UK Digital Do-Gooders

April 06, 2012

* James Firth

Can freedom survive?

The fuss over the government's latest net snooping plans might have died down for a while in the UK but with a similar battle emerging in the US I get the feeling this is going to run and run.

I know of at least one event planned for soon after Easter and I wondered whether this cause is worthy of a theme tune.  To get the ball rolling I've penned some lyrics to Gloria Gaynor's 'I will survive'.

All we need now is a band to record it (hopefully under a Creative Commons license so it can be shared and remixed as needed) and maybe a video, too? (Must pan in to RIPA Part III on line 2!)

Can Freedom Survive? (CC-BY-NC James Firth)
When the net was first used by paedophiles,
Government made laws to access all our files,
And then onto the scene, came the copyright brigade,
Jobs are under threat and campaign bills must be paid... 
And now we're tracked, from outer space,
They put all our website visits in a database,
We should have known that terrorists
Would be used to set the scene,
For a level of surveillance that Orwell had foreseen. 
Go on now, go, walk out the door,
Your moves all logged and stored, till twenty eighty-four,
Try and leave your phone behind, that doesn't get you off the hook
Cameras match your features to your photos on Facebook. 
Now freedom, can it survive?
When the government knows what I write before my blog goes live,
I've got all my life to live, my data leaks just like a sieve,
Can freedom survive? Survive? Hey, hey,  
Can we trust high strength encryption not to fall apart?
With a man sat in the middle trying to subvert,
Breaking all the bonds of trust just to read a batch of spam,
What's it all for? Have you heard of TOR? 
There is another way, it's really nothing new,
You can trust most netizens to hold up good and true,
Our autonomy's our strength, in a society that's free,
We're all keeping our eyes open for the threats that you foresee. 
Go on now, go, walk out the door,
Your moves all logged and stored, till twenty eighty-four,
Try and leave your phone behind, that doesn't get you off the hook
Cameras match your features to your photos on Facebook. 
Now freedom, can it survive?
When the government knows what I write before my blog goes live,
I've got all my life to live, my data leaks just like a sieve,
Can freedom survive? Survive?

@JamesFirth

by James Firth (noreply@blogger.com) at April 06, 2012 08:15 PM

Spy Blog

Theresa May and Kenneth Clarke letter to Tory MPs - CCDP and CMP

Nick Pickles of BigBrotherWatch has done a good job of analysis of the letter signed by Home Secretary Theresa May and Justice Secretary Kenneth Clarke, sent via the Tory Whips to Conservative MPs, regarding the Communications Capability Development Programme enhanced snooping plans.

Minister's letter fails to answer key questions

The text of the letter is published by the ConservativeHome blog:

http://conservativehome.blogs.com/files/mayclarkeletter.pdf (.pdf)

It really is shocking how little detailed grasp of the technological and social impact Government Ministers and MPs seem to have.

The Special Political Advisors / spin doctors who draughted this letter seem to have deliberately omitted key features of the both the Communications Data Development Programme and of the Green Paper on Justice in this briefing letter to MPs.

HOUSE OF COMMONS

4 April 2012

Dear Colleague

There has been a lot of press coverage in recent days about two of our key policies to maximise public protection: on communications data capability and the Justice and Security Green Paper. We are committed to maintaining national security and protecting the public in the face of changing circumstances whilst continuing to honour our commitment to protect civil liberties.

1. Communications data capability

The need to act

Communications data - information such as who called whom and at what time - is vital to law enforcement, especially when dealing with organised crime gangs, paedophile rings and terrorist groups. It has played a role in every major Security Service counter-terrorism operation and in 95 per cent of all serious organised crime investigations. Communications data can and is regularly used by the Crown Prosecution Service as evidence in court.

But communications technology is changing fast, and criminals and terrorists are increasingly moving away from landline and mobile telephones to communications on the internet, including voice over internet services, like Skype, and instant messaging services. Data from these technologies is not as accessible as data from older communications systems which means the police and Security Service are finding it increasingly hard to investigate very serious criminality and terrorism. We estimate that we are now only able to access some 75% of the total communications data generated in this country, compared with 90% in 2006. Given the pace of technological change, the rate of degradation could increase, making our future capability very uncertain.

We estimate that we are now only able to access some 75% of the total communications data generated in this country, compared with 90% in 2006.

Politicians may be easily fooled by statistics, but we are not.

Theresa May and the Home Office need to publish the actual evidence and assumptions on which they have based these figures.

One place where these figures should have been available from, but they are not, is from the censored Annual Report of the Interception of Communications Commissioner.

That is why, in the Government's Strategic Defence and Security Review, published in 2010, we said we would "introduce a programme to preserve the ability of the security, intelligence and law enforcement agencies to obtain data and to intercept communications within the appropriate legal framework."

We therefore propose to require internet companies to collect and store certain additional information, like who an individual has contacted and when, which they may not collect at present. The information will show the context - but not the content - of communications. So we will have for internet-based communications what we already have for mobile and landline telephone calls.

It is simply not technologically possible to obtain the "certain additional information, like who an individual has contacted and when" from social networking websites like Facebook or Twitter, without Intercepting the Content of these web based services

Safeguarding civil liberties

When we published the Defence and Security Review, we also made clear that we would "put in place the necessary regulations and safeguards to ensure that our response to this technology is compatible with the Government's approach to information storage and civil liberties." In seeking to ensure our law enforcement agencies continue to retain capabilities to protect us from harm, civil liberties will be respected and protected.

The data will be stored by the industry to enhanced standards which we shall set and which will be overseen by the Information Commissioner. The data will be available only to designated senior officers, on a case-by-case basis, authorised under the Regulation of Investigatory Powers Act (RIPA), and the process will be overseen by the Interception of Communications Commissioner. It will be available only if it is necessary and proportionate to a criminal investigation.

If sufficiently "juicy" or "newsworthy", such material has been handed over for free or sold to politically favoured media journalists or sold corruptly to private investigators / information traders , many of whom are former police or intelligence agency employees.

It is also sent, without any effective safeguards whatsoever, to foreign governments.

The majority of the data will be retrospective not real time (an exception might be the tracking of a communications device during a terrorist operation or kidnapping) and will be used as part of an investigation to identify key facts, including as evidence in courts.The police and other agencies will have no new powers or capabilities to intercept and read emails or telephone calls and existing arrangements for interception will not be changed. We envisage no increase in the amount of interception as a result of this legislation.

So what ? The new proposals have nothing to do with the existing system of email and phone interception.

The new proposals will try to extend this existing flawed RIPA regime to social media like FaceBook and Twitter, to Voice over IP telephony, video conferencing and chat like Skype orthe various Instant Messaging protocols, to search engine searches like Google and to Peer to Peer filesharing like Bittorrent

The impression being given is that this snooping will only be available for terrorism or serious crime investigations, but the exisiting RIPA allows Communications Data to be grabbed for much less serious alleged crimes as well.

Differences with Labour's proposals

Despite what has been claimed by some, this is very different to the scheme proposed by the last government. They wanted to build a Big Brother database with all communications data held in one place by government. Under our proposals, there will be no government database and the data recorded will be strictly limited and regulated and will be destroyed after a year.

The data will not be stored by the police or government but by communications service providers who already store some of this data for their own business purposes and under the EU Data Retention Directive. They will be paid by government for this service. But the costs incurred are a fraction of those we would face if we had to try to find an alternative way of developing the very significant evidence that this data provides us; indeed there is no like-for-like alternative.

Labour's original proposals were for a centralised database, which they then changed to a distributed database held by the Communications Service Providers, after their Intercept Modernisation Programme had been ridiculed by everyone who was expected to make it work in practice.

The Conservative / Liberal Democrat Government's vague plans for Communications Data Development programme sound identical in practice to those discredited Labour fantasies.

We have already made changes to limit who can access communications, and how they can access it, and we intend to make further changes in future. Local authorities will now have to get a magistrate's approval to see communications data and they will not be permitted to see more than simple data, such as subscriber to a mobile phone.

There are some clauses in the so called Protection of Freedoms Bill, which is still not on the statute books, over a year after it was introduced.

It is therefore a lie to claim that they have "already" done anything or that "Local authorities will now have to get a magistrate's approval" - these legal powers have not yet been been passed into law, let alone commenced !

We intend to ensure that all departments who can get access to any data will only be able to do so under one legal framework, set out in RIPA.

The previous Labour government lied about doing this as well.

Instead they let the arrogant Department for Social Security / Department for Work and Pensions abuse their "legacy" powers i.e. Section 109B of the Social Security Administration Act 1992 (as amended by the Social Security Fraud Act 2001) passed after RIPA, to grab Communications Data for free, without having to pay the nominal processing fee of around £15 to £25 pounds for a targeted Name and Address Subscriber request form British Telecom etc. and without having to undergo any RIPA training or to submit to even the cursory RIPA Interception of Communications Commissioner oversight scheme.

The importance of forcing junior bureaucrats to actually get their bosses and accounts departments to sanction the auditable expenditure of public money, when they make such Communications Data snooping requests cannot be overemphasised. It is effectively the only mechanism which prevents excessive demands for "all Communications Data" in a certain geographic area or during a certain time period from being demanded, over and over again by inexperienced or lazy or corrupt investigators.

As soon as data is slurped "in bulk, in real time" into secret, unaccountable databases for "data mining", then the risks of corruption, abuse and false positives ruining the lives of innocent people, at great expense, without actually catching any more criminals as a result, increases dramatically.

Access to communications data will be overseen by the Interception of Communications Commissioner. So this is not, as some have tried to suggest, a transfer of power from the judiciary to the state.

There is currently no judicial involvement at all (the secretive Interception of Communications Commissioner and the Intelligence Services Commissioner are both retired senior Judges, but they do not approve or decline any Interception warrants (rubber stamped by a Secretary of State or an anonymous senior civil servant)

The police and Security Service will not be able to intercept the content of calls and emails, except as now when it is necessary and proportionate as part of an investigation relating to serious crime or national security, and only when they have obtained a warrant signed by a Secretary of State.

A balanced approach

For the first time in more than a decade, we have a government that respects civil liberties.

The previous Labour control freak government used to claim that they also "respected civil liberties", but they literally used Orwellian newspeak to redefine the meaning of such words.

It is up to the Coalition government to prove through action, not just words, that they are really different from their Labour predecessors.

We have abolished ID cards, cut back government databases and limited pre-charge detention. But we must not allow the internet to become an unpoliced space, with criminals
free to go about their business with abandon.

The Government's Strategic Defence and Security Review - in which we announced our intention to update communications data capability in October 2010 - can be found here.

(.pdf)

2. Justice and Security Green Paper

These proposals aim to find a proportionate solution to a genuine problem in a very small number of civil cases. They aim to strengthen Parliamentary oversight of the security services, and to extend justice by ending the situation in which judges cannot hear highly
sensitive intelligence evidence, even where it is absolutely central to a civil court case.

The problem

British intelligence agents obviously cannot give evidence in open court about their sources,
their techniques and their secret knowledge. But under current rules, the only way of dealing with information which is too sensitive to disclose is to exclude it from the court through a procedure known as Public Interest Immunity (PII). The court has no power to hear the evidence at all, even in closed session. This is a serious problem as it leaves the public with no independent judgment on very serious allegations.

A relevant recent case of this was that of the Guantanamo Detainees. The material on which the Government needed to rely to disprove the allegations of mistreatment made by the detainees was highly sensitive intelligence material which couldn't be given in open court. Since the court could not hear the evidence in closed session, they had to exclude it entirely from the case. As a result the Government was forced to stop defending itself, the public got no independent judgment on the very serious allegations, and the Government had to pay out large sums of taxpayers' money in compensation to the claimants.

Where is the explanation of the creepy and shameful Control Principle which features so heavily in the Green Paper ?


We expect our intelligence partners to protect our material when we share it with them, and we must be able to deliver the same protection of their material.

Confidence built up over many years can all too quickly be undermined. That is why, if the trust of the UK's foreign 'liaison' partners is to be maintained, there should be no disclosure of the content or fact of the intelligence exchange with them without their consent. This is known as the Control Principle.

c.f. Spy Blog (.pdf)

2. Justice and Security Green Paper

These proposals aim to find a proportionate solution to a genuine problem in a very small number of civil cases. They aim to strengthen Parliamentary oversight of the security services, and to extend justice by ending the situation in which judges cannot hear highly
sensitive intelligence evidence, even where it is absolutely central to a civil court case.

The problem

British intelligence agents obviously cannot give evidence in open court about their sources,
their techniques and their secret knowledge. But under current rules, the only way of dealing with information which is too sensitive to disclose is to exclude it from the court through a procedure known as Public Interest Immunity (PII). The court has no power to hear the evidence at all, even in closed session. This is a serious problem as it leaves the public with no independent judgment on very serious allegations.

A relevant recent case of this was that of the Guantanamo Detainees. The material on which the Government needed to rely to disprove the allegations of mistreatment made by the detainees was highly sensitive intelligence material which couldn't be given in open court. Since the court could not hear the evidence in closed session, they had to exclude it entirely from the case. As a result the Government was forced to stop defending itself, the public got no independent judgment on the very serious allegations, and the Government had to pay out large sums of taxpayers' money in compensation to the claimants.

Where is the explanation of the creepy and shameful Control Principle which features so heavily in the Green Paper ?


We expect our intelligence partners to protect our material when we share it with them, and we must be able to deliver the same protection of their material.

Confidence built up over many years can all too quickly be undermined. That is why, if the trust of the UK's foreign 'liaison' partners is to be maintained, there should be no disclosure of the content or fact of the intelligence exchange with them without their consent. This is known as the Control Principle.

c.f. Spy Blog (.pdf)

2. Justice and Security Green Paper

These proposals aim to find a proportionate solution to a genuine problem in a very small number of civil cases. They aim to strengthen Parliamentary oversight of the security services, and to extend justice by ending the situation in which judges cannot hear highly
sensitive intelligence evidence, even where it is absolutely central to a civil court case.

The problem

British intelligence agents obviously cannot give evidence in open court about their sources,
their techniques and their secret knowledge. But under current rules, the only way of dealing with information which is too sensitive to disclose is to exclude it from the court through a procedure known as Public Interest Immunity (PII). The court has no power to hear the evidence at all, even in closed session. This is a serious problem as it leaves the public with no independent judgment on very serious allegations.

A relevant recent case of this was that of the Guantanamo Detainees. The material on which the Government needed to rely to disprove the allegations of mistreatment made by the detainees was highly sensitive intelligence material which couldn't be given in open court. Since the court could not hear the evidence in closed session, they had to exclude it entirely from the case. As a result the Government was forced to stop defending itself, the public got no independent judgment on the very serious allegations, and the Government had to pay out large sums of taxpayers' money in compensation to the claimants.

Where is the explanation of the creepy and shameful Control Principle which features so heavily in the Green Paper ?


We expect our intelligence partners to protect our material when we share it with them, and we must be able to deliver the same protection of their material.

Confidence built up over many years can all too quickly be undermined. That is why, if the trust of the UK's foreign 'liaison' partners is to be maintained, there should be no disclosure of the content or fact of the intelligence exchange with them without their consent. This is known as the Control Principle.

c.f. Spy Blog (.pdf)

2. Justice and Security Green Paper

These proposals aim to find a proportionate solution to a genuine problem in a very small number of civil cases. They aim to strengthen Parliamentary oversight of the security services, and to extend justice by ending the situation in which judges cannot hear highly
sensitive intelligence evidence, even where it is absolutely central to a civil court case.

The problem

British intelligence agents obviously cannot give evidence in open court about their sources,
their techniques and their secret knowledge. But under current rules, the only way of dealing with information which is too sensitive to disclose is to exclude it from the court through a procedure known as Public Interest Immunity (PII). The court has no power to hear the evidence at all, even in closed session. This is a serious problem as it leaves the public with no independent judgment on very serious allegations.

A relevant recent case of this was that of the Guantanamo Detainees. The material on which the Government needed to rely to disprove the allegations of mistreatment made by the detainees was highly sensitive intelligence material which couldn't be given in open court. Since the court could not hear the evidence in closed session, they had to exclude it entirely from the case. As a result the Government was forced to stop defending itself, the public got no independent judgment on the very serious allegations, and the Government had to pay out large sums of taxpayers' money in compensation to the claimants.

Where is the explanation of the creepy and shameful Control Principle which features so heavily in the Green Paper ?


We expect our intelligence partners to protect our material when we share it with them, and we must be able to deliver the same protection of their material.

Confidence built up over many years can all too quickly be undermined. That is why, if the trust of the UK's foreign 'liaison' partners is to be maintained, there should be no disclosure of the content or fact of the intelligence exchange with them without their consent. This is known as the Control Principle.

c.f. Spy Blog Green Paper on Justice and Security

The Government also faces a problem with challenges to executive decisions, for example when it refuses British citizenship or excludes from the UK an individual believed to be involved in activities which threaten national security. These decisions are made on the basis of sensitive intelligence. In judicial reviews of such decisions, again, there is no statutory basis for closed material procedures to be available to the court. This means the Government is unable to fight the case and may have to allow British citizenship to an individual believed to be engaged in terrorism-related activity, for example, because the courts have no secure forum to handle the appeal process.

How many times has such a refusal of British citizenship ever happened ?

There is no problem if there is some actual prima facie hard evidence, of actual terrorist activity against British interests.

If all there is is "intelligence" consisting of unfounded rumours, gossip, anonymous denunciations, false positive identifications etc. then this should rightly be ignored by a Court , just like Hearsay "evidence" for exactly the same common sense reasons.

The recent MI5 investigation into Ekaterina Zatuliveter, showed how incompetent and superficial such "investigations" can be.

That case also shows that there already is a "secure forum to handle the appeal process" "national security" and Immigration and British citizenship executive decisions - the Special Immigrations Appeals Commission (SIAC)

Our proposals

These examples illustrate the compelling case for changing the current rules so that these sorts of cases can be properly heard in a Closed Material Proceeding (CMP) by a judge, where a judgment can be reached on the basis of all

The circumstances in which a CMP would be triggered would be exceptional and rare. They will not apply at all to criminal proceedings and would only apply in compensation cases, or other civil cases based on highly sensitive intelligence material.

The proposals in the Green paper also attempt to "nobble" the Inquests into deaths caused by the Police or by UK or Foreign Military forces, especially by USA "friendly fire".

The Daily Mail is claiming today, via some anonymous Whitehall briefing, that this aspect of the Green Paper, which is not mentioned in this letter, may perhaps be dropped:

Climbdown on secret inquests: Victory for the Mail's open justice campaign

Alongside these proposals to extend judicial scrutiny over Government actions, we also want to give Parliament greater powers of scrutiny by increasing the status, remit and powers of the Intelligence and Security Committee. One option in the Green Paper is for the ISC to be made a statutory Committee of Parliament, to allow it to hold public evidence essions and to give it the power to require information from the security and intelligence agencies.

Spy Blog has been following the inadequate scrutiny provided by the Intelligence and Security Committee for years.

The overall effect is that the Security Service will be more accountable to Parliament and to the courts than at present and that more sensitive evidence will be considered by courts than is possible now.

The Green Paper can be found here.

https://update.cabinetoffice.gov.uk/sites/default/files/resources/green-paper_1.pdf (.pdf)

Further information

We will listen to those who have made suggestions as we develop our plans. If you require any more information, please do get in touch with our PPSs Edward Timpson MP and Ben Wallace MP.

