused of being the public defender of child abusers. [This is no mere theoretical concern. It is a commonly used political and media rhetoric device (You don't support our brilliant anti-terror laws; you must therrefore support the terrorists) and at least one senior executive of a well known ISP was outrageously defamed in a broadsheet newspaper on similar grounds in the mid 1990s, as was the operator of an anonymous listserv.]

Fourthly from the journalists' perpective there is a certain internal warm glow to be had from believing you are exposing some widespread terrible crime that the government will then be forced to do something about.

Scare stories that override the reality of a serious crime situation do nothing to help authorities on the ground deal with the problem. In response to this kind of media scaremongering, governments of all creeds are more likely to engage in legislative gesture politics than to supply real extra resources to the hi-tech crime and child abuse units dealing with these crimes and that in the end is counterproductive.

Blair in a security bubble

Kieran McCarthy, after spending an evening on a cold Oxford street outside a venue where Tony Blair was said to be making an important speech, worries about the Prime Minister's isolation from reality.

"So it's 6pm, pitch black, on a cold February night and I'm sat on a wall at the back of St Anthony's College in Oxford waiting for the prime minister to appear having given a speech on Britain's future role in Europe.

I'm not supposed to be here, I'm not even supposed to know this event is taking place - despite the fact that the meeting - and what Tony Blair is going to say at it - has been plastered all over the newspapers and on the radio this morning.

Downing Street had told me I wasn't allowed to know the time or venue. And I wasn't allowed to attend. Oxford University had told me Downing Street has told it to refer all requests back to Number 10. I had found out anyway and called the college but was told there were no spaces.

To make matters worse, the prime minister had eluded my efforts to photograph him as he arrived by taking a back entrance that I believe I am now sat on the wall facing.

All I really wanted was proof that Tony Blair was actually in the building. Since what he was going to say in his speech had already been given to lobby journalists, who had already written it up, and since lobby journalists were the only representatives of the public allowed into the college, it seemed all too plausible that Tony Blair needn't turn up at all...

So, beaten by the intensive security put around our country's leader, I retired to the pub to thaw out, go to the toilet (having needed to for an hour) and consider the evening.

And it was then that it struck me: the leader of this country is living entirely within a bubble of his own making.

Tony Blair has no reason to doubt that his life is under constant threat. He was whisked in a car to an underground car park to deliver a speech that had been made public but had had a ring of steel put around it. He addressed a group of the assembled and he was then whisked off again, with a full escort until he was safe back in Downing Street.

But if this man, who so entranced the nation only 10 years ago, had allowed himself to move outside this paranoia, he would have found not crazed terrorists waiting for him outside but rather a motley crue of students excited to see their leader, a lonely old woman, a man with a limp, and a freelance journalist with a camera.

He would have found that the Britain that he has lost track of is still there. Quiet indignation, good humour and a dislike for people that get above their station. That is the world that he should have been standing in, at least for a while. That would have given him something bigger and wider to consider as he winged it back down the M40 to London."

Tuesday, February 07, 2006

Open access and the weather

Why doesn't Europe offer open access to weather data as is done in the US?

Harper Collins to offer textbooks openly online

Harper Collins are experimenting with offering the full text of textbooks openly online. Good for them. It will be interesting to see what they learn.

Torvalds on DRM

Linus Torvalds has been outlining his views on digital rights management.

" I would suggest that anybody who wants to fight DRM practices seriously look at the equivalent angle. If you create interesting content, you can forbid that _content_ to ever be encrypted or limited.

In other words, I personally think that the anti-DRM clause is much more sensible in the context of the Creative Commons licenses, than in software licenses. If you create valuable and useful content that other people want to be able to use (catchy tunes, funny animation, good icons), I would suggest you protect that _content_ by saying that it cannot be used in any content-protection schemes.

Afaik, all the Creative Commons licenses already require that you can't use technological measures to restrict the rights you give with the CC licenses. The "Share Alike" license in particular requires all work based on it to also be shared alike, ie it has the "GPL feel" to it.