Theresa May Kenneth Clarke

Where is the important topic of Intercept as Evidence for use by either the prosecution or defence in Court (currently forbidden by the Regulation of Investigatory Powers Act 2000 section 17 exclusion of matters from legal proceedings), which is entirely relevant to both the CCDP and CMP proposals ?

by wtwu at April 06, 2012 11:50 AM

* Glyn Moody

Where TPP Goes Beyond ACTA -- And How It Shows Us The Future Of IP Enforcement

ACTA and TPP have much in common. That's no coincidence, since they are both born of a common desire to move away from multilateral forums like WIPO that are relatively open to scrutiny, to invitation-only groups negotiating behind closed doors. That lack of transparency has allowed all kinds of extreme measures to be proposed without any countervailing arguments being heard about why they are neither fair nor sensible. 

On Techdirt.

by noreply@blogger.com (glyn moody) at April 06, 2012 11:43 AM

Polish Government Funding 'Full Set Of Educational Materials' Available Under CC-BY

One of the fields that is ripe for disruption by open digital technologies and business models based on abundance is education. That's already starting to happening with growing successes in the areas of open access and free textbooks. Now here's a major win for open educational resources in Poland (via Slashdot): 

On Techdirt.

by noreply@blogger.com (glyn moody) at April 06, 2012 11:42 AM

A Copyright First: Bogus Copyright Takedown Leads To Australian Court Awarding $150k Damages

We're so inured to hearing about unjustified claims of copyright infringement going unpunished that's it's good to come across a case where extensive damages were awarded for the harm caused. It concerns a film that the Australian artist Richard Bell made in New York, with the help of an assistant called Tanya Steele: 

On Techdirt.

by noreply@blogger.com (glyn moody) at April 06, 2012 11:41 AM

What Quilting's Legal Battles Can Teach Us About Copyright

Last year Techdirt wrote about Leah Day, who was trying to introduce a free model to quilting -- apparently a bold thing to do. Sadly, it seems that the ownership mentality is nonetheless spreading in her field, as she reports in this really excellent new blog post entitled "Copyright Terrorism"

On Techdirt.

by noreply@blogger.com (glyn moody) at April 06, 2012 11:40 AM

German Scriptwriters Attack 'Greens, Pirates, Left-wingers And Internet Community' For Daring To Have Different Views On Copyright

The German series "Tatort" ("Crime Scene") has been running since 1970, and remains one of the most popular programs on German television. Given this venerable position, it's perhaps not completely surprising that its scriptwriters -- 51 of them -- have written an open letter complaining about the supposedly negative attitudes of some groups to copyright (German original). But what is noteworthy is the tone and content of the letter. 

On Techdirt.

by noreply@blogger.com (glyn moody) at April 06, 2012 11:38 AM

April 05, 2012

* James Firth

Alleged NSA contact book leaked by Anonymous could indicate scale of private industry profits from security

Anonymous claims to have leaked an NSA contact book. The 4,000-entry list containing many private sector contacts appears to have been published some point on or before Tuesday 3rd April.

I'm in two minds whether to link to the leak; it contains personal data - including what appears to be home addresses for many of those listed.

Plus, I don't support Anonymous - many of their antics are not helpful and I'm aware that Anonymous as a concept provides a vehicle for malignant forces to co-opt from a highly-skilled cohort of sometimes-impressionable hackers.

For this second reason I don't want to cheer-lead for them but at the same time this leak looks newsworthy and indicates the US National Security Agency has tentacles into many major technology companies, perhaps indicating the scale of both the cyber-security industrial complex and the military-digital complex.

Essentially there's a huge amount of money to be made from keeping us safe and this opens up the possibility that some of those profiting have an incentive to over-hype the threat to keep the cash rolling in.

The collateral damage is our privacy and freedom.  Few rational people mind protective measures taken in our collective interest to maintain security and stability, but we need to be sure that inflated or non-existent threats are not used to justify excessive state intrusion.

Below is a list of email domains scraped form the alleged NSA leak with a count of the number of times each domain appears.

Disclaimer: There's no way of verifying the input data, and even if the list did originate at the NSA as is claimed, there are plenty of benign reasons companies who supply technology to government would appear on such a contact book, e.g. account management, technical sales, advanced research, etc.

At the same time the data is now out there being circulated on chat rooms and Twitter. Don't shoot the messenger, there's clear public interest as outlined above and the list deserves scrutiny.

The reader should be aware the leak may not be genuine, and in any case should not infer that NSA 'agents' are embedded in these companies:

    172 gmail.com (public email address)
     99 nsa.gov
     86 mail.house.gov
     73 aol.com (public email address)
     65 osd.mil
     64 yahoo.com (public email address)
     64 dhs.gov
     59 lmco.com
     56 ic.fbi.gov
     55 dia.mil
     53 saic.com
     49 gd-ais.com
     45 ugov.gov
     45 state.gov
     44 ssci.senate.gov
     43 hp.com
     42 comcast.net
     42 bah.com
     41 nga.mil
     41 caci.com
     37 verizon.net
     35 raytheon.com
     35 ngc.com
     32 nro.mil
     31 baesystems.com
     30 hotmail.com
     28 potomacinstitute.org
     28 dni.gov
     23 appro.senate.gov
     22 cox.net
     22 boeing.com
     20 microsoft.com
     19 l-3com.com
     18 mantech.com
     18 earthlink.net
     17 hq.dhs.gov
     17 harris.com
     17 accenture.com
     16 oracle.com
     16 gdit.com
     16 ensco.com
     15 att.com
     14 ball.com
     13 us.ibm.com
     13 ucia.gov
     13 hsgac.senate.gov
     13 deloitte.com
     13 armed-services.senate.gov
     12 usdoj.gov
     12 uscg.mil
     12 tasc.com
     12 srcinc.com
     12 msn.com
     12 ca.com
     12 appsig.com
     11 darpa.mil
     10 usis.com
     10 qinetiq-na.com
     10 prtm.com
     10 njvc.com
     10 mitre.org
     10 lmi.org
     10 itt.com
     10 geoeye.com
     10 cubic.com
     10 copt.com
      9 pfiab.eop.gov
      9 cisco.com
      8 us.army.mil
      8 techusa.net
      8 sncorp.com
      8 sgis.com
      8 salientfed.com
      8 qwest.com
      8 lgsinnovations.com
      8 jhuapl.edu
      8 intelsatgeneral.com
      8 finmeccanica.com
      7 umd.edu
      7 sypris.com
      7 six3systems.com
      7 mac.com (public email address)
      7 kforcegov.com
      7 globalcrossing.com
      7 dell.com
      7 arete.com
      7 aero.org
      6 theanalysiscorp.com
      6 terremark.com
      6 systek.com
      6 sptrm.com
      6 solers.com
      6 serco-na.com
      6 quest.com
      6 navy.mil
      6 mcafee.com
      6 marklogic.com
      6 kpmg.com
      6 i2spros.com
      6 emc.com
      6 do.treas.gov
      6 agilex.com
      6 abraxascorp.com
      5 us.pwc.com
      5 sensasolutions.com
      5 safenet-inc.com
      5 netscape.net
      5 mcbeestrategic.com
      5 js.pentagon.mil
      5 intecbilling.com
      5 hughes.com
      5 harding-security.com
      5 faa.gov
      5 drs-ds.com
      5 drs.com
      5 draper.com
      5 dnovus.com
      5 ciena.com
      5 acqsolinc.com
      4 wyle.com
      4 westwaydevelopment.com
      4 usmc.mil
      4 stellarsolutions.com
      4 sri.com
      4 potadv.com
      4 pentagon.af.mil
      4 parsons.com
      4 netapp.com
      4 me.com (public email address)
      4 live.com
      4 juno.com
      4 insaonline.org
      4 hubcon.com
      4 gd.com
      4 federal.dell.com
      4 esri.com
      4 entegrasystems.com
      4 cobham.com
      4 camber.com
      4 bellsouth.net
      4 battelle.org
      4 att.net
      4 agtlawyers.com
      4 agilent.com
      3 zavda.com
      3 usgif.org
      3 trssllc.com
      3 sysplan.com
      3 syndetics-inc.com
      3 sprynet.com
      3 sotech.us
      3 sheppardmullin.com
      3 sei.cmu.edu
      3 securemissionsolutions.com
      3 reedcorp.com
      3 redhat.com
      3 radium.ncsc.mil
      3 pherson.org
      3 only.arl.psu.edu
      3 omniplex.com
      3 nsc.eop.gov
      3 nmic.navy.mil
      3 nciinc.com
      3 mercyhurst.edu
      3 jhu.edu
      3 intelligent.net
      3 implementstrategy.com
      3 ieee.org
      3 georgetown.edu
      3 gdc4s.com
      3 gartner.com
      3 fabiani-co.com
      3 exceptionalsoftware.com
      3 eti-eng.com
      3 defensegp.com
      3 dau.mil
      3 columbia.edu
      3 carahsoft.com
      3 bericotechnologies.com
      3 atf.gov
      3 aporter.com
      3 anser.org
      3 aecom.com
      2 zai.com
      2 who.eop.gov
      2 wdc.sri.com
      2 vt.edu
      2 vt-arc.org
      2 venturemanagement.com
      2 venonaconsulting.com
      2 va.gov
      2 urs.com
      2 tvarsolutions.com
      2 totalintel.com
      2 thenewberrygroup.com
      2 thechartwellconsultancy.com
      2 targusinfo.com
      2 starpower.net
      2 spectrumgrp.com
      2 soteradefense.com
      2 sms-fed.com
      2 signaturescience.com
      2 signaturegs.com
      2 sdsi.net
      2 sbcglobal.net
      2 sassi-va.com
      2 sanborn.com
      2 sage-mgt.net
      2 rogers.com
      2 renesys.com
      2 regent.edu
      2 rand.org
      2 proteuseng.com
      2 prointelservices.net
      2 parabon.com
      2 osd.pentagon.mil
      2 ockim.com
      2 objectfx.com
      2 nsf.gov
      2 nnsa.doe.gov
      2 mpiresearch.com
      2 missionep.com
      2 missionconcepts.com
      2 millcp.com
      2 mi.army.mil
      2 mgiss.com
      2 mcmunn-associates.com
      2 makfinsky.com
      2 langley.af.mil
      2 lacaixa.es
      2 kgsgov.com
      2 kellyservices.com
      2 keane.com
      2 jwac.mil
      2 ivysys.com
      2 interf.com
      2 intellacademy.com
      2 ichnet.org
      2 iacsp.com
      2 hughes.net
      2 hud.gov
      2 gtri.gatech.edu
      2 graydome.com
      2 gmu.edu
      2 gmri.com
      2 gmai.com
      2 globaltechops.com
      2 gci.net
      2 fts-intl.com
      2 falken.us
      2 ey.com
      2 everest.nu
      2 erols.com
      2 eastportanalytics.com
      2 disa.mil
      2 dhs.com
      2 cust-matters.com
      2 ctssgroup.com
      2 cornell.edu
      2 co.clark.nv.us
      2 civitasgroup.com
      2 chicagopolice.org
      2 centurum.com
      2 centratechnology.com
      2 cdsinc.com
      2 casl.umd.edu
      2 boyden.com
      2 a-tsolutions.com
      2 apgtech.com
      2 ansaldo-sts.us
      2 analex.com
      2 americansystems.com
      2 american.edu
      2 agogegroup.com
      2 adobe.com
      2 3001inc.com
      1 yandex.ru
      1 yakabod.com
      1 xebecglobal.com
      1 woti.com
      1 worldnet.att.net
      1 woodcons.com
      1 wisc.edu
      1 windsorvisions.com
      1 whitecliffsconsulting.com
      1 wharton.upenn.edu
      1 wgint.com
      1 webb.senate.gov
      1 washpost.com
      1 ward-solutions.com
      1 waldenu.edu
      1 vyndicar.com
      1 voa.gov
      1 visualintelgroup.com
      1 viadesigns.com
      1 vermilliongroup.com
      1 venable.com
      1 vacoxmail.com
      1 uva.nl
      1 usintelgroup.com
      1 usfca.edu
      1 usd.com
      1 usaf.mil
      1 us.af.mil
      1 unveillance.com
      1 unitedplacements.com
      1 unisys.com
      1 txdps.state.tx.us
      1 ttemi.com
      1 tsc.gov
      1 tsa.dhs.gov
      1 triumph-tech.com
      1 triumfant.com
      1 trinity-health.org
      1 tribune.com
      1 tresys.com
      1 treadstone71.com
      1 tmomail.net
      1 tidalwave.net
      1 tibco.com
      1 thinkingahead.com
      1 thepolagroup.com
      1 themekonggroup.com
      1 theedgegroup.cc
      1 the-analysis-corp.com
      1 terminusnet.com
      1 telesecret.com
      1 taurigroup.com
      1 tamu.edu
      1 takt-gs.com
      1 sun.com
      1 student.american.edu
      1 stratspace.net
      1 strativest.com
      1 stopso.com
      1 stanleyassociates.com
      1 srtrl.com
      1 srccomp.com
      1 splunk.com
      1 spectrumresolutions.com
      1 spadac.com
      1 sourcefire.com
      1 socratiq.com
      1 smu.edu
      1 skunkhollow.com
      1 si-intl.com
      1 signalscape.com
      1 siemensgovt.com
      1 sidley.com
      1 sfa.com
      1 sensis.com
      1 senecatechnologygroup.com
      1 selil.com
      1 securityconsultants.us
      1 scires.com
      1 sc.edu
      1 savasolutions.com
      1 sarnoff.com
      1 sap.com
      1 sandia.gov
      1 sandia.com
      1 runbox.com
      1 rss-i.com
      1 rri-usa.org
      1 rpssol.com
      1 rotter.com
      1 robersongroup.com
      1 riverglassinc.com
      1 republiccapitalaccess.com
      1 reed.senate.gov
      1 recordedfuture.com
      1 radiantblue.com
      1 r3consulting.com
      1 quintron.com
      1 quantum-intl.com
      1 qualcomm.com
      1 qssgroupinc.com
      1 ptf.gov
      1 psu.edu
      1 prtc.net
      1 proposalcrafter.com
      1 prime-policy.com
      1 post.harvard.edu
      1 poseidon2020.com
      1 portableexpert.com
      1 polisci.osu.edu
      1 policeone.com
      1 pnl.gov
      1 photot.com
      1 phaseone.net
      1 pge.com
      1 perkinscoie.com
      1 patriotsecuritygroup.com
      1 paragondynamics.com
      1 parabal.com
      1 palantir.com
      1 pacific.net.sg
      1 owlcti.com
      1 ou.edu
      1 ostp.eop.gov
      1 osec.usda.gov
      1 ornl.gov
      1 orbital.com
      1 optitechis.com
      1 opm.gov
      1 omb.eop.gov
      1 ogn.af.mil
      1 odci.gov
      1 objectvideo.com
      1 nyct.com
      1 nyc.rr.com
      1 nss.us.com
      1 nsgac.senate.gov
      1 npci.com
      1 nova.org
      1 novakbiddle.com
      1 noblis.org
      1 nmic.gov
      1 nmarion.k12.or.us
      1 nist.gov
      1 nima.mil
      1 newyorkguard.us
      1 newhaven.edu
      1 networkconsultantsgroup.com
      1 netwitness.com
      1 netstarconsulting.com
      1 netscape.com
      1 neosystemscorp.com
      1 neigelcorp.com
      1 ndia.org
      1 nctc.gov
      1 nationalstrategies.com
      1 na.manpower.com
      1 mviewcc.com
      1 msu.edu
      1 msshq.com
      1 morganfranklin.com
      1 monetts.com
      1 mobytechnologies.com
      1 mjww.net
      1 missionsyncllc.com
      1 missi.ncsc.mil
      1 misc.pentagon.mil
      1 mindspring.com
      1 microstrategy
      1 metsala.com
      1 metacarta.com
      1 meridiangroupintl.com
      1 mdsp.org
      1 mcguirewoods.com
      1 maximusit.com
      1 mathc2.com
      1 masygroup.com
      1 marotta.com
      1 markle.org
      1 lorenzresearch.com
      1 lnssi.com
      1 llnl.gov
      1 lingualistek.com
      1 liberty.edu
      1 lgscout.com
      1 level3.com
      1 leo.gov
      1 lat-intel.com
      1 lasd.org
      1 lakenheath.af.mil
      1 l-3com-spg.com
      1 ktech.com
      1 kmssol.com
      1 kippsdesanto.com
      1 kinnearcundari.com
      1 kiernangroupholdings.com
      1 keywcorp.com
      1 kanturkpartners.com
      1 kames.com
      1 juniper.net
      1 jmu.edu
      1 jiddo.dod.mil
      1 jfsc.ndu.edu
      1 jb-a-inc.com
      1 jasonhealey.com
      1 jamitek.com
      1 ix.netcom.com
      1 iwp.edu
      1 itsfed.com
      1 itllc.com
      1 isomcorp.com
      1 islinc.com
      1 iridium.com
      1 ios.doi.gov (attn: secretary salazar)
      1 interlocutor.net
      1 intellpros.com
      1 intelligent.com
      1 integrity.us.com
      1 insightbb.com
      1 input.com
      1 innoviss.com
      1 innovativedecisions.com
      1 infragard.org
      1 infragardnational.org
      1 infragardmembers.org
      1 infoassure.net
      1 in.doe.gov
      1 imetlabs.com
      1 imageryx.com
      1 iis-us.com
      1 ida.org
      1 icioffshore.com
      1 icentric-marketing.com
      1 i-centralpoint.com
      1 ibgweb.com
      1 i2group.com
      1 htgcorp.com
      1 hstoday.us
      1 hq.doe.gov
      1 hightoweradvisors.com
      1 hhs.gov
      1 heurtevent.org
      1 hengcon.com
      1 hbgary.com
      1 gwu.edu
      1 grsco.com
      1 greenlinesystems.com
      1 gov.com
      1 google.com
      1 goodrich.com
      1 gmx.com
      1 geospatialconcepts.com
      1 geointsolutions.com
      1 gdds.com
      1 gcsinfo.com
      1 futures-inc.com
      1 fundintel.net
      1 fulcrumco.com
      1 flexispine.com
      1 feinstein.senate.gov
      1 fedsys.com
      1 fedcappartners.com
      1 fbnt-inc.com
      1 fas.usda.gov
      1 fasi.com
      1 f4winc.com
      1 eurasiagroup.net
      1 etginc.com
      1 esu.edu
      1 es.ibm.com
      1 esi.baesystems.com
      1 esc-techsolutions.com
      1 eodt.com
      1 encrisp.com
      1 emihq.com
      1 email: mel.tuckfield
      1 email: lynda.burroughs
      1 email: lsunden
      1 email: arothman
      1 ed.gov
      1 ec.rr.com
      1 ebrinc.com
      1 eagletsi.com
      1 eaglerayinc.com
      1 eagle32.com
      1 dsbox.com
      1 drs.ca.com
      1 drc.com
      1 dps.state.la.us
      1 dowless.com
      1 dot.gov
      1 dol.gov
      1 doc.gov
      1 dlt.com
      1 dlnmedia.com
      1 digitalriver.com
      1 digitalglobe.com
      1 dfaco.com
      1 densmoregroup.com
      1 demiurgeconsulting.com
      1 deltek.com
      1 delta-risk.net
      1 delphiresearch.us
      1 delex.com
      1 defgrp.com
      1 datadomain.com
      1 dark-lite.com
      1 danjryan.com
      1 cybersquared.com
      1 cubrc.org
      1 ctc.com
      1 csis.org
      1 cs.com
      1 crucialsecurity.com
      1 crucialpointllc.com
      1 crs.loc.gov
      1 criterion-sys.com
      1 cray.com
      1 cpdconsultants.com
      1 convera.com
      1 connellyworks.com
      1 concentric.net
      1 compositesw.com
      1 comlinks.com
      1 comcast.net;
      1 cohengroup.net
      1 cia.ic.gov
      1 chw.edu
      1 chglobalsecurity.com
      1 cfr.org
      1 cfl.rr.com
      1 cert.org
      1 centauri-solutions.com
      1 capgemini-gs.com
      1 cableone.net
      1 butulis.com
      1 bushschool.tamu.edu
      1 buckgroup.net
      1 bstonetech.com
      1 bp.com
      1 bond.senate.gov
      1 bluelink.net
      1 bluelineinfo.com
      1 blueglacier.com
      1 bluecanary.us
      1 blersch.net
      1 bldg.com
      1 blackwatchglobal.com
      1 biometricgroup.com
      1 bhgrp.com
      1 benchmarkes.com
      1 bea.com
      1 bcmcgroup.com
      1 basesystems.com
      1 barracloughltd.com
      1 barcap.com
      1 aya.yale.edu
      1 attach.net
      1 atk.com
      1 atichcd.org
      1 asu.edu
      1 astroguy.net
      1 asims.ca
      1 arl.psu.edu
      1 arinc.com
      1 arcaspicio.com
      1 aqua.com.do
      1 apptis.com
      1 applicology.com
      1 ang.af.mil
      1 alumni.nd.edu
      1 alumni.duke.edu
      1 alumni.bates.edu
      1 alum.mit.edu
      1 alionscience.com
      1 akamai.com
      1 ait-i.com
      1 aim.com
      1 afcea.org
      1 adl.org
      1 adapx.com
      1 acxiom.com
      1 activeassurance.com
      1 acg-hq.com
      1 absicorp.com
      1 1secureaudit.com


@JamesFirth

by James Firth (noreply@blogger.com) at April 05, 2012 09:36 PM

Index on Censorship

Nepal: journalist murdered

The executive editor of a regional daily newspaper in Nepal has been brutally murdered. Yadav Poudel, from Mechi Times, and who has also worked for Kathmandu-based Avenues Television station and the “Rajdhani” national daily newspaer was found murdered in the early hours of Wednesday morning (4 April). Preliminary investigations suggest the journalist was stabbed to death at around 12.30am on Wednesday morning.

by Alice Purkiss at April 05, 2012 03:54 PM

Uzbekistan: Growing concern over targeting of independent journalists

A number of incidents in the last few weeks have raised concerns over the harassment of journalists in Uzbekistan. On 26 March, independent journalist Viktor Krymzalov was convicted of defamation for an article which was published without a byline. The plaintiff “assumed” it was written by Krymzalov, but no evidence was provided to support the claim. Journalist Elena Bondar was charged with  with “inciting national, racial, ethnic or religious hatred,” after sending letters to the media about alleged government harassment. Novaya Gazeta journalist Victoria Ivleva was recently denied entry to the country.

by Alice Purkiss at April 05, 2012 03:43 PM

China: Ai Weiwei ordered to switch off studio webcams

Authorities have objected to surveillance cameras Chinese artitst Ai Wei Wei installed into his home to provide a live feed online. The artist created a website with four cameras showing his studio, over his bed, his desk and in the courtyard of his house as a “gift” to the authorities who have been watching him for years. Wei Wei set up the site weiweicam.com on 3 April the first anniversary of his 2011 disappearance, but was forced to terminate the feed today. He said the livefeed enabled him to reassure police who were worried what he might do.

by Alice Purkiss at April 05, 2012 03:02 PM

Jordan: Demonstrators beaten in custody

Police beat 30 demonstrators whilst they were detained at a police station in Jordan on 31 March. The demonstrators were arrested after gathering near the Prime Minister’s office in Amman, protesting the detention of seven activists from Tafila who were arrested mid-March. The 100 strong group of protesters were warned by police after some began chanting “if the people are scorned, the regime will fall.” The crowd were violently dispersed and beaten with truncheons by the police, and 30 participants were arrested. After being taken to the Central Amman Police station, officers continued to kick, punch and beat those who had been arrested.

by Alice Purkiss at April 05, 2012 02:56 PM

ORG Zine

Lets Talk About Fanfiction

I've a confession to make. Every once in a while, I write fanfiction. No, I'm not going to link to it.

For the uninitiated, fanfiction is basically taking an existing universe (a book or TV show, say) and using the setting and characters to write new stories. It's a great way of engaging with a work you love. It's a great way of learning to write fiction as it eliminates some of the variables: if you don't have to worry about world building and (to an extent) characterisation, you can focus, for instance, on plot and pacing. There are many different types of fanfiction. You didn't like the ending of that book? Write a different one. Really liked that minor character and want to know what happened to them? Make it up! In the interests of full disclosure, I should also admit that a substantial proportion of fanfiction is of an erotic nature, often involving same-sex couples. Generally male same-sex couples. And it's predominantly written by women. Go figure. (Yes, this is the type I write.)

Anyway, fanfiction is one of the dark secrets of the internet. Fans write it and read it and lovingly curate archives of the stuff. Yet no one talks about it. Each piece is tagged with a huge disclaimer about not owning the universe, or the characters, or making any money from them.

Creators and rights-holders - it is worth remembering that those are different groups - have an ambiguous relationship with the concept. The studio behind the Twilight films clearly doesn't want anyone engaging with their work ever. Computer game makers Bioware actually run fanfiction competitions. Some writers quietly tolerate what the fans do to their creations, others threaten to sue. If you hang around fandom long enough, you learn who's who. George R. R. Martin apparently really loathes fanfiction which is why all the places to find stuff based on his works are locked. Marion Zimmer Bradley used to actively encourage it and publish anthologies of fans' works set in her Darkover universe - until she decided to lock it down completely as a result of a disagreement with a fan over a story idea. Babylon 5 creator J. Michael Straczynski, a pioneer of online fan engagement, tolerated fanfiction but steered well clear of it after he had to shelve an episode idea for several years because a fan had had a similar idea. Estates like the Tolkien Estate tend to be particularly precious about their property.

I don't have the data, but I would be willing to bet good money that fandom is themajor source of derivative and remixed creative works. Yet digital rights campaigners tend to steer well clear of the subject - even those of us who have a foot in each camp. We will happily wax lyrical over the right to parody or a general framework for remixing stuff, but we don't touch fanfiction with a barge pole. This leaves fans in a perpetual state of uncertainty and dread that a creator or rights-holder will come after them one of these days.

Now, I must admit my knowledge of the legal framework that limits fanfiction is shaky. I had always assumed it was copyright - largely because of aforementioned disclaimers - but a discussion at ORGcon quickly clarified that in the vast majority of cases it probably isn't. Copyright protects "expression", not ideas, settings or characters. US law has a concept of derivative works which covers things like film adaptations and translations but is at best murky on transformative works. I don't know if UK law has an equivalent. In most cases it is more likely to be infringement of trademarks rather than copyright that is the sticking point. An informed legal opinion on the matter would be appreciated.

I suspect until digital rights campaigners - or a brave fan - take on the case, we will remain in a legal grey area. This will not stop fanfiction - nothing stops fanfiction. But I suspect it would be nice for fans to know that their labour of love isn't going to land them in huge trouble one day. Anyone fancy a test case?

 

[A huge thank-you to @drcabl3 for organising the Unconference session at ORGcon which prompted this post.]

 

by Milena Popova at April 05, 2012 02:44 PM

Light Blue Touchpaper

Three Paper Thursday: full disk encryption

Information is often an important asset and today’s information is commonly stored as digital data (bytes). We store this data in our computers local hard disks and in our laptops disks. Many organisations wish to keep the data stored in their computers and laptops confidential. Therefore a natural desire is that a stolen disk or laptop should not be readable by an external person (an attacker in general terms). For this reason we use encryption.

A hard disk is commonly logically organised in multiple sections, often referred to as either partitions or volumes. These volumes can be used for various purposes, and they are often structured according to a file system format (e.g. NTFS, FAT, HFS, etc.). It is possible to have a single disk with 3 volumes, where the first volume is formatted with NTFS and contains a Windows operating system, the second volume is formatted with EXT3 file system and contains an installation of a Linux distribution, while the third volume is formatted with FAT file system and only contains data (no operating system).

Volume encryption is a mechanism used to encrypt the contents of an entire volume. This is sometimes referred as “full disk encryption”, which is misleading, since a physical disk can actually contain multiple volumes, each encrypted independently.  However, since the term has become very popular, I will continue to refer to this kind of encryption as “full disk encryption” but the reader should keep the above distinction in mind.

There are several products that offer full disk encryption, e.g. PGP Whole Disk Encryption, TrueCrypt, Sophos SafeGuard, or Check Point FDE. Bitlocker is the full disk encryption integrated with the Windows OS and Apple has recently introduced FileVault 2 as full disk encryption from MAC OS X 10.7.

There are several limitations that affect the encryption of an entire disk. These have to do with 3 important aspects among others: a) encryption must be fast (a user should not notice any extra latency); b) the operating system is encrypted as well (so there must be some way of bootstrapping the decryption process when the computer boots)  c) the encryption mechanism should not reduce the available storage space noticeable (that is, we cannot use an extra block of data for every few encrypted blocks).

The following 3 papers explain in detail these limitations. Two of them relate to currently deployed full disk encryption systems.

Lest we remember: cold boot attacks on encryption keys. J. Halderman et al. Usenix Security Symposium 2008.

This paper explores the possibility of extracting encryption keys from memory (DRAM in particular). Full disk encryption uses a volume  key to encrypt and decrypt disk blocks. In order to allow a fast process the keys are stored in memory. Even more, the keys are expanded (e.g. for AES) and the round keys are also stored in memory (key expansion would introduce a considerable latency if this would need to be done for every block). Therefore a simple dump of the memory will contain the sensitive keys. The authors of this paper consider also the scenario in which a DRAM chip is extracted from the computer and measure the time after which the keys are still retrievable. Using the redundancy given by the expansion keys this time can be increased.

New methods in hard disk encryption. C Fruhwirth, Institute for Computer Languages, Theory and Logic, 2005.

This paper goes into the details of the encryption schemes that can be used for disk encryption and discusses many of the problems that are particular to this type of encryption. It details for example the many problems in using a common scheme such as CBC and also explains some techniques that can be used. The author has implemented some of the algorithms presented in LUKS (Linux Unified Key Setup).

AES-CBC + Elephant difusser: A disk encryption algorithm for Windows Vista. N Ferguson. Microsoft Corp. 2006.

This paper describes the encryption algorithm used in Bitlocker, the full disk encryption system available in Windows (since Vista). The paper comments on the limitations of existing encryption schemes and performance issues and details the solution adopted by Microsoft.

As an additional remark I point out that around 2007 a new mode of operation for AES, called AES-XTS, has been standardized:
http://grouper.ieee.org/groups/1619/email/pdf00086.pdf. This is a “tweakable” mode of encryption (based on Rogaway’s XEX – http://www.springerlink.com/content/1wp57yvu5du2ecwv/), which allows each block in a disk to be encrypted independently. This has major advantages over other encryption modes such as CBC and has already been adopted by Apple in their full disk encryption system: FileVault 2.

by Omar Choudary at April 05, 2012 01:17 PM

ORG Zine

The Year of the Future

If there's one thing everyone seemed to agree on last week at Nominet's annual Internet policy conference, it's that this year, 2012, is a crucial one in the development of the Internet.

The discussion had two purposes. One is to feed into Nominet's policy-making as the body in charge of .uk, in which capacity it's currently grappling with questions such as how to respond to law enforcement demands to disappear domains. The other, which is the kind of exercise net.wars particularly enjoys and that was pioneered at the Computers, Freedom, and Privacy conference (next one spring 2013, in Washington, DC), is to peer into the future and try to prepare for it.

Vint Cerf, now Google's Chief Internet Evangelist, outlined some of that future, saying that this year, 2012, will see more dramatic changes to the Internet than anything since 1983. He had a list:

- The deployment of better authentication in the form of DNSSec;

- New certification regimes to limit damage in the event of more cases like 2011's Diginotar hack;

- internationalized domain names;

- The expansion of new generic top-level domains;

- The switch to IPv6 Internet addressing, which happens on June 6;

- Smart grids;

- The Internet of things: cars, light bulbs, surfboards (!), and anything else that can be turned into a sensor by implanting an RFID chip.

Cerf paused to throw in an update on his long-running project the interplanetary Internet he's been thinking about since 1998 (TXT).

"It's like living in a science fiction novel," he said yesterday as he explained about overcoming intense network lag by using high-density laser pulses. The really cool bit: repurposing space craft whose scientific missions have been completed to become part of the interplanetary backbone. Not space junk: network nodes-in-waiting.

The contrast to Ed Vaizey, the minister for culture, communications and the creative industries at the Department of Culture, Media, and Sport, couldn't have been more marked. He summed up the Internet's governance problem as the "three Ps": pornography, privacy, and piracy. It's nice rhetorical alliteration, but desperately narrow. Vaizey's characterization of 2012 as a critical year rests on the need to consider the UK's platform for the upcoming Internet Governance Forum leading to 2014's World Information Technology Forum. When Vaizey talks about regulating with a "light touch", does he mean the same things we do?

I usually place the beginning of the who-governs-the-Internet argument at 1997, the first time the engineers met rebellion when they made a technical decision (revamping the domain name system). Until then, if the pioneers had an enemy it was governments, memorably warned off by John Perry Barlow's 1996 Declaration of the Independence of Cyberspace. After 1997, it was no longer possible to ignore the new classes of stakeholders, commercial interests and consumers.

I'm old enough as a Netizen – I've been online for more than 20 years – to find it hard to believe that the Internet Governance Forum and its offshoots do much to change the course of the Internet's development: while they're talking, Google's self-drive cars rack up 200,000 miles on San Francisco's busy streets with just one accident (the car was rear-ended; not their fault) and Facebook sucks in 800 million users (if it were a country, it would be the world's third most populous nation).

But someone has to take on the job. It would be morally wrong for governments, banks, and retailers to push us all to transact with them online if they cannot promise some level of service and security for at least those parts of the Internet that they control. And let's face it: most people expect their governments to step in if they're defrauded and criminal activity is taking place, offline or on, which is why I thought Barlow's declaration absurd at the time

Richard Allan, director of public policy for Facebook EMEA – or should we call him Lord Facebook? – had a third reason why 2012 is a critical year: at the heart of the Internet Governance Forum, he said, is the question of how to handle the mismatch between global Internet services and the cultural and regulatory expectations that nations and individuals bring with them as they travel in cyberspace. In Allan's analogy, the Internet is a collection of off-shore islands like Iceland's Surtsey, which has been left untouched to develop its own ecosystem.

Should there be international standards imposed on such sites so that all users know what to expect? Such a scheme would overcome the Balkanization problem that erupts when sites present a different face to each nation's users and the censorship problem of blocking sites considered inappropriate in a given country. But if that's the way it goes, will nations be content to aggregate the most open standards or insist on the most closed, lowest-common-denominator ones?

I'm not sure this is a choice that can be made in any single year – they were asking this same question at CFP in 1994 – but if this is truly the year in which it's made, then yes, 2012 is a critical year in the development of the Internet.

Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

by Wendy Grossman at April 05, 2012 12:02 PM

Consumer Focus

Smart moves on meters but a closer eye is needed on costs – says consumer watchdog

Responding to DECC’s announcements on smart meters today, Audrey Gallacher, Director of Energy at Consumer Focus, said:

‘There is good news here for customers with wins on data privacy, sales and marketing and engagement with consumers. But we continue to have concerns that the costs of the scheme may be underestimated and that costs for consumers could rise. Further action is also needed to make sure all customers get the full benefits smart meters could supply. 

‘We welcome the banning of sales during installation and that marketing will only be allowed if the customer agrees. This shows the Government has listened to consumers.  We support the proposals to address consumer concerns around the privacy of information. But, to make this work, people must be aware of their rights and the choices available to them on how much information is passed to suppliers.

 ‘It is welcome that the Government has recognised the need for a much stronger and better co-ordinated strategy to engage consumers. Smart meters will only help people to become more energy efficient and cut their bills if they are able to easily understand and use the new technology. We hope this move will pave the way for a support scheme for vulnerable customers to ensure everyone gets the benefit of smart meters.’  

 A breakdown of Consumer Focus’s views on other elements of today’s announcement are below.

 Data privacy

  • We welcome Government moves on privacy. But customers will need to be aware of their rights and the choices available.  Also people should not be charged to access their energy data in an easily usable format, as has been a problem with some small businesses.1

Meters

  • The Government has decided that any smart meter installed ahead of the wider roll-out must be removed if it does not meet strict requirements to be imposed on meters installed from 2014. This is very welcome – it could save customers hundreds of millions of pounds and help minimise barriers to switching. However there are still some question marks about whether smart appliances and displays will be able to work across all energy suppliers for those that get meters before 2014.

Supplier Installation Code of Practice

  •  We strongly support new rules to help minimise customer inconvenience and help people make the most of their smart meter – including requirements on installers to provide energy efficiency advice as part of the visit and signpost customers to impartial sources of support. But how successful these rules are will depend on how effectively suppliers implement them.

Fuel poor and prepayment meter customers

  • We welcome the greater focus on needs of vulnerable consumers in these proposals, and the decision to require suppliers to make sure the technology meets the needs of, and is usable by, all consumers. However the Government has still not carried out its promised assessment of the impact of smart metering on fuel poverty. This must be done to make sure steps are taken so all customers benefit.
     
  • We also remain concerned about the lack of detail on how to make the scheme benefit prepayment meter customers, many of whom live on low fixed incomes.2 Smart meters could revolutionise the pay-as-you-go energy market, delivering cheaper tariffs and better customers service, but only if PPM customers are a higher priority.

Costs

  • Consumers need transparency and accountability over the costs of this scheme to make sure the Government keeps these in hand – competition alone will not deliver cost efficiencies.

ENDS

Notes to Editors:

  1. A Consumer Focus information request in 2010 found some non-domestic suppliers were charging small businesses with advanced meters a daily fee to access their own energy information via an online portal. This fee varied with the most expensive fee charged at 55p per day.
     
  2. It is likely that prepayment meter customers will not achieve the same energy savings from smart meters as those on other payment types, yet they will still be required to foot the bill. The lower benefits may be because they are already more energy aware or energy efficient due to budgetary constraints. DECC’s impact assessment estimates that gas prepayment meter customers will get average savings of 0.5% compared to 2% for gas cash and cheque customers. It is therefore crucial that they get other benefits such as cheaper tariffs, in home displays that meet their needs, more convenient ways to top up and improved customer service.

Factfile:

  • The GB smart meter rollout is potentially the largest in the world, involving the installation of more meters in more than 28 million homes. In total it is estimated that 53 million meters will be installed in 30 million premises (homes and businesses).
     
  • DECC currently estimates the cost of the scheme at £11.5 billion. The average cost per household will be £7 by 2015. Government estimates that overall the average dual fuel customer will make net savings on their energy bill of £25 per annum by 2020. Overall cost (not including customer benefits if these are not realised) is £387 per household.

by Pernille Thomsen at April 05, 2012 11:20 AM

* Glyn Moody

Our Imminent Summer of Digital Discontent


As you may have noticed, the weather is rather confused in the UK at the moment – one moment sweltering, the next freezing. But I predict this summer is certainly going to be hot, judging at least by what's going on in the world of digital rights.

First of all, there's ACTA. In a surprising but welcome decision, the INTA committee recommended that ACTA be voted on in the European Parliament, rather than referred to the European Court of Human Justice, as the European Commission is doing:

After an eventful process where a minority of pro-ACTA MEPs used procedural arguments to delay a decision, the EU Parliament's "International Trade" committee refused to refer ACTA to the EU Court of Justice. Such a referral would have delayed for 18 months the final vote on ACTA.

Respecting the original timetable, the rapporteur David Martin (S&D, UK) will now present a draft report to his colleagues on April 25th, 2012. This draft report will form the basis of the INTA committee's final recommendation to the rest of the Parliament on whether to consent to ACTA or to reject it.

The INTA committee, as well as the other committees working on opinion reports, will also resume their works on this illegitimate agreement.

That means we will need to contact our MEPs before the vote to make sure they understand why ACTA is a bad idea and should be rejected in the vote. Once that happens, the judgment from the ECJ will be irrelevant: ACTA will be rejected by Europe. And without Europe, ACTA as a whole is dead – hence the importance of convincing MEPs.

Still on the European front, there is the imminent revision of the “Intellectual Property Rights” Directive (IPRED). Although it's a little hard to know how the European Commission will play this in the light of the turbulence around ACTA, there's no reason to think that it will moderate its plans, which are pretty bad. Here's La Quadrature du Net's take on them:

the EU Commission released a communication on the digital single market covering most EU policies related to the Digital Agenda1. As this document suggests, the Commission is working on combating illegal gambling websites, which could take the form of censorship measures such as those implemented in France and other Member States2. Hypocritically, and probably to please the banking industry, the Commission does not even consider attacking illegal businesses' financial streams, which would be an effective way to tackle them. Instead, the Commission paves the way to censorship measures at the core of the network.

In the area of Copyright, the EU Commission sticks to the dangerous notion of “illegal content”, which doesn't mean anything by itself, except that the network will be programmed for enforcement. It is also pushing for extra-judicial “cooperation” between Internet actors, payment providers and entertainment industries, mirroring the very controversial Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA), currently discussed in the US Congress.


Again, just because SOPA and PIPA are on hold does not mean that there won't be further pushes to get them or something like them through the US system. Indeed, just recently the US Copyright Czar (what a ridiculous job title) has released her annual report on copyright and its enforcement, and from that it's clear the US will be pushing for more SOPA-like laws.

Meanwhile, back in the EU, we have more bad ideas: making "the production or sale of devices such as computer programs designed for cyber-attacks, or which find a computer password by which an information system can be accessed, would constitute criminal offences."

That's daft because, of course, many legitimate security tools can be used to discover computer passwords, so this would instantly criminalise those. The obvious solution would have been to allow an exemption for research, but the people in the European Parliament don't seem to understand what they are doing (just for a change).

Meanwhile, back in Blighty, we have even more worrying stuff if this report from James Firth is to be believed – and unfortunately, his sources are generally pretty good – about the imminent Communications Bill Green Paper:

I'm told ISPs would become responsible for deciding what is and what isn't copyright infringement on their networks and blocking infringing content without intervention from a court.

Notice and takedown would be expanded so that a whole website or domain could be taken down on a mere allegation from rights holders that the domain was used "substantially" for copyright infringement.

And search engines would be asked to police results, maintaining both a blacklist of whole domains which would never appear in search results and a whitelist of preferred purveyors of e-entertainment who would always appear at the top of the search results.

Again, this is seriously clueless stuff – breaking the Internet search engines and allowing arbitrary site blocking at the drop of a hat. It's really extraordinary how Western governments are happy to introduce levels of censorship today that a decade or so ago would have been unthinkable.

Finally, just when you thought things couldn't get any worse, we have total, police-state surveillance being planned for the UK:

The government will be able to monitor the calls, emails, texts and website visits of everyone in the UK under new legislation set to be announced soon.

Internet firms will be required to give intelligence agency GCHQ access to communications on demand, in real time.

The Home Office says the move is key to tackling crime and terrorism, but civil liberties groups have criticised it. 


.


A new law - which may be announced in the forthcoming Queen's Speech in May - would not allow GCHQ to access the content of emails, calls or messages without a warrant.

But it would enable intelligence officers to identify who an individual or group is in contact with, how often and for how long. They would also be able to see which websites someone had visited.

Clearly, this is extreme stuff: every communication that we make would be recorded and accessible by the UK's intelligence services. Or rather, the supposedly intelligent intelligence services, for this kind of blanket surveillance is born of incompetence and laziness, the last resort of people unable to do their job under democratic conditions.

Instead, they use the usual cover of "terrorism" to justify these unprecedented measures, which they used before to introduce blanket CCTVs around our cities. Weren't they supposed to solve the problem? They didn't, and mass surveillance of communications won't either, which will then lead to yet more erosion of civil liberties in this countries. That's why we must stop this rot before it goes any further.

The good news is that the widespread outrage that has greeted this extreme proposal seems to have caused the coalition to pause in its plans, if only to regroup, with some mixed signals emerging about whether there will be a consultation before bringing them back. We need to be prepared to make cogent submissions to that if it happens, and to fight for it if it doesn't.

So, it's looking like it's going to be a long, very hot summer. Get those knotted handkerchiefs ready...

by noreply@blogger.com (glyn moody) at April 05, 2012 09:33 AM

Spy Blog

Anonymous media briefings to soften us up for even more Internet Snooping in the Queens Speech next month

The anonymous media briefings ahead of next month's Queen's Speech are continuing today, lead by the Sunday Times and followed by the Press Association, with broadcasters like the BBC joining in, second hand.

The Sunday Times has published a rather meagre front page article on the Coalition government's revival of Labour's All Your Internet Are Belong To Us snooping plans:

Instead of just passively waiting for another NuLabour style fait accompli, please contact your local MP and / or join or support cross party groups like NO2ID Campaign or the Open Rights Group

Sunday Times
Sunday 1st April 2012

Government to snoop on all emails
David Cracknell

David Cracknell used to have several "anonymous" sources within Government and was briefed "off the record" by Whitehall spin doctors

Is the poor quality of this article the result of the anti-Murdoch press "cover your own backsides" attitude which now prevails in Whitehall , following the "phone hacking" / corruption scandals which closed the News of the World and which are tainting even the Sunday Times ?


The government is to expand hugely its powers to monitor email exchanges and website visits of every person in Britain.

Under plans expected to be announced in the Queen's speech next month, internet companies will be told to install thousands of pieces of hardware to allow GCHQ, the government's eavesdropping centre, to scrutinise "on demand" every phone call made, text message and email sent and website accessed in real time.

They already have this legal power which does not require any sort of judicial warrant, under the notorious Regulation of Investigatory Powers Act 2000. All that GCHQ needs is a "catch all" Warrant or Certificate signed by a Secretary of State i.e. normally, in their case, the Foreign Secretary William Hague.

This introduced the legal power to install "black box" snooping hardware at the major Telecommunications companies and Internet Service Providers, overseen by the Technical Advisory Board.

The amount of money the the Labour government was willing to pay for this snooping infrastructure was a paltry sum, which is why it took so long for any agreement with the ISPs. N.B. the interests and priorities of ISPs and Telecomms companies are not the same as those of their customers.

The volume of internet data flowing today is orders of magnitude more than that envisaged back in 2000, so If the new plan is to really going to install "thousands of pieces of hardware", then this plan will cost billions of pounds.

An effort by Labour to introduce a similar law was shelved in 2006 after fierce opposition from the Tories, Liberal Democrats and pri­vacy campaigners.

The useless Jacqui Smith threatened us with a Communications Data Bill, but that was in 2009, not 2006

While the new law would not allow GCHQ to monitor the content of communica­tions without obtaining a warrant, it would permit the intelligence agency to trace whom a person or group had contacted, when, for how long and how often.

That is no different from the existing RIPA law then

Members of the Internet Service Providers' Associa­tion, which represents more than 200 businesses including BT, Virgin Media and Google, were given some details of the proposals last month and were alarmed by what they were told.

So why does this Sunday Times article not mention the Communications Capabilities Development Programme (CCDP), which is what the ISPs were briefing other journalists on last month ?

See Spy Blog: Whitehall risks public and internet industry revolt against their secretive Communications Capabilities Development Programme (CCDP) internet and phone snooping plans

A senior industry official said: "It's mass surveillance.
The idea is that the network operator should effectively intercept the
communications between, say, Google and some third party

"the network operators are going to be asked to put probes in the network and they are upset about the idea ... It's expensive, it's intru­sive to your own customers, it's very difficult to see it's going to work properly and it's going to be a nightmare to run legally."

The association said: "It is important that proposals to update government's capabili­ties to intercept and retain communications data... are proportionate, respect freedom of expression and the privacy of users."

Why doesn't the Sunday Times name the "senior industry official" or even the "Internet Service Providers' Associa­tion" spokesman ?

Under the current law, companies must keep records for some traditional types of phone and electronic commu­nication for a year.

Hold on, the European Union Data Retention regulations e.g.

The Data Retention (EC Directive) Regulations 2009

are about forcing ISPs and Landline and Mobile Phone companies to keep Communications Data unnecessarily, which they would otherwise have been obliged to delete under the Data Protection Act, since they themselves no longer have any legitimate use for it, especially if the internet or mobile phone bills have been pre-paid. Data Retention is not about access to such retained data.

The new legislation would extend this provision to cover a much wider field, including social media sites such as Facebook and Twitter and online video games.

Perhaps the Sunday Times is actually writing about CCDP then.

N.B. CCDP is not not just a GCHQ project (which has its own "Mastering the Internet" investment programme) but is being "coordinated" by the technologically inept Home Office.

It is not physically possible to get Communications Traffic Data form foreign based social media websites like FaceBook or Twitter without actually using techniques such as Deep Packet Inspection and perhaps even Man-In-The-Middle Attack SSL / proxies i.e. it requires actual Interception of the Content of these websites to do this.

The only countries which attempt to do this at the moment are repressive regimes like Iran, China, Saudi Arabia etc.

Dominic Raab, a Tory MP who has campaigned for civil liberties, said: "If over-zealous officials are trying to resuscitate Labour's flawed paln for 'big brother' monitoring, ministers need to nip this in the bud."

MI5 and GCHQ have been lobbying hard for the wider powers which, they believe, are a crucial tool to combat terrorism and serious crime.

Serious Crime is not within the remit of either GCHQ or MI5

The Police cannot cope properly with the vast amount of data they already gather, so why will "searching for a needle in a haystack, by throwing in several more haystacks", be cost effective ?

There is no evidence that holding 6 month or 1 year old Communications Data of hundreds of millions of innocent people in the European Union, has been of any use in catching criminals or terrorists. Where it has been of use, e.g. in the recent Toulouse serial killer / extremist case, the Communications Data has been very recent and the searches have been narrowly targeted to a suspects known phones or email addresses or to a victim's web advert etc.

At present GCHQ can use probes to monitor the content of calls and emails sent by specific individuals who are the subject of police or security service investigation, provided it has ministerial approval.

For "ministerial approval" read "ministerial or senior official rubber stamp"

There should actually be independent Judicial warrants for such intrusive interception surveillance, not rubber stamping by politicians.

The Home Office said it would introduce new legislation "as soon as parliamentary time allow" but stressed that the data to be monitored would not include content.

Why does the Sunday Times not name this anonymous Home Office spokesman ?

Which part of the phrase "Deep Packet Inspection = Interception of Content" does the Home Office not understand ?

Have all the civil servants and SPADs who embarrassed themselves and the Home Office over the BT / Phorm scandal now been promoted to other jobs, leaving their inexperienced "generalist" replacements to magically formulate "policy" without any technical experience or knowledge ?

Incredibly this article does not really mention Mobile Phones and especially Mobile Phone Location Data.

This, like other forms of Communications Data is available via automated gateway computer systems to authorised Police and Intelligence Agency investigators, but it is meant to be narrowly targeted and proportionate, under a combination of the Regulation of Investgatory Powers Act 2000 (which permits such agencies to make such requests) and the Data Protection Act 1998 (which exempts the Telcos and Mobile Phone Networks and ISPs from prosecution for handing such data over to them)

Is this Sunday Times article, a high quality briefing / leak by Whitehall mandarins ?

Is it safe to interpret the omissions like Soviet era Kremlinologists, and read between the lines that some of the previously evil plans which have been touted, have been watered down ?

Our opinion is that no, this is a flawed article, which has either had many important details removed by the editors for front page space reasons, or which is being deliberately deceitful by omission.

Unfortunately, as is so often the case with today's "news" industry, this article has been re-published by , for example, the Press Association, with even fewer important technical and legal details:

The Independent
Sunday 01 April 2012

Expansion of GCHQ internet monitoring proposed

Gavin Cordon

[...]

The Home Office confirmed that ministers were intending to legislate "as soon as parliamentary time allows".

"It is vital that police and security services are able to obtain communications data in certain circumstances to investigate serious crime and terrorism and to protect the public. We need to take action to maintain the continued availability of communications data as technology changes," a spokesman said.

Why does the Independent not name this anonymous "spokesman" ?

"Communications data includes time, duration and dialling numbers of a phone call, or an email address. It does not include the content of any phone call or email and it is not the intention of Government to make changes to the existing legal basis for the interception of communications."

[...]

Note the (deliberate ?) omission of Mobile Phone Location Data in this alleged definition of Communications Data. This does not include Tweets or Facebook "likes" , which do require interception of the content of a web browsing session (also deliberately not mentioned ?)

David Davis, one of the few Conservative MPs who stood up for civil liberties when in opposition to Labour, has rightly criticised this plan in this BBC video clip, in which he does mention some of the things omitted by the Sunday Times:

Email and web use 'to be monitored' under new laws

However, we are not sure where the "retention for 2 years" comes from and despite the mention of "magistrates and courts", none of that has applied since 2000 - the only "warrants" are those rubber stamped by politicians or officials for Interception, and "self authorised" requests by the Police and Intelligence Agencies. There is no involvement of independent Judges or Magistrates at all in the UK, with either electronic (or postal) communications Interception or with Communications Data or with Intrusive Surveillance (planting of bugging or tracking devices, use of Confidential Human Intelligence Source informants etc.)


by wtwu at April 05, 2012 12:59 AM

April 04, 2012

Index on Censorship

Burma’s media workers dare to dream of free expression

The election of Aung San Suu Kyi was another step in Burma’s advance to democracy. But journalists are aware that the small gains made by the media could be taken back. Tom Fawthrop reports

On 1 April celebrations erupted in the streets of Rangoon and Mandalay. The ruling USDP party, spawned by the military junta that has ruled Myanmar since 1962, had just been trounced at the polls by pro-democracy party The National League for Democracy (NLD).

Flag-waving supporters danced to rap music blaring through the Rangoon night accompanied by the raucous singing of Burmese freedom songs.

According to unofficial results the NLD, led by Nobel Peace laureate and democracy icon Aung San Suu Kyi, won a landslide 43 seats out of 44, contested in special by-elections for the 644 seat parliament.

After almost 20 years kept under house arrest, Suu Kyi is believed to have emerged triumphant with a reported 99 per cent of the vote in her constituency of poor farmers.

After the “Arab Spring”, the pro-democracy movement in Burma, which dates back to the abortive peoples’ uprising in 1988, and was re-ignited by the “Saffron Revolution” led by Buddhist monks in 2007, has once more renewed its peaceful challenge; but this time the Burmese people moved their protest from the streets to the ballot-box.

Recent changes launched by new President and former general Thein Sein made it possible for the NLD to agree to participate in elections for the first time since 1990. In 2010 Suu Kyi, known widely as “the Lady”, and her party boycotted the elections which rubber-stamped the victory of the military‘s political wing the USDP (The Union of Solidarity and Development Party). The changes launched by President Thein Sein, and his pledge to hold free and fair election, made it possible for the NLD to agree to participate in the elections.

President Thein Sein, and Aung San Suu Kyi appear to have forged a surprising degree of trust and understanding.

Thein Sein has surprised and shocked many army generals by his courting of western governments, reducing media censorship, releasing over 600 political prisoners, and permitting Burma’s first credible election since 1990, when the NLD party won just under 80 per cent of all parliamentary seats.

In the Burmese capital of Naypyidaw, there is a galaxy of Suu Kyi pictures on posters, T-shirts and newspaper front pages. If you didn’t know The Lady was running for a parliamentary seat, you would assume she was the latest pop-star sensation or a Hollywood actress.

Instead she is the revered daughter of national hero and founder of Burmese independence, General Aung San, and she is attracting the kind of adulation that comes with sainthood. Only a year ago people would have been arrested for possession of memorabilia of Suu Kyi, who was then held under house arrest.

Prospects for press freedom and a new media law
Burmese magazinesDuring the election campaign, a Unesco-sponsored conference on press freedom and the government’s new media law took place in Rangoon. The big surprise was that the contingent of exiled Burmese journalists at the top of the regime’s extensive media blacklist, gained a 6-day visa in order to attend this historic media event.

Internet censorship has also been relaxed. The websites of exiled Burmese media — Irrawaddy magazine, Mizzima news agency and DVB TV, transmitting on satellite from its head office in Oslo, were a high priority in the regime’s systematic suppression of critical information. Now access has been restored and the government has, in principle, agreed to allow some representatives of the exiled media to establish offices in Rangoon.

Information Minister U Kyaw Hsan, who loyally served the military regime for six years prior to the formation of a civilian government in 2010, addressed the conference and affirmed that the new government, headed by President Thein Sein, was committed to increased press freedom.

Currently journals that publish weekly reviews of news and politics must submit their proofs to the Press Scrutiny and Registration Division (PSRD) before publication. Thein Sein declared that he was also committed to the gradual removal of state censorship prior to publication.

Former “enemies of the state” banned by this same Minister of Information were now sitting in the same room, listening to his assurances that he supported press freedom.

In his opening address to a media conference held in Rangoon in March, the minister argued: “we are not drafting the new media law with the intention of banning or hampering press freedom. Our aim is to facilitate the proper use of press freedom for the long-term progress of Myanmar’s media sector”.

The new media regime will allow privately-owned newspapers to publish dailies, (now only weeklies are permitted).The government is expected to carry out its promise to drop prior censorship.

The press are today permitted to print Suu Kyi’s photo on the front page, but U Soe Thein, veteran journalist and editor of The People’s Age Journal complains that the censorship board still uses the red ink to block those stories which are critical of the government or quote the other side in peace negotiations.

Soe Thein said: “In our coverage of recent peace talks and ceasefire agreements with ethnic groups opposed to the government, we are only allowed to cover the government side. We are not allowed to quote anyone from the ethnic rebel side like the Kachin Independence Organisation (KIO)”.

“I don’t really trust the minister and his assurances about more press freedom” says Soe Thin, who has been jailed several times for his writings. He insisted “we journalists will continue to push the envelope”.

Many editors and journalists are worried that the new media law contains no clause to protect the media from the repressive laws and the legal machinery of the dictatorship, that could still be used to silence the media and jail them at any time.

Eighty-two-year-old U Win Tin is Burma’s most fearless and respected journalist, who has survived over 20 years imprisonment. Since the late 1980s, he has been a close advisor to Suu Kyi.He says: “the media law gives no protection to journalists. We need legal protection. This is the key issue.” He argues that promises about press freedom don’t add up to much and has called for “tangible guarantees”.

Twenty-one year old Sithu Zeya, a video journalist from Democratic Voice of Burma, who was released from jail in January this year, is a good example of this legal limbo-land that media now inhabit. His release was a conditional freedom. He could still be returned to prison to serve the remaining 18 years of his sentence, if he breaches any of Burma’s all-embracing and ill-defined public order and security laws.

At the March media conference the Information Ministry did not respond to repeated calls for the repeal of legislation that infringed human rights and press freedom.

A joint statement by exiled media groups, which was released following the conference said: “It is important that the media law in Burma should not only focus on freedom of the press and freedom of expression, but also constitute a safeguard for the security and rights of members of the media community.”

In the wake of post-election euphoria there is an emotive surge of hope that the landslide by-election wins will create an irresistible momentum towards press freedom and democracy.

But Aung San Suu Kyi has warned that nothing is irreversible and these reforms can easily be rolled back. Burma is still a military-dominated regime with 25 per cent of the 644 seats in parliament automatically reserved for army officers, far outnumbering the 43 seats that pro-democracy forces have just won.

Both local and exiled journalists who choose to return, are still vulnerable to sudden shifts in the government’s interpretation of “responsible journalism”.The media will continue to be a high risk sector in Burma for a long time to come, as long as the ultimate power still resides in the hands of a military that has become accustomed to being the ultimate guardian of the nation.

Tom Fawthrop is a freelance foreign correspondent based in south-east Asia

Aung San Suu Kyi writes a free speech manifesto for the new edition of Index on Censorship saying : “The fight for freedom begins with freedom of speech”

by Index on Censorship at April 04, 2012 03:21 PM

* James Firth

Confusion over warrants, surveillance powers and the intrusiveness of traffic data

Since I wrote a post explaining how the Government's draft surveillance plans had the effect of downgrading what traditionally would be classed as intrusive interception to a lesser category of access to traffic data - which has far fewer safeguards - a few people have written to me asking about the issue of warrants.

As it stands today a local authority, police force or government intelligence agency does not need a warrant to access traffic data, whereas access to the content of electronic communications - interception - requires an interception warrant, each ultimately authorised personally by the Secretary of State.

The use of interception warrants is overseen by the secretive Interception of Communications Commissioner (ICC) whereas traffic data is regulated as personal data by the Information Commissioners Office (ICO).

Confusion over warrants for access to traffic data arises perhaps because of the coalition's much-vaunted Protection of Freedoms Bill, which will require a judicial warrant for many requests for traffic data.

The Protection of Freedoms Bill is still ping-ponging between the Lords and the Commons so it's still not absolutely clear when a warrant will be required, but it's pretty certain that Local Authorities will have to approach a magistrate for approval.

But this won't solve a fundamental problem in that RIPA, the law governing the state use of surveillance, was written for an analogue era; despite being enacted a good 8 years after the world wide web took off.

As I expressed in another post, drawing analogies between traffic data from a telephone network and data milked from an internet connection undermines a step-change in sensitivity caused by the way we use modern communications today.

Traffic data - which includes the websites we visit - can give a good indication of:
  • Our religion, if we visit church websites
  • Our political views, by virtue of the newspapers we read
  • Our sexual preferences
  • Our taste in popular culture, films, music, theatre etc
  • Our location at most times, day or night
  • Whether we are politically active, or members of a campaign group
  • Where we work
Additionally, a key measure of the intrusiveness of traffic data has its origins in the data being already available, compiled as a necessary part of running a telephone network (billing data).

The Data Retention Directive, by requiring designated ISPs to store data it would otherwise discard, already moves away from this concept.  A method which requires additional steps or measures in order to capture data is inherently more intrusive than passive access to data already available.

The latest government plans take this one stage further, introducing the possibility that additional hardware and/or computer software will be added to networks to gather this so-called traffic data.  

This should be taken as a strong indication that we are no-longer talking about traffic data, as traffic data is information required for getting data from point A to point B.  Such information is always placed in the easily-accessible header section of all communications packets and specialised equipment is not needed to extract this.

When we start talking about what is to all intents and purposes a network tap dressed up as a tool to access some bastardised concept of traffic data it's time to wake up and realise the underlying law - RIPA - is not fit for the internet age.

We need new definitions for what is intrusive for online surveillance.

And to get there we need an open, honest and adult debate about what represents an acceptable balance between security and privacy in communications.

Safeguards will form part of this balance, and we need to ensure the level of oversight and protection is in each case appropriate to the intrusiveness of any given method of monitoring.

Yes I respect and admire the work of security services and police but that doesn't mean the state gets carte blanche. There has to be some give - some let-up in the secrecy for there to be a public debate about what is necessary and proportionate.

After all, public trust and confidence in the work of the security forces is a bigger asset, even, than the ability to monitor all electronic communications.  A consensual approach makes society stronger and inherently stable.

Related: Privacy initiatives as an enabler for cyber security

@JamesFirth

Bootnote: It has been pointed out that access to traffic data stored under the Data Retention Directive has been made available to civil litigants under a Norwich Pharmacal Order.  Again this needs to be looked at:- if we introduce measures for the sole purpose of preventing serious crime and securing the nation we must also introduce robust safeguards to prevent the measures then being used for far lesser infringements.

by James Firth (noreply@blogger.com) at April 04, 2012 03:34 PM

Open Digital

Belfast 2012: privacy initiatives as an enabler for cyber security

I was lucky to get an invite to the CSIT 2012 cyber security summit.

Credit to the CSIT team in Belfast for creating a unique atmosphere which got the balance absolutely right - not too academic for industry to feel excluded, government participation without the grandstanding or justification sometimes seen, and plenty of opportunity for detailed open discussion amongst global delegates from industry, academia and government.

I attended for three reasons. Firstly, I spent the first 8 years of my software career designing secure communications (a patent from back when I worked at Motorola).

Secondly, I want to advocate against locking-down aspects of the internet in the name of security because I passionately believe open societies are stronger societies, and this applies equally to cyberspace.

And finally I wanted to discuss our work on privacy as an enabler to cyber security.

When each of us act with a high degree of autonomy, taking responsibility for our own personal data and protecting our own systems due to our inherent desire for privacy, I believe our networks as a whole will be more secure than if we defer to governments as our primary cyber defender.

This was a recurring theme throughout discussions.

There is what was referred to as an asymmetry in human resources faced by those tasked with securing our networks: relatively small numbers of professionals with varying skill levels facing off against legions of online activists and cyber criminals with an impressive skill set and access to most of the same tools (or 'weapons') as governments.

It went unsaid but one can only assume some nation states have also their own legions.

In a democracy we should be able to rely on citizens to augment the work of government in securing our networks, but for this to happen we need both mutual trust between citizens and government security agencies, and for citizens to feel motivated and able to help.

Specifically on privacy there are additional reasons why privacy can be an enabler to cyber security.

All sections of society are vulnerable to data loss through their ordinary everyday use of the internet.  Lack of data privacy can become a national security risk when personal data of those in sensitive positions becomes accessible to those with hostile intent, who may use private information to extort or to blackmail.

Whilst traditionally privacy has been seen in some quarters as at odds with security and policing requirements - e.g. the use of network monitoring tools to spot threats and investigate crime - there's also an argument against this.

In some cases a focus on intrusive policing and intelligence-gathering techniques can come at the expense of developing more sustainable community-based policing models for cyberspace.

Information technology is still developing apace, therefore capability-based policing - a reliance on a power available only to police and security forces such as network monitoring, data seizure etc - will for a while at least remain a costly arms race.

Soon after each capability is installed in our networks either technology evolves, requiring further upgrades, or the bad guys up their game leaving the capability obsolete, or both.

A worse scenario exists: the capability might be exploited by the bad guys.

Take the data retention directive, the EU law (which as far as I can establish the UK lobbied for) compels ISPs to store information which might be useful to law enforcement for a period of 6 months to 2 years.

All this potentially exploitable data sitting around in huge silos at ISPs. A capability that is also clearly vulnerable to exploit, especially given the security of such data is in the hands of private companies.

Employees have in the past looked up private data from company databases and sold this information to private detectives working for divorce lawyers, journalists and criminals.

It's not a straight choice between privacy and security. It's a balance between privacy as an enabler to creating a more secure information culture and privacy-invasive policing as a tool to detect and prevent cyber crime.

UPDATE: also, one must not overlook the importance of public trust and the benefits of consensual policing. Invasive monitoring can cause mistrust between the public and security services.

Public trust and confidence in the work of the security forces is a bigger asset, even, than the ability to monitor all electronic communications. A consensual approach makes society stronger and inherently stable.

by James Firth (noreply@blogger.com) at April 04, 2012 03:20 PM

Index on Censorship

Turkey: Politician sentenced to 15 years in prison for campaign speeches

A Turkish politician has been sentenced to 15 years in prison after delivering speeches in the run up to elections in June 2011. Serafettin Halis, former Deputy of the Kurdish Peace and Democracy Party (BDP) was convicted of being part of an illegal organisation, and creating propaganda for an illegal organisation following seven speeches he delivered during the run up the the elections. Halis told local press that he is being prosecuted for speaking to his constituents, as the speeches were made in his capacity as an elected official.

by Alice Purkiss at April 04, 2012 01:17 PM

ORG Zine

Oi! Lib Dems! Are you listening?

This is a shout out to the yellow half of the coalition government. The so-called liberal contingent who claim to defend individual freedoms against state oppression.

What is so liberal about the proposals to track all internet-based correspondence? Whose liberty is most at stake here? That of suspected criminals, or the innocent everyday user?

What kind of precedent do you think will be set by this law? You may think the monitoring of all online communications will be restricted to whos whens and wheres, but can you prove that every subsequent government will have the same restraint over what is being said between non-suspects?

You may think that the proposals are merely "updating the rules which currently apply to mobile telephone calls to allow the police and security services to go after terrorists and serious criminals".

In that case, will you also be in favour of extending the DNA database to the entire population? Or having Royal Mail screen all physical correspondence? Or tagging all walkers?

It may sound ridiculous, but the principle is surely the same: no longer will reasonable suspicion be necessary for the state to stalk us. And if it can, it will. Is this part of your idea of a liberal justice system?

You may think that the storage of such data is ok because it will not be handled centrally by government. But you instead propose to outsource this responsibility to the private interests of Internet Service Providers. To what end? ISP are already instructed under an EU directive to keep details of users' web access, email and internet phone calls for 12 months. This is in addition to the copious quantities of data mined and retained for commercial purposes by internet companies as well. An unholy alliance is potentially afoot; intelligence services already have access to more data than ever before... it just happens to be gathered by the private sector. And they'd only need ask for it.

Do you remember what you declared in your own 2010 manifesto [p94], then pledged in the Coalition agreement [p11]?

We will end the storage of internet and email records without good reason.

So, is this your idea of defending our civil liberties? Free and open access to personal data for businesses, paid for in personal freedoms, all at the request [with or without a warrant] of a panopticon state?

You've been clamouring for recognition of the positive influence you have on this government's policies for some time now. If there was ever a time to prove your worth to the UK electorate, now is it. Please stop these plans from becoming reality, before it's too late.

Habib Kadiri usually operates under the moniker of heakthephreak, mainly @heakthephreak.blogspot.co.uk.

by Habib Kadiri at April 04, 2012 12:12 PM

Consumer Focus

E.ON must stop unwanted doorstep sales given new Ofgem investigation

Responding to an Ofgem investigation announced today into potential misselling by E.ON, Audrey Gallacher, Director of Energy at Consumer Focus, said: 

Misselling has been a consistent problem in the energy market. Any suspicion that a supplier is in breach of their obligations to sell fairly must be tackled head on.’ 

‘While it is unclear what types of sales E.ON may be suspected of misleading consumers on, we would hope this announcement will cause them to end doorstep sales. E.ON has persistently failed to take action on this unwanted sales activity, despite being the only major supplier left selling at people’s homes.’

ENDS

by Pernille Thomsen at April 04, 2012 11:25 AM

Index on Censorship

Iraq: Car bomb kills TV presenter

A TV presenter has been killed by a car bomb in Iraq. Kamiran Salaheddin was killed at around 9pm on Monday (2 April) night, after a bomb placed under his car exploded. Salaheddin presented Al-Iraq w-al Hadath (Iraq and Events), a news and current affairs programme on Salahaddin TV, where he had been employed since 2005.  The journalist was also the head of the local journalists’ union in Tikrit. Salaheddin is the first journalist to be killed in Iraq this year.

by Alice Purkiss at April 04, 2012 11:15 AM

Light Blue Touchpaper

A one-line software patent – and a fix

I have been waiting for this day for 17 years! Today, United States Patent 5,404,140 titled “Coding system” owned by Mitsubishi expires, 22 years after it was filed in Japan.

Why the excitement? Well, 17 years ago, I wrote JBIG-KIT, a free and open-source implementation of JBIG1, the image compression algorithm used in all modern fax machines. My software is about 4000 lines of code long (in C), and only one single “if” statement in it is covered by the above patent:

      if (s->a < lsz) { s->c += s->a; s->a = lsz; }

And sadly, there was no way to implement a JBIG1 encoder or decoder without using this patented line of code (in some form) while remaining compatible with all other JBIG1 implementations out there.

For the technically interested: JBIG1 uses an arithmetic coder that estimates the probability that the next pixel to be encoded is either black or white (taking into account 10 previously transmitted neighbour pixels). Arguably in the interest of saving a bit of RAM in hardware implementations, the standard does not use the simple arithmetic expression that estimates these pixel probabilities based on counts of how often a pixel has been black or white before in that context: p(next pixel is white) = (#white pixel so far + 1) / (#pixels so far + 1). Instead, it defines a finite-state machine that comes up with a cruder estimate, using just 7 bits to define 113 states, rather than actually counting pixels with 32-bit registers. IBM had a patent on that finite-state machine, which is really hardly more than an obfuscated counter. Then a Mitsubishi employee noticed that the crude IBM approximation sometimes ended up assigning to the “less probable pixel colour” a probability larger than 0.5, making it actually more probable. So they suggested the above if-statement to swap the probability estimates of the two colours in those rare cases, leading to a tiny improvement in coding efficiency.

Not only is the tiny improvement patented by Mitsubishi pretty trivial, it would also have been utterly unnecessary if IBM hadn’t first used in the standard a patented, but defect, finite state machine, rather than a simple counting process. But standards committees have little incentives to minimize the impact of patents on their products. On the contrary. The standardization of file formats and computer protocols turned in the late 1980s into a very nasty game: every participant is now mainly interested in squeezing as many of their patented ideas into the resulting standard as possible. The JBIG1 standard is a good example of a technology that could have been made much simpler and a bit more efficient if the authors hadn’t had to justify to their employers the time spent on developing the standard with the prospect that users of the standard would have to pay licence fees.

The underlying problem is compatibility. If I had to implement an image compression technique, I could have come up with something much simpler than JBIG1, which may have required slightly more RAM, but would have been much easier to understand and possibly even compress slightly better. However, the result would have been incompatible with what international standards bodies had already agreed would have to be implemented in every new fax machine on the planet.

I had once hoped that JBIG-KIT would help with the exchange of scanned documents on the Internet, facilitate online inter-library loan, and make paper archives more accessible to users all over the world. However, the impact was minimal: no web browser dared to directly support a standardized file format covered by 23 patents, the last of which expired today.

About 25 years ago, large IT research organizations discovered standards as a gold mine, a vehicle to force users to buy patent licenses, not because the technology is any good, but because it is required for compatibility. This is achieved by writing the standards very carefully such that there is no way to come up with a compatible implementation that does not require a patent license, an art that has been greatly perfected since. The IT standards landscape is now littered with golden patent monsters, whose complexity and use of exotic techniques is hardly justifiable by technical benefits, e.g. radio communications standards and storage formats. Even the utterly archaic MS-DOS VFAT file system used on every USB memory stick still makes its inventors money, not because it has any inherent benefits, but simply because its patent owner made sure that their market-dominant operating system lacked support for any of the many simpler and more elegant alternative file systems that support long filenames without requiring a patent licence.

Thanks to the perverse marriage of patents and the standardization of computer file formats and network protocols, patents have now the opposite effect of what they were originally introduced for. Patents were meant to protect investors, such that they could justify the often large investment necessary to introduce a new technology on the market. The idea was to encourage innovation. In the field of standardized file formats and computer protocols, patents are now the main hindrance. Ideas that require hardly any measurable investment to be invented or implemented (a single “if” statement in a program!) earn more than 20 years of government-guaranteed monopolistic protection.

There is a simple solution: amend patent legislation such that no patent licenses have to be obtained solely for the purpose of compatibility. No patent licence should be required by law if a technology is used solely to enable communication with another information-technology product. I believe this would eliminate instantly the enormous threat that patents now pose to the progress of standardization and improved interoperability in our networked information society, without imposing unrealistic expectations on the process of examining and granting patents.

The practice of limiting the protection of a right holder to enable competitors “to achieve the interoperability of an indepen­dently created program with other programs” (EU Directive 2009/24/EC) has already been common practice in copyright legislation worldwide for many years.

It is time that we fix patent law in just the same way!

by Markus Kuhn at April 04, 2012 11:10 AM

Consumer Focus

Ofcom plans on 0800 number charging

Responding to Ofcom plans on simplifying 0800 and other non-geographic telephone number charging, Adam Scorer, Director of Policy and External Affairs at Consumer Focus, said:

‘Customers need to know upfront how much a call will cost. Complex and confusing charges are a huge bugbear for consumers and changes to make this part of the market simpler are long overdue. We would like to see them brought in as quickly as possible. 

‘Many consumers already assume 0800 numbers are free to call from both landlines and mobiles. So it can come as a nasty shock to mobile-users when they are billed for ringing an 0800 number. This could be particularly frustrating if they’ve been kept on hold or on the line for a long time when dealing with a complaint to a company, on a number that is described as “freephone”. 

‘Many households living on low incomes – who can least afford the charges – only have access to a mobile phone. They are hit hardest by the cost of 0800 numbers from mobiles.’

ENDS

by Pernille Thomsen at April 04, 2012 10:44 AM

* James Firth

'Maintaining' 'lawful' intercept capability

20 years ago I was a member of a social network. It was called the pub and it enabled like minds to interchange small talk, gossip and express political opinions.

I was also a member of a video-on-demand service called the video shop. At short notice, I could decide which film I wanted to watch, beg my Dad to lend me the car, and within 20 minutes there was a good chance I would be back home with a film to watch.

There was electronic mail, of sorts. I'd type letters on my Commodore Amiga, print them out on my new Canon BJ10 Bubble Jet printer, stuff them in an envelope, address it, stamp it, and stick it in the post box.

My newspaper was delivered by me, the local paperboy, and the only record kept of which paper I read was a hand-written delivery diary at the family-run shop where I worked part time.

When the Government talks about 'maintaining' interception capability they conveniently forget that the capability to monitor 'endpoints' - who talks to whom - never existed for most everyday interactions until very recently, when so much of our everyday activity moved online.

Now my social network is called Facebook and the Government wants to invent the capability of seeing who I write to, who everyone writes to, despite the absence of suspicion.

And, if suspicion should fall on you, they want to be able to see everything you do - in fact they can do this already, but that's another story and there are reasonable but secretive safeguards to help prevent abuse.

The new plans for mass internet monitoring and surveillance go way beyond any capability any government ever admitted to having before.

The information available without a warrant will include which newspapers I read online, which films I watch online (if URLs are to be captured, as rumoured) and everyone I communicate with - whether or not I am working as a journalist with an obligation to protect my sources, or working as a counsellor in sensitive areas, or organising a lawful political protest.

The Home Office insistence that these plans are maintaining a capability which is lawful today is a claim built on strata upon strata of sand.  Sand that the Government previously laid in the gradual erosion of our privacy because the internet has made it possible to gather so much more information than was previously available without  a large-scale surveillance operation 20 years ago, when most transactions were conducted in person.

It was decided that access to traffic data was not 'intrusive' back when many telephones still had a rotary dial.  Traffic data was collected as a necessary part of running a telephone network.

Now, to access what Home Office lawyers claim is a modern equivalent, networks need to be monitored with specialist software.  All internet activity needs to be intercepted in order to extract this context-sensitive notion of traffic data.

The lines between interception of content and traffic data are now so blurred they are useless.

We have moved from passive access to data already collected as part of running the network to active and intrusive gathering of new data not otherwise needed.

And this is being justified by reference to a layer of sand previously laid by the UK government when it lobbied Europe for the Data Retention Directive, forcing selected ISPs to gather and store some - but nowhere near all - of this data, just in case it needs it later.

Instead of making flawed analogies between online activity and the public switched telephone network it's time to rethink the boundaries where monitoring becomes intrusive.

It's intrusive to watch what websites I visit, who I message and where I'm located the vast majority of the time, unless perhaps when there's evidence that I'm suspected of a crime.

We need to stamp out a few government myths right now. Their plan to watch everyone, just in case someone does something bad, is disproportionate, of questionable legality and in no way maintains an existing capability.


@JamesFirth

by James Firth (noreply@blogger.com) at April 04, 2012 10:43 AM

Consumer Focus

Collecting and sharing credit reference information: The impact on energy consumer behaviour

We have been working with industry and other stakeholders to develop a better understanding of the current impact of using credit reference data and to encourage learning and sharing of best practice – for example in the way companies communicate the changes to their customers. 

As part of this work, Consumer Focus sought a better understanding of the potential impact that the increased collection and sharing of credit data might have on energy consumers. We were particularly interested in the possible behaviour changes or decisions that energy might consider making as a result of more credit reference information being accessed or shared by their energy supplier. 

This research was commissioned to inform our understanding of current consumer attitudes and feelings toward credit scoring and explore whether consumers think that they would behave differently if they knew that a company has moved to using more credit reference data.

by Alistair Moses at April 04, 2012 08:23 AM

Citizens Advice consumer service

The Citizens Advice consumer service  (launched on 2 April) provides free, confidential and impartial advice on consumer issues. Visit www.adviceguide.org.uk or call the Citizens Advice consumer helpline on 08454 04 05 06 (Welsh language service: 08454 04 05 05).

This service replaces Consumer Direct as part of the Government’s plans announced in Empowering and protecting consumers (June 2011) to simplify the ‘bewildering array of public, private and voluntary bodies, which often duplicate efforts to inform, educate and advise consumers of their rights.’

by Alistair Moses at April 04, 2012 08:12 AM

April 03, 2012

Index on Censorship

Morocco: Rapper arrested for critical lyrics

A Moroccan rapper and activist was arrested by security forces last week, following claims that one of his songs is offensive to a public institution. Megaz El Haked was summoned to a court on the charge of offending a public authority. Lyrics in in one of his songs criticising the political situation in Morocco were deemed to be defamatory.  The rapper and activist has been refused provisional release whilst he awaits his trial, which is expected to take place on 4 April. El Haked was imprisoned last year for four months on trumped-up charges, before being released in January 2012.

by Alice Purkiss at April 03, 2012 02:06 PM

Peru: Journalist’s defamation conviction overturned

A Peruvian appeals court has overturned a criminal defamation conviction against a journalist who reported on local corruption. The court found that the decision against radio journalist Teobaldo Meléndez Fachín contained “substantial errors” in the earlier conviction. The journalist was given a three year suspended sentence and a fine of around US $11,000, after reporting that a local mayor had misused a government loan of over US $2m. Fachín reported that local mayor Juan Daniel Mesía Camus used the loan for projects which benefited his political allies.

by Alice Purkiss at April 03, 2012 02:04 PM

Latvia: Journalist assaulted

The publisher of a Latvian news website was attacked last week. Leonids Jakobsons, owner of the independent news website Kompromat was attacked by at least two unidentified assailants, after the site published sensitive news stories. The publisher was attacked with a knife in the stairwell of his apartment building in Latvia’s capital Riga. He was admitted to hospital with bruises on his head and a 3 inch long cut to his cheek. Kompromat has reportedly published information on sensitive issues, including a probe into the attempted murder of a former customs official, and alleged connections between Latvia and the communities of Chechen people who live outside of Chechnya.

by Alice Purkiss at April 03, 2012 02:02 PM

Syria: citizen journalist detained, reportedly tortured

A Syrian citizen journalist who has been detained by authorities since Wednesday has reportedly been tortured during his arrest. Ali Mahmoud Othman, who ran the media centre in Baba Amr where Marie Colvin and Remi Ochlik were killed, was arrested and initially detained at a military intelligence unit in Aleppo. Over the weekend, he was transferred to Damascus. Sunday Times photographer Paul Conroy told Channel 4 news that Othman had been tortured during his detention. The continuing campaign against local and international press in Syria is believed to be an attempt to “systematically dismantle” the anti-regime “citizen journalist network”.

by Alice Purkiss at April 03, 2012 02:00 PM

Authorities ban books at Bahrain International Book Fair

Bahraini authorities banned several books from the country’s international book fair, which was held between 22 March and 1 April. The Press and Publications Directorate, which is affiliated with the Information Affairs Authority, banned and confiscated all copies of the book “Political organisations and societies in Bahrain”, co authored by journalist Abbas Almurshid and human rights defender Abdulhadi AlKhawaja, who is currently on hunger strike. Another book by Almurshid, “Bahrain in the Gulf Gazetteer” was also banned by The Press and Publications Directorate. Other books removed from the fair include the novel “Jazaweyat” by Saudi author Fahad Fatik and “Wahhabism” by Saudi author Miqat AlRajehi.

by Alice Purkiss at April 03, 2012 01:55 PM

Grit in the engine

Index first coverRobert McCrum considers Index’s role in the history of the fight for free speech, from the oppression of the Cold War to censorship online

In February 1663, the London printer John Twyn waited in Newgate prison for his execution, the unique horror of being hanged, drawn and quartered at Tyburn, the place known today as Marble Arch. This medieval agony was the recently restored monarch King Charles II’s terrifying lesson to his subjects: do not write, or print, treason against the state.

Even more cruel, Twyn’s offence was merely to have printed an anonymous pamphlet justifying the people’s right to rebellion, “mettlesome stuff” according to the state censor (the King’s Surveyor of the Press). No one suggested that Twyn had written this treason, only that he had transformed it from manuscript to print. Perhaps he hadn’t even read it. Never mind: he was sentenced to death.

Pressed both to admit his offence and reveal the name of the pamphlet’s anonymous author (and thereby save his own life), Twyn refused. In words of breathtaking courage that echo down the centuries, he told the prison chaplain that “it was not his principle to betray the Author”. Shortly afterwards, Twyn went to his doom. His head was placed on a spike over Ludgate, and his dismembered body distributed round other city gates.

Words can be weapons, and the pen challenges the sword. Writers, and printers, “the troublers of the poor world’s peace”, in Shakespeare’s phrase, have always seemed a danger to the state. Across Europe, for the first three centuries of the printing press, questions of religion and politics were usually settled by the authorities of the day with rare and explicit savagery. As John Mullan has shown in his excellent monograph Anonymity, the safest course for the dissident writer was a pseudonymous or anonymous cloak of identity.

Eventually, the Romantic assertion of the heroic individual’s place in the world at the beginning of the 19th century ended this prudent convention, but slowly. The scandalous first two Cantos of Don Juan were printed without naming either Lord Byron or his publisher, John Murray. Despite the risks, the poet soon found fame irresistible. “Own that I am the author,” he instructed Murray, “I will never shrink.” By the reign of the fourth George, Britain’s liberal democracy was never likely to eviscerate, hang or decapitate a transgressive writer, though some terrible penalties did remain on the statute book for decades to come.

Abroad in Europe, as repressive states, notably Tsarist Russia, grew harsher, the fate of writers worsened, but hardly varied. The essential predicament was unchanged from John Twyn’s day. Putting black on white, words on the page, as accurately and truthfully as one could, would never fail to make trouble with vested interests, arterio-sclerotic authorities and evil despotisms. Dostoevsky was marched before a firing squad, but reprieved. The distinguished list of writers, before the Cold War, who died for their art includes Osip Mandelstam and Isaac Babel, possibly the greatest loss of all.

Writers and despotic regimes

By the middle of the 20th century there was, in the words of Graham Greene, a fairly general recognition that “it had always been in the interests of the State to poison the psychological wells, to encourage cat-calls, to restrict human sympathy. It makes government easier when people shout Gallilean, Papist, Fascist, Communist.” In the same essay, on “the virtues of disloyalty”, Greene expressed the writer’s credo in an age of growing state control. “The writer is driven by his own vocation,” he said, “to be a Protestant in a Catholic society, a Catholic in a Protestant one, to see the virtues of the Capitalist in a Communist society, of the Communist in a Capitalist state.” Greene concludes this celebration of opposition by quoting Tom Paine: “We must guard even our enemies against injustice.”

Confronted by the intractable collision of the creative individual of fiery conscience with the frozen monolith of the powers that be, there is one essential question: What Is to Be Done? In 1968, the poet Stephen Spender, sickened and dismayed by reports of literary repression in Russia, Czechoslovakia, Greece, Spain, Portugal, Brazil and South Africa (as well as several recently decolonised African states), responded to the spirit of a revolutionary year. He decided to organise a fight-back, setting the pen against the sword, based in London.

George Orwell had already pointed out, in his 1946 essay “The Prevention of Literature”, that “literature has sometimes flourished under despotic regimes, but the despotisms of the past were not totalitarian”. In fact, it was the totalitarian regime of the USSR, and its trial of Yuli Daniel and Andrei Sinyavsky, that proved the tipping-point for Spender. He was joined by Pavel Litvinov, the Soviet scientist, dissident and human rights activist, who wrote an open letter asking if it might not be possible to form in England an organisation of intellectuals who would make it their business to publish information about what was happening to their censored, suppressed and imprisoned colleagues abroad. Litvinov was inspired by the fates of fellow Russians, but he insisted that such an organisation should operate internationally and not just concern itself with victims of Soviet oppression, though their plight was possibly the worst in those dark days of the Cold War.

Spender, who was exceedingly well-connected, organised a telegram of support in response to Litvinov’s appeal, signed by an awesome roll-call of the great: Cecil Day-Lewis, Yehudi Menuhin, WH Auden, Henry Moore, AJ Ayer, Bertrand Russell, Julian Huxley, Mary McCarthy, JB Priestley and his wife Jacquetta Hawkes, Paul Scofield, Igor Stravinsky, Stuart Hampshire, Maurice Bowra and George Orwell’s widow, Sonia. These, and subsequently many others, declared they would “help in any way possible”.

This initiative led, in turn, to the formation of the Council of WSI (Writers and Scholars International), whose founding members included David Astor, editor of the Observer, Elizabeth Longford, Roland Penrose, Louis Blom-Cooper and Spender himself. Index on Censorship was born when Michael Scammell, an expert on Russia, came up with the idea of founding a magazine. Thus was the ongoing battle for ‘intellectual freedom’ moved onto new terrain best suited to writers and scholars — the printed word published in a little magazine. Soon, the advantages and benefits of fighting oppression from a dedicated bastion of free expression became obvious to both sides, free and unfree alike.

A clarion voice in the fight for free speech

Index, whose first issue appeared in 1972, declared that its aim was to “record and analyse all forms of inroads into freedom of expression”. Further, it would “examine the censorship
situation in individual countries” and would publish “censored material in the journal”. In the long and bloody history of the fight for intellectual freedom there had been many impassioned statements of principle about the writer’s role as a piece of grit in the engine of the state. No one, however, had ever thought to jam a whole toolbox into the machinery of power, and place a fully-funded institution (such as WSI) in direct opposition to the repressive intentions of despotic regimes. This was the unique and historic importance of Index. But its success was not a foregone conclusion. Spender, its founder, was fully alert to the potential for windbaggery and failure inherent in such a venture. There was, he wrote, “the risk that the magazine will become simply a bulletin of frustration”.

Actually, the opposite came to pass. Index became a clarion voice in the cause of free expression. The abuses of freedom worldwide in the 1970s were so appalling and so widespread that the magazine rapidly found itself in the frontline of campaigns against repression and censorship in Russia, Czechoslovakia, Latin America and South Africa. Alongside Amnesty International and the PEN Club, Index gave vivid expression to the truth that “censorship” today takes many cruel forms: writers who are sent to labour camps, or blackmailed by threats to their families, or harassed into silence and isolation.

Perhaps the most important thing Index did, from the beginning, was to universalise an issue that was in peril of becoming a special interest: freedom was not “a luxury enjoyed by bourgeois individualists”. Along with self-expression, it was a human right, and an instrument of human consciousness that should be fought for worldwide.

Historically, the classic polemical statement against censorship, John Milton’s Areopagitica, a pamphlet against the Licensing Order of 1643, had focused on the English Parliament’s threat to a free press. Milton, writing in the midst of Civil War, was less worried about blood than ink: “Who kills a man kills a reasonable creature, God’s image,” he writes, “but he who destroys a good book, kills reason itself.” Three centuries later, Index would concern itself with both the breath of the oppressed writer but also the lifeblood of liberty, namely, free expression.

In an astonishingly short time, barely a generation, from 1972 to 1989, the magazine established itself as a force to be reckoned with. At first, it took up the issue that had inspired its beginnings: Soviet oppression. In defence of Alexander Solzhenitsyn, Index published part of a long, autobiographical poem, “God Keep Me from Going Mad”, composed in 1950-53 while Solzhenitsyn was serving a sentence in a labour camp in North Kazakhstan, the setting for One Day in the Life of Ivan Denisovich. This was followed by a scoop in 1973, the unexpurgated text of an interview Solzhenitsyn had given to AP and Le Monde in which the writer revealed that “preparations are being made to have me killed in a motor accident”.

Václav Havel, Solzhenitsyn and the Iron Curtain

The importance of this document, one of the writer’s very rare accounts of his predicament, is that it described in horrifying and particular detail the true nature of the Soviet regime’s campaign against him, especially the constant surveillance and the unrelenting menace of the state’s agents. Solzhenitsyn was also able to draw attention to the persecution of Andrei Sakharov. In the bleakest depths of the Cold War, taking up the cause of Russia’s dissident community made the difference between international recognition and utter oblivion.

As the magazine grew in confidence, it began to focus on other, related injustices behind the Iron Curtain, notably in Czechoslovakia (as it was). It was among the first to publish the banned playwright Václav Havel in English. In 1976, a retrospective on Czechoslovakia eight years after the Soviet invasion of Prague described how Havel was being “constantly harassed and persecuted by the authorities”, the beginning (as it turned out) of a long assault on Havel’s liberty.

When Charter 77 was formed the following year, Index became a vital link in the chain of communication between the samizdat literary community in Prague and the wider world. The exiled Czech journalist George Theiner, who succeeded Michael Scammell as editor, strengthened this link. Context and continuity, the steady accumulation of a body of work and opinion, are vital ingredients in any effective campaign on behalf of oppressed writers. Index now provided both a sober and authoritative framework for its protest and also, through the office in London, a team of journalists dedicated to monitoring the devious and sinister machinations of oppressive regimes worldwide.

In the 1980s, the magazine spread its wings. There were exposés of repression in Latin America and persecution in Africa (Kenya, Nigeria). Roa Bastos, who had suffered so badly in Paraguay, found a new champion. Nadine Gordimer, who had supported Index from the beginning, published a story about the romantic dilemmas of a secret policeman in South Africa. In Europe, Samuel Beckett became so engaged with the plight of Václav Havel that he dedicated a short play, “Catastrophe”, to his fellow playwright and allowed Index to publish it in its pages, another notable scoop. By the end of the 1980s, the idea of standing up for the abstract idea of ‘intellectual freedom’ by reporting censorship and publishing banned writing had become a recognised part of the common discourse within the libertarian community.

The influence of Index on the literary world has been at once subtle and impossible to overstate. In my mind, there is no doubt that its example became an inspiration to those British publishers, like Faber, Penguin and Picador, who (especially in the 1970s and 1980s) published banned or oppressed writers such as Milan Kundera, Václav Havel and Josef Skvorecky. The literature that came from behind the Iron Curtain added a new dimension to the reading of the West. Translations of novels like The Book of Laughter and Forgetting were so exceptional that the book would briefly become, ex officio, as it were, almost a part of the Anglo-American literary tradition.

The institutional importance of Index is hard to overstate because, in the words of André Gide, good sentiments do not usually generate good literature. Just because a writer is committed to fighting injustice in his or her society, there’s no guarantee that his or her work will have artistic value. But once the role of literature as “witness” is established in the minds of the public, it makes it more difficult to dissociate literary merit and the social or political value of the text. Index provided a forum for banned writers to demonstrate the role of literature, both good and less good, as unsubmissive, contrarian, transcendent and instinctively transgressive.

Perhaps it was as well that the Index model was so firmly set by Spender and its founders. After 1989, the strength and security of WSI (notwithstanding a constant search for sponsors) was crucial. The fall of the Wall and the disintegration of the Soviet Union gave every indication that the raison d’être of Index — opposing Soviet oppression — had been trumped by History.

New frontiers for free expression — and censorship

In fact, the reverse was the case. Writers and free expression continued to be persecuted worldwide. Russia did not cease to be despotic with the disbanding of the KGB. In some ways, the condition of everyday life for Russian writers grew significantly worse, and certainly far more dangerous. The war in Chechnya gave the authorities a new pretext to crush free journalism. Anna Politovskaya became just one of many who turned to Index to make her plight better understood in the West.

With the millennium, meanwhile, the rise of the internet and the IT revolution inherent in the development of digital communications offered a new challenge. The old barriers to state control were coming down. Frontiers that had once been impenetrable were suddenly porous. Secret policemen could continue to terrorise writers, printers and publishers, but it was much harder to stop the free flow of information on the worldwide web. What place would Index have in the new world order of “free” content shaped by Google, Wikipedia and Amazon? The answer, of course, is as a research institution, a memory bank and a continuing moral example, along with publishing online as well as in print.

Index in the new century has made the fight for “intellectual freedom” normative as well as liberating. WSI remains the tool of one very simple, good idea. Its historical board members are unchanged: Milton, Paine, Wilkes, Zola and, possibly, Orwell. Index knows that such an achievement is not lightly won. The history of state repression shows that the individual writer and artist and scholar is vulnerable on his own. He, or she, needs the committed support of independent organisations that cannot be crushed by state terror. Furthermore, the plight of writers especially should not be at the mercy of intellectual fashion or the caprice of a Twitter feed. Free expression needs its gatekeepers: publishers, editors, booksellers, and independent columnists. And this community needs a place to meet, a forum for ideas and debate. This is what Index provides. More serious than Twitter; better organised than Facebook, it’s a forum that can exploit the social media, but not become its prisoner.

In the 21st century, this can be virtual, articulated through Google or Wikipedia. But it also needs to be orchestrated by people, standing apart from fashionable trends, who understand the nuances of the fight for intellectual freedom and who know what they are talking about. This, in a sentence, is the unique Index proposition: ideas honestly and freely expressed and writers worldwide uninhibited by the censorship of the mind or tyrannical restrictions on the printed word.

This article appears in 40 years of Index on Censorship which marks the organisation’s 40th anniversary with a star line-up of the most outstanding activists, journalists and authors
Click here for subscription options and more

Robert McCrum is an associate editor of the Observer. He has been a member of the advisory board of Index on Censorship since 1983

by Robert McCrum at April 03, 2012 09:00 AM

Bahrain: Journalist Ahmed Ismael Hassan al-Samadi dies as violence continues

A citizen journalist who was shot during a peaceful protest in Bahrain has died in hospital. Ahmed Ismael Hassan al-Samadi was shot in the thigh whilst filming tear-gas being fired on protesters near Bahrain’s capital. It is believed al-Samadi was targeted for having a video camera, by armed men who were accompanying security forces. Violence has intensified in Bahrain in the run up to the Grand Prix, which will take place later this month.

by Alice Purkiss at April 03, 2012 08:57 AM

ORG Blog

Surveillance plans: key questions

ORG has been following the CCDP plans for two years, as they have crept up through policy papers, government statements and budget plans. Consistently, but ineffectively, the government has tried to deny that the plans are problematic.

However, we do believe the plans may be changing in significant ways. There is a probable shift to asking Internet service companies like Google for swift access, rather than collecting all of the data through ISPs.

Let’s examine some of the key questions. (See PI's blog and FAQ as well)

1 Lack of warrants for communications data

Communications data in the UK is produced through authorized requests by trained police officers. No judge, court or warrant is required. Traditionally, the claim has been that “communications data” is pretty trivial. But as more and more data amasses, it is actually very intrusive and highly revealing.

Don’t be fooled. The current system of simple police self-authorized requests is very poor, and new access to more data demands higher safeguards: that is, going through a court.

2 “We’re just maintaining capacity”

This is the extraordinary claim that the security services are making. That much more of our lives are online, that this information maps our whole histories and social lives, that this is different from a record of phone call we made seems to be evading the security services.

Requests for communications data now represents a very high level of surveillance, and as such should be governed by courts, not the police, and certainly should not be available through automated systems.

3 Will the government go to Facebook and Google directly, in “real time”?

Increasingly, it seems that the plans are changing, so that the government will go to the companies to get the data from them, maybe in “real time”. Thus, with even lower barriers, huge amounts of data could be given to police from extremely detailed social maps that we have voluntarily created.

In the USA, Google and Facebook are campaigning for much tighter controls than the judicial authorizations that are already required. Do their UK customers really deserve less protection?

4 What about encryption?

Nobody yet has suggested that the government breaks encryption to read the communications data they claim to want access to. Yet that is the logic of the path they are suggesting, especially as sites will be very keen to encrypt if the government is reading the traffic. Encryption is a vital tool for commerce and business

5 Will it work?

Nobody really seems to think it will work. The need to investigate real offences of course could be dealt with through the courts. But gathering masses of data, or making it extremely accessible, seems to introduce risks without real benefits.

6 What about trust? And the economy?

The priority of this government is economic growth. The Internet economy is actually growing. Yet it depends on trust. Declaring a surveillance culture to be integral to the Internet will keep people away from the Internet and undermine our trust. if the government seeks to break encryption, this will be even more dangerous, as banking and other information could be made vulnerable.

But even more than that, the £2bn price tag, which will almost certainly prove to be too little, is money that will not contribute to economic growth. Investing in mass surveillance tools will not deliver growth, and will not tackle crime.

by Jim Killock at April 03, 2012 08:32 AM

April 02, 2012

ORG Zine

The ghost of cash

"It's not enough to speak well of digital money," Geronimo Emili said on Wednesday. "You must also speak negatively of cash." Emili has a pretty legitimate gripe. In his home country, Italy, 30 percent of the economy is black and the gap between the amount of tax the government collects and the amount it's actually owed is €180 billion. Ouch.

This sets off a bit of inverted nationalist competition between him and the Greek lawyer Maria Giannakaki, there to explain a draft Greek law mandating direct payment of VAT from merchants' tills to eliminate fraud: which country is worse? Emili is sure it's Italy.

"We invented banks," he said. "But we love cash." Italy's cash habit costs the country €10 billion a year - and 40 percent of Europe's bank robberies.

This exchange took place at this year's Digital Money Forum, an annual event that pulls together people interested in everything from the latest mobile technology to the history of Anglo-Saxon coinage. Their shared common interest: what makes money work? If you, like most of this group, want to see physical cash eliminated, this is the key question.

Why Anglo-Saxon coinage? Rory Naismith explains that the 8th century began the shift from valuing coins merely for their metal content and assigning them a premium for their official status. It was the beginning of the abstraction of money: coins, paper, the elimination of the gold standard, numbers in cyberspace. Now, people like Emili and this event's convenor, David Birch, argue it's time to accept money's fully abstract nature and admit the truth: it's a collective hallucination, a "promise of a promise".

These are not just the ravings of hungry technology vendors: Birch, Emili, and others argue that the costs of cash fall disproportionately on the world's poor, and that cash is the key vector for crime and tax evasion. Our impressions of the costs are distorted because the costs of electronic payments, credit cards, and mobile wallets are transparent, while cash is free at the point of use.

When I say to Birch that eliminating cash also means eliminating the ability to transact anonymously, he says, "That's a different conversation." But it isn't, if eliminating crime and tax evasion are your drivers. In the two days only Bitcoin offers anonymity, but it's doomed to its niche market, for whatever reason. (I think it's too complicated; Dutch financial historian Simon Lelieveldt says it will fail because it has no central bank.)

I pause to be annoyed by the claim that cash is filthy and spreads disease. This is Microsoft-level FUD, and not worthy of smart people claiming to want to benefit the poor and eliminate crime. In fact, I got riled enough to offer to lick any currency (or coins; I'm not proud) presented. I performed as promised on a fiver and a Danish note. And you know, they *kept* that money?

In 1680, says Birch, "Pre-industrial money was failing to serve an industrial revolution." Now, he is convinced, "We are in the early part of the post-industrial revolution, and we're shoehorning industrial money in to fit it. It can't last." This is pretty much what John Perry Barlow said about copyright in 1993, and he was certainly right.

But is Birch right? What kind of medium is cash? Is it a medium of exchange, like newspapers, trading stored value instead of information, or is it a format, like video tape? If it's the former, why shouldn't cash survive, even if only as a niche market? Media rarely die altogether - but formats come and go with such speed that even the more extreme predictions at this event - such as Sandra Alzetta, who said that her company expects half its transactions to be mobile by 2020 - seem quite modest. Her company is Visa International, by the way.

I'd say cash is a medium of exchange, and today's coins and notes are its format. Past formats have included shells, feathers, gold coins, and goats; what about a format for tomorrow that printed or minted on demand, at ATMs? I ask the owner of the grocery shop around the corner if his life would be better if cash were eliminated, and he shrugs no. "I'd still have to go out and get the stuff."

What's needed is low-cost alternatives that fit in cultural contexts. Lydia Howland, whose organization IDEO works to create human-centered solutions to poverty, finds the same needs in parts of Britain that exist in countries like Kenya, where M-Pesa is succeeding in bringing access to banking and remote payments to people who have never had access to financial services before.

"Poor people are concerned about privacy," she said on Wednesday. "But they have so much anonymity in their lives that they pay a premium for every financial service." Also, because they do so much offline, there is little understanding of how they work or live. "We need to create a society where a much bigger base has a voice."

During a break, I try to sketch the characteristics of a perfect payment mechanism: convenient; transparent to the user; universally accepted; universally accessible and usable; resistant to tracking, theft, counterfeiting, and malware; and hard to steal on a large scale. We aren't there yet.

Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series.

by Wendy Grossman at April 02, 2012 07:37 PM

* James Firth

Equalities and Human Rights Commission:web monitoring potentially incompatible with the right to privacy


Organisation: Equality and Human Rights Commission

Source: Press Releases

Date: 02.04.12

A commission spokesperson said:

"The Government's email and web monitoring plans would potentially be incompatible with the right to privacy of many ordinary people in the UK.

"The Commission's own research last year into information privacy concluded that there was a lack of  proper regulatory oversight and too much conflicting  legislation,  all of which fails to provide adequate protection for citizens and their private information.

"We found that the way the government and its agencies collect, use and store personal data is not respecting people s right to privacy. However, because of the complexity of the current laws,  obligations are unclear and authorities may be unaware they are breaking the law.

"These issues need properly addressing rather than introducing new proposals which further reduce people's rights to privacy."


@JamesFirth

by James Firth (noreply@blogger.com) at April 02, 2012 06:59 PM

Government internet snoop plans in a small a nutshell as I can manage


Communications Capabilities Development: Mass Internet Interception and Surveillance Programme

Yesterday's announcement on the Government's new internet snoop plan (a re-hash of something Labour twice tried to introduce under the title 'Interception Modernisation Programme') comes as no surprise to me, since I broke the story last year on 10th December.

To explain what the government is trying to do you need to know 3 things:
  1. Information about electronic communications are by UK law separated into 2 categories. Traffic data and content.  Traffic data is defined in the Regulation of Investigatory Powers act as information such as who you're communicating with, for how long, etc, plus location data. The content of communications is what you're writing or saying. 
  2. Government, police and even local authorities (although a magistrate will soon have to approve for local authorities) can access 'traffic data' records from your telephone or internet service provider without a warrant. Requests are signed-off by a mid-ranking officer in the force or department making the request.
  3. Access to content is harder and requires an interception warrant ultimately approved by the Secretary of State, police Chief Constable or a few other designated senior authorisation officers.  All authorisations are overseen by the Interception of Communications Commissioner
In a nutshell, the Communications Capabilities Development Programme as described to me will have the effect of downgrading content into traffic data, thereby allowing the government, police, security services and local authorities to milk far more private information from our internet activities without need for a burdensome interception warrant.

'They' want to know who we're talking to, when and how often, to keep us all safe. 

The problem for the UK government is that we're all talking to people using a wide range of platforms which include e.g. overseas email services, non-UK gaming platforms, social media, whatever.  Unless these companies cooperate, the UK government can't get what it sees as traffic data from them.

Traffic data is a legacy concept not for the internet age

Confusion comes about because traffic data is a legacy concept not fit for the internet. When telephone networks were computerised in the 70s and 80s suddenly a lot more data was available to law enforcement.  

This data was captured for genuine purposes (billing) and it seemed reasonable that the police could access these records. Whether or not they should be obliged to seek a warrant from a court to access this data was a hot debate when the Regulation of Investigatory Powers Act was drafted in the 90's and very early 00's.

The internet messed up the neat distinction between traffic data and content.  To my ISP the traffic data is simply my computer talking to Yahoo! servers. To Yahoo! the traffic data is whom I'm sending my email to.  Similarly for direct messages on Twitter, Facebook or any other messaging service.

Moreover my ISP has no genuine reason to store this information since it is not billing me per visit.

Because law enforcement had relatively easy access to such data from telephone networks for a relatively short time - around 25 years from the mid 1980's to now, when many people rarely use phones to make a voice call - it wants this capability back.

Turning content into traffic data

The proposal is essentially to install a new network of 'little black boxes' (on top of the existing network used for what is known as 'directed surveillance').  These boxes will scan all internet activity to look for what government lawyers believe can be disclosed as traffic data.

These boxes will use an algorithm to perform the intrusive surveillance, but only output what the government claims is the less-intrusive part.

But as our use of communications technology has evolved, even traffic data is now incredibly intrusive. We interact many hundreds of times more each day, but say less; and the traffic data says so much more about our personal likes and dislikes: the websites we visit, where we shop, which films we view.  It's time to rethink the legal distinction, not invent technology to get around the existing legal safeguards.

I'm also hearing very worrying noises from Conservative party sources. Once installed, these boxes could be re-purposed - given an appropriate act of parliament - to implement secret blocking orders against overseas websites.

My source claims these blocking provisions could be enacted late on in the development of the Communications Bill around 2014.  Such moves will be seen as more palatable if the cost of installing the technology was already borne by earlier legislation.

As for the surveillance aspect there's already a spanner in the works as, since this plan was formulated 5 years ago many websites such as Facebook, Twitter and Gmail allow access via secure HTTPS communications.

The government used to have in theory had the capability to monitor HTTPS (clarify: by exploiting  procedural weaknesses in the SSL certification chain), although not without potentially alerting a tech-savvy operator. Moves by Google and Mozilla to rethink who we trust to issue SSL certificates will thwart this particular man-in-the-middle attack vector but that doesn't mean there aren't others.

My biggest worries are that this approach to scan and interpret the content of our communications will be open to abuse, will yield results for only minor offences and mid-level criminals, will place an emphasis on capabilities-based policing when what the internet sorely needs is a community or consensual-based approach to policing (as any good neighbourhood cop knows), will lead to a costly arms race as new services launch that attempt to evade monitoring, and will create a security back-door for our entire communications network that ultimately will reduce not improve our cyber security.

Part 2: we must not allow the government to back-door our entire communications infrastructure.

@JamesFirth

by James Firth (noreply@blogger.com) at April 02, 2012 04:44 PM

Consumer Focus

New-look Energy Performance Certificates

Consumer Focus welcomes the new-look Energy Performance Certificate announced today, Liz Lainé, energy expert at Consumer Focus, said:  

‘The new simpler and less-technical design of the EPC should help house-hunters to choose cheaper-to-run homes. It will also enable home-buyers to more easily identify how they could make their homes warmer and cut their bills at the same time. 

‘As energy prices rise, and the need to reduce our carbon emissions continues, it is hugely important that consumers are helped through every means possible to cut their energy use and slash their bills. So this is a welcome move from the Government. 

‘We would encourage customers to use these new-look EPCs to weigh-up the costs of running their potential new home, as part of their decision on whether to buy or rent and, if they are buying, to make improvements when they move in’.  

‘We also urge people who think energy efficiency measures might help to cut their bills, to find out about the free and discounted deals and grants currently available. Major energy firms are offering free or cut price insulation. But these offers run out at the end of the year, as does the Warm Front Grant – which can help households on low incomes to make heating and energy efficiency changes. So it pays to put in a claim now.’  

Consumer Focus is very pleased that the Government has taken up the watchdog’s recommendations on how to make Energy Performance Certificates work better for consumers. Please see our report ‘As Easy as EPC?’, for further background. 

Consumers who want energy efficiency measures installed, can call the new Energy Savings Advice Service on 0300 123 1234 to find out what deals are available in their area

Any consumer who does not want information about energy efficiency measures that can save them money, can opt-out online at: https://www.epcregister.com/opt-out/oo/  or write to the Department for Communities and Local Government.

ENDS

Notes to editors: 

  • Information about the discounted or free insulation deals available can be found directly from each energy firm (contact details below). 

British Gas – 0800 980 8177
E.ON – 0800 479 0162
EDF Energy – 0800 096 9966
npower – 0800 02 22 20
ScottishPower0845 2 700 700
SSE – 0800 072 7201 

  • People can also contact the Home Heat Helpline on 0800 336699 or Energy Saving Trust on 0800 512 012 for advice on saving energy and grants and schemes available to help make your home warmer and save you money.
     
  • Warm Front provides qualifying households with improvements worth up to £3,500 (£6,000 where oil central heating and other alternative technologies are recommended). Full details of who can claim help under the Warm Front scheme and how to apply are available on Directgov – www.direct.gov.uk/warmfront People can apply for the scheme online, by post, or by phone on 0800 316 6004 (or textphone 0800 072 0156), Monday to Friday 8.00 am to 6.00 pm and Saturday 9.00 am to 5.00 pm.

by Pernille Thomsen at April 02, 2012 03:24 PM

Index on Censorship

Northern Ireland Police threaten academic freedom

 As a crucial legal battle comes to a head, Anthony McIntyre explores the contempt for academic research and protection of confidential sources behind the courtroom drama

This Wednesday in a Boston courthouse a crucial legal battle will be played out. It is a consequence of the Police Service of Northern Ireland’s (PSNI) contempt for academic research and the protection of confidential sources. While the “troubles” in the North of Ireland may be over for most people, the PSNI is one state agency determined to poke at the hornets’ nest that is the region’s politically violent past. In doing so it displays wanton indifference to the caution urged by amongst others Sir Kenneth Bloomfield, a former head of the Northern Ireland Civil Service and current head of the Independent Commission for the Location of Victims’ Remains, who warned that investigating the past “would blow apart the degree of consensus we have achieved.”

At the heart of the upcoming courtroom drama is an oral history project commissioned by Boston College between 2001 and 2006. Its aim was to enhance awareness of the long running violent political conflict in Ireland. It sought narratives from republican and loyalist activists who could offer unrivalled insight. It promised that all the material archived would be securely deposited in Boston College where it would remain inaccessible in all circumstances unless prior approval was given by the donor or the storyteller died.

The extent to which the PSNI is successful in its attempt to seize academic research will prove ruinous to public understanding of the Northern Irish conflict. It will drain the pool of knowledge that society may draw upon in order to keep itself better informed. The judicial outcome in a Boston courtroom will determine the ability of non-state actors, principally, academics, journalists and historians to collate information crucial to a more rounded public understanding. In the words of a prominent civil liberties lawyer in the US the move “could forever chill groundbreaking and important research.”

As it turned out Boston College, despite being equipped with a law school, was not on firm legal ground in issuing such promises of confidentiality, although nothing it drew up in its donor contract suggested that. Worse still, when it came to the crunch, the college — in an act of institutional deference to authority — was found to be afflicted by a fortitude deficit. In order not to offend the US Justice Department, it moved to abandon its own project, along with the researchers it commissioned and the research participants to whom it had promised the “ultimate power” of discretion over the use of their donations.

In May last year the PSNI applied through the Mutual Legal Assistance Treaty to US authorities to subpoena part of the archive ostensibly as part of an investigation into the 1972 killing and disappearing of Belfast woman, Jean McConville. A killing that the Northern Irish police force in all its guises failed to investigate in almost four decades. Historian Chris Bray, writing in the Irish Times, stated that “quite literally, not so much as a local patrolman ever bothered to type up a pro-forma report on McConville’s disappearance; the filing cabinet was nearly empty.” As a result the suspicion is being aired in many places that the real motivation behind the subpoenas is one meant to embarrass or prosecute Sinn Fein president Gerry Adams who, according to the Irish Times, has been accused by some of the Boston College research participants “of giving the order to kill McConville, a charge Adams categorically denies.”

In this precarious business it has not gone unnoticed that the Police Service of Northern Ireland, under its old name the RUC, was heavily involved in a dirty war often waged in the shadows. Its Special Branch was involved in a range of activities including killings. The Northern Irish police has a long history of torture, abuse and collusion with loyalist death squads. Like the British state it served, it was a key player in the conflict. Very few police members have been brought to book. It is unlikely that they ever will. There is a professed willingness on the part of the PSNI to pursue all leads … except those leading back to the British state.

This flags up one of the murky issues at play in the case. It is the problem of law enforcement agencies being used to prise open a past when much of the problems of the past were caused by law enforcement agencies. Because no law enforcement solution to the conflict was considered possible, a political one was devised that in many senses by-passed law enforcement or relegated in significance its contribution to a solution.  The jails previously packed by law enforcement measures were emptied of conflict prisoners as the North marched into the future and away from its past. Now we have law enforcement trying advance its own agenda under the camouflage of “rule of law”, feigning a concern for victims so that it may selectively and tendentiously mine the past.

The PSNI action in seeking access to the Boston College oral history archive, so that it might plunder it for material useful to prosecutions, has serious consequences for the production of knowledge. It is now likely that a diminution in information will flow to journalists or academics for fear that the State might insist on access to what is collated for purposes of criminal investigation. The action throws a chill of censorship over the societal acquisition of vital knowledge. By seeking to colonise academic research for its own narrow objectives, law enforcement is forcing academic study off the field of play leaving our comprehension of the past in the hands of law enforcement which has at all times sought to airbrush its own invidious role out of the historical record.  Hardly a satisfactory outcome.

This assault on academic freedom  will have a deleterious impact on public understanding and will  stymie public debate. As Harvey Silverglate and Daniel R. Schwartz argued in Forbes Magazine “academics play an important role in society for the enlightenment of current and future generations; they are not mere detectives bedecked in tweed and working for governments…”

Anthony McIntyre was one of the Boston College researchers who along with colleague Ed Moloney is currently fighting to have the subpoenas quashed. McIntyre is a former Republican prisoner

 

by Anthony McIntyre at April 02, 2012 02:57 PM

Consumer Focus

Ofgem energy complaints research

Responding to Ofgem’s new complaints research, Audrey Gallacher, Director of Energy at Consumer Focus, said: 

‘It’s positive that there has been some improvement in how customers’ energy complaints are handled. However there is still a very long way to go – with around half of consumers dissatisfied. The energy industry routinely tops the charts as the sector least trusted by consumers and the customer service they receive is a significant factor in this. 

‘It is unacceptable that many customers have to go through a long, drawn-out process to get their problem resolved. There must be clear progress on this from suppliers. Ofgem has outlined moves needed by suppliers and the regulator must now ensure these improvements are delivered. Strong guidance is also needed from Ofgem on the complaints data energy firms compile, to get a truly accurate picture of how the complaints process is working.’ 

‘Customer satisfaction with how complaints are handled is low across a whole range of industries and the same problems are seen over and over again. Companies must remember that many people view how a firm handles their complaint as a sign of how valued as they are as a customer – so it is essential to deliver on this key issue.’ 

ENDS

by Pernille Thomsen at April 02, 2012 01:56 PM

* James Firth

Do not allow the government to back-door our entire communications infrastructure

Communications Capabilities Development: Mass Internet Interception and Surveillance Programme

My earlier description of CCDP explains how the government proposes to introduce warrantless mass surveillance by downgrading much of our internet activity from content to traffic data.

Despite what many readers may instinctively think, my objections to this internet monitoring plan aren't primarily rooted in generalised notions of civil liberties such as privacy.

Costly unsustainable capability-based policing must not come at the expense of consensual community-based online policing.

I think the proposal is disproportionate with questionable benefit. Serious criminals, terrorists and state actors will up their game, rendering much of this surveillance useless. Telephone and mail interception didn't stop the terrorists of the 70's, 80's and 90's.

MPs may feel compelled to act, for if they don't and something bad happens, questions will inevitably be asked why this type of surveillance wasn't installed.

And herein lies a problem as no-one will know if mass surveillance would have stopped it.

But we already have a good idea of the price of surveillance.  Greg Callus wrote an excellent piece in light of the Leveson inquiry, detailing how we're struggling even today to stop enterprising criminals selling access to our private communications.

I have three further worries. There will be a costly arms-race, I have no doubt of that.  Only the manufacturers of surveillance equipment can possibly benefit.

Plus, back-dooring our entire communications infrastructure creates a cyber security risk.  Yes, that's right, a risk.  The claim that such monitoring will help the good guys is based on a premise that only the good guys will have access to it.  (If you haven't already, do go and read Greg's piece.)

Anyone who claims a system is 100% secure is either deluded or lying.  And the more people involved, the more private companies involved - surveillance equipment manufacturers and private ISPs - the greater the chance that the system will leak or be cracked.

I firmly believe that privacy is actually an enabler for cyber security. It encourages us all to act responsibly and autonomously, reduces the amount of exploitable sensitive data on the network and and minimises what system designers call "common-mode weaknesses" in the network.

And I'm worried that the focus on capabilities-based 'behind the scenes' intrusive policing will come at the expense of developing a far more effective and sustainable consensual-based policing approach for online spaces.

Surveillance and monitoring encourages cops to dig around in the bowels of the internet to find the crooks, rather than developing cyber-detective skills which in reality are nothing more than traditional detective skills transposed into the digital space.

Delving around behind the curtains is not sustainable because crooks quickly learn not to leave evidence there.

Every police force needs a substantial new division of cyber detectives, people tasked to understand not just the technology but motive, culture, who's who in online communities, what are the current tools of the criminal trade.

People on the internet are just people.  They slip up, they make mistakes. Anonymous are not anonymous but pseudonymous, and this is important.

Yes, a large proportion of anons are not criminal. But the few that are rely on pseudonyms in order to build a reputation. A reputation which acts as a currency for acceptance with other criminals.

But loose collectives of cyber criminals rely on open spaces to congregate and find each other. Their pseudonyms are both necessary and a weakness. Pseudonyms allow good cyber detectives to build a profile without resorting to intrusive mass surveillance.

The online space is just a community of people like any other

Any good neighbourhood cop, such as Surrey's top neighbourhood cop Chief Superintendent Gavin Stephens will tell you that policing a community is a delicate balance. An absence of authority can in some cases make people feel more secure, and in other cases less.  A police presence can reassure or unnerve, and police forces have learned over centuries to strike the right balance.

The internet is just a community space and people on the internet are just people.

Yes I expect police and government to have access to powerful tools as and when needed.  But we have learned from real-world policing that guns - things in the UK the average guy on the street doesn't have access to - aren't for the most part required for maintaining general order.

Having a largely unarmed police force prevents an arms race with criminals. Having an approachable neighbourhood police presence helps the police harness community good-will.

We the online community might be happy to help police the online space if we could trust that the authorities were acting in our best interests, not falling over themselves to censor, contain and control the online space.

Achive: more from me on communities, policing, security and open versus closed.

@JamesFirth

by James Firth (noreply@blogger.com) at April 02, 2012 01:23 PM

Security versus freedom, open versus closed

I was shocked and delighted to attend a cyber security summit where delegates didn't focus solely on control mechanisms to provide a secure online environment.

I've never been an out-and-out "hands off the net" activist, my background in communications security working at Motorola and, before that, a private military research company helps me see how formal control structures are helpful in thwarting some threats.

But I'm worried when expensive and intrusive mass surveillance and control systems are heralded as the mainstay in protecting society from any number of threats.

I'm worried because the value of such systems is yet to be proved - especially since technology is evolving so quickly.  Keeping internet control and surveillance systems up to date will likely descend into a costly arms race.

I'm worried that a focus on such systems could come at the expense of developing community approaches to policing and enforcement - traditional methods translated into the digital space.

Cyber detectives hunting cyber criminals, and doing this using the internet in the "normal way" rather than trying to hook in to the fabric of the internet to create a capability that the good guys have and the bad guys don't have.

Capability-based policing will always rely on a power imbalance and is a long way from how traditional policing methods have evolved in democratic countries: consensual policing.

And I'm worried that a "closed" approach to security will not yield stronger systems in the same way that private encryption algorithms often prove weaker in the long term than public ones.

Whilst this defies common sense - if your attacker knows how you're encrypting he or she can reverse engineer - cryptographers know the opposite to be true: if your algorithm is "out there", the world + dog is trying to break it.  World + dog tend to be quite noisy when they do break something, so you're sure to know about it.

The cryptographic algorithms that survive are either secure, or take the computing resources of a nation state to crack. The sheer effort needed to crack encryption makes the nation state threat irrelevant to all but the most high profile of targets.

Yes it's worrying from a privacy perspective, but there's also a finite limit to the number of communications that can be cracked, meaning encryption can offer a safeguard against the mass generalised surveillance people fear.

Also, as cryptographic history has shown, where nation states do have access to a vulnerability no-one else does, they tend to use it wisely for fear of tipping the enemy to the vulnerability.

With privacy in particular, rather than being at odds with the aims of securocrats it can actually be an enabler for cyber security, as explained in my blog here.

"Economic harm"

Another trend picked up on by some civil rights lobbies is the tendency of governments to bundle economic interest of the nation with national security.

On one hand it's understandable that economic systems such as banking and stock markets are just another piece of our "critical national infrastructure" without which society would struggle to function and citizens would suffer.

On the other hand there is a temptation to misuse the "economic harm" argument and conflate the financial performance of a corporation or group of companies with general economic harm.  Once the state starts propping up preferred economic interests at the expense of others there's a problem.

Anyhow, it turns out there's an "economic harm" argument in support of freedom as I blogged about in Trust bubbles: how security, trust and economic prosperity are interlinked.

Essentially societies which have a high degree of what researchers call 'generalized trust' - essentially trust in strangers - have a higher GDP.  There is a link between trust engrained in society and economic prosperity.

In Trust bubbles I explore the drive to create technical solutions to allow strangers to trust each other online, such as customer review/feedback indicators, and offer the premise that society still needs a foundation of generalised trust to enable economic growth.

And generalised trust essentially comes about from strong foundations such as law & order, a sense of civic responsibility and internalised motivation for citizens to do the right thing.

I don't believe this can be replaced with a technical solution, and unless that solution is perfect it will actually damage our economic prospects rather than help as it will end up encouraging distrust in strangers outside the "trust bubble", essentially creating the online equivalent of a closed community.

The solution to improving online trust and hence economic output will lie in building strong foundations that encourage trust between strangers.  That essentially is enforcing the rule of law and maybe building a few safety nets rather than controlling everything.

Starting off from a position of distrust as many security policies seem to do can only push things in the opposite direction, discouraging "bare trust" outside of the trust bubble and hurting innovation.

@JamesFirth

by James Firth (noreply@blogger.com) at April 02, 2012 01:21 PM

Has UK gov notified EU of regulatory changes to electrical safety ("Part P") before consultation has closed?

What does it take to be a policy geek? Well for one you stay glued to the various EU/EC mailing lists.

And this morning I was catching up with some non-telecom notifications and I spotted this in the EC Enterprise and Industry notification database: Changes to Part P (Electrical safety - Dwellings) of the Building Regulations. The draft text is visible from this link.

Why is this relevant? Well the text was submitted to the EC on the 13th February 2012, but the government consultation on these changes doesn't even close until next month!

Has the government presumed the outcome of both a public consultation and Parliamentary Select Committee inquiry?

In total, the UK government submitted draft changes to six sections of the building regulations  (parts A, B, C, L, P, K) on 13th February before a parliamentary select committee inquiry into changes in building regulations even took its first evidence on 20th February.

As discussed on this blog in relation to 2 remaining pieces of legislation required for the file sharing clamp-down under the Digital Economy Act, the UK government must notify Brussels under the 'Authorisation Directive' (98/34/EC) of upcoming changes to 'technical standards'.

The purpose of notification is to give visibility to suppliers throughout Europe of upcoming changes to UK regulation so that they may plan for the change or object on the grounds that the change will affect free trade across Europe.

As revealed on this blog, even strongly pro-Europe MPs are concerned that in theory the notification requirement can lead to a deadlock between the UK government and Europe, with the EU vetoing a bill after Parliament has passed it.

So it makes sense for draft legislation to be notified before final vote in Parliament. But that assumes Parliament won't try and amend regulations, for if they do, then the amendments will need to be re-notified to Europe. Each re-notification causes a 3-month standstill period which could delay urgent legislation.

But in practice this rarely (if ever) happens and it seems absolutely absurd to notify the European Commission of changes before a Parliamentary Inquiry and public consultation has even closed, never mind reported on recommendations.

It certainly looks to an outsider not involved in this sector that the Government has made up its mind ahead of the public consultation, and in a highly public way, which could leave the relevant ministerial decisions further down the line open to judicial challenge.

@JamesFirth

by James Firth (noreply@blogger.com) at April 02, 2012 01:21 PM

Our standardised privacy policy project is not an exercise in iconography

More than icons
TM. A visualisation of Privacy Footprint, part of the proposed standardised personal data scheme.  
I've spoken to a quite a few people about our plan for a suite of standardised privacy policies. Whilst about 70% of people are enthusiastic of our plan (non-scientific study!), inevitably many tend to focus solely on the icons, and at that point tell me either (a) it's been tried before (yes, I know) or (b) it won't change user behaviour.

Here's a quick response: our proposal is not primarily about icons.

And here's a fuller response...

My perspective on the Mozilla Privacy Icons project: it attempted to graphically represent all the ways that data could be used or shared, and capture this in an icon.

In some respects the Mozilla privacy icon project is a graphical progression of P3P, the compact privacy policy project. Both approaches are looking at privacy perhaps as a software engineer would.

Where we - as in Julian Ranger and myself at Open Digital - are coming from is somewhat different.

We're not trying to encode a complex amount of information into an icon.

Instead we're creating a series of say 6-7 standardised privacy policies which become gradually more private so that users may easily compare like-for-like services to find which take data protection more seriously than others.

As an engineer myself there is a temptation to see this as a technical problem. But it's not - it's a social problem and an economic problem, caused by the massive increase in capability brought by technology and the commercial value in personal data today.

We can either try and fix the socioeconomics or attempt to control the technology to regulate the resultant data.  Neither is an easy challenge, but I prefer the former over the latter.

Our scheme, instead of trying to offer a diverse range of visualisations to accommodate a diverse number of data-sharing practices, defines a handful of policies based on best-practice.

We hope these policies will help users understand what is being done with their data. They don't have to read every privacy policy, they just have to familiarise themselves with half a dozen standardised policies.

Our aim is to provide a driver for minimising the use of personal data, improving the storage of personal data and promoting the ethical use of personal data.

Our 'most private' licenses will require data to be stored securely within a system which is designed to be private.  Their use may mandate the conformance to other emerging standards such as private by design.

Above this there will be a range of less-private options, showing data may be shared with selected businesses.

And then the most open license.  I use license and privacy policy interchangeably as I see you being the licensor for your data. You decide what can and can't be done with the data, and any contract you sign up to must be clear as to what rights you grant others to use your data.

Icons are used in place of e.g. a simple numerical scale of 1-7 to aid visual recognition - a mixture of endorsement (certification marque) and visual guide.

Sure there will be businesses who don't want to be boxed in to our scheme. They will want to differentiate themselves.

But I sincerely believe there will be a push from users who want clarity. They want to understand what they're signing up to.

There are two unanswered questions. (1) can a suite of standardised licenses and associated iconography impact user behaviour and (2) will sufficient businesses adopt the scheme.

To answer these questions we first propose two studies. A socio-economic  study to answer (1) and a business attitudes study for (2).  We will use the results to decide whether and how to proceed.

As a society we're faced with 2 choices: regulate how data is used and take the consequences of either an over-bearing enforcement regime or widely circumvented laws; or, leave it to the markets and risk having corporate interests trump user interests in at least the short and mid term.

I don't think regulation will work, so I'm looking at ways to encourage the market to work more in the interests of users.

@JamesFirth

by James Firth (noreply@blogger.com) at April 02, 2012 01:20 PM

Index on Censorship

China: Journalist, critic, reportedly jailed

Reports have emerged suggesting a Chinese blogger who criticised a public official in his personal blog was secretly sentenced to prison in 2010. Voice of America has reported that Gao Yingpu, a journalist who has written for the Asia Pacific Economic Times, was sentenced to three years imprisonment in a secret trial. It is believed Gao was imprisoned following his criticism of disgraced Communist Party Secretary Bo Xilai. Gao’s wife confirmed her husband was arrested in July 2010 and was sentenced for endangering state security. His former classmate told local media that the journalist’s wife signed a written promise not to publicise the case.

by Alice Purkiss at April 02, 2012 12:17 PM

Open Digital

Help fund a policy organisation

I never thought it would be easy and I knew I didn't have all the answers.

The challenge is to find ways to fund the kind of research and advocacy we're doing here at Open Digital without becoming enslaved by any single person or organisation.

If you can help in any way, by:
  • Spreading the word
  • Employing the services of our consulting arm, Open Digital Consulting (bound by charter to donate at least 50% of its profits to the policy organisation)
  • Becoming a donor, shareholder or both
 Please get in touch: support@opendigital.org or see more information on our Standardised Personal Data License project.

The funding conundrum

As I said at last Wednesday's Digital Surrey, as an organisation we must avoid some of the pitfalls of other groups working on digital policy.

Read more about some of the pitfalls of policy funding here.

Data ethics - why should your business care?

What's in it for your business, when much of our work seems to be focussed on public interest?

Because I firmly believe public concern must be embraced by any digital business aiming for sustainability.

The long term interest of any sustainable business is closely aligned with the interests of its consumers. It's as simple as that.

If you want to make money from the processing of, and trade in, data about individuals you will benefit from the trust and support of those individuals.

Acting in a highly ethical manner is the key to gaining trust, and even ethical businesses need help and support convincing the world of their ethical credentials.  If your business aims to do more than make a quick buck it needs to take proactive steps towards understanding the issues.

Our organisation's own plan for long term sustainability

My plan is to make Open Digital a sustainable self-funding organisation, but it will take time to get to this stage, and therefore we need cash help getting there.

I believe the organisational structure will then promote policy research in the public interest through semi-independent oversight of the policy organisation by our Policy Advisory Council (PAC).

Our structure also minimises the impact of cash dependency.  Our founding charter guarantees the policy organisation will receive 50% of the profits from the consulting business, and the PAC gets to decide how this is spent.

Open Digital -  structured to promote community interest
But my plan requires Open Digital Consulting to be profitable, and that won't happen overnight.  Hence my decision not to launch as a non-profit, but to offer shareholders willing to stand by the whole organisation a chance to share in the long term profits.

The first 9 months

For a fledgling policy organisation with only very weak connections to the political scene we've had an amazing start.  I attended ministerial meetings with Communications Minister Ed Vaizey to discuss web blocking, plus a 5-minute interview on Sky News' Jeff Randall Live on the same subject.

Our first report (pdf) was referenced in print on page 2 of the Financial Times and has been cited in numerous other reports.  I've been quoted on privacy, security and copyright issues in most major computer magazines.

I'm also told that our paper arguing against the government's plans for a Public Data Corporation (pdf) helped persuade decision makers inside the Cabinet Office to shelve the plans, opting instead for a more open approach to public data.

Aims and forthcoming projects


(More information on our Standardised Personal Data License project)

Our long term goal is to improve trust in digital products and services for the benefit of all; we believe this can be done whilst maintaining the principle of a free and open internet through fair market competition.

One of the barriers to trust we have identified is clarity and transparency over what data about us is being gathered and how that data is being used and traded.

Only through clarity and understanding can consumers make informed choices about what level of personal information to share with any given service.

If personal data is the new digital currency, a catchphrase many are using, we currently have a confusopoly in the market place.

In a confusopoly, the "price" of using the service is transparent, but too confusing for consumers to understand.  Therefore consumers make bad choices, and less than ethical businesses are able to profiteer.

A project we hope to launch over summer aims to iconify privacy, bringing clarity to users to help cut through the confusopoly.  It's been tried before, but that is not going to stop us:


Note, the icons pictured are just examples. We want to rank privacy on a simple scale of 1-6, maybe adding additional information to distinguish between passive tracking and active data gathering.

The final icon design will be decided through a community project, and that itself introduces a challenge of ownership in the end result. We need intellectual property in the icons to prevent misuse, but the community needs to see that Open Digital will never profit unduly from a community project.

We therefore propose to hold the intellectual property in the icons in trust.

So...

If you run a business or are a reasonably wealthy individual with an interest in privacy, trust or digital policy, please consider becoming a donor-shareholder.

Significant shareholders get a seat at the table of our truly unique organisation, and a chance to share in half the profits if we achieve our aims.

Alternatively, if your business wants insight or training on any digital policy area, please consider using the services of Open Digital Consulting.  Part of our fee will go towards supporting our policy work.

And above all, if you like what we're doing, please spread the word and get involved.  Tell us about your concerns. Email contact@opendigital.org or engage with us on Twitter: @open_digital.

by James Firth (noreply@blogger.com) at April 02, 2012 09:45 AM