If enough interesting content is licensed that way, DRM eventually becomes marginalized. Yes, it takes decades, but that's really no different at all from how the GPL works. The GPL has taken decades, and it hasn't "marginalized" commercial proprietary software yet, but it's gotten to the point where fewer people at least _worry_ about it.

As long as you expect Disney to feed your brain and just sit there on your couch, Disney & co will always be able to control the content you see. DRM is the smallest part of it - the crap we see and hear every day (regardless of any protection) is a much bigger issue.

The GPL already requires source code (ie non-protected content). So the GPL already _does_ have an anti-DRM clause as far as the _software_ is concerned. If you want to fight DRM on non-software fronts, you need to create non-software content, and fight it _there_.

I realize that programmers are bad at content creation. So many programmers feel that they can't fight DRM that way. Tough. Spread the word instead. Don't try to fight DRM the wrong way."

Monday, February 06, 2006

Government shame on ID card abuse

Spy Blog rightly lambasts the government over their shameful treatment of LSE academic, Simon Davies, in their attempts to spin the criticism outlined in the LSE's Identity Project report.

"With the Third Reading of the controversial Identity Cards Bill 2005 in the House of Lords tomorrow, and its return to the House of Commons scheduled for next Monday13th February, the likelyhood is that the NuLabour public relations machinery will be in full swing again, briefing newspapers and the broadcast media.

It is an intolerable abuse of power, when powerful politicians, with unlimited resources paid for by the taxpayer, focus their spin and disinformation machinery onto a single named individual, who is not a professional politician, who happens to disgree with some detailed Government policy.

If the Government disgree with the well respected LSE Identity Project report, then they should simply publish their own detailed system architecture and their detailed cost benefit analyses, and their project risk assumptions, to justify their proposed multi-billion pound expenditure of public money, on a scheme which will literally change the relationship between the Government and every person in the United Kingdom.

"If they have nothing to hide, then they have nothing to fear".

The Government should not attempt to discredit either the London School of Economics, or the hundred or so experts who have contributed to the report, which is now required reading all over the world, by everyone who is working on e-government projects

They should definately not focus on a single named individual, who does not have the opportunity to speak out under the protection of Parliamentary privilige.

Shamefully, this is what the NuLabour government has been doing to Simon Davies, who is now considering taking legal action against individual politicians, for their repeated campaign of defamatory statements to the press and media...

It would be an embarassing shame for the Government to continue with its ad hominem attacks on Simon Davies, which are unfair and which threaten the time honoured tradition of academic freedom in the United Kingdom."

Well said.

Nominations Sought for the Captain Hook Awards for Biopiracy

Nominations Sought for the Captain Hook Awards for Biopiracy

Could Future Subpoenas Tie You to 'Britney Spears Nude'?

With the publicity surrounding the US government's attempt to get access to Google search data, Could Future Subpoenas Tie You to 'Britney Spears Nude'? wonders Fred Von Lohmann (though he hastens to add that the title wasn't chosen by him).

Microsoft Security Chief Criticises UK on Hi Tech Crime

Microsoft's security chief, Ed Gibson, was critical of the UK government last week over "the lack of effective channels for cybercrime reporting."

Can anyone tell me if it is still the case that the government has more people working on the ID card system than there are police officers involved in combatting high tech crime? I know it was the case as recently as last year and haven't seen any evidence to suggest the situation has changed. As far as I'm aware the National Hi-Tech Crime Unit's budget has been repeatedly cut in real terms, as Gibson says. Police officers involved in this kind of work must get incredibly frustrated at such a state of affairs.

Thanks to Steve Hedley for the link.

NHS replies to request to opt out of electronic records

Ian Brown has finally had a reply to his request to opt out of the NHS electronic patient records system. He says the response "contains much useful information about the National Care Records Service, but does not provide any reassurance that the NHS will comply with my request. I will reply to ask again for that guarantee."

Ian's blog has become required reading for those interested in digital rights and related issues